INTRODUCTION

Interrupt Labs Limited (“We”, “Us”) are committed to protecting and respecting your privacy. This Candidate Privacy Notice (together with any other documents referred to herein) sets out the basis on which the personal data collected from you, or that you provide to Us, will be processed by Us in connection with Our recruitment processes. Please read the following carefully to understand Our views and practices regarding your personal data and how We will treat it.

For the purpose of the General Data Protection Regulation (“GDPR”) ”) and the version of the GDPR retained in UK law (the “UK GDPR”) the Data Controller can be contacted via data.protection@interruptlabs.co.uk.

Interrupt Labs is a "data controller" under UK GDPR. This means we are responsible for deciding how we hold and use Personal Data about you. We are required under data protection legislation to notify you of the information contained in this privacy notice.

DATA PROTECTION PRINCIPLES

We use Teamtailor AB (Teamtailor), an online Applicant Tracking System (ATS), to assist with Our recruitment process. We use Teamtailor to process personal information as a data processor on Our behalf. Teamtailor is only entitled to process your personal data in accordance with Our instructions.

We also use a third party system for some roles in partnership with Cyber First (UK ROLES ONLY). When roles are available through Cyber First, you may also be required to enter your data into the Cyber First ATS system, CBAY. All personal data processed via the CBAY platform is managed and secured by Cyber First. You will find their privacy notice on the platform when you enter your details into the system.

Where you apply for a job opening posted by Us, these Privacy Notice provisions will apply to Our processing of your personal information in addition to Our General Privacy Policy which is available on Our Website. Privacy Policy

YOUR PERSONAL INFORMATION

INFORMATION WE COLLECT FROM YOU

We collect and process some or all of the following types of information from you:

• Information that you provide when you apply for a role. This includes information provided through our Applicant Tracking System, via email, in person or online at interviews and/or by any other method.
• In particular, We process personal details such as name, email address, address, telephone number, date of birth (where legally relevant to the role), qualifications, experience, information relating to your employment history, skills experience that you provide to Us, as well as your video in case you conduct your interview using the Video Interview feature.
• If you contact Us via Teamtailor , LinkedIn, phone, or email, We may keep a record of that correspondence.
• A record of your progress through any hiring process that we may conduct, including interview notes, scorecards and practical or written tests.
• Equality and Diversity information may also collected but not directly linked to your application. The information that is requested, but is optional and not mandatory, includes, Ethnicity details, Disability details, Gender details, Sexual Orientation, Religion and Marital Status. Interrupt Labs is committed to being an ethical recruiter and wants to ensure that there are no barriers to entry when working with the company. As such, we may ask applicants to fill out our Equality and Diversity survey when they submit their CV for a role. This data is anonymised and is only visible to Us as an overview of overall candidate diversity. This information also allows us to provide reasonable adjustments during the interview process if required. By providing your Equality and Diversity information, you consent to us using them for diversity monitoring.

INFORMATION WE COLLECT FROM OTHER SOURCES

Teamtailor provides Us with the facility to link the data you provide to Us, with other publicly available information about you that you have published on the Internet – this may include sources such as LinkedIn and other social media profiles if you chose to make these available on the application form.

We may receive your personal data from a third party who recommends you as a candidate for a specific job opening or for our business more generally. This could be a Recruitment Agent, an employee referral, or through a business connection, as examples. If your information is provided to Us via a Recruitment Agent, they will be required to process your details in line with their Privacy Policy to which you can request access directly through the Recruitment Agent.

USES OF YOUR INFORMATION

LAWFUL BASIS FOR PROCESSING - (GDPR UK)

We rely on contractual and legal obligations, legitimate interest, and consent as the lawful basis on which We collect and use your personal data. Our legitimate interests are the recruitment of staff for Our business.

Under the GDPR you are entitled to understand exactly when we collect different categories of your Personal Data and what legal justification we rely on in order to use that Personal Data.

Set out below are the different categories of Personal Data we collect, and the lawful basis for collecting, processing and using that Personal Data.

Category: Application processing

Type of data: Personal contact details (including nationality and residency status), CV, Certifications, Qualifications and Employment History

Legal Justification: Contractual Obligations and Consent

Lawful basis for processing data: Article 6(1)(a) - consent

The data subject has given consent to the processing of their personal data for one or more specific purposes in relation to the application process.

Article 6(1)(b) - contractual requirements with data subject

We require this information to demonstrate that candidates meet the minimum legal requirements for the role, and to understand their skillsets. This information is also required to contact you through the process.

Category: Criminal Convictions

Type of data: Background information and security check information

Legal Justification: Contractual Obligations and Consent

Lawful basis for processing data: Article 6(1)(a) - consent - the data subject has given consent to the processing of their personal data for one or more specific purposes.

Article 6(1)(b) - contractual requirements with data subject - If the candidate progresses through the process we are required to conduct background checks to ensure we meet security requirements as per security vetting regulations.

Article 6(1)(e) - processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

Category: Disability/Wellbeing information

Type of data: Information pertaining to any need for reasonable adjustments to be made.

Legal Justification: Consent, Legal Obligation and Special Categories

Lawful basis for processing data: Article 6(1)(a) - consent

The data subject has given consent to the processing of their personal data for one or more specific purposes in relation to the application process. Disability information is only ever provided with explicit consent and is optional.

Article 6(1)(c) - legal obligation

Processing is necessary for compliance with a legal obligation to which the controller is subject. We have to check whether reasonable adjustments are required during recruitment processes.

Article 9(2)(b) - processing is necessary for the purposes of carrying out the obligations and exercising specific rights of the controller or of the data subject in the field of employment and social security and social protection law in so far as it is authorised by Union or Member State law or a collective agreement pursuant to Member State law providing for appropriate safeguards for the fundamental rights and the interests of the data subject.

Category: Ethnicity Information

Type of data: Background and ethnicity information

Legal Justification: Consent, Legal Obligation and Special Categories

Lawful basis for processing data: Article 6(1)(a) - consent

The data subject has given consent to the processing of their personal data for one or more specific purposes in relation to the application process. Ethnicity questionnaires and associated information is only ever provided with explicit consent and is optional.

Article 6(1)(c) - legal obligation

Processing is necessary for compliance with a legal obligation to which the controller is subject. We are required to comply with equality related legislation.

Article 9(2)(b) - processing is necessary for the purposes of carrying out the obligations and exercising specific rights of the controller or of the data subject in the field of employment and social security and social protection law in so far as it is authorised by Union or Member State law or a collective agreement pursuant to Member State law providing for appropriate safeguards for the fundamental rights and the interests of the data subject.

Category: Interview notes and test scores.

Type of data: Interview notes, scorecards, test outcomes.

Legal Justification: Contractual Obligations and Consent

Lawful basis for processing data: Article 6(1)(a) - consent - the data subject has given consent to the processing of their personal data for one or more specific purposes.

Article 6(1)(b) - contractual requirements with data subject - If the candidate progresses through the process, in order to make an offer and create a contract of employment, the candidate has to demonstrate their suitability for the role.

PURPOSES OF PROCESSING

We use information held about you in the following ways:

• To consider your application in respect of a role for which you have applied.
• To consider your application in respect of other roles.
• To communicate with you in respect of the recruitment process.
• To enhance any information that we receive from you with information obtained from third party data providers.
• To find appropriate candidates to fill Our job openings.
• To help our service providers (such as Teamtailor and its processors and data providers) improve their services.
• To ensure that we are an ethical recruiter and to ensure that there are no barriers to entry when working with the company.
• To ensure that We provide reasonable adjustments during the interview process if required.
• To gather your feedback on the recruitment process to help us improve processes in the future.

AUTOMATED DECISION MAKING/PROFILING

We have the options to use Teamtailor’s technology to select appropriate candidates for Us to consider based on criteria expressly identified by us, or typical in relation to the role for which you have applied. However, the process of finding suitable candidates is never automatic, and it is noted that any decision as to who We will engage to fill the job opening will be made by Our staff. We do not utilise the AI functions for CV sifting within the platform, and every candidate application will be reviewed by a human and we only use qualifying questions on forms, to support in decision making. An example of supported decision making would be filtering by candidates who do and do not require sponsorship to work in the country and applicant is applying in. We therefore use supported decision making in a limited capacity to ensure that we are only inviting candidates to interview who have the legal right to work in the country they are applying in and who meet the minimum requirements of the role. We do not use automated decision making in any capacity.

DISCLOSURE OF YOUR INFORMATION

As set out above, we pass your information to our third party service providers, Teamtailor, who use it only in accordance with our instructions and as otherwise required by law.

Where you have applied to a job opening through another service provider, e.g. a Recruitment Agent, we may disclose data to them in order to process your application and ensure that you are suitably treated throughout the hiring process. The service provider shall be the data controller of this data and shall therefore be responsible for complying with all applicable law in respect of the use of that data following its transfer by Us.

HOW WE STORE YOUR PERSONAL DATA

SECURITY

We take appropriate measures to ensure that all personal data is kept secure including security measures to prevent personal data from being accidentally lost, or used or accessed in an unauthorised way. We limit access to your personal data to those who have a genuine business need to know it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.

We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where We are legally required to do so.

Unfortunately, the transmission of information via the internet is not completely secure. Although We will do Our best to protect your personal data, We cannot guarantee the security of your data transmitted through any online means, therefore any transmission remains at your own risk.

WHERE WE STORE YOUR PERSONAL DATA

The data that we collect from you and process using Teamtailor’s Services will be transferred to and stored at one of several data centres provided by Amazon Web Services (AWS) and may be synchronized to one of several data centre locations in Europe for backup and redundancy purposes. The default data centre is located in Ireland. By submitting your personal data, you agree to this transfer, storing or processing.

We always strive to process your personal data within the EU/EEA area.

However, some of Teamtailor’s service providers process your personal data outside of the EU/EEA. Teamtailor also use suppliers whose parent company, or whose subcontractor’s parent company, is based outside the EU/EEA. In these cases, Teamtailor have taken into account the risk that the personal data may be disclosed to countries outside the EU/EEA, for example because of an authority request.

In cases where another recipient of your personal data is based outside the EU/EEA, this will also mean that your personal data is transferred outside the EU/EEA.

When Teamtailor, or one of their suppliers, transfer your personal data outside the EU/EEA, they will ensure that a safeguard recognized by the GDPR is used to enable the transfer. Teamtailor use the following safeguards:

• A decision by the EU Commission that the country outside of the EU/EEA to which your personal data is transferred has an adequate level of protection, which corresponds to the level of protection afforded by the GDPR. In particular, Teamtailor rely on the EU Commission’s adequacy decision for the US via the so-called EU-US Data Privacy Framework, and the adequacy decision for the UK.
• Entering into the EU Commission’s standard clauses with the recipient of the personal data outside the EU/EEA. This means that the recipient guarantees that the level of protection for your personal data afforded by the GDPR still applies, and that your rights are still protected.

When your personal data is transferred outside the EU/EEA, Teamtailor also implement appropriate technical and organisational safeguards, to protect the personal data in case of a disclosure. Exactly which protective measures we implement depends on what is technically feasible, and sufficiently effective, for the particular transfer.

If you want more information about the cases in which your personal data is transferred outside the EU/EEA you can contact us using the contact details at the end of this policy.

As we are an international employer, before disclosing your personal information overseas, We take reasonable steps to ensure that the recipient treats your information in accordance with applicable law by only sending what is necessary, requiring recipients to protect your information through contractual agreements which require the recipient to comply with the privacy standards in applicable law or through other mechanisms that provide comparable safeguards and by monitoring how recipients handle your information.

HOW LONG WE KEEP YOUR PERSONAL DATA

Unless otherwise required by law, we retain all candidate data for a period of 12 months from the time of application. Your personal information will be deleted on one of the following occurrences:

• Deletion of your personal information following communications from Interrupt Labs at the end of this 12 month period. You will be asked if you wish for us to keep hold of your data for future roles, or if you would like for your data to be deleted. This is an opt in process, and we will delete your data in the event that no reply is received to our communications.
• Receipt of a written request by you to us requesting for your data to be deleted.

YOUR RIGHTS

Under the General Data Protection Regulation you have a number of important rights. In summary, those include rights to:

• access to your personal data and to certain other supplementary information that this Privacy Notice is already designed to address;
• require us to correct any mistakes in your information which we hold;
• request the erasure of personal data concerning you in certain situations;
• request access to the personal data concerning you which you have provided to us, in a structured, commonly used and machine-readable format and have the right to transmit those data to a third party in certain situations;
• object at any time to processing of personal data concerning you for direct marketing;
• object to decisions being taken by automated means which produce legal effects concerning you or similarly significantly affect you;
• object in certain other situations to our continued processing of your personal data;
• otherwise restrict our processing of your personal data in certain circumstances; and
• claim compensation for damages caused by our breach of any data protection laws.

Please note that your rights may vary when applying to roles outside of GDPR legislation.

If you would like to exercise any of those rights, please:

• contact us using our contact details below, ensuring we have enough information to identify you, proving your identity and address and confirming which information to which your request relates.

UPDATES TO THIS POLICY

We update this policy when necessary - for example, because we start processing your personal data in a new way, because we want to make the information even clearer to you, or if it’s necessary to do so in order to comply with applicable data protection laws.

We encourage you to regularly check this page for any changes. You can always check the bottom of this page to see when this policy was last updated.

HOW TO COMPLAIN

We hope that We can resolve any query or concern you raise about Our use of your information.

The General Data Protection Regulation and the UK GDPR also gives you the right to lodge a complaint with a supervisory authority, in particular (under the GDPR) in the European Union (or European Economic Area) state where you work, normally live or where any alleged infringement of data protection laws occurred. The supervisory authority in the UK is the Information Commissioner who may be contacted at https://ico.org.uk/make-a-complaint or telephone: 0303 123 1113.

CONTACT

All questions, comments and requests regarding this Privacy Notice should be sent to our Data Controller via email: data.protection@interruptlabs.co.uk.

Last Updated = October 2025