Last updated 10 Aug 2025
Interview HR is fully committed to complying with the General Data Protection Regulation (GDPR) and protecting the data rights of all individuals whose personal information we process. This page explains our GDPR compliance approach and how we uphold your data protection rights.
Interview HR processes personal data in accordance with GDPR requirements. We recognise the importance of protecting personal data and have implemented comprehensive technical and organisational measures to ensure compliance. As a recruitment platform, we process both customer data (recruiters and hiring teams) and candidate data on behalf of our customers.
We process personal data under the following legal bases:
Under GDPR, you have the following rights regarding your personal data:
You have the right to request a copy of the personal data we hold about you. We will provide this information free of charge in a commonly used electronic format within 30 days of your request.
You have the right to request correction of inaccurate or incomplete personal data. We will update your information promptly upon verification of the correct data.
You have the right to request deletion of your personal data when it is no longer necessary for the purposes for which it was collected, or when you withdraw consent. We will comply within 30 days unless we have a legal obligation to retain the data.
You have the right to request that we limit how we use your personal data in certain circumstances, such as when you contest the accuracy of the data or object to processing.
You have the right to receive your personal data in a structured, commonly used, and machine-readable format (e.g., JSON, CSV). You can also request that we transfer this data to another service provider where technically feasible.
You have the right to object to processing based on legitimate interests or for direct marketing purposes. We will cease processing unless we can demonstrate compelling legitimate grounds that override your rights.
Where we rely on consent as the legal basis for processing, you have the right to withdraw that consent at any time. This will not affect the lawfulness of processing carried out before withdrawal.
You have the right to lodge a complaint with your local data protection authority (supervisory authority) if you believe we have not handled your personal data appropriately. In the UK, this is the Information Commissioner's Office (ICO).
To exercise any of your GDPR rights, please contact us at:
We may need to verify your identity before processing your request to protect your personal data from unauthorised access.
For account holder data (recruiters and hiring teams), Interview HR acts as the data controller. We determine the purposes and means of processing your personal data and are responsible for compliance with GDPR.
For candidate data processed through our platform, Interview HR acts as a data processor on behalf of our customers (the data controllers). Our customers determine the purposes and means of processing candidate data. We process this data solely according to their instructions and our Data Processing Agreement (DPA).
We provide a comprehensive Data Processing Agreement to all customers who process candidate data through our platform. Our DPA includes:
Our DPA incorporates the Standard Contractual Clauses (SCCs) approved by the European Commission for any data transfers outside the EEA.
We implement appropriate technical and organisational measures to protect personal data:
In the event of a personal data breach that poses a risk to individuals' rights and freedoms, we will:
All personal data is stored and processed within the European Economic Area (EEA), specifically in AWS data centres in the eu-west-2 region (London). This ensures full GDPR compliance without requiring additional safeguards for international transfers. If we need to transfer data outside the EEA in the future, we will implement appropriate safeguards such as Standard Contractual Clauses (SCCs) or adequacy decisions.
We retain personal data only for as long as necessary to fulfil the purposes for which it was collected:
We use carefully selected third-party sub-processors to provide our services. All sub-processors are GDPR-compliant and bound by appropriate data processing agreements:
We maintain a complete list of sub-processors and will notify customers of any changes with reasonable notice.
We implement privacy by design and by default principles throughout our platform. This means we consider data protection from the earliest stages of development and ensure that privacy-friendly settings are the default. Examples include data minimisation in our forms, automatic encryption, limited data access, and regular privacy impact assessments for new features.
We conduct Data Protection Impact Assessments for processing activities that pose high risks to individuals' rights and freedoms, particularly when introducing new technologies or processing methods. Our AI-assisted candidate scoring feature has undergone a DPIA to ensure it does not result in discriminatory or unfair outcomes.
Our services are not directed at children under 16 years of age. We do not knowingly collect or process personal data from children. If we become aware that we have inadvertently collected data from a child, we will delete it immediately.
Our AI candidate scoring feature assists recruiters by providing compatibility scores based on CV and job description analysis. However, this does not constitute automated decision-making under GDPR because:
For any GDPR-related questions, concerns, or to exercise your data protection rights, please contact:
Our lead supervisory authority is the UK Information Commissioner's Office (ICO):
We may update this GDPR compliance page to reflect changes in our practices, legal requirements, or regulatory guidance. Significant changes will be communicated via email or through a prominent notice on our platform. The "Last updated" date at the top indicates when this page was last revised.
Interview HR is committed to full GDPR compliance and protecting the fundamental rights and freedoms of all individuals whose personal data we process. We continuously review and improve our data protection practices to maintain the highest standards.