Privacy and cookie policy

Talyx Search Ltd
Effective date: March 26, 2026  |  Last updated: March 26, 2026

1. Introduction

Talyx Search Ltd ("we", "us", "our", or "Talyx Search") is committed to protecting and respecting your privacy. This Privacy and Cookie Policy explains how we collect, use, disclose, and safeguard your personal information when you visit our website or use our recruitment services.

This policy applies to all personal data we process, whether you are a job candidate, client, website visitor, or business contact. We comply with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and applicable United States data privacy laws including the California Privacy Rights Act (CPRA), Virginia Consumer Data Protection Act (VCDPA), and other state privacy laws.

Company information:
Company name: Talyx Search Ltd
Registered address: C/O Search Accountancy Ltd, The Junction, Charles Street, Wakefield, England, WF4 5FH
Company registration number: 17086029
Contact email: l.gould@talyxsearch.com
Website: https://talyxsearch.com

If you have any questions about this policy or our privacy practices, please contact us using the details provided in Section 14.

2. Information we collect

We collect and process various types of personal data depending on your relationship with us:

Table 1: Categories of personal data collected by Talyx Search Ltd
CategoryData elements
Identity dataFull name, title, date of birth, gender, professional credentials, LinkedIn profile
Contact dataEmail address, telephone number(s), postal address, preferred communication method
Professional dataCV/resume, employment history, educational qualifications, professional licenses, references, salary expectations, work authorization status
Technical dataIP address, browser type and version, device information, operating system, time zone setting, browser plug-in types, location data
Usage dataInformation about how you use our website, products, and services, including page views, click patterns, time spent on pages
Marketing dataCommunication preferences, interests in job opportunities, consent records, newsletter subscriptions
Client dataCompany information, job requirements, hiring preferences, payment information, contract details

2.1 How we collect information

  • Direct interactions: When you submit application materials, register on our website, request information, or communicate with our recruiters
  • Automated technologies: Via cookies, server logs, and similar technologies when you visit our website (see Section 9 for cookie details)
  • Third parties: From job boards, LinkedIn, professional references, background check providers, and publicly available sources
  • Client referrals: Information provided by hiring companies about job opportunities and requirements

2.2 Special category data

We may occasionally process special category data (sensitive personal information) including:

  • Health information (only if relevant to workplace accommodations or occupational health requirements)
  • Diversity and inclusion data (collected on a voluntary basis for equal opportunities monitoring)

We only process special category data where we have your explicit consent or where permitted by law, and we implement enhanced security measures for this data.

3. How we use your information

We process your personal data for the following purposes under UK GDPR and applicable US laws:

3.1 Recruitment services (candidates)

  • Matching you with relevant job opportunities in pharmacovigilance, regulatory affairs, and life sciences
  • Submitting your application to potential employers (with your consent)
  • Providing career advice and interview preparation
  • Maintaining our candidate database for future opportunities
  • Verifying your qualifications and conducting reference checks
  • Complying with right-to-work and employment eligibility requirements

Legal basis (UK GDPR): Consent (Article 6(1)(a)), performance of contract (Article 6(1)(b)), legitimate interests (Article 6(1)(f)), and legal obligation (Article 6(1)(c)).
Legal basis (US): Business purpose necessary to provide requested services; consent where required by applicable state law.

3.2 Client services

  • Understanding hiring needs and job specifications
  • Sourcing and screening candidates
  • Managing the recruitment process
  • Invoicing and payment processing
  • Maintaining client relationships and business development

Legal basis (UK GDPR): Performance of contract (Article 6(1)(b)) and legitimate interests (Article 6(1)(f)).

3.3 Website and marketing

  • Operating and improving our website functionality
  • Analysing website usage through Google Analytics (subject to your cookie preferences)
  • Sending marketing communications about relevant job opportunities and industry insights (with consent)
  • Responding to inquiries and providing customer support
  • Protecting against fraud, security threats, and legal liability

Legal basis (UK GDPR): Consent (Article 6(1)(a)), legitimate interests (Article 6(1)(f)), and legal obligation (Article 6(1)(c)).
Legal basis (US): Business purpose with opt-out rights; consent where required by applicable state law.

3.4 Recognised legitimate interests

Under the updated UK GDPR (effective February 2026), we may rely on recognised legitimate interests including:

  • Processing necessary to detect, investigate, or prevent crime and fraud
  • Processing for safeguarding vulnerable individuals
  • Processing necessary for disclosure to public authorities

4. Legal bases for processing

Under UK GDPR:

  • Consent: You have given clear consent for us to process your personal data for specific purposes
  • Contract: Processing is necessary for a contract we have with you, or because you have asked us to take specific steps before entering into a contract
  • Legal obligation: Processing is necessary for us to comply with the law
  • Legitimate interests: Processing is necessary for our legitimate interests or the legitimate interests of a third party, unless there is a good reason to protect your personal data which overrides those legitimate interests

Under US state privacy laws:

  • Processing necessary to provide requested services (candidates and clients)
  • Processing with your consent where required
  • Processing for business purposes with appropriate opt-out rights
  • Compliance with legal obligations

5. How we share your information

5.1 Clients and employers

With your explicit consent, we share candidate information (CV, contact details, professional history) with potential employers for recruitment purposes. We only share information with clients who have legitimate hiring needs matching your profile.

5.2 Service providers

We engage trusted third-party service providers who process data on our behalf:

  • Website hosting and cloud storage providers
  • Customer relationship management (CRM) systems
  • Email marketing platforms
  • Background check and verification services
  • Payment processors
  • IT support and security services
  • Google Analytics (see Section 9 for cookie details)

These service providers are contractually bound to protect your data and only use it for specified purposes.

5.3 Professional advisors

We may share data with lawyers, accountants, auditors, and insurance providers where necessary for professional advice and risk management.

5.4 Legal and regulatory authorities

We may disclose personal data to comply with legal obligations, court orders, regulatory requests, or to protect our legal rights and interests.

5.5 Business transfers

In the event of a merger, acquisition, or sale of business assets, personal data may be transferred to the successor entity, subject to the same privacy protections.

We do not sell personal data to third parties.

6. International data transfers

6.1 UK to USA transfers

As a UK-based recruitment firm serving US-based clients, we may transfer personal data from the United Kingdom to the United States. When we transfer data internationally, we ensure appropriate safeguards are in place:

  • Standard Contractual Clauses (SCCs) approved by the UK Information Commissioner's Office
  • Privacy Shield successor frameworks (where applicable)
  • Adequacy decisions recognised by the UK government
  • Explicit consent for transfers where appropriate

6.2 USA to UK transfers

When US-based candidates or clients provide data that is transferred to the UK, we ensure compliance with applicable US state privacy laws and implement technical and organisational measures to protect data in transit and at rest.

6.3 Other international transfers

Where we use service providers or cloud infrastructure located outside the UK and USA, we implement appropriate safeguards including EU Standard Contractual Clauses (SCCs), UK International Data Transfer Agreement (IDTA), Binding Corporate Rules (BCRs), and Transfer Impact Assessments (TIAs). You may request copies of these safeguards by contacting us.

7. Data retention

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected and to comply with legal obligations:

Table 2: Data retention periods by category
Data categoryRetention period
Active candidate recordsDuration of active engagement plus 2 years (or until you request deletion)
Inactive candidate recordsUp to 5 years from last active engagement, then reviewed for deletion
Client contract recordsDuration of contract plus 7 years (for tax and accounting purposes)
Marketing consentsUntil consent is withdrawn, plus 1 year to evidence compliance
Website usage data26 months (Google Analytics retention period)
Recruitment process records6 months after position is filled (unless extended with consent)
Financial records7 years (to comply with UK tax law requirements)

At the end of the retention period, we securely delete or anonymise personal data. You may request earlier deletion by exercising your right to erasure (see Section 8).

8. Your data protection rights

You have important rights regarding your personal data. These rights apply under both UK GDPR and applicable US state privacy laws (with some variations by jurisdiction).

8.1 Rights under UK GDPR

  • Right of access: You can request a copy of the personal data we hold about you (Subject Access Request)
  • Right to rectification: You can ask us to correct inaccurate or incomplete personal data
  • Right to erasure (right to be forgotten): You can request deletion of your personal data in certain circumstances
  • Right to restrict processing: You can ask us to limit how we use your personal data
  • Right to data portability: You can request your data in a structured, commonly used format
  • Right to object: You can object to processing based on legitimate interests or for direct marketing purposes
  • Rights related to automated decision-making: You have rights regarding significant decisions made solely by automated means
  • Right to withdraw consent: Where processing is based on consent, you can withdraw it at any time

8.2 Rights under US state privacy laws

If you are a resident of California, Virginia, Colorado, Connecticut, or other states with comprehensive privacy laws, you may have additional rights:

  • Right to know: Request information about the categories and specific pieces of personal data we collect, use, and disclose
  • Right to delete: Request deletion of your personal data (subject to certain exceptions)
  • Right to correct: Request correction of inaccurate personal data
  • Right to opt-out: Opt out of the sale or sharing of personal data for targeted advertising (note: we do not sell personal data)
  • Right to limit sensitive data processing: Limit use and disclosure of sensitive personal information
  • Right to non-discrimination: Exercise privacy rights without discriminatory treatment
  • Right to appeal: Appeal our decision regarding a privacy rights request (where state law provides)

8.3 How to exercise your rights

To exercise any of these rights, please contact us using the details in Section 14. We will respond within one month under UK GDPR (extendable by two months for complex requests) and within 45 days under most US state privacy laws (extendable by an additional 45 days). We may need to verify your identity before processing your request.

8.4 Right to complain

If you are unhappy with how we handle your personal data, you have the right to lodge a complaint with:

UK supervisory authority:
Information Commissioner's Office (ICO)
Website: https://ico.org.uk
Telephone: 0303 123 1113

US state authorities: The California Privacy Protection Agency (CPPA) for California residents, or State Attorney General offices in other states with privacy laws.

9. Cookies and tracking technologies

9.1 What are cookies?

Cookies are small text files stored on your device when you visit a website. They help websites remember your preferences and understand how you interact with the site.

9.2 Types of cookies we use

Table 3: Cookie categories and purposes
Cookie typePurposeExamplesDuration
Strictly necessaryEssential for website functionality; cannot be disabledSession cookies, security cookiesSession / 1 year
Performance & analyticsMeasure website performance and visitor behaviourGoogle Analytics cookies (_ga, _gid, _gat)26 months
FunctionalRemember your preferences and choicesLanguage preference, cookie consent choices1 year
MarketingTrack your activity for advertising purposes (we do not currently use these)N/AN/A

9.3 Google Analytics

We use Google Analytics to understand how visitors use our website. It collects information about pages you visit, how you arrived at our site, your device and browser, and your approximate geographic location. This data is processed by Google to generate statistical reports.

Google Analytics cookies:

  • _ga — Distinguishes unique users (expires after 2 years)
  • _gid — Distinguishes unique users (expires after 24 hours)
  • _gat — Throttles request rate (expires after 1 minute)

9.4 Cookie banner and consent

When you first visit our website, you will see a cookie banner allowing you to accept all cookies, reject optional cookies, customise your preferences, or access our full cookie policy.

Important: Under UK GDPR and the Privacy and Electronic Communications Regulations (PECR), we must obtain your explicit consent before placing non-essential cookies (including Google Analytics cookies) on your device.

Opt-out options:

  • Use the cookie banner to reject analytics cookies
  • Change your preferences at any time via the cookie settings link in our footer
  • Configure your browser settings to block or delete cookies
  • Use the Google Analytics opt-out browser add-on

9.5 Managing cookies in your browser

  • Google Chrome: Settings > Privacy and security > Cookies and other site data
  • Mozilla Firefox: Settings > Privacy & Security > Cookies and site data
  • Safari: Preferences > Privacy > Cookies and website data
  • Microsoft Edge: Settings > Cookies and site permissions > Cookies and site data

Blocking all cookies may affect your ability to use certain website features.

9.6 Third-party cookies

Our website may contain links to third-party websites such as LinkedIn or job boards. These websites have their own privacy and cookie policies which we do not control. Please review their policies before providing personal information.

10. Data security

10.1 Security measures

  • Encryption: Data transmitted between your device and our website is encrypted using SSL/TLS protocols (HTTPS)
  • Access controls: Role-based access limits ensure only authorised personnel can access personal data
  • Authentication: Multi-factor authentication (MFA) for staff accessing sensitive systems
  • Data minimisation: We only collect and retain data that is necessary for specified purposes
  • Regular backups: Secure, encrypted backups to prevent data loss
  • Security testing: Regular vulnerability assessments and penetration testing
  • Incident response: Documented procedures for detecting, responding to, and reporting data breaches
  • Staff training: Regular data protection and security awareness training for all employees
  • Vendor security: Due diligence assessments of third-party service providers

10.2 Data breach notification

In the event of a data breach posing a risk to your rights and freedoms, we will notify the ICO within 72 hours, inform affected individuals without undue delay if the risk is high, and comply with applicable US state breach notification laws.

11. Children's privacy

Our services are not directed at children under the age of 16 (UK) or 18 (US, depending on state law). We do not knowingly collect personal data from children. If you are a parent or guardian and believe your child has provided us with personal data, please contact us immediately and we will delete it promptly.

12. Changes to this policy

We may update this policy from time to time. When we make significant changes, we will update the "Last updated" date, notify you via email where possible, and display a prominent notice on our website. In some cases we may seek renewed consent where legally required.

13. Automated decision-making

13.1 Use of automated systems

We may use automated systems and algorithms to match candidates with relevant job opportunities, screen CVs for initial suitability, and generate job alerts. You have the right to request human review of automated decisions, contest decisions, and receive an explanation of the logic involved. We do not make final hiring decisions solely through automated means.

13.2 Profiling

We may create profiles of candidates and clients based on their preferences, behaviour, and interactions with our services to provide more relevant job matches. You have the right to object to profiling activities.

14. Contact information

Talyx Search Ltd
Data protection contact
Email: l.gould@talyxsearch.com
Address: C/O Search Accountancy Ltd, The Junction, Charles Street, Wakefield, England, WF4 5FH

We aim to respond to all privacy inquiries within 5 business days for initial acknowledgment and within the timeframes specified in Section 8 for formal rights requests.

15. Governing law

This policy is governed by UK law for data subjects in the United Kingdom, and the laws of the relevant US state for data subjects in the United States. For UK residents, any disputes will be subject to the jurisdiction of the courts of England and Wales.

16. Additional information for US residents

16.1 California residents (CCPA/CPRA)

If you are a California resident, you have specific rights under the California Privacy Rights Act (CPRA):

  • Notice at collection: We collect the categories of personal data described in Section 2 for the purposes described in Section 3
  • Do not sell/share: We do not sell personal data or share it for cross-context behavioural advertising
  • Sensitive personal information: We may process sensitive personal information only for purposes permitted by law. You may request limitation of use
  • Authorised agent: You may designate an authorised agent to submit requests on your behalf by providing written authorisation

Contact for California requests: Email l.gould@talyxsearch.com with "California Privacy Request" in the subject line.

16.2 Virginia, Colorado, Connecticut, and other state residents

Residents of states with comprehensive privacy laws have rights similar to those in Section 8.2. We comply with all applicable state requirements including providing clear privacy notices, honouring opt-out preferences, conducting data protection assessments, and responding to rights requests within statutory timeframes.

16.3 Contact for US privacy requests

Email l.gould@talyxsearch.com with "US Privacy Request" in the subject line.

Quick reference: your privacy rights

Table 4: Summary of data protection rights by jurisdiction
RightUK GDPRUS state laws (where applicable)
Access your dataSubject Access Request (SAR)Right to know
Correct inaccurate dataRight to rectificationRight to correct
Delete your dataRight to erasureRight to delete
Limit processingRight to restrict processingRight to opt-out (for certain uses)
Receive portable copyRight to data portabilityAvailable in some states
Object to processingRight to objectRight to opt-out
Withdraw consentRight to withdraw consentRight to withdraw consent
ComplainLodge complaint with ICOLodge complaint with state AG/CPPA

To exercise any of these rights, contact us using the details in Section 14.

Document version: 1.0  |  Prepared: March 26, 2026