Country-specific privacy addendum for users and operations in United Kingdom
Last updated: January 15, 2026
This addendum supplements the ZhiYin global privacy policy with requirements specific to United Kingdom. Where this addendum conflicts with the global policy, this addendum takes precedence for users located in United Kingdom.
Information Commissioner's Office (ICO)
Applicable legislation: UK GDPR, Data Protection Act 2018
No strict data localization. Transfers to adequate countries permitted. UK International Data Transfer Agreement for others.
UK GDPR requires notifying the ICO within 72 hours of becoming aware of a reportable breach, and affected individuals without undue delay where the breach is likely to result in a high risk to them.
ZhiYin aligns its incident-response process with these requirements and will notify the relevant regulatory authority and affected individuals within the timeframe required by applicable law.
Data must not be kept longer than necessary. Organizations must have a retention policy and review data regularly.
In addition to the rights outlined in our global privacy policy, users in United Kingdom have the following specific rights under local law:
For privacy inquiries related to your region, please contact our Data Protection Officer.
Email: privacy@talentbridge.com