Data protection

Privacy Notice for Job Applicants

In order to comply with our contractual, legal and management obligations and responsibilities we process personal data of applicants in relation to an application for employment

Processing Personal Data

The term ‘processing’ includes the initial collection of personal data, the holding and use of such data, as well as access and disclosure, through to final destruction.

Any access to personal data is limited to only those that need to process the data and those who need to see relevant data in relation to your application. Data is processed as follows:

• Legitimate Interest: Information is provided by you either via a CV or application form and in answer to our interview questions where relevant. Relevant personal data processed as a result of you providing it, represents a legitimate interest on our part to process your application of employment. Applications are typically processed electronically via a recruitment system or email.

• Legal Obligations: To comply with our legal obligations, a right to work check, which includes ethnic origin and racial data, along with us requiring to see your passport, is completed at interview stage for those invited for an interview or assessment day.

All such data will be processed in accordance with the provisions of the regulations and Barnett Waddingham’s Policy on Data Protection as amended from time to time.

If your application is successful this could include processing sensitive personal data in relation to any offer of employment. Details of this will be provided with any offer of employment. Our Privacy Statement for employees will apply from the point of any offer onwards.

Disclosure of personal data to other bodies

We use an external recruitment system operated by Kallidus to process applications. Your personal details as entered by you will be stored on this system. We carry out due diligence on all of our third party suppliers to ensure they process data in compliance with data protection legislation.

Data Retention

All data is retained for 12 months from the point of application. After this time your data is securely destroyed and a very limited information is retained electronically for internal reporting reasons only. This is simply your name, date of application, role applied for, whether it was a direct application or via a third party and if so the name of that party and the outcome of your application.

If you choose to actively remain on our lists to be notified of future recruitment opportunities, your data will be retained in line with this. Please note it is your responsibility to update your subscription preferences. Data will be deleted periodically to comply with our data retention requirements. If you have an active recruitment record this will not be deleted.

Your rights in relation to your data.

• You have the right to access your personal data. A subject access request can be made to HR either via completion of the SAR form included within the Data Protection Policy or via an email to

• You have the right to have your personal data rectified if it is inaccurate or incomplete.

• You have the right to have your personal data deleted or removed if there is no reason for its continued storage and processing.

• You have the right to object to having your data processed. If we believe there is a legitimate business reason for continuing this, we will discuss this with you.

• You have the right to complain to the Information Commissioners Office (ICO), details below.

Further details about GDPR and your rights under GDPR can be found on the ICO’s website at

Data Protection Officer

Our Data Protection Officer is our Governance Partner, Zoe Smith.