+44 (0)207 839 1980


HR Privacy Notice

  1. Background
  2. Starting Point
  3. The Information We Will Hold About You
  4. Why We Need Your Data
  5. How We Collect Your Data
  6. Where We Will Use Your Data
  7. Automated Decision-making
  8. Third Parties
  9. Where Is Your Relevant Data Stored? What About Any Breach?
  10. Data Retention
  11. Access, Amendments & Restrictions
  12. Your Consent


As an organisation, we are committed to protecting data.  To achieve this and ensure you are aware of how we process relevant data pertaining to you we have decided to share that information with you.  

This notice does not form part of any contractual term of employment or any other contract to provide services or otherwise.     

Starting Point

For the purposes of data privacy legislation, we consider ourselves to be data controllers.  We may also be data processors for certain types of processing activity where we are not already the data controller.   By this we mean we hold specific data (“Personal Data”) about you and we decide how it will be processed etc.   Personal Data is any data from which you can be identified.  Such data can be sensitive where it concerns sensitive information (now called “Special Categories of Personal Data”).  For the purposes of this form, Personal Data and Special Categories of Personal Data together constitute “Relevant Data”.

By way of illustration, Personal Data can include family details, contact details, educational history, employment details, financial details, views and opinions, and electronic identifying data (such as cookies, online identifiers, IP addresses and activity logs).

Special Categories of Personal Data can include information about race, ethnicity, political opinions, religious or philosophical beliefs, Trade Union membership, mental or physical health and sexual life.


The information we Will Hold About You

From time to time, and where necessary, we will hold data about you regarding the areas identified below in view of the nature of your potential employment/engagement with us (“the Company”).  This is a non-exhaustive list and may vary from time to time, depending on business requirements.


  • The information you have provided to us in your curriculum vitae and covering letter/email. 
  • ​​​ Any information you have provided on your application form including your name, address, telephone number, mobile number, email address, date of birth and sex as well as your employment history, qualifications and any other information.
  • Any information provided in any equality and diversity monitoring form.
  • Any information you provide to us or obtained during the recruitment process including identity documents, test results, interview notes and emergency contact details.
  • Personal preferences such as your religious beliefs, sexual orientation, political preferences, any membership (such as with a Trade Union) and charitable interests.
  • Details concerning your health (including any genetic data, biometric data, medical condition, health and sickness records or assessments, in addition to any occupational health or other expert report we may require) and any other personal background (such as whether you are married and have caring responsibilities).
  • Information pertaining to any criminal convictions, charges or otherwise as well as your credit-worthiness and transactions you may agree with the Company such as a loan.
  • Verification checks, Disclosure and Barring Service Checks, right to work in the UK documentation and any driving licence, insurance information or other documentation where it may affect your ability to work in the role.
  • Any offer of employment/engagement, written particulars and/or contract of employment/engagement and recorded changes to these.
  • Any past or current collective agreements that could affect you.
  • Information we have obtained, directly or otherwise, through social media or other means.  
  • Identifying trends so that measures can be put in place, for instance, to improve our operations.
  • Any other pertinent information that is necessary for the purposes of the recruitment process and your potential employment.

Why We Need Your Data

The primary reason we need your Relevant Data is to ensure that we can address any matter connected to the recruitment process.  It also ensures that we are not in breach of any applicable legal obligation such as in relation to national minimum wage issues and we are able to respond to any queries made by relevant authorities including the Health and Safety Executive.  There may be times whereby your data is used to protect third party interests such as those of the public.

How We Collect Your Data

We collect data in various ways.  This can be through our application and recruitment process, by asking you questions from time to time, through electronic sources such as SMS and emails and from any publicly accessible sources such as social media and Linked In.  Third parties are also utilised by the Company (such as employment agencies, background check providers, credit reference agencies, any medical sources and the Disclosure and Barring Service).

Information can be gathered from your named referees, former employers and personal references.  Except where required to do so due to the nature of the recruitment process (for example, with a recruitment agent or group company) We will obtain data from third parties only once a job offer has been made to you and we will inform you that we are doing so.


Where We Will Use Your Data

We will use your Relevant Data where we consider it necessary to do so.  This can include or relate to:

  • Assessing your skills, qualifications and suitability for the role.
  • Making decisions about your potential employment/engagement with the business including whether you should be interviewed, shortlisted and/or any offer made.
  • Determining the terms on which you can work for us.
  • Carrying out background and reference checks.
  • Communicating with you about the recruitment process and providing any necessary support you may reasonably require should there be any health issue or adjustment required such as an interpreter being present.
  • Keeping records relating to our recruitment processes.
  • Complying with any legal or regulatory requirements and ensuring we have documented any safeguarding measures.
  • Our ability to monitor trends and introduce or revise any practices such as regarding equal opportunities and to ensure meaningful equal opportunity monitoring and recording. 
  • Liaising with any third party providers such as an Occupational Health specialist.
  • Business management planning including accounting and auditing.
  • Managing our legal obligations including compliance in preventing fraud and bribery and/or health and safety matters, as well as investigating and providing evidence where relevant.
  • Accreditation or professional membership purposes. 
  • Any other aspect of the recruitment process and your potential employment with us.
It is in any event in our legitimate interests to hold Relevant Data when deciding whether to appoint you.

Automated Decision-making

We have no intention to use any electronic system to make significant decisions about your application without human intervention, however, we may do so in the future.  Should that arise we will inform you beforehand and provide the relevant details in writing.

Third Parties

Where we have shared any of your Relevant Data with a third party they are required to take appropriate security measures to protect such information.  Such parties are only able to process that data in accordance with our instructions.  The third parties that we instruct include our professional advisers, payroll, pension and benefit administrators, storage and IT providers and recruitment agents.  We will instruct others from time to time where appropriate and where we have a legitimate business reason to do so, for example, due to outsourcing costs or we require advice and additional support that is lacking within the Company.  There may also be the need for us to share your Relevant Data in respect of any business reorganisation, restructure, buy-out or otherwise that may need to take place. 

In terms of our obligation to deal with regulatory matters, accreditation or professional membership or other matters (concerning, for instance, the Home Office, HMRC, FCA or Law Society) we will where necessary share any of your personal data that we hold.

Also, where there is any associated company (presently any company within the Nucleus Financial Group) any Relevant Data pertaining to you that we hold will be shared with any such business as and where appropriate.


Where Is Your Personal Data Stored? What About Any Breach?

We have put in place systems whereby your Relevant Data will be held in the UK.  The data is stored on your application record, in HR management systems and other IT systems (including email).   This may change from time to time due to business reasons.  If for any reason another storage system is used and placed outside the areas mentioned we will use reasonable measures to ensure there is an adequate level of protection of your personal information.  

Currently some Relevant Data is stored in various ways including hard copies and electronically on a secure server.  In some cases, data is stored in a central place and may be locked and encrypted, if necessary.  Access to Relevant Data is limited to key personnel and protected such as via a password.  Where any data is stored on company property, such as on laptops, both the hardware and software are encrypted and have firewalls in place.

If there has been a breach of any Relevant Data that concerns you and may result in a high risk to your individual rights and freedoms, you will be informed accordingly. We also have an obligation to notify the regulatory body (including the Information Commissioner’s Office (“ICO”) referred to below) and any other appropriate party.  


Data Retention

We will hold your Relevant Data to the following extent:
  • Up to 6 months after we have communicated to you our decision about whether to appoint you or your decision on any employment offered, whichever is later.
  • If we wish to retain your personal information on file on the basis that a further opportunity may arise in future and we may wish to consider you for that, we will write to you separately to seek your explicit consent to retain your data for a further 6 months on that basis.
  • If you are recruited by the business we will provide you with further information regarding the retention period for your Relevant Data.
We reserve the right to anonymise your data if that is appropriate.  Any data retained will be kept securely and destroyed (included shredded) appropriately, to the extent reasonably possible.

Access, Amendments & Restrictions

You have the right to gain access to the Relevant Data we have stored in relation to you at any time.  You can also request that we amend our records where any information is inaccurate or out of date.  You will need to inform us if any of your personal information changes.  You are responsible for ensuring your data is sent securely.

If at any time you wish to withdraw your consent and/or object to us handling your data or its processing, whether partially or in full, you will need to inform us.

Where any such request is made you will be informed of the process and any payment or further details you may need to supply from the Data Privacy Manager. 

Whilst you may make any request to amend, object or otherwise we may have lawful reasons to continue to collect and process your Relevant Data as well as justify a refusal.  So that any amendment can be tracked to the request, key details will be retained for evidential purposes.

Notwithstanding the above you can report any data concern or complaint to ICO.  They are responsible for ensuring data privacy rights are protected for certain individuals.  Their details can be found via the following link: https://https://ico.org.uk/


Your Consent

Provided you understand the extent of this form and our Privacy Notice you confirm as follows:
  • You have read and understood this document and our Privacy Policy.
  • You understand your rights with regards to your Relevant Data. This includes your rights to withdraw consent and amend your Relevant Data.
  • You consent to us collecting and processing your Relevant Data to enable us to conduct the recruitment exercise (including the potential formation of the employment contract).
  • Where you had any uncertainty or queries you have spoken with the Data Privacy Manager and you are satisfied with any response received.
  • You understand that you can request any of your Relevant Data that we hold and/or process from the Company’s Data Privacy Manager.
  • You can, should you wish to object and/or seek any amendments to your Relevant Data, do so by informing the Data Privacy Manager.
  • You understand that you are able to approach ICO if you have any concerns or complaints regarding your Relevant Data.
If you have any queries or concerns please feel free to contact one of the Data Privacy Managers, Dami Fowler +44(0)2038891177 and dami.fowler@nucleus-cf.co.uk.

Awards / Accreditations