Zopa Recruitment - Privacy Notice
This Privacy Notice is the privacy notice for Zopa Limited and Zopa Bank Limited. When we mention "Zopa", "we", "us" or "our", we mean whichever one of Zopa Limited or Zopa Bank Limited that processes your personal data.
This Privacy Notice provides details of what personal data we collect about you, what we do with it, who we share it with and your rights in relation to it, when you make a job application to Zopa.
Last updated: 16 July 2019
- The personal data we collect about you
- Using your personal data
- Special categories of personal data
- Employment screening checks
- Sharing your personal data
- Overseas transfers
- Retaining your personal data
- Profiling and automated decision-making
- Your rights
- How to contact us or make a complaint
- Consequences of not providing us with your personal data
- Keeping your personal data safe
- About Zopa
- Changes to this Privacy Notice
1. Personal data we collect about you
We will collect various personal data about you as part of your job application process, including the below:
- Name and contact details
- Date of birth
- CV and work history
- Driver information
- Criminal convictions
- Credit history
- Documentation relating to your right to work
- Equal opportunities data
- Correspondence, interview notes, and the results of any online tests
- Publicly available information about you (your Linkedin profile for example)
- Any other data we collect as part of your application (including if you come to our office for an interview)
Some of the above data may only be collected if we want to make you a job offer and others may not be collected depending on the circumstances or may be optional. More details on this are below.
This data is obtained:
- directly from you
- if applicable, from the recruitment agency involved with your application
- from the third parties described below
- publicly available sources
2. Using your personal data
Data protection law requires us have a legal basis for using your personal data. We will use your personal data on one or more of the following legal bases:
- To take steps at your request before we went into a contract of employment
- To comply with a legal requirement
- Where we have a legitimate interest in using your personal data which isn't outweighed by your interests, rights and freedoms
We've set out in the table below how we use your personal data and the legal basis for using it:
|How we use your personal data||Basis for processing|
|Managing the recruitment processes Addressing complaints and queries||Take steps as part of entering into an employment contract|
|Ensuring a right to work Checking criminal convictions Provision of data to regulators, courts or governmental bodies where required as part of a governmental or court order||Compliance with legal requirements|
|Undertaking employment screening checks||Compliance with legal requirements/legitimate interests|
|Retaining copies of the application Ensuring security of premises, data and technology References Obtain credit history Identify verification Fraud prevention||Legitimate interests (so we can ensure we recruit appropriate candidates and contact previous candidates about new roles they might be interested in)|
|Disclosure of data to law enforcement agencies where we consider there is a compelling reason to do so to protect our business or personnel||Legitimate interests (so we can ensure the safety of our personnel)|
3. Special categories of personal data
In addition to general data we’ll gather about you, we may also gather what is known as ‘special category data’. This includes data relating to racial or ethnic origin, religious or philosophical beliefs, trade union membership, health data or sexual orientation.
Due to the particular sensitivity of the above types data we’re outlining below the circumstances in which we will we will process this type of data and the legal basis on which we will process it:
|How we use your personal data||Basis for processing|
|Monitor diversity by using racial, ethnic origin, religion, health and sexual orientation data for diversity monitoring||Substantial public interest linked to a legal obligation|
|To make reasonable adjustments to accommodate health requirements||Substantial public interest linked to a legal obligation|
|Any legal claims that may arise in connection with your application||Processing necessary to establish, exercise or defend legal claims|
4. Employment Screening Checks
Zopa may undertake identity verification checks and employment screening in the event we want to make you an offer. These checks will generally need to be completed before your employment starts.
Completion of these checks will require you to provide certain documentation and/or additional details, and may require signed permission from you. We are mindful of your privacy so we will undertake these checks only where necessary as part of your application.
An overview of the checks are set out below however because the full extent of checks we’ll make depends on the nature of the role you’re applying for, we’ll provide full details of the checks we want to make in the event we make you an offer of employment. If we decide to make you an offer of employment:
If we decide to make you an offer of employment:
Your credit file, fraud prevention, and identity verification
As part of this we’ll do a search of your credit history. This search leaves a ‘footprint’ on your credit file that is visible only to you.
Checks undertaken if you formally accept any offer of employment we may make:
Right to work – you’ll need to provide evidence of your right to work (we’ll let you know what information is acceptable if we make an offer). We may also check your right to work with the UK Home Office if your eligibility is unclear from the documents you provide.
Criminal convictions – We’ll check if you have any criminal convictions that affect your suitability for the role. A check is made with relevant governmental agencies.
Relevant registers – We’ll check if there are any entries against you in a range of public registers.
Fraud Prevention Agency checks – we will conduct a further check of your details against the fraud database held by Cifas.
Because the full extent of searches we’ll undertake depends on the nature of the role you’re applying for, we’ll provide full details of the extent of searches we’ll carry out when we make an offer but before we actually undertake the searches.
The employment screening checks outlined above may be more extensive than you’re used to. If you wish to discuss these checks in further detail or raise a specific concern, please contact your hiring manager, or email us at email@example.com.
5. Sharing your personal data
We use third parties to help us perform or improve a range of our business processes so that we can carry on the activities described above. This means that we may have to share your personal data with third parties and/or they may have to share your personal data with us. These third parties may include:
- Credit reference and fraud prevention agencies
- Recruitment agencies
- Medical/occupation health professionals
- Third party service providers to support the operation of our recruitment process. For example:
- Hosting providers
- Agencies that help with screening checks
- Messaging providers
- Our regulators or government authorities, for example the Financial Conduct Authority, the Financial Ombudsman Service and the police
- Anyone who we transfer all or part of our assets to
6. Overseas transfers
Our use of certain of the third parties outlined above will result in the transfer your personal data to countries outside the European Economic Area (EEA), whose data protection laws are less strict than in the European Economic Area.
Where we do so, we will make sure suitable safeguards are in place to protect your personal data. These safeguards will depend on the third party that data is being transferred to but include the use of Privacy Shield, Binding Corporate Rules and the European Commission’s standard contractual clauses.
Credit reference agencies we use to check your credit history will transfer your personal data outside the UK and the EEA. Where this happens, they are responsible for that transfer and you can more information in Equifax’s, Transunion’s and Experian’s privacy policies.
7. Retaining your personal data
If you’re unsuccessful, we’ll keep your details on file for 2 years from the date we let you know your application was unsuccessful. This is so we can deal with any queries or issues linked to your application, and get in touch if any other suitable roles come up.
If you don’t want us to get in touch, just let your hiring manager know or email us at firstname.lastname@example.org.
8. Profiling and automated decision making
We do not engage in any profiling or automated decision-making as part of processing your application. If this changes in the future, we’ll update this privacy notice.
9. Your rights
Right to access your data
You can access your personal data by emailing us at email@example.com or by calling us on 020 7580 6060. We aim to provide you with your data within 30 days.
Right to correction
You can ask us to correct any personal data which you believe is inaccurate. We'll update your personal data as soon as we can.
Right to erasure or restriction
Provided you have valid grounds, you can ask us to erase or suspend our use of your personal data but we can refuse in certain circumstances.
You can ask us to notify everyone to whom we've given your personal data whenever we amend, delete or agree to restrict our use of it.
Right to data portability
You can ask us to give you your personal data in a structured, commonly used and machine-readable format or have it sent to another data controller.
Right to object
You have a right to object where we use your personal data for our legitimate interests.
10. How to contact us or make a complaint
If you have any questions about anything related to data protection or your privacy, or if you are unhappy with how we've handled your data you can contact us at:
The Data Protection Officer (DPO)
47-49, Cottons Centre
Or by email at: firstname.lastname@example.org
If you are still unsatisfied you can refer your concerns to the Information Commissioner's Office, the body that is responsible for ensuring compliance with data protection law in the UK, at:
Information Commissioner's Office
Tel: 0303 123 1113
11. Consequences of not providing us with your personal data
If you don’t want to provide certain personal data, then we will need to decide whether we are able to continue with the application process. For example, if you aren’t willing to provide references, we’re unlikely to be able to continue with your application.
12. Keeping your personal data safe
We take your privacy seriously and take every reasonable measure to keep your personal data secure. We monitor our systems 24/7 and continually work to improve the security of your personal data and our systems.
We use encryption to ensure the security of your data during transmission.
13. About Zopa
Zopa Bank Limited is a company incorporated in England & Wales under company registration number 10627575. Our registered office is at 1st Floor, Cottons Centre, Tooley Street, London SE1 2QG.
We’re registered with the Information Commissioner’s Office with registration number Z879078, and authorised and regulated by the Financial Conduct Authority and entered on the Financial Services Register under firm registration number 800542.
14. Changes to this Privacy Notice
We'll regularly review this Privacy Notice to make sure it remains up to date. If we make any changes, we'll post the updated policy on this page.