Zopa Recruitment - Privacy Notice

This Privacy Notice is the privacy notice for Zopa Limited and Zopa Bank Limited. When we mention "Zopa", "we", "us" or "our", we mean whichever one of Zopa Limited or Zopa Bank Limited that processes your personal data.

This Privacy Notice provides details of what personal data we collect about you, what we do with it, who we share it with and your rights in relation to it, when you make a job application to Zopa.

Last updated: 16 July 2019


  1. The personal data we collect about you

  2. Using your personal data

  3. Special categories of personal data

  4. Employment screening checks

  5. Sharing your personal data

  6. Overseas transfers

  7. Retaining your personal data

  8. Profiling and automated decision-making

  9. Your rights

  10. How to contact us or make a complaint

  11. Consequences of not providing us with your personal data

  12. Keeping your personal data safe

  13. About Zopa

  14. Changes to this Privacy Notice

1. Personal data we collect about you

We will collect various personal data about you as part of your job application process, including the below:

  • Name and contact details

  • Date of birth

  • CV and work history

  • References

  • Driver information

  • Criminal convictions

  • Credit history

  • Documentation relating to your right to work

  • Disability

  • Equal opportunities data

  • Correspondence, interview notes, and the results of any online tests

  • Publicly available information about you (your Linkedin profile for example)

  • Any other data we collect as part of your application (including if you come to our office for an interview)

Some of the above data may only be collected if we want to make you a job offer and others may not be collected depending on the circumstances or may be optional. More details on this are below.

This data is obtained:

  • directly from you

  • if applicable, from the recruitment agency involved with your application

  • from the third parties described below

  • publicly available sources

2. Using your personal data

Data protection law requires us have a legal basis for using your personal data. We will use your personal data on one or more of the following legal bases:

  • To take steps at your request before we went into a contract of employment

  • To comply with a legal requirement

  • Where we have a legitimate interest in using your personal data which isn't outweighed by your interests, rights and freedoms

We've set out in the table below how we use your personal data and the legal basis for using it:

How we use your personal dataBasis for processing
Managing the recruitment processes

Addressing complaints and queries
Take steps as part of entering into an employment contract
Ensuring a right to work

Checking criminal convictions

Provision of data to regulators, courts or governmental bodies where required as part of a governmental or court order
Compliance with legal requirements
Undertaking employment screening checksCompliance with legal requirements/legitimate interests
Retaining copies of the application
Ensuring security of premises, data and technology
Obtain credit history
Identify verification
Fraud prevention
Legitimate interests (so we can ensure we recruit appropriate candidates and contact previous candidates about new roles they might be interested in)
Disclosure of data to law enforcement agencies where we consider there is a compelling reason to do so to protect our business or personnelLegitimate interests (so we can ensure the safety of our personnel)

3. Special categories of personal data

In addition to general data we'll gather about you, we may also gather what is known as 'special category data'. This includes data relating to racial or ethnic origin, religious or philosophical beliefs, trade union membership, health data or sexual orientation.

Due to the particular sensitivity of the above types data we're outlining below the circumstances in which we will we will process this type of data and the legal basis on which we will process it:

How we use your personal dataBasis for processing
Monitor diversity by using racial, ethnic origin, religion, health and sexual orientation data for diversity monitoringSubstantial public interest linked to a legal obligation
To make reasonable adjustments to accommodate health requirementsSubstantial public interest linked to a legal obligation
Any legal claims that may arise in connection with your applicationProcessing necessary to establish, exercise or defend legal claims

4. Employment Screening Checks

Zopa may undertake identity verification checks and employment screening in the event we want to make you an offer. These checks will generally need to be completed before your employment starts.

Completion of these checks will require you to provide certain documentation and/or additional details, and may require signed permission from you. We are mindful of your privacy so we will undertake these checks only where necessary as part of your application.

An overview of the checks are set out below however because the full extent of checks we'll make depends on the nature of the role you're applying for, we'll provide full details of the checks we want to make in the event we make you an offer of employment. If we decide to make you an offer of employment:

If we decide to make you an offer of employment:

Your credit file, fraud prevention, and identity verification

As part of this we'll do a search of your credit history. This search leaves a 'footprint' on your credit file that is visible only to you.

Checks undertaken if you formally accept any offer of employment we may make:

  • Right to work -- you'll need to provide evidence of your right to work (we'll let you know what information is acceptable if we make an offer). We may also check your right to work with the UK Home Office if your eligibility is unclear from the documents you provide.

  • Criminal convictions -- We'll check if you have any criminal convictions that affect your suitability for the role. A check is made with relevant governmental agencies.

  • Relevant registers -- We'll check if there are any entries against you in a range of public registers.

  • Fraud Prevention Agency checks -- we will conduct a further check of your details against the fraud database held by Cifas.

Because the full extent of searches we'll undertake depends on the nature of the role you're applying for, we'll provide full details of the extent of searches we'll carry out when we make an offer but before we actually undertake the searches.

The employment screening checks outlined above may be more extensive than you're used to. If you wish to discuss these checks in further detail or raise a specific concern, please contact your hiring manager, or email us at recruitment@zopa.com.

5. Sharing your personal data

We use third parties to help us perform or improve a range of our business processes so that we can carry on the activities described above. This means that we may have to share your personal data with third parties and/or they may have to share your personal data with us. These third parties may include:

  • Credit reference and fraud prevention agencies

  • Recruitment agencies

  • Medical/occupation health professionals

  • Third party service providers to support the operation of our recruitment process. For example:

    • the provider of our recruitment platform used to manage applications (Lever.co (privacy policy at https://www.lever.co/privacy-notice/)

    • Hosting providers

    • Agencies that help with screening checks

    • Messaging providers

  • Our regulators or government authorities, for example the Financial Conduct Authority, the Financial Ombudsman Service and the police

  • Anyone who we transfer all or part of our assets to

6. Overseas transfers

Our use of certain of the third parties outlined above will result in the transfer your personal data to countries outside the European Economic Area (EEA), whose data protection laws are less strict than in the European Economic Area.

Where we do so, we will make sure suitable safeguards are in place to protect your personal data. These safeguards will depend on the third party that data is being transferred to but include the use of Privacy Shield, Binding Corporate Rules and the European Commission's standard contractual clauses.

Credit reference agencies we use to check your credit history will transfer your personal data outside the UK and the EEA. Where this happens, they are responsible for that transfer and you can more information in Equifax's, Transunion's and Experian's privacy policies.

7. Retaining your personal data

If you're unsuccessful, we'll keep your details on file for 2 years from the date we let you know your application was unsuccessful. This is so we can deal with any queries or issues linked to your application, and get in touch if any other suitable roles come up.

If you don't want us to get in touch, just let your hiring manager know or email us at recruitment@zopa.com.

If you're successful, we'll transfer your data collected as part of your application to your personnel file when you start your role here (at that point, your data will be handled in accordance with a separate privacy policy that you'll get a copy of before you start).

8. Profiling and automated decision making

We do not engage in any profiling or automated decision-making as part of processing your application. If this changes in the future, we'll update this privacy notice.

9. Your rights

Right to access your data

You can access your personal data by emailing us at contactus@zopa.com or by calling us on 020 7580 6060. We aim to provide you with your data within 30 days.

Right to correction

You can ask us to correct any personal data which you believe is inaccurate. We'll update your personal data as soon as we can.

Right to erasure or restriction

Provided you have valid grounds, you can ask us to erase or suspend our use of your personal data but we can refuse in certain circumstances.

Notification obligation

You can ask us to notify everyone to whom we've given your personal data whenever we amend, delete or agree to restrict our use of it.

Right to data portability

You can ask us to give you your personal data in a structured, commonly used and machine-readable format or have it sent to another data controller.

Right to object

You have a right to object where we use your personal data for our legitimate interests.

10. How to contact us or make a complaint

If you have any questions about anything related to data protection or your privacy, or if you are unhappy with how we've handled your data you can contact us at:

The Data Protection Officer (DPO) Zopa 47-49, Cottons Centre Tooley St London SE1 2QG

Or by email at: privacy@zopa.com

If you are still unsatisfied you can refer your concerns to the Information Commissioner's Office, the body that is responsible for ensuring compliance with data protection law in the UK, at:

Information Commissioner's Office Wycliffe House Water Lane Wilmslow SK9 5AF

Tel: 0303 123 1113 Website: www.ico.org.uk

11. Consequences of not providing us with your personal data

If you don't want to provide certain personal data, then we will need to decide whether we are able to continue with the application process. For example, if you aren't willing to provide references, we're unlikely to be able to continue with your application.

12. Keeping your personal data safe

We take your privacy seriously and take every reasonable measure to keep your personal data secure. We monitor our systems 24/7 and continually work to improve the security of your personal data and our systems.

We use encryption to ensure the security of your data during transmission.

13. About Zopa

Zopa Bank Limited is a company incorporated in England & Wales under company registration number 10627575. Our registered office is at 1st Floor, Cottons Centre, Tooley Street, London SE1 2QG.

We're registered with the Information Commissioner's Office with registration number Z879078, and authorised and regulated by the Financial Conduct Authority and entered on the Financial Services Register under firm registration number 800542.

14. Changes to this Privacy Notice

We'll regularly review this Privacy Notice to make sure it remains up to date. If we make any changes, we'll post the updated policy on this page.