Recruitment Privacy Notice

Here's everything you need to know about how we use and share your personal data when you apply for a job at Zopa.

What's inside

1. SUMMARY

2. WHO WE ARE AND HOW YOU CAN CONTACT US

3. WHAT WE USE PERSONAL DATA FOR

4. WHAT KINDS OF PERSONAL DATA WE USE, AND WHERE WE GET IT FROM

5. WHAT OUR LEGAL GROUNDS FOR HANDLING PERSONAL DATA ARE

6. WHO WE SHARE THE PERSONAL DATA WITH

7. WHERE THE PERSONAL DATA IS STORED AND SENT

8. HOW LONG IS THE PERSONAL DATA IS KEPT FOR?

9. WHETHER THE PERSONAL DATA IS USED TO MAKE AUTOMATED DECISIONS ABOUT YOU OR TO PROFILE YOU?

10. YOUR RIGHTS IN RESPECT OF THE PERSONAL DATA THAT WE HOLD ABOUT YOU

11. WHO YOU CAN COMPLAIN TO IF YOU ARE UNHAPPY ABOUT THE USE OF YOUR PERSONAL DATA?

1. SUMMARY

Our reasonWhat we do

To enter into and fulfil a contract of employment

  • Manage recruitment processes
  • Manage shortlisting
  • Obtain references and vettin

Our Legal duty

  • Ensure rights to work
  • Comply with legal obligations and regulation
  • Provide information to regulators, courts or government bodies

Our legitimate interests

What we doExplanation of interest

Retain copies of the application

Ensuring security of premises, data and technology

Address complaints and queries

To comply with rules and regulations that apply to us

To protect our staff, customers and property from inappropriate access, damage, crime or fraud

To communicate with you and comply with your instructions

Consent
  • When we rely on consent to process your informationwe will tell you when we obtain your consent.

For processing special categories of personal data

Substantial public interest

  • Monitor diversity by using racial, ethnic origin, religion, health and sexual orientation data for diversity monitoring

For employment purposes

  • To make adjustments to accommodate health requirements

Strictly Private and Confidential3For the prevention and detection of fraud and crime

  • Use criminal records data to help detect, prevent and prosecute unlawful acts and fraudulent behaviour

Legal claims

  • Use any special categories of data as needed to establish, exercise or defend legal claims.

Consent

  • When we rely on consent to process your informationwe will tell you when we obtain your consent

2. WHO WE ARE AND HOW YOU CAN CONTACT US

We are Zopa Group Limited which is a group of companies with headquarters at Registered Office: 1st floor, Cottons Centre, 47-49 Tooley Street, London, SE1 2QG. This privacy notice applies to Zopa Financial Services Ltd and Zopa ltd.

The particular Zopa Group company in the list to whom you are applying, is the controller of the personal data we hold about you for this process. This means that it is responsible for ensuring the personal data is used fairly and lawfully, and it is the legal person against whom you can exercise the rights referred to in section 9 below. Certain Zopa Group companies will also handle your information in the role stated in section 5.

If your application is successful and you're hired, your personal data will be processed in accordance with our Zopa Group Staff Privacy Notice.

If you have any questions about this document or any concerns around your personal data, please contact us at recruitment@zopa.com.

3. WHAT WE USE PERSONAL DATA FOR

This section explains the different types of personal data we collect and what we use it for.

Managing the recruitment process

  • To communicate with you, (and on a strict need to know basis) relevant Zopa Group personnel involved in the recruitment process, and relevant third parties, for the reasons set out in this privacy notice
  • To record and demonstrate how we have conducted the application and recruitment process and arrived at our decision regarding your application.

Employment Screening Checks

Due to the nature of its business, Zopa Group holds highly confidential data within its systems and records and is subject to stringent legal and regulatory responsibilities. To protect Zopa Group and its parent company's interests, and those of its clients, partners, and other stakeholders including consumers and third parties, Zopa Group's policy is to undertake identity verification checks and employment screening. These checks are mandatory to your application and will generally need to be completed before commencement of any employment. Completion of these checks will require you to present certain documentation or provide additional details, and may require signed authorisation or acknowledgement from you – further details will be provided with any offer of employment. We are mindful of your privacy so we will only undertake these checks according to the appropriate stage of the application. These checks are set out below:

If we decide to make you an offer of employment:

Your credit file, fraud prevention, and identity verification

This involves us having sight of your financial situation and history in your credit file held by a credit reference agency (including shared credit, any court judgments or orders, bankruptcy, individual voluntary arrangements or similar events), and by way of a check of your details against the Internal Fraud Database held by Cifas, a fraud prevention organisation. This search leaves a 'footprint' on your credit file that is visible only to you should you obtain a copy of your credit file from Equifax Limited.

Checks undertaken if you formally accept any offer of employment we may make:

  • That you have the right to work in the UK – to comply with our legal obligations concerning migrant workers, we require you to provide certain documentary evidence. You will be provided with a list of acceptable documents to determine eligibility. Where eligibility is unclear from the documentation you provide, we will contact the UK Visa and Immigration service to check validity without further reference back to you.
  • Whether you have any criminal convictions that affect your suitability for the role. A check is made with the Disclosure and Barring Service (if you live in or the job is in England and Wales), or Disclosure Scotland (if you live in or the job is in Scotland). We may engage a third party for this purpose. A higher level of check may be needed for certain roles, for example where the role being applied for involves a requirement for the person to be of Financial Conduct Authority ('FCA') Approved Person status. Details of the level of search will be provided as part of the documentation / process that you will be asked to provide and complete to enable the search to be carried out.
  • Your employment and educational references - for a period up to the preceding 10 years
  • Your qualifications and relevant trade or professional memberships – where the information you provide is incomplete, we may seek confirmation directly from the issuing / governing body without further reference back to you.
  • Whether there are any entries against you in the following public registers:
    • FCA register of Authorised Persons (restrictions or suspensions)
    • Office of Foreign Assets Control (US imposed trade sanctions)
    • HM Treasury Financial Sanctions (asset freeze targets)
    • Companies House (disqualified directors)
  • Fraud Prevention Agency checks – we will conduct a further check of your details against the Internal Fraud Database held by Cifas.

If you're applying for a senior management or executive role, we'll review your publicity and profile information that can be found through web search engines. We'll check relevancy to the standards of integrity and conduct required of your role.

If you become employed by Zopa Group, we'll repeat some of these checks at appropriate intervals. We'll provide more information on this when your employment begins.

Making reasonable disability adjustments (if applicable)

To ensure appropriate arrangements are in place throughout the recruitment process and, if your application is successful, to prepare for you commencing employment.

Monitoring to ensure our recruitment practices meet equal opportunities obligations

We are legally required to ensure that job applicants are given the same set of opportunities regardless of, amongst other things, their race or ethnic origin. We therefore require that you provide certain information in the job application form to help us monitor our practices for compliance with this requirement. If any offer of employment is taken up, we continue to keep this information throughout the employment relationship to help us to maintain fair treatment for employees irrespective of their race/ethnicity. It is only done to review our practices in relation to treatment across racial or ethnic groups, rather than to track your treatment to make decisions about you at individual level. If you have any concerns around this or require us to cease using your personal information for this purpose, please email us at recruitment@zopa.com.

Legal and regulatory purposes

To respond to and defend any legal claims that may arise out the recruitment process. Also we may provide information to law enforcement agencies where they request this, or of our own choice where we consider there is a compelling reason to do so to protect our workers, visitors, customers or their consumers, or our general business interests.

4. WHAT KINDS OF PERSONAL DATA WE USE, AND WHERE WE GET IT FROM

The table below explains what we collect and where we source it.

Type of informationDescriptionSource
Name and contact detailsThis includes your current home address, email addresses and telephone numbers. We'll use these to contact you.This information is typically obtained directly from you (and/or the recruitment involved where applicable) in the application form, from the checks described above, from interviews, or as otherwise notified to you within the application process.
Date of birthWe'll use this to make sure that our records and employee checks relate to the right person and for any roles where there's a minimum qualifying age.
Driver informationWe require proof of driving and vehicle insurance eligibility where driving is relevant to the role or involves a company vehicle.
Criminal convictionsPlease see the explanation above on criminal records checks.
Right to work in the UKWe'll ask you for documents to check eligibility when you apply. If you're successful, we'll repeat these checks at regular intervals during your employment.
Other application detailsPrevious work history includes work references, qualifications and where applicable, professional memberships, your reasons for applying and suitability for the position and other details you provide in the application form and during interview(s).
Disability (where applicable)For any facilities or practical arrangements to assist you in the recruitment process (and should any offer of employment be accepted, to prepare the workplace for your arrival).
Equal opportunities monitoringPlease see the explanation in section 2 above.
Attending our premises for interview(s)Your details will recorded in the visitor's book on reception. A CCTV system is in operation at our building for the safety and security of our staff, visitors and property. Please refer to the signs located on and in our premises. Access to images by Zopa Group personnel and third parties is on a strict need to know basis. Images are overwritten after 90 days.

The mandatory checks above are an essential part of our application process. This is due to the nature of our business and our legal and regulatory responsibilities mentioned in this document. We know that these checks might seem more extensive than you've experience before, so if you have any questions or concerns, please call your Zopa HR contact or email us on recruitment@zopa.com

This section explains the basis on which we process your personal data.

To take steps at your request prior to entering into or in order to enter into any contract of employment that may arise regarding your job application.

To comply with our legal and regulatory obligations both generally as a business and in relation to your application for employment for example regarding equal opportunities and disability adjustments.

Legitimate interests

The UK's data protection law allows the use of your personal data where necessary for legitimate purposes provided that this isn't outweighed by the impact it has on you. The law calls this the "legitimate interests" condition for processing personal data.

The legitimate interests we are pursuing are:

  • administering and managing the recruitment process
  • assessing and confirming an applicant's suitability for employment
  • deciding to whom to offer a job
  • keeping records of this process to explain or justify our position in doing so.

Special categories of personal data (SCPD)

Categories of SCPDSCPD legal grounds
Information revealing racial or ethnic origin, data concerning health (i.e. disability) and criminal convictionsProcessing is necessary for the Zopa Group company who you are applying to, to carry out its obligations and exercise specific rights in relation to employmentProcessing is necessary to monitor equal opportunitiesProcessing is necessary to respond to and defend against legal claims

With your consent

If you've signed up through our careers page at www.zopa.com to receive job alerts. You can unsubscribe to these alerts at any time.

6. WHO WE SHARE THE PERSONAL DATA WITH

Our group companies

We might share your personal data with other relevant companies within the Zopa Group. If we do, your personal data will be governed by this privacy notice. Any relevant companies are listed below. This list might change in the future.

Group companyMain trading addressRegistered office
Zopa Limited(company no. 05197592)Peer to Peer lending and Investment1st floor, Cottons Centre, 47-49 Tooley Street, London, SE1 2QG.
Zopa Financial Services Ltd(company no? )Banking Services
Zopa Financial Services Ltd(company no.?)Barcelona, Spain

Service providers

We may provide your information to third parties who help us use it for the purposes described in section 2. For example:

  • Our database of personal data may be hosted by third parties on our behalf.
  • We use a third party email broadcasting service in order to send you emails (or if we contact you by SMS message)

These service providers will not be allowed to use your information for their own purposes or on behalf of other organisations, unless you agree otherwise.

Business transfers

If we sell our business to a third party, or go through a corporate reorganisation, this will involve the transfer of our corresponding human resources records (including recruitment records), to the new undertaking for them to use in the same way as set out in this privacy notice.

7. WHERE THE PERSONAL DATA IS STORED AND SENT

Within Europe

We are primarily based in the United Kingdom, and will access and use your information from here. However, we also have operations elsewhere in the European Union – currently Spain and personal data may be accessed from there too. In these cases, the use of the information in those locations is protected by European data protection standards and UK Data Protection Act 2018.

Elsewhere

We also send information elsewhere in the world. For example:

  • Sometimes a trusted third party supplier such as our Credit References Agency may process data overseas
  • We may use cloud-based technology or a data centre or backup facility overseas.

While countries within the European Union all ensure a high standard of data protection law, some parts of the world may not provide the same level of legal protection in relation to personal data. As a result, when we do use a supplier who sends personal data overseas, we will make sure that suitable safeguards are in place to protect the information. For example, these safeguards might include:

  • Putting in place a contract with the recipient containing terms which have been approved by the relevant authorities as providing a suitable level of protection.
  • Sending the information to an organisation which is a member of a scheme or which has been approved by the authorities as providing a suitable level of protection. One example is the "Privacy Shield" scheme that has been agreed between the European and US authorities.

If your information has been sent overseas like this, you can obtain further information about the safeguards used by emailing us privacy@zopa.com

8. HOW LONG IS THE PERSONAL DATA IS KEPT FOR?

So we can deal with any questions during your application, we will, unless otherwise stated in this privacy notice, keep your personal data for up to two years from the date that we formally notify you of our decision. If you're successful, we'll transfer these records to your employee file when you start at Zopa.

9. WHETHER THE PERSONAL DATA IS USED TO MAKE AUTOMATED DECISIONS ABOUT YOU OR TO PROFILE YOU?

We perform the following activities using your personal data:

  • Profiling - when your personal data is used to make predictions, or to categorise you into particular groups.
  • Automated decisions – when decisions are made entirely by automated means which have a legal or other significant impact upon you.

We undertake the following profiling activities to help inform our recruitment decisions:

Identity verification

As explained in section 2, we'll use the information you provide with your application to help us to verify your identity. We do this by checking the information you give us against databases such as the electoral roll and your credit file. If we can't verify your identity we'll ask for details of your previous address(es) and additional documentary address verification.

Searching your credit file

See section 2 above for more information.

Personality profiles and aptitude testing

So we can get an unbiased measure of your aptitude and personality, we might ask you to take an assessment as part of your application. We'll use third parties for this.

The above activities do not involve automated decisions in that we do not rely on any one, or any combination of these, as the sole basis for making a recruitment decision about you. They form only part of an overall assessment made by our recruitment team. Recruitment decisions will also take account any representations you may make if you are unhappy about the outcome of these profiling activities on your application, or any clarifying information we may ask you for in response to the outcomes.

10. YOUR RIGHTS IN RESPECT OF THE PERSONAL DATA THAT WE HOLD ABOUT YOU

You have several different rights in relation to the personal data that we hold about you. These are briefly described below. To enquire about exercising these rights, please use the contact details set out in section 1.

  • Access: You have a right to find out what personal data we hold about you, and certain other information such as how we are using it.

  • Withdrawal of consent: We only send you job alerts if you have indicated that you want to receive them. You can unsubscribe from these at any time via the careers pages of www.zopa.com

  • Rectification: If the information that we hold about you is inaccurate or out of date, you have a right to ask us to correct it.

  • Objection to legitimate interests: If you disagree with us relying on the legitimate interests grounds for using your personal data (see section 4 above), you can object to us doing so. We will then reassess the extent to which we can continue to use the data in light of your particular circumstances.

  • Erasure: In certain circumstances you can ask us to delete your personal data from our systems. However, this usually won't apply to all of your data because we might have good reason for needing to keep some of it.

  • Restriction: In some circumstances you can ask us to restrict the ways in which we use your personal data.

  • Portability: You have the right to receive some limited kinds of information in a portable format.

11. WHO YOU CAN COMPLAIN TO IF YOU ARE UNHAPPY ABOUT THE USE OF YOUR PERSONAL DATA?

If you're unhappy with how we've used or handled your personal data, please get in touch by sending an email to recruitment@zopa.com

You should also use this email address if you want to exercise any of your personal data rights referred to in section 9 above in relation to the job application activities referred to in this privacy notice.

You can also contact our Data Protection Officer: mailto:privacy@zopa.com

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO), which is the body that regulates the handling of personal data in the United Kingdom. You can do this online through the ICO's website at www.ico.org.uk, by telephone on 0303 123 1113, or by writing to them at Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, SK9 5AF.