Privacy Notice for Job Applicants 

This privacy notice provides details on what personal information we collect and use about you during your job application with Zopa Bank.   

It applies to anyone who applies for a job at Zopa Bank and has received an offer of employment. This policy is applicable until a candidate’s first day of employment, at which point the Staff Privacy Notice becomes applicable. 

This Privacy Policy was lasted updated in February 2025. 

TOPICS 

  • Information we collect about you 

  • Using your information 

  • Sharing your information 

  • Cifas 

  • Overseas transfers 

  • Retaining your information 

  • Yours rights 

  • Making a complaint 

  • Consequences of not providing us with your personal information 

  • Keeping your information safe 

  • Changes to this Privacy Policy 

Information we collect about you  

The personal information we may hold about you, includes:   

  • Personal contact details such as name, home address, telephone number, and personal email address.  

  • Date of birth  

  • Education (including qualifications) 

  • Employment history, including the contact details of any references.  

  • Credit history information 

  • Salary expectations 

  • Right to work documentation  

  • Directorship information 

We may also collect and store “special categories” of more sensitive personal information, including   

  • Health data and reasonable adjustments 

  • Information about criminal convictions and offences.  

  • Social Media Information  

  • Pronouns 

  • Ethnicity and background 

The information we hold may come from: 

  • You  

  • Your former employer(s)  

  • Referees  

  • Other third parties such as employment agencies, credit reference agencies or other background check agencies (including the Disclosure and Barring Service in respect of criminal convictions) 

 

Using your information 

The UK’s data protection law allows us to use your personal information provided we have a legal basis for doing so. The legal bases that we rely on to use your information include:  

  • We need to use your information to perform our obligations under our agreement with you  

  • We need to use your information to comply with a law we’re subject to   

  • We (or a third party) have a legitimate interest in using your information which isn’t outweighed by your interests or fundamental rights and freedoms  

  • You’ve given us your consent. 

  • Where we are using special categories or more sensitive personal information, the legal bases include:   

  • We need to use your information to carry out obligations and exercise our and your specific rights under employment, social security and social protection law, or  

  • You’ve given us your explicit consent   

  • To establish, exercise or defend our legal rights  

We’ve set out in the table below how we use your information and the legal basis for using it.   

How we may user your informationLegal Basis
  • To check if your skill set and knowledge are a match for the role you have applied for 
  • Make decisions about your recruitment or appointment  
  • Prevent fraud and other relevant conduct (see Cifas section below for the definition of relevant conduct)  
  • Perform background checks (other than any we’re required by law to do) 
  • To contact you about your application and ask for any more information we might need. 
  • Perform background checks (other than those required by law) 
  • To understand if your salary expectations align to the range we’re able to offer for the role you have applied for. 
  • Check your references 
  • Operate our application tracking system, including generating analytics relating to recruiting 
  • Conducting analytics on applications and using tools related to the recruitment such as note taking, summaries or analytics. 
  • Retain your data so we can get back in touch if we think you might be suitable for other roles 
Legitimate interest in administering our relationship with you and operating our business Steps before entering into a contract with you 
  • Verify your identity  
  • Check you are legally entitled to work in the UK  
  • To conduct background checks required by law, including in light of your potential role, the fact we operate in the financial services sector and in line with our regulators’ expectations. 
  • To understand your history of any financial behaviours that might affect your ability to carry out tasks at Zopa. 
To comply witha legal obligation
  • Dealing with any legal claims that may arise in connection with your application
 		To establish, defend or exercise our legal rights 
  • We use a third-partysupplier to create a transcript of any interviews you have with us 
Consent

Special Category Data

How we may use your information Legal Basis
  • To adjust the process to suit you, where we can. We will only process this information if you give us permission. 
  • To help us with monitoring inclusion and monitoring. You don not have to share this information if you don’t want to. 
Explicit Consent 
  • Where we arerequired by law, check if you have a criminal recordor where you may be subject to sanctions, in each case to make sure you’resuitable for the role.
To comply witha legal obligation 

We may share your information with third parties:  

  • where required by law  

  • where it’s necessary to administer our working relationship with you   

  • where we have another legitimate interest in doing so, for example to manage and operate our business   

The third parties we may share your information with include: 

  • Third party service providers who carry out activities on our behalf, for example pre-employment checks and interview transcription, . We use Zinc (www.zincwork.com) and their privacy notice gives more information: https://zincwork.com/privacy 

  • CIFAS 

  • Our regulators or government authorities, e.g. the Financial Conduct Authority, HMRC or the Home Office (where we act as a visa sponsor)  

  • Disclosure and Barring Service (for criminal record checks) 

  • Anyone to whom we may transfer all or part of our business  

CIFAS 

Cifas is a fraud prevention agency. It has databases established for the purposes of allowing organisations to record and share data on their fraud cases, other unlawful or dishonest conduct, malpractice and other serious improper conduct (‘Relevant Conduct’) carried out by their staff and potential staff.   

We and Cifas may enable law enforcement agencies to access and use your personal information to detect, investigate and prevent crime.   

Cifas will hold your personal data for up to six years if you are considered to pose a fraud or Relevant Conduct risk. You can find more information about how CIFAS uses your data here: https://www.cifas.org.uk/fpn. 

As explained in “Using your information” above, we will use your personal information to check with CIFAS for fraud and Relevant Conduct.  Should our checks identify fraud or any other Relevant Conduct by you when applying for , your new engagement may be refused. 

Overseas Transfers 

We may transfer your personal information to countries outside the UK and the European Economic Area (‘EEA’), whose information protection laws are less strict. Where we do so, we will make sure suitable safeguards are in place in accordance with European data protection requirements, to protect the information.   

Retaining your information 

In the event you don’t become a Zopa employee, we’ll keep your data for 2 years after the end of the application process(different periods will apply if you become an employee). In exceptional circumstances, e.g., if there is an ongoing regulatory investigation or legal claim, we may retain your information beyond the 2-year period.    

Your Rights 

Right to be provided with certain information 

We must provide you with certain information at the time we collect your personal information, including how we use it and the legal basis for going so, who we share it with, how long we intend to keep it, where we got the information from and your rights in relation to it. You can find the information in this Privacy Policy.  

Right to access your personal information 

We must provide you with a copy of your information if you ask us to, unless providing some or all of it would adversely affect the rights and freedoms of others, or the law allows us not to comply with your request. Where we are able to comply with your request, we'll do so within thirty days.   

Right to correction 

You can ask us to correct any information which you believe is inaccurate. We’ll update your information as soon as we can.   

Right to Erasure (right to be forgotten) 

You can ask us to erase your personal information:   

  • if you think it’s no longer necessary for us to hold your information  

  • if you don’t think we have any legitimate grounds for processing it  

  • if you think we’re using your personal information unlawfully  

  • if you think we should delete your personal information because the law requires us to do so.   

Right to restrict processing 

You can ask us to stop using your personal information:  

  • if you think it’s inaccurate  

  • if you think it’s illegal for us to use it  

  • if you don’t want us to destroy it because you need it for legal proceedings  

  • if you've told we don’t have a legitimate reason for using it and we're considering your request. 

Notification Obligation   

You can ask us to notify everyone to whom we’ve given your personal information whenever we amend, delete or agree to restrict our use of it.  

 

Right to Data Portability 

If we're using information you gave us on the basis of your consent, or because we need it to carry out our contractual obligations to you, you can ask us to give you your personal information in a structured, commonly used and machine-readable format or have it transmitted to another data controller.  

Right to object 

We may use your personal information to further our legitimate interests, or those of a third party. You have the right to object to this if there is something about your particular situation which means you don’t want us to use your information in these ways.    

There may be some occasions when you wish to exercise one of your rights and we’re unable to agree with your request, e.g. because we have compelling legitimate grounds for using your information, or because we need to keep your information to comply with a legal obligation. if this is the case, we’ll tell you.  

If you want to exercise any of your rights outlined above, please contact HR at hr@zopa.com

Making a Complaint 

If you’re unhappy with how we’ve handled your information you can refer your concerns to the Information Commissioner’s Office, the body that regulates the handling of personal information in the UK, at Information Commissioner’s Office Wycliffe House, Water Lane, Wimslow, SK9 5AF Tel: 0303 123 1113 Website: www.ico.org.uk  

Consequences of not providing us with your personal data 

If you fail to provide certain information when requested, we may not be able to perform our contract with you (e.g. pay you or provide you with a benefit you’re entitled to under your contract), or we may be prevented from complying with our legal obligations (e.g. ensuring the health and safety of our staff).  

Keeping your information safe 

We take your privacy seriously and take every reasonable measure to keep your information secure. We monitor our systems 24/7 and continually work to improve the security of your personal information and our systems.    

Changes to this Privacy Notice 

We’ll regularly review this Privacy Policy. If we make any changes, we’ll post the updated policy on this page.