Job Applicant Privacy Notice



This Privacy Notice applies to personal information processed by or on behalf of Brighton and Hove Federation (B&HF). B&HF has a legal duty to explain how we use any personal information we collect about individuals who apply to work with us. We collect records during the recruitment stage and continue to collect data for any successful candidates. This is in both electronic and paper format.

We are required by law to provide you with this Privacy Notice, which explains how we use the personal and healthcare information we collect, store and hold about you. If you have any questions about this Privacy Notice, are unclear about how we process or use your personal information or have any other issues about this information, please contact our Data Protection Officer (DPO) Laura Taw.

This Notice explains:

  • Who we are, how we use your information and the name of our Data Protection Officer (DPO);
  • How we collect, use and process your personal data and how, in doing so, we comply with our legal obligations to you;
  • What kind of personal information we process about you;
  • The legal grounds for us processing your personal information (including when we share it with others);
  • What you should do if your personal information changes; 
  • How long we retain your personal information; and 
  • Your rights under the Data Protection Laws.

Your privacy is important to us, and we are committed to protecting and safeguarding your data privacy rights. This Privacy Policy applies to the personal data collected from candidates applying for roles within the organisation.

For the purpose of applicable data protection legislation (including, but not limited to, the General Data Protection Regulation (Regulation (EU) 2016/679) (the "GDPR"), and the Data Protection Act 2018 (DPA2018) the organisation responsible for your personal data is Brighton and Hove Federation (B&HF).

The UK General Data Protection Regulation (UK GDPR) became law on 24 May 2016. This is a single European Union- (EU)-wide regulation on the protection of confidential and sensitive information. It entered into force in the UK on 25 May 2018, repealing the Data Protection Act (1998).


How we use your information and the law

B&HF is what is known as the ‘data controller’ of the personal data you provide to us. Upon applying to work with the organisation you will be asked to supply the following personal information:

  • Name;
  • Address;
  • Telephone number(s);
  • Email address;
  • Date of birth;
  • Previous employment data;
  • Recruitment information (such as your application form and CV, references, qualifications and membership of any professional bodies and details of your employment history, skills and experience);
  • Information about your current level of remuneration, including benefit entitlements;
  • Whether or not you have a disability for which the organisation needs to make reasonable adjustments during the recruitment process;
  • Information in relation to your right to work in the UK [as per the Rights to Work in the UK – guide to checking];
  • Information from the Disclosure and Barring Service (DBS) in order to administer relevant checks and procedures; and
  • Vaccination and immunisation status/information.

The information that we ask you to provide to the organisation is required for the following reasons:

  • In order for us to review your application;
  • In order for us to contact you with interview details;
  • To comply with appropriate employment law; and
  • To ensure that we can provide any reasonable adjustments as necessary.

The organisation may collect this information in a variety of ways. For example, from application forms, CVs or resumes, from your passport or other identity documents (e.g., a driving licence), from forms completed by you, or through interviews, meetings or other assessments including online tests.

This personal data might be provided to us by you or someone else (e.g., a former employer’s reference, or information from background check providers including the criminal records checks permitted by law) or it could be created by us.

The organisation will seek information from third parties only once a job offer has been made to you, and we will inform you that we are doing so.

Your personal data will be stored in a range of places, including your application record, the organisation's HR management systems, and other IT systems (including the organisation's email system).

Throughout the application process we will collect data (e.g., interview question responses and interview scores) and add this to your personnel file. 


How do we lawfully use your data?

We need to know your personal, sensitive and confidential data in order to employ you. Under the General Data Protection Regulation (GDPR) we will be lawfully using your information in accordance with: 

  • Article 6, (b) Necessary for performance of/entering into contract with you; and 
  • Article 9(2) (b) Necessary for controller to fulfil employment rights or obligations in employment.

How do we maintain the confidentiality of your record?

We are committed to protecting your privacy and will only use information collected lawfully in accordance with the: 

We will only ever use or pass on information about you to others who have a genuine need for it. We will not disclose your information to any third party without your permission unless there are exceptional circumstances (i.e., life or death situations) or where the law requires information to be passed on.

Our policy is to respect the privacy of our candidates and to maintain compliance with the UK General Data Protection Regulation (UK GDPR) and all UK-specific Data Protection Requirements. Our policy is to ensure all personal data will be protected. 

All employees and sub-contractors engaged by B&HF are asked to sign a Confidentiality Agreement. 


Where do we store your information electronically?

All the personal data we process is processed by our organisation in the UK. However, for the purposes of IT hosting and maintenance, this information may be located on servers within the European Union.

No third parties have access to your personal data unless the law allows them to do so, and appropriate safeguards have been put in place. We have a data protection regime in place to oversee the effective and secure processing of your personal and or special category (sensitive, confidential) data.


Sharing your personal data

Your information may be shared internally for the purpose of the recruitment.

The organisation will not share your personal data with third parties except those engaged for the purposes of the recruitment process or unless your application for employment is successful and we make you an offer of employment. We will then share your data with former employers to obtain references for you, with employment background check providers to obtain necessary background checks, and with the Disclosure and Barring Service (DBS) to obtain necessary criminal record checks.

You will be informed who your data will be shared with and, in some cases, asked for consent for this to happen when this is required.


Who is the data controller?

B&HF is registered as a data controller under the Data Protection Act 2018. 


How long do we keep your personal information?

We are required under UK law to keep your information and data for the full retention periods as specified by the NHS Records Management Code of Practice for health and social care and national archives requirements.

If your application is unsuccessful, the organisation will hold your personal data for a period of six months following the recruitment process. If you agree to allow the organisation to keep your personal data on file, for consideration for future job opportunities, we will hold your data for a further six months. At the end of that period (or once you withdraw consent), your data will be deleted or destroyed.

If your application for employment is successful, personal data gathered during the recruitment process will be transferred to your personnel file and retained throughout your employment.  


Storing Disclosure and Barring Service (DBS) certificates

The correct storage of DBS certificate information is important. The code of practice requires that the information revealed is considered only for the purpose for which it was obtained and should be destroyed after six months.


Your rights as a candidate applying for work

Data Subject Access Requests (DSAR): You have a right under the data protection legislation to request access to view or to obtain copies of the information this organisation holds about you and to have it amended should it be inaccurate. To request this, you need to do the following: 

  • All requests should be made in writing and make clear to us what and how much information you require.
  • You will need to give adequate information (for example full name, address, date of birth and details of your request) so that your identity can be verified and your records located.


We are required to provide you with the requested information within one month of receiving your request. 

There is no charge to have a copy of the information held about you. However, we may, in some limited and exceptional circumstances, have to make an administrative charge for any extra copies if the information requested is excessive, complex or repetitive.

Job Applicant Privacy Notice last updated March 2023