Privacy Notice for Job Applicants
What this privacy notice covers
This privacy notice explains how we collect, use, store, and share your personal information when you apply for a job at Benenden Health. 'Personal information' means anything that can identify you, either on its own or when combined with other information.
This notice applies to anyone applying for a job with Benenden Health, either directly or through a recruitment agency. If you are an employee, please refer to our Privacy Notice for Employees.
We understand how important it is to keep your personal information safe. We follow UK data protection law and use strong security measures to protect your information from the moment we collect it until it’s no longer needed.
Who we are
When we say "Benenden Health", "we", "us" or "our", we mean:
The Benenden Healthcare Society Ltd
Benenden Wellbeing Ltd
The Benenden Charitable Trust
All of these organisations are registered at Holgate Park Drive, York, YO26 4GG.
Most of the time, Benenden Health decides what personal information to collect and how to use it. This means we act as the data controller. Sometimes, we may handle personal information on behalf of another organisation and follow their instructions. In those cases, we act as a data processor and use the information according to their rules.
Our Data Protection Officer (DPO) is Charlotte Atkin and can be contacted at data.protection@benenden.co.uk.
What types of personal information we collect
To manage your application and meet legal obligations, we collect and process different types of personal information. This includes:
Basic details – your name, address, phone number, email address
Identification and right-to-work information – nationality, passport details, proof of your right to work in the UK
Employment history and qualifications – your skills, qualifications, experience, and employment history
Pay details – current salary, benefits, and notice period
Health information – details you provide so we can make reasonable adjustments during the recruitment process
Equality and diversity data – ethnic origin, religion or belief, sexual orientation (optional and only for monitoring purposes)
Criminal record checks – Disclosure and Barring Service (DBS) checks for certain roles
We only collect the information we need to process your application and comply with the law.
Where we collect personal information from
We collect your personal information from different sources during the recruitment process. These include:
Directly from you – when you complete an application form, upload your CV, attend interviews, or provide documents such as proof of identity and right-to-work.
From recruitment agencies – if you apply through an agency.
From third parties – such as previous employers (for references), background and DBS check providers.
From internal systems – for example, CCTV if you visit our offices.
Why we process your personal information
We only use your personal information when the law allows us to. This might be:
- To take steps to enter into a contract with you
- Because the law says we must
- Because we have a business reason (called a "legitimate interest")
- Because you've given consent
If we use a legitimate interest, we always check that it doesn't unfairly affect your rights and we undertake LIAs, a summary is available on request.
We do not use automated decision-making or profiling in our recruitment process. If this changes, we will update this notice.
The table below shows the purposes for using your personal information:
| What we use your personal information for | Example | Type of information | Our reason for processing | Legitimate interest (if applicable) |
|---|---|---|---|---|
| Recruiting new employees | Reviewing your application and conducting interviews | Name, contact details, employment history, qualifications |
To take steps to enter a contract We have a legitimate interest |
Managing recruitment efficiently and fairly |
| Right-to-work checks | Checking eligibility to work in the UK | Passport details, nationality, immigration status | Legal obligation | |
| References and background checks | Contacting previous employers and conducting DBS checks | Employment history, criminal record data |
Legal obligation We have a legitimate interest |
Ensuring suitability for the role |
| Equality monitoring | Collecting diversity data for reporting | Ethnic origin, religion, sexual orientation | Legal obligation We have a legitimate interest |
Ensuring inclusivity amongst the workforce |
| Reasonable adjustments | Making adjustments for candidates with disabilities | Health information | With your consent | |
| Legal claims | Responding to legal claims relating to recruitment | Application records and correspondence | We have a legitimate interest | Protecting the organisation from legal risk |
Sensitive information (special category and criminal offence data)
Some of the information we collect is considered more sensitive under UK data protection law. This includes:
Special category data – for example: Health information – for example, details you provide so we can make reasonable adjustments during the recruitment process.
Equality and diversity data – ethnic origin, religion or belief, sexual orientation (completion is optional and only for monitoring purposes, DE&I data is stored separately, anonymised and not used in selection decisions).
Criminal conviction data – for example:
Disclosure and Barring Service (DBS) checks.
We only use this information when the law allows us to, under specific conditions such as:
- Employment law obligations
- With your explicit consent
- Equality of opportunity monitoring
We apply strict safeguards to protect all sensitive information, including limiting access to authorised staff, using secure systems, and anonymising equality data for reporting wherever possible.
We maintain an Appropriate Policy Document and conduct DPIAs where required, which set out safeguards for special category and criminal offence data.
The table below shows the purposes for using special category data:
| What we use your personal information for | Example | Type of information | Condition for special category data |
|---|---|---|---|
| Reasonable adjustments | Supporting you during recruitment | Health data | Explicit consent |
| Equality monitoring | To monitor recruitment statistics | Ethnic monitoring, religion, sexual orientation | Equality of opportunity monitoring |
| DBS checks (successful candidates) | Criminal record checks for certain roles | Criminal conviction data | Employment law obligations |
We apply strict safeguards to protect all sensitive information, including limiting access to authorised staff, using secure systems, and anonymising equality data for reporting wherever possible.
If you don't provide your personal information
We need certain personal information to process your application and meet our legal obligations. If you choose not to provide this information, we may not be able to consider your application. For example, we need your right-to-work documents to comply with the law.
Where providing information is optional (such as equality monitoring), there are no consequences if you choose not to share it.
Who we share your personal information with
We only share your personal information when it is necessary for the recruitment process, to comply with the law, or to provide services related to your application. We make sure that anyone we share your information with keeps it secure and uses it only for the agreed purpose.
Internal sharing
Your information may be shared internally with:
The People team
Hiring managers and interviewers
IT staff (where access is needed for their role)
External sharing
We share your information with trusted third parties who help us manage the recruitment process. These include:
JobTrain – our applicant tracking system provider, which securely stores and processes your application data on our behalf
Background check providers – to carry out pre-employment screening and DBS checks where required
Previous employers – to obtain references
Regulators or government bodies – for compliance checks where required
When we share your information with trusted companies who help us deliver recruitment services, they must follow strict data protection standards and cannot use your information for anything else.
We never sell your personal information or share it with other organisations for their own marketing purposes.
Sending personal information outside the UK
We do not currently transfer job applicants' personal information outside the UK. If this changes, we will make sure your information remains protected to the same high standards required under UK data protection law. This includes using one or more of the following safeguards:
Approved countries – Only transferring data to countries recognised by the UK as having strong privacy laws.
Legal agreements – Putting in place contracts (known as Standard Contractual Clauses) that require the recipient to protect your information.
Certified frameworks – Using organisations that are part of an approved scheme, such as the UK Extension to the EU–US Data Privacy Framework.
If we ever need to make such transfers, we will update this notice and explain what measures we have taken to keep your information safe.
How long we keep your personal information
We keep your personal information only for as long as it is needed for the purposes we collected it, and to meet legal, regulatory, and business requirements. When we no longer need your information, we securely delete or anonymise it.
Unsuccessful applicants – We keep your information for 12 months after the end of the recruitment process. If you do not want us to keep your personal information for 12 months, you can ask for it to be deleted. See the “Your rights” section for more information.
Successful applicants – Your information will be transferred to your employee file and retained in line with our Employee Privacy Notice.
Sometimes, we may keep information for longer if required to defend legal claims or comply with regulatory obligations. In these cases, we will limit access and use to what is strictly necessary.
Your rights
You have rights under UK data protection law. These rights give you more control over how we use your personal information. To protect your privacy, we may need to check your identity before we can help.
You can:
Access your information
Ask for a copy of the personal information we hold about you (a “subject access request”). We’ll tell you what we have, why we have it, who we’ve shared it with, and where we got it from.
Correct your information
If any of your information is wrong, out of date, or incomplete, you can ask us to fix it.
Delete your information
Ask us to delete your personal information if we no longer need it for the reasons we collected it. Sometimes we may need to keep it to meet legal or regulatory requirements.
Limit how we use your information
Ask us to restrict processing in certain situations, for example if you’ve challenged the accuracy of your data or objected to how we use it.
Object to processing
You can object if we’re using your information for a business reason (called a “legitimate interest”).
Get your information in a portable format
Ask for a copy of your personal information in a format that’s easy to reuse or ask us to send it to another organisation.
Withdraw consent
If we rely on your consent for any processing, you can withdraw it at any time.
To exercise your rights, email Recruitment@benenden.co.uk or contact our Data Protection Officer at data.protection@benenden.co.uk.
How to contact us
If you have any questions about this privacy notice or how we use your personal information, you can contact our Data Protection Officer (DPO):
Email: data.protection@benenden.co.uk
Post: Data Protection Officer, The Benenden Healthcare Society Ltd, Holgate Park Drive, York, YO26 4GG.
Complaints
If you’re worried about how we’ve handled your personal information, please contact our DPO first. We’ll do our best to resolve your concerns quickly and fairly.
You can also complain to the Information Commissioner’s Office (ICO), the UK’s data protection regulator:
Website: www.ico.org.uk
Email: casework@ico.org.uk
Phone: 0303 123 1113
Changes to this Privacy Notice
We regularly review and update this privacy notice to make sure it reflects how we use your personal information and complies with the law. This privacy notice was last updated in December 2025.
If we make changes, we will:
- Publish the updated version on our website
- Let you know about the changes if they are significant.