Privacy Policy

Privacy Notice for Job Applicants



Last update: November 2024



Capital Professional Ltd trading as Ascot Lloyd (“Ascot Lloyd”, “us”, “we”, “our”) are committed to protecting your privacy and meeting our legal obligations when you apply for a job or you (or an agent acting on your behalf) share your employment details with us.



This privacy notice explains what personal data we collect and use relating to employment and associate candidates (“you”, “your”) during the recruitment process.



As an information-led business, we place great importance on ensuring the quality, confidentiality, integrity, and availability of the data we hold, and in meeting our data protection obligations where we process personal data. We are committed to protecting the security of your personal data. We use a variety of technical and organisational measures to help protect your personal data from unauthorised access, use or disclosure.



We update this privacy notice from time to time in response to changes in applicable laws and regulations. When changes are made, we will update the effective date at the top of this document.



You are being sent a copy of this privacy notice because you are applying for work with us (whether as an employee, worker or contractor). This notice sets out how Ascot Lloyd uses and protects your personal information during the recruitment process. It provides you with certain information that must be provided under the UK General Data Protection Regulation (UK GDPR).



Data Protection Principles



Ascot Lloyd will comply with data protection law and principles, which means that your personal data will be:



  • Used lawfully, fairly and in a transparent way
  • Collected only for valid purposes
  • Relevant to the purposes we have told you about
  • Accurate and where necessary kept up to date
  • Kept only as long as is necessary
  • Kept securely and protected against unauthorised or unlawful access or processing


Data held about you: what personal data do we process?



Personal data means any information about an individual from which that person can be identified, therefore does not include data where the identity of the person has been removed (anonymous data). There are “special categories” of more sensitive personal data which require a higher level of protection. Ascot Lloyd is the data controller of the personal data we hold about you, registered as such with the Information Commissioner’s Office (“ICO”).



When you apply for a position (whether as an employee or consultant) or submit your CV (or similar employment information) to us, whether directly or through an agency or job board, or attend an interview in person or by remote means, we will collect your personal data. This includes (but is not limited to):



    • Name and contact details (address, mobile phone number and email address)
    • Company details (where applicable)
    • Date of birth and gender
    • Work history and employment positions held
    • Salary, other compensation, and benefits information
    • Nationality / visa / work permit information
    • Academic and professional qualifications, education, and skills
    • Photographs you may submit with your application
    • Demographic information
    • Records we create during interviews or correspondence with you
    • Results of pre-employment screening checks such as references or DBS checks (where applicable)
    • Any other information you choose to give us through a covering letter
    • Information about your previous employment experience, as shared by your referees.


We may also collect special category data in accordance with the Equality Act 2010. We will only do this, for example, to make reasonable adjustments to enable all candidates to apply for vacancies, attend interviews and to commence employment. This is also necessary to ensure we meet our legal obligations when recruiting.



3. Purposes and bases for using your personal data



We will process your personal information for the following purposes and under the following lawful bases:



Privacy Notice



Capital Professional Ltd trading as Ascot Lloyd (“​Ascot Lloyd,​”, “us”, “we”, “our”) are committed to protecting your privacy and meeting our legal obligations when you apply for a job or you (or an agent acting on your behalf) share your employment details with us.



This privacy notice explains what personal data we collect and use relating to employment and associate candidates (“you”, “your”) during the recruitment process.



As an information-led business, we place great importance on ensuring the quality, confidentiality, integrity, and availability of the data we hold, and in meeting our data protection obligations where we process personal data. We are committed to protecting the security of your personal data. We use a variety of technical and organisational measures to help protect your personal data from unauthorised access, use or disclosure.



We update this privacy notice from time to time in response to changes in applicable laws and regulations. When changes are made, we will update the effective date at the top of this document.



You are being sent a copy of this privacy notice because you are applying for work with us (whether as an employee, worker or contractor). This notice sets out how Ascot Lloyd uses and protects your personal information during the recruitment process. It provides you with certain information that must be provided under the UK General Data Protection Regulation (UK GDPR).



Data Protection Principles



Ascot Lloyd will comply with data protection law and principles, which means that your personal data will be:



  • Used lawfully, fairly and in a transparent way



  • Collected only for valid purposes



  • Relevant to the purposes we have told you about



  • Accurate and where necessary kept up to date



  • Kept only as long as is necessary



  • Kept securely and protected against unauthorised or unlawful access or processing





Data held about you: what personal data do we process?



Personal data means any information about an individual from which that person can be identified, therefore does not include data where the identity of the person has been removed (anonymous data). There are “special categories” of more sensitive personal data which require a higher level of protection. Ascot Lloyd is the data controller of the personal data we hold about you, registered as such with the Information Commissioner’s Office (“ICO”).



When you apply for a position (whether as an employee or consultant) or submit your CV (or similar employment information) to us, whether directly or through an agency or job board, or attend an interview in person or by remote means, we will collect your personal data. This includes (but is not limited to):



  • Name and contact details (address, mobile phone number and email address)



  • Company details (where applicable)



  • Date of birth and gender



  • Work history and employment positions held



  • Salary, other compensation, and benefits information



  • Nationality / visa / work permit information



  • Academic and professional qualifications, education, and skills



  • Photographs you may submit with your application



  • Demographic information



  • Records we create during interviews or correspondence with you



  • Results of pre-employment screening checks such as references or DBS checks (where applicable)



  • Any other information you choose to give us through a covering letter



  • Information about your previous employment experience, as shared by your referees.





We may also collect special category data in accordance with the Equality Act 2010. We will only do this, for example, to make reasonable adjustments to enable all candidates to apply for vacancies, attend interviews and to commence employment. This is also necessary to ensure we meet our legal obligations when recruiting.



Please note, when we receive/disclose references we do so on a confidential basis. As such, we will not provide you with a copy of your reference from a referee, or a reference we have submitted in response to a reference request.



Purposes and bases for using your personal data



We will process your personal information for the following purposes and under the following lawful bases:





Purpose

Lawful Basis for Processing

To assess your suitability for the role by collecting and reviewing information on your application form or CV.



To shortlist candidates, conduct interviews.

Processing is necessary for Ascot Lloyd’s Legitimate Interests (Article 6(1)(f) of the UK GDPR) in assessing your suitability for a role.

To make reasonable adjustments for you during the interview process and comply with our legal obligations under the Equality Act 2010.



To maintain and promote equality in our recruitment processes.

Processing is necessary for us to comply with our legal obligations (Article 6(1) (c) of the UK GDPR)



For special category data, the additional basis that we rely on relates to our obligations in the field of employment and the safeguarding of your fundamental rights (Article 9(2) (b) of the UK GDPR and Schedule 1 part 1(1) of the DPA 2018) and Article 9(2)(a) Explicit Consent and Schedule 1 part 2 of the DPA 18 – Equality of opportunity and treatment.

To make you a job offer and enter into an employment contract with you.

Processing is necessary for taking steps to enter into a contract with you or for the future performance of our contract with you (Article 6(1)(b) of the UK GDPR).

To conduct pre-employment screening checks including checking your identity and your right to work in the UK.

Processing is necessary for us to comply with our legal obligations (Article 6(1) (c) of the UK GDPR).



For special category data, the additional basis that we rely on relates to our obligations in the field of employment and the safeguarding of your fundamental rights (Article 9(2) (b) of the UK GDPR and Schedule 1 part 1(1) of the DPA 2018).

To contact unsuccessful applicants about future suitable vacancies.

Processing is necessary for our legitimate interest of searching for suitable candidates for future vacancies based on their skills set out in the records we hold on candidates (Article 6(1) (f) of the UK GDPR).





You will not be subject to decisions that will have a significant impact on you based solely on automated decision-making.



If you fail to provide personal data which is necessary for us to consider your application, for example evidence of qualifications or reference details, we will not be able to take your application further.



Sensitive personal data



We will only process sensitive ‘special category’ personal data where we meet one of the conditions required by law for doing so. This includes complying with legal obligations or exercising specific rights in the field of employment law. We may also ask for your explicit consent to process some special categories of personal data.



We process special categories of personal data when we collect or process information about your physical or mental health, or disability status, to ensure your health and safety in the workplace, to assess your fitness to work and to provide appropriate workplace adjustments. We may also process special category personal data for the purposes of monitoring and reporting diversity and inclusion within our recruitment processes.



Information about criminal convictions



We may hold information about criminal convictions once we have offered you the role (conditional on checks and any other conditions, such as references, being satisfactory).



As a financial services firm operating in a highly regulated sector, we need a high degree of trust and integrity in all of our employees because our business involves dealing with financial and other sensitive personal information from the public. Consequently, depending on the nature of role which you are being recruited into, we may be required to conduct a criminal record check or ask you to provide appropriate certification in order to satisfy ourselves that there is nothing in your criminal convictions history which makes you unsuitable for the role. These checks may be repeated during employment if required.



We may only use information relating to criminal convictions where the law allows us to do so. We have an appropriate policy and safeguards in place when processing such data.



Unless relevant to the ongoing employment, we will delete information about your criminal and background checks as soon as possible after receiving it and will only keep a record that the checks were carried out (apart from any information we need to keep as part of your employment/ engagement by us).



Data sharing



We will only share your personal information with the following third parties for the purposes of processing your application:



  • other entities within our group of companies; and



  • third party service providers including software providers, recruitment agents and head-hunters.





All our third-party service providers and other group entities are required to take appropriate security measures to protect your personal information in line with our policies. We do not allow our third-party service providers to use your personal data for their own purposes. We only permit them to process your personal data for specified purposes and in accordance with our instructions and not for any other purposes. This and other obligations are agreed in the contract between ​Ascot Lloyd,​ and the service providers and suppliers.



Your Personal Data may be processed outside of the UK - always in accordance with terms of your Contract of Employment with us. Where this is the case, we have taken appropriate steps to ensure that the Personal Data processed outside the UK has an essentially equivalent level of protection to that guaranteed in the UK. We do this by ensuring that:



  • Your Personal Data is only processed in a country which the Secretary of State has confirmed has an adequate level of protection (an adequacy regulation), or







Within Ascot Lloyd, your personal data will only be shared with those who need to have access to it, which will primarily be our HR personnel and hiring managers.



Data security



We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal information to those employees, agents, contractors and other third parties who have a business need-to-know. They will only process your personal information on our instructions, and they are subject to a duty of confidentiality.



We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.



Data storage and retention



Your data will be retained in recruitment files to which access is restricted to members of Ascot Lloyd’s HR team.



Should you be invited to attend an interview, a copy of your CV/application plus covering letter will be shared with the recruiting and/or interviewing manager(s). Managers are required to delete all such information on completion of the recruitment process.



In the event that your application is unsuccessful, we will retain your CV for a period of up to 12 months after the date on which it was received. We retain data for this period in order that we can demonstrate, in the event of a legal claim, that we have conducted a fair recruitment process and not discriminated against candidates.



If we wish to retain your personal information on file, on the basis that a further opportunity may arise in future and we may wish to consider you for that, we will contact you for your consent to retain your personal information for a fixed period on that basis. After this period, we will securely destroy your personal information in accordance with data protection law. Please let us know if you would like us to delete your records before our retention period lapses and we will do so.



In the event that you are offered a role with Ascot Lloyd, you will be provided with a separate privacy notice for employees.



Your rights



Under data protection law in certain circumstances, you may have a number of rights with regard to your personal data. You may have the right to:



  • request access to your personal data (a "data subject access request"). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.



  • request correction of any incomplete or inaccurate personal data that we hold.



  • request erasure of your personal data, where there is no good reason for us continuing to process it.



  • restrict processing.



  • object to processing where we are relying on a legitimate interest (or that of a third party) and there is something about your particular situation which makes you want to object to processing on this ground.



  • data portability, to request the transfer of your personal information to another party.





In the limited circumstances where you have provided consent for the processing of your data, you have the right (in certain circumstances) to withdraw that consent at any time (which will not affect the lawfulness of the processing before your consent was withdrawn). Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law.



You should be aware that your rights may be limited (for example, if making the information available would reveal personal information about another person; if we are legally prevented from disclosing such information; or in relation to references given in confidence for the purposes of the employment or prospective employment of the data subject). Where we are not able to fulfil a request, we will inform you of the reasons why when responding.



You also have the right to lodge a complaint to the Information Commissioners’ Office if you believe that we have not complied with the requirements of data protection law with regards to your personal data.



If you wish to exercise any of your rights, please contact us at dataprotection@ascotlloyd.co.uk or write to us at the following address:





Data Team



Ascot Lloyd



45 Church Street



Birmingham



B3 2RT





You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.



Contact us





  • Capital Professional Limited, trading as Ascot Lloyd is the data controller.



If you have any concerns as to how your data is processed, you can contact:







You will not be subject to decisions that will have a significant impact on you based solely on automated decision-making.



If you fail to provide personal data which is necessary for us to consider your application, for example evidence of qualifications or reference details, we will not be able to take your application further.



4. Sensitive personal data



We will only process sensitive ‘special category’ personal data where we meet one of the conditions required by law for doing so. This includes complying with legal obligations or exercising specific rights in the field of employment law. We may also ask for your explicit consent to process some special categories of personal data.



We process special categories of personal data when we collect or process information about your physical or mental health, or disability status, to ensure your health and safety in the workplace, to assess your fitness to work and to provide appropriate workplace adjustments. We may also process special category personal data for the purposes of monitoring and reporting diversity and inclusion within our recruitment processes.



Information about criminal convictions



We may hold information about criminal convictions once we have offered you the role (conditional on checks and any other conditions, such as references, being satisfactory).



As a financial services firm operating in a highly regulated sector, we need a high degree of trust and integrity in all of our employees because our business involves dealing with financial and other sensitive personal information from the public. Consequently, depending on the nature of role which you are being recruited into, we may be required to conduct a criminal record check or ask you to provide appropriate certification in order to satisfy ourselves that there is nothing in your criminal convictions history which makes you unsuitable for the role. These checks may be repeated during employment if required.



We may only use information relating to criminal convictions where the law allows us to do so. We have an appropriate policy and safeguards in place when processing such data.



Unless relevant to the ongoing employment, we will delete information about your criminal and background checks as soon as possible after receiving it and will only keep a record that the checks were carried out (apart from any information we need to keep as part of your employment/ engagement by us).



Data sharing



We will only share your personal information with the following third parties for the purposes of processing your application:



    • other entities within our group of companies; and
    • third party service providers including software providers, recruitment agents and head-hunters.


All our third-party service providers and other group entities are required to take appropriate security measures to protect your personal information in line with our policies. We do not allow our third-party service providers to use your personal data for their own purposes. We only permit them to process your personal data for specified purposes and in accordance with our instructions and not for any other purposes. This and other obligations are agreed in the contract between Ascot Lloyd and the service providers and suppliers.



Your Personal Data may be processed outside of the UK - always in accordance with terms of your Contract of Employment with us. Where this is the case, we have taken appropriate steps to ensure that the Personal Data processed outside the UK has an essentially equivalent level of protection to that guaranteed in the UK. We do this by ensuring that:



  • Your Personal Data is only processed in a country which the Secretary of State has confirmed has an adequate level of protection (an adequacy regulation), or
  • We enter into an International Data Transfer Agreement (“IDTA”) with the receiving organisation and adopt supplementary measures, where necessary. (A copy of the IDTA can be found here international-data-transfer-agreement.pdf (ico.org.uk)).


Within Ascot Lloyd, your personal data will only be shared with those who need to have access to it, which will primarily be our HR personnel and hiring managers.



Data security



We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal information to those employees, agents, contractors and other third parties who have a business need-to-know. They will only process your personal information on our instructions, and they are subject to a duty of confidentiality.



We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.



Data storage and retention



Your data will be retained in recruitment files to which access is restricted to members of Ascot Lloyd’s HR team.



Should you be invited to attend an interview, a copy of your CV/application plus covering letter will be shared with the recruiting and/or interviewing manager(s). Managers are required to delete all such information on completion of the recruitment process.



In the event that your application is unsuccessful, we will retain your CV for a period of up to 12 months after the date on which it was received. We retain data for this period in order that we can demonstrate, in the event of a legal claim, that we have conducted a fair recruitment process and not discriminated against candidates.



If we wish to retain your personal information on file, on the basis that a further opportunity may arise in future and we may wish to consider you for that, we will contact you for your consent to retain your personal information for a fixed period on that basis. After this period, we will securely destroy your personal information in accordance with data protection law. Please let us know if you would like us to delete your records before our retention period lapses and we will do so.



In the event that you are offered a role with Ascot Lloyd, you will be provided with a separate privacy notice for employees.



Your rights



Under data protection law in certain circumstances, you may have a number of rights with regard to your personal data. You may have the right to:



    • request access to your personal data (a "data subject access request"). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.
    • request correction of any incomplete or inaccurate personal data that we hold.
    • request erasure of your personal data, where there is no good reason for us continuing to process it.
    • restrict processing.
    • object to processing where we are relying on a legitimate interest (or that of a third party) and there is something about your particular situation which makes you want to object to processing on this ground.
    • data portability, to request the transfer of your personal information to another party.


In the limited circumstances where you have provided consent for the processing of your data, you have the right (in certain circumstances) to withdraw that consent at any time (which will not affect the lawfulness of the processing before your consent was withdrawn). Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law.



You should be aware that your rights may be limited (for example, if making the information available would reveal personal information about another person; if we are legally prevented from disclosing such information; or in relation to references given in confidence for the purposes of the employment or prospective employment of the data subject). Where we are not able to fulfil a request, we will inform you of the reasons why when responding.



You also have the right to lodge a complaint to the Information Commissioners’ Office if you believe that we have not complied with the requirements of data protection law with regards to your personal data.



If you wish to exercise any of your rights, please contact us at dataprotection@ascotlloyd.co.uk or write to us at the following address:



Data Team



Ascot Lloyd



45 Church Street



Birmingham



B3 2RT



You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.



Contact us



  • Capital Professional Limited, trading as Ascot Lloyd is the data controller.
  • If you have any concerns as to how your data is processed, you can contact:


The Compliance Team and Data Protection Officer (DPO) at: dataprotection@ascotlloyd.co.uk