Shawbrook Bank Logo
Back to main site
Search Opportunities

Candidate Privacy Notice

1. Introduction.

We are committed to protecting the privacy and security of our candidates' personal data.

This Candidate Privacy Notice describes how we gather, use, process and share your personal data if you apply to work with Shawbrook Bank Limited (e.g. as an employee, secondee, contractor, work experience student or other type of worker) - "personal data" is any information from which you can be identified.

If you provide us with personal data about someone else, such as an employment referee, you must ensure that you are permitted to disclose that information to us.

It is important that you read this Candidate Privacy Notice so that you are aware of how and why we are processing your personal data. We are committed to protecting your privacy and processing your personal data fairly and lawfully in compliance with UK data protection laws (including the UK General Data Protection Regulation and the Data Protection Act 2018).

Please note that this Candidate Privacy Notice does not form part of any offer of employment and we may amend this Candidate Privacy Notice from time to time. For more information about updates and changes to this Candidate Privacy Notice, please refer to Section 14.

2. About us.

Shawbrook Bank Limited ("Shawbrook", "we", "us" and "our") is a limited company registered in England and our address is Lutea House The Drive, Warley Hill Business Park, Great Warley, Brentwood, Essex, CM13 3BE.

We are a "controller" of your personal data, meaning we are responsible for processing your personal data - "processing" being the collection, recording, storage, use, disclosure, transferring, altering, destroying and any other form of action which is performed on your personal data.

Shawbrook's Data Protection Officer is responsible for this Candidate Privacy Notice and for ensuring it is kept up to date. If you have any queries regarding the information in this Candidate Privacy Notice, the Data Protection Officer can be contacted via the details set out in Section 12.

3. What personal data do we collect and use.

If you apply to work with us, we will typically process the following types of personal data about you:

  • Curriculum vitae (CV) and covering letter information. This will include your name, title, personal contact details, education history, qualifications and career history.

  • Application details. This will include:

    • business address, business telephone number, business email address, date of birth, gender, employment history, former and current work address, work telephone number, former and current names and contact details of employers, job roles, qualifications, accreditation and professional registration/membership details, business activities, details of any languages you speak, past employment references and other reference details;
    • your location, availability to start work, annual salary expectations and description of your work experience including example projects; and
    • details of any secondary employment and potential conflicts of interest (including where related to family networks).

  • Social mobility data. Information collected on an anonymised basis relating to the occupation of your main household earner when you were aged about 14, the type of school you attended and your eligibility to receive free school meals.

  • Details of proof of right to work in the UK. This will include visa information and photocopies of any identification documentation you provide such as passport, driving license, or proof of address documentation.

  • Communications data. Information collected during calls or any correspondence with you which may include responses, comments, views and opinions when you communicate with us and any information you provide to us during an interview, telephone conversation or video call to discuss your application.

  • Technical data. This will include internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access this website.

  • Expenses details. This may include travel and expenses allowance details, expensed amounts and bank details for reimbursement.

  • Application test data. This will include any information relating to tests required as part of the job application process including psychometric tests.

  • Interview details. This will include information collected or noted from the interview process such as opinions of an interviewer, interview responses, evaluation notes and decisions from interviews (such as details of a successful and unsuccessful application) and feedback to or from the candidate.

  • Images, recordings or photographs. Photographs, film/video footage and recordings (including voice) as may be required for identification or security purposes.

  • Information from pre-employment screening checks. The type of checks carried out will depend on the role you have applied for, but may include fraud checks, social media checks, credit reference agency checks, financial services regulatory checks, companies house checks, qualification checks and standard and regulatory reference checks.

  • Special categories of personal data and information about criminal convictions and offences.

    • There are "special categories" of extra sensitive personal data, which are more private in nature and so require higher levels of protection under UK data protection laws, relating to genetic data, biometric data, information about sex life or sexual orientation, race or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership and health. For the purposes of this Candidate Privacy Notice, personal data relating to criminal convictions and offences will also fall within this description of "special category data" as this type of information also requires special protection. We typically process the following types of special category data relating to you:

      • information about your race or ethnicity, religious or similar beliefs, sexual orientation and disability status for the purposes of equality and diversity monitoring;
      • information about your physical or mental health or disability status, to assess whether any reasonable adjustments are required for you during the recruitment process;
      • only where appropriate or required, information associated with your political opinions and affiliations for the purposes of our anti-money laundering and bribery risk checks for politically exposed persons; and
      • information about your criminal convictions and offences (for example, from Disclosure and Barring Service ("DBS") checks) – we will only collect information about criminal convictions and offences as appropriate given the nature of the role or position you are applying for.

Personal data maintenance and failure to provide required information

We work hard to maintain the accuracy and completeness of the personal data we hold about you - to keep your information up to date. However, you can assist us with this considerably by promptly contacting us if there are any changes to your personal data or if you become aware of any inaccurate personal data we are holding relating to you (see Section 12 below). Also, in some cases, if you fail to provide information when requested, which is necessary for us to consider your application (such as evidence of qualifications or work history), we may not be able to process your application correctly or successfully.

We will not be responsible for any issues arising from you failing to provide required personal data or providing us with inaccurate, deficient or incomplete personal data.

4. How we collect your personal data.

We collect personal data about candidates from various sources, including:

  • Directly from you.

  • From Cielo, our recruitment provider and their partners.

  • Screening and background check providers. Further information on Pre-Employment Screening checks and the relevant data sources can be found in Appendix 1 of this Candidate Privacy Notice.

  • Other third party sources (depending on the role). Such as:

    • your named referees;
    • information from third parties that is publicly accessible such as via LinkedIn or other professional profile platforms;
    • public sources (e.g. Companies House);
    • your existing employer (or representatives of your existing employer);
    • recruitment agencies;
    • professional advisors including external legal advisors; and/or
    • IT service providers.

5. How and why we use your personal data.

UK data protection laws require controllers to have a "lawful basis" to collect and process personal data. For Shawbrook, with respect to candidate personal data, these will be:

  • where it is necessary in order to take steps to enter into a contract with you;
  • to comply with our legal obligations relating to recruitment or to comply with our regulatory obligations;
  • where it is necessary for legitimate interests pursued by us or a third party and your interests and fundamental rights do not override those interests - in all such cases, we will always consider your interests and undertake a balancing exercise to ensure that our business interest does not cause you harm or override your own interest;
  • less commonly, where you have given consent.

Please note, in limited circumstances, we may also process and share your personal data where it is necessary to protect your vital interests (or someone else's vital interests) and you are not capable of giving your consent.

Special category data

UK data protection laws also require that controllers have an additional lawful basis to process special category data. For Shawbrook, with respect to candidate personal data, these will be:

  • in limited circumstances, your explicit written consent;
  • as necessary to exercise our rights and carry out our obligations in connection with being an employer;
  • for reasons of substantial public interest;
  • as necessary for the establishment, exercise or defence of legal claims;
  • where you have deliberately made the special category data public.

Purpose and Lawful Basis

We process your personal data for various reasons, relying on a variety of different lawful bases for processing under UK data protection law. The following table sets out our purposes together with the corresponding lawful bases relied on:

Purpose Legal Basis
For the purposes of the recruitment process, including:
  • considering your suitability for the role
  • conducting interviews
  • determining the terms on which you would work for us
  • conducting right to work and background and verification checks (when we make you an offer)
  • assisting with any initial visa queries/applications
  • processing travel and other expenses associated with the recruitment process
  • record-keeping purposes
  • general correspondence with you
  • Performance of contract
  • Legitimate interests (for recruitment, record-keeping and management)
Managing queries, challenges or requests for feedback received in relation to our recruitment decisions
  • Legitimate interests (to manage queries and respond to correspondence regarding recruitment decisions)
Verifying your information including reference checks
  • Legitimate interests (to assist with recruitment and administration related to our recruitment activities)
  • To comply with our legal obligations (to detect and prevent fraud)
Depending on the role, to carry out background checks and other vetting purposes (including standard screening and enhanced screening for SMCR CIFAS)
  • Legitimate interests (to assist with recruitment and administration related to our recruitment activities)
  • To comply with our legal obligations
  • As necessary to exercise our rights and carry out our obligations in connection with being an employer
To meet our legal requirements, such as to check you are legally entitled to work in the UK and anti-money laundering and bribery risk checks for politically exposed persons
  • To comply with our legal obligations
  • As necessary to exercise our rights and carry out our obligations in connection with being an employer
For social mobility monitoring
  • Legitimate interests (to assist withdiversity and equality monitoring)
  • To comply with our legal obligations
For equal opportunities monitoring
  • Legitimate interests (to monitor and measure equal opportunities)
  • Substantial public interest (necessary for the purposes of identifying or keeping under review the existence or absence of equality of opportunity or treatment between groups of people specified in relation to that category with a view to enabling such equality to be promoted or maintained)
General business management, record keeping, recording health and safety incidents, operations and planning and IT security and management
  • Legitimate interests (business administration and operations)
  • To comply with our legal obligations (to ensure personal data in kept securely and in accordance with legal requirements)
To record health and safety incidents
  • Legitimate interests (business administration and operations)
  • As necessary to exercise our rights and carry out our obligations in connection with being an employer
To comply with court orders or requests from regulatory bodies or law enforcement regulatory agencies and other public and government authorities, which may include such authorities outside your country of residence
  • To comply with our legal obligations
  • Legitimate interests (to comply with law enforcement agencies' requests and assist with the prevention/detection of criminal activity)
To exercise and/or defend our legal rights
  • Legitimate interests (to exercise and/or defend our legal rights)
  • As necessary for the establishment, exercise or defence of legal claims
In connection business strategies or with a business transaction such as merger, restructuring or sale of the business
  • Legitimate interests (for business management, administration and planning)

Some of the above lawful bases for processing will overlap and there may be multiple lawful bases which justify our use of your personal data. However, we will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose.

6. Automated decision-making.

Automated decision-making takes place when an electronic system uses personal data to make a decision without human intervention. You will not be subject to decisions that will have a significant impact on you based solely on automated decision making, however, we will update this Candidate Privacy Notice if this position changes.

7. Who we share your personal data with.

When we disclose personal data, we do so in accordance with UK data protection laws and our internal security standards. We may share your personal data with the following parties:

  • Shawbrook Group companies such as The Mortgage Lender Limited, Shawbrook Group plc and Bluestone Mortgages Limited;
  • our shareholders such as BC Partners LLP and Pollen Street Capital Limited;
  • our recruitment agency, Cielo, and their partners;
  • SAFE/GIANT, to complete pre-employment screening - associated parties involved in pre-employment screening are listed in Appendix 1; All our third-party service providers are required to have in place appropriate security measures to protect your personal data in line with our policies.
  • third party providers, suppliers and agents (including their subcontractors) such as IT suppliers, document management providers and software providers;
  • our legal and professional advisers, such as our auditors and external legal advisors;
  • referees and your current and previous employers;
  • a third party to whom we assign or novate any of our rights or obligations;
  • any purchaser or prospective buyer of any part or all of our business, and their representatives; and/or
  • a public, government or regulatory authority, law enforcement agency or the court.

8. How we protect your personal data when sending it abroad.

The personal data we collect in connection with your application may be transferred to (including accessed or stored in) a country or territory outside the United Kingdom, including countries whose laws may not offer the same level of protection of personal data as enjoyed within the United Kingdom. We will ensure that any such international transfers are appropriately safeguarded as required by UK data protection law, including (as appropriate) reviewing our supplier's international transfer arrangements with third party subcontractors (i.e. sub-processors).

Where we need to transfer your personal data outside of the United Kingdom, we will typically do so on the basis that:

  • the transfer is to a country which has been deemed to provide an adequate level of protection for your personal data (i.e. an adequacy regulation); or
  • the transfer is covered by an appropriate UK international data transfer mechanism that assures the protection of your personal data (such as the UK's International Data Transfer Agreement (for transfers of personal data from the UK) – this is a set of contractual wording which has been issued by the UK Information Commissioner's Office).

9. How we protect your personal data.

We know how much data security matters. With this in mind, we will treat your personal data with the utmost care and have put in place and maintain appropriate security measures to protect it.

we limit access to your personal data to those employees, agents, contractors and supplier's who have a need to know. They will only process your personal data on our instructions, and they are subject to a duty of confidentiality. We implement and maintain appropriate technical and organisational measures to ensure a level of security appropriate to protect any personal data provided to us from accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to personal data transmitted, stored or otherwise processed by us.

10. How long we keep your my personal data.

We will only keep your personal data for as long as is necessary to fulfil the relevant purposes as set out in this Candidate Privacy Notice and more widely to comply with our legal, regulatory or internal policy requirements.

We will retain your personal data for a period of 12 months after we have communicated to you our decision about whether to appoint you to a role, so that we can:

  • show, in the event of a legal claim, that we have not discriminated against applicants on prohibited grounds and that we have conducted the recruitment exercise in a fair and transparent way; and
  • contact you if another job opportunity arises that may of interest based on your experience and skills – you can request for your details not to be used for this purpose at anytime by contacting us using the details set out in Section 12 below.

If you have signed up to our Talent Community database to receive job alerts about future job opportunities, your details will be retained for a maximum of 2 years, at which time your profile and details will be deleted from the Talent Community database automatically

Where you job application is successful, your data will be processed in accordance with our Employee Privacy Notice, which will be provided as part of your induction.

Where your personal data is no longer needed, we will ensure that it is anonymised or disposed of in a secure manner.

11. Your rights in connection with personal data.

You have the following rights to:

  • Request access to your personal data (commonly known as a "data subject access request"). This enables you to receive a copy of the personal data we hold about you.

  • Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.

  • Request erasure of your personal data. This enables you to ask us to delete or remove personal data in certain circumstances.

  • Object to processing of your personal data. Where we are undertaking direct marketing or relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground.

  • Request the restriction of processing of your personal data. This enables you to ask us to suspend the processing of personal data about you, for example if you want us to establish its accuracy or the reason for processing it.

  • Request the transfer of your personal data to another party. This enables you to obtain and reuse your personal data - it only applies to the personal data you have provided to us.

  • Lodge a complaint with the UK's data protection regulator, the UK Information Commissioner's Office. Please find further details set out under Section 13.

  • Request a copy, or reference to, safeguards used for transfers of personal data outside the United Kingdom. We may redact data transfer agreements to protect commercial terms.

  • Request to withdraw consent to processing your personal data. Where the legal basis for processing is solely justified on the grounds of consent.

You can exercise any of the above rights by emailing us at the addresses set out in the Section 12 below. We endeavour to respond to such requests within a month or less, although we reserve the right to extend this period for complex requests.

Another avenue to exercise any of your data subject rights is to please contact us via this form.

In any of the situations listed above, we may request that you prove your identity by providing us with a copy of a valid means of identification in order for us to comply with our security obligations and to prevent unauthorised disclosure of personal data.

12. Data protection contacts.

If you have any questions about this Candidate Privacy Notice or how we handle your personal data or you wish to exercise your data subject rights, please contact us via this form or by emailing AskHR@shawbrook.co.uk.

You can also contact our Data Protection Officer by email at dataprotectionoffice@shawbrook.co.uk.

13. How to lodge a complaint with the regulator.

If you have any questions, concerns or complaints regarding this Candidate Privacy Notice or how we process your personal information, we encourage you to contact us in the first instance (please see Section 12 above).

However, you have the right to contact our data protection regulator at any time and lodge a complaint. Our data protection regulator is the UK Information Commissioner's Office, which can be contacted at Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF or via phone on 0303 123 1113.

14. How we update or change this Candidate Privacy Notice.

This Candidate Privacy Notice was last updated in June 2024.

We may change or update this Candidate Privacy Notice from time to time including to reflect good practice, changes in the way we process personal data and changes in UK data protection law or codes of practice. We will notify you of any such changes by updating this Candidate Privacy Notice here – please regularly check this website for the latest version of this Candidate Privacy Notice.

Please note we may also notify you in other ways from time to time about changes to the processing of your personal data.

Appendix 1: Pre-Employment Screening Checks

a. Background

As a banking organisation regulated by the Financial Conduct Authority (FCA), Shawbrook carries out pre-employment checks for all new joiners.

For regulated employees, particular regard shall be had to the assessment of the requirements of the FCA's fit and proper test (FIT) and competence requirements including assessing an applicant's suitability in respect of his/her competence and capability as well as his/her honesty, integrity, reputation and financial soundness.

Shawbrook aims to support business success by maintaining a corporate culture of honesty and trust; selecting the most suitable candidates based on genuine qualification and experience; and sending a clear message that Shawbrook Bank is alert to security threats.

The highest standards of integrity are essential to the commercial success and reputation of Shawbrook and as such, we exercise a duty of care to our employees and customers alike. An example of this is pre-employment screening, which is integral to our resourcing process.

New joiners on Shawbrook contracts whether temporary or permanent will undergo the full screening package (including the appropriate level of DBS checks) as detailed below. All pre-employment screening for new Shawbrook staff is carried out by SAFE, whereas temporary staff employed through a recruitment agency will have pre-employment screening carried out by the recruitment agency through which they are sourced and contractors will have their pre-employment screening completed by Giant.

SAFE Pre-employment checks include:

  • UK Electoral Roll & Credit Check
  • UK Identity Verification (MRZ) passport check
  • Career Gap
  • DBS checks appropriate to the role
  • Employment Verification for the past 5 years (6 years in the case of Certified roles)
  • Verification of professional and all qualifications
  • Right to work in the UK
  • CIFAS National Fraud Database
  • Social media checks (for certified roles only)

b. Process

As part of Shawbrook's offer of employment, new joiners must provide the screening company with their written consent to carry out the pre-employment checks and complete the on-line pre-screening application within approximately one week of receiving their log on details. It is the responsibility of all new joiners to provide accurate and up to date information to SAFE, as any discrepancies relating to the information they provide could delay or even adversely affect their offer of employment being confirmed. New joiners are also responsible for submitting documentary evidence directly to SAFE, as without this, certain checks cannot be performed.

Once all pre-screening checks have been carried out, Shawbrook receives confirmation from SAFE as to whether the reference checks have been satisfactorily completed. Should SAFE identify any issues, a member of Shawbrook's HR team will speak to the candidate in order to clarify specific details. If it is deemed that references cannot be obtained to Shawbrook's satisfaction, the employee's offer of employment may be withdrawn or employment may be terminated without pay.

Shawbrook reserves the right to withdraw any offer of employment or consideration of employment, or discharge an employee, upon finding falsification, misrepresentation or omissions of fact on an employment application, CV, other attachments, or investment statements, regardless of what is discovered.

No Shawbrook employees will be able to start work before satisfactory evidence of right to work in the UK and clear credit and CRB checks have been received, unless sign off is obtained from the Head of HR Service Delivery and Change. Such sign off will be given only in very exceptional circumstances. All references need to be completed to Shawbrook's satisfaction before an employee's probation will be passed.

The Equal Opportunities Policy is directly relevant to the pre-employment screening process and employees should therefore make themselves aware of its content.

c. Declarations

Any persons wishing to make a statement in advance of any checks being carried out or declare any possible adverse findings that may arise from these checks should make a self-disclosure statement and can do so in writing to AskHR@shawbrook.co.uk within 3 working days of completing the SAFE checks questionnaire.

Can't find the job you're looking for?

We're always on the lookout for new talent. Join our talent community and if a position becomes available that we think will suit you, we'll be in touch!

Join our Talent Community
Top

Want to get in touch?

Contacting us is simple and straightforward and we will respond to you personally.

Contact us