This Privacy Notice sets out the basis on which we use personal data in respect of our internal recruitment and employment procedures.

We reserve the right to update this Privacy Notice from time to time. Where appropriate, we shall contact you to notify you of any material changes to the Privacy Notice. You should check for updates periodically to ensure that you understand (i) how we are using your personal data and (ii) your legal rights around our usage of such personal data.


Who Should Read This Privacy Notice?

You should read this Privacy Notice if you are:

If you are a Candidate, Client Contact or Supplier Representative, you should refer to our external Privacy Notice instead. This is available to view at



This Privacy Notice uses the following defined terms:

Applicant means a person who has submitted an application or enquiry, directly or indirectly, with a view to becoming an Employee.

Data Protection Legislation means (i) unless and until the GDPR is no longer directly applicable in the UK, the General Data Protection Regulation ((EU) 2016/679) and any national implementing laws, regulations and secondary legislation, as amended or updated from time to time, in the UK and then (ii) any successor legislation to the GDPR or the Data Protection Act 1998.

Employee means a current or former employee of ours, including permanent, fixed-term, temporary and casual staff who are or have been (i) employed or otherwise engaged by us or (ii) supplied to us by a third-party employment business to work within our offices. We use the term “Employee” within this Privacy Notice to refer generically to someone who works for us or provides services to our business personally but nothing in this Privacy Notice is intended to affect your employment status in any respect.

Third-Party Services Provider means any relevant third-party business which provides services to us, such as our:


How We Obtain Personal Data

If you are an Applicant, we may obtain personal data relating to you:

If you are an Employee, we may obtain personal data relating to you:


Types of Information We Hold

If you are an Employee or Applicant, we may collect, store and process the following types of personal information about you:

If you are an Employee, we may also collect, store and process the following types of personal information about you:

If you are an Applicant or Employee, we may also collect, store and use the following “special categories” of more sensitive personal information:


How We Use Personal Data

If you are an Applicant or an Employee, we may use your personal data to:

If you are an Employee, we may also use your personal data to:


Our Lawful Basis for Processing Data

We are entitled to process your personal data where it is necessary for the performance of the contract for services or contract of service to which you are a party, either directly with us or, in some circumstances, with a third party such as an employment business. This includes any processing which may be necessary at the preliminary stage prior to you entering into such contract.

We may also process your personal data where it is necessary for compliance with a legal obligation to which we are subject, such as the obligation to maintain suitable business and financial records.

In accordance with Article 9 (2)(b) of the GDPR, we are entitled to process your sensitive personal data where we need to carry out our obligations or exercise our rights in the field of employment. Under very limited circumstances, we may also ask for consent to process your sensitive personal data.


Where We Process Personal Data

Your personal data is held and processed by us in the United Kingdom.

We have put in place appropriate safeguards to ensure that your data is only transferred to jurisdictions with enforceable data subject rights and effective legal remedies in respect of data privacy breaches. We will therefore only transfer your personal data to jurisdictions outside of the EEA where:


Parties with Whom We May Share Data

We may share your personal data for legitimate purposes with:


Automated Decision Making

Automated decision-making takes place when an electronic system uses personal information to make a decision without human intervention. All decisions which are made in the course of our business processes involve human intervention. We do not therefore expect to make any decisions about you using automated means.


Data Security

We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal information to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal information on our instructions and they are subject to a duty of confidentiality. Details of these measures may be obtained from the Data Protection Manager.

We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.


Data Retention

We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

If you are an Applicant, we will usually retain your personal data for one year from the date on which the recruitment decision is made, unless you become an Employee, in which case the provisions below shall apply.

If you are an Employee, our standard data retention period is three years from the date on which our working relationship ends. After this time, we will usually delete your personal data from our records. Where we are required to keep any information (i) for auditing or compliance purposes (ii) to comply with our contractual obligations to third parties or (iii) in respect of any potential or actual legal proceedings, we shall keep your data for as long as is strictly necessary for these purposes, which is typically for seven years from the date on which our working relationship ends.

In some circumstances we may completely anonymise your personal information so that it can no longer be associated with you, in which case we may use such information without further notice to you.


Rights of access, correction, erasure, and restriction

Your duty to inform us of changes. It is important that the personal information we hold about you is accurate and current. Please keep us informed if your personal information changes during your working relationship with us.

Your rights in connection with personal information. Under certain circumstances, you have the right to:

If you want to exercise any of the above rights, please contact the Data Protection Manager in writing. We will consider your request and confirm the actions which we have taken in response to such request.

We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is an appropriate security measure to ensure that personal information is not disclosed to any person who has no right to receive it.

In the limited circumstances where you may have provided your consent to the collection, processing and transfer of your personal information for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. To withdraw your consent, please contact the Data Protection Manager. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law. We will confirm the actions which we have taken in respect of any such request.

If you are unhappy with any aspect of the manner in which we have processed your personal data or dealt with your decision to exercise any of the rights set out in this section, you have the right to complain to the Information Commissioners Office in the United Kingdom. Their details are:

Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF
Tel: 0303 123 1113 (local rate) or, if you prefer to use a national rate number, 01625 545 745
Email: [email protected]


Contacting Us

If you have any questions about this Privacy Notice, you can speak to your line manager (where applicable) or contact our Data Protection Manager at 2nd Floor, Strand, London WC2R 1LA. Alternatively, you may telephone us on 020 3701 7420 or email us at [email protected]

Borne Resourcing Ltd.
2nd Floor, New Wing
Somerset House
T. 020 3701 7420
[email protected]