Recruitment privacy policy

At Blue Cross we are committed to protecting and respecting your privacy.  

Under data protection legislation we need to provide you with specific information about the data we gather and store about you when you apply for employment with us. This privacy policy covers how and why we use the data when you apply for a position with Blue Cross through to interview and offer of employment.

The data controller is Blue Cross of Shilton Road, Burford, Oxfordshire, OX18 4PF, a charity registered in England and Wales (224392) and in Scotland (SC040154).  This means that we are responsible for deciding how we hold and use personal information about you. As an organisation we will never sell your personal data and will only ever share it with organisations we work with where necessary and if its privacy and security are guaranteed

Please read the following carefully to understand our practices regarding your personal data and how we will treat it.

If you have any questions in relation to this Policy or about how use your personal data in general, please contact [email protected] or 01993 825 515.

If you would like to make a request to exercise any of the rights you have over your personal data please send them to the Data Protection Officer at Blue Cross. The Data Protection Officer can be contacted by emailing [email protected], calling  0300 777 1897 or in writing to:

The Data Protection Officer, Blue Cross, Shilton Road, Burford, Oxfordshire, OX18 4PF.

The Data Protection Principles

We will comply with data protection law. This says that the personal information we hold about you must be:

  • Used lawfully, fairly and in a transparent way;
  • Collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes;
  • Relevant to the purposes we have told you about and limited only to those purposes;
  • Accurate and kept up to date;
  • Kept only as long as necessary for the purposes that we have told you about;
  • Kept securely

Information we collect from you

We collect personal information about you through the application and recruitment process either directly from candidates or sometimes from employment agencies. If you decide to apply for a vacancy with Blue Cross or send in a copy of your CV via our website, we will collect and process a range of information about you. This includes information you provide when you register or use our site, With regard to each of your visits to our site we will automatically collect the following information: 

  1. technical information, including the Internet Protocol (IP) address used to connect your computer to the Internet, your login information, browser type and version, operating system and platform;  
  2. cookies – view our cookie policy  

The information you give us may include your name, address, e-mail address and phone number, recruitment information including personal descriptions such as your skills (including your education or training, employment history and referees, professional memberships).

If you choose to complete the voluntary diversity questionnaire, then we will collect (for equal opportunities monitoring) the information you provide which may include sensitive personal data. We will seek your explicit consent in the diversity form to process this type of data.

  • We may also store and use personal information to help us carry out employment law obligations.
  • In addition, we may be obliged by law to store your communications and personal data, including activity logs, and we may need to show details of these to government or authorised officials upon request. Like many websites we use log files to monitor effectiveness of our online marketing programmes.  

How do we protect personal data?

We take the security of your data seriously and we comply with the data protection principles and have internal policies and controls in place to ensure personal data is not lost, destroyed, misused or disclosed.

Where we employ third parties to process personal data on our behalf they do so on the basis of our written instructions.

How long do we keep the data?

We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for including for the purposes of satisfying any legal or reporting requirements.  

We will keep your application details on file for six months and will use these details to contact you should a suitable vacancy arise during this time. Thereafter we will securely destroy your personal information.

If you are a successful applicant, your application details will be entered into our HR database. We have an employee privacy policy which will be provided to you on commencement of your employment which will cover the processing of employee personal data during and after your employment with Blue Cross.

Uses made of the information

The personal information that you provide to us will be used to:

  • process your application
  • consider you for the position for which you have applied and subsequent suitable vacancies (unless you have opted not to be contacted in respect of subsequent vacancies) for up to 6 months after your application is received
  • fulfil our legal obligations
  • aid internal record keeping
  • provide general aggregate information (which does not identify individuals) and statistics to help us develop our website and our services
  • approach your nominated referees for the purposes of obtaining references


We will only use your personal information for the purposes for which we collected it for, unless we reasonably consider that we need to use it for another reason that is compatible with the original purpose. If we need to use your personal information for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.

Storage of data

We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised say, altered or disclosed. In addition we limit access to your personal information to those employees, who have a business need to know.

All information you provide to us is stored on our secure servers. Where we have given you (or where you have chosen) a password which enables you to access certain parts of our site, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.  

Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.  

Your Rights

As a data subject, under certain circumstances you have a number of rights. You can:

  • request access to your personal information (“data subject access request”). This enables you to receive a copy of the personal information we hold about you and check that we are lawfully processing it;
  • request correction of the personal information that we hold about you;
  • request erasure of your personal information;
  • object to processing of your personal information where we are relying on legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to the processing on this ground;
  • request the restriction of processing of your personal information;
  • request the transfer of your personal information to another party.

If you wish to exercise any of these rights please contact us at [email protected] or alternatively the Data Protection Officer at [email protected].

Changes to this Privacy Policy

The Policy may change from time to time. For example, we have recently updated it to reflect new legal requirements of the EU General Data Protection Regulation (also known as the 'GDPR'). Please visit this website section periodically in order to keep up to date with the changes in our Policy.

Updated: 2 July 2018