Recruitment Privacy Notice

First Issued: 19th May 2021

Last updated: 30 September 2022

Version 3

1. Introduction

This Privacy Notice is given by Kroo Bank Ltd (“we” “our” or “us” or “Kroo”). In this Notice “You” refers to applicants for permanent and temporary positions at Kroo.

We respect the privacy rights of individuals and are committed to handling personal information responsibly and in accordance with applicable law. It is important that you read all of this Notice carefully as it sets out how we handle your personal information when you apply for a job or other role with us and the rights you have in connection with that information. The term “applicants” is used in this Notice to refer to anyone who applies for a job role, or who otherwise seeks to carry out work with or for us (whether on a permanent or non-permanent basis).

If you are in any doubt, or have any comments or questions about this Notice, please contact us using the contact details set out at Section 9 below.

2. Information that we collect automatically

You can visit our website

These pages on our website will contain information about us. Our Cookie Notice on the website will tell you about how we collect certain information automatically from your device when you visit our website. Such information is not used in respect of recruitment.

Personal Information collected from you

The types of personal information we collect and process when you apply for a role with us includes (but is not limited to):

Identification data and contact details – including your name, address, email address, phone number and other contact information, gender, date of birth, nationality/ies, national identifiers (such as national ID/passport, national insurance number(s)).Employment history – such as previous employers and job titles/positions.Background information – such as academic/professional qualifications, job qualifications, education, details included in your CV/résumé (which might include details of any memberships or interests constituting “sensitive personal information”, a term which we define below), transcripts and employment references.Details of your nominated referees (including their name, contact details, employer and job role).Details of your immigration/visa status.Previous applications/roles such as information relating to previous applications you have made to us. This could include information on any previous employment history with us.Other information you voluntarily provide throughout the process, including through assessment centres / exercises and interviews.

As a general rule, during the recruitment process, we try not to collect or process any of the following: information that reveals your racial or ethnic origin, religious, political or philosophical beliefs or trade union membership; genetic data; biometric data for the purposes of unique identification; or information concerning your health/sex life (“Sensitive Personal Information“), unless authorised by law or where necessary to comply with applicable laws.

However, in some circumstances, we may need to collect, or request on a voluntary disclosure basis, some Sensitive Personal Information for legitimate recruitment-related purposes: for example, information about your racial/ethnic origin, gender and disabilities for the purposes of equal opportunities monitoring, to comply with anti-discrimination laws and for government reporting obligations. Where we do process such information it will be for statistical purposes and will not identify you individually. Another example where we might request voluntary disclosure of Sensitive Personal Information is about your physical or mental condition so that we can consider how we might accommodate you during the recruitment process and/or subsequent job role if we do recruit you.

You may provide, on a voluntary basis, other Sensitive Personal Information during the recruitment process, for example your CV may state that your interests include activities involving a particular religious group or a group which espouses particular political or philosophical views.

Personal information collected from other sources

References provided by referees.Other background information provided or confirmed by academic institutions and training or certification providers.Criminal records data obtained through criminal records checks. (We will not carry out such checks without your express permission.)Credit checks (based on publicly available information only).Fraud agency checks, such as CIFAS. Note that CIFAS has its own Privacy Notice, which they call the Fair Processing Notice for the Internal Fraud Database. You can access that notice here: provided by recruitment or executive search agencies.

For each of the above personal information we only collect it where permissible and in accordance with applicable law.

Please note that we do not use information on social media or information widely available on the internet, such as material posted on Facebook or YouTube, to assess candidates as part of our selection process. We do, however, review potential candidate and candidate professional profiles and/or job profiles such as those published on Linkedin, job sites and job portals. For particular roles, we may review publicly available portfolios or examples of candidates work, for example, design portfolio websites for Product Designers or Gitlab profiles for Software Developers.

3. Purposes for processing personal information

We collect and use this personal information primarily for recruitment purposes – in particular, to determine your qualifications for employment and to reach a hiring decision. This includes assessing your skills, qualifications and background for a particular role, verifying your information, carrying our reference checks or background checks (where applicable) and generally to manage the hiring process and communicate with you about it.

If you are accepted for a role at Kroo, the information collected during the recruitment process will form part of your ongoing staff member record and will be processed in accordance with our Employee Privacy Notice, a copy of which we will give you.

If you are not successful, we may still keep your application to allow us to consider you for other suitable openings within Kroo in the future unless you request that we delete your application. We will hold onto such information until we destroy it securely in accordance with our Data and Document Retention Policy. We do not hold such information indefinitely.

4. Who we share your personal information with and transfers abroad

We will only allow access to personal information to those who require such access to perform their tasks and duties, and to third parties who have a legitimate purpose for accessing it. Whenever we permit a third party to access personal information, we will implement appropriate measures to ensure the information is used in a manner consistent with this Notice and that the security and confidentiality of the information is maintained.

Transfers to third party service providers

We may make certain personal information available to third parties who provide services relating to the recruitment process to us:

recruitment or executive search agencies involved in your recruitment;background checking or other screening providers who may (with your consent) conduct relevant criminal record checks and credit checks on our behalf;data storage, shared services and recruitment platform providers, IT developers and support providers;third parties who provide support and advice including in relation to legal, financial / audit, management consultancy, insurance, health and safety, security and intel and whistleblowing / reporting issues.

We may also disclose personal information to third parties on other lawful grounds, including:

Where you have provided your consent;To comply with our legal obligations, including where necessary to abide by law, regulation or contract, or to respond to a court order, administrative or judicial process, including, but not limited to, a subpoena, government audit or search warrant;In response to lawful requests by public authorities (including for tax, immigration, health and safety, national security or law enforcement purposes);As necessary to establish, exercise or defend against potential, threatened or actual legal claims;Where necessary to protect your vital interests or those of another person; and/orIn connection with the sale, assignment or other transfer of all or part of our business.

5. Transfer of personal information abroad

In some cases, the sharing described above may result in your personal information being transferred internationally, including to a country outside the European Economic Area (“EEA”). These countries may have data protection laws that are different to the laws of your country (and, in some cases, may not be as protective).

However, we have taken appropriate safeguards to require that your personal information will remain protected in accordance with this Notice. These include implementing the European Commission’s Standard Contractual Clauses (under Article 46.2 of the General Data Protection Regulation) in the context of personal data we have agreed to transfer outside the EEA.

7. Data retention periods

Personal information will be stored in accordance with applicable laws and kept as long as needed to carry out the purposes described in this Notice or as otherwise required by applicable law. Generally, this means your personal information will be retained as follows:

if you become a member of staff, in accordance with the retention periods set out on our Privacy Notice for Staff; orfor a period of 12 months after confirmation that your application was unsuccessful.

8. Your rights

You may exercise the rights available to you under applicable data protection laws as follows:

If you wish to access, correct, update or request deletion of your personal information, you can do so at any time by contacting us using the contact details provided below.You can object to processing of your personal information, ask us to restrict processing of your personal information or request portability of your personal information. Again, you can exercise these rights by contacting us using the contact details provided below.If we have collected and process your personal information with your consent, then you can withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your personal information conducted in reliance on lawful processing grounds other than consent.You have the right to complain to a data protection authority about our collection and use of your personal information. The data protection authority in the UK is the Information Commissioner’s Office (ICO). The ICO’s website is:

We respond to all requests we receive from individuals wishing to exercise their data protection rights in accordance with applicable data protection laws.

9. Contact for more information

If you have any questions or concerns about our use of your personal information, please contact our Data Protection Officer using the following details: