Applicant Privacy Notice

Who we are

The University of Northampton collects and processes personal data relating to job applicants to manage and administer the recruitment process. The University is committed to being transparent about how it collects and uses that data and to meeting its data protection obligations.

The University of Northampton is a data controller, registered with the Information Commissioner’s Office, and for the purposes of the Data Protection Act and General Data Protection Regulation (GDPR), has appointed a Data Protection Officer who has formal responsibility for data protection compliance within the organisation.

Our Data Protection Officer can be contacted at:

Or by writing to:

Records Management Office, University of Northampton (Park Campus), Boughton Green Road, Northampton NN2 7AL

Tel: 01604 892823

What data do we collect?

The University collects a range of information about you. This includes, but is not restricted to, the following;

  • Your name, address and contact details
  • Details of your qualifications, skills, experience and employment history
  • Whether or not you have a disability for which we need to make reasonable adjustments during the recruitment process
  • Information and evidence of your right to work in the UK
  • Equal opportunities monitoring information, including information about your ethnic origin, sexual orientation, religion and belief. Any data that is used for monitoring is anonymised and you are entirely free to decide whether or not to provide such data.

The University will only process sensitive personal data if certain conditions are met. These conditions are set out in guidance from the Information Commissioners Office (ICO). Link to ICO guidance on sensitive data

The University collects this information in a variety of ways. For example from application forms, from your passport or other identity documents or collected through interviews or other forms of assessment such as online tests.

The University may also collect information about you from third parties such as references supplied by former employers or from criminal records checks. We will only seek information from third parties once a job offer has been made to you and will inform you that we are doing so.

Why do we process your data?

The University needs to process data to take steps at your request prior to entering into a contract with you. It also needs to process your data to enter into a contract with you.

In some cases, the University needs to process data to ensure that it is complying with its legal obligations. For example, it is required to check a successful applicant's eligibility to work in the UK before employment starts.

The University has a legitimate interest in processing personal data during the recruitment process and for keeping records of the process. Processing data from job applicants allows the organisation to manage the recruitment process, assess and confirm a candidate's suitability for employment and decide to whom to offer a job. The organisation may also need to process data from job applicants to respond to and defend against legal claims.

The organisation processes health information if it needs to make reasonable adjustments to the recruitment process for candidates who have a disability. This is to carry out its obligations and exercise specific rights in relation to employment.

Where the organisation processes other special categories of data, such as information about ethnic origin, sexual orientation, health or religion or belief, this is for equal opportunities monitoring purposes and is done in anonymised form.

If your application is unsuccessful your details will be stored in the online recruitment system for up to 1 year in case there are future jobs you may wish to apply for. An exception to this may occur if an applicant requires a Tier 2 Visa in which case the UKVI (UK Visas and Immigration) require us to keep the data until the next audit date. If you wish to have your data removed before the year is up please contact

Who has access to the data?

Your information will be shared internally for the purposes of the recruitment exercise. This includes members of HR and the recruitment team, interviewers involved in the recruitment process, managers in the business area with a vacancy, the University executive team and IT staff if access to the data is necessary for the performance of their roles.

The University will not normally share your data with third parties, unless your application for employment is successful and it makes you an offer of employment. The only exceptions to this may occur if an online test is required as part of the selection process when your name, gender and e-mail addresses are shared with the third party providing the tests and the UKVI if a candidate requires a Tier 2 Visa.

The University will then share your data with former employers to obtain references for you and the Disclosure and Barring Service (for certain roles only) to obtain necessary criminal records checks.

How do we keep your data secure?

The University takes the security of your data seriously. The University has internal policies and controls in place to ensure that your data is not lost, accidentally destroyed, misused or disclosed and is not accessed except by its employees in the performance of their duties. Where the University engages third parties to process personal data on its behalf, it does so on the basis of written agreement. The third parties are under a duty of confidentiality and are obliged to implement appropriate technical and organisational measures to ensure the security of data.

We will keep your personal data only as long as is necessary to conclude the purpose(s) for which it was collected and in accordance with the University’s Record Retention Schedules which can be found here

Data will be securely destroyed when no longer required.

Your rights

As a data subject, you have a number of rights. You can:

  • access and obtain a copy of your data on request;
  • require the University to change incorrect or incomplete data;
  • require the University to delete or stop processing your data, for example where the data is no longer necessary for the purposes of processing;
  • object to the processing of your data where the University is relying on its legitimate interests as the legal ground for processing; and
  • ask the University to stop processing data for a period if data is inaccurate or there is a dispute about whether or not your interests override the organisation's legitimate grounds for processing data.

Please note that the above rights are not absolute, and we may be entitled to refuse requests where exceptions apply.

If you wish to exercise any of these rights or if you have a complaint about the way you believe your data is being processed, in the first instance, discuss this with the records management team by emailing:

If you have a complaint and you remain dissatisfied with how your complaint has been dealt with you can take your complaint to the Information Commissioner’s Office (ICO) for a review.

What if you do not provide personal data?

You are under no statutory or contractual obligation to provide data to the organisation during the recruitment process. However, if you do not provide the information, the organisation may not be able to process your application properly or at all.

Automated decision-making

Recruitment processes are not based solely on automated decision-making.