Skip to main content

Applicant privacy notice

Understand how the University collects, holds and uses your personal data.


Sarah Sutton, Head of Talent Acquisition, Human Resources
Information not provided
Approval date
15 Feb 2024
Approved by
Sam Sherry, Data Protection Officer, Department of Policy, Planning and Compliance
Date of last review
Information not provided
Date of next review
15 Feb 2025

This notice explains the kinds of information we obtain from or about you when you register with and/or apply for a job or work experience through the University of Bath e-recruitment system (Stonefish) and progress through the recruitment process. It also applies to individuals whose details University of Bath have obtained from publicly accessible sources for example corporate websites, LinkedIn, personal websites.

What information we collect

The information we collect and process for job applicants includes:

  • your name, address and contact details − including email address and telephone number
  • details of your qualifications, skills, experience and employment history
  • information about your current level of remuneration − including benefit entitlements (where applicable)
  • whether or not you have a disability for which we need to make reasonable adjustments during the recruitment process
  • information about your eligibility to work in the UK
  • equal opportunities monitoring information, including information about your ethnic origin, date birth, sexual orientation, disability and religion or belief and social mobility and
  • views and opinions (from referees and/or sources) where applicable

For those individuals whose details we have obtained from publicly accessible sources we will generally only collect;

  • name
  • job title
  • career biography
  • place of employment
  • contact details

How we collect your data


To ensure we operate effectively and provide you with a positive candidate experience we collect data from various sources.

When you engage with us as a potential candidate or apply for a job, you directly provide some of this information. For example, data might be contained in application forms, CVs, supporting statements, obtained from your passport or other identity documents, or collected through interviews or other forms of assessment.

Additionally, referees (individuals offering personal or work references) and sources (those providing information about candidates) may contribute additional data. We trust referees and sources to only share personal data lawfully and in compliance with data protection laws and the terms outlined in this notice.


We may also collect personal data about you from third parties, such as health questionnaire information from our Occupational Health service to help ensure consideration is given to additional control measures where and when required. Or information from criminal records checks. We will normally only seek this information once a job offer has been made to you and will inform you when we are doing so. An exception to this is, if you're selected for interview; have provided us with your permission to contact your referees prior to a job offer being made then we'll proceed with contacting them

For applicants applying for work experience at the University, we may also collect personal data about you from third parties, for example your school or college.

We also collect data from publicly accessible sources when we are identifying and assessing the suitability of academics and professionals for senior roles within the University.

Data will be stored in a range of different places, including on your application record, in HR and Payroll systems and on other IT systems (including email).

Why we process personal data

We have a legitimate interest in processing your personal data during the recruitment process to:

  • make decisions regarding our processing of job applications
  • make contact with you about your job applications and it's status
  • comply with legal obligations, such as verifying right to work in the UK before employment begins
  • enable effective business decision making and planning
  • provide information about job vacancies within the institution
  • find, contact and assess the suitability of academics and professionals for senior roles
  • respond to queries related to recruitment
  • complete equal opportunities monitoring
  • make reasonable adjustments for disabled candidates
  • find, contact and evaluate the suitability of academics and professionals for senior roles within the institution.

For work experience placements, data processing helps in administration and evaluation of the process.

Who has access to data

Your information may be shared internally for the purposes of the recruitment or work experience placement process. This includes teams in HR, the selection panel, senior management within the Institution and authorised external interview panel or search committee members. IT staff may also be provided access to the data if it is necessary for the performance of their roles. Your information is not shared without a legitimate business reason.

As well as circulating your application and related materials to the appropriate staff at the University, we will share your personal information for the above purposes as relevant and necessary with:

  • your referees
  • Disclosure & Barring Service (DBS) in order to administer relevant recruitment checks and procedures
  • UK Visas & Immigration (UKVI) in order to administer relevant recruitment checks and procedures
  • where relevant and as required for some posts, NHS organisations or similar organisations (such as NHS Trusts or Local Education Training Boards)
  • companies or organisations providing specific services to, or on behalf of, the University (such as RUH Occupational Health Service)

Your data may be transferred outside the UK in order to meet our contractual obligations with you (for example, to conduct reference checks). Such transfers are carried out with appropriate safeguards in place to ensure the confidentiality and security of your personal information.

How we protect data

We take the security of your data seriously. We have internal policies and controls in place to ensure that your data is not lost, accidentally destroyed, misused or disclosed, and is not accessed except by our employees in the proper performance of their duties. Further details about the University's security procedures in relation to HR-related data can be found in our Workforce Data Protection & Privacy Statement.

How long the University keeps data

The university will only keep your personal data for as long as it is necessary for the purpose for which is it is processed. Personal data is processed and stored in line with the HR Data Retention Schedule which sets out how long different categories of personal data should be held by the university.

Your rights

As a data subject, you have a number of rights. You can:

  • access and obtain a copy of your data on request

  • require the University to change incorrect or incomplete data

  • require the University to delete or stop processing your data, for example where processing the data is no longer necessary for the purposes for which they were originally collected; and

  • object to the processing of your data where the University is relying on its legitimate interests as the legal ground for processing

If you would like to exercise any of these rights, please contact the University’s Data Protection Officer using the contact details provided at the end of this policy. If you believe that the University has not complied with your data protection rights, you can complain to the Information Commissioner.

What happens if you don't provide personal data

You are under no statutory or contractual obligation to provide data to the University during the recruitment process. However, if you do not provide the information, we may not be able to process your application properly or at all.

Automated decision-making

Recruitment processes are not based solely on automated decision-making.

Contact details

University of Bath address

University of Bath
Claverton Down
United Kingdom

Data Protection Officer

Mr Sam Sherry


Data Protection Officer Risk, Resilience and Compliance Wessex House 8.17 University of Bath Claverton Down Bath BA2 7AY


If you have any questions, please contact us.

On this page