Applicant and Candidate Privacy Policy

What every employee needs to know about this policy

Who This policy applies to applicants and candidates for UKI roles
What This policy provides an overview of how applicant and candidate data is collected, stored, retained and processed
Why We are committed to being transparent about how we collect and use your personal data and in meeting our data protection obligations
Key Policy Points We need to process applicant and candidate data to ensure we can manage a fair and effective recruitment and selection process and to assess suitability for a role

When we refer to ‘we’ or ‘Experian’ in this Privacy Policy, we mean Experian Limited. Experian is the controller of your personal data. If there's anything you're unsure about in this Privacy Policy, you can contact our Data Protection Officer at

Our Approach

We collect and process your personal data to manage the recruitment, selection and onboarding process and we are committed to being transparent about how we collect and use your personal data and in meeting our data protection obligations.


We need to process your data in order that we can manage a fair and effective recruitment and selection process and to assess your suitability for a role. We may need to process your health information to make reasonable adjustments to the selection processes if you have a disability and we process special categories of data, such as information about ethnic origin, sexual orientation, health or religion for equal opportunities, diversity and inclusion monitoring purposes.

If you are successful we will process your data to enter into an employment contract with you and will collect personal data about you from third parties, such as references supplied by former employers or educational establishments and information from employment background check providers, credit reference agencies, fraud prevention databases and criminal records agencies and we will also process your data to comply with our legal obligations to check your eligibility to work in the UK before employment starts.

If you do not join Experian, we may process your personal data for the purposes of providing you with information about job opportunities and related information about Experian or events it may be running. To do this, we will keep your personal data in our records for a short time after any unsuccessful application. We will then actively match your details to roles we think might be of interest to you or match your skills, before contacting you to let you know about those roles.

You are under no statutory or contractual obligation to provide data to Experian during the recruitment process. However, if you do not provide the information, we may not be able to process your application or include you in our selection processes.

For some of the more sensitive data points, such as ethnicity and sexual orientation you will have a ‘prefer not to say’ option if you are not comfortable sharing this information with us.

This information will not affect your chances of being successful in the recruitment process, it will only be used for equality, diversity and inclusion reporting and monitoring purposes.

Collection, Storage and Retention

We collect and process a range of information about you such as your name and address, your skills and experience and your career history. This information is collected in a variety of ways, for example, it might be collected through application forms or your CV, from your passport or other identity documents such as your driving licence, and from third parties including recruitment agents. 

When you apply for a role at Experian, you will be given an opportunity to create a profile within the Smart Recruiters platform. This will allow you to make updates to your candidate profile, including deleting it.

If your application for employment is successful, personal data gathered during the recruitment process will be transferred to our internal systems, People Portal and Oracle which we use to hold information about our employees. Our Employee Privacy Policy will tell you more about how we handle your personal data should you be successful in the recruitment process.

If your application for employment is unsuccessful, we will hold your data in our HR systems for 12 months after the end of the relevant recruitment process.  We retain the data to enable us to  make you aware of any future roles at Experian that may be suitable for you.  We also hold this data so that we can monitor the diversity of the people who apply for a role with us.

At the end of that period, your data is deleted or destroyed.

You can also choose to object to our processing of your data at any time before the end of this 12-month period (where your application is unsuccessful) or before we onboard you as an Experian employee (where your application is successful). However, as mentioned above, this may restrict our ability to process your application or consider you for future roles with Experian.

You can also submit a request for your profile to be deleted by contacting your Experian Talent Acquisition contact.

We take the security of your data seriously and have internal policies and controls in place to ensure that your data is not lost, accidentally destroyed, misused or disclosed, and is not accessed except by our employees in the proper performance of their duties.

The table below provides a list of all the data held and the purpose for which the data is held:

Data Collected Reason for Processing Legal basis for processing under UK data protection legislation
Your name, address and contact details, including email address and telephone number. To maintain accurate and up-to-date contact details during the application and interview process.   Performance of a contract (Article 6(1)(b) UK GDPR), which relates to processing necessary to perform a contract or to take steps at your request (e.g. consider your application and suitability for an advertised role), before entering a contract with you.
Information relating to your Right to Work, references from previous employers and educational establishments, results from fraud prevention databases, credit reference agencies and criminal records agencies. We have policies in place for both Right to Work and Vetting if you require further information. This information is gathered so that we fulfil our legal obligations to ensure that the people we employ are entitled to work in the UK&I and to meet the requirements of our employee vetting policy which includes past references, educational references, financial history, fraud database search results and criminal records. Legal Obligation (Article 6(1)(c) UK GDPR)
Details of your qualifications, skills, experiences and employment history in the form of CV provided when joining. We use this information to manage recruitment and selection and to assess your suitability for the role applied for. This data will also be used to plan for your induction and onboarding. This is done in line with our Recruitment and Selection Policy. Performance of a contract (Article 6(1)(b) UK GDPR)
Details of your qualifications, skills, experiences, and employment history and details of any role(s) with Experian you have applied for We keep this information after you have applied for a role with us for 12 months. During this period, if other roles which might fit your skills or qualifications become available, our Talent Acquisition team will match those roles with your details and may contact you to make you aware of such opportunities with Experian. You can object to our processing of your data for this purpose at any time by contacting us on Legitimate Interests (Article 6(1)(f) UK GDPR) 
Information about medical or health conditions, including whether or not you have a disability. We will use this information if we need to make reasonable adjustments to the recruitment process for candidates who have a disability. This is to carry out our legal obligations and exercise specific rights in relation to employment. Legal obligation (Article 6(1)(c) UK GDPR)
Diversity monitoring information about your gender, ethnic origin, sexual orientation, health and religion. To maintain and promote equality in the workplace and to comply with our legal obligations. If you are successful, this information will be held in the recruitment system.  Following a successful application, this information will be transferred to your people record where you can update and/or remove it.

Gender – Legitimate Interests (Article 6(1)(f) UK GDPR)

Sexual orientation, ethnicity and religion – Schedule 1(8) of the Data Protection Act 2018, which provides a basis for processing data for the purpose of identifying (and keeping under review) the existence or absence of equality of opportunity or treatment between groups of people. 

Selection documentation such as interview notes, presentation materials and psychometric assessments.

During the recruitment we have a legitimate interest in capturing this personal information will be captured to ensure we can assess suitability for the role.

We may also engage with approved third parties to complete Psychometric assessments and information provided to these providers to facilitate these.

The types of assessments we complete could be personality profiling or verbal and numerical reasoning tests. Should this apply to your application then a member of the Talent Acquisition Team will let you know.​​​​​​​

​​​​​​​Should you choose not to share this information with a third party then you should let your Talent Acquisition contact know.

Legitimate Interests (Article 6(1)(f) UK GDPR)


Automated Decision Making

Our recruitment processes are not based solely on automated decision-making. SmartAssistant uses matching algorithms which provide candidate scores to support decision making around which candidates are potential good fits to move forward in the hiring process as well as the ability to discover otherwise hidden talent. The SmartAssistant has two main components – match score and discovery.

·         MatchScore pre-screens and scores each candidate based on their fit for the job. It’s not meant to make decisions for the Talent Acquisition team, but it'll help them restack the list of applicants to highlight candidates who are the best fit.

·         The Discovery feature will scan our candidate database and talent communities (if applicable) to surface and suggest strong candidates for your job opening.

Sharing Your Data

Any special categories of data that you have shared, such as information about ethnic origin, sexual orientation, health or religion or belief for equal opportunities, will only be used for monitoring purposes. It will not be seen by Members of the Talent Acquisition Team who will be managing your application, or anyone who is part of the recruitment process or managers in the business area.

Other information will be shared internally for the purposes of the recruitment process This includes members of the HR and Talent Acquisition Team, interviewers involved in the recruitment and selection process, managers in the business area with the vacancy and anyone else if access to the data is necessary for the performance of their roles.

If you are successful, we will also share your data with third parties in order to obtain pre-employment references from former employers and educational establishments, and obtain fraud prevention background checks. We will also obtain necessary criminal records checks from the Disclosure and Barring Service/Disclosure Scotland as required under our vetting policy and we will only do this once we have made an employment offer to you.

We may transfer your data outside the European Economic Area, but only it will be processed in accordance with the terms of the EU Commission’s approved standard contractual clauses or an alternative mechanism offering an equivalent or better level of protection for your personal information. We will implement additional safeguards or supplementary measures (as recommended by the European Data Protection Board or other UK or EU data regulators) where appropriate in order to comply with UK/EU data protection laws.

Your Rights

As a data subject, you have a number of rights. You can:

·         Access and obtain a copy of your data on request;

·         Require that we change incorrect or incomplete data;

·         Require that we delete or stop processing your data, for example where the data is no longer necessary for the purposes of processing;

·         Object to the processing of your data where the organisation is relying on its legitimate interests as the legal ground for processing; and

·         Ask that we stop processing data for a period if data is inaccurate or there is a dispute about whether or not your interests override the organisation's legitimate grounds for processing data.

If you would like to exercise any of these rights, or make a Data Subject Access Request (DSAR) please contact the HR Operations and Onboarding Manager at

If you believe we have not complied with your data protection rights, you may raise your concern in the first instance by contacting

Other Relevant Policies

·         Right to Work

·         Vetting

·         Employee Privacy Policy

·         UK&I Data Protection Policy

·         Global Information Security Policy

To gain a copy of the policies referred to in this document please access HR Hub in the first instance. If you are external or have not yet joined Experian, please email

We will try to ensure that we deliver the best levels of customer service but if you think we are falling short of that commitment, please let us know by contacting us at

If you’re still unhappy with any aspect of how we handle your personal information you also have the right to contact the Information Commissioner’s Office (ICO), the supervisory authority that regulates handling of personal information in the UK. You can contact them by:

1.    Going to their website at

2.    Phone on 0303 123 1113

3.    Post to Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, SK9 5AF