Recruitment Privacy Notice

Our commitment

Blacksmiths is committed to protecting your personal data and respecting your privacy. We collect, use, store, and share your data responsibly and transparently, in accordance with applicable data protection laws. Our goal is to ensure that your personal data remains secure and is handled with the highest standards of confidentiality and integrity. We continuously review and improve our privacy practices to maintain your trust and provide you with clear choices about how your data is used.

Purpose

This notice is to inform you how Blacksmiths processes your information (‘personal data’) when you apply for a job with Blacksmiths Group or one of its subsidiaries, including the application process and pre-employment checks. It provides information about who we are, what data we collect about you, why we collect it, and what rights you have with regards to your data. It also provides our contact details, how to make a subject access request (SAR) and how to make a complaint.

Scope

This Privacy Notice applies to all personal data collected, used, stored, or shared by us when you interact with our products, services, websites, mobile applications, and any other digital or offline channels we operate (collectively, the “Services”). It covers:

  • Information you provide directly when creating an account, contacting us, completing forms, or using our Services.
  • Information collected automatically through cookies, analytics tools, and similar technologies when you access or use our Services.
  • Information received from third parties, such as service providers, partners, or publicly available sources, where permitted by law.
  • All users of our Services, regardless of location, unless a particular regulation requires region-specific practices.

This policy does not apply to third-party websites, services, or applications that may be linked from our Services. We encourage you to review the privacy policies of any third party before sharing your personal information with them.

Our contact details

Blacksmiths’ Data Protection Manager is Zoe Lay. You can contact Zoe using the following contact details:

Name: Blacksmiths Group Limited
Address: Formal House, St. Georges Place, Cheltenham, GL50 3PN
Company Number: 16584743
VAT Number: 506442903
Email: info@blacksmithsgroup.com
Website: www.blacksmithsgroup.com

Definitions

  • Personal data – any data that can be used directly or indirectly to identify an individual. Examples of this are: name, telephone number, email address, home address, location data, online identifier (username) etc.
  • Data subject – the individual who the data relates to.
  • Data controller – the organisation/person who determines the reason for collection of data and how it is collected.
  • Data processor – the organisation/person who processes the data on behalf of the Data Controller.
  • Processing – any operation performed on personal data, including (but not limited to) collection, storing, manipulating, transmitting, using, altering or deleting. If an organisation is using personal data in some way, then it is highly likely this will fall under processing. This can be a manual or automated process.

UK GDPR and The Data Protection Act 2018

The Data Protection Act 2018 (DPA) is the UK’s implementation of the General Data Protection Regulation (GDPR). It controls how your personal data is used by organisations, businesses or the government.

DPA 2018 sets out the key principles, rights and obligations for most processing of personal data in the UK. Everyone responsible for using and processing personal data must follow strict data protection principles.

Types of personal data we collect and why

We process the following information about you to conduct recruitment processes including:

  • Your name and contact details;
  • Information included in your application, such as your work experience and education history;
  • Information you have provided in relation to any reasonable adjustments you may need as part of the recruitment process;
  • Information used to assess your suitability for the position you have applied for, such as interview notes or test results; and
  • Information provided by any external recruitment consultants engaged by us.

If we make a conditional employment offer which you accept, we will collect the following additional information to conduct our pre-employment checks. This information is to confirm your identity and right to work in the United Kingdom, as well as to seek assurance as to your trustworthiness, integrity and reliability:

  • Evidence of your identity and right to work in the UK;
  • References from your previous employers;
  • Evidence of your educational attainments;
  • Evidence of any disclosed existing National Security Vetting clearance you hold and other information gathered to seek assurance that your appointment will not bring discredit upon or otherwise adversely affect our professional integrity, information which may include but is not limited to any examples of: spent or unspent criminal convictions.

If you pass your pre-employment checks, we will collect the following information about you to finalise your contract and create your employee record:

  • Date of birth;
  • Sex;
  • National insurance number;
  • Bank account details;
  • Passport details;
  • Health details in relation to a reasonable adjustment request;
  • Emergency contact details; and
  • Next of kin details.

We will collect information about your employment history, any relevant benefits or pensions you receive, and any student loans you have, to report this information to His Majesty’s Revenue and Customs (HMRC) per our legal obligations.

We will also collect your marital status, which along with other details will be sent to Royal London, our Pension Scheme provider, to auto-enrol you in the scheme unless you opt out of it.

Where we collect your personal data from

We obtain most of the personal data we process directly from you when you complete your job application and afterwards when you complete our pre-employment forms. We may obtain additional personal data from the following sources:

  • Your previous employers and education providers, whom we may ask to provide a reference;
  • External recruitment consultants, whom we may engage for some recruitment campaigns;
  • Sources of information used for our pre-employment checks, including records of criminal offences and intelligence databases; and
  • UK Security Vetting.

Lawful basis for processing your personal data

The lawful basis we rely on for most of the processing set out in this privacy notice is article 6(1)(b) of the UK GDPR, which relates to processing necessary to perform a contract with you, or to take steps at your request to enter into a contract with you.

We also rely on article 6(1)(c), which relates to processing we are required to conduct to comply with our legal obligations. For some processing, we rely on article 6(1)(f), which relates to processing necessary for us to fulfil our legitimate interests where those interests are not overridden by your interests or fundamental rights and freedoms as a data subject.

If you provide information about your health as part of request for a reasonable adjustment, we process this ‘special category data’ on the basis of article 9(2)(b) of the UK GDPR, which relates to our obligations in employment law, paired with Schedule 1 part 1(1) of the Data Protection Act 2018.

We collect data regarding protected characteristics of successful candidates appointed into a role, this information is provided on a voluntary basis and is not a requirement. Our basis for processing special category data is that the processing is necessary for the purposes of identifying or keeping under review the existence or absence of equality of opportunity or treatment between groups of people specified in relation to certain categories of personal data, with a view to enabling such equality to be promoted or maintained (DPA 2018 Schedule 1, Part 2, s8).

As part of our pre-employment and vetting checks, we process information about applicant criminal convictions and offences. We rely on the following conditions under Schedule 1, Part 1 of the Data Protection Act 2018 in order to process this data: Employment and social security.

Who we share your personal data with

During the application and assessment stages of our recruitment process, we may share your personal data with:

  • Any external recruitment consultants engaged by us for the recruitment campaign; and
  • If you attend an in-person interview, staff at our offices, or other location.

If you accept an offer of employment from us, we will share some of your personal data with:

  • Xero our payroll provider;
  • His Majesty’s Revenue and Customs;
  • Other government departments, as per any reporting requirements; and
  • Royal London, our Pension Scheme provider (unless you opt out).

Information used to create your employee record will be uploaded to our HR & Finance systems.

For the purpose of pre-employment checks (Baseline Personnel Security Standard (BPSS) and BS7858 checks) we ask you to share your personal data with Procius Ltd – their privacy notice can be found here.

We will also share your personal data when there is a legal requirement to do so, for example with the Police or similar organisations for the prevention and detection of crime or security purposes.

How we store your personal data

We will process your data securely both at rest and in transit. We may use third party or cloud solutions to do this, but where this is done it will be encrypted and access only permitted via multi-factor authentication.

The following cloud services will be used in the processing of data:

Blacksmiths has appropriate security measures in place to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed.

We limit access to your personal data to those employees who have a business need to have such access. All such people are subject to a contractual duty of confidentiality.

We have procedures in place to deal with any actual or suspected personal data breach. In the event of any such breach, we have systems in place to work with the relevant regulators. In addition, in certain circumstances (e.g. where we are legally required to do so) we may notify you of breaches affecting your personal data.

Blacksmiths is Cyber Essentials Certified.

How long we store your personal data for

Personal data captured during application and assessment processes will be retained for two years after the end of the recruitment process to allow for any recruitment queries or legal challenges.

Personal data captured in the course of our pre-employment checks will be retained for the following periods (starting either from the end of your contract with us or alternatively from when you fail our employment checks):

  • Baseline Personnel Security Standard details: 12 months
  • National Security Vetting details: 5 years

Personal data used to create your employee record is subject to retention periods set out in the Blacksmiths’ Staff Privacy Notice.

Your rights as a data subject

Under data protection law, you have rights with regards to your data including:

  • Right of access – you have the right to ask us for copies of your personal information.
  • Right to rectification – you have the right to ask us to rectify personal information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
  • Right to erasure – you have the right to ask us to erase your personal information in certain circumstances.
  • Right to restriction of processing – you have the right to ask us to restrict the processing of your personal information in certain circumstances.
  • Right to object to processing – you have the right to object to the processing of your personal information in certain circumstances.
  • Right to data portability – you have the right to ask that we transfer the personal information you gave us to another organisation, or to you, in certain circumstances.

You have the right to withhold or request we remove your data; however, this may impact our ability to meet our Employer obligations.

You are not required to pay any charge for exercising your rights. If you make a request, we have one calendar month to respond to you.

To exercise any of your data subject rights, please email info@blacksmithsgroup.com.

Please note that some of the rights listed above are situational and may be restricted in accordance with data protection law.

Making a complaint

If you have any concerns about our use of your personal data, you can make a complaint to us at info@blacksmithsgroup.com.

You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO), the UK’s supervisory authority for data protection. More information about your rights and how to lodge a complaint with the ICO can be found on their website.

Blacksmiths Group Ltd

A defence and security company that helps organisations prepare for their most serious security challenges and threats.

© 2026 Blacksmiths Group Ltd.

SERVICES

Threats

Insider

Cyber

Management

COMPANY

Home

Articles

Contact Us

Quality Policy

Privacy Policy

Recruitment Privacy Notice

Environmental Policy

DETAILS

Formal House,
St Georges Place,
Cheltenham,
GL50 3PN

CR Number: 09875845
VAT Number: 506442903