What this privacy notice covers
This privacy notice explains how we collect, use, store, and share your personal information when you apply for a job within the Benenden group. “Personal information” means anything that can identify you, either on its own or when combined with other information.
This notice applies to anyone applying for a job with Benenden group, either directly or through a recruitment agency. If you are an employee, please refer to our Privacy Notice for Employees.
We understand how important it is to keep your personal information safe. We follow UK data protection law and use strong security measures to protect your information from the moment we collect it until it’s no longer needed.
Who we are
When we say “Benenden group”, “we”, “us” or “our”, we mean:
- The Benenden Healthcare Society Ltd
- Benenden Wellbeing Ltd
- The Benenden Charitable Trust
- Benenden Hospital Ltd
All these organisations are registered at Holgate Park Drive, York, YO26 4GG. Benenden Hospital Ltd operates Benenden Hospital at Goddards Green Road, Cranbrook, Kent, TN17 4AX.
Depending on the role you apply for, the relevant organisation within Benenden group will act as the data controller. If you apply for a role at Benenden Health, Benenden Health will be the data controller. If you apply for a role at Benenden Hospital, Benenden Hospital will be the data controller. This is because the relevant organisation decides what personal data is required and how it will be used.
Sometimes, we may handle personal information on behalf of another organisation and follow their instructions. In those cases, we act as a data processor and use the information according to their rules.
Our Data Protection Officer (DPO) is Charlotte Atkin and can be contacted at data.protection@benenden.co.uk.
What types of personal information we collect
To manage your application and meet legal obligations, we collect and process different types of personal information. This includes:
- Basic details – your name, address, phone number, email address
- Identification and right-to-work information – nationality, passport details, proof of your right to work in the UK
- Employment history and qualifications – your skills, qualifications, experience, and employment history as listed in your CV
- Pay details – current salary, benefits, and notice period
- Health information – details you provide so we can make reasonable adjustments during the recruitment process
- Equality and diversity data – ethnic origin, age, gender identity, religion or belief, sexual orientation (optional and only for monitoring purposes)
- Criminal record checks – information about your criminal record (where applicable), Disclosure and Barring Service (DBS) or similar screening checks for relevant roles
- Details of fitness to practise – information you have provided in relation to your professional conduct, competence, and any matters that may impact your ability to safely and effectively perform your role.
We only collect the information we need to process your application and comply with the law.
Where we collect personal information from
We collect your personal information from different sources during the recruitment process. These include:
- Directly from you – when you complete an application form, upload your CV, attend interviews, or provide documents such as proof of identity and right-to-work.
- From recruitment agencies – if you apply through an agency.
- From third parties – such as previous employers (for references), background and DBS check providers.
- From internal systems – for example, CCTV if you visit our offices.
Some checks (e.g. references or criminal background checks) are only carried out after a conditional offer has been made and you will be made aware when this occurs.
Why we process your personal information
We only use your personal information when the law allows us to. This might be:
- To take steps to enter into a contract with you
- Because the law says we must
- Because we have a business reason (called a “legitimate interest”)
- Because you’ve given consent
If we use a legitimate interest, we always check that it doesn’t unfairly affect your rights and we undertake LIAs, a summary is available on request.
We do not use automated decision-making or profiling in our recruitment process. If this changes, we will update this notice.
The table below shows the purposes for using your personal information:
| What we use your personal information for | Example | Type of information | Our reason for processing | Legitimate interest (if applicable) |
| Recruiting new employees | Reviewing your application and conducting interviews | Name, contact details, employment history, qualifications | To take steps to enter a contract We have a legitimate interest |
Managing recruitment efficiently and fairly |
| Right-to-work checks | Checking eligibility to work in the UK | Passport details, nationality, immigration status | Legal obligation | |
| References and background checks | Contacting previous employers and conducting DBS checks | Employment history, criminal record data | Legal obligation We have a legitimate interest |
Ensuring suitability for the role |
| Details of fitness to practise | Contacting the governing body and assessing clinical competence | Details of sanctions against registration | We have a legitimate interest | |
| Equality monitoring | Collecting diversity data for reporting | Age, gender identity, ethnic origin, religion, sexual orientation | Legal obligation | Ensuring inclusivity amongst the workforce |
| Reasonable adjustments | Making adjustments for candidates with disabilities | Health information | With your consent | |
| Legal claims | Responding to legal claims related to recruitment | Application records and correspondence | We have a legitimate interest | Protecting the organisation from legal risk |
Sensitive information (special category and criminal offence data)
Some of the information we collect is considered more sensitive under UK data protection law. This includes:
Special category data
For example:
- Health information – for example, details you provide so we can make reasonable adjustments during the recruitment process.
- Equality and diversity data – ethnic origin, religion or belief, sexual orientation (completion is optional and used to monitor and promote equality of opportunity, to identify and address potential discrimination and to meet our obligations under the Equality Act 2010. DE&I data is stored separately, anonymised and not used in selection decisions).
- Health data or sensitive employment information reported in fitness to practise concerns.
Criminal conviction data
For example:
- Disclosure and Barring Service (DBS) checks.
We only use this information when the law allows us to, under specific conditions such as:
- Employment law obligations
- With your explicit consent
- Equality of opportunity monitoring
We apply strict safeguards to protect all sensitive information, including limiting access to authorised staff, using secure systems, and anonymising equality data for reporting wherever possible.
We maintain an Appropriate Policy Document and conduct DPIAs where required, which set out safeguards for special category and criminal offence data.
The table below shows the purposes for using special category data:
| What we use your personal information for | Example | Type of information | Condition for special category data |
| Reasonable adjustments | Supporting you during recruitment | Health data | Explicit consent |
| Equality monitoring | To monitor recruitment statistics | Ethnic origin, religion, sexual orientation | Equality of opportunity monitoring |
| DBS checks (successful applicants) | Criminal record checks for certain roles | Criminal conviction data | Employment law obligations |
We apply strict safeguards to protect all sensitive information, including limiting access to authorised staff, using secure systems, and anonymising equality data for reporting wherever possible.
If you don’t provide your personal information
We need certain personal information to process your application and meet our legal obligations. If you choose not to provide this information, we may not be able to consider your application. For example, we need your right-to-work documents to comply with the law.
Where providing information is optional (such as equality monitoring), there are no consequences if you choose not to share it.
Who we share your personal information with
We only share your personal information when it is necessary for the recruitment process, to comply with the law, or to provide services related to your application. We make sure that anyone we share your information with keeps it secure and uses it only for the agreed purpose.
Internal sharing
Your information may be shared internally with:
- The HR/People teams
- Hiring managers and interviewers
- IT staff (where access is needed for your role)
External sharing
We share your information with trusted third parties who help us manage the recruitment process. These include:
- Dayforce – our applicant tracking system provider, which securely stores and processes your application data on our behalf
- Background check providers – to carry out pre-employment screening and DBS checks where required
- Previous employers – to obtain references
- Regulators or government bodies – for compliance checks where required
When we share your information with trusted companies who help us deliver recruitment services, they must follow strict data protection standards and cannot use your information for anything else.
We never sell your personal information or share it with other organisations for their own marketing purposes.
Sending personal information outside the UK
We do not routinely transfer job applicants’ personal information outside the UK. If this changes, we will make sure your information remains protected to the same high standards required under UK data protection law. This includes using one or more of the following safeguards:
- Approved countries – Only transferring data to countries recognised by the UK as having strong privacy laws (adequacy decisions).
- Legal agreements – Putting in place contracts (known as Standard Contractual Clauses) that require the recipient to protect your information.
- Certified frameworks – Using organisations that are part of an approved scheme, such as the UK Extension to the EU–US Data Privacy Framework.
If we ever need to make such transfers, we will update this notice and explain what measures we have taken to keep your information safe.
How long we keep your personal information
We keep your personal information only for as long as it is needed for the purposes we collected it, and to meet legal, regulatory, and business requirements. When we no longer need your information, we securely delete or anonymise it.
Unsuccessful applicants
We keep your information for 12 months after the end of the recruitment process. If you do not want us to keep your personal information for 12 months, you can ask for it to be deleted. See the “Your rights” section for more information.
Successful applicants
Your information will be transferred to your employee file and retained in line with our Employee Privacy Notice.
Sometimes, we may keep information for longer if required to defend legal claims or comply with regulatory obligations. In these cases, we will limit access and use to what is strictly necessary.
Your rights
You have rights under UK data protection law. These rights give you more control over how we use your personal information. To protect your privacy, we may need to check your identity before we can help. You can:
Access your information
Ask for a copy of the personal information we hold about you (a “subject access request”). We’ll tell you what we have, why we have it, who we’ve shared it with, and where we got it from.
Correct your information
If any of your information is wrong, out of date, or incomplete, you can ask us to fix it.
Delete your information
Ask us to delete your personal information if we no longer need it for the reasons we collected it. Sometimes we may need to keep it to meet legal or regulatory requirements.
Limit how we use your information
Ask us to restrict processing in certain situations, for example if you’ve challenged the accuracy of your data or objected to how we use it.
Object to processing
You can object if we’re using your information for a business reason (called a “legitimate interest”).
Get your information in a portable format
Ask for a copy of your personal information in a format that’s easy to reuse or ask us to send it to another organisation.
Withdraw consent
If we rely on your consent for any processing, you can withdraw it at any time. To exercise your rights, email our DPO at data.protection@benenden.co.uk.
How to contact us
If you have any questions about this privacy notice or how we use your personal information, you can contact our DPO:
Email: data.protection@benenden.co.uk
Post: Data Protection Officer, Benenden Health, Holgate Park Drive, York, YO26 4GG
Complaints
If you’re worried about how we’ve handled your personal information, please contact our DPO first. We’ll do our best to resolve your concerns quickly and fairly. You can also complain to the Information Commissioner’s Office (ICO), the UK’s data protection regulator:
Website: www.ico.org.uk
Email: casework@ico.org.uk
Phone: 0303 123 1113
Changes to this Privacy Notice
We regularly review and update this privacy notice to make sure it reflects how we use your personal information and complies with the law. This privacy notice was last updated in May 2026.
If we make changes, we will:
- Publish the updated version on our recruitment system
- Let you know about the changes if they are significant