HR Privacy Policy

Privacy Policy

  1. Overview

As part of our recruitment process, XMOS (the “Company”, “we”, “our” or “us”) collects and processes applicants’ personal data. We know that providing personal data is an act of trust and we take that seriously. Here’s how we collect and protect your personal information and meet our data protection obligations.

  1. What information do we collect about you?

We collect a range of information about you, including:

  • your name, address and contact details, including email address and telephone number;
  • details of your qualifications, skills, experience and employment history;
  • information about your current level of remuneration, including benefit entitlements;
  • whether or not you have a disability for which the Company needs to make reasonable adjustments during the recruitment process; and
  • information about your entitlement to work in the UK.

We collect this in a variety of ways. For example, application forms, resumes, your passport or other identity documents, or interviews and other forms of assessment.

We will also collect personal data about you from third parties, such as references supplied by former employers. We may seek information from third parties before a job offer to you is made.

Data will be stored in a range of different places, including on your application record, in HR management systems and on other IT systems (including email).

  1. Why does the company process personal data?

We need to process data to take steps at your request before entering into a contract with you and on entering into a contract with you. We may need to process data to check its legal compliance, for example, if your application is successful, we will need to make sure you’re eligible to work in the UK before your employment starts.

We use the information we hold about you for our legitimate business interests, for example, to manage the recruitment process, to assess and confirm a candidate’s suitability for employment and decide to whom to offer a job. We may also need to process data from job applicants to respond to and defend against legal claims.

We process health information if we need to make reasonable adjustments to the recruitment process for candidates who have a disability. This is to carry out our obligations and exercise specific rights in relation to employment.

For some roles, we are obliged to seek information about criminal convictions and offences. Where we seek this information, we do so because it is necessary for us to carry out our obligations and exercise specific rights in relation to employment.

We will not use your data for any purpose other than the recruitment exercise for which you have applied.

If your application is unsuccessful, we will keep your personal data on file in case there are future employment opportunities for which you may be suited. We will ask for your consent before we keep your data for this purpose and you may withdraw your consent at any time.

  1. Who has access to data?

Your information will be shared internally for the purposes of the recruitment exercise. This includes HR, interviewers involved in the recruitment process, managers in the business area with a vacancy and IT staff if access to the data is necessary for the performance of their roles.

We will not share your data with third parties, unless your application for employment is successful and we make you an offer of employment. We will then share your data with former employers to obtain references for you.

We may share your data with bodies outside of the European Economic Area for recruitment and employment with the company. Whenever we transfer your personal data out of the EEA, we will ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:

  • We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission. See here for more information.
  • Where we use certain service providers outside the EEA, we may use specific contracts approved by the European Commission which give personal data the same protection it would have in Europe. See here for more information.
  • Where we use providers based in the US, we may transfer data to them if they are part of the Privacy Shield which requires them to provide similar protection to personal data shared between the Europe and the US.

We will only transfer personal data where one of the following scenarios applies:

  • You have given consent to the proposed transfer;
  • The transfer is necessary for the performance of a contract with you;
  • The transfer is necessary for the implementation of pre-contractual measures taken in response to your request;
  • The transfer is necessary for the conclusion or performance of a contract concluded with a third party in your interest;
  • The transfer is legally required on important public interest grounds;
  • The transfer is necessary for the establishment, exercise or defence of legal claims;
  • The transfer is necessary in order to protect your vital interests.
  1. How does the company protect data?

We have put in place appropriate security measures ensure your data is not lost, accidentally destroyed, misused or disclosed, and is not accessed except by our employees in the proper performance of their duties.

  1. For How long does the company keep data?

If your application for employment is unsuccessful, we will hold your data on file for six months after the end of the relevant recruitment process. If you agree to allow us to keep your personal data on file, we will hold your data on file for a further six months to a year for consideration for future employment opportunities. At the end of that period or once you withdraw your consent, your data is deleted or destroyed.

If your application for employment is successful, personal data gathered during the recruitment process will be transferred to your personnel file and retained during your employment. The periods for which your data will be held will be provided to you in a company privacy notice.

  1. Your rights

As a data subject, you have a number of rights. You can:

  • access and obtain a copy of your data on request;
  • require the Company to change incorrect or incomplete data;
  • require the Company to delete or stop processing your data, for example where the data is no longer necessary for the purposes of processing;
  • object to the processing of your data where the Company is relying on its legitimate interests as the legal ground for processing; and
  • ask the Company to stop processing data for a period if data is inaccurate or there is a dispute about whether or not your interests override the Company’s legitimate grounds for processing data.

If you would like to exercise any of these rights, please contact our Human Resources Manager at If you would like to get access to all the personal information that we hold, you can email us as with the subject line of ‘Subject Access Request’.

If you’re unhappy with how we’ve handled or processed your personal information – or you want further information about your rights – you have the right to contact the Information Commissioner’s’ Office, the supervisory body that regulates handling of personal information in the UK.

  1. What if you do not provide personal data?

You are under no statutory or contractual obligation to provide data to us during the recruitment process. However, if you do not provide the information, we may not be able to process your application properly or at all.

  1. Automated decision-making

Recruitment processes are not based solely on automated decision-making.

You can get in touch about anything in this Policy by emailing us and our Data Protection Officer at

  1. About this Policy

For the purposes of this Policy, “we”, “us”, “our” and “XMOS” means XMOS Limited, registered company number 05494985. Unless otherwise stated, XMOS is the controller and is responsible for your personal data.

This Policy applies to how we use your information in relation to our products and services generally. This Policy doesn’t apply to other companies’ sites that you get to through our website, so make sure you’ve read their policy before putting your personal information on their site.

  1. Changes to the Policy and your duty to inform us of changes

We may change this Policy at any time. If we make any changes, we’ll post them on this page. If they’re substantive changes, we’ll have a more prominent notice letting you know. You can also email or write to us for a physical copy. Your continued use of our services means you accept any agree to any changes to the Privacy Policy.

Last updated: The policy was last updated on 17 September 2018