Candidate Privacy Policy

Through the course of our recruitment process we (Bistech plc) will collect, process and store certain personal information about you. This information may include ‘sensitive’ or ‘high-risk’ data, as defined in Article 9 of the EU General Data Protection Regulations 2016/679, such as information relating to health, and criminal convictions. We will only process your personal data for purposes relating to the recruitment process, which may include your application, assessment, pre-employment screening, and your right to work permissions.

Throughout this Privacy Notice we use the term “processing” to cover all activities involving your personal information, including collecting, handling, storing, sharing, accessing, using, transferring and disposing of the information.

What types of Personal Data might we collect and process?

Below you will find an overview of the types of data we may process during our recruitment process. We will only process your information as necessary for the purposes relating to managing your application, or as required by law or regulatory requirements, so not all of the purposes set out below will apply to you all of the time.

Examples of types of Personal Data the company collects

Personal identification data
Name, surname, title, gender, date and place of birth, nationality, language(s) spoken

Contact information data
Email, phone, address

Images and/or videos from which you may be identified
Pictures contained within a CV or otherwise provided to us by you, CCTV images

Data regarding qualifications and career development
Any information contained in CVs, Application Forms and additional documents containing personal details (eg, diplomas, certificates) as provided by applicants, assessment and/or test evaluation information, evaluations of interviews conducted with applicants, educational and employment background, job qualifications, jobs for which the applicant would like to submit an application, willingness to relocate, driver’s license information, any additional information such as employment references and related information

Information resulting from background or employment check and/or an employment reference
Feedback, opinions, DBS certificates

Special categories of Personal Data
During the process, we also capture some sensitive personal data about you (eg, disability information). We do this in order to make reasonable adjustments to enable our candidates to apply for jobs with us, to be able to take online/telephone assessments, to attend interviews/assessments, and to ensure that we comply with regulatory obligations placed on us with regard to our hiring

Criminal data
Data relating to criminal behaviour, criminal records or proceedings regarding criminal or unlawful behaviour (only where the duties of the role require it)

Salary, compensation, and benefits

Any other information that you decide to voluntarily share with Bistech plc
Feedback, opinions, information provided in emails and letters, during telephone calls and conversations

How do we use your Personal Data?

We may use your Data for the purposes of carrying out your application and the entire recruitment process. Below you will find an overview of the purposes for which we may process your data during the recruitment process.

Recruitment process execution and internal processes:

Identifying and evaluating candidature, assessing skills, qualifications and interest against our career opportunities, to set up and conduct interviews and assessments, to evaluate, select and recruit applicants, to conduct background checks and assessments as required or permitted by applicable law, to contact third party references provided by the applicant to evaluate applicant’s previous performances or as otherwise necessary in the context of recruitment activities, to keep records related to our hiring process.

Relationship management:

To contact you by phone call or email, to inform you of available vacancies, to provide you with information relating to your application and to fulfil any requests, to offer applicants suitable opportunities for employment within Bistech plc.

Legal obligation or defence:

To comply with any relevant legal obligation or for the exercise or defence of a legal claim.

On what legal basis does the company use your Personal Data?

In order to be able to process your personal data, the company may rely on a number of different legal bases, including:

  • Your consent (only when legally required or permitted). If we rely on your consent as a legal basis for processing your personal data, you may withdraw your consent at any time
  • The necessity to establish a contractual relationship with you
  • The necessity for us to comply with legal obligations and to establish, exercise, or defend our self from legal claims
  • The necessity to pursue our legitimate interests, including;
    • The administration of your application
    • To prevent or investigate suspected or actual violations of law, breaches of the terms of employment or non-compliance with Bistech policies
    • The necessity to respond to your requests (such as responding to your requests regarding the handling of, deletion of, or changes to your personal data)

Who do we share your personal information with?

We will need to share your personal information internally and may require to share it with some external parties. Your information will only be shared if it is necessary or required (for example in order to carry out pre-employment screening).

The recruitment process will involve:

  • Assessing and progressing your application
  • Assessing your suitability (skills, strengths, aptitude and behaviours for the role)
  • Activities needed to complete the on-boarding and screening process should your application be successful

To enable these processes your personal information may be shared internally, but the information shared is limited to what is required by each individual to perform their role in the recruitment process.

Your personal information may be shared internally with the following people:

  • Those employees who would have managerial responsibility for you or are acting on their behalf
  • Employees in HR who have responsibility for certain HR processes (for example recruitment, assessment, pre-employment screening)
  • Employees in IT and system owners who manage user access
  • Security managers for facilities/premises

The company may also need to share your information with certain external third parties including:

  • Recruitment Agencies if you have applied through them
  • Suppliers who undertake background screening, for example, criminal record checking bureaus
  • Academic institutions (Universities, colleges, etc.) in validating the information you’ve provided

When would the company transfer your Personal Data abroad?

Never. Data is stored within the UK and all ‘backup’ data remains within the UK.

How long does the company keep your Personal Data?

We only keep your Personal Data for the period necessary to fulfil the purposes for which it has been collected. After this period the information that is held electronically is deleted and any physical data is securely destroyed. If your application is judged to be unsuccessful before any interview stage your personal data is not retained. If your application is successful in progressing to any phone or face-to-face interview stage we will keep your personal data for a period of up to 2 years. This is so we can let you know about any subsequent vacancies and to assist in any further applications you make. If you accept a job offer from us and go on to become an employee, any data collected during the recruitment process may form part of your employee file and will be held in accordance with our Employee Privacy Notice.

How do we secure your Data?

To protect your Data, the company will take appropriate measures that are consistent with applicable privacy and data security laws and regulations, including requiring our service providers to use appropriate measures to protect the confidentiality and security of your Personal Data. The company has complied with internationally recognised quality management system standards since 1991 and is certified to ISO 9001 for Quality Management and ISO 27001 for Information Security Management. We put in place technical and organisational measures to prevent risks such as destruction, loss, alteration, unauthorised disclosure of, or access to your Data.

What are your responsibilities?

It is your responsibility to ensure, to the best of your knowledge, that the Data you provide is accurate, complete, and up-to-date. Furthermore, if you choose to share Personal Data of other people (such as dependents, next of kin), it is your responsibility to collect such Data in compliance with local legal requirements. For instance, you should inform such other people, whose Personal Data you provide to the Company, about the content of this Notice and obtain their consent (provided they are legally competent to give consent) for the use of that Personal Data by the Company as set out in this Notice (including transfer and disclosure).

What are your choices?

If you would like to review, change, restrict, or delete the Personal Data you have supplied to the company (to the extent Bistech plc is not otherwise permitted or required to keep such Data), if you wish to object to certain data processing operations (as permitted by applicable law), or if you would like to receive a copy of your Data (in a common machine-readable format, to the extent such is required by applicable law), then you can contact:

For any other questions related to the protection of your Personal Data by Bistech plc or regarding this Notice in general, you can contact the Bistech plc Privacy Officer at:

– Mail: Jonathan Kirkham – Privacy Officer, Bistech plc, 137 Victoria Road, Ferndown, Dorset BH22 9HX.
– Online:

The company will address your request in a timely manner and free of charge, except where it would require a disproportionate effort. In certain cases, we may ask you to verify your identity before we can act on your request. If you are unsatisfied with the reply received, you may then refer your complaint to the ICO via