placeholder

Candidate Privacy notice

How we store and process your data

Effective from and including 19 June 2026

This notice

Glint Pay UK Ltd and Glint Pay Ltd are “Data Controller(s)” registered with the Information Commissioner’s Office under number ZB421288 and ZA156657 respectively.

This notice should be read alongside the Privacy Notice for Glint Pay Services Ltd (“Glint”, “we” or “us” is used to refer to any entity in the Glint group of companies referred to in these Privacy Policies) available on our website.

You can reach our Data Protection Officer (DPO) using the contact details below:

  • Mr Mark Follows, Data Protection Officer, Glint Pay Ltd.

  • Email: [email protected]

  • Phone: +44 (0) 204 582 4799

What is a privacy notice?

Glint take protecting your personal data seriously. We believe in your privacy rights as a data subject under The Data Protection Act 2018 (“DPA”) which is the UK's implementation of the General Data Protection Regulation (GDPR).

This Privacy Notice will provide you with important information such as:

  • confirming that Glint act as a data controller;

  • how to contact our DPO or make a complaint; and

  • the purposes for which Glint collect, use, share and retain your personal data.

What is a privacy notice for candidates and employees?

This Privacy Notice explains important details regarding how we process your personal data as you are employed or seek employment with us.

Processing is a broad term and includes (amongst other things) collecting, recording, storing, amending, reviewing, using, and deleting personal data.

What is personal data?

Personal data only relates to natural persons who:

  • can be identified or who are identifiable, directly from the information in question; or

  • who can be indirectly identified from that information in combination with other information.

This could include information such as your name, CV details or contact information.

Special category data is a type of personal data that needs more protection because it is sensitive. For example, data revealing any criminal convictions or ethnic origin.

We may collect special category data during your recruitment process.

If we require your consent for any specific use of your personal information, we will collect it at the appropriate time, and you can withdraw this at any time.

Where we ask for any special category data you will normally have the option to refuse your consent by not supplying it.

How do we collect your personal data?

We collect personal data about you from various sources including:

  • from an employment agency;

  • from application forms or CVs submitted to us;

  • from relevant third parties for example when must conduct background checks such as DBS and credit checks, employment and business reference checks, qualification checks, FCA or equivalent checks;

  • for any reason as it relates to the processing of your personal data to take steps at your request prior to entering into a contract of employment.

  • forms completed by you at the start of or during employment (such as benefit nomination forms);

  • data you input to our HR system;

  • correspondence with you; or

  • through interviews, meetings or other assessments.

A description of the personal data that is collected:

We may collect a range of personal data for example (not exhaustive):

  • your contact details such as first, middle, and last name, title, home address, telephone number (s) and personal email addresses;

  • any next of kin and emergency contact information;

  • your DOB/Age;

  • your national insurance number;

  • your nationality and right to work in the UK;

  • any disability details or needs;

  • your ethnicity (special category data);

  • details as required for payroll such as your bank account number;

  • CV or cover letters and other information gathered as part of your employment application process (including psychometric test scoring and results);

  • your employment history (outside and inside of Glint);

  • feedback from third parties (for example from an employment agency); and

  • any Health and Safety related data.

The purposes for processing the data

As a data controller we will:

  • decide how and why your personal data is collected and processed;

  • decide what the purpose or outcome of any processing is;

  • decide what personal data should be collected; and

  • make decisions about you as part of or because of any processing of your personal data.

We exercise professional judgement in the processing of your personal data..

If we require special category data during your recruitment and for any reason, we require explicit consent in relation to special category data then we will contact you.

We will process your personal information for a range of contractual, statutory, or public interest purposes, including the following:

  • whilst assessing your suitability for a role at Glint (including any relevant right to work checks);

  • setting up remuneration, payroll, pension, and other standard employment functions;

  • to communicate effectively with you by post, email, and phone;

  • to fulfil and monitor our responsibilities under equalities, immigration, and public safety legislation; and

  • if necessary and where relevant to enable us to contact others in the event of an emergency. For example, during an interview (we will assume that you have checked with the individuals before you supply their contact details to us); and

  • maintain accurate and up-to-date records and contact details (including details of whom to contact in the event of an emergency), and records of your contractual and statutory rights if applicable

  • operate and keep a record of disciplinary and grievance processes, to ensure acceptable conduct within the workplace

  • operate and keep a record of your performance, including staff recognition (e.g., long service awards, compliments) and related processes, to plan for career development, and for succession planning and workforce management purposes

  • operate and keep a record of absence and absence management procedures, to allow effective workforce management and ensure that you are receiving the pay or other benefits to which you are entitled

  • obtain occupational health advice, to ensure that we comply with duties in relation to individuals with disabilities, meet our obligations under health and safety law, and ensure that you are receiving the pay or other benefits to which you are entitled

  • operate and keep a record of other types of leave (including maternity, paternity, adoption, parental and shared parental leave as well as Reserve or Cadet Forces paid/unpaid leave), to allow effective workforce management, to ensure that we comply with duties in relation to leave entitlement, and to ensure that you are receiving the pay or other benefits to which you are entitled

  • to support staff wellbeing

  • ensure effective general HR and business administration

  • do analysis of data in order to plan the development/improvement and provision of services, and to monitor service performance

  • provide references on request for current or former staff

  • respond to and defend against legal claims

  • to provide staff benefit provision (such as staff benefit schemes).

Glint require you to provide us with any information we reasonably ask for to enable us to administer your contract.

We will not use your personal data to carry out any wholly automated decision-making that affects you.

The legal basis on which the processing will take place

Glint has a number of lawful bases for processing your personal data:

  • Contract: the processing is to take steps at your request prior to entering into a contract (which includes employment contracts).

  • Legal obligation: the processing is necessary for Glint to comply with the law:

    As an employer in the UK, we are also under a legal obligation to process certain information for example checking that a successful candidate has the right to work in the UK.

  • Vital interests: the processing is necessary to protect someone’s life.

  • Legitimate interests: the processing is necessary for our legitimate interests or the legitimate interests of a third party, unless there is a good reason to protect your personal data which overrides those legitimate interests, for example, we will need to assess and record information about your qualifications as part of any selection process. Here we have a legitimate interest in managing our recruitment effectively to decide to whom to offer a job.

How we store your data

We have in place appropriate technical and organisational measures to ensure a level of security appropriate to the risks arising from the processing of your personal data.

We are responsible for preventing unauthorised processing or unauthorised interference with the systems used by us as they relate to recruitment and employment.

How long your personal data is retained

All organisations who offer employment will need to collect data relating to candidates – and we are no different.

We ensure that any personal data you provide is not be kept any longer than is necessary.

The normal retention periods are as follows:

  • your application and any interview notes may be retained for up to a year;

  • your personal details will be retained for the duration of your employment contract and, for a period of time after termination to allow us to fulfil our contractual and legal obligations;

  • any Right to work in the UK checks may be kept for 2 years after your application for employment or actual employment ends; and

  • offers, written particulars, and variations may be reviewed 6 years after any application process ceases or the terms are superseded.

Sharing your personal data

We may need to share your personal data so that we can facilitate the recruitment process, in relation to your employment and benefits or to comply with any legal and regulatory obligations.

We may share your personal data with other Glint companies on our Group or Third-Party Service Providers such as Payroll or Vetting companies.

We may share your personal data with our regulators when we have a duty to do so for example if you are applying for a senior level role or a financial crime related role.

In rare cases we may be required to share your personal data with law enforcement authorities (known under data protection law as “competent authorities”) who are discharging their statutory law enforcement functions.

We must be satisfied that sharing your personal data with a law enforcement authority is lawful. This means we must have a lawful basis under Article 6 of the UK GDPR before we share your personal data.

There might be a legitimate interest to share personal data of a candidate that suspected of an offence such as employment application fraud, with a law enforcement authority to ensure they have all the necessary information for a proper and fair investigation.

Data Transfer outside UK

When your personal data is transferred to countries outside of the UK those countries may not offer an equivalent level of protection for personal data to the laws in the UK.

UK DPA provides for safeguards for when we transfer your personal data abroad or make it available to persons overseas.

If the recipient is in the EEA or a country deemed to be “adequate” then no further safeguards will be needed. 

We may rely on either an International Data Transfer Agreement (IDTA) or the International Data Transfer Addendum to the European Commission’s Standard Contractual Clauses for International Data Transfers (Addendum) if we decide there is a valid requirement for transferring your personal data outside the UK for example to the USA who are a country not deemed adequate.

Your data protection rights

As an individual you have rights under UK data protection laws in relation to your personal data, you may:

  • access and obtain a copy of your data on request; 

  • require us to change incorrect or incomplete data; 

  • require us to delete or stop processing your data, for example where the data is no longer necessary for the purposes of processing; and

  • object to the processing of your data (in certain circumstances).

If you would like to access any of these rights please email our DPO: [email protected].

Important: if requesting a copy of your data, please place the following in the subject line of your email - Subject Access Request alongside your first and last name and the date of your request (DD/MM/YYYY).

Complaints

Please contact us using the details at the top of this privacy notice if you wish to make a complaint in respect of our handling of your personal data. If you wish, you may use the complaint form which you can access on our website How do I make a complaint? – Glint . This form explains what information we require to fully investigate your complaint.

We will acknowledge your complaint as soon as we can and, in any event, within 5 business days. We aim to respond to your complaint within 30 calendar days unless it is complex or we need additional information, in which case it may take longer. We will keep you informed if we need additional information or require more time.

We may need to verify your identity or anyone who is acting on your behalf before we can deal with your complaint.

If we cannot resolve your complaint, you have the right to complain to the Information Commissioner’s Officer (ICO) in the United Kingdom, details of making a complaint to the ICO can be found at https://ico.org.uk/make-a-complaint/.

The ICO’s address: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF, United Kingdom

Helpline number: 0303 123 1113

ICO website: https://www.ico.org.uk