Candidate Privacy notice
How we store and process your data
Effective from and including 19 June 2026 This notice Glint Pay UK Ltd and Glint Pay Ltd are “Data Controller(s)” registered with the Information Commissioner’s Office under number ZB421288 and ZA156657 respectively. This notice should be read alongside the Privacy Notice for Glint Pay Services Ltd (“Glint”, “we” or “us” is used to refer to any entity in the Glint group of companies referred to in these Privacy Policies) available on our website. You can reach our Data Protection Officer (DPO) using the contact details below:
What is a privacy notice? Glint take protecting your personal data seriously. We believe in your privacy rights as a data subject under The Data Protection Act 2018 (“DPA”) which is the UK's implementation of the General Data Protection Regulation (GDPR). This Privacy Notice will provide you with important information such as:
What is a privacy notice for candidates and employees? This Privacy Notice explains important details regarding how we process your personal data as you are employed or seek employment with us. Processing is a broad term and includes (amongst other things) collecting, recording, storing, amending, reviewing, using, and deleting personal data. What is personal data? Personal data only relates to natural persons who:
This could include information such as your name, CV details or contact information. Special category data is a type of personal data that needs more protection because it is sensitive. For example, data revealing any criminal convictions or ethnic origin. We may collect special category data during your recruitment process. If we require your consent for any specific use of your personal information, we will collect it at the appropriate time, and you can withdraw this at any time. Where we ask for any special category data you will normally have the option to refuse your consent by not supplying it. How do we collect your personal data? We collect personal data about you from various sources including:
A description of the personal data that is collected: We may collect a range of personal data for example (not exhaustive):
The purposes for processing the data As a data controller we will:
We exercise professional judgement in the processing of your personal data.. If we require special category data during your recruitment and for any reason, we require explicit consent in relation to special category data then we will contact you. We will process your personal information for a range of contractual, statutory, or public interest purposes, including the following:
Glint require you to provide us with any information we reasonably ask for to enable us to administer your contract. We will not use your personal data to carry out any wholly automated decision-making that affects you. The legal basis on which the processing will take place Glint has a number of lawful bases for processing your personal data:
How we store your data We have in place appropriate technical and organisational measures to ensure a level of security appropriate to the risks arising from the processing of your personal data. We are responsible for preventing unauthorised processing or unauthorised interference with the systems used by us as they relate to recruitment and employment. How long your personal data is retained All organisations who offer employment will need to collect data relating to candidates – and we are no different. We ensure that any personal data you provide is not be kept any longer than is necessary. The normal retention periods are as follows:
Sharing your personal data We may need to share your personal data so that we can facilitate the recruitment process, in relation to your employment and benefits or to comply with any legal and regulatory obligations. We may share your personal data with other Glint companies on our Group or Third-Party Service Providers such as Payroll or Vetting companies. We may share your personal data with our regulators when we have a duty to do so for example if you are applying for a senior level role or a financial crime related role. In rare cases we may be required to share your personal data with law enforcement authorities (known under data protection law as “competent authorities”) who are discharging their statutory law enforcement functions. We must be satisfied that sharing your personal data with a law enforcement authority is lawful. This means we must have a lawful basis under Article 6 of the UK GDPR before we share your personal data. There might be a legitimate interest to share personal data of a candidate that suspected of an offence such as employment application fraud, with a law enforcement authority to ensure they have all the necessary information for a proper and fair investigation. Data Transfer outside UK When your personal data is transferred to countries outside of the UK those countries may not offer an equivalent level of protection for personal data to the laws in the UK. UK DPA provides for safeguards for when we transfer your personal data abroad or make it available to persons overseas. If the recipient is in the EEA or a country deemed to be “adequate” then no further safeguards will be needed. We may rely on either an International Data Transfer Agreement (IDTA) or the International Data Transfer Addendum to the European Commission’s Standard Contractual Clauses for International Data Transfers (Addendum) if we decide there is a valid requirement for transferring your personal data outside the UK for example to the USA who are a country not deemed adequate. Your data protection rights As an individual you have rights under UK data protection laws in relation to your personal data, you may:
If you would like to access any of these rights please email our DPO: [email protected]. Important: if requesting a copy of your data, please place the following in the subject line of your email - Subject Access Request alongside your first and last name and the date of your request (DD/MM/YYYY). Complaints Please contact us using the details at the top of this privacy notice if you wish to make a complaint in respect of our handling of your personal data. If you wish, you may use the complaint form which you can access on our website How do I make a complaint? – Glint . This form explains what information we require to fully investigate your complaint. We will acknowledge your complaint as soon as we can and, in any event, within 5 business days. We aim to respond to your complaint within 30 calendar days unless it is complex or we need additional information, in which case it may take longer. We will keep you informed if we need additional information or require more time. We may need to verify your identity or anyone who is acting on your behalf before we can deal with your complaint. If we cannot resolve your complaint, you have the right to complain to the Information Commissioner’s Officer (ICO) in the United Kingdom, details of making a complaint to the ICO can be found at https://ico.org.uk/make-a-complaint/. The ICO’s address: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF, United Kingdom Helpline number: 0303 123 1113 ICO website: https://www.ico.org.uk |