AXA UK Group Recruitment
Our privacy policy – How we use your personal information
We’re providing you with this privacy policy to help you understand how we collect, store and use your personal information during our resourcing activity.
Where AXA UK plc is your employer or recruiting entity it acts as the Data Controller for employment purposes; where your employer or recruiting entity is another UK AXA entity your employer acts as a Data Controller and AXA UK plc will act as a Processor providing HR Services on behalf of your UK AXA employing or recruiting entity.
1. Introduction
In this Privacy Policy references to "we" or "us" or "AXA" are to AXA UK Plc, or your UK AXA employing or recruiting entity.
AXA collects and processes your personal data for the purpose of employment with AXA. We are also obliged to process personal data for legal and regulatory purposes, such as for conducting certain background checks. In addition, it is our legitimate interest to collect data via cookies, which are placed on our website to improve its functionality and monitor effectiveness.
2. Personal information that we collect
In order to be considered for employment you will be asked to provide us with personal information. The types of personal information that we may collect and use include:
- Name
- Address, and evidence of it
- Contact details
- National Insurance Number
- Business Title/Job Title
- Grade/Level
- Employment history
- Education history
- Financial information relating to your salary and taxation (such as credit history, reward and overall current and requested salary package)
- Aptitude testing of cognitive abilities through psychometric testing
- Survey information related to experience of the recruitment process
When providing us with the information, you represent that such information is accurate, complete, up to date and true and is supplied for the sole purpose of seeking job or employment vacancies or positions.
3. Special Categories information that we collect
The types of special categories of personal information that we may collect and use include:
- Nationality (including visa status, the need for sponsorship, current right to work in the UK and full identity verification)
- Ethnicity (language details, education institutions, background information and Equal Opportunities data)
- Gender
- Picture (copy of your ID)
- CCTV if you enter our premises for an interview
- Employment references
- Certifications
- Background checks, via a third-party specialist provider. Criteria would include right to work in the UK, proof of current address, criminal activity, current and previous employment (including directorships and similar positions listed on Companies House), academic verification, international sanctions and credit history
- Health data (obtained only at offer stage and through our Occupational Health provider, who will act as a separate data controller for that purpose)
- Health & Safety related information, where relevant.
- Information on your family members (for employees who work outside home / host country, emergency contact details and financial beneficiaries)
AXA is an equal opportunities employer and does not in any way discriminate against any individual who provides information in line with Equal Opportunity categories should you choose to provide this. Information provided is only used for reporting on the diversity of our candidate base across the organisation.
4. Where does your personal information come from?
Most of the personal information that we hold about you is provided by you. In addition, we may collect data from:
- Official authorities and publicly available data sources (for identity verification, financial, immigration, directorship and criminal history)
- Your previous employers
- Your attended education institutions
- HMRC
- Credit reference agencies
- Third party providers specialising in background screening
- The recruitment agency, if applicable
- Surveys
- We also use cookies to follow the application process and to improve the use of our website
5. What do we do with your personal information?
Your information is used to assess and administer your application for employment at AXA:
- Contacting you as a potential candidate
- Conducting interviews
- Assessing the suitability of you as a potential candidate
- Doing background checks
- Preparing your employment contract for signature
- Internal procedures to onboard you and sending out your welcome box as part of your AXA induction
- Monitor and review AXA’s resourcing practices
6. Legal grounds for processing your personal information
Previous grounds for processing personal data for employment purposes have relied on consent. Under the new data protection laws in force from May 2018 the following legal grounds replace the previous legal grounds for processing:
- Our data processing in resourcing is based initially on our legitimate interest, when we initiate contact with you.
- We conduct resourcing from the basis of entering into a contract where we advertise a vacancy, and a job applicant sends us their CV and application to be considered.
- In addition, during the resourcing process when you indicate that you are interested in proceeding, our legal basis for processing your data will change into preparing to enter into a contract with you, and a legal obligation to process certain data, such as for conducting background checks.
- It may be necessary to process special categories of data or criminal conviction data as part of the resourcing process. We do this as a result of obligations placed upon us as an employer and in order to safeguard your fundamental rights. We are able to process this type of data without seeking your consent.
- Once you have accepted our offer of employment, we will send you a welcome box as part of your induction with AXA. In doing this we will process your personal data on the grounds of our legitimate interest.
- There may be some limited circumstances in the recruitment process where it is appropriate to seek your consent, for example retaining your CV for future opportunities if you have been unsuccessful with your application. When we rely on your consent, it will be done on a case-by-case basis. In these limited circumstances, we will explain the purpose and give you the opportunity to decline.
- In exceptional cases, we may process your data for the protection of a vital interest of yourself or another person.
7. Sharing your personal information with other parties
In some cases where third party suppliers provide technical support such as AXA Group HR Strategic Solutions, third party technical support companies may operate in countries outside the EEA, such as India or the United States. In these instances, we ensure those parties have appropriate arrangements in place to allow for international transfer (see section 10).
All disclosures are made following the applicable laws and regulations, and the necessity to disclose data.
Disclosures within our group:
- If you agree for your CV to be retained for possible future vacancies, we may share your data within the AXA group.
- HR, Payroll and Reward teams to administer your employment
Data transfers to third parties and processors:
We also disclose your information to the third parties listed below for the purposes described in this Privacy Policy. This might include:
- Outsourced recruitment organisations (including background checking, psychometric assessments, video interviewing etc.)
- Resourcing team who assess and administer your application for employment at AXA.
- Third party providers who facilitate discussions with current employees to enable you to talk about working for AXA
- Relevant entities to process your financial data (HR, Payroll and Reward teams)
- Insurance and healthcare entities
- Technical support teams
- Survey providers
- Third party providers of welcome merchandise
For recruitment purposes, your data may be shared with the Hiring Managers and relevant Senior Members of the hiring team.
8. How long do we keep your personal information for?
We will only keep your personal information for as long as reasonably necessary to fulfil the relevant purposes set out in this Privacy Policy and to comply with our legal and regulatory obligations. Unless you have consented for us to hold your CV for longer to be considered for other roles, we will retain application records for 6 months.
9. Your rights on your personal information
Data protection legislation gives individuals the following rights in relation to personal information held about them:
- individuals can ask what personal information is held about them and be provided with a copy;
- if personal information held about an individual is incorrect, he or she can ask for it to be corrected;
- individuals can ask for personal information about them to be deleted or for the processing of their personal information to cease in certain circumstances;
- individuals can request that certain types of personal information held about them is sent to them or another organisation, in a format that is read electronically;
- individuals can withdraw their consent to process their personal information, where that processing is based on their consent;
- individuals can make a request to restrict the processing of their personal information in certain circumstances.
Exercising these rights is subject to certain restrictions under data protection legislation. For further information about these rights, you should write to us using the contact details in section 13.
10. Security measures
We apply appropriate security measures to protect your privacy and data.
- We ensure that data is transferred and disclosed using secure means.
- All the data transfers are also covered with appropriate legal safeguards, such as Binding Corporate Rules, (“BCR”) which are inter-AXA agreements.
- We also have contractual agreements with third party data processors, who are required to adhere to AXA’s privacy and security standards and policies.
- We maintain your data within the EEA and aim to limit support from technical support and third-party providers that involve the transfers of data outside the EEA, such as India or the United States. In these instances, we assess those parties and ensure that they have entered into contractual clauses which ensure a legally compliant level of protection.
- Where applicable, we use encryption, anonymization and pseudonymisation.
- We limit the amount of data processed, to what is necessary for the purpose for which we collect the data.
- We follow AXA’s data retention policies
- We follow AXA’s privacy and security policies.
11. Complaints
If you are unhappy at any stage with how AXA is using your personal information, you have the right to contact AXA’s Data Protection Officer in the first instance or to lodge a complaint with the Information Commissioner's Office (www.ico.org.uk).
12. Changes to our privacy policy
This Privacy Policy is subject to regular review and may be updated from time to time. This version applies from April 2024.
13. Contact us
If you have any questions about how your personal information is used, please feel free to contact us at the following address: The Data Protection Officer of the UK AXA entity responsible for recruitment, or
The Data Protection Officer:
AXA UK Plc
20 Gracechurch Street
London EC3V 0BG
email address: ukgroupprivacy@axa-uk.co.uk
If you are dissatisfied with the way in which AXA has processed your personal data, you can contact:
The Information Commissioner’s Officer direct; please write to the Information Commissioner's Office Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF, Telephone: 0303 123 1113 (local rate) or 01625 545 745 if you prefer to use a national rate number.
https://ico.org.uk/global/contact-us/email/