Skip to main content

Job Applicant Privacy Notice

This privacy notice is for individuals applying for employment Harper Adams University through our website at

It sets out the ways in which Harper Adams University gathers, uses, stores and shares your data. It also sets out how long we keep your data and what rights you have in relation to your data under the General Data Protection Regulation (GDPR).

For the purposes of this privacy notice, Harper Adams University is the Data Controller as defined in the General Data Protection Regulation. We are registered with the Information Commissioner’s Office and our entry can be found here. Our registration number is: Z7312206.

Where do we get your data from?

The University collects information about you in a variety of ways. These include:

  • information collected through application forms, CVs and other documents provided as part of an application;
  • information collected through any correspondence with you during the application process;
  • from forms completed by you during the application or selection process (such as expenses claim forms);
  • through interviews, meetings or other assessments;
  • from information provided to us by third parties, such as referees or Occupational Health.

What data do we have?

Personal data including:

  • your name, address and contact details, including email address and telephone number;
  • details of your qualifications, skills, experience and employment history, including start and end dates, with previous employers and with the organisation;
  • details of your bank account;
  • information about your entitlement to work in the UK;
  • information about your criminal record, if you are required to provide it;
  • information about medical or health conditions, if you have a disability for which we need to make reasonable adjustments to the application and selection process;
  • equal opportunities monitoring information, including information about your age, gender, ethnic origin, nationality and disability status;
  • special category data including information about disability, health, ethnicity and racial origin.

What is our legal basis for processing your data?

The University needs to process personal data during the recruitment process and keep records of that process. Processing data from job applicants allows the organisation to manage the recruitment process, assess and confirm a candidate's suitability for employment and decide to whom to offer a job. The organisation may also need to process data from job applicants to respond to and defend against legal claims.

Typically, data will be processed:

  • on the grounds of contractual requirement or to take steps to enter into a contract with you e.g. to offer you employment at the University;
  • because it is necessary for the performance of a task carried out in the public interest (for information on our public task see our function as set out in our charter);
  • because it is necessary for our or a third party’s legitimate interests;
  • to allow us to comply with our legal obligations;
  • to protect your or another person’s vital interests;
  • to monitor equality and diversity;
  • because you have given us your consent or, in the case of special category data, your explicit consent.

How do we use your data?

The University may process your personal data (including special category data) for the following purposes:

  • to operate recruitment and selection processes;
  • to form the basis of a personnel file, should you be offered employment at the University;
  • to enable effective communication with you as a job applicant;
  • to check, where necessary, that applicants are eligible to work with children, patients and other vulnerable adults;
  • to ensure effective general HR and business administration, including the analysis of applicant numbers and trends to improve our administrative processes;
  • to maintain and promote equality in the workplace;
  • to respond to and defend against legal claims;
  • to provide evidence that the University has met the UK government’s resident labour market test;
  • to meet the audit requirements of some of the University’s funding providers;
  • to maintain the safety and security of the campus for all users. This may include the use of CCTV for crime prevention and detection purposes.

In addition, please note that while on campus you may be captured in photographs or video footage as part of a wider group shot. These images/recordings may be used by the University for promotional purposes e.g. in the development of the University’s prospectus. If you have any concerns about the use of your image please contact the University’s Data Protection Officer for more information,

Who do we share your data with?

The University may share your data with:

  • employees and agents of the University, for the purpose of assessing your application;
  • previous employers, individual referees and external peers, to obtain references;
  • third parties that process data on behalf of the University to support it in fulfilling its obligations and responsibilities to and relationship with you (e.g. software and system providers);
  • UK Visas and Immigration (UKVI) in order to administer relevant recruitment checks and procedures;
  • other HE institutions or third parties (such as funding bodies) involved in the job advertised;
  • the Disclosure and Barring Service, for the purpose of making criminal record checks.

How do we keep your data secure?

The University takes information security extremely seriously and has implemented appropriate technical and organisational measures to protect personal data and special category data. Access to information is restricted on a need-to-know basis and security arrangements are regularly reviewed to ensure their continued suitability. For further information see here.

How do we transfer your data safely internationally?

In certain circumstances, it is necessary to transfer your Personal Data (including Special Category Data) outside the European Economic Area. In respect of such transfers, the University will comply with our obligations under Data Protection Law and ensure an adequate level of protection for all transferred data.

How long will we keep your data?

If your application for employment is unsuccessful, the University will hold all your data on our e-recruitment system, Stonefish, and on the hard-copy recruitment file for 1 year after the end of the relevant recruitment process. For some vacancies, we may need to retain data for a longer period to meet contractual and legal requirements, for instance if the person appointed to the post is sponsored under the UK’s points-based immigration system.

Paperwork created during the application process, such as shortlisting and interview notes, are destroyed 1 year after the end of the recruitment process.

If your application for employment is successful, personal data gathered during the recruitment process will be transferred to your personnel file and retained during your employment. The periods for which your data will be held will be provided to you in a new privacy notice. The University will hold all your data on our e-recruitment system, Stonefish, for 1 year after the end of the relevant recruitment process.

Please refer to The University’s Record Retention Schedule.

What rights do you have in relation to your data?

Under the General Data Protection Regulation, you have a right of access to your data, a right to rectification, erasure (in certain circumstances), restriction, objection or portability (in certain circumstances). You also have a right to withdraw consent. If you would like to exercise any of these rights, please contact us at For all other requests, or if you have any questions about this privacy notice or concerns about how your data is being processed, please contact the University’s Data Protection Officer at

Right to complain

If you are unhappy with the way in which the University has handled your personal data, you have a right to complain to the Information Commissioner’s Office. For information on reporting a concern to the Information Commissioner’s Office, see



Forgotten Details