Recruitment privacy promise

Last updated: November, 2025

This Recruitment Privacy Promise explains how Millennium Support Ltd (“we”, “our”, or “us”) collects and uses personal information during the recruitment process.

We take your privacy seriously and are committed to handling your data fairly, transparently, and in line with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

A) Data Protection Principles

We follow strict principles when processing personal data. In line with the UK GDPR, we ensure that all personal information is:

  • Processed lawfully, fairly, and transparently

  • Collected for specified, explicit, and legitimate purposes

  • Adequate, relevant, and limited to what is necessary

  • Accurate and kept up to date — any inaccurate data will be corrected or deleted without delay

  • Retained only as long as necessary for its purpose

  • Processed securely to protect against unauthorised or unlawful processing, loss, destruction, or damage

  • Transferred internationally only in compliance with applicable data protection laws

B) Types of Data Held

We collect and store personal information about candidates and applicants to manage recruitment effectively.

This may include:

  • Personal details such as name, address, phone number, and email address

  • Photograph (if provided)

  • Gender, marital status, disability or medical information (where disclosed)

  • Right to work documentation

  • Equality and diversity information (e.g. race, religion, ethnicity)

  • Information provided during the recruitment process, such as your CV, application form, and cover letter

  • References from former employers or other referees

  • Education, training, and employment history

  • Driving licence or other documentation (if required for the role)

  • Criminal convictions or Disclosure and Barring Service (DBS) information (where applicable)

C) How We Collect Your Data

You provide most of the information we hold during your application and recruitment process.

We may also receive data from:

  • Recruitment agencies

  • Former employers or referees

  • Publicly available professional profiles (e.g. LinkedIn)

If your application is successful, we will gather additional information such as bank details and next of kin details during onboarding.

All personal data is stored securely in recruitment systems and files accessible only to authorised personnel.

D) Lawful Basis for Processing

We process personal data during recruitment under the following lawful bases:

Activity Lawful Basis
Checking your right to work in the UK Legal obligation
Making reasonable adjustments for disability Legal obligation
Assessing suitability, shortlisting, and selection Legitimate interests
Making decisions about offers and employment terms Legitimate interests
Processing Disclosure and Barring Service (DBS) checks Legal obligation
Preventing fraud or safeguarding individuals Legitimate interests / legal obligation
Maintaining secure administrative and IT systems Legitimate interests

We only collect and use the minimum information needed for each purpose.

E) Special Category (Sensitive) Data

Special category data includes information about your:

  • Health

  • Race or ethnicity

  • Religious or philosophical beliefs

  • Sexual orientation

  • Criminal convictions

We process this data only when necessary and lawful, including:

  • To meet our obligations under the Health and Social Care Act 2008 (Schedule 3) (e.g. DBS checks)

  • For equal opportunities monitoring

  • To determine reasonable adjustments during recruitment

We may also rely on your explicit consent where appropriate, which you can withdraw at any time.

F) Failure to Provide Data

If you do not provide information we require (for example, right to work documents or information needed for DBS checks), we may not be able to progress your application or make an offer of employment.

G) Criminal Conviction Data

We collect and process criminal conviction data only where it is necessary and lawful to do so.
This is usually at the recruitment stage and, in some roles, during employment.

We use DBS information to determine your suitability for the role and rely on the Health and Social Care Act 2008 (Schedule 3) as the lawful basis for processing this data.

H) Who We Share Your Data With

We will only share your personal data where necessary for recruitment purposes.

This may include:

  • Recruitment agencies supporting the process

  • Referees (to obtain references)

  • DBS and other vetting bodies (for legal checks)

  • Regulatory or safeguarding authorities (e.g. CQC, local authorities)

Internally, your data will only be accessed by authorised employees involved in recruitment and HR administration.

We do not share personal data outside the UK or European Economic Area.

I) Protecting Your Data

We take appropriate organisational and technical measures to safeguard your personal data against accidental loss, misuse, or unauthorised access.

Access to recruitment data is restricted to authorised personnel only, and all staff receive data protection training.

J) Retention Periods

We only keep recruitment data for as long as necessary to complete the recruitment process or meet legal obligations.

Candidate Status Retention Period
Unsuccessful candidates (no consent to retain data) 6 months after recruitment exercise ends
Unsuccessful candidates (where consent to retain for future roles is given) 9 months after recruitment exercise ends
Successful candidates Data transferred to the HR system and covered under the Employee Privacy Promise

After these periods, data is securely deleted or destroyed.

You may withdraw your consent to data retention at any time by contacting us (see Section M).

K) Automated Decision-Making

We do not make recruitment decisions based solely on automated processes. All applications are reviewed by people.

L) Your Rights

You have the right to:

  • Be informed about how your data is used

  • Request access to the data we hold about you

  • Request correction of inaccurate or incomplete data

  • Request deletion of your data in certain circumstances

  • Restrict or object to processing

  • Request data portability (transfer of your data to another organisation)

  • Withdraw consent at any time

To exercise these rights, contact us using the details below. We will respond within one month.

M) Contacting Our Data Protection Officer

If you have any questions about this Recruitment Privacy Promise or how your personal information is handled, please contact our Data Protection Officer:

Email: [email protected]
Telephone: 01977 602867
Post: Data Protection Officer, Millennium Support Ltd, Wright Suite, First Floor, The Brewhouse, Nostell Business Estate, Wakefield, WF4 1AB

N) Complaints

If you believe your data rights have been breached, you have the right to make a complaint to the Information Commissioner’s Office (ICO):

Information Commissioner’s Office
Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
📞 0303 123 1113
🌐 https://ico.org.uk/concerns/