Your Privacy and Security
Here at Admiral Group plc, we are committed to keeping your personal data safe. This Privacy Notice will help you understand how we collect, use and protect your personal data.
This Privacy Notice applies to applicants who enter into our recruitment process. There is a separate Privacy Notice on the company intranet which explains how your data is processed once you join Admiral Group.
Who We Are
Admiral Group Plc (Registered Number 03849958) comprises of the EUI Ltd, Able Insurance Services Limited, Admiral Law Limited, Admiral Financial Services Limited and Inspop.com Limited.
EUI Ltd is a Data Controller. Admiral, Diamond, Bell and Elephant, Gladiator and Veygo are trading names of the data controller EUI Limited (Registered Number 02686904).
Able Insurance Services Limited is a Data Controller. Gladiator is a trading name of the data controller Able Insurance Services Limited (Registered Number 02890075).
Admiral Law Limited is a Data Controller. Admiral Law, EUI Law, Diamond Law, Elephant Law and BDE Law are trading names of the data controller Admiral Law Limited (Registered Number 08023665).
Admiral Financial Services Limited is a Data Controller. Admiral Loans, Admiral Car Finance and Admiral One are trading names of the data controller Admiral Financial Services Limited (Registered Number 10255225).
Inspop.com Limited is a Data Controller. Confused.com is a trading name of the data controller Inspop.com Limited (Registered Number 03857130).
If you have applied for a position via a third-party organisation such as a recruitment agency or social media platform, that organisation will also be a Data Controller in relation to your personal data. Other examples of Data Controllers will include Experian, CIFAS, the Solicitors Regulation Authority, and previous employers. You should refer to that organisation’s Privacy Notice for any queries in connection with how they process your personal data.
Data We Collect
If you, or a third party acting on your behalf (e.g. a recruitment organisation) apply for a role or work experience placement we will collect personal data relating to you in order to administer your application and employment.
We only process your data as necessary for the purposes of progressing your application, employment, or as required by law or regulatory requirements.
We will always have a lawful basis for processing your personal data. One of the following processing conditions as prescribed under data protection legislation will apply:
- For entering into a contract with you (or because you have asked us to take specific steps before entering into a contract)
- Where it is in our legitimate interests
- Where we are under a legal obligation
- Where you have provided clear consent for a specific purpose.
We will use any information provided to consider your application and to verify the information provided. If a professional qualification or Membership is required for your role this will also be checked. Additionally, we are obligated to ensure the safeguarding of our customers and employees and therefore will perform certain screening checks on you.
In limited circumstances we may also process personal data relating to your health (known as special category data), for example if you tell us about a health condition which is relevant for us to make adjustments to the interview process. As a result of the Covid19 pandemic, we will also process data in relation to the temperature of any person entering our offices. Please see the section on Thermal Imaging /Covid19 below for further details in this respect.
Where we process personal data in relation to your health we will rely on the legitimate interest and employment provisions under data protection legislation and specifically in relation to health and safety of our workforce.
Conducting pre-employment screening checks is sometimes referred to as ‘vetting’. The purpose of these checks is to establish eligibility to work within the business and to identify any risk factors which might bring the organisation into disrepute, or cause difficulties with colleagues, managers or customers and to establish that there are no legal issues or other matters that indicate that the Group may be unduly exposed to risk.
Screening checks / vetting is a key part of the overall employee due diligence process.
During the recruitment and application process, you will be asked to provide various information and supporting documents to enable us to complete screening checks both prior to employment and on an ongoing basis during employment.
Screening checks are an important component of the Group’s overall approach to minimising the risk of criminal or terrorist activity and are also a requirement under the Insurance Distribution Directive (IDD). If you are recruited into a role which is insurance based (including for example call centre work) the screening checks that we carry out under the IDD will apply to you. The IDD is EU legislation which sets regulatory requirements for firms designing and selling insurance products. It aims to enhance customer protection when buying insurance. The IDD requires us to check the ‘good repute’ of employees ahead of them becoming involved in insurance distribution. It also states that checks should be undertaken on a periodic basis. We will also carry out screening checks for non- insurance-based roles where warranted, please refer to the below.
If you are recruited into what we consider a 'High Risk' role, or transfer into one, during the course of your employment, then you will be subject to an enhanced level of background checking. A high risk user is someone who by nature of their role has a greater potential to inadvertently (accidently or through being manipulated) or maliciously expose Admiral’s customers, staff or business to harm.
For this reason, we consider these roles to be high risk and they require to have background checking more frequently than a standard role. You will be notified of any checks that need to be conducted if your role is a high risk role.
The type of checks we undertake which may apply for all prospective applicants and employees include:
- Qualifications and professional membership checks
- Adverse information check and open source searches (in limited circumstances and only if necessary)\
- Financial checks. These include bankruptcy and CCJ checks via Experian, a Credit Reference Agency. Experian will supply us with both public information (including the electoral register), and shared credit and fraud prevention information. The agencies will record details of the search but will not make them available for use by lenders to assess your ability to obtain credit. Experian will be data controller in their own right and will process your personal data differently to us. You should contact Experian(www.Experian.co.uk/crian) for any query in relation to how they process/ deal with your personal data.
- Financial sanctions checks. In order to comply with our legal and regulatory obligations in relation to anti-money laundering and financial sanctions restrictions, we will screen your name against global sanctions lists. The screening will simply involve searching our internal and third-party databases to ensure you are not on a sanctioned list. We are not able to employ anyone on a sanctions list. In addition, in order to comply with our legal obligations relating to anti-bribery and corruption, we will also perform searches and ask questions to assess whether there is a potential bribery or corruption risk to the role based on your personal and political associations. If there is a risk we will look to assess what additional internal controls we need to put in place to reduce that risk.
- Criminal background checks. Criminal background checks will be undertaken to assist with the safeguarding of our employees and customers. The checks will be made with the Disclosure and Barring Service (DBS) and these will be undertaken on our behalf by Experian (www.experian.co.uk). All new employees are required as a term of their offer to agree to having criminal background checks.
- Anti-fraud checks. In order to verify your identity, right to work, prevent and detect unlawful acts (including fraud and dishonest conduct) all new employees are required as a term of their offer to agree to having anti- fraud checks which are completed via CIFAS (www.cifas.org.uk). Admiral are members of CIFAS and use anti-fraud databases (Internal Fraud Database & National Fraud Database) to check if anyone has been filed and reported previously to ensure we protect our employees, customers and business from fraud.
We conduct these searches at offer stage, prior to probation completion and then on a re-occurring annual basis throughout your employment with us. Should anything come to light from these databases, we would talk to you about them.
Any matches as a result of the checks will be reviewed by the People Services Department in conjunction with the recruiting manager (for new applicants) or the line manager (for employees). The results will be used to assess potential risk according to the role applied for / being undertaken and could lead to engagement being refused or your existing engagement may be terminated or other disciplinary action taken.
As members, we also have a duty to file and register people should they commit fraud during our employment or at application stage and once this decision has been made, you can appeal the decision, however if the decision is upheld, a CIFAS filing remains on the database for up to six years and can affect future employment.
On a periodic basis, CIFAS performs reviews of cases that have been filed, and they may approach us as the member to request copies of documentation relating to the filing, to evidence we have met the Standard of Proof to file. In the event of such a request, we are obliged to provide the requested documentation, which may include copies of your vetting checks (e.g. financial checks, criminal background checks, reference checks) and any other documentation produced in the course of your job application and during the course of your employment.
We may also enable law enforcement agencies to access and use your personal data to detect, investigate and prevent crime.
- Solicitors’ Regulation Authority (SRA) checks. All employees joining our Law firms or a legal role are required as a term of their offer to agree to being checked against SRA records to ensure that there are no findings against the individual that would prevent them working in a legal environment. A further SRA search will be performed annually against all current employees in one of our Law firms or in a legal role.
- Reference checks. We will undertake reference checks with your past and present employers /your places of work. If you are recruited into a non- high risk role, we will require at least 1 year’s satisfactory employment history and a minimum of 2 or more satisfactory references from your most recent employers. If you are recruited into a high risk position, we will require 5 years satisfactory employment history and 2 or more satisfactory employment references. If you are recruited into a Senior Manager role or equivalent, we will require 6 years satisfactory employment history and 2 or more satisfactory employment references.
Please note that if you or a third party such as a recruitment agency provide details of any previous /current employer, we may contact them as part of this process.
If you would like any further information on any of the screening checks that we undertake, please contact us on 02920 43 43 34 or email PSGovernanceteam@admiralgroup.co.uk.
When you apply for a job or position with us, you will provide us with most of the data we collect about you. We collect and process data for example when you:
- Visit the www.admiraljobs.co.uk website and start an application, but don’t complete it
- Complete an application form via www.admiraljobs.co.uk
- Create a profile via www.admiraljobs.co.uk
- Contact us via the live chat facility available on our recruitment website ‘www.admiraljobs.co.uk’
- Register for Job or Blog Alerts via www.admiraljobs.co.uk
- Email us using the "send me an email" functionality or email directly via ‘firstname.lastname@example.org’
- Use or view our website via your browser’s cookies
- When you visit us at a Career’s fair.
Our company may also receive your personal data (if applicable) from the following sources:
- Third party recruitment websites;
- Responses to social media job advertisements e.g. Facebook;
- Recruitment agencies;
- Careers advisor, work placement schemes;
- We will also collect personal data relating to you as a result of any checks that are carried out. Please refer to the ‘Screening’ section for further details.
The above lists are not exhaustive.
Processing Personal Data
Here are some examples of the type of personal data we may process. There’s a more detailed list in the schedule at the end of this notice.
- Personal contact details such as name, address and contact number;
- Email address;
- Details of qualifications and professional memberships;
- Work history and reference information;
- Results from screening checks;
- Photographs /images from recorded assessments or from on-site CCTV.
Prior to completing the application, if it remains uncompleted, we will automatically send an email notification reminder to you the following day. During the recruitment process we may also capture personal data about you which is more sensitive in nature (for example disability / medical information). We do this in order to make reasonable adjustments to enable our candidates to apply for jobs with us, to be able to take online / telephone assessments, to attend interviews / assessment days, to prepare for starting with us (if successful) and to ensure that we comply with regulatory obligations placed on us with regard to our hiring.
The recruitment process may involve:
- Assessing and progressing your application;
- Assessing your suitability (skills, technical ability, strengths, behaviours for the role);
- Activities needed to complete the on-boarding and screening process should your application be successful (e.g. with regard to your qualifications and employment references).
How your personal data may be shared
Your personal data will only be shared if it is necessary for us to do so. We will need to share your personal data internally (in the country where you may work, and also in other countries in which we have central operations where you are applying for a role based outside the UK) and may be required to share it with some external parties or associates of the company, for example our legal advisors.
Your personal data may be shared internally with the following:
- Those employees who would have managerial responsibility for you or are acting on their behalf;
- Employees in People Services / HR who have responsibility for certain HR processes (for example recruitment, assessment, pre-employment screening);
- Employees in Legal, Conduct, Risk, People Services / HR, Regulatory and Fraud with responsibility for investigating issues of non-compliance with laws and regulations, policies and contractual requirements;
- External lawyers in the event of an issue necessitating legal advice;
- Employees in IT and system owners who manage user access;
- Audit and Investigations employees in relation to specific audits/investigations; and
- Security managers and staff for facilities / premises.
We may also need to share your information with certain external third parties including:
- Companies who provide candidate interview and assessment services to us;
- 3D Marcomms who operate our onboarding and applicant tracking system for us;
- Attrax Limited who host our website for us;
- Suppliers who undertake background screening on behalf of us (credit checking agencies, criminal checking bureaus, anti-fraud companies etc.);
- Academic institutions (Universities, colleges, schools, professional membership bodies etc.) in validating information you’ve provided;
- Previous / present employer(s) /place(s) of work where it has been indicated that you have worked;
- Legal advisors.
Please note that these lists are not exhaustive.
We would like to bring to your attention our obligations to disclose data in the following exceptional cases permitted under data protection legislation / law:
- Where we are legally compelled to do so;
- Where there is a permitted exemption under data protection legislation;
- Where there is a duty to the public to disclose;
- Where disclosure is made at your request or with your consent
How we protect your personal data
Our HR and Recruitment systems are protected to ensure that unauthorised or unlawful processing of personal data, accidental loss or destruction of, or damage to, personal data does not occur. This is done in accordance with the Group Security Policy.
Our premises are access controlled, we have secure shredding bins for confidential personal data and operate a clear desk policy. All our employees undertake data protection training.
It may be necessary to transfer your personal data to other Group companies or service providers located outside of the European Economic Area. The data protection and other laws of these countries may not be as comprehensive as those in the UK or the EEA - in these instances we will take steps to ensure that your data is given an equivalent level of protection as it is in the EEA.
How long do we keep your personal data?
We have designated retention periods and we will only keep your personal data as long as necessary. There are different retention periods for various categories of personal data. For example, we may only need to retain some personal data for a limited amount of time whereas other personal data will need to be retained for longer. Application data (e.g. job applications, CVs) are generally for retained for 2 years to enable us to check against repeat applicants and to check that applicants are genuine with regard to the positions they apply for.
If you have signed up for Job Alerts you can unsubscribe yourself from these at any time (or ask us to), otherwise you will be sent job alerts for up to 2 years.
Your personal data will be retained in accordance with the Group Records Management Policy.
Please contact us if you would like any further information in this respect.
Managing, Disabling and Enabling Cookies
You have the ability to accept or decline cookies from any website by modifying the settings in your browser. If you wish to restrict or block the cookies which are set by our website, you can do this through your browser settings. For information about how to manage and disable cookies you can use the 'Help' function within your browser or please visit www.aboutcookies.org or www.allaboutcookies.org. However, please note that by deleting or disabling cookies this could affect the functionality of our website and you may not be able to access certain areas or features of our site.
To opt out of being tracked by Google Analytics across all websites click here.
Email, phone calls and screen capture details may all be recorded and monitored.
CCTV is in operation across all Group sites. It is used for site security, staff monitoring purposes, and may be used in connection with investigation and disciplinary matters.
As a result of the Covid19 Pandemic, we have installed Thermal Imaging to notify us should an individual have a temperature. This is to protect the health and safety of all employees and third parties. The personal data in this respect will be limited to the notification of a temperature (and as such there would be no permission to enter further into the building) and the notification of this to the relevant people involved in the recruitment process.
We may also rely on more non- traditional methods in relation to interviewing such as video conferencing as a result of the Covid19 Pandemic. We will always use the most secure method available to us and in consultation with our Information Security department.
Thermal Imaging / Covid19
As a result of the Covid19 Pandemic, we have installed Thermal Imaging cameras at the entrance to our premises, to notify us should an individual have a temperature. This is to protect the health and safety of all employees and third parties and to prevent the spread of Covid-19. The personal data in this respect will be limited to the notification that an individual has a temperature (but not the temperature itself). Any individuals who have a temperature will not have permission to enter further into the building. The relevant people involved in the recruitment process will be notified (usually by e-mail) that the temperature threshold has not been met and that the individual cannot attend their interview /meeting that particular day.
In limited circumstances, if the thermal imaging cameras are not working or an individual wishes to verify their results by other means, there may be the option for a temperature to be recorded at two different intervals by non-manual temperature guns. If the temperature reading is sufficient for two readings, entry to the building may be permitted.
We may also rely on more none- traditional methods in relation to interviewing such as video conferencing as a result of the Covid19 Pandemic. We will always use the most secure method available to us and in consultation with our Information Security department.
What are my rights with regard to Admiral’s processing of my personal data?
Your rights as a data subject (please note that these do not apply in all circumstances), may include:
- The right to be informed about our processing of your personal data;
- The right to obtain a copy of the personal data we hold on you;
- The right to have your personal data corrected if it is inaccurate
- The right to object to the processing of your personal data;
- The right to have your personal data erased (“right to be forgotten”);
- The right to move, copy, or transfer your personal data (“data portability”);
- Rights regarding automated decision making, including profiling.
Obtaining a copy of the personal data we hold about you (Subject Access Request)
If you would like a copy of your personal data that we hold about you, you can make a Subject Access Request. A Subject Access Request can be made in writing or verbally. Please provide clear details of what personal data you would like and contact us at email@example.com
or by writing to:
People Services – PS Privacy Rights Team
Subject Access Request
Telephone: 02920 43 43 34
Please note that if you are making a request on behalf of someone else we may need identification, as well as a signed letter of authority from them confirming that they are happy for you to act on their behalf and for us to release their personal data to you. We may also need identification from you before we can release your personal data.
Whilst we will always aim to be as transparent as possible, please note you will only be entitled to your own personal data and it may necessary to withhold and/or redact certain information as permissible under the Data Protection Act 2018.
Once we have received your request and confirmed your identity (if applicable), we will have one calendar month to fulfil your request. In some limited instances we will have an additional 2 months to fulfil your request. Where any such delay is anticipated we will inform of you this, as soon as possible, along with details of when we expect to be able to provide you with the requested personal data.
If you are requesting information / copy of your data from an external third party company, you will need to contact them directly.
If you have any questions about this Privacy Notice or would like additional information about how your personal data is handled, please contact firstname.lastname@example.org. If you have any queries about your rights, or believe that they have not been met by Admiral Group plc or any of the companies within the group, please contact our Data Protection Officer at:
Data Protection Officer
Admiral Group plc
If you have any complaints relating to the processing of your personal data, you also have the right to complain to the relevant Supervisor Authority. In the UK this is the Information Commissioner’s Office (ICO). They can be contacted at:
Information Commissioner’s Office
Schedule 1: List of information we may process
- Name, work and home contact details
- Date and place of birth
- Education and work history
- Individual demographic information in compliance with legal requirements (such as marital status, national identifier, passport/visa information, nationality, citizenship, military service, disability, work permit, date and place of birth or gender)*
- Health issues requiring adaptations to working environment*
- Thermal imaging for temperature data in relation to the covid19 pandemic
- Job title, grade and job history
- Employment contract related information (including compensation, location, hours of work and so on)
- Reporting and managerial relationships
- Leaves of absence (such as maternity leave, sickness absence)
- Disciplinary / grievance records*
- Time and attendance details
- Bank account details for salary payment purposes
- Expenses such as travel and expenses claimed from the Group
- Skills and qualifications
- Professional membership
- Training history and plans
- Results of original and ongoing employee screening, where relevant
- Details provided in relation to Conduct policies (such as conflicts of interest, personal account dealing, trade body membership and so on)
- Health & safety incidents, accidents at work and associated records
- Building CCTV images
- Audio recordings of telephone interviews
- Video recordings of interviews
- Notes from face to face interviews
- Psychometric test results and associated reports
- Results from behavioural assessments (e.g. Assessment day exercises)
- Results from technical assessments
- Beneficiary and emergency /next of kin information
- Written /verbal communications about you
* These categories of information might potentially include some special category personal data.