Data Protection Privacy Notice – Recruitment

This notice explains what personal information we hold about you, how we collect it, and how we use and may share information about you during the recruitment process. We are required to notify you of this information under data protection legislation.

Who collects the information

CMR Surgical is a “data controller” and gathers and uses certain information about you.

Data protection principles

We will comply with the data protection principles when gathering and using personal information, as set out in our data protection policy.

Data we collect

We may collect the following information up to and including the shortlisting stage of the recruitment process:
We may collect the following information after the shortlisting stage, and before making a final decision to recruit. Some of the categories listed may not apply to you.

Why we collect the information and how we use it

We will typically collect and use this information for the following purposes:
We seek to ensure that our information collection and processing is always proportionate. We will notify you of any material changes to information we collect or to the purposes for which we collect and process it.

How we collect the information

We may collect this information from you, your referees (details of whom you will have provided), your education provider, the relevant professional body, the Disclosure and Barring Service (DBS) and the Home Office.

How we may share the information

We may also need to share some of the above categories of personal information with other parties. Your application will be uploaded to the company applicant tracking system People HR, whose account managers will have access to your details. Internally your details will be accessible by CMR’s hiring managers, senior leaders and IT employees.

Usually, information will be made anonymous, but this may not always be possible. The recipient of the information will be bound by confidentiality obligations. We may also be required to share some personal information as required to comply with the law.

Where information may be held

Information may be held at our offices, in the CMR email system and People HR applicant tracking system.

How long we keep your information

By providing your consent we will keep your information during and after the recruitment process for no longer than is necessary for the purposes for which the personal information is processed. How long we keep your information will depend on whether your application is successful, and you become employed by us, the nature of the information concerned and the purposes for which it is processed.

As we are currently in an exciting growth phase, your application may be revisited in the future, therefore we propose to keep all applicant details in our talent pool for 12 months, however should you wish for this to be removed or amended please contact us either through the careers email or by contacting the data protection officer.

Access to, updating and deletion of your personal data

Please contact us if (in accordance with applicable law) you would like to correct or request access to information that we hold relating to you or if you have any questions about this notice. You also have the right to ask us for some (but not all) of the information we hold and process to be erased (known as the “right to be forgotten”) in certain circumstances. We will provide you with further information about the right to be forgotten, if you ask for it.

Security of your personal data

We have appropriate security measures in place to prevent personal information from being accidentally lost or used or accessed in an unauthorised way. We limit access to your personal information to those who have a genuine business need to know it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.

We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.

Contact details

We hope that we can resolve any query or concern you raise about our use of your information please contact our Data Protection Officer, Rebekah Ley at [email protected].

If not, contact the Information Commissioner at or telephone: 0303 123 1113 for further information about your rights and how to make a formal complaint.

How can we help you?