What is this notice?
This is the “AXIS Applicant Privacy Notice”. The notice applies to all persons applying to a vacant position within AXIS UK Services Limited, AXIS Specialty Europe SE or AXIS Re SE (“AXIS”) or whose CV has been provided to AXIS by a recruitment agency.
At AXIS, we routinely collect and use personal data about individuals, applicants, employees, contractors, insured persons, claimants, or business partners. We take our responsibilities to handle your personal data with care very seriously and protecting the privacy of your personal data is of great importance to us. In this Privacy Notice, we want you to understand when, why and how we collect and use personal data about you, your rights regarding this information, the conditions under which we may disclose it to others and how we keep it secure.
We may amend this notice at any time, but we shall ensure that the most recent version of the document will always be available on our website.
Important: This Privacy Notice does not limit or affect any rights you have under applicable data protection regulations.
Who collects your personal data?
AXIS is a group of companies that operate in various jurisdictions around the world. The AXIS entity that originally collected data from you will be principally responsible for managing your personal data (“Data Controller”) and will be responsible for deciding how your personal data will be held and used.
To find out the identity of any AXIS company that collects personal data about you as part of providing insurance coverage, check:
- If you submitted an application for a vacant role at AXIS, the AXIS company you applied to will provide you with the details of the AXIS company.
- If your CV has been shared with us by a recruitment agency, contact the agency for details of the AXIS company your personal data has been submitted to.
AXIS companies that receive your personal data each constitute a separate Data Controller, each of which is responsible for deciding how it holds and uses your personal data.
AXIS is subject to both the EU and the UK General Data Protection Regulations.
The EU GDPR applies to data collected by an AXIS entity located within the EU and/or data held by an AXIS entity located outside the EU, where that entity has collected data from or about you while you were located within the EU.
The UK GDPR applies to data collected by an AXIS entity located within the UK and/or data held by an AXIS entity located outside the UK, where that entity has collected data from or about you while you were located within the UK.
What type of personal data do we collect about you?
We process personal data you or the recruitment agency provide us, which may include the following categories of information:.
- Age and date of birth (not applicable in the UK)
- Application form, CV and interview notes
- Brief description of job titles and duties performed in your past roles
- Documentation confirming your right to work in the UK
- Government identification numbers - national insurance, social security, passport, tax, driver’s license)
- Offer letter and proposed contract between you and AXIS
- Personal contact details (including name, address, email, telephone number)
- Professional memberships and qualifications
- References and details of previous employers
- Results of the following recruitment tests: numerical, verbal, capability
and the following categories of special category personal data:
- Marriage or civil partnership status
- Criminal History
- Data revealing race, religious beliefs or sexual orientation
- Health data including disability information
Where we will process special category personal data about you, we shall apply safeguards in accordance with the applicable data protection legislation.
How do we collect data about you?
Your personal data will come from you during the recruitment process and may also come from the following sources:
- Background check providers may provide us with personal data including spent and unspent convictions, police records of convictions, cautions, reprimands and warnings, previous names, date and place of birth and gender
- Credit reference agencies may provide us with personal data including your date of birth, passport details, sex, nationality, credit scores and details of previous bankruptcy
- Former employers or other referees, whom you have given us permission to contact, may provide us with personal data and information regarding past employment
- Medical professionals may provide us with personal data concerning any medical conditions or medical causes of concern
- Professional bodies that confirm membership / qualifications / training may provide us with the following personal data such as grade of qualification received, date of birth, name and surname
- Recruitment agencies may provide us with personal data including your name, CV, contact and address details
If you would like more information on the source of your personal data please contact the Data Protection Officer (DPO).
Why do we collect data about you?
We collect your personal data for the following purposes:
- Check you are legally entitled to work in the UK or other jurisdiction where AXIS operates
- Consider reasonable adjustments to the recruitment process for disabled applicants
- Contact you regarding the recruitment process and any offer of work
- Determine the terms of any potential contract between you and us
- Establish whether you can undergo an assessment which forms part of the application process
- Establish whether you will be able to carry out a function that is intrinsic to the particular work
- If you have accepted an offer of work from us that is subject to checks: Assess your fitness to work via a health questionnaire or medical report, carry out background checks, carry out credit checks, confirm your professional memberships, registrations and / or qualifications, take up references (from referees whom you have given us permission to contact)
- Make a decision about your recruitment or appointment, including assessing your skills, qualifications and suitability for the work.
Our legal basis for processing your personal data
Where we process your personal data for the purposes set out above, we generally rely on one or more of the following legal bases.
For all personal information:
- Performance of a contract – we must use your personal data to perform a contract with you
- Legitimate interests – we have a legitimate interest in using your personal data to select suitable employees
- Legal obligation – we must use your personal data to comply with our legal or regulatory obligations – for example, in relation to carrying out background checks
It may be necessary for us to process some special category personal data in order to comply with legal or regulatory obligations (such as making reasonable adjustments for clients with disabilities), or if we need to do so in order to seek confidential legal advice or establish or defend legal claims. We shall also use your special category personal data , where appropriate, on the following specific bases:
- Employment, social security and social protection – it is necessary to use your special category data to perform or exercise obligations or rights which are imposed or conferred by law connection with employment, social security or social protection
- Equality of opportunity or treatment - it is necessary to use your special category data to identify or keep under review the existence or absence of equality of opportunity or treatment between groups of people within AXIS
- Health or social care purposes - it is necessary for us to use your special category personal data for the purposes of preventive or occupational medicine, or assessing your working capacity
- Racial and ethnic diversity at senior levels of organizations - it is necessary to use your special category data to promote or maintain diversity in the racial and ethnic origins of individuals who hold senior positions within AXIS
- Statutory and government purposes - it is necessary to use your special category data to complete background checks when you are offered a position at AXIS
Further information on the purpose for processing your personal data and the legal bases we rely on are included in the table at the bottom of this Privacy Notice.
How long do we keep your personal data?
We will retain your personal data in accordance with our retention policies and, in any case, for no longer than necessary to comply with legal or regulatory requirements. Retention periods for personal data are reviewed periodically and the periods for storage specified in it may alter depending on changes to law and regulation, best practice and similar matters.
It may be necessary for AXIS to suspend any planned destruction or deletion of personal data where legal or regulatory rules require that we preserve the data, or where proceedings are under way which require the data to be retained until those proceedings have finished. For example, data that relates to litigation or is reasonably foreseeable to be relevant for litigation purposes must be retained until that litigation is completed.
If you would like more information on the source of your personal data please contact the DPO.
Where does your personal data go?
We may need to transfer your personal data to third parties or to other AXIS group companies, to help manage our business and delivery of services to you. The third parties may include:
- Health and safety executive
- Health professionals and occupational health providers involved in your care
- Legal counsel
- Other entities in AXIS group
- Other third parties as necessary to comply with the law
- Potential or actual purchasers of the business, or other third parties in the context of a possible sale or restructuring of the business
- Service providers (including IT service providers and those involved in providing benefits in connection with your employment or engagement)
Transferring your personal data outside the EU
We may transfer your personal data to other companies in our group and our suppliers in the United States, Bermuda, India, Singapore, Dubai, and the Philippines. We do this for management purposes, reporting activities on company performance for regulatory or statutory purposes, in the context of a business reorganisation or group restructuring exercise, and for system maintenance support and hosting of data.
Whenever it is necessary to transfer your personal data to other companied of the group, agents or contractors located outside of the EEA, we shall take appropriate steps to ensure that such transfer adequately protects your rights and interests.
We shall only transfer your personal data to countries recognized as providing an adequate level of legal protection, or where we are satisfied that protections are in place to properly protect your privacy rights.
Transfers between AXIS companies are covered by intra-organizational agreements that provide specific requirements designed to ensure your personal data receives adequate protection whenever it is transferred within AXIS.
Transfers to our service providers and business partners are protected by contractual agreements approved by the European Commission or by the UK Information Commissioner’s Office (ICO). Before transferring your data to our service providers, we ensure they can provide adequate level of data protection.
We do not make any decision about you which has a legal or similarly significant effect on you based solely on automated processing (i.e. without human intervention).
You have certain rights in relation to how AXIS collects and uses your personal data. To exercise any of these rights, please contact in the first instance the AXIS entity that originally collected the data from you. Your rights include:
Right to access – you may:
- Confirm whether we are collecting and using your personal data
- Obtain a copy of your personal data from AXIS
- Obtain additional information about your personal data, including:
- What data we have
- How we collect your data
- How we use it
- To whom we disclose it
- Whether we transfer it outside the EEA, and how we protect it
- How long we keep it
- Your rights
- how you can make a complaint
Right to Rectify – you may ask us to correct personal data that is inaccurate.
Right to Erasure – you may ask us to erase your personal data only where:
- It is no longer needed for the purposes for which it was collected
- You have withdrawn consent that you explicitly provided
- It was unlawfully processed
- You have an appropriate Right to Object (see below)
- AXIS must comply with a legal obligation to erase the personal data
- AXIS is not required to erase your personal data if continued collection and use of it is necessary
- To comply with a legal obligation
- To establish, exercise or defend legal claims of the company or our insureds.
Right to Restrict Use – you may ask us to restrict the use of your personal data only where:
- You contest its accuracy, in order to give us the opportunity to verify and correct it
- Its collection and use is unlawful, but you do not want it erased
- It is no longer needed for the purposes for which it was collected, but is still needed to establish, exercise, or defend legal claims
- You have exercised the right to object and that decision is pending.
- We may continue to use your personal data where:
- You have consented to its use, and have not withdrawn that consent
- We must use it to establish, exercise, or defend legal claims
- We must use it to protect the rights of another person.
Right to Data Portability – you may ask that we provide your personal data to you in a structured, portable format, or that your personal data be directly transferred to another company, but only if our collection and use of that information:
- Is based on your consent, or on the performance of a contract with you
- Is carried out by automated means.
Right to Object– you may object to the collection and use of your personal data for which AXIS uses “legitimate interest” as its basis for collection, if you believe your fundamental rights and freedoms outweigh our legitimate interests. Once you object, we have the opportunity to demonstrate that our legitimate interests are compelling enough to override your rights and freedoms.
Right to Information About Automated Processing – you may ask for information regarding the logic involved, as well as the significance and the envisaged consequences of such processing.
Right to File Complaints – you may file a complaint with your local supervisory authority regarding our collection and use of your personal data.
Local supervisory authorities for AXIS companies are set out below. We also provide below details of the EU representatives (for UK-based AXIS companies) and UK representative (for EU -based AXIS companies):
|AXIS Company||Local Supervisory Authority||EU Representative|
|AXIS UK Services Limited (formerly Novae Management Limited)||ICO||Not applicable|
|AXIS Re SE||DPC||Not applicable|
|AXIS Specialty Europe SE||DPC||Not applicable|
International Transfers – you may ask for information on the protections under which your personal data is transferred outside of the EEA. We might redact certain portions of this data for reasons of commercial sensitivity.
The following may apply to your request regarding your personal data:
- We shall respond to all valid requests within one month of receipt.
- You will generally not be charged a fee when we process your request.
We reserve the right to charge a reasonable fee if your request is manifestly unfounded or excessive or you ask us for further copies of information already provided.
How to Contact Us
Please address all inquiries, requests, and other communications regarding your personal information or this Privacy Notice to:
Contact: Data Protection Officer
Email: [email protected]
Address: 52 Lime Street, London EC3M 7AF
Appendix to AXIS Recruitment Privacy Notice (Europe)
Data marked * in the table below is ‘special category personal data’
|PURPOSE||PERSONAL INFORMATION PROCESSED||LEGAL BASIS FOR PROCESSING||WE MAY DISCLOSE TO OR SHARE WITH|
|Check you are legally entitled to work in the UK or other jurisdiction where AXIS operates||Other third parties as necessary to comply with the law|
|Consider reasonable adjustments to the recruitment process for disabled applicants|
|Contact you regarding the recruitment process and any offer of work||Personal contact details (including name, address, email, telephone number)||To enter a contract|
|Determine the terms of any potential contract between you and us||Offer letter and proposed contract between you and AXIS||To enter a contract||Other entities in AXIS group|
|Establish whether you can undergo an assessment which forms part of the application process||Other entities in AXIS group|
|Establish whether you will be able to carry out a function that is intrinsic to the particular work|
|Make a decision about your recruitment or appointment, including assessing your skills, qualifications and suitability for the work||Other entities in AXIS group|
Effective date: 27 July 2022 v2.0