Candidate Privacy Notice



The Cornish Mutual Assurance Co. Ltd (“Cornish Mutual”, “we” or “us”) take the privacy and security of your personal information very seriously.

In this privacy notice, we set out how we collect and use your personal information during the recruitment process and in accordance with data protection legislation.



Personal information means any information about an individual from which that person can be identified. It does not include anonymous information where the identity has been removed.

There are “special categories” of more sensitive personal information which require a higher level of protection such as your ethnicity or disability status.



Throughout the recruitment process we will gather personal information about you. We will have a lawful basis for processing this information as required under data protection legislation.

During the application process

As part of the application process you provide us with an application form, CV or letter of application, this will contain information such as: 

  • Personal contact details such as name, title, addresses, telephone numbers, and personal email addresses.
  • Job History, skills and experience
  • Referees (references are not usually sought until the job is offered but you provide this information prior to interview)

This information will be used to decide whether we invite you to interview to find out more about your suitability for the role.


If you are invited to interview we may process more information about you, including the following “special categories” of more sensitive personal information: 

  • Information about your race or ethnicity, religious beliefs, sexual orientation and political opinions which you voluntarily disclose as part of our equality opportunity monitoring.
  • Information about your health, including any medical condition, health and sickness records which you provide with explicit consent to ensure that we make any necessary adjustments during the interview process.

During the interview we may make notes about your responses to questions and you may be asked to undertake an assessment to demonstrate your suitability for the role. This is to treat candidates fairly and ensure we select the best candidate for the role. 

Making an offer of employment

If the decision is made to offer you a job, we will ask for more information to make sure you have the right to work in the UK and meet the requirements of our regulators. The information you provide will include:

  • National Insurance number
  • Documentation to demonstrate you have the right to work in the UK which we are legally obliged to undertake. This may include a passport, driving licence, work visa, utility bill, bank statement
  • Contacting the referees using the contact information you have provided for them. They will be asked to provide dates of employment, job title while employed, and any additional comments about your suitability for the role applied for.

With your explicit consent, we may undertake a Disclosure and Barring Service (DBS) check for those undertaking Member facing roles to ensure that those recruited meet the highest standards of trust and integrity and to satisfy ourselves that there is nothing in your criminal convictions history which makes you unsuitable for the role, or to visit our Membership in their homes. This is because a role within our regulated business requires a high degree of trust and integrity. We have in place an appropriate policy document and safeguards which we are required by law to maintain when processing such data.

As part of entering an employment contract with you, we will also complete a credit check to obtain credit information and score.

When you accept an offer of employment with Cornish Mutual, your recruitment information will be retained as part of our contract with you as your employer.

Unsuccessful Candidates

Cornish Mutual always endeavour to notify candidates they have been unsuccessful. This is not always possible due to the quantity of applications we receive. If you are unsuccessful, your personal information will be destroyed six months after the role has been recruited for, unless you tell us you would like to be considered for another role within the company. We retain and securely destroy your personal information in accordance with applicable laws and regulations.



Cornish Mutual are required to have a lawful basis in place to process your personal information. The table below sets out the lawful basis for each aspect of our processing.



Lawful Basis

Application Form, CV, Application Letter


Interview Notes and Assessment


Credit Check


Right to Work Checks

Legal Obligation

Contacting Referees


Disclosure and Barring Service Check

Explicit Consent

Equal Opportunities Monitoring information

Explicit Consent (except where anonymised)

Health Information

Explicit Consent



We do not envisage that any decisions will be taken about you using automated means, however we will notify you in writing if this position changes.



We may have to share your personal information with third parties, including third-party service providers because it is necessary to administer the working relationship with you or where we have another legitimate interest in doing so.

Third-party providers may carry out the following services: Credit, DBS and Occupational Health checks.  

We require third parties to respect the security of your information and to treat it in accordance with the law. They must act only in accordance with our instructions and they agree to keep your personal information confidential and secure.



Cornish Mutual try to ensure that all personal information is held within the UK. Occasionally we may transfer your personal information outside the UK and the European Economic Area (EEA). If we do, you can expect a similar degree of protection in respect of your personal information.

Where we transfer your personal information to countries where there is no adequacy decision in respect of that country, we will put in place certain measures to ensure that your personal information does receive an adequate level of protection, such as contractual clauses that have been approved by the Information Commissioner’s Office.



Cornish Mutual have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. We have also put in place procedures to deal with any suspected information security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.



Under certain circumstances, by law you have the right to:

  • Request access to your personal information (commonly known as a “data subject access request”). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.
  • Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
  • Request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below).
  • Object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes.
  • Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it.
  • Request the transfer of your personal information to another party.

If you want to review, verify, correct or request erasure of your personal information, or object to the processing of your personal information, please contact

We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal information is not disclosed to any person who has no right to receive it.

If you believe we are not handling your personal information correctly, you have the right to make a complaint to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues.



In the limited circumstances where you may have provided your consent to the collection, processing and transfer of your personal information for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. To withdraw your consent, please email Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law.

If you have any questions about this privacy notice, please contact  

Last updated April 2023