At esure, we care about privacy.

We only use personal data where we can do so lawfully. We always consider the impact this may have on those whose data we use, and we aim to be fair and proportionate when using personal data. We work hard to ensure that the personal data we hold is safe and secure with us. When we no longer need to keep the information, we delete or anonymise it safely.

Who we are

The esure Group is made up of a mix of different companies. In this Privacy Notice, "esure", "we", "us" or "our" refers to the esure Group company you have a relationship with, and who processes your personal information as a result. For a full list of the relevant esure Group companies please see the esure Group companies section below.

About this document

The purpose of this Privacy Notice is to help you understand how we collect, use and protect your personal data. This privacy notice applies to all current and former candidates for roles with us (“Candidates”).

You should also show this Privacy Notice to anyone else whose details you provide to us, for example your family members, emergency contacts etc.

This Privacy Notice does not form part of any contract of employment or other contract to provide services. It is important that you read this Privacy Notice together with any other privacy notice we may provide from time to time which will be available on our website

From time to time we may need to make changes to this Privacy Notice, for example, to include legislation changes, new technologies or other developments in privacy law. We will make reasonable efforts to inform you of any material changes in how we use your personal data, but we encourage you to check our website to view our most up-to-date Privacy Notice.

If you have any questions about this Privacy Notice, please contact our Data Protection Officer using the contact details provided in the How to Contact us section of this Privacy Notice.

What personal data we use

Personal data, or personal information, is any information from which a person can be identified. It does not include data which has been anonymised.

What personal data we use will depend on the nature of your relationship with us. We will only use information that is appropriate and necessary. We will collect, store and use personal data including:

Non-sensitive Data (“NS”)

  • Contact details including name, address, telephone number and email address
  • Date of birth
  • Gender
  • National Insurance Number
  • Marital Status and dependents
  • Information about your family, next of kin and emergency contact information
  • Recruitment details, such as references, CV, job titles, work history, training and performance records, professional memberships and disciplinary and grievance information
  • Bank statements or any other official documents (where provided by you as proof of address)
  • Official identification documents (e.g. passports, driving licences)
  • Vehicle registration number (e.g. if you are using our car parking facilities)
  • Photographs (e.g. when issuing you with security access pass for one of our offices)
  • CCTV footage

Special Category Data (“SC”)

  • Data concerning health
  • Data concerning sexual orientation
  • Personal data revealing racial or ethnic origin
  • Personal data revealing religious beliefs

Criminal Offences and Convictions Data (“CO”)

  • Criminal activity, allegations, investigations and proceedings
  • Personal data relating to criminal convictions and offences, including unproven allegations, information relating to the absence of convictions and personal data of victims and witnesses of crime
  • Personal data about penalties, conditions or restrictions placed on an individual as part of the criminal justice process or civil measures which may lead to a criminal penalty if not adhered to, such as information about any unspent criminal/civil convictions

Financial Data (“FD”)

  • Bank account details, salary, pension and benefits
  • Financial and credit references

How we collect your personal data

We collect your personal data either

Directly from you – e.g. when you:

  • Apply for a role with us
  • Provide us with the information during (or after) recruitment process

Indirectly via third parties such as:

  • Recruitment, talent management and employment agencies
  • Background check providers such as Disclosure and Barring Service
  • Former employers
  • Credit reference agencies
  • Fraud prevention agencies or other background check agencies
  • From a candidate or employee, where they may share information about their relatives or significant others, for example emergency contact information

The reasons (purposes) why we use your personal data, and the lawful bases we rely on

Why We Use Your DataTypes of Personal Data We UseWhose Data We UseLawful Basis We Rely On


Relatives or significant others

We rely on legitimate interest to use your personal data for recruitment. This enables us to manage our recruitment and application processes.

SC and CO data may also be processed for recruitment purposes where:

  • it is necessary to process this information in the field of employment (e.g. to carry out vetting and reference checks);
  • to arrange any health adjustments (e.g. if you need a specialist equipment or additional assistance); or
  • to deal with any disputes (e.g. if you are unhappy about the recruitment process and/or outcome).
Fraud and Money Laundering Prevention and Identity Verification



We rely on legitimate interest to use your personal data to detect and prevent fraud, money laundering and to verify your identity.

SC and CO data may also be processed for this purpose where:

  • it is necessary to process this information in the field of employment (e.g. to carry employment checks); or
  • it is necessary for reasons of substantial public interest to process the information to prevent or detect unlawful acts.
Ensuring and Improving Physical Security and Information Security



We rely on legitimate interest to use your personal data to ensure and improve physical security and information security.

We will not process SC or CO data for this purpose.

Health and Safety



We rely on legitimate interest to use your personal data to protect your health and ensure your safety.

SC data may also be processed for this purpose where:

  • it is necessary to process this information in the field of employment (e.g. to carry health and safety checks or to provide appropriate health and safety support/equipment); or
  • it is in substantial public interest to support you (e.g. if you have a disability or a medical condition).
Compliance with Legal and/or Regulatory Obligations



We will process your personal data when necessary to comply with our legal or regulatory obligations including (without limitation) for the purposes of:

  • Recruitment e.g. working permits;
  • Fraud and money laundering prevention and identity verification e.g. criminal history checks;
  • Disclosure of information to regulatory bodies e.g. fitness and propriety checks; or
  • Health and Safety e.g. fitness to work and reasonable adjustments.
Voluntary Participation Activities



If we invite you to participate in voluntary activities (e.g. testing products and systems), we will ask for your explicit consent to use your personal data for this purpose. You may choose not to participate in the activity or withdraw your consent at any stage without this affecting your employment/contract.

SC and CO data may also be processed for this purpose. Where this is the case, we will only do so when you have given us your explicit consent to process your information for this purpose.

Research and Analysis



We rely on legitimate interest to use your personal data for research and analysis purposes e.g. to forecast staffing needs and demands.

We will not process SC or CO data for this purpose.

The above table sets out the personal information that is necessary for us to enter or carry out our contract with you or is a legal requirement. If you choose not to provide us with such information when requested, we may not be able to perform our contract with you (e.g. to pay your salary into your elected account, or to pay or provide your benefits), or may be prevented from complying with our legal obligations (e.g. to ensure the health and safety of our workers).

Please note however that this does not affect your right to withdraw consent where we rely on consent as a lawful basis.

Making Automated Decisions and Profiling

We do not envisage using your personal data to make any decisions about you solely based on an automated decision making, including profiling, process. We will notify you in writing if this position changes.

Sharing Your Personal Data with Others

We may share your data with:

  • Third-party service providers and suppliers that assist us or supply our HR recruitment systems (e.g. recruitment and talent acquisition agencies)
  • Third parties as necessary to comply with law (e.g. HMRC)
  • The general public for business promotion purposes
  • The Financial Conduct Authority, the Prudential Regulation Authority and other regulatory bodies where this is required by rules/regulations. This would be, for example, where the role you applied for is subject to regulatory pre-approval and/or regulatory notification, or through reporting staff conduct rule breaches
  • Fraud prevention agencies for the purposes of the prevention, detection and investigation of fraud

Sharing Your Personal Data in Relation to the Prevention, Detection and Investigation of Fraud

The personal data you have provided, we have collected from you or we have received from third parties will be shared with Cifas who will use it to prevent fraud, other unlawful or dishonest conduct, malpractice and other seriously improper conduct. If any of these are detected, you could be refused certain services or employment. Your personal information will also be used to verify your identity. Further details on how your information will be used by us and Cifas can be found here:

Alternatively, you can call esure’s HR department on 0141 343 7400 or contact them by email (at [email protected]) with ‘data sharing with Cifas’ in the title of the email and clearly stating your full name and contact details.

Transferring Personal Data Outside the UK

Your personal data may be transferred to and processed in a destination outside the UK. In these circumstances, your personal data will only be transferred on one of the following bases:

  • the country that we send your data to is approved by the UK Government as providing an adequate level of protection for your personal data (such as countries in the European Economic Area)
  • We’ve agreed standard contractual clauses (approved by the UK Government) with the recipient, which obliges them to safeguard the personal information; or
  • Another UK Government approved transfer mechanism is in place providing appropriate safeguards to the personal data (for example, an approved certification mechanism or binding corporate rules)

To find out more about how your personal data is protected when it is transferred outside the UK (and if you wish to obtain a copy of the appropriate and suitable safeguards), please contact our Data Protection Officer using the contact details provided in the 'How to Contact us' section of this notice.

How Long We Will Store Your Personal Data

We will retain your personal data for as long as necessary to fulfil the purposes we collected it for. Please refer to the Data Protection Officer using the contact details provided in the ‘How to Contact us’ section of this notice for further detail regarding personal data retention periods.

Once your personal data is no longer required, we will either delete the data securely or anonymise it so that you cannot be identified directly or indirectly.

Your Rights

Data protection legislation gives you certain rights. These include the rights to:

  • ask us how we use your personal data
  • access your personal data and obtain a copy of the personal data we hold about you
  • ask us to correct any information about you that’s out of date, incorrect or incomplete
  • tell us that you don’t want us to use your personal data in a certain way e.g. to send you marketing communications
  • tell us to delete personal data we have on file about you. In some circumstances we won’t be able to do this e.g. if we’re required to keep the information by law or to establish, exercise or defend a legal claim
  • ask us to give your data to a third party provided it is technically feasible to do so e.g. another employer
  • ask us to temporarily pause processing of your data
  • not hold you to a decision that has been made solely in an automated way and ask us to review automated decisions we make about you

Please note that these rights are not absolute. There may be times when we can’t do what you ask us to. If that’s the case, we’ll explain why when we reply to you.

How to Contact us

If you have any questions about this Privacy Notice, how we use your personal information or if you’re not happy with how we process your personal information, please contact the Data Protection Officer:

By email: [email protected]

By post: Data Protection Officer, esure, The Observatory, Reigate RH2 0SG

We aim to resolve all complaints internally via our Data Protection Officer who can be contacted using the channels described above. You also have the right to make your complaint to the Information Commissioner at any time. For more details about your rights under data protection legislation, please visit the Information Commissioner's Office website:

esure Group companies

The esure Group of companies that may process your data include:

  • esure Services Limited
  • esure Insurance Limited


This Privacy Notice was last updated on 14/06/2023. Previous versions of the policy can be obtained by contacting Data Protection Officer.