You have already applied for this vacancy, please go to your account to see your progress.

Candidate Privacy Notice

Candidate Privacy Notice only applies to candidates who have submitted an application and CV for an existing employment opportunity at the Bank. Employees including any temporary employees of the Bank should refer to the Privacy Notice for Staff. 

The purpose

This privacy notice explains how we gather and use data about you during the recruitment process and sets out your rights. It is important that you read this privacy notice, together with any other privacy notice we may provide on specific occasions when we are collecting or processing personal data about you during the recruitment process, so that you are aware of how and why we are using such information. We regularly update this privacy notice. Last update: December 2023.

Who we are?

When we say 'we' or 'us' in this privacy notice, we mean Bank of China (UK) Limited and Bank of China Limited, London Branch.  

When we say 'Group' in this notice, we mean other members of the Bank of China Group of companies, including holding and subsidiary companies. More information about the Bank of China Group can be found at www.bankofchina.com

If you have a question about something in this privacy notice, or want to contact our Data Protection Officer (DPO), please write to this address: Data Protection Officer, Bank of China (UK) Limited, 1 Lothbury, London, EC2R 7DB or email datapro.uk@bank-of-china.com 

What kind of information do we collect about you?

We process the minimum data required for assessing your suitability for the role you have applied for or are interested in.

When you apply for a job or let us know you are interested in working for us, we ask for: 

• Your name, contact details, date and place of birth;
• Your education and work history, professional qualifications and skills, including the dates;
• Your right to work in the UK (Nationality, passport, visa etc.);
• Details of your current salary and other aspects of your current compensation and benefits package, and what you desire for these in the new position;
• Your current notice period.

If we invite you for an interview, we collect interview notes taken during the interviews that are relevant to your application.

• Proof of your identity and current and previous addresses in the UK and abroad;
• Details of your referees so we can contact them. Current and previous employer contact for confidential references, to include regulated references where required;
• Details of specific needs you want to inform us about, so we can make reasonable adjustments for your interview.

It is your decision whether to provide this information, but if you choose not to we might not have enough information about you to consider your application.

We also ask for the following ‘special category data’. This is entirely voluntary and the data will remain anonymous. 

• Ethnicity;
• Gender identity;
• Sexual orientation;
• Religious or philosophical beliefs;
• Disability and neurodiversity status.

There is more information on how we use ‘special category data’ below.

Also, apart from the personal data we directly collect from you, we collect your personal data from external sources.  We may get your contact details and professional profile from: 

• Recruitment or executive search agencies;
• Professional networking sites or other public sources such as social media and job boards.

If you are offered a position with us, we’ll also collect: 

• Results of background checks relating to you. This will include information about criminal convictions, and your immigration status, if you are not from the UK;
•  References from previous employers.

How we use your information

In the UK, we need to have a legal basis to process your personal data. These are:

• Contract – Where we need to process your personal data to take steps prior to entering into an employment contract (or other type of contract) with you;
• Our Legal Duty – Where there is a law or regulation saying we must process your personal data to decide whether to enter into an employment contract (or other type of contract) with you;
• Our Legitimate Interest – Where it is necessary for us to use your personal data for our legitimate interests.  It means using the data in a way which doesn’t override your interests and fundamental rights and freedoms;
• Public Interest – Where we need to use the information to perform a specific task in the public interest;
• Vital Interest – Where we need to use your information to protect your life, or someone else’s life, and have no way of asking for your permission;
• Consent – We have your consent to process your personal data for a specific purpose.

In this section, we explain which one we rely on to use your data during the recruitment process. 

We need to use your data to enter into a contract with you, so we can:

• Contact you during the application process;
• Carry out background checks;
• Carry out fraud prevention checks;
• Consider your suitability for the role you are applying for;
• Get references and check information you provide in your CV.

We need to use your data to comply with the law, so we can:

• Check your right to work in the UK;
• Run criminal background checks (DBS);
• Learn about your fitness and suitability for a Senior Manager Role (as part of the Financial Conduct Authority’s ‘fit and proper test’) if applicable.

We need to use your data when it’s in our ‘legitimate interest’, so we can:

• Run our recruitment processes (including our applicant tracking system);
• Keep a copy of your application data if you let us know you want to be considered for other roles.

We need your consent to use your data, so we may ask:

• For your permission to carry out criminal background checks for all roles;
• If you want to share details about yourself on a voluntary basis to help us with our diversity and inclusion monitoring.

Special Category Data – What is it and how do we use it?

Special category data is information that can reveal a person’s racial or ethnic origin, political opinions, religious or philosophical beliefs or trade union membership, as well as genetic or biometric data (if used for identification purposes) and data concerning a person’s health, sex life or sexual orientation. We may need to process special category data about job applicants. In the UK, the law states that we need a second lawful basis to process special category data in addition to contractual or legal duty, legitimate interest, public interest, vital interest or consent. This second lawful basis can be: explicit consent, exercising legal rights in the field of employment, protecting vital interests, establishing, defending or exercising legal claims or reasons of substantial public interest. We can also process special category data that applicants have chosen to share publicly. In this section we explain which lawful bases we rely on to use your ‘special category’ data in a certain way.

Using the data is necessary for reasons of substantial public interest.

When you apply for a job with us, we collect information you share about your sexuality, racial and ethnic origin, religious or philosophical beliefs and health with your consent and for reasons of substantial public interest. We need to use this information to make sure we give job applicants equal opportunity and treatment regardless of their demographic. Providing this data is voluntary and does not affect your application in any way and remains anonymous.

Who we share your data with

Organisations that help us recruit and therefore need to process your personal data

• Recruitment or executive search agencies that help us with the recruitment process;
• Our third party supplier, a company who runs background and reference checks on our behalf and help us with background checks;
• Credit reference agencies in order to conduct financial checks (with your authorised consent).

References if your application is successful  

• We contact references you have listed to learn more about you. We only tell them your name and who we are.

The FCA and other authorities  

• We have a legal duty to let the FCA know about certain roles we fill. This includes declaring if a candidate (for a certified and senior role) has a criminal record in certain circumstances.

Public bodies  

• We ask the Disclosure and Barring Service to check your criminal record.

Consultants and legal advisors  

• We may share your details with consultants and legal advisors if this is necessary to resolve an issue or get advice on your suitability for a role.

How long do we keep your data?

If your application is unsuccessful, we keep your CV and other personal data related to your application for 1 year in case we face a legal challenge about our decision.  If you are unsuccessful but would like us to keep your information for other job vacancies, we keep your data for two years. If you would like to delete your details from the system you can do this anytime by accessing your candidate area. If your application is successful and you take up a role at the Bank, the staff privacy notice will be made available to you which explains how we gather and use data about you during your employment.

Where we store or send your data

In order to make an offer, your personal data (Name, Surname, Passport, education background, work experience, role applied for, job title and department) will be shared with HR in Head Office China in order to obtain approval to hire.  Where we share your data with Head Office China, we use specific contracts approved by the European Commission or the United Kingdom which gives your personal data the same protection that it has in the UK or EEA.   

If you would like further information about the specific mechanisms we use when transferring your personal data out of the UK or EEA, please write to: Data Protection Officer, Bank of China (UK) Limited, 1 Lothbury, London, EC2R 7DB or email datapro.uk@bank-of-china.com  

Your rights

You have a right to:

• Access the personal data we hold about you (make a data subject access request);
• Ask for a copy of your personal data in a portable (machine-readable) format or make us send it to someone else;
• Ask us to correct inaccurate data;
• Ask us to delete, block or suppress your data. For legal reasons, we might not always be able to do so. There may be times when we continue to use your data when we say it’s in our ‘legitimate interest’ or we have a legal duty to do so;
• Withdraw any consent you’ve given us;
• Ask a member of staff to review an automated decision.

How to make a complaint

If you have a complaint about how we use your information, please contact our Data Protection Officer, Bank of China (UK) Limited, 1 Lothbury, London, EC2R 7DB or email datapro.uk@bank-of-china.com  

If you’re still unsatisfied you can refer your complaint to the UK’s data protection regulatory body, the Information Commissioner’s Office (ICO).  For more details, visit their website at ico.org.uk.