Privacy & cookies

This privacy notice ‘Privacy Notice’ describes the ways in which we collect and use your data when you apply for a role with us or otherwise engage with us about a vacancy.

About this Policy

This Privacy Policy regulates the use by Tesco Personal Finance plc, trading as Tesco Bank and part of the Tesco Group (the data controller) of the personal data we process about you when using this website.

We are committed to doing the right thing when it comes to how we collect, use and protect your personal data. That’s why we’ve developed this Policy which: 

  • Sets out the types of personal data we collect;
  • Explains how we use your personal data;
  • Explains when and why we will share your personal data within the Tesco group and other third-party organisations: and
  • Explains the rights and choices you have when it comes to your personal data.

What data we collect

 As part of using this website we will process the following:

  • Your name
  • Your address
  • Your telephone number
  • Your email address
  • Your occupation
  • Communications between you and us about this website or job application
  • Information regarding your “right to work” in the UK
  • For certain roles, information connected to criminal background (DBS) checks,
  • Information you submit as part of any job application (for example your career history, education, salary and CV)
  • Information you may voluntarily submit as part of any equal opportunities questionnaire, including any self-declared disabilities that we would need to make a reasonable adjustment for to support your application and any possible future employment

In some cases, we may collect information about you that is not personally identifiable. Examples of this type of information are:

  • Type of Internet Browser you are using
  • Type of computer operating system you are using
  • The domain name of the website from which you linked to our site or advertisement

How we use your personal data

We use your personal data to:

  • Review and process your application
  • To keep you up-to-date on its progress
  • For data analytical, assurance and review purposes (for example by analysing your application to improve our recruitment process)
  • To resolve grievances and complaints that involve you
  • In relation to any equality questionnaire data, to monitor our equality and diversity composition.
  • In relation to any right to work information we collect, in order to ensure we comply with the law in employing you.
  • In relation to any criminal record checks we complete, in order to ensure we comply with company policy.

Legal basis of processing

In relation to:

  • personal data we process as part of our “right to work” checks, we process this because we are legally required to. If you do not provide us with this information, we will not be able to progress your application.
  • sensitive personal data we process as part of any equality questionnaire or as part of any criminal background (DBS) checks, we process this as permitted by employment laws.
  • all other uses of your personal data set out in this Policy, we process this because it is in our “legitimate interests” to do so. Our legitimate interests are:
    • operating a fair and transparent recruitment process 
    • recruiting and retaining the right candidates
    • ensuring candidates have the right skills and experience for any given role
    • resolving any complaints in a fair and transparent manner

Sharing your personal data

We may share your personal data with:               

  • Suppliers, service providers and partners who work with us and provide administration and support services. For example, but not restricted to, conducting right to work checks, candidate screening/assessment and, if applicable criminal background checks.
  • Other group companies, who provide us with administration and support services
  • Government agencies, regulatory bodies and law enforcement agencies where we are obliged to by law
  • Any third party who may acquire our business.

Fraud Prevention

We will use your data to make checks with national fraud databases.

We will share your data with the “Cifas” fraud prevention service to check your details against the Cifas databases established for the purpose of allowing organisations to record and share data on their fraud cases, other unlawful or dishonest conduct, malpractice, and other seriously improper conduct (“Relevant Conduct”) carried out by their staff and potential staff. “Staff” means an individual engaged as an employee, director, trainee, homeworker, consultant, contractor, temporary or agency worker, or self-employed individual, whether full or part time or for a fixed-term.

The personal data you have provided, we have collected from you, or we have received from third parties will be used to prevent fraud and other relevant conduct and to verify your identity.

Details of the personal information that will be processed include: name, address, date of birth, any maiden or previous name, contact details, document references, National Insurance Number, and nationality. Where relevant, other data including employment details will also be processed.

We and Cifas may also enable law enforcement agencies to access and use your personal data to detect, investigate, and prevent crime.

We process your personal data on the basis that we have a legitimate interest in preventing fraud and other Relevant Conduct, and to verify identity, in order to protect our business and customers and to comply with laws that apply to us. This processing of your personal data is also a requirement of your engagement with us.

Cifas will hold your personal data for up to six years if you are considered to pose a fraud or Relevant Conduct risk.

What this means for you

Should our investigations identify fraud or any other Relevant Conduct by you when applying for or during the course of your engagement with us, your new engagement may be refused or your existing engagement may be terminated or other disciplinary action taken (subject to your rights under your existing contract and under employment law generally).

A record of any fraudulent or other Relevant Conduct by you will be retained by Cifas and may result in others refusing to employ you. If you have any questions about this, please contact us using the details provided.

Transferring data overseas

Sometimes we send your personal data to another country. For example, if one of our service providers has a data centre overseas. Before sending your personal data to an overseas country outside the European Economic Area, we check that the organisation we are sending the data to will be able to keep your data secure. The EU Commission has listed certain countries as having adequate protection. We check if the country is listed. If it is not, we ask the organisation to sign the EU Commission’s ‘model contract’. This means they must meet EU standards of data protection. A copy of this type of contract can be found  here. Data protection | European Commission (

When your personal data is in another country, it could be accessed by law enforcement agencies in those countries. They do this to detect and prevent crime, or because the law says they must. For more information about sending your personal data overseas, you can contact our Data Protection Officer. Privacy & Cookie Policy - Tesco Bank

How we protect your personal data

We know how important it is to protect and manage your personal data and have the following measures in place to do this:

  • We use computer safeguards such as firewalls and data encryption
  • we enforce physical access controls to our buildings and files to keep this data safe, such as access cards and key control.
  • We only authorise access to colleagues who need it to carry out their job responsibilities
  • We protect the security of your information while it is being transmitted by encrypting it using appropriate data transfer solutions such as Secure Sockets Layer (SSL)
  • We may ask for proof of identity before we share your personal data with you.

How long we keep your personal data  

We will not keep your personal data longer than we need to, how long this is depend on several factors, including:

  1. Why we collected it in the first place;
  2. How old it is;
  3. Whether there is a legal/regulatory reason for us to keep it;
  4. Whether we need it to protect you or us.

Account Deactivation

If you do not use your careers centre account in any way, including reviewing or updating your information, or making a further job application, we will contact you to ask if you want to keep the account.  We will contact you 3 times to ask, after this time, your account will be automatically deleted.  This does not prevent you creating a new account or making any future job applications using the same email address.

Your rights and how to contact us

If you’d like to exercise your data subject rights, or have any questions or concerns about how we use your data, you can contact us:

By post: The Data Protection Officer, Tesco Bank, PO BOX 27009, Glasgow, G2 9EZ

By phone: 0345 1743155

By email:

Our Data Protection Officer supports us in answering any questions and acts as a point of escalation.

We’d like the chance to resolve any complaints you have, but you also have the right to complain to the Information Commissioner’s Office (the "ICO") about how we have used your personal data. Their website is

You have a number of data subject rights, which you can make at any time. In some cases, these rights have limitations, but we will always respond within one calendar month. If we cannot meet your request, we will explain why. We may get in touch sooner if we need extra information to help us find your personal data, or to verify your identity.

Other Data Protection Rights

In relation to your personal data, you also have the right to:

Have inaccurate information corrected

It is really important that the personal data we hold on you is accurate and that you notify us of any changes to your Personal Data so it can be updated as soon as it changes.

Object to our use of it

If you object we will then consider you objection to our use of your personal data. If on balance, your rights outweigh our interests in using your personal data, then we will at your request either restrict our use of it (see section c below) or delete it (see section d below).

Restrict our use of it

There are several situations when you can restrict our use of your personal data, this includes (but is not limited to):

  • You have successfully made an objection (listed in section b above).
  • You are challenging the accuracy of the Personal Data we hold.
  • We have used your Personal Data unlawfully, but you do not want us to delete it.

Have us delete it

There are several situations when you can have us delete your personal data, this includes (but is not limited to):

  • We no longer need to keep your personal data;
  • You have successfully made an objection (listed in section b above).
  • We have unlawfully processed your personal data.

The Data Protection Regulator

We would like the chance to resolve any complaints you may have; however you also have the right to complain to the UK data protection regulator (the ICO) about how we have used your personal data. Their website is

The ICO website also contains more information about your data subject rights that have been summarised above

Other websites

The Website may contain links to other sites which are outside our control and not covered by this policy. The operators of these sites may collect information from you that will be used by them in accordance with their policy, which may differ from ours.

Contact Us

To contact us about this policy please email

Changes to our policy

This policy replaces all previous versions and is correct as of [May 2018]. We reserve the right to change the policy at any time.

There’s a place for everyone. Find yours.

Search & apply