Apron

Candidate Data Privacy Policy

Last updated - September 2025

Apron Payments Ltd ("Apron" or "we" or "us" or "our") is committed to protecting and respecting your privacy.

This Privacy Policy describes how we will process your personal data for recruitment-related activities, because you are applying to work with us as an employee, worker or contractor. The data we collect from you or that you provide to us, will be processed by us. Apron of 201 Bishopsgate, EC2M 3AB, London, United Kingdom is the data controller of information processed under this Privacy Policy, this means that we are responsible for deciding how we hold and use personal information about you.

Please read the following carefully to understand our practices regarding handling of your personal data and how we will treat it as part of our recruitment processes. It provides you with certain information that must be provided under the UK General Data Protection Regulation (“UK GDPR”). If you have any questions about this Privacy Policy, please contact us at dpo@getapron.com.

  1. DATA PROTECTION PRINCIPLES

    We will comply with data protection law and principles, which means that your data will be:

    1. Used lawfully, fairly and in a transparent way.
    2. Collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes.
    3. Relevant to the purposes we have told you about and limited only to those purposes.
    4. Accurate and kept up to date.
    5. Kept only as long as necessary for the purposes we have told you about.
    6. Kept securely.
  2. INFORMATION WE COLLECT FROM YOU

    We will collect and process the following information about you:

    Information you give us

    You may give us information about you by applying through a third party job board, filling in forms online, corresponding with us by phone, email or otherwise or through a Recruitment Agency or other third party.

    The information you give us may include:

    1. Contact information such as name, email address, and phone number, etc;
    2. Home Address;
    3. Date of birth;
    4. Gender;
    5. Marital status;
    6. Your image or a recording of you;
    7. Profile photo, job title, and other details to your employment information;
    8. Copy of your passport, driving license or similar identification documentation;
    9. Education history;
    10. Immigration status and work permits;
    11. Information provided by you during screening calls and interviews, including past and current employment information, desired salary and other concepts related to your compensation package information including benefits, willingness to relocate and other job preferences;
    12. Criminal Records (if applicable);
    13. Information required to draft your employment contract;
    14. Other information provided by you in your Resume or cover letter;
    15. Interview notes and recordings;
    16. Diversity information (such as race and ethnicity); and
    17. Information about your health, such as any disability you might have.
  3. INFORMATION PROVIDED BY THIRD PARTIES

    We collect most of the personal data described in Section 3 from you directly.

    We might also collect personal data about you from third parties, such as the following:

    1. Feedback from current Apron employees who refer you to work with us;
    2. Governmental authorities;
    3. Your nominated referees who you asked to provide us with references;
    4. Any third party recruitment online testing partners we work with;
    5. Where allowed by law, any background screening providers, credit reference agencies, fraud prevention agencies, sanction screening and criminal convictions screening agencies, etc; and
    6. Where allowed by law, other publicly available sources, such as social media networking sites (such as LinkedIn, Instagram or Twitter).
  4. WHY WE COLLECT YOUR INFORMATION

    We collect and process your data for recruitment only purposes, including but not limited to:

    1. Hire the best candidates for a role based on a job description;
    2. Conduct pre-employment checks as permitted by law;
    3. Analyse and monitor the diversity of applicants and candidates;
    4. Manage the performance of our recruitment processes;
    5. Retain applications for future vacancies, unless you object in which case we will not use it for this purpose;
    6. Store your data securely when an application has been made on your behalf (including referrals and recruitment agencies);
    7. Comply with our obligations under employment and social security law, including carrying out right-to-work checks; and
    8. Search for suitable candidates either by our internal recruitment tools or via third parties.

    If you fail to provide information when requested, which is necessary for us to consider your application (such as evidence of qualifications or work history), we will not be able to process your application successfully. For example, if we require a credit check or references for this role and you fail to provide us with relevant details, we will not be able to take your application further.

  5. HOW WE USE YOUR SENSITIVE PERSONAL INFORMATION

    Where appropriate we will use your particularly sensitive personal information in the following ways:

    1. We use information about disability to consider whether we need to provide appropriate adjustments during the recruitment process, for example whether adjustments need to be made during a test or interview;
    2. We use information about racial or ethnic origin, religious or philosophical beliefs, disability or sexual orientation to ensure meaningful equal opportunity monitoring and reporting.
  6. DATA SHARING

    We will only share your personal information with the following third parties for the purposes of processing your application: Ashby Inc. (ATS). All our third-party service providers are required to take appropriate security measures to protect your personal information in line with our policies. We do not allow our third-party service providers to use your personal data for their own purposes. We only permit them to process your personal data for specified purposes and in accordance with our instructions.

  7. DATA SECURITY

    We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal information to those employees, agents, contractors and other third parties who have a business need-to-know. They will only process your personal information on our instructions and they are subject to a duty of confidentiality.

    We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.

  8. DATA RETENTION

    We will retain your personal information for a period of 12 months after we have communicated to you our decision about whether to appoint you to the role. We retain your personal information for that period so that we can show, in the event of a legal claim, that we have not discriminated against candidates on prohibited grounds and that we have conducted the recruitment exercise in a fair and transparent way. After this period, we will securely destroy your personal information in accordance with applicable laws and regulations.

    If we would like to retain your personal information on file, on the basis that we might be able to consider you for an opportunity that may arise in future, we will write to you separately, seeking your explicit consent to retain your personal information for a fixed period for that purpose.

  9. YOUR RIGHTS IN RELATION TO YOUR PERSONAL INFORMATION

    Under certain circumstances, by law you have the right to:

    1. Request access to your personal information (commonly known as making a "data subject access request"). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.
    2. Request rectification of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
    3. Request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing.
    4. Object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes.
    5. Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it.
    6. Request the transfer of your personal information to another party.

    If you want to review, verify, correct or request erasure of your personal information, object to the processing of your personal data, or request that we transfer a copy of your personal information to another party, please contact our data protection officer at dpo@getapron.com.

  10. COMPLAINTS

    If you have any questions or concerns about this privacy notice or how we handle your personal information, please contact our data protection officer who has been appointed to oversee compliance with this privacy notice and whose contact details are above.

    You have the right to make a complaint at any time to the Information Commissioner's Office (“ICO”) who is responsible for data protection issues in the UK.

  11. PROFILING AND AUTOMATED DECISION-MAKING

    We may use automated decision-making in the form of online assessments during our hiring process, i.e. through application forms. These are designed to assess whether or not you would be suitable for the role at Apron. These online assessments will determine whether or not to progress your application based on your answers given the parameters we configured.

    Additionally, we may use a tool to screen your CV during the application process. This is necessary for us given we receive a large number of applications for our vacancies and this helps us ensure all of them can be reviewed and evaluated on their merits.

  12. INTERNATIONAL TRANSFERS

    The personal data that we collect or receive about you may be transferred to and processed by our partners and suppliers that are located inside or outside the United Kingdom. We will take all necessary measures to ensure that transfers out of the UK are adequately protected as required by applicable data protection laws.

    With regards to data transfers to countries not providing an adequate level of data protection, we rely on appropriate safeguards, such as standard data protection clauses adopted by a relevant regulator or supervisory authority, approved codes of conduct together with binding and enforceable commitments of the recipient, or approved certification mechanisms together with binding and enforceable commitments of the recipient. You can ask for a copy of such appropriate safeguards by contacting us at info@getapron.com.

  13. CHANGES

    This privacy policy may be amended by Apron at any time and we will update it to our website.