At Hiscox, your privacy matters to us and we are committed to protecting it. Our privacy policies and notices explain what personal data we collect about you and how we use it. If you wish to find out further details, rights in relation to your personal data, or the procedures that we have in place to safeguard your privacy then please review the full notice or contact us directly via [email protected].
It is important to read this Recruitment Privacy Notice together with any separate privacy notices that we may provide when collecting personal data from you.
This recruitment privacy notice explains how we collect and use personal data for:
- Applicants and candidates
- Example: data collected during a recruitment process for a role with Hiscox
- All current colleagues, including all current employees, workers, individual contractors, contingent workers, interns, agency workers, consultants, directors and third parties whose information is provided to us in connection with one of these relationships
- Example: next-of-kin, emergency contact and dependents information held by Hiscox during the context of employment
- All former colleagues
- Example: historic employment records and any pension information
This recruitment privacy notice is issued on behalf of the Hiscox Group, therefore this notice refers to our global privacy standards. Where relevant and applicable, Hiscox complies with local privacy laws.
Factors such as your nationality or the region in which our Business is located means our compliance obligations include, but are not limited to: the General Data Protection Regulation 2016/679 (‘EU GDPR’), and the data protection laws applicable in the EEA countries where we operate, the UK General Data Protection Regulation (‘UK GDPR’) and the UK Data Protection Act 2018; the California Consumer Privacy Act 2018 (‘CCPA’) 2018, Bermuda Personal Information Protection Act 2016 (‘PIPA’); and The Data Protection (Bailiwick of Guernsey) Law, 2017 (‘DPL 2017’).
Country Supplements and local Privacy Notices
Certain Hiscox subsidiaries may be required to adhere to local data protection laws that require the disclosure of their own country specific privacy notices (that are provided to you by our local Hiscox subsidiary at the time of personal data collection during the recruitment process). You can access the country specific supplements by clicking on the countries below (available in English and local languages, where applicable):
- United Kingdom
- Bermuda
- United States
- Guernsey
- Spain
- Portugal
- Ireland
- Belgium
- France
- Germany
- Luxemburg
- Netherlands
We may amend our Privacy Notices from time to time to keep up to date with current legal requirements and the way we operate our business.
Any questions or details required regarding pre-employment background screening checks should be directed to the Central People Operations Team [email protected] and/or for any questions about how your Personal Data is managed, please contact the Group Data Protection Officer via [email protected].
Cookies Policy
Cookies are small text files that are placed on your computer or mobile device by websites that you visit. They are widely used in order to make websites work, or work more efficiently, as well as to provide information to the owners of the site. The cookies we have used in the recruitment portal (Workday) are strictly necessary to operate the website and allow you to apply for a job.
On Workday,
| Cookie subgroup | Cookies | Description | Cookies type | Cookie duration |
| Session experience | PLAY_LANG, PLAY_SESSION, timezoneOffset, wd-browser-id | Session experience– user, device, and session ID cookies along with timestamp cookies for timing out sessions after inactivity. These cookies expire at the end of the session. | First party | Session |
| Security Management | TS* | Security Management - Helps prevent cyber attacks on the user’s interactions with the enterprise cloud applications. Verifies that the domain and subdomain cookies sent between the web server and the client aren’t altered. | First party | Session |
| Security Management | CALYPSO_CSRF_TOKEN | Security Management - Contains a CSRF token to prevent cross-site request forgery attacks, that is, to prevent a user from carrying out unintended operations on the career site | First party | Session |
| Security Management | __cf_bm | Security Management - To identify and mitigate automated traffic to protect the Platform from malicious bots. | First party | After 30 mins of inactivity |
| Load balancing | Naming convention of WorkdayLB_*
WorkdayLB_UICLIENT, WorkdayLB_SAS | Load balancing - to forward requests for a single session to the same server for consistency of service. | First party | Session |
At Hiscox, your privacy matters to us and we are committed to protecting it.
