Hiscox Recruitment and Employment Data Privacy Notice

At Hiscox, your privacy matters to us and we are committed to protecting it. Our privacy policies and notices explain what personal data we collect about you and how we use it. If you wish to find out further details, rights in relation to your personal data, or the procedures that we have in place to safeguard your privacy then please review the full notice or contact us directly via [email protected].

It is important to read this Recruitment Privacy Notice together with any separate privacy notices that we may provide when collecting personal data from you.

This recruitment privacy notice explains how we collect and use personal data for:

  • Applicants and candidates
    • Example: data collected during a recruitment process for a role with Hiscox
  • All current colleagues, including all current employees, workers, individual contractors, contingent workers, interns, agency workers, consultants, directors and third parties whose information is provided to us in connection with one of these relationships
    • Example: next-of-kin, emergency contact and dependents information held by Hiscox during the context of employment
  • All former colleagues
    • Example: historic employment records and any pension information

This recruitment privacy notice is issued on behalf of the Hiscox Group, therefore this notice refers to our global privacy standards. Where relevant and applicable, Hiscox complies with local privacy laws.

Factors such as your nationality or the region in which our Business is located means our compliance obligations include, but are not limited to: the General Data Protection Regulation 2016/679 (‘EU GDPR’), and the data protection laws applicable in the EEA countries where we operate, the UK General Data Protection Regulation (‘UK GDPR’) and the UK Data Protection Act 2018; the California Consumer Privacy Act 2018 (‘CCPA’) 2018, Bermuda Personal Information Protection Act 2016 (‘PIPA’); and The Data Protection (Bailiwick of Guernsey) Law, 2017 (‘DPL 2017’).

Country Supplements and local Privacy Notices

Certain Hiscox subsidiaries may be required to adhere to local data protection laws that require the disclosure of their own country specific privacy notices (that are provided to you by our local Hiscox subsidiary at the time of personal data collection during the recruitment process). You can access the country specific supplements by clicking on the countries below (available in English and local languages, where applicable):

We may amend our Privacy Notices from time to time to keep up to date with current legal requirements and the way we operate our business.

Any questions or details required regarding pre-employment background screening checks should be directed to the Central People Operations Team [email protected]  and/or for any questions about how your Personal Data is managed, please contact the Group Data Protection Officer via [email protected].

Cookies Policy 

Cookies are small text files that are placed on your computer or mobile device by websites that you visit. They are widely used in order to make websites work, or work more efficiently, as well as to provide information to the owners of the site. The cookies we have used in the recruitment portals (Workday and PeopleFleunt) are strictly necessary to operate the website and allow you to apply for a job. 

On Workday,

Cookie subgroupCookies DescriptionCookies typeCookie duration
Session experience





Session experience– user, device, and session ID cookies along with timestamp cookies for timing out sessions after inactivity. These cookies expire at the end of the session.First partySession
Security ManagementTS*Security Management - Helps prevent cyber attacks on the user’s interactions with the enterprise cloud applications. Verifies that the domain and subdomain cookies sent between the web server and the client aren’t altered.First partySession
Security ManagementCALYPSO_CSRF_TOKENSecurity Management - Contains a CSRF token to prevent cross-site request forgery attacks, that is, to prevent a user from carrying out unintended operations on the career siteFirst partySession
Security Management__cf_bmSecurity Management - To identify and mitigate automated traffic to protect the Platform from malicious bots.First partyAfter 30 mins of inactivity
Load balancing

Naming convention of WorkdayLB_*




Load balancing - to forward requests for a single session to the same server for consistency of service. First partySession


On PeopleFluent,

JSESSIONIDGeneral purpose platform session cookie, used by sites written in JSP. Usually used to maintain an anonymous user session by the server.Session



This cookie is set by the cookie compliance solution from OneTrust. It stores information about the categories of cookies the site uses and whether visitors have given or withdrawn consent for the use of each category. It contains no information that can identify the site visitor.365 days