Hiscox Recruitment and Employment Data Privacy Notice

At Hiscox, your privacy matters to us and we are committed to protecting it. Our privacy policies and notices explain what personal data we collect about you and how we use it. If you wish to find out further details, rights in relation to your personal data, or the procedures that we have in place to safeguard your privacy then please review the full notice or contact us directly via [email protected].

It is important to read this Recruitment Privacy Notice together with any separate privacy notices that we may provide when collecting personal data from you.

This recruitment privacy notice explains how we collect and use personal data for:

  • Applicants and candidates
    • Example: data collected during a recruitment process for a role with Hiscox
  • All current colleagues, including all current employees, workers, individual contractors, contingent workers, interns, agency workers, consultants, directors and third parties whose information is provided to us in connection with one of these relationships
    • Example: next-of-kin, emergency contact and dependents information held by Hiscox during the context of employment
  • All former colleagues
    • Example: historic employment records and any pension information

This recruitment privacy notice is issued on behalf of the Hiscox Group, therefore this notice refers to our global privacy standards. Where relevant and applicable, Hiscox complies with local privacy laws.

Factors such as your nationality or the region in which our Business is located means our compliance obligations include, but are not limited to: the General Data Protection Regulation 2016/679 (‘EU GDPR’), and the data protection laws applicable in the EEA countries where we operate, the UK General Data Protection Regulation (‘UK GDPR’) and the UK Data Protection Act 2018; the California Consumer Privacy Act 2018 (‘CCPA’) 2018, Bermuda Personal Information Protection Act 2016 (‘PIPA’); and The Data Protection (Bailiwick of Guernsey) Law, 2017 (‘DPL 2017’).

Country Supplements and local Privacy Notices

Certain Hiscox subsidiaries may be required to adhere to local data protection laws that require the disclosure of their own country specific privacy notices (that are provided to you by our local Hiscox subsidiary at the time of personal data collection during the recruitment process). You can access the country specific supplements by clicking on the countries below (available in English and local languages, where applicable):

 

Recruitment notice – Hiscox and Wilson

Who are we?

Hiscox is a global insurance group. The specific Hiscox company referred to in this notice will depend on the jurisdiction in which you are applying for a role. You can find further details in the relevant Country Supplement set out above. 

Wilson HCG-EMEA Ltd is a company registered in England under company number 05544845 whose registered office is at 5 Churchill Place, 10th Floor, London, E14 5HU ("Wilson").

Both Hiscox and Wilson (referred to in this notice collectively as "we", "us", and "our") are committed to respecting your privacy rights and protecting your personal information. This notice sets out the details of how we use your personal information when we work together in relation to recruitment and selection for roles at Hiscox.

Hiscox has partnered with Wilson, a specialist recruitment services provider, to help find and recruit the best talent for roles at Hiscox. 

For certain recruitment activities, we work together as "Joint Controllers" of your personal information. This means that we both work together to decide why and how your personal information is used, and we are both responsible for using your personal information in compliance with data protection laws. 

We are Joint Controllers for activities including sourcing the best talent, initial screening of applications, and manging potential candidates for current or future roles at Hiscox. 

This notice tells you what personal information we collect as Joint Controllers, why we need it, how we use it, and how you can exercise your data protection rights. 

We will not be Joint Controllers for all of the activities undertaken as part of the recruitment process. In such circumstances, our individual privacy notices will set out how we each use and protect your personal information.

  • Hiscox will always be solely responsible for making the final decision about making a job offer and on-boarding successful candidates (including carrying out pre-employment background checks).
  • As part of our arrangement, Wilson will be Hiscox's data processor for some of the activities undertaken, including administrative tasks such as scheduling interviews or informing you if your application has been unsuccessful. This means that Wilson will only use your personal information under the instructions of Hiscox.

You can find out further details of how each of us individually protect and use your personal information by clicking on the links to our respective privacy notices below.

Hiscox: available here.

Wilson: available here

 

We have worked together to set out our arrangements to ensure that your personal information is always processed and protected in compliance with data protection obligations. For example:

  • We have worked together to prepare this notice and Wilson will be responsible for providing you with a copy.
  • Wilson will ensure that your personal information is collected fairly and lawfully and is accurate and up to date.
  • Hiscox will have primary responsibility for responding to any request to exercise your data protection rights. Please see below for details regarding how to do this.
  • Each of us will be responsible for our own data security measures, engaging third parties and record keeping.

We collect and process the following personal information:

  • Name and contact information
  • Location
  • Education
  • Work history
  • Certifications
  • Other personal information customary for recruitment purposes used in the ordinary course of recruitment. 

We collect your personal information:

  • From you: we collect your personal information directly from you, for example if you submit your CV or communicate with us about a role at Hiscox.
  • From professional networking sites: we use sites including LinkedIn, specialist job boards, professional societies, and developer communities to gather personal information about potential talent for Hiscox roles.

We share your personal information with each other to ensure the smooth running of the recruitment process. Further information about who we each share your personal information with and our transfers of personal data outside of the UK is set out in our individual privacy notices which you can access using the links above.

When we act as Joint Controllers, one or both of us will process your personal information for the following reasons:

  • Candidate sourcing – we (primarily Wilson) carry out activities related to the sourcing of potential candidates for Hiscox roles. This includes finding potential candidates that have not pro-actively got in contact with us about a specific role. To do this, Wilson carries out market research and uses professional networking sites as outlined above to help identify potential talent and make contact about Hiscox roles.
  • Candidate screening – if you have submitted a CV or applied for a role, we will review your application, prepare long and short-lists for specific roles, and make recommendations regarding next steps.
  • Future candidate management – sometimes you may not be successful for a particular role, but we recognise that you do have relevant skills and experience that could make you suitable for future roles at Hiscox. To help us recruit for future roles, we manage and maintain a talent pool of potential candidates and may contact you in the future about other roles at Hiscox.

We do not carry out any automated decision making in respect of the above activities. 

  • Legitimate interests - for our legitimate interests as a recruiter (Wilson) and as an employer (Hiscox) in order to source and appoint the best talent for roles at Hiscox. Where we rely on legitimate interests as the reason for processing personal information, we have considered whether those interests are overridden by any separate rights or freedoms of candidates, and have concluded that they are not.
  • Contract (for Hiscox only) – processing which is necessary in order to enter into a contract of employment between you and Hiscox
  • Consent –  we will seek your consent where we would like to retain your personal information for the purposes of contacting you about future roles at Hiscox. 

 

We are each committing to protecting your personal information and have implemented technological and organisational security measures to do so. You can find details of the security measures we each have in place in our individual privacy notices which you can access using the links above.

Where we are Joint Controllers, in most cases, your personal information will be retained for six months after the date of the recruitment decision unless you provide your consent for your details to be retained for future roles.

Full details of how long we can keep your personal information for can be found in our individual privacy notices which you can access using the links above.

You have a number of rights in relation to the personal information that we hold about you (subject to certain exemptions):

  • to access and obtain copies of your personal information
  • to rectify inaccurate information
  • to erase your personal information in certain circumstances
  • to restrict how we use your personal information in certain circumstances
  • to object to our processing of your personal information in certain circumstances
  • to ask us to transfer your personal information to another organisation in certain circumstances

Further details about these rights can be found in our individual privacy notices.

You are entitled to exercise your data protection rights by contacting either Hiscox or Wilson. However, we recommend that you contact Hiscox in the first instance using the details set out below. 

We will keep each other informed about your request and co-operate with each other to respond to your request.

We each have a dedicated contact for any queries relating to your personal information including where you wish to exercise your data protection rights:

Hiscox: contact our Group Data Protection Officer contacted at [email protected]

Wilson: contact our Data Protection Officer at [email protected]

We may update this Privacy Notice from time to time to keep up with current legal requirements and the way we work together.

Version 2nd June 2025.

We may amend our Privacy Notices from time to time to keep up to date with current legal requirements and the way we operate our business.

Any questions or details required regarding pre-employment background screening checks should be directed to the Central People Operations Team [email protected]  and/or for any questions about how your Personal Data is managed, please contact the Group Data Protection Officer via [email protected].

Cookies Policy 

Cookies are small text files that are placed on your computer or mobile device by websites that you visit. They are widely used in order to make websites work, or work more efficiently, as well as to provide information to the owners of the site. The cookies we have used in the recruitment portal (Workday) are strictly necessary to operate the website and allow you to apply for a job. 

On Workday,

Cookie subgroupCookies DescriptionCookies typeCookie duration
Session experience

PLAY_LANG,

PLAY_SESSION,

timezoneOffset,

wd-browser-id

Session experience– user, device, and session ID cookies along with timestamp cookies for timing out sessions after inactivity. These cookies expire at the end of the session.First partySession
Security ManagementTS*Security Management - Helps prevent cyber attacks on the user’s interactions with the enterprise cloud applications. Verifies that the domain and subdomain cookies sent between the web server and the client aren’t altered.First partySession
Security ManagementCALYPSO_CSRF_TOKENSecurity Management - Contains a CSRF token to prevent cross-site request forgery attacks, that is, to prevent a user from carrying out unintended operations on the career siteFirst partySession
Security Management__cf_bmSecurity Management - To identify and mitigate automated traffic to protect the Platform from malicious bots.First partyAfter 30 mins of inactivity
Load balancing

Naming convention of WorkdayLB_*

 

WorkdayLB_UICLIENT,

WorkdayLB_SAS

Load balancing - to forward requests for a single session to the same server for consistency of service. First partySession

 

Latest news

Latest results

Latest report and accounts

Latest news

Latest news