Skip to content

Frontline regards the lawful and correct treatment of personal data as critical to successful working and to maintaining the confidence of those with whom we deal. Frontline intends to ensure that personal information is treated lawfully and correctly. To this end, Frontline will adhere to the General Data Protection Regulations (GDPR) and any other current data protection or privacy legislation.

Frontline is a data controller. If you have any concerns about the privacy of your data then please contact Data Protection Officer, Frontline, Coram Campus, 41 Brunswick Square, London WC1N 1AZ or email

As part of any staff and volunteer recruitment process, Frontline collects and processes personal data relating to job applicants.

What information do we collect?

Frontline collects a range of information about you. This includes:

If you are applying for our student opportunities (e.g. campus brand managers, internships) we may ask you to participate in a recorded video interview.

We may process special categories of data, such as information about ethnic origin, sexual orientation or religion or belief, to monitor recruitment statistics. We may also collect information about whether or not applicants are disabled to make reasonable adjustments for candidates who have a disability. We process such information to carry out its obligations and exercise specific rights in relation to employment.

Job offers offer can be conditional upon satisfactory Disclosure and Baring Service (DBS) checks.

Frontline may collect this information in a variety of ways. For example, data might be contained in application forms, CVs or resumes, obtained from your passport or other identity documents, or collected through interviews or other forms of assessment.

We may also collect personal data about you from third parties, such as references supplied by former employers. We will seek information from third parties only once a job offer to you has been made and will inform you that we are doing so.

Data will be stored in a range of different places, including on your application record, in HR management systems and on other IT systems (including email).

International transfers of your data

Data processors are third parties who provide elements of our services for us. We have contracts in place with our data processors some of whom are international companies. If the companies store your data within the EEA then this is deemed to provide adequate safeguards under EU law. If they do not, and are a not listed in an EU-approved third country list, then we follow GDPR guidance to ensure the individual processors in question have adequate safeguards to protect your data and this is formally agreed with the contract with hold with them. Below is a list or processors we use that involve international transfers and information relating to the safeguards.

Cezanne HR

Your data (if your are employed by Frontline) will be stored in Cezanne HR system which uses Amazon Web Services for data storage and processing. Cezanne warrants that all copies of data held including by its Sub-Processors, including backup copies and including any temporary copy created for purposes of system resilience or for better performance, will be stored only in the European Economic Area (EEA).

Salesforce/Amberjack/Form Assembly/Microsoft Office

If you are applying for one of our student opportunities, including Brand Managers and Internships then either directly, or indirectly via the software applications we use (Form Assembly and Microsoft Office), your personal data is stored in a Salesforce database or with Microsoft. Data includes application forms, survey responses, assessment results, academic and professional data and contact management including emails.

Salesforce, Amberjack, Form Assembly and Microsoft are international companies but your personal data are only stored in data centres within the EU. These companies can, with our agreement, move data outside of EU data centres providing GDPR rules are followed. For example, Salesforce complies with the EU recognised US Privacy Shield and Binding Corporate Rules to legitimise international transfers.  Amberjackand Microsoft provide inter-company Global Data Processing and Transfer Agreements, which incorporate the requirements of the GDPR and include the use of the EU Standard Contractual Clauses for transfers of data outside the EEA. These agreements facilitate the secure movement of personal data internationally whilst ensuring that all processing activities comply with the GDPR.

For further safeguards information please use the following links:

In selecting further third party international processors in the future we will ensure that we follow the same GDPR safeguards as above and amend the online versions of this privacy statement to reflect any changes.

Why do we process this personal data?

We need to process data to take steps at your request prior to entering into a contract with you. We may also need to process your data to enter into a contract with you.

In some cases, we need to process data to ensure that we are complying with its legal obligations. For example, it is mandatory to check a successful applicant’s eligibility to work in the UK before employment starts.

Frontline has a legitimate interest in processing personal data during the recruitment process and for keeping records of the process. Processing data from job applicants allows us to manage the recruitment process, assess and confirm a candidate’s suitability for employment and decide to whom to offer a job. We may also need to process data from job applicants to respond to and defend against legal claims.

If your application is unsuccessful, Frontline may keep your personal data on file in case there are future employment opportunities for which you may be suited. In submitting your application you consent for us to hold your data for this period, but you are free to withdraw your consent at any time.

Who has access to data?

Your information may be shared internally for the purposes of the recruitment process with staff who are directly involved in the recruitment process.

We will not share your data with third parties, unless your application for employment is successful and we make you an offer of employment. We will then share your data with former employers to obtain references for you, employment background check providers to obtain necessary background checks.

How do we protect your data?

We take the security of your data seriously. We have internal policies and controls in place to ensure that your data is not lost, accidentally destroyed, misused or disclosed, and is not accessed except by our employees in the proper performance of their duties.

For how long do we keep your data?

If your application for employment is successful, personal data gathered during the recruitment process will be transferred to your Human Resources file (electronic and paper based) and retained during your employment. The periods for which your data will be held will be provided to you in a new privacy notice.

If your application for employment is unsuccessful, the organisation will hold your data on file for six months after the end of the relevant recruitment process for consideration for future employment opportunities.

Your rights

As a data subject, you can:

If you would like to exercise any of these rights, please contact

If you believe that the organisation has not complied with your data protection rights, you can complain to the Information Commissioner.

What if you do not provide personal data?

You are under no statutory or contractual obligation to provide data to us during the recruitment process. However, if you do not provide the information, we may not be able to process your application properly or at all.

Ver 3.0
Feb 2022