Privacy Policy
CANDIDATE PRIVACY NOTICE
Sodexo Ltd is the “Data Controller” responsible for your personal information.
Registered address:
One Southampton Row, London, WC1B 5HA
This means that Sodexo Ltd determines how and why your personal data is collected, used and stored.
Sodexo Ltd also manages the recruitment process on behalf of the following Sodexo companies, which are also Data Controllers:
- Sodexo Ireland Ltd – Fourth Floor, One Grand Parade, Dublin 6, D06 R9X8
- Sodexo Live UK Limited – One Southampton Row, London, WC1B 5HA
- Sodexo Remote Sites Scotland Ltd – The Exchange, 62 Market Street, Aberdeen, AB11 5PJ
- Sodexo Global Services Ltd – One Southampton Row, London, WC1B 5HA
- Heritage Portfolio Ltd – 49A North Fort Street, Edinburgh, EH6 4HJ
- Alliance in Partnership Ltd (including its subsidiaries, Class Catering Services Ltd and The Contract Dining Company Ltd) – One Southampton Row, London, WC1B 5HA
- MTS Health Ltd – One Southampton Row, London, WC1B 5HA
- The Good Eating Company Ltd – One Southampton Row, London, WC1B 5HA
Sodexo is part of the Sodexo Group, an international organisation founded in France and now operating in over 80 countries worldwide. Sodexo Ltd supports its subsidiary companies (and occasionally those of its parent company) with recruitment activities.
In the UK and Ireland, your personal data may be shared with other Sodexo entities within the UK or the European Economic Area (EEA) where joint services such as HR, payroll, legal, or IT are provided.
For more information about the Sodexo Group, please visit our website: www.sodexo.com.
If you have any questions or concerns about data protection, you can contact our Data Protection Officer (DPO) at: dataprotection.ukandie@sodexo.com
1. DATA PROTECTION PRINCIPLES
We are committed to complying with all applicable data protection laws and principles. This means your personal data will be:
- Processed lawfully, fairly, and in a transparent manner.
- Collected only for specific, legitimate purposes that we have clearly explained to you, and not used in any way that is incompatible with those purposes.
- Relevant and limited to what is necessary in relation to the purposes for which it is processed.
- Accurate and kept up to date.
- Retained only for as long as necessary to fulfil the purposes we have outlined.
- Stored and handled securely.
Types of Data, Purpose, and Lawful Basis for Processing:
|
Type of Data |
Purpose (Why We Use It) |
Lawful Basis for Processing |
|
Information provided in your CV, cover letter, or online registration (e.g. name, contact details, employment history, qualifications, ID, and right to work documents) |
• Assess your skills, qualifications, and suitability for the role. |
• Necessary steps to enter into a contract. |
|
Information obtained from interviews, correspondence, and assessments (including test or assessment centre results) |
• Evaluate your suitability for the role. |
• Necessary steps to enter into a contract. |
|
Information exchanged with recruitment agencies (where applicable) |
• Assess suitability and communicate via the agency. |
• Necessary steps to enter into a contract. |
|
References, criminal record data, and other background checks (where relevant to the role) |
• Assess suitability for the role. |
• Necessary steps to enter into a contract. |
|
Information about health conditions disclosed to us |
• Determine reasonable adjustments during the recruitment process or employment. |
• Legal obligation. |
|
Information about background and personal circumstances (e.g. ethnicity, disability, age, religious beliefs, gender, sexual orientation or gender reassignment) |
• Monitor, promote, and report on equal opportunities and diversity. |
• Compliance with legal obligations and legitimate interests in ensuring meaningful equality, diversity, and inclusion monitoring and reporting. |
2. IF YOU FAIL TO PROVIDE INFORMATION
Failure to provide the information requested, where it is necessary for us to evaluate your suitability for the role (for example, evidence of qualifications or previous employment), will mean we are unable to process your application.
3. AUTOMATED DECISION-MAKING
You will not be subject to any decisions that have a significant effect on you based solely on automated decision-making.
4. DATA SHARING
We will only share your personal information with third parties when it is necessary to process your application. For example, this may occur if the role is based at a client’s premises, your application is submitted through a recruitment agency, or additional background checks are required, which will be clearly communicated to you.
Otherwise, your personal data may be shared within the Sodexo Group of Companies only when necessary and where joint services are provided. We have implemented appropriate safeguards to ensure your personal data is adequately protected, even when it is processed by another Sodexo entity that did not originally collect it.
Sodexo has adopted the Sodexo Binding Corporate Rules (BCRs) across the Group. This ensures that, even if your personal data is processed by entities located outside the European Economic Area (EEA), it is afforded the same level of protection as if it were processed by an entity within the EEA.
5. DATA SECURITY
We have implemented appropriate security measures to protect your personal information from accidental loss, unauthorised access, misuse, alteration, or disclosure. Access to your personal information is restricted to employees, agents, contractors, and other third parties who need it for legitimate business purposes. These individuals process your personal information only on our instructions and are bound by confidentiality obligations.
We have established procedures to manage any suspected data security breaches and will notify you, as well as any relevant regulators, when we are legally required to do so.
6. HOW LONG DO WE KEEP YOUR PERSONAL DATA?
If your application is unsuccessful, your records will be retained for up to 12 months.
If you have registered with us, your information on the site will remain accessible to you while your registration is active. In cases where a registration remains inactive for 12 months, we have a process to close the account.
For candidates who receive offers of employment, contractual and employment-related information is retained for approximately six years after the end of employment, in line with statutory limitation periods.
We only retain personal data for as long as necessary to fulfil the purposes for which it was collected or to comply with legal obligations or address potential legal claims.
7. YOUR RIGHTS
Sodexo is committed to protecting your rights under applicable data protection laws. The table below summarises your rights regarding your personal data:
|
Right |
Description / Purpose |
|---|---|
|
Right of access |
You have the right to request access to the personal data we hold about you. |
|
Right to be forgotten |
You can request that we erase your personal data where applicable. |
|
Right to restriction of processing |
You may request that we limit how we process your personal data in certain circumstances. |
|
Right to data portability |
You can request a copy of your personal data in a structured, commonly used, and machine-readable format. |
|
Right to object to processing (including direct marketing) |
You may object to the processing of your personal data, including for direct marketing purposes. |
|
Right to withdraw consent |
You can withdraw any consent you have previously given for the processing of your personal data. |
|
Right not to be subject to automated decisions* |
You have the right not to be subject to decisions based solely on automated processing that have a significant effect on you. |
|
Right to rectification |
You can request that we correct any inaccurate or incomplete personal data we hold about you. |
|
Right to restriction |
You can ask us to temporarily restrict processing of your personal data in certain situations. |
* Automated decisions made without human intervention, which have significant legal or similar effects, will not be taken unless based on your consent or a contractual requirement. If automated decision making is used in the recruitment process, you will be informed and have the right to challenge the decision, provide comments, or request human intervention.
** You can unsubscribe from marketing emails at any time if you have opted in, by clicking the unsubscribe link in the email.
You can submit a data subject request using our secure webform: One Trust Form. This system allows you to:
- Log in and track the progress of your request
- Send and receive messages securely
- Review your documents
After submitting a request, you will receive instructions on how to access One Trust.
Alternatively, you can make a request by:
- Email: DSAR.UKandIE@sodexo.com
- Post: 310 Broadway, Salford, M50 2UE
The DSAR team will guide you on how to communicate your request and securely receive the information.
Third Party beneficiary rights
If applicable in your country, you may enforce the third-party beneficiary rights provided to you under the Sodexo Binding Corporate Rules (BCRs).
You can also raise any questions or complaints with our Data Protection Officer:
- Email: DataProtection.UKandIE@Sodexo.com
- Post: 310 Broadway, Salford, M50 2UE
Right to lodge a complaint with a Supervisory Authority
You have the right to lodge a complaint with the Data Protection Supervisory Authority in the country of your habitual residence, place of work, or the location of the alleged infringement, even if you have not suffered any damage.
- UK Supervisory Authority: Information Commissioner, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF, ico.org.uk
- Ireland (ROI) Supervisory Authority: Data Protection Commission, 21 Fitzwilliam Square North, Dublin 2, D02 RD28
Additionally, you have the right to bring a complaint before the courts in the country where the relevant Sodexo entity is established or in the country of your habitual residence.