Privacy Notice for Job Applicants

Last updated on March 7, 2025

Bristol Global Mobility, LLC (“Bristol”, “we”, “us”, “our”) is serious about protecting our job applicants’ personal data.  

If we make any material change to this notice, we will post the revised notice and update the “Last Updated Date.”.

Who is this privacy notice for?

This privacy notice is for Bristol’s job applicants and candidates when you access or use our careers websites or otherwise apply for a job at Bristol (“you”). It explains what personal data we collect about you, why we collect it, what we do with it, who we share it with and why, how we protect it, and what privacy rights you have.

This notice does not cover data which is not personal i.e., data which does not identify or relate to you. This notice is also not for our employees, customer and supplier representatives, relocating employees, nor Bristol’s website visitors. We have separate privacy notices for those individuals posted to our website and intranet.

What personal data do we collect, why do we collect it, how do we obtain it, and who is it shared with?

In the table below we describe:

  • Why we collect your personal data (purpose of processing)
  • Where we get your personal data from (source of personal data)
  • What kinds of personal data we collect about you (categories of personal data)
  • Who we share your personal data with (recipients of personal data)
  • If you reside in the UK or EU, we also disclose the legal reason we collect your personal data.

For more details about the recipients of your personal data, read the “sharing your personal data with third parties” section of this notice.

If anything in the table changes, we will inform you by updating this notice and explain what has been amended.

If you have any questions about the information which we have disclosed to you, please contact us!

Purpose of Processing

Sources of Personal Data

Categories of Personal Data

Recipients of Personal Data

Legal Bases for Processing*

*Applicable to EU and UK Individuals Only

Assessing Referred Job Applicants:

Bristol processes your personal data when you are referred to us by recruiters and our own personnel.

Our job listings are posted on our intranet and website. Recruiters and our personnel forward your information to us if they think you may be suitable for the job.

 
  • Our personnel (employees, independent contractors, officers, directors, representatives)
  • Recruiters  
  • Professional networking platforms (Bristol posts open job positions in Workable which provides access to wider professional platforms such as LinkedIn)
  • Full name
  • Contact information such as email address, telephone number and address
  • Education and professional information such as your CV and work experience information
  • Referee's opinion of you
  • Applicant tracking software
  • Professional networking platforms
  • Workplace management and storage software
  • Our legitimate interest is assessing candidates’ suitability for employment.

Assessing Non-Referred Job Applicants:

Bristol processes your personal data when you apply for a job through a professional platform.
  • Professional networking platforms (Bristol posts open job positions in Workable which provides access to wider professional platforms such as LinkedIn)
  • Full name
  • Contact information such as email address, telephone number, address
  • Education and professional information such as your CV and work experience information
  • Referee's opinion of you
  • Applicant tracking software
  • Professional networking platforms
  • Workplace management and storage software
  • Our legitimate interest is assessing candidates’ suitability for employment.

Assessing Direct Job Applicants:

Bristol processes your personal data when you apply for a job by filling in an application form on Bristol’s website.
  • Directly from you

 
  • Full name
  • Contact information such as email address, telephone number, address
  • Education information and resume, licenses and certifications
  • Work experience information
  • Skills and behavior information
  • Motivation for applying for the job
  • Photograph
  • Data related to health (only if provided by the applicant in the resume)
  • Applicant tracking software
  • Workplace management and storage software
  • You consent to Bristol processing your personal data when submitting an application for a position at Bristol.

Selection and Review of Job Applicants: This process includes the reviewing and assessing resumes and conducting interviews.

 
  • Directly from you
  • From recruiters or our personnel
  • Full name
  • Contact information such as email address, telephone number, address
  • Education information and resume, licenses and certifications
  • Work experience information
  • Skills and behavior information
  • Motivation for applying for the job
  • Photograph
  • Data related to health (only if provided by the applicant in the resume)
  • Electronic communication platform
  • Applicant tracking software
  • Workplace management and storage software
  • Contractual performance.
  • Obligations and Rights in the field of employment and social security and social protection law.

Background checks:

Carrying out background checks such as checks against exclusion and sanction lists as required and as permitted under the local law.
  • Directly from you
  • Full name, government-issued identification, work authorization
  • Contact information such as email address, telephone number, address
  • Education information and resume, licenses and certifications
  • Electronic communication platform
  • Applicant tracking software
  • Workplace management and storage software
  • Third parties conducting background checks
  • You consent to Bristol processing your personal data.

Offer Stage: Bristol may decide to make you an offer of employment.
  • Directly from you
  • From recruiters or our personnel

 
  • Full name
  • Contact information such as email address, telephone number, address
  • Insperity (U.S. only)
  • Pivotal Payroll (Canada only)
  • Microsoft

 
  • Contractual performance
  • Obligations and Rights in the field of employment and social security and social protection law.

 

Lawful Bases for Processing

Under certain data protection laws, we must have a valid reason to process your personal data — this is called the "lawful basis for processing." We may process your personal data based on:

  • Our legitimate interests. When we rely on legitimate interests you have the right to ask us more about how we decided to choose this legal basis.
  • Our need to comply with the law. We often need to process some of your personal data to meet our legal obligations. This includes our obligations and rights in the field of employment law.
  • Our need to perform a contract with you or take certain steps at your request prior to entering a contract with you. It will be “necessary” for us to process your personal data for the purposes of executing a contract if we cannot fulfill our contractual obligations without engaging in such processing.
  • Your consent, such as to conduct a background check. Where we process your personal data based on your consent, you may withdraw it at any time. However, this will not affect the lawfulness of our processing before you withdraw your consent.
Sharing Your Personal Data with Third Parties

To run our business and the Human Resources department at Bristol, we use various suppliers and third-party advisors. We may share your personal data with them if it is related to the services they provide to us, or if we are required to by law. These include:

  1. Suppliers who provide the following services to us: Background check related services, namely goodhire.com.
  2. Affiliates and subsidiaries in the Bristol group, or other companies which we may acquire in future.
  3. Our professional advisors such as our lawyers, accountants, and other professional advisors.

We require that these third-party recipients secure your personal data in accordance with good data security. We conduct due diligence about our suppliers in accordance with our internal policies.

Government Authorities and Law Enforcement Disclosures

We may also be required by law to disclose your personal data to certain government authorities, or if we have a good-faith belief that we need to disclose it to comply with official investigations or legal proceedings (whether initiated by governmental/law enforcement officials, or private parties). If we must disclose your personal data to governmental or law enforcement officials, we may not be able to ensure that those officials will maintain the privacy and security of your personal data.

Other Third-Party Disclosures

We may also disclose your personal data to third parties if we sell or transfer all or some of our company’s business interests, assets, or both, or in connection with a corporate restructuring.

Transfer of Your Personal Data

Bristol is headquartered in Arizona, United States of America. Bristol’s data centers are in the U.S. and many of its suppliers and advisors are in the U.S. This means that your personal data is primarily stored in the U.S. by us, our suppliers, and advisors. However, we operate globally through our subsidiaries in Canada, Singapore, and the United Kingdom, and our suppliers and their affiliates. This means that we may store and transfer your personal data to third parties who are in different countries to where you are.

Employees in the European Economic Area (“EEA”) or United Kingdom (“UK”) only: Before transferring your personal data to third parties outside the EEA or UK, we take steps to secure your personal data. This includes requiring the third parties who receive your personal data to maintain at least the same level of privacy and security for your personal data that we do through reliance on the adequacy decisions for the UK and Canada, the EU 2021 Standard Contractual Clauses, UK IDTA, and UK Addendum. You can request a copy of these safeguards from us. We remain liable for the protection of your personal data that we transfer to these third parties, but we are not responsible for the event that leads to any unauthorized or improper processing.

How Long We Retain Your Personal Data

We keep your personal data for as long as it is necessary to fulfill the purposes it is collected, or permitted by law, including for the purposes of satisfying any legal, accounting, or reporting requirements.

For successful job applicants who accept offers of employment, we retain your data throughout your employment and after you leave Bristol in accordance with our data retention policy, applicable laws and regulations.

Protecting Your Personal Data

We are committed to keeping your personal data safe. We have implemented and will maintain technical, administrative, and physical measures described in our Information Security Policy and other internal policies that are reasonably designed to help protect your personal data from unauthorized processing. Some of those measures include restricting access to the HR system to only the HR department and others that need to know the data, logging who accesses the data, using firewalls and other physical measures (such a locked cabinets), we encrypt data when it is in transit and when it is stored, we backup or replicate confidential data daily so that an exact copy can be retrieved quickly if needed, we patch exploitable vulnerabilities in IT systems after their discovery, and more.

Your Privacy Rights

You have specific rights regarding your personal data that we collect and process:

  • Right to know (be informed): You have the right to obtain from us all information regarding our data processing activities that concern you (or your child). This notice provides that information, but you can also contact us for more.
  • Right of access: You can request access to or a copy of the personal data we process about you.
  • Right to change (rectify): You can request that we rectify any incorrect or incomplete personal data we have about you.
  • Right to delete (erase or be forgotten): You can request we delete your personal data. Sometimes we can delete your information, but other times it is not possible for either technical or legal reasons. If that is the case, we will consider if we can limit our use of your personal data and will also inform you of our reason for denying your deletion request.
  • Right to restrict (limit) processing: You can request that we only process your personal data for certain purposes.
  • Right to object: You can request that we stop using your personal data in certain circumstances. You have this right where we rely on a legitimate interest of ours (or of a third party). You may also object at any time to the processing of your personal data for direct marketing purposes.
  • Right to portability (move): You can request that we transfer your personal data. We will provide your personal data in a structured, commonly used, and machine-readable format.
  • Right to withdraw your consent: Where we rely on your consent as the legal basis for processing your personal data, you may withdraw your consent at any time. If you withdraw your consent, our use of your personal data before you withdraw is still lawful.
  • Right to lodge a complaint: If you have any complaints about how we process your personal data, please contact us. If the GDPR applies to our processing of your personal data, you have the right to lodge a complaint with a supervisory authority if you are not satisfied with how we process your personal data. Specifically, you can lodge a complaint in the Member State of the European Union of your habitual residence, place of work, or the alleged violation of the GDPR.

How To Exercise Your Privacy Rights

Submit a privacy request using the contact details in the Contact Us section of this notice.

Verification and Authorization

We might need some extra information from you to verify your identity if we are unsure that it is in fact you who has made the privacy request. We will let you know if we do. If somebody else makes a privacy request on your behalf, we will need to verify that they have authority to act on your behalf. We will request signed permission (such as a power of attorney) or proof from them.

Responses to Your Privacy Requests

You are generally entitled to receive a reply from us within 30 days, and in some cases faster than that. In certain exceptional cases, we might extend this to 90 days, but we will inform you of the reason why and the extension period in writing. 

If we cannot satisfy your request, we will explain why in our response. We will not charge a fee for processing or responding to your requests. However, we may charge a fee if your request is excessive, repetitive, or manifestly unfounded. In those cases, we will tell you why we made that determination and provide you with a cost estimate before completing your request.

Contact Us

Controller Information

The entity responsible for handling your personal data (controller) is Bristol Global Mobility, LLC. Address: 2001 N. 3rd Street, Suite 200, Phoenix, Arizona, United States of America, 85004.

If you have any questions or want to submit a privacy request, please contact Bristol at info@bristolglobal.com for general questions and requests, and privacy@Bristolglobal.com for any privacy related questions or requests.

Data Protection Officer

We have appointed VeraSafe LLC (“VeraSafe”) as our Data Protection Officer. If you have any questions, you can also contact VeraSafe, bristol@verasafe.com.

European Union Representative

We have appointed VeraSafe Ireland Limited (“VeraSafe Ireland”) as our Article 27 data protection representative in the EU. If you reside in the EU and have any questions about our processing of your personal data, you can contact us or VeraSafe Ireland https://www.verasafe.com/privacy-services/contact-article-27-representative/

United Kingdom Representative

We have appointed VeraSafe United Kingdom Limited (“VeraSafe UK”) as our Article 27 data protection representative in the UK. If you reside in the UK and have any questions about our processing of your personal data, you can contact us or VeraSafe UK https://www.verasafe.com/privacy-services/contact-article-27-representative/