Skip to Main Content

Privacy Notice

Privacy Notice

This privacy notice explains how we collect, use, store and protect your personal data during and after the recruitment process, in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

Who we are

The Moredun Group

Bush Loan

Penicuik
Midlothian
EH26 0PZ

Email: info@moredun.org.uk

The Moredun Group of Companies “The Moredun Group” consists of:

  • The Moredun Foundation
  • The Moredun Foundation Equine Grass Sickness Fund
  • Moredun Research Institute
  • Pentlands Science Park Limited
  • Moredun Scientific Limited

This Recruitment Privacy Notice should be read alongside The Moredun Group’s main Privacy Policy, which provides general information about how personal data is processed across the organisation. The Moredun Group privacy notices can be viewed at www.moredun.org.uk/privacy-policy

The Moredun Group (“we”, “us”, “our”) is the data controller for the personal data of job applicants. This means we are responsible for deciding how and why your personal data is processed.

What personal data we collect

In connection with recruitment and selection, we may collect and process the following categories of personal data:

Standard personal data

  • Name, title and contact details (address, email, telephone number)
  • Employment history, qualifications, education, skills and experience
  • CVs, application forms, covering letters and interview notes
  • References (where provided with your knowledge or consent)
  • Right to work documentation

Special category and sensitive data

Where necessary and lawful, we may also process:

  • Equality and diversity information (e.g. age, gender, ethnicity, disability status)
  • Health or occupational health information (e.g. for reasonable adjustments)
  • Criminal conviction information (only where legally required or relevant to the role)

We will only process special category or criminal offence data where we are legally permitted to do so and where appropriate safeguards are in place.

How we collect your personal data

We collect personal data from:

  • You directly (applications, interviews, correspondence) or Recruitment Agencies if applicable.
  • Recruitment platforms and systems used by us
  • Referees (where applicable)
  • Publicly available professional sources (e.g. LinkedIn), where relevant

Why we process your personal data and our lawful bases

We process your personal data for the following purposes:

Recruitment and selection

To assess your suitability for employment, contact you about your application, arrange interviews and make recruitment decisions.

Lawful basis:

  • Article 6(1)(b) UK GDPR – taking steps at your request prior to entering into a contract

Legal and regulatory compliance

To carry out right‑to‑work checks and comply with employment law and other legal obligations.

Lawful basis:

  • Article 6(1)(c) UK GDPR – compliance with a legal obligation

Equality monitoring

To monitor and promote equality, diversity and inclusion in accordance with our legal duties. Any analysis of this data will be done on an anonymous basis.

Lawful basis:

  • Article 6(1)(c) UK GDPR
  • Article 9(2)(b) UK GDPR and Schedule 1, Part 1, Data Protection Act 2018 (employment and equality law)

Reasonable adjustments

To make appropriate adjustments during the recruitment process.

Lawful basis:

  • Article 6(1)(c) UK GDPR
  • Article 9(2)(b) UK GDPR and Schedule 1, Part 1, Data Protection Act 2018

Talent pools and future opportunities (where applicable)

To retain your details for future vacancies, where you have agreed to this. You may withdraw your consent at any time by contacting us.

Lawful basis:

  • Article 6(1)(a) UK GDPR – consent

Criminal offence data

We will only process criminal conviction or offence data where it is lawful, necessary and relevant to the role, and in accordance with Schedule 1, Part 1 of the Data Protection Act 2018. Appropriate safeguards and an internal policy document are in place.

Automated decision‑making

We may use recruitment systems that help us filter or organise applications based on criteria relevant to a role. However:

  • No final recruitment decision is made solely by automated means
  • All recruitment decisions involve human judgement
  • You have the right to object to processing based on legitimate interests

Who we share your personal data with

Your personal data may be shared with trusted third‑party processors who support our recruitment activities, including:

  • Factorial HR – Recruitment and HR platform (Spain)
  • Amazon Web Services (AWS) – Secure hosting (Germany)
  • Microsoft Azure – Cloud services (Germany)
  • SendGrid (Twilio) – Email delivery services (Ireland)
  • Certn – Background Screening (UK)
  • Optima Health – Occupational Health provide (UK)

All processors act under contractual obligations to protect your data and only process it on our instructions.

International transfers

Your personal data is stored and processed within the UK and European Economic Area (EEA). Where any transfers outside the UK or EEA are required, we ensure appropriate safeguards are in place in line with UK GDPR requirements.

How long we keep your personal data

We only retain your personal data for as long as necessary:

  • Successful candidates: Recruitment data becomes part of your personnel file.
  • Unsuccessful candidates: Personal data is normally retained for up to 6 months after the recruitment process ends.
  • Talent pool candidates: Data is retained for the period you consent to, or until you withdraw consent.

Retention periods may be extended where required to establish, exercise or defend legal claims.

How we protect your personal data

We use appropriate technical and organisational measures to protect your personal data, including access controls, secure systems and confidentiality obligations.

We have procedures in place to manage data breaches and will notify you and the Information Commissioner’s Office (ICO) where required by law.

Your data protection rights

Under the UK GDPR, you have the right to:

  • Be informed about how your personal data is used
  • Access your personal data
  • Correct inaccurate or incomplete personal data
  • Request erasure of your personal data (in certain circumstances)
  • Restrict processing of your personal data
  • Object to processing based on legitimate interests
  • Request data portability
  • Withdraw consent (where processing is based on consent)
  • Not be subject to decisions based solely on automated processing

Contact

If you have any queries about this policy and our privacy practices or how we use your personal information, please contact the Compliance Manager, The Moredun Group, Pentlands Science Park, Bush Loan, Penicuik EH26 0PZ or email  info@moredun.org.uk

Complaints

If you have concerns about how we handle your personal data, we encourage you to contact us first. You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO): https://www.ico.org.uk

 

Join the Moredun Community

Contribute to the Moredun community, and together we can help make a difference to livestock health. View newssheets and updates online.

Sign up

Ready to become a friend?

As a member you're not just supporting research; you're joining a community 9000+ like-minded farmers and vets that care deeply about animal health and welfare, just like you do. The collective knowledge and expertise informs our exclusive pratical animal health advice and resources.

Become a Member