Careers for Professionals and Graduates

Careers for Professionals and Graduates

Make a difference
See our vacancies

ABN AMRO UK Recruitment Privacy Statement

This privacy statement applies to individuals who participate in our recruitment and selection processes with a view to being placed in a role with us. It explains how we handle your personal data in this context.

Who is responsible for your personal data?

We are.

In this case, “we” means the entity that’s conducting the recruitment and/or selection process you are involved with. Depending on the role, this will either be:

  • ABN AMRO Bank N.V., UK Branch, or

  • ABN AMRO Clearing Bank N.V., London Branch.

In each case, we can be found at 5 Aldermanbury Square | London EC2V 7HR.

What personal data do we collect?

We may collect and process various kinds of personal data about you. This includes:

  • identity and verification information

  • information about your employment history, skills, qualifications, experience and background, usually from your CV, cover letter, and other relevant sources

  • other broader information about you and your suitability for a role with us.

Where do we get your personal data from?

Most of the personal data we process is personal data obtained directly from you.

In addition, we may sometimes obtain personal data from other sources such as:

  • an employment or recruitment agency

  • public registers that hold information about you, and other public sources such as search engines and public sections of social media accounts

  • the Disclosure and Barring Service (or “DBS”)

  • government agencies, previous employers, education providers or professional associations (for example, to verify information provided to us or your right to work in the UK).

In particular, we may obtain information from a range of sources as part of pre-employment screening processes run through the service provider(s) we use for this purpose. You can read more about this screening under ‘Pre-employment screening’ below.

Why do we process your personal data?

At a high level, we use your personal data to help run our recruitment activities in an appropriate and secure way, to assess your suitability for a role with us (including by verifying information provided to us), and to negotiate and agree a role with you. We may also use your personal data for other purposes compatible with this purpose (below we discuss how we determine this).

More specific examples where we may use your personal data include processing:

  • to protect our property, data and employees from all kinds of breaches, damage and losses insofar as possible

  • to implement sound and controlled operational policies and procedures in the selection of prospective employees

  • to undertake pre-employment screening, including to check the accuracy of background information provided to us and to screen attributes relevant to your suitability as an employee

  • to improve and administer our HR and recruitment processes and strategies, and manage and plan for the needs of our workforce

  • to help ensure our HR and recruitment processes are effective, efficient and inclusive, including having regard to our diversity policies.

On what basis do we process your personal data?

We process personal data based on one or more grounds, depending on the case:

Legal obligation – where processing of your personal data is necessary for us to comply with laws or regulatory requirements to which we are subject (e.g., to ensure our employees will meet regulatory expectations around good conduct, and are subject to appropriate vetting).

Employment or other contract – where the processing is necessary for the performance of a contract between you and us, or in order to take steps at your request before entering into a contract (e.g. an employment agreement with us).

Legitimate interest – where we have a legitimate interest in the processing. Where we rely on legitimate interest, we must establish that our interests in the processing do not override your privacy rights and freedoms. The following are examples where we have a legitimate interest in using your personal data in the recruitment and selection process:

  • the recruitment and selection of suitable, qualified employees

  • protecting the bank's property and data

  • ensuring the security and safety of our business, staff and systems.

Vital interest – in very rare cases, where processing is necessary to protect your life or the life of another person.

Consent – where you have given consent to processing for one or more specific purposes. We do not usually rely on this ground, but may do so in rare cases. In these cases you can withdraw consent at any time, although this may impact certain services or processes used by you (e.g. apps) if these rely on your consent.

What about processing of sensitive “special category” personal data?

Under data protection laws, some types of personal data are considered more sensitive and can only be processed subject to additional requirements. These are called "special category data" and include information about:

  • your race or ethnic background

  • your political opinions

  • your religious or philosophical beliefs

  • whether you are a member of a trade union

  • your genetic data (e.g., information about your DNA)

  • your biometric data (e.g., fingerprints, facial recognition) when used to identify you

  • your health information (e.g., medical history or conditions)

  • your sex life or sexual orientation.

One example where we may collect sensitive category data is where candidates opt to provide ethnic background information that we use, as part our commitment to an inclusive and diverse workforce, to help us assess the effectiveness of our recruitment, equality and diversity policies. Providing personal data in this case is completely voluntary, but if you choose to do this, we will rely on your explicit consent as a ground for processing this special category data. You are able to withdraw your consent at any time by contacting us.

As part of pre-employment screening we may also process personal data relating to criminal convictions and offences (including alleged offending and connected legal proceedings), which may be relevant to your suitability as a candidate. This “criminal offence data” is also subject to additional requirements under data protection law. We will normally rely on your consent for this processing.

For any other cases, we will only process special category data or criminal offence data if we have a clear and lawful basis to do so under data protection law.

How do we use your personal data for pre-employment screening?

We require individuals who are offered (or who we anticipate offering) a role with us to undergo pre-employment screening. This helps guarantee the reliability, professionalism and security of those involved in our business.

Personal data obtained from public sources may be used for this purpose. Our pre-employment screening consists of at least the following (and sometimes more, depending on the role):

  • identity check

  • address verification

  • right to work check

  • education and certificate check

  • employment background check covering the past six years

  • DBS check

  • credit checks

  • adverse media check

  • Politically exposed people (PEP) check and Sanctions list check

The screening process consists of external screening, using a specialist screening agency that carries out the screening on our behalf. Currently screening is carried out by Giant Screening Limited (“Giant”) via our recruitment partner Resource Solutions Limited (trading as “Robert Walters”). In this context, Robert Walters acts as our processor and Giant as Robert Walters’ sub-processor.

As part of the screening process, we (or Robert Walters) will provide your name and email address to Giant. Giant will then contact you, and you will be asked to enter and upload relevant personal data on Giant’s website yourself.

At the end of the process, we will receive the results of the screening and use this for the purpose of considering your suitability for the role applied for.

For more information about pre-employment screening, please contact your recruitment or HR contact for your role.

How do we decide if we can use your personal data for purposes different from that for which it was initially obtained?

We may use your personal data for a different purpose than that for which you initially provided it. However, the new purpose must be in line with the purpose for which you initially provided your personal data to us. To determine whether this is the case, we look at the following aspects as a minimum:

  • Is this purpose clearly related to the purpose for which you initially provided the personal data? Is the new purpose appropriate to the initial purpose?

  • How was the personal data originally obtained from you? Was the personal data obtained directly from you or in another way?

  • What kind of personal data is concerned exactly? Does it concern sensitive data, or data that is not so sensitive?

  • What would be the implications for you if we were to use the personal data in another way? Would you benefit, suffer or neither?

  • What can we do to ensure appropriate levels of data protection when reusing your personal data? Examples include anonymisation and encryption.

Who do we share your personal data with?

We may share your personal data with businesses that help us with recruiting and selection of candidates, like recruitment agencies. We also use Robert Walters (as our processor) to help manage recruitment activities on our behalf.

As outlined above, we (or those acting on behalf of us) may also share your personal data with entities involved with conducting pre-employment screening on you.

We may share your personal data with suppliers who manage tools you may be asked to use (e.g., so that a personality test can be conducted), or who are otherwise involved in providing services needed for us to carry out our recruitment and selection processes.

We take due care when selecting the businesses we work with. Where these businesses carry out services for us which may involve processing personal data, we reach clear contractual agreements on how they are to do so. We continue to be responsible for your personal data when we engage another business to carry out work on our behalf.

In some cases, we may need to share your personal data where this is required for regulatory purposes or due a legal obligation that may apply to us (e.g., where personal data is shared with government agencies to check your entitlement to work in the UK).

How do we protect personal data?

We go to great lengths to protect the personal data of our people and those who want to work for us. To do this, we invest in our people, systems and procedures, and make sure we have appropriate technical and organisational safeguards in place as required by data protection laws.

Is your personal data processed outside the UK and Europe?

We and our group companies may decide to share personal data with each other, even when the group companies are located outside the UK and Europe. Although this will be rare for personal data collected for recruitment purposes, we may occasionally do this (e.g., where relevant to our recruitment needs or for administrative purposes).

The sharing of personal data with group companies outside Europe is governed by the our global internal policy, the Binding Corporate Rules. This policy has been approved by the Dutch Data Protection Authority.

We may also make use of suppliers (e.g., IT businesses) that are based outside Europe and the UK or that also offer services from countries outside Europe or the UK. In that case, we will ensure that personal data is transferred in accordance with relevant data protection legislation.

How do we determine the period for which your personal data is stored?

When determining how long we store personal data, the guiding principle (in line with data protection laws) is that personal data should be kept for no longer than necessary to fulfil the purpose for which that personal data was obtained. Data protection laws do not stipulate specific storage periods for personal data, so what period is “necessary” varies based on the context.

However, the above guiding principle will not always apply. For example, it may not if:

  • other laws require us to keep the personal data for a different period of time, or

  • we have another basis under data protection laws for keeping the personal data for longer (for example, if there is a legal proceeding meaning we need the personal data for a longer period).

Normally where candidates are not successful we keep their personal data for a period of no more than one year starting from the date on which their application was unsuccessful. This is because a candidate may reapply for, or be interested in being contacted about, other similar roles where their personal data will remain relevant.

If your application has been unsuccessful and you want your personal data to be removed earlier than this, you can contact privacy@uk.abnamro.com.

What rights do you have under data protection laws?

Under data protection laws you have the following rights (summarised at a high level):

  • The right to access – the right to request access to and receive a copy of your personal data, and other supplementary information

  • The right to correction/rectification – the right to ask to have inaccurate personal data rectified, or completed if it is incomplete

  • The right to erasure – in some cases, the right to require us to erase your personal data

  • The right to object to processing – the right to object to our processing, for example if you believe your rights and interests override our legitimate interests in processing your data

  • The right to restrict processing – the right to restrictions on our processing of your personal data (e.g. if the accuracy of your data is contested), and

  • The right to complain – the right to complain to the Information Commissioner’s Office (“ICO”) if you are unhappy with how we process your personal data (see the section below for more information).

You can find out more about these rights on the ICO’s website: https://ico.org.uk/.

How can I complain or make a request about my personal data?

If you want to make a request in exercise of the rights set out above, or make a complaint about how we handle your personal data, you can do this by emailing privacy@uk.abnamro.com or by contacting at: ABN AMRO Bank N.V., UK Branch, 5 Aldermanbury Square | London EC2V 7HR.

If you are unhappy with our response or your complaint has not been resolved within a reasonable period, you have also the right to raise your concerns with the ICO. You should do this within 3 months of your last meaningful contact with us. For more information go to: https://ico.org.uk/make-a-complaint/.

What if I’m unsure about something in this policy?

Please contact us if you have any questions about this privacy statement. We are here to help at: privacy@uk.abnamro.com.

Changes to this privacy statement

We may update this privacy statement from time to time to reflect changes in our practices or legal requirements. In that case, we will publish our updated privacy statement on our website. The updated statement (including any relevant changes) will be effective on publication.

Version 1.0, last updated on 9 October 2025