Skip to main content

Recruitment Privacy Policy

This policy applies to personal data relating to applicants and candidates for employment with M&S, prospective employees and any other individuals whose data we hold for recruitment purposes. This includes personal data held in communications and CVs sent to M&S directly, or via agencies and other third parties, either speculatively of in relation to a specific job vacancy.

This statement contains important information about how your personal data will be used by M&S, and your associated legal rights. Personal data is defined as information from which individuals may be identified.

Compliance with data protection laws

Marks and Spencer plc (M&S) is committed to processing personal data in compliance with the General Data Protection Regulation 2016 (Regulation) and other data protection laws. We respect the privacy rights of prospective employees and apply appropriate safeguards to protect their personal data.

Types of personal data

M&S obtains personal data relating to prospective employees including, but not limited to:

  • name, address and other contact details;
  • information about previous employment, educational details, skills and experience;
  • details of training and qualifications;
  • information relating to your health and health conditions;
  • race and ethnicity;
  • criminal convictions;
  • communications and correspondence;
  • publicly available information, including via social networking sites and public profiles;
  • other biographical and personal data; and
  • salary expectations and information on preferred working arrangements
  • Uses of personal data

M&S, and our partners and agents, use personal data of prospective employees for a variety of purposes. These include, but are not limited to:

  • the recruitment, screening and assessment of prospective employees;
  • activities relating to interviewing and selecting prospective employees (and maintaining related records);
  • identifying and selecting possible candidates for potential or anticipated employment opportunities which may arise in the future;
  • compliance with statutory and regulatory obligations on M&S;
  • managing legal disputes;
  • exercising or fulfilling M&S’s legal rights and responsibilities; and
  • prevention or detection of fraud, crime, or other unlawful or inappropriate conduct
  • Disclosures of data

Where necessary and lawful, your personal data may be disclosed, for example, to:

  • M&S management, employees, staff or contractors involved in recruitment and talent management;
  • other M&S group companies or Joint Ventures;
  • our professional advisers, such as solicitors or accountants, and consultants;
  • government departments and agencies;
  • police and law enforcement agencies;
  • courts and tribunals; and
  • partners, suppliers, agents and service providers.
  • Legal basis for using prospective employee data

M&S collects and uses data relating to prospective employees because is it necessary for the legitimate interests of M&S (including its interest in effective recruitment of employees and attracting high calibre candidates) and the interests of the prospective employees.

In addition, we may process prospective employees’ data on the basis of consent and/or compliance with legal obligations. Where data is collected and used solely on the basis of consent, prospective employees have the right to withdraw consent at any time.

International transfers of data

It is necessary for M&S to transfer some personal data outside of the European Economic Area, including to jurisdictions where local legislation does not provide adequate safeguards regarding the protection and security of personal data. This will typically occur when service providers that need to access such data, are located outside the EEA.

Where this takes place, we will ensure that the transfer is compliant with data protection law and that personal data is secure. In most cases, we will rely on standard data protection clauses which have been approved by the European Commission in accordance with the Regulation. A copy of the standard clauses can be obtained at the following link

Where appropriate and lawful, we may exceptionally transfer data outside the EEA without relying on the standard data protection clauses, including where:

  • the individual has explicitly consented to the transfer;
  • it is required as part of the contract between M&S and an employee; or
  • it is necessary in connection with legal disputes and claims.
  • Data retention

We will not retain prospective employee data for longer than necessary and will delete it once it is no longer required for the purposes set out in this Policy. Where a prospective employee becomes an employee the personal data captured in the recruitment process will be stored as part of the personal files of the employee in accordance with M&S Employee Privacy Policy.

Our standard data retention periods for prospective employees are as follows:

Unsuccessful candidates – 6 months after decision not to offer a position, unless they have agreed to longer retention. Other prospective employees – 2 years following collection of personal data, unless the employee objects or agrees to a longer retention period.
In exceptional cases, data may be held for longer periods where required for the purposes set out above.

Your rights

Prospective employees have a number of statutory rights under the Regulation. They include the right to request that M&S:

  • provides them with a copy of the personal data held on them;
  • corrects inaccurate information; and
  • deletes information which M&S does not have a legitimate basis to hold.
  • You also have rights to restrict the processing of data relating to you, object to processing and in certain circumstances to ‘data portability’ (this means that data is provided in a structured, commonly used and machine readable format).

Detailed information on these rights can be found in the Regulation or the website maintained by the Information Commissioner’s Office at

These rights can be exercised free of charge and M&S will normally respond within a month.

If you wish to exercise any of the above rights, please email


If you are unhappy about the way your personal data has been handled by M&S, you have the right to lodge a complaint with either the M&S’s Data Protection Officer or directly with the Information Commissioner’s Office. Further information, including contact details, is available at