Privacy Notice

Personal data, or personal information, means any information relating to natural persons who:

• Can be identified or who are identifiable, directly from the information in question; or
• Can be indirectly identified from that information in combination with other information.

It does not include data where the identity has been removed (anonymous data). There are special categories of more sensitive personal data which require a higher level of protection, such as information about a person's health, religious beliefs or sexual orientation.

The content of any enquiry you may submit via the Contact Us section of our website, or via our Investor Relations or Group Treasury team will vary but, ordinarily, in these scenarios we are likely to be collecting your personal information to respond to your request and to enable us to comply with our legal obligations. We are likely to collect, store, and use the following categories of personal information about you in order to fulfil that relationship. 

We may collect, store, and use the following categories of personal information about you when you interact with our website:

• Personal contact details such as name, title, addresses, post code, telephone numbers, email addresses and profile information. 
• IP address, cookies and tracking technologies. The use of these technologies is covered in a separate Cookie Policy.

How is your personal information collected?

We collect personal information when you interact with our website or send us a message.

How we will use information about you

We will only use your personal information when the law allows us to. Most commonly, we will use your personal information in the following circumstances:

• Where we need to comply with a statutory obligation
• Where we want to try to provide a tailored experience of our digital presence
• Where it is necessary for our legitimate interests, including business interests and best practice (or those of a third party) and your interests and fundamental rights do not override those interests
• Where we have your express consent 

Situations in which we will use your personal information

The situations in which we will process your personal information are listed below:

• Responding to your engagement with us
• Understanding your use of our website
• To ensure network and information security, including preventing unauthorised access to our computer and electronic communications systems and preventing malicious software distribution
• To comply with our legal obligations

We may from time to time carry out other types of processing. For example, to carry out activities necessary to the running of our business, including network monitoring, system testing, staff training, quality control and any legal proceedings. We have a legitimate interest or legal obligation to do so. We may carry out activities that process personal data in order to monitor the performance of our network, systems or the activities of our teams, so that we can ensure the integrity and availability of those systems.

Some of the above grounds for processing will overlap and there may be several grounds which justify our use of your personal information.

How we use particularly sensitive personal information

Special categories of personal information require higher levels of protection. We need to have further justification for collecting, storing and using this type of personal information. We do not ordinarily process special categories of personal information via our website. In limited circumstances we may process special categories of personal information if you voluntarily provide it when submitting an enquiry to us.

Data sharing

We may have to share your personal information with third parties, including third-party service providers and other legal entities within the same group of companies as Compass. 

We require our third-party processors to respect the security of your personal information and to treat it in accordance with the law.

Why might you share my personal information with third parties?

We will share your personal information with third parties where required by law, where it is necessary to pursue the relationship we have with you, or where we have another lawful basis for doing so.

Which third-party service providers process my personal information?

Third parties include third-party service providers (including contractors and designated agents) and other entities within our group who we might use to help respond to your request, maintain our website and make it easier for you to subscribe to different functions such as an RNS alert.

These include:

• Microsoft - We use Office 365, which offers a suite of applications we use in our daily operations. These include for example Outlook, Word and Excel, but also other applications are included in our subscription. The data within our Office 365 tenant are processed in the US. Our contract with Microsoft is supported by a Data Processing Agreement which details the controls we have in place to protect and respect personal data, and which complies with UK law on international transfers of data.
• Link Group – Link Group provide us with registrar services and provide our shareholders with the Signal Share Portal. Our contract with Link Group is supported by a Data Processing Agreement which details the controls we have in place to protect and respect personal data.
• Euroland – If you would like to subscribe to an RNS alert, we have partnered with Euroland to provide this service. You can see how Euroland use your personal data by clicking on the link to their Privacy Notice which is displayed prior to subscribing to an RNS alert.

How secure is my information with third-party service providers and other entities in our group?

All our third-party service providers and other entities in the group are required to take appropriate security measures to protect your personal information in line with our policies and our Group Data Sharing Agreement. We do not allow our third-party service providers to use your personal data for their own purposes. We only permit them to process your personal data for specified purposes and in accordance with our instructions.

What about other third parties?

We may also need to share your personal information with a regulator or to otherwise comply with the law. This may include making disclosures to stock exchange regulators.

Speak Up, We’re Listening is Compass’ confidential reporting programme which provides a channel to seek guidance on ethical concerns and issues, express your views freely and to report, in confidence, any concerns regarding potential breaches of our Code of Business Conduct involving any unethical, illegal or other improper circumstances or behaviours.

Our Compass Speak Up platform and helpline is operated by an independent third-party provider, OneTrust LLC and is available 365 days a year, 7 days a week, 24 hours a day, in all of the countries in which we operate. Reports received are referred to Group Ethics & Integrity for confidential review and assignment for follow up and/or investigation, as appropriate.

When we receive a report from you, via our Helpline or Platform (web-intake) a case is created which contains the details of your complaint. When you make this report, the amount of personal information collected is your decision, you can choose to submit as much or as little as you wish. This may include your identity, contact details and any other information you provide which may contain special categories of personal information such as health, ethnic information and imagery. Should you make a report anonymously, the case will only reflect the information you provide about the situation. In each instance, this information will be kept confidential and restricted to a limited number of employees.

How is your personal information collected?

We will collect personal information when you submit a report via Speak Up, We’re Listening.

How we will use information about you

We will use your personal information to comply with our legal obligations and to help follow up or investigate the concern you have raised (where applicable).  We may also use your personal data to contact you about your report if you have consented for us to do so. The personal information you submit will be kept confidential and we won't disclose it without lawful authority. Your identity will not be disclosed without your consent to anyone beyond those dealing with and investigating the concerns or those included on a strict need-to-know basis to receive and act upon the findings or remedial actions, unless this is necessary and proportionate in the context of looking into the matter, undertaking an investigation and/or seeking legal advice.

How we use particularly sensitive personal information

Special categories of personal information require higher levels of protection. We need to have further justification for collecting, storing and using this type of personal information. We do not ordinarily process special categories of personal information via Speak Up, We’re Listening programme. In limited circumstances we may process special categories of personal information if you voluntarily provide it when making your report or a report is made where you are mentioned, or in any subsequent interactions with our Group Ethics and Integrity team.

Data sharing

We may have to share your personal information with third parties, including third-party service providers and other legal entities within the same group of companies as Compass. 

We require our third-party processors to respect the security of your personal information and to treat it in accordance with the law.

Why might you share my personal information with third parties?

We will share your personal information with third parties where required by law, where it is necessary to administer and manage the Speak Up Helpline or Platform or where we have another lawful basis for doing so.

Which third-party service providers process my personal information?

Our Speak Up, We’re Listening Helpline and Platform is provided by OneTrust LLC, an industry leading technology platform. Our contract with OneTrust is supported by a Data Processing Agreement which details the controls we have in place to protect and respect personal data, and which complies with UK law on international transfers of data. Various parts of our Speak Up, We’re Listening platform are provided or hosted in the US and the EEA and your data will be processed in the US and the EEA.

We may also need to share your personal information with professional advisors such as legal advisors, our auditors and if required, law enforcement or other regulators.

How secure is my information with third-party service providers and other entities in our group?

All our third-party service providers and other entities in the group are required to take appropriate security measures to protect your personal information in line with our policies and our Group Data Sharing Agreement. We do not allow our third-party service providers to use your personal information for their own purposes. We only permit them to process your personal information for specified purposes and in accordance with our instructions.

This section of our privacy notice applies to if you are involved in a recruitment process with Compass Group PLC or Compass Group Holdings Plc.

The kind of information we hold about you

Personal data, or personal information, means any information relating to natural persons who:

• Can be identified or who are identifiable, directly from the information in question; or
• Can be indirectly identified from that information in combination with other information.

It does not include data where the identity has been removed (anonymous data).

There are special categories of more sensitive personal information which require a higher level of protection, such as information about a person's health, religious beliefs or sexual orientation.

The online or hard-copy forms and processes we might ask you to complete from time-to-time will vary but, ordinarily, in the scenarios where we are likely to be collecting your personal information to potentially pursue the employer – employee relationship. We are likely to collect, store, and use the following categories of personal information about you in order to fulfil that relationship, some of which will depend on the role for which you are applying for.  

We may collect, store, and use the following categories of personal information about you:

• Personal contact details such as name, title, addresses, post code, telephone numbers, and personal email addresses
• Date of birth
• Gender
• Marital status and dependants
• Leaving date and your reason for leaving previous employment
• Recruitment information (including copies of right to work documentation, references and other information included in a CV or cover letter or as part of a job application process)
• Any information you provide to us during an interview (whether face-to-face, by phone or Microsoft Teams or in any other way)
• Employment records (including job titles, work history, working hours, holidays, training records and professional memberships)
• Competency certification or other regulatory or industry-related certification necessary for your role
• Professional or trade qualifications that are relevant to the industry and/or role for which you are applying
• Credit history
• CCTV footage and other information obtained through electronic means 
• Photographs
• Results of government revenue & customs or local tax office employment status check, details of your interest in and connection with the intermediary through which your services are supplied (should you provide services in a way that might legally qualify you as an employee in the eyes of the law or in accordance with government revenue & customs or local tax office guidance and regulation on the status of individuals and their tax affairs)

Some roles have regulatory requirements or are client focussed roles for industries where they are obliged to undertake stringent vetting on their own employees and those of contractors. In such circumstances, we will have to undertake a level of investigation about you that might seem unnecessarily intrusive.  We will only do this where we are required to do so or where our client demands this of us.  If we do not do this, we may not be able to fulfil our regulatory obligations or our client might not grant you access to their premises and you might be unable to perform your intended role.

We may also collect, store and use the following special categories of more sensitive personal information:

• Information about your race or ethnicity, religious beliefs, sexual orientation and political opinions
• Trade union membership
• Credit reference agency checks
• Information about criminal convictions and offences, where these are relevant to the role for which you have applied and where regulation to which we are subject to obliges us to obtain such data (for example; Stock Exchange Requirements)

How is your personal information collected?

We collect personal information about potential employees, workers and contactors (whether on a permanent, part-time or casual basis) through the application and recruitment process, either directly from candidates or sometimes from a recruitment agency, intermediary or background check provider.

We may sometimes collect additional information from third parties including former employers, credit reference agencies or other background check agencies.

We may also use the following other sources of personal information:

• Sanctions and Watch Lists issued by governments, financial market regulators and law enforcement bodies form across the world 
• Outstanding County Court Judgments (CCJs), IVAs, Bankruptcies, alias names and address history using the electoral register 
• The Disclosure and Barring Service and Disclosure Scotland in respect of criminal convictions 
• The Home Office Employers Checking Service in respect of Right To Work in the UK 
• Your named referees  

We may also collect personal information from the trustees or managers of pension arrangements operated by a group company, if relevant.

We will collect additional personal information in the course of job-related activities throughout the period for which you work for us and this is covered in our Employee Privacy Notice.

How we will use information about you

We will only use your personal information when the law allows us to. Most commonly, we will use your personal information in the following circumstances:

• Where we need to comply with a statutory obligation 
• Where it is necessary for our legitimate interests, including business interests and employer best practice (or those of a third party) and your interests and fundamental rights do not override those interests 
• Where we have your express consent  

Situations in which we will use your personal information

Depending on the nature of the role for which you are applying, from time-to-time, we are likely to need most of the categories of information in the list above to allow us properly to perform the relationship we have with you.  Some we will need to comply with legal obligations.

In some cases, we may use your personal information to pursue legitimate interests of our own or those of third parties, provided your interests and fundamental rights do not override those interests.

The situations in which we will process your personal information are listed below:

• Assess your skills, qualifications, and suitability for the work generally or the role specifically 
• Carry out background and reference checks, where applicable 
• Communicate with you about the recruitment process 
• Keep records related to our hiring processes 
• Determining the terms on which you work for us 
• Checking you are legally entitled to work in the UK  
• Assessing qualifications for a particular job or task 
• Ascertaining your fitness to work 
• Complying with health and safety obligations 
• To detect or prevent fraud 
• Equal opportunities monitoring 

Some of the above grounds for processing will overlap and there may be several grounds which justify our use of your personal information.

How we use particularly sensitive personal information

Special categories of personal information require higher levels of protection. We need to have further justification for collecting, storing and using this type of personal information. We may process special categories of personal information in the following circumstances:

• In limited circumstances, with your explicit consent 
• Where we need to carry out our statutory or contractual obligations or exercise rights in relation to the contract or agreement, we have with you (most importantly so that we perform it properly and safely) 
• Where we need to provide a third party with health certification or evidence to allow you to undertake your role 

Automated decision-making

Automated decision-making takes place when an electronic system uses personal information to make a decision without human intervention. We are allowed to use automated decision-making in the following circumstances:

• Where we have notified you of the decision arrived at through the automated process and given you 21 days to request some human intervention into that decision 
• Where it is necessary to perform the employment contract with you and appropriate measures are in place to safeguard your rights 
• In limited circumstances, with your explicit written consent and where appropriate measures are in place to safeguard your rights 

You will not be subject to decisions that will have a significant impact on you based solely on automated decision-making unless we have a lawful basis for doing so and we have notified you. The most likely use of automated decision making is in response to questions we ask about your entitlement to work in the UK. These decisions will be based on the information you provide to us.

Data sharing

We may have to share your personal information with third parties, including third-party service providers and other legal entities within the same group of companies as Compass. 

We require our third-party processors to respect the security of your personal information and to treat it in accordance with the law. 

Why might you share my personal information with third parties?

We will share your personal information with third parties where required by law, where it is necessary to pursue the relationship, we have with you or where we have another lawful basis for doing so.

Which third-party service providers process my personal information?

Third parties include third-party service providers (including contractors and designated agents) and other entities within our group who we might use to help administer the recruitment process, employment contract or agreement we have with you. 

The following are the activities which are most likely to be carried out by third-party service providers for us, in relation to supporting the recruitment process such as background checking agencies, recruitment agencies, credit reference agencies and security vetting organisations.

How secure is my information with third-party service providers and other entities in our group?

All our third-party service providers and other entities in the group are required to take appropriate security measures to protect your personal information in line with our policies. We do not allow our third-party service providers to use your personal information for their own purposes. We only permit them to process your personal information for specified purposes and in accordance with our instructions.

What about other third parties?

We may also need to share your personal information with a regulator or to otherwise comply with the law. This may include making disclosures to stock exchange regulators and disclosures to shareholders such as directors' remuneration reporting requirements.

Compass Group PLC has two social media channels: a LinkedIn page and a YouTube channel. These channels are provided by third party providers LinkedIn Inc and YouTube Inc on their respective platforms. Each of these companies acts as a separate data controller of any personal information you post on these platforms when interacting with our channels and how they use your personal information is contained within their respective privacy notices.   

Any personal information that you have made public and accessible via your profiles on the social media channels in question will be available to us.