top of page

Candidate Privacy Policy




This policy applies to all external candidates who enter the Railsr recruitment process directly or via 3rd parties (recruitment agencies).

Who are we?

Embedded Finance Ltd, trading as ‘railsr’, is made up of different legal entities which act as data controllers in relation to the processing described in this privacy policy. This privacy policy is issued on behalf of Embedded Finance Ltd as the operator of this website and on behalf of all subsidiary companies so when we mention "Railsr", "we", "us" or "our" in this privacy policy, we are referring to the relevant legal entity responsible for processing your data.

Embedded Finance Ltd is a company incorporated under the Companies Act with company number 14698459, whose registered office is at Fora Montacute Yards, Shoreditch High Street, London, England, E1 6HU

The Data Protection Officer can be contacted in relation to the processing described in this privacy notice at

Our commitment to privacy

As part of the recruitment process, Embedded Finance Ltd collects and processes personal data relating to job applicants. We are committed to ensuring that your privacy is protected when personal information about you is provided to us.


Please read this Privacy Policy carefully. It explains:


  • The types of personal information which we hold and how it is obtained;

  • The purposes for which we hold personal information and the legal basis for processing;

  • How we use the personal information which we hold and who we share it with;

  • For how long we hold personal information;

  • The procedures we have in place to protect your privacy; and

  • Your rights in relation to your personal information


What information do we collect?

For recruitment and selection purposes we collect the following information:

  • Personal contact details - name, title, address and contact details (including email address and telephone), provided by you or the recruitment agency;

  • Information from your CV or gained from the sources mentioned below, about your employment history, education, skills, experience, qualifications and remuneration; 

  • Interview feedback, results of aptitude tests and assessments of your suitability for the role, where applicable; and

  • Diversity information including gender, disability and ethnicity to inform, drive and measure progress of our diversity, inclusion initiatives;

For referencing and pre-employment screening purposes we collect the following information:

  • References from past employers (including regulatory references if required for your role);

  • Immigration status, nationality and citizenship and copies of right to work documentation;

  • Credit, criminal, identity, financial, fraud and sanctions checks, which include past criminal record, credit history and sanctions status; and

  • Academic qualifications checks.

We may collect this information in a variety of ways. For example, data might be contained in application details, CVs, cover letters, obtained from your passport or other identity documents, or collected through interviews or other forms of assessment/selection exercises.

We may also collect personal data about you from third parties. We may receive personal data about candidates for employment from recruitment consultants, professional networking sites that you subscribe to (e.g. Linkedin), your past employers where you have nominated them as referees; credit checking agencies; fraud and sanctions checking agencies; background and criminal records checking agencies; educational establishments from whom you have gained qualifications; and any specialist firms we use to advise us on matters such as visa, immigration or tax requirements for specific situations. We will only seek information from third parties for referencing and pre-employment screening once a job offer has been made/accepted by the candidate and we will inform you that we are doing so.

We use information about potential candidates for employment or services contracts with the relevant entity to assess suitability for roles and opportunities that we have available. If you submit an application through the Railsr website recruitment portal, the operator of the website, will pass the application to the appropriate employer entity for the role you have applied for. That entity will be the controller of your information, as potential employer entity, and will be responsible for the recruitment and selection process.


What is the legal basis for processing personal data?

Where UK and/or European data protection laws apply:


  • When processing candidate personal data as described above, we rely on the legal basis that the processing is in our legitimate business interests as a commercial business, and our interests are not outweighed by your privacy rights as an individual.

  • When processing immigration and right to work information in a recruitment context, we rely on the lawful basis that it is necessary for us to meet our legal obligations.

  • When processing regulatory references, and criminal records information obtained from initial screening, we rely on the lawful basis that the processing is necessary for the prevention of unlawful acts, in the public interest.

What is the business rationale for processing personal data?

We have a legitimate interest in processing personal data during the recruitment process and for keeping records of the process. Processing data from job applicants allows us to manage the recruitment process, assess and confirm a candidate's suitability for employment. We may also need to process data from job applicants to respond to and defend against legal claims.

We may process special categories of data, such as information about ethnic origin, sexual orientation or religion or belief, to monitor recruitment statistics and support our Diversity & Inclusion efforts. We may also collect information about whether or not applicants are disabled to make reasonable adjustments for candidates who have a disability. Diversity and inclusion is a really important part of our mission here at Railsr. Asking for your personal information helps us understand how we are attracting the best candidates from all walks of life. We go a further step by setting ourselves targets to ensure that successful candidates are represented as a proportion of those who apply. Railsbank Technology Limited processes such information to carry out its obligations and exercise specific rights in relation to employment.

For all roles, the company is obliged to seek information about criminal convictions and offences. Where we seek this information, we do so because it is necessary for us to carry out our obligations and exercise specific rights in relation to employment and regulatory compliance. In respect of other background checks, we are obliged to see this information in order to comply with regulatory/legal guidance.

Who has access to personal data?

We may share your personal data with:


  • Internal stakeholders for the purpose of completing recruitment & selection exercises. Details will be stored securely on our network with access limited to those who need to view details to make recruitment decisions.

  • Third parties who provide us with candidate information, host our candidate administration system, administer specialist assessments and carry out pre-employment checks with past employers, credit, fraud and sanctions checking agencies, background and criminal record checking agencies and educational establishments.

  • Third parties to comply with any requests made to us by law enforcement or regulatory bodies and where we are required to do so by law or in connection with legal proceedings.

Transfers of personal data to countries outside the UK and/or European Economic Area (EEA) for the purposes of European and/or UK data protection laws

Due to the international nature of our business, we will sometimes send personal data to a subsidiary entity. Where European and/or UK data protection laws apply, this will mean that personal data may be processed outside the UK or EEA. We will only pass personal data to other group subsidiary companies if it is necessary for the purposes outlined above.

For the purposes of UK and/or European data protection laws (where applicable), your personal data may also be processed outside the UK or EEA when we use suppliers who have global operations as part of our recruitment process. Some of the suppliers we use to provide candidate information, skills assessments, testing, and recruitment administration systems, are based outside the UK and/or EEA.

Where required by UK and/or European data protection laws, when we transfer personal data outside the UK or EEA, we will ensure that there are adequate safeguards in place to protect your personal data. Generally, these safeguards will take the form of EU approved standard contractual clauses, unless the supplier has ‘binding corporate rules’ in place within the supplier’s organisation.

Automated decision making 

In carrying out the processing described in this privacy policy, we do not make any decisions about individuals (which would have a legal or similar significant effect) based solely on automated processing of their personal data.

How long do we hold personal data? 

We will not hold on to any personal information collected for the purposes described above for longer than is reasonably necessary for those purposes, and to ensure we are able to comply with legal, regulatory and accounting requirements.

If your application for employment is unsuccessful, we will hold your data on file for 24 months after the end of the relevant recruitment process. We will not store data beyond this point and therefore, if you would like to be considered for a further opportunity with the company, you need to complete a new application.

If your application for employment is successful, personal data gathered during the recruitment process will be transferred to your personal file/employee record (HR Information System) and retained during your employment. The periods for which your data will be held will be provided to you in a new privacy notice.

What Procedures Do We Use to Protect Your Privacy? 

We take the security of your data seriously. It has internal policies and controls in place to ensure that your data is not lost, accidentally destroyed, misused or disclosed, and is not accessed except by our employees in the proper performance of their duties. We undertake to process the personal information which we collect in accordance with the applicable laws on data protection

Please note that the Internet is not a secure medium. When submitting personal information to us using the Internet, your details may not be secure from access by third parties. The submission of personal information to us using the Internet is therefore made at your own risk.

Your rights in relation to your personal information? 

As a data subject, you have a number of rights. You can:

  • Access and obtain a copy of your data on request (free of charge);

  • Have your information amended, if is incomplete or incorrect; 

  • Object to our processing your information, on grounds relating to your particular situation (but we can decline your request, if we can show compelling legitimate grounds for the processing which override your interests, or if we need to process your information for the establishment, exercise or defence of legal claims);

  • Require us to restrict the processing of your data, if you have asked for it to be amended or objected to our processing, until we have verified your request. You can also ask us to keep your personal data, but restrict the processing of it, if we no longer need it and would delete it, but you want us to keep it to enable you to bring or defend a legal claim;

  • Have your information deleted, if we no longer need to keep it, if you have objected to the processing and we have not demonstrated an overriding need to keep it, or if we are required by law to delete it.

  • Ask us to delete any information that you provide to us on a voluntary basis and with your express consent – in that case you can withdraw your consent at any time and ask us to delete the information;

  • To have your personal data that is processed by us electronically transferred to you, or to some-one else nominated by you, in a structured, commonly used and machine-readable format. This only applies to information you have provided to us voluntarily;

  • To lodge a complaint about our processing of your information with the relevant supervisory authority (which in the UK is the Information Commissioner’s Office (ICO))

If you would like to exercise any of these rights, please contact

You are under no statutory or contractual obligation to provide data to us during the recruitment process. However, if you do not provide the information, we may not be able to process your application properly or at all.

bottom of page