The Forces Employment Charity (“FEC”) is committed to protecting and respecting your privacy and to recruiting fairly, lawfully and inclusively.
This notice sets out the basis on which we process your personal data (defined below) during recruitment and pre‑employment checks and explains your rights. Some of the data we collect is special category or criminal offence data; these attract additional safeguards.
The Forces Employment Charity is made up of one legal entity. When we refer to ‘FEC’, ‘we’, ‘us’, or ‘our’, we are referring to the relevant entity in Forces Employment Charity for processing your personal data. A reference to ‘you’ or ‘your’ is to you as an individual, any applicant or candidate.
The Forces Employment Charity’s registered office is on the First Floor, Mountbarrow House, 12 Elizabeth Street, London SW1W 9RB. We are a Registered Charity in England and Wales (1061212) and Scotland (SC039262). We are a company registered in England and Wales (03270369). We are registered with the ICO (Z7498943) and act as the data controller and processor for recruitment data.
Our Data Protection Controller can be contacted at the Forces Employment Charity Head Office, First Floor, Mountbarrow House, 12 Elizabeth Street, London SW1W 9RB, or by email at [email protected].
We will comply with the data protection principles. Personal data must be:
We will conduct data protection impact assessments (DPIAs) for high‑risk processing such as biometric systems or extensive vetting.
The Forces Employment Charity processes personal data to meet legal and statutory obligations and to provide our services. We do not collect unnecessary data.
Information you provide in applications or CVs and through communications (phone, email or otherwise). Information you send to us will be stored and processed by us. This includes documents/files processed through our systems.
Identity, right‑to‑work evidence, interview notes, assessments, and, where proportionate, pre‑employment vetting results (see sections on Criminal offence data, Security clearance and police vetting, and Biometric data)
We may collect information during onboarding and employment (if appointed), but this notice focuses on recruitment.
We rely on one or more of the following:
We will only process special category data (e.g., health, EDI, biometrics used for unique identification) where an additional condition applies, such as explicit consent, employment law obligations/rights, substantial public interest (equality monitoring), vital interests, legal claims, or where you have manifestly made it public.
We collect criminal record information only when it is appropriate and lawful for the role (e.g., DBS eligibility, BPSS requirements, police vetting). We will:
FEC follows Fair Chance principles. We will not ask about criminal records at the initial application stage unless the role is legally eligible for such questions or checks. A criminal record is not an automatic bar; we make case‑by‑case, role‑relevant decisions in line with the Rehabilitation of Offenders Act and DBS Code of Practice.
Some roles require additional screening due to contractual or safeguarding requirements.
BPSS (Baseline Personnel Security Standard): identity, right‑to‑work, employment history and checks of unspent convictions. BPSS is not national security vetting. It is the baseline prerequisite for working with the UK government and certain suppliers.
Police vetting – MPPV Level 2 (also referred to as NPPV Level 2): required for non‑police personnel who need unsupervised access to police premises, systems or information (typically up to OFFICIAL, occasionally SECRET). Checks may include PNC/PND intelligence searches and financial checks and are decided by a police vetting unit under the Vetting Code of Practice.
Purpose: BPSS = baseline integrity/right‑to‑work for government‑related roles; MPPV/NPPV L2 = suitability to access police assets/information.
Scope: BPSS focuses on identity, right‑to‑work, employment history and unspent conviction checks; MPPV/NPPV L2 can involve wider police intelligence and financial vetting and is administered by a police force vetting unit.
Outcome: BPSS permits baseline access to government work; MPPV/NPPV L2 provides specific vetting clearance to access police premises/systems and is subject to police re‑verification schedules.
We will tell you in advance if a role requires BPSS, police vetting, or national‑security vetting (e.g., CTC/SC/DV), and explain what data will be processed, by whom, and for what purpose. Vetting will not be carried out where it is unnecessary and will always be proportionate to the role risk.
If we use biometric recognition (e.g., facial) for identity verification or secure access:
Recruitment data: six months
Recruitment data (applications, interview notes): six months after the recruitment decision, unless longer is required to resolve a dispute or comply with the law.
HMRC data: seven years (six years plus current year)
HMRC/pay data (if hired): 6 years + current year.
DBS/criminal‑record certificate information: keep no longer than necessary and typically no more than 6 months after the decision, unless a longer period is legally required (e.g., safeguarding audit), stored securely with strictly limited access.
BPSS verification records: retained as required under government security policy (typically for the duration of engagement plus a defined period).
Police vetting (MPPV/NPPV) records: retained in line with the issuing police force’s Vetting Code/APP schedules; subject to re‑verification and annual integrity reviews as mandated by policing guidance.
Information stored on IT systems (e.g., email history) will be deleted regularly in accordance with our retention policies.
We do not process personal data using automated decision-making.
We do not make solely automated decisions that produce legal or similarly significant effects on you. Where automated tools assist shortlisting, meaningful human review is applied.
We share only what is necessary, with:
You can contact the Data Protection Controller to exercise your rights:
You may lodge a complaint with the ICO (see https://ico.org.uk/concerns/).
Please keep your information accurate and up to date (e.g., name, address). For emergency contacts, ensure those individuals know we hold their details for that purpose.
Personal data: information relating to an identified or identifiable person.
Special category data: data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data processed for unique identification, health, sex life or sexual orientation.
Criminal offence data: data relating to criminal convictions and offences, or related security measures.
UK GDPR: the retained EU law version of the GDPR, as amended in the UK.
BPSS: Baseline Personnel Security Standard checks for government‑related roles. MPPV/NPPV Level 2: non‑police personnel vetting level administered by police vetting units for access to police assets/systems.
March 2026