Privacy Notice for APM's Recruitment Process

Date of publication: 07-01-2026

We at Association for Project Management manage our employer branding and recruitment process through our career site (the “Career Site”), and by using a related applicant tracking system.

In this privacy policy, we explain how we process your personal data if:

You visit our Career Site (you being a “Visitor”)
You connect with us via our Career Site, to create a profile with us and receive information about current or future vacancies with us (you being a “Connecting Candidate”)
You apply for a position with us, via our Career Site or a third party service (you being an ”Applying Candidate”)
We collect information about you from other parties, sites and services, since we believe your profile is of interest for our current or future vacancies (you being a “Sourced Candidate”)
We receive information about you from our employees or partners, since they believe your profile is of interest for our current or future vacancies (you being a “Referred Candidate”)
We receive information about you from a Candidate, who lists you as their reference (you being a “Reference”).

This privacy policy also describes what rights you have when we process your personal data, and how you can exercise these rights.

When we use the term “Candidate” in this privacy policy, we are referring to each of Connecting Candidates; Applying Candidates; Sourced Candidates; and Referred Candidates, unless it’s stated otherwise.

1. About processing of personal data

Personal data is all information that can be directly or indirectly linked to a living, physical person. Examples of personal data are: name, e-mail address, telephone number and IP address. Processing of personal data is any automated use of personal data - such as collecting, creating, analysing, sharing, and deleting personal data.

There are laws and regulations on how companies may process personal data, so-called data protection laws. Different data protection laws apply to different types of use of personal data, and in different parts of the world. An example of a data protection law that is relevant for our use of your personal data, as described in this privacy policy, is the UK General Data Protection Regulation (“UK GDPR”).

Most obligations under the UK GDPR apply to the so-called data controller. A data controller is the entity that decides for which purposes personal data will be processed, and how the processing will be executed. The data controller can use a so-called data processor. A data processor is an entity that is only allowed to process personal data as instructed by the data controller, and may not use the personal data for its own purposes.

We are the data controller when we process your personal data as described in this Privacy policy.

2. What personal data do we process?

All individuals

Device information: If you visit our Career Site, we will collect information about your device, such as IP address, browser type and version, session behaviour, traffic source, screen resolution, preferred language, geographic location, operating system and device settings/usage.

Technical and statistical data: If you visit our Career Site, we will collect technical and statistical data about your use of the site, such as information about which URLs you visit, and your activity on the site.

Communications data: We will collect and store your communication with us, including the information you provided in the communication. This may include the content of emails, video recordings, messages on social media, the information you add to your account with us, surveys, etc.

Contact details: Such as your name, email address, telephone number and physical address.

Candidates

Data from interviews, assessments and other information from the recruitment process - Such as notes from interviews with you, assessments and tests made, salary requirements. This may also include special category data, such as information about disabilities or medical conditions, where required to make reasonable adjustments during the recruitment process.

Information in your application - Such as your CV, cover letter, work samples, references, letters of recommendation and education.

Information in your public profile - Meaning the information we collect about you from public sources related to your professional experience, such as LinkedIn or the website of your current employer.

Information provided by references - Meaning the information we receive from our employees or partners who refer you to us, or by the persons you have listed as your references.

3. Where do we receive your personal data from?

All individuals

From the Career Site. If you visit our Career Site, we collect technical and statistical information about how you use the Career Site, and information from your device.

Directly from you. Most of the information we process about you, we receive directly from you, for example when you apply for a position with us or connect with us. You can always choose not to provide us with certain information. However, some personal data is necessary in order for us to process your application or provide you the information you request to get from us.

References

From the person for whom you are a reference. If a Candidate lists you as their reference, we will collect your contact details from the candidate to be able to contact you.

Candidates

From public sources. We may collect personal data about you from public sources, such as LinkedIn or the website of your current employer.

From our references. We may receive information about you from our employees or partners (such as recruitment service providers), when they believe your profile is of interest for our current or future vacancies.

From your references. If you provide us with references, we may collect information about you from them.

Data we create ourselves or in cooperation with you. Information about your application and profile is usually created by us, or by us in cooperation with you, during the recruitment process. This may for example include notes from interviews with you, assessments and tests made.

4. For what purposes do we process your personal data?

To protect and enforce our rights, interests and the interests of others, for example in connection with legal claims.

Affected individuals: The individual(s) affected by the legal issue - this may include persons from all categories of individuals listed above.

Categories of personal data used: All the categories of personal data listed above can be used for this purpose.

Share your personal data with other recipients, for the purposes mentioned in Section 5 below.

Affected individuals: Varies depending on the purpose of the sharing, see Section 5 below.

Categories of personal data used: All the categories of personal data listed above may be used for this purpose.

Collect information about your use of the career site, using cookies and other tracking technologies, as described in our Cookie Policy cookies and other tracking technologies, if applicable, as described in our Cookie Policy.

Maintain, develop, test, and otherwise ensure the security of the career site.

Affected individuals: Visitors.

Categories of personal data used: Device information; Technical and statistical data.

Analyse how the career site and its content is being used and is performing, to get statistics and to improve operational performance.

Affected individuals: Visitors.

Categories of personal data used: Device information; Technical and statistical data.

Provide you with updates about vacancies with us.

Affected individuals: Connecting Candidates.

Categories of personal data used: Contact details; Communications data.

Review profiles and applications sent to us. This also includes communicating with you about your application and profile.

Affected individuals: Connecting Candidates; Applying Candidates.

Categories of personal data used: All the categories of personal data listed above may be used for this purpose.

Collect and evaluate your professional profile on our own initiative. This also includes communicating with you regarding your profile.

Affected individuals: Sourced Candidates; Referred Candidates.

Categories of personal data used: All the categories of personal data listed above may be used for this purpose.

Contact you directly about specific, future vacancies with us.

Affected individuals: Candidates.

Categories of personal data used: All the categories of personal data listed above may be used for this purpose.

Record the interview(s) with you.

Affected individuals: Candidates.

Categories of personal data used: Communications data.

Contact you to ask for your participation in surveys

Affected individuals: Candidates.

Categories of personal data used: All the categories of personal data listed above may be used for this purpose.

Contact you to ask you to provide information about a candidate and evaluate the information you provide.

Affected individuals: References.

Categories of personal data used: Contact details; Communications data.

5. Whom do we share your personal data with?

Our service providers. We share your personal data with our suppliers who provide services and functionality in our employer branding- and recruitment process. For example, this includes recruitment service providers and the supplier of our Career Site and related applicant tracking system (Team Tailor, Cronofy, AWS London, Azure). When we use service providers, we only disclose the personal information that is necessary to deliver the service, we thoroughly assess the providers before they’re appointed and they are under contractual obligation to keep your information secure and not to use it for other purposes.

Companies providing cookies on the Career Site. If you consent to it, cookies are set by other companies than us, who will use the data collected by these cookies in accordance with their own privacy policy. You can find information about which cookies this applies to in our Cookie Policy.

To authorities and other public actors - when we are ordered to do so. We will share your personal data with authorities and other public actors when we have a legal obligation to do so.

To parties involved in legal proceedings. If needed to protect or defend our rights, we share your personal data with public authorities or with other parties involved in a potential or existing legal proceeding. This can for example be in case of discrimination claims.

Mergers and acquisitions etc. In connection with a potential merger, sale of company assets, financing, or acquisition of all or part of our business to another company, we may share your personal data to other parties involved in the process.

6. On what legal bases do we process your personal data?

To be able to process your personal data, we need to have a so-called legal basis. A legal basis is a reason for processing the personal data that is justified under the UK GDPR.

When we process your personal data for the purposes described in this Privacy Policy, the legal basis we rely on is normally that the processing is necessary for our legitimate interest in being able to recruit talent with the relevant competence for us. We have concluded that we have a legitimate interest in being able to perform the personal data processing for this purpose; that the processing is necessary to achieve that purpose; and that our interest outweighs your right not to have your data processed for this purpose. Where we process special category data, such as disability or medical information, we do so either to comply with our legal obligations under employment law or with your explicit consent.

You can contact us for more information about how this assessment was made. See Section 9 and 10 below for our contact information.

There may be specific circumstances when the processing is only performed if and when you provide your consent to the processing. This is for example the case if we propose to record an interview with you or retain your data for future vacancies beyond the standard retention period. Please see Section 10 below for more information about your right to withdraw your consent.

7. International Transfers

We do not transfer your personal data outside the UK

8. How do we protect your data?

We are accredited to the Cyber Essentials Plus standard, reflecting our commitment to strong IT security. Your personal data is stored on secure systems with firewalls, encryption, and strict access controls. Special category data, such as disability or medical information, receives additional safeguards including restricted access, enhanced encryption, and staff training. We only collect what is strictly necessary and ensure robust contractual protections with any third parties.

9. For how long do we keep your personal data?

All individuals

If we process your personal data for the purpose of being able to protect and enforce our rights, we will keep your personal data until the relevant legal issue has been fully and finally resolved.

Visitors

We keep your personal data for one (1) year for security purposes. The retention periods for cookies are set out in our Cookie Policy. We keep your personal data to analyse the performance of the Career Site for as long as we keep personal data about you for other purposes.

Candidates

If you are a Connecting Candidate (only), we keep your personal data for as long as you remain connected with us.

For other types of Candidates, we keep your personal data to decide if you are a suitable candidate for the relevant vacancy(ies) with us.

If you are not successful in the initial recruitment process, we will retain your personal data for as long as you wish to consider you for relevant future job opportunities and to contact you if appropriate. We will seek renewed consent every 6 months to continue holding your data.

If you are hired, we will keep your personal data during your employment, for other purposes than those stated above, which you will be informed of.

References

We keep your personal data for as long as we keep the personal data of the Candidate for whom you acted as a reference.

10.What rights do you have, and how can you exercise them?

In this section, you will find information about the rights you have when we process your personal data. As described below, some of the rights only come into play when we process your personal data under a particular legal basis.

If you want to exercise any of the rights listed here, we suggest that you:

Visit the Data & Privacy page on our Career Site, where we offer features to let you exercise your rights;

Your rights under UK GDPR include:

Right to be informed

Right to access your personal data

Right to data portability

Right to have your personal data deleted (“right to be forgotten”)

Right to object to processing based on legitimate interest

Right to restrict processing

Right to rectification

Right to withdraw your consent (where applicable)

Right to raise a complaint with the Information Commissioner’s Office (ICO)

If you have complaints about our processing of your personal data, you can raise a complaint with us at dataprotection@apm.org.uk. If you are not satisfied with our response, you can lodge a complaint with the Information Commissioner’s Office (ICO) here.

11. Where can you turn with comments or questions?

If you want to get in touch with us to exercise your rights, or if you have any questions, comments or concerns about how we handle your personal data, you can reach us by sending an email to dataprotection@apm.org.uk.

12. Updates to this Privacy policy

We update this privacy policy when necessary - for example, because we start processing your personal data in a new way, because we want to make the information even clearer to you, or if it’s necessary to do so in order to comply with applicable data protection laws.

We encourage you to regularly check this page for any changes. You can always check the top of this page to see when this privacy policy was last updated.

We will notify you of significant changes to this policy via the Career Site.

13. Artificial Intelligence (AI) and Automated Decision-Making

We use certain artificial intelligence (AI) features within our applicant tracking system (Team Tailor) to support and enhance our recruitment process. These features may include:

Summarising CVs and candidate profiles to help our team quickly identify relevant skills and experience;

Generating interview questions and job descriptions based on the requirements of each vacancy;

Screening candidates against criteria set for specific roles;

Providing summaries and transcriptions of video interviews, where these are used.

Human Oversight

While AI tools assist us in reviewing applications and managing recruitment, all decisions regarding your application are subject to meaningful human review. We do not rely solely on automated decision-making to determine the outcome of your application. Our recruitment team considers AI-generated insights alongside other information and exercises independent judgement in all hiring decisions.

Your Rights

You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal or similarly significant effects for you. If you wish to opt out of AI-supported processing or request a human review of any decision, please contact us at dataprotection@apm.org.uk.

Fairness and Transparency

We are committed to ensuring that our use of AI is fair, transparent, and does not result in discrimination. We regularly review our processes and provide training to our staff to mitigate risks of bias and to ensure that all candidates are treated equitably.

Further Information

If you have any questions about how AI is used in our recruitment process, or if you would like further details about the safeguards we have in place, please get in touch using the contact details provided in this policy.

14. Additional Information

For more details on how APM handles personal information in general, please see the APM Website Privacy Statement.

15. Policy Review

We keep this statement under review as part of our overall Data Protection Policy. It was last updated in November 2025.

Privacy Notice for APM's Recruitment Process

About Association for Project Management

Already working at Association for Project Management ?