At Heron Foods, we take the protection of your personal data seriously. We understand that your information matters, and we’re committed to handling it responsibly and in line with data protection laws, including the UK General Data Protection Regulation (UK GDPR).
Here’s what that means in practice:
This Privacy Notice explains how Heron Foods Limited collects, uses, and protects your personal data during the recruitment process. It applies whether you're using our Careers website, submitting a CV or application form in-store, applying via an online job board, attending interviews, or progressing toward employment with us. It also covers individuals who have expressed interest in working with us - for example, by signing up for job alerts or entering optional details into our recruitment portal - even if they haven’t formally applied yet.
By visiting Heron Foods Careers or providing your personal data as part of a recruitment interaction, you’re agreeing to the practices outlined in this Notice. We may also provide additional privacy information at specific stages of the recruitment process. Please read those notices alongside this one to ensure you fully understand how and why your data is being used. This Notice complements those additional notices and does not replace them.
Please note: this Privacy Notice relates specifically to recruitment activities. If you're looking for information about how we handle customer data or cookies on our main website, please refer to our Customer Privacy Notice at heronfoods.com/privacy-policy.
Lastly, our Careers site is intended for individuals aged 16 and over. We do not knowingly collect personal data from children.
We are Heron Foods Limited, the company responsible for handling your personal data during the recruitment process. In this Privacy Notice, references to “Heron Foods”, “we”, “us” or “our” refer to Heron Foods Limited as the data controller.
Heron Foods Limited is registered in England and Wales under company number 02989051. Our registered office is located at:
The Vault, Dakota Drive, Estuary Commerce Park, Speke, Liverpool, L24 8RJ.
If you have any questions about this Privacy Notice, or if you’d like to exercise your rights in relation to your personal data, you can contact us using the details below:
Email: careers@heronfoods.com or dpo@heronfoods.com
Postal Address:
Recruitment Team
Heron Foods Limited
Jackson Way
Melton
East Yorkshire
HU14 3HJ
We also have a dedicated team overseeing data protection matters to ensure your information is handled appropriately.
You have the right to raise a concern with the Information Commissioner’s Office (ICO), the UK’s independent authority for data protection. You can find more information at www.ico.org.uk.
However, we’d always prefer the opportunity to resolve any concerns directly. If you’re comfortable doing so, please contact us first using the details above — we’re here to help.
This Privacy Notice was last reviewed on 26th September 2025. We may update it from time to time to reflect changes in how we handle personal data or to comply with legal requirements. Any updates will be published on this page, so we recommend checking back periodically.
We will only use your personal data for the purposes we’ve outlined, unless we reasonably believe there’s a compatible reason to use it differently - and we’ll explain that to you if needed. If we ever need to use your data for a new, unrelated purpose, we’ll notify you and explain the legal basis for doing so.
In some cases, we may process your data without your knowledge or consent, but only where this is required or permitted by law.
To help us keep your data accurate and up to date, please let us know if your details change during the recruitment process. You can contact us at careers@heronfoods.com to update your information.
This Privacy Notice is governed by the laws of England and Wales.
If you need to take legal action in relation to this Notice, you can do so through the courts of England and Wales. If you live in Scotland or Northern Ireland, you also have the option to bring proceedings in your local courts.
“Personal data” refers to any information that can identify you as an individual. It doesn’t include data where your identity has been removed — this is known as anonymised data.
During the recruitment process, we may collect, use, store, and share various types of personal data. These can include:
Details of your work history, education, qualifications, and any assessments or interview results gathered during the recruitment process.
Your home address, email address, and phone numbers.
We may also collect and use aggregated data — such as statistical or demographic information — to help us improve our recruitment processes. While this data may be derived from your personal information, it doesn’t identify you directly. If we ever combine it with data that could identify you, we’ll treat it as personal data and handle it accordingly.
In some cases, we may collect more sensitive information, such as:
We only collect this type of data when it’s necessary and lawful to do so - for example, to meet our legal obligations or ensure a fair and inclusive recruitment process.
If you don’t provide certain information when requested - such as proof of qualifications or employment history - we may not be able to process your application, and it could be withdrawn from consideration.
We collect personal data in a variety of ways throughout the recruitment process. These include:
You may provide personal information directly to us when you:
We may also receive personal data about you from third-party sources, including:
We will only use your personal data when the law allows us to. Most commonly, we will use your personal data where:
Set out below is a description of all the ways we plan to use your personal data, and which of the legal bases we rely on to do so. Please note that we may:
This may include:
(a) processing your information to decide whether you meet the basic requirements to be shortlisted for a role;
(b) processing your information to determine whether you have a legal right to work for us;
(c) circulating and subsequently processing online assessments (which may include personality tests);
(d) if you pass our initial assessment, inviting you for an interview (which may be conducted in-person or by phone, video or over the internet);
(e) assessing your information and the results of any interview (and comparing it to other applications we have received);
(f) communicating with you about the recruitment process; and
(g) sending you job alerts (where consent has been provided).
Automated decision-making: Our recruitment processes may include the use of automated decision-making procedures. See Section 6 of this Notice (Automated decision-making) for further details.
Types of Data: This will require us to use your: (a) Identity; (b) Employment and Qualification Data; (c) Contact Data; (d) Profile Data; and (e) Usage Data.
Basis for processing: This processing is both necessary for us to comply with our legal obligations and in accordance with our legitimate interests (to ensure that our recruitment practices help us attract and retain the best employees). Consent is also relied upon where candidates opt-in to receive job alerts.
Third-Parties Involved: Our main online platform provider is Hireful Ltd. They are registered in England and Wales with company number 03825406 and their registered office is at 15-17 Strixton Manor Business Centre, Strixton, Northamptonshire, NN29 7PA.
We also occasionally use Recruitment Agencies, who provide us with details of prospective candidates, as well as other selected third-parties involved with:
(a) online platform providers for our testing and recruitment processes (Hireful);
(b) application screening (which may include the use of third-parties who are recruitment specialists in different sectors, such as logistics);
(c) the completion of background checks; and
(d) conducting interviews.
This may include criminal background checks as well as checking education qualifications and employment history.
Types of Data: This will require us to use your: (a) Identity; (b) Employment and Qualification Data; and (c) Contact Data.
Basis for processing: This processing is both necessary for us to comply with our legal obligations and in accordance with our legitimate interests (to ensure that our recruitment practices help us attract and retain the best employees).
Third-Parties Involved: Selected third-parties involved with the completion of such background checks (including the Disclosure and Barring Service and Disclosure Scotland). Any third-parties which you specify as referees.
We may process information about criminal convictions if we consider it necessary for the role or are otherwise legally required to carry out such checks. This will be assessed on a role-by-role basis. More detailed checks may be required for those roles which involve a high degree of trust, such as those involving the handling or transfer of significant amounts of money.
Types of Data: This will require us to use your: (a) Identity; (b) Contact Data and (c) “Special Category” Data.
Basis for processing: This processing is necessary for us to comply with our legal obligations (to carry out checks necessary for the purposes of performing or exercising employment obligations or rights) and in accordance with our legitimate interests (to ensure that our recruitment practices help us attract and retain the best employees).
Third-Parties Involved: Selected third-parties involved with the completion of such criminal conviction checks (including the Disclosure and Barring Service and Disclosure Scotland).
We may use your special category data to:
(a) consider whether we need to provide appropriate adjustments during the recruitment process, for example whether reasonable adjustments need to be made: (i) during a test or interview; or (ii) to the role itself;
(b) contact you to discuss any such adjustments; and/or
(c) ensure meaningful equal opportunity monitoring and reporting.
Types of Data: This will require us to use your: (a) Identity; (b) Contact; and (c) “Special Category” Data.
Basis for processing: This processing is necessary for us to comply with our legal obligations. We may also process such data on an anonymised basis, so that it cannot be linked back to you.
Third-Parties Involved: Selected third-parties involved with making the adjustments referred to above. You may be contacted directly by such third-parties to discuss the scope of those adjustments.
We use data analytics to enhance the performance of our careers site and improve our recruitment processes.
Types of Data Used:
This may include technical information (e.g. browser type, device data) and usage patterns (e.g. pages visited, time spent).
Legal Basis:
This processing is carried out under our legitimate interest in maintaining and improving our site and recruitment activities.
Third Parties:
We may share relevant data with trusted partners who support our website development, recruitment systems, and analytics services (e.g. analytics providers like Adobe).
We process your data to support and manage your interactions with our careers site and recruitment team. This includes:
Types of Data Used:
We may use your identity, employment history, qualifications, contact details, profile information, technical data, and site usage.
Legal Basis:
We process this data to fulfil our contract with you, meet legal obligations, and pursue our legitimate interests in improving recruitment and maintaining accurate records.
Third Parties:
We may share relevant data with trusted providers who help manage and enhance our recruitment systems and processes.
Cookies are small text files stored on your device when you visit our website. They help us improve your experience, ensure the site functions properly, and allow us to understand how visitors interact with our content.
Most cookies we use are session cookies, which are automatically deleted when you leave the site. Others may remain on your device to help us recognise your browser on future visits.
You can manage your cookie preferences through your browser settings - including choosing to accept or reject cookies, or to delete them automatically when closing your browser. Please note that disabling cookies may affect the functionality of our site.
We use cookies for the following purposes:
Cookies that are essential for the operation of the site are stored under our legitimate interests (as per Article 6(1)(f) of the UK GDPR). Any additional cookies used for analytics or advertising are treated separately and managed in accordance with this policy.
We may use tools like Matomo (formerly Piwik) to analyse how visitors use our Careers site. These tools rely on cookies to collect anonymised and pseudonymised data, such as:
This helps us improve the site and tailor content to user needs. The data collected is stored securely and not shared with third parties. You can opt out of analytics tracking by adjusting your browser settings or declining non-essential cookies.
Our website hosting provider automatically collects certain technical data in server log files, including:
This data is used for troubleshooting, security, and performance monitoring. It is not combined with other data sources and is processed under our legitimate interests.
We treat all personal data collected via cookies and analytics in accordance with UK data protection laws. You have the right to:
Automated decision-making refers to decisions made by computer systems without human involvement. At Heron Foods, we may use automated processes during recruitment — for example, previous required experience, qualifications, or other criteria relevant to the role.
These systems help us manage high volumes of applications efficiently, but they are always designed to align with fair recruitment practices.
If you have concerns about an automated decision — or if you’d like a human to review a decision, challenge its outcome, or provide additional context — please contact us at careers@heronfoods.com
We take your privacy seriously and only share your personal data when necessary and appropriate. Your data may be disclosed for the purposes outlined in this Privacy Notice, including:
We ensure that all third parties handling your data comply with data protection laws and only process your information under our instructions. They are not permitted to use your data for their own purposes unless explicitly stated.
We take the security of your personal data seriously. Heron Foods has implemented appropriate technical and organisational measures to protect your information from accidental loss, unauthorised access, misuse, alteration, or disclosure.
We also have procedures in place to respond to any suspected data breaches. If a breach occurs and we’re legally required to notify you or a regulator, we will do so promptly.
Please note that while we do our best to safeguard your data, no method of transmitting information over the internet is completely secure. We cannot guarantee the security of data sent to our Careers site, but we take all reasonable steps to protect it once received.
We only retain your personal data for as long as necessary to fulfil the purposes for which it was collected - including meeting legal, regulatory, and reporting requirements.
When determining how long to keep your data, we consider:
If your recruitment process includes a video interview, it will not be recorded.
If your application is not successful, we will retain your personal data for 12 months from the date we inform you of our decision, or from the last activity on your candidate account - whichever is later. Activity includes submitting a new application. Managing job alerts does not reset the retention period.
If you are offered and accept a role at Heron Foods, your recruitment data will become part of your employee record and will be managed under our Employee Privacy Policy, contained within our Employee Handbook, which will be provided to you upon joining.
We retain data for this period to ensure we can demonstrate fair and lawful recruitment practices, and to comply with any restrictions on reapplying for certain roles within a defined timeframe. After the retention period ends, we will delete your personal data.
Under UK data protection laws, you have a number of rights in relation to your personal data. If you’d like to exercise any of these rights, please contact us at dpo@heronfoods.com.
Here’s a summary of the rights available to you:
Access to Your Data
You can request a copy of the personal data we hold about you to check that we’re using it lawfully.
Correction of Your Data
You have the right to ask us to correct any inaccurate or incomplete personal data. We may need to verify the accuracy of the new information you provide.
Erasure (Right to Be Forgotten)
You can ask us to delete your personal data where there’s no valid reason for us to continue processing it. Please note that we may not always be able to comply, depending on legal or regulatory obligations.
Restricting Processing
You can ask us to suspend the processing of your data in certain situations, such as:
Withdrawing Consent
Where we rely on your consent to process personal data, you can withdraw it at any time. This won’t affect any processing carried out before your withdrawal, but it may mean we can no longer proceed with your application.
No Fee Required
You won’t usually have to pay to exercise your rights. However, we may charge a reasonable fee or refuse a request if it’s clearly unfounded, repetitive, or excessive.
Verifying Your Identity
To protect your data, we may ask for proof of identity before fulfilling your request. We may also contact you for further details to help us respond more efficiently.
Response Time
We aim to respond to all valid requests within one month. If your request is complex or you’ve made multiple requests, we may need more time — but we’ll keep you informed throughout.
