Candidate Privacy Notice.
1. PURPOSE AND SCOPE
We are committed to the protection and promotion of your privacy. In connection with your application for a job with us at The Foundry Visionmongers Ltd or its group company, (“Foundry”, "we", "us"), it is necessary for us to collect, store and use information about you to administer and evaluate your application. We are the “Controller” of the Personal Data you provide us and will Process any such Personal Data in accordance with Applicable Data Protection Laws and the statements contained in this Candidate Privacy Notice (this "Notice").
In order to promote the coordinated and secure Processing of your data for purposes of administering the application process, we rely on one or more services and/or centralized human resource information systems that may be operated or administered either by us, by our parent company, Roper Technologies, or by one of its affiliates (collectively, the “Roper Group”). We also may share information about your application with other members of the Roper Group in the event that they have openings that may be a fit for your skillset. This Notice provides relevant information about the Personal Data that is Processed using those systems.
2. ROLES AND RESPONSIBILITIES
Foundry’s Cyber Committee (the “Committee”) has overall responsibility for ensuring compliance with Applicable Data Protection Laws and with this Notice.
If this Notice does not answer your questions, or if you consider that we have not followed this Notice in respect of your Personal Data, then you can get in touch with the Committee by contacting Foundry’s General Counsel by phone, email or post and we will be happy to help.
| How to contact us | Details |
| Phone | +44 (0)20 7479 4350 |
| legal@foundry.com | |
| Address | The General Counsel The Foundry Visionmongers Ltd. 5 Golden Square London W1F 9HT United Kingdom |
3. DEFINITIONS
In this Notice the terms set out below have the following meanings:
Applicable Data Protection Laws means all applicable data protection, privacy and data security laws and regulations to which Foundry or the relevant processing activity is subject, including but not limited to, the UK GDPR, EU GDPR, the UK Data Protection Act 2018, and the California Consumer Privacy Act (as amended), together with any implementing legislation or successor laws.
Controllers are the people who or organisations which determine the purposes and manner in which any Personal Data is Processed. They have a responsibility to establish practices and policies in line with Applicable Data Protection Law. Foundry acts as a Controller in respect of some of the Personal Data Processed within our business.
Data Subjects means a living, identified or identifiable individual about whom we hold Personal Data. Data subjects may be nationals or residents of any country and may have legal rights regarding their Personal Data.
EEA refers to the European Economic Area.
EU GDPR means the General Data Protection Regulation (EU) 2016/679.
Personal Data means data or information relating to a Data Subject. An identifiable natural person is one who can be identified directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. For the purposes of applicable US state privacy laws, references to “Personal Data” in this Notice include “Personal Information” as defined under those laws.
Processing is any activity that involves use of the data. It includes obtaining, recording or holding the data, or carrying out any operation or set of operations on the data including organising, amending, retrieving, using, disclosing, erasing or destroying it. Processing also includes transferring Personal Data to third parties.
Special Category Data means information about a person's racial or ethnic origin, political opinions, religious or philosophical belief, trade union membership, genetic or biometric data, health, sex life or sexual orientation. Personal Data relating to criminal convictions and offences or related security measures are treated separately under Applicable Laws, but shall be treated as Special Category Data for the purposes of this Notice.
UK GDPR means the retained EU law version of the EU GDPR as defined in the Data Protection Act 2018.
4. THE PERSONAL DATA WE COLLECT
We collect Personal Data to manage and administer your application for employment with Foundry. The categories of data we may collect about you fall into the following categories under Applicable Data Protection Laws:
• Personal and contact details: Identification data (e.g., name, identifying numbers, etc.), gender, age and contact details (e-mail, phone numbers, physical address).
• Working status: National Insurance number, driver’s license, health data, ID card data, citizenship, passport data, details of residency, visa or work permit and disability status.
• Personal History: resume data, previous salary information, identity and background check information, previous employment information.
• Candidate information: we create profiles of potential recruits to the business including the individual’s contact details, CV, employment history, salary expectations, work preferences and availability, nationality, notice period, interview-feedback, assessment details, screening question responses, job interview notes, and recruitment-related or professional-presence social media profiles.
Under applicable US state privacy laws, including the California Consumer Privacy Act, the categories of Personal Information we may collect include identifiers, professional or employment-related information, education information, and sensitive Personal Information, where permitted by law.
We may also collect the following types of Special Category Data:
• Health Information: details about your health, including any medical condition or disabilities, symptoms and/or test results of Covid-19.
• Ethnicity information: Information about your race or ethnicity.
• Veteran Status (US only): We treat information pertaining to veteran status as Special Category Data.
Where Sensitive Personal Information is collected, it is used only for purposes permitted under applicable law, including recruitment administration, compliance with employment law obligations, and equal opportunity monitoring.
5. WHAT WE USE YOUR PERSONAL DATA FOR AND WHY
Applicable Data Protection Laws require that we Process your Personal Data for purposes that we tell you about and only where we have a lawful basis to do so. The below table sets out our purposes of Processing, the lawful basis of Processing we rely on, and the Personal Data Processed for that purpose.
Where we Process your Personal Data because we have a legitimate interest
We Process these items of your Personal Data because we have legitimate interests in recruiting suitable candidates for our business, to manage and monitor diversity, equality and inclusion, communicating with you, protecting our business operations and assets:
| Our specific legitimate interest | Reason or purpose | Personal Data used |
|---|---|---|
| To recruit suitable candidates for our business | To assess your skills, qualifications, and interests against our job opening requirements to further our legitimate interest in identifying qualified applicants |
|
| To protect our business operations and assets | To verify the information you provide us during the application process and conduct various identity reference and background checks (where applicable) if you are offered a job |
|
| To communicate with you | To communicate with you about your applications and the recruitment process |
|
Where we Process your Personal Data because you have consented
| Reason or purpose | Personal Data used |
|---|---|
| Keeping you informed about other potential job opportunities within the Roper Group |
|
Where we Process your Personal Data to comply with our legal obligations
| Reason or purpose | Personal Data used |
|---|---|
| We process your Personal Data to meet our legal obligations, including complying with applicable laws, regulations, or legal requirements, responding to legal requirements, or completing any reports required by law. |
|
Where we Process Special Category Data because we are legally obliged to
We collect and use certain types of Special Category Data in limited circumstances where it is necessary for us to protect your interests (e.g., to provide certain job-related accommodations), where we need to do so to comply with specific legal obligations (e.g., equal opportunity or anti-discrimination legislation or employment law), or where we have your explicit consent to use it:
Where we process Special Category Data because we are legally obliged to under employment law
| Reason or purpose | Special Category Data used |
|---|---|
| Comply with equal opportunity or anti-discrimination legislation or regulations (where applicable) |
|
| In the course of legal proceedings (including prospective legal proceedings), complying with applicable laws and regulations, obtaining legal advice, establishing or defending legal claims, or otherwise where strictly necessary for the administration of justice in accordance with applicable laws. |
|
6. SOURCES WE COLLECT YOUR PERSONAL DATA FROM
We may collect Personal Data about you from the following sources:
• Directly from you in the form of your application, resume, and other materials submitted to us;
• Referees you named;
• Publicly available sources: for recruitment purposes, we make use of public records including company websites, industry publications, industry news websites, LinkedIn and other social media where it is used in a professional context.
• Background check service providers (if we extend a conditional offer of a role to you).
If you fail to provide Personal Data when requested and the Personal Data is necessary for us to evaluate your application (e.g., work history), we may not be able to process your application further.
7. WHO WE SHARE YOUR PERSONAL DATA WITH
| Who | Examples of Sharing |
|---|---|
| Roper UK Limited and Roper Technologies, Inc. (Foundry’s parent companies) | We may disclose your Personal Data to Roper Group companies for the purpose of you being considered for other roles within the Roper Group. |
| IT, cloud service providers, and AI service providers, including Google Cloud (Gemini Enterprise), who provide hosted infrastructure, and workflow support | We use IT systems and cloud platforms for our everyday business functions including email and document storage, to process recruitment candidates and to provide our People Team portal, for example HiBob. We also engage third parties to support the operation and security of our systems. |
| The government or regulators | Where we are required to do so by law or to assist with their investigations or initiatives and/or for compliance with regulations, including, in the UK, HMRC, the ICO, Companies House and the local health protection team (e.g. a Covid-19 taskforce). |
| Police and law enforcement | To assist with the investigation and prevention of crime. |
| Business acquisitions | If we sell or buy any business or assets, or the shareholders in our corporate group decide to sell any shares, we may disclose your Personal Data to the prospective seller or buyer of such business, assets or shares. |
| Background check service providers | To verify the information you provide us during the application process and conduct various identity, reference and background checks (where applicable) if you are offered a job. |
| AI-powered Assistive Technologies | We use artificial intelligence (“AI”) tools that provide predictive, generative or analytical capabilities, including Google’s Gemini Enterprise deployed within Foundry’s Google Cloud environment, to support business operations, improve efficiency, conduct enterprise search across authorised systems, and automate certain workflows. Where we use these systems in the course of our work, Personal Data may be processed where it is included in prompts, documents, communications, candidate records, or other content accessible to the user. Where applicable, use of AI systems is subject to:
We implement meaningful human oversight in connection with the use of AI systems. AI systems are not used to make hiring decisions, and no employment, performance management, disciplinary, promotion, compensation, or termination decisions are made solely by automated means. |
We will obtain assurances from each third party with whom we share your Personal Data that it will safeguard your Personal Data in a manner consistent with this Notice. If we have knowledge that a third party is using or disclosing Personal Data in a manner contrary to this Notice, we will take reasonable steps to prevent or stop the use or disclosure.
We do not sell or share Personal Data about you to unrelated companies for their independent use.
8. TRANSFERRING YOUR DATA INTERNATIONALLY
If you live in a country in the UK and/or EEA, the Personal Data that we collect from you may be transferred to, and stored at, a destination outside the UK and/or EEA (including to other affiliates of the Roper Group in the US). It may also be Processed by staff operating outside the UK and/or EEA who work for us or for one of our suppliers.
To ensure that your Personal Data is secure, we will only transfer information to a country outside of the UK and/or EEA where we do so in accordance with the Applicable Data Protection Laws. This requires that one of the following conditions apply:
• the European commission or the UK government has decided that the country to which we transfer the Personal Data provides an adequate level of protection for your Personal Data;
• appropriate safeguards are in place such as binding corporate rules, standard contractual clauses approved by the European Commission and/or the UK International Data Transfer Agreement (IDTA) or UK Addendum, as applicable, or approved for use in the UK, an approved code of conduct or a certification mechanism is in place;
• you have provided explicit consent to the proposed transfer after being informed of any potential risks; or
• the transfer is based on an exemption from the GDPR and UK GDPR restrictions on transferring Personal Data outside of the EEA or the UK as applicable.
Foundry and the Roper Group have executed Standard Contractual Clauses, as approved by the European Commission and/or by the United Kingdom’s Information Commissioners’ Office. These clauses permit us (or the Roper Group) to transfer data from the EEA and the UK to third countries, including the United States. Regardless, in all events, we shall apply the provisions of this Notice to your Personal Data wherever it is located.
9. AUTOMATED DECISION MAKING AND PROFILING
Automated decision making happens when a computer uses Personal Data to make decisions about a person without any human intervention which have legal effects or similarly significant effects for the person. We do not engage in any form of automated decision making that produces legal effects or similarly significant effects about individuals.
Profiling happens when a computer system uses Personal Data to evaluate a person’s characteristics. We do not undertake profiling.
10. HOW LONG WE KEEP YOUR DATA
We will keep and Process your Personal Data only for as long as is necessary for the purposes for which it was collected, unless there is a legal right or obligation to retain the data for a longer period. This includes Personal Data processed through AI systems, which remains subject to applicable retention policies and access controls.
How long other parties keep your data will depend on their own data retention policies and processes. Please note that our background check service provider will store your data until you request its deletion directly to them.
11. YOUR RIGHTS IN RELATION TO YOUR PERSONAL DATA
You may have certain rights relating to your Personal Data based on local Applicable Data Protection Laws.
Under certain circumstances, you have the following rights in relation to your Personal Data:
• The right of access to your Personal Data: This enables you to receive a copy of the personal information we hold about you and check that we are lawfully Processing it.
• The right to have your Personal Data rectified: This enables you to have any incomplete or inaccurate information we hold about you corrected.
• The right to deletion of your Personal Data: This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it, you withdraw your consent, we are unlawfully holding your Personal Data or we should erase your Personal Data to comply with Applicable Data Protection Laws. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to Processing (see below).
• The right to object to Processing of your Personal Data: This applies where we are relying on a legitimate interest (or those of a third party) as a legal basis for our Processing and there is something about your particular situation which makes you want to object to Processing on this ground. You also have the right to object to us Processing your Personal Data where we are Processing your personal information for direct marketing purposes.
• The right to restriction of Processing of your Personal Data: This enables you to ask us to suspend the Processing of Personal Data about you, for example if you want us to establish its accuracy or stop us deleting Personal Data which you need for a legal claim.
• The right to have your data transferred to another services provider: This enables you to have the Personal Data you have provided us to be transferred to another party.
• Withdraw your consent to the Processing of your Personal Data (to the extent we base Processing on consent and not on another lawful basis).
We will not discriminate against you, in any manner prohibited by applicable law, for exercising these rights. You may exercise your rights, to the extent applicable, by submitting a request via our Privacy Rights Request webpage available through the “Do Not Sell/Share My Personal Information” link in the footer of our Website, or by emailing privacyrights@foundry.com, or by contacting us via post to the address: The Foundry Visionmongers Ltd, 5 Golden Square, London, W1F 9HT, United Kingdom (RE: Privacy Rights). We will respond within the time period required by applicable law.
12. CHANGES TO THIS NOTICE
We reserve the right to update this Notice from time to time. If there are material changes to this Notice or in how Foundry will use your Personal Data, we will use reasonable efforts to notify you by posting a notice of such changes before they take effect.
13. CONTACT AND COMPLAINTS
If you have any questions, please contact legal@foundry.com or privacyrights@foundry.com
If you are not happy with how Foundry handles your Personal Data and we cannot provide you with a satisfactory resolution to your request, you also have the right to lodge a complaint with a supervisory body for data protection in your jurisdiction.
Last updated: April 2026