Recruitment Privacy Policy
Ryanair is committed to complying with applicable data protection and privacy standards at all times and takes its responsibility regarding information security very seriously. Any personal data collected by Ryanair during the recruitment process is processed in accordance with this Recruitment Privacy Policy (“Privacy Policy”), and in compliance with the Data Protection Acts 1988 to 2018 (“Irish Data Protection Act 2018”), the ePrivacy Regulations 2011, the EU General Data Protection Regulation (EU Regulation 679/2016) (“the GDPR”) and other applicable data protection legislation (“Data Protection Laws”). This Privacy Policy only applies to the personal data of job applicants, potential candidates for employment and those who participate in our recruiting programs and events (“you”).
1. Data Controller
“Ryanair” (referred to as “we”, “us”, “our” or “Ryanair” in this policy) in this policy primarily refers to Ryanair D.A.C., the main operating company of the Ryanair group (Ryanair DAC, Ryanair Sun, Ryanair UK, Lauda Europe, and Malta Air), and, where appropriate, to other entities over which Ryanair exercises management control.
Ryanair D.A.C. is the “data controller” of all personal data that is collected and used by Ryanair about job applicants for the purpose of the GDPR, Irish Data Protection Act 2018 or, as applicable in respect of UK job applicants, the UK Data Protection Act 2018. Ryanair is registered in Ireland with registration number 104547 and registered offices at Ryanair Dublin Office, Airside Business Park, Swords, Co. Dublin.
2. What Personal Data We Collect
Personal data can be defined broadly as information that relates to an individual where that individual is directly identified or could be identifiable when that personal data is combined with other information.
“Candidate Data” is personal data about you that we collect if you engage with the Ryanair recruitment platform, create a candidate profile and/or apply for a specific position with us either through our online application process or through your local human resources contact, for instance during Careers Open Day, or to join our talent pool. Our application process is set up to ensure that only one candidate profile can be created per person, and it cross-references unique identifiers such as email and phone number to ensure only one account can be created with this information.
Candidate Data is also created by our recruiting personnel in the course of their interactions with you throughout the recruiting process, including assessment results and interview feedback.
The types of Candidate Data we collect about you are listed below:
- Identity Data such as name, gender, personal email, job title, nationality, passport number, visa information, eligibility for work in certain countries, home address, telephone numbers, height and photograph (which is collected only in relation to certain roles at an advanced stage of the recruitment process);
- Recruitment Data such as your education and training, qualifications, languages spoken, driving license number, CV and application data, interview and assessment data, previous work history, prior application history, recruitment interviews;
- Background Data such as your references, vetting and verification information, previous residential address and public information displayed on LinkedIn and other social media or public forums;
- Feedback Data such as your feedback and opinions (e.g. surveys) on the recruitment process;
- Third Party Data: In certain circumstances we may process personal data of third parties, such as referees. The personal data regarding third parties that you provide to us will be processed for the purposes of reviewing your application and considering your candidacy for a job. We typically request and contact referees once the job has been offered. Before you provide data relating to third parties to us, you should ensure you are permitted to do so and provide them with the information contained in this notice. The data that we obtain from referees will be treated as confidential and will not be shared with anyone;
- Special Category Data is a subset of personal data that includes information relating to your physical or mental health (e.g., your eyesight); and
- Criminal Data: Ryanair also processes your criminal data which includes records and information regarding criminal offences or proceedings to conduct background checks as part of the vetting process to the extent permitted and required by applicable law.
We may collect and process Special Category Data and Criminal Data (to the extent permitted and required by applicable laws) that is strictly necessary for particular roles, such as cabin crew or pilots or roles that require airport IDs to be obtained.
Please do not include any personal data in your CV or other materials that you submit to Ryanair that you do not wish to be used for the purposes set out below.
3. What do we use your personal data for?
Data Protection Laws require us to have, and to inform you of, the lawful bases we are relying on to process your Candidate Data. ‘Lawful bases’ are the legal reasons for our use of your personal data. We cannot process your personal data if we do not have one.
In most cases we will process your personal data so we can process your job application. We have described these purposes and all other purposes your personal data may be used for below. We will only process your personal data for these stated purposes.
| No. | Personal data processed for this purpose | Purpose for processing | Lawful basis |
|---|---|---|---|
| a) | Identity Data Recruitment Data Background Data Third Party Data | Assessing your suitability for a specific position at Ryanair. | This processing is necessary for compliance with legal and regulatory obligations to which Ryanair is subject under: – Commission Regulation (EU) No 965/2012 of 5 October 2012 laying down technical requirements and administrative procedures related to air operations pursuant to Regulation (EC) No 216/2008 of the European Parliament and of the Council, – European Aviation Safety Authority’s Acceptable Means of Compliance (AMC) and Guidance Material (GM) to Annex IV Commercial air transport operations [Part-CAT], – UK Regulation (EU) No. 965/2012 on Air Operations. Our legitimate interests in efficiently evaluating your application to manage our relationship with you and to ensure we recruit appropriate employees. |
| b) | Identity Data Recruitment Data Background Data Third Party Data Criminal Data | To conduct appropriate vetting including, where relevant and to the extent permitted by applicable laws, right to work verification, identity fraud checks, criminal record checks, review of relevant employment history, relevant regulatory status and professional qualifications. | This processing is necessary for compliance with Ryanair’s legal and regulatory obligations under: – Commission Regulation (EU) No 965/2012 of 5 October 2012 laying down technical requirements and administrative procedures related to air operations pursuant to Regulation (EC) No 216/2008 of the European Parliament and of the Council, – European Aviation Safety Authority’s Acceptable Means of Compliance (AMC) and Guidance Material (GM) to Annex IV Commercial air transport operations [Part-CAT], – UK Regulation (EU) No. 965/2012 on Air Operations. This processing is also necessary for the purpose of the legitimate interests pursued by Ryanair to ensure the information provided to us is accurate and complete, and that we recruit appropriate employees. |
| c) | Special Category Data | To provide reasonable accommodations to facilitate the interview process. To meet legal requirements for specific roles e.g., in the case of pilots, medical data. | Necessary for the purposes of carrying out the obligations and exercising the rights of you or Ryanair in the field of employment-related laws to the extent permissible under applicable laws. This processing is necessary for compliance with Ryanair’s legal and regulatory obligations under: – Commission Regulation (EU) No 965/2012 of 5 October 2012 laying down technical requirements and administrative procedures related to air operations pursuant to Regulation (EC) No 216/2008 of the European Parliament and of the Council, – European Aviation Safety Authority’s Acceptable Means of Compliance (AMC) and Guidance Material (GM) to Annex IV Commercial air transport operations [Part-CAT], – UK Regulation (EU) No. 965/2012 on Air Operations. |
| d) | Feedback Data | Improving business processes, including reviewing our recruitment processes and tools. | This processing is necessary for the purpose of the legitimate interests pursued by Ryanair to continuously improve the recruitment processes and procedures. |
| e) | Identity Data Recruitment Data | Collect and store relevant data to enable Ryanair to consider you for any suitable positions that may become available in the future. | The processing of this data is based on your consent. |
| f) | Identity Data Recruitment Data Background Data Third Party Data Special Category Data Criminal Data | To ensure compliance with employment laws and where necessary for the establishment, exercise or defence of legal claims, prospective legal claims, legal proceedings or prospective legal proceedings, whether before a court, tribunal or other administrative proceeding. | Legitimate interest in enforcing Ryanair’s legal rights. For Special Category Data and Criminal Data, as necessary for the establishment, exercise or defence of legal claims or for the purpose of demonstrating compliance with regulatory requirements or enquiries mentioned above. |
When we process your personal data to meet our legitimate interests, we do so only where necessary and proportionate for the specific purpose and in balance with your fundamental rights and freedoms.
4. Sharing Your Personal Data
Your personal data may be shared with other companies within the Ryanair Group in particular with recruiters and interviewers, HR managers and managers responsible for making decisions in connection to the recruitment process, including individuals performing administrative functions and IT personnel on a need-to-know basis, and only to the extent necessary to perform their jobs.
We may also share your personal data with the following third parties for the purposes described in this Privacy Policy:
- SAP, as the third-party provider of our applicant tracking system. SAP processes Candidate Data relating to your job application and provides tools for the management and review of applications;
- Third party recruitment agencies we contracted to assist us in identifying, recruiting and assessing job applicants. We share Candidate Data for this purpose via our recruiting software system;
- Third party employee background check service providers for the purpose of administering and evaluating pre-employment screening and testing including checking credit history, employment history, driving records and criminal records, if relevant to the position. We share Candidate Data including Criminal Data with these third party service providers for this purpose; and
- Any regulatory body or other organisation which investigates complaints relating to a job applicant’s employment or recruitment, or which regulates employment or equality legislation. We will share Candidate Data, Special Category Data and Criminal Data to the extent that it relates to a complaint which is raised by you to one or more of these bodies, in order to engage with and resolve such a complaint. We will also share personal data with our legal advisors in such cases.
We prohibit our third party providers from using your personal data for any purpose otherwise than in accordance with this Privacy Policy. We require all third parties processing personal data on our behalf to have appropriate technical and operational security measures in place to protect your personal data, in line with applicable Data Protection Laws.
We further require that these third parties do not share your personal data with other third parties without our consent and without guaranteeing adequate security standards and that they will hold your personal data securely and retain it for the period we instruct, or as required by law.
5. Transferring your personal data to other jurisdictions
Ryanair recruits in multiple jurisdictions, some of which are not located in the European Economic Area (EEA) such as Morocco and the UK. While countries outside the EEA do not have the same data protection laws, we require all partners and services providers to process your information in a secure manner and in accordance with GDPR requirements and mainly rely on European Commission approved standard contractual clauses that ensure protection for your data even when it leaves the EEA. To learn more about the “controller to processor” standard contractual clauses relied upon by Ryanair, see here.
To the extent that your personal data is transferred outside the EEA, we mainly rely on:
- the UK adequacy decision when transferring personal data to the UK (linked here).or
- for all other transfers outside the EEA by putting in place the standard contractual clauses as approved by the European Commission or other supervisory authority.
6. How long we keep your Personal Data
If you are successful, your Candidate Data, Special Category Data and Criminal Data will be securely retained by us as part of your employee file for the duration of your employment plus 7 years following the end of your employment.
If you are unsuccessful at any stage of the recruitment process, your Candidate Data, Special Category Data and Criminal Data will be securely retained for 18 months from the closure of the recruitment campaign. We retain your information in case any queries or issues arise in relation to the recruitment process, and we need the information to respond to such issues or queries. We may also use this data to contact you if a suitable position were to arise with Ryanair within that time period only if you have given your consent to receive such communications during the application/sign up process and have not opted out.
If you choose to sign up to our Talent Pool, we will retain your Identity Data and Recruitment Data for 18 months from the moment of providing consent.
If you wish to suspend your candidate account/profile, we will retain your personal data for 18 months after your last login. However, 1 month before the end of this period, we will send you an e-mail prompt to confirm if you would like to keep your account active. Your account will be removed permanently in the normal course, where no response is received to reduce duplications of accounts and ensure fair recruitment process.
If your account is inactive for 18 months from the date you last accessed your account, we will automatically delete your account from our database. We will notify you 30 days in advance of your account being deleted.
7. Profiling and automated decision making
‘Automated Decision Making’ refers to a decision based solely on automated processing of your personal data which produces legal effects or significantly impacts you. This means processing using, for example, software code or an algorithm, which does not require human intervention. ‘Profiling’ means using automated processes your personal data in order to evaluate certain personal aspects such as your behaviour or to predict things about you.
Ryanair is committed to fair and equitable recruitment processes and will endeavour to always have a human involved in an automated process. We do not make decisions based solely on automated process of your personal data, which produces legal effects or significantly impacts you.
8. Security of your Personal Data
We are committed to ensuring the security and confidentiality of your personal data. Taking into account the nature of your personal data and the risks of processing, Ryanair has put in place appropriate technical and organisational methods as required by applicable legal provisions to secure Candidate Data in accordance with applicable laws and to ensure a level of security to prevent any accidental or unlawful destruction, loss, alteration, disclosure, intrusion of or unauthorized access to your personal data.
9. Cookies and site tracking
We use cookies on our website. Ryanair DAC is the data controller of any information we obtain from the use of cookies. Please refer to our Cookie Policy and cookie preference centre.
10. Your Data Protection Rights
The GDPR and other data protection laws give you specific rights in relation to your personal data. Details of these rights and how to exercise them are set out below.
Your rights include the following:
- Request access to your personal data (commonly known as a “data subject access request”). This enables you to receive confirmation as to whether we are processing your personal data and a copy of such personal data so you can check that we are lawfully processing it. If you wish to access other personal data we hold about you other than what is in your myRyanair account, then you can use our webform. We may not be able to provide you access to the data when it involves information relating to others who have not consented to the disclosure of their information. We will also have to verify your email address before we can send the data to the email address provided in the request.
- Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
- Request erasure of your personal data. This enables you to ask us to delete or remove personal information where there is no legal basis for us to continue processing it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below).
- Object to processing of your personal data where we are relying our legitimate interest and there is something about your particular situation which makes you want to object to processing on this ground. We will process your request unless we require your data for dealing with legal claims or we have compelling legitimate grounds for the processing which override your interests, rights and freedoms.You also have the right to object where we are processing your personal information for direct marketing purposes. This will remove you from our marketing databases and you will no longer receive direct marketing emails from us.
- Request the restriction of processing of your personal data. This enables you to ask us to suspend the processing of personal information about you in limited circumstances, for example if you want us to establish its accuracy or the reason for processing it.
- Request transfer of your personal data in an electronic and structured form to you or to another party (commonly known as a right to “data portability”). This enables you to obtain your data from us in an electronically useable format and to be able to transfer your data to another party in an electronically useable format. This right is only available where the processing is carried out by automated means and and where you have either consented to processing, or where processing is conducted on the basis of a contract.
- Withdraw consent. In the limited circumstances where you may have provided your consent to our processing of your personal data for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. Once we have received notification that you have withdrawn your consent, we will no longer process your data for the purpose or purposes you originally consented to. Withdrawal of consent shall not affect the lawfulness of the processing based on consent before the withdrawal.
If you want to exercise any of these rights, please submit your request through Ryanair’s dedicated web-form which is available here. We have also appointed a DPO to monitor Ryanair’s compliance with applicable data protection laws, which can be contacted by e-mail: dpo@ryanair.com.
You will not have to pay a fee to access your personal information (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.
We may need to request specific information from you to help us confirm your identity or to facilitate any of your other data subject rights listed above. This is another appropriate security measure to ensure that personal data is not disclosed to any person who does not have a right to receive it.
In addition, you always have the right to make a complaint at any time to a supervisory authority. The Irish Data Protection Commissioner (“DPC”) is the lead data protection supervisory authority for Ryanair so please aware that your complaint may be transferred to the DPC where it involves cross border processing. As Ryanair DAC in Ireland is the data controller for all processing of customer data, most complaints involve cross border processing as they are the result of decisions made by Ryanair DAC in Ireland.
11. Changes to this Recruitment Privacy Policy
Our Recruitment Privacy Policy may change from time to time and any changes will be posted on this page.
This Recruitment Privacy Policy is effective as of 9 May 2025.
12. Contact Us
If you have any further questions about this policy or how we handle your personal data, which are not dealt with here, please get in touch with us by writing to our Data Protection Officer at Ryanair Head Office, Airside Business Park, Swords, County Dublin, Ireland or emailing our DPO at DPO@ryanair.com.