Recruitment Privacy Notice

Recruitment Privacy Notices

This Recruitment Privacy Notice applies only to prospective partners and employees who submit applications for consideration by any of our United Kingdom or European Union (“UK or EU”) offices or affiliated legal entities (“our UK or EU Offices”).  California residents submitting applications to any of our US offices should refer to our Notice at Collection for California Applicants.

 

French / German / Slovak / Spanish / Printer Friendly

This Privacy Notice, which is effective as of 1 January 2021, amends the prior version which was effective as of 4 December 2019. The changes made by this Privacy Notice can be found here.



Privacy Notice Regarding Applicant Personal Data Processed by Our UK and EU Offices

Effective Date: 1 January 2021

INTRODUCTION

This Privacy Notice describes the ways in which Squire Patton Boggs (“the Firm,” “we”, “us”) processes and protects the personal data of prospective partners and employees (collectively, “Applicants”) who submit applications for consideration and processing by any of our United Kingdom (“UK”) and European Union (“EU”) offices or affiliated legal entities (“our UK and EU Offices”) in accordance with Applicable Data Protection Law.

We are a global law firm operating under a Swiss verein structure that comprises Squire Patton Boggs (UK) LLP, Squire Patton Boggs (US) LLP, Squire Patton Boggs (AU) and other constituent legal entities.  A full description of our organisation can be found on the Legal Notices page on our website:  www.squirepattonboggs.com.

As a law firm, we take our responsibilities and obligations to protect the personal data of our potential personnel very seriously.  We have a robust information security management program in place to protect the personal data and other information that we process, and have achieved ISO27001 certification of the Firm’s technical and organisational controls across a broad spectrum of systems and processes.  These measures are monitored, reviewed and regularly enhanced in order to meet our professional responsibilities and the needs of our clients.

This Privacy Notice sets out the following information:

  1. Identification of the Data Controller;
  2. Contact Details of our Data Protection Officer ("DPO");
  3. Sources of Personal Data;
  4. Categories of Personal Data Processed; Purposes and Legal Bases for the Firm’s Processing of Personal Data;
  5. Retention of Personal Data;
  6. How We Share Your Data within the Firm and with Third Parties;
  7. International Transfers of Personal Data; and
  8. Rights of Individuals in Relation to their Personal Data.

For the definition of certain terms used in this Privacy Notice, please refer to Annex 1.

  1. IDENTIFICATION OF THE DATA CONTROLLER

    The relevant data controller for your personal data is the Squire Patton Boggs UK or EU Office to which you have submitted your application.

    Our UK and EU Offices form part of, or are otherwise associated with, either Squire Patton Boggs (UK) LLP or Squire Patton Boggs (US) LLP.  A list of each of the Firm’s UK and EU Offices, the associated Squire Patton Boggs partnership and relevant contact details are provided in Annex 2 to this Privacy Notice.

    Our UK and EU Offices operate as joint controllers in regard to some processing activities relating to the personal data of Applicants, and each of our UK and EU Offices is responsible for making this Privacy Notice accessible to Applicants for positions with their offices or other offices of the Firm.  Our UK and EU Offices will collaborate with one another and with other offices of the Firm, as necessary, to address requests by data subjects to exercise their rights under Applicable Data Protection Law, as set out in Section 8 below.

    The main establishment for all of our UK and EU offices for purposes of compliance with Applicable Data Protection Law is Squire Patton Boggs (UK) LLP, Premier Place, 2 & A Half, London EC2M 4UJ, England.


  2. CONTACT DETAILS OF OUR DATA PROTECTION OFFICER

    Squire Patton Boggs has elected to appoint a Data Protection Officer (“DPO”) who acts on behalf of all of our UK and EU Offices to support the Firm’s compliance efforts in relation to the processing of personal data concerning potential personnel, clients and business contacts.

    The contact details for our DPO are as follows:

    By post:

    Data Protection Officer
    Squire Patton Boggs
    2 & A Half Devonshire Square
    London EC2M 4UJ 
    England

    By email:         DataProtectionOfficer@squirepb.com

    Please direct all general communications or queries relating to this Privacy Notice or the Firm’s compliance with Applicable Data Protection Law to our DPO.  With regard to the exercise of data subject rights, a specific email address is provided in Section 8 below for the convenience of individuals wishing to submit a data subject request.


  3. SOURCES OF PERSONAL DATA

    So far as is possible, we use a dedicated, online talent management platform (“Recruitment Platform”) operated by the Firm to collect and process applications of Applicants for available positions in the Firm.  This Recruitment Platform enables us to manage the personal data of Applicants and share it with relevant personnel within the Firm in a secure fashion and in accordance with our obligations under the Applicable Data Protection Law.  We use the Recruitment Platform primarily to structure, store and enable the sharing of any personal data that you provide us within the Firm, as appropriate.  It does not involve any decision-making about Applicants based solely on automated processing or profiling.

    We also sometimes use email to process applications for available positions in the Firm where technically necessary.  This assists us in collecting the personal data of Applicants where use of the Recruitment Platform is not available and also in managing certain practical aspects of our data processing, such as organising interviews and receiving evaluation information.

    We generally obtain personal data concerning Applicants from three sources, as discussed below.

    Personal Data Provided by You

    The Firm generally collects personal data directly from you (electronically, in writing, or verbally), or via the recruitment agency with which you are associated, including by means of the Recruitment Platform and by email.  The Firm may ask you for information regarding your contact information, experience and qualifications and other information relevant to the recruitment process and the position for which you are applying.

    The Firm will not take responsibility for any personal data provided by you that is outside the requested or permitted range of personal data.  For example, where special categories of personal data are not requested or relevant to the position, we will decline to process the data and delete it from our system.

    Personal Data Generated by the Firm

    The Firm generates derived data from the interviews in which you participate (electronically or verbally, by telephone, face-to-face and recorded digital interviews and assessments) and evaluations provided by those who have interviewed you.

    Personal Data from Third Parties

    The Firm may also obtain personal data from third parties that provide services to the Firm or to you, such as companies that provide recruitment services.  For example, if you apply through a third-party staffing or recruiting firm, we will receive personal data regarding your experience and qualifications from such firms.  We may also use digital platforms hosted by third parties that facilitate recorded video interviews, written questions and answers and skills tests that we administer and evaluate. 

    We may also receive information from referees that you authorise us to contact.  Where permitted or otherwise authorised by applicable laws, information received from third parties may include the results of background checks and referencing.

    Finally, we may also obtain personal data from the public areas of third-party professional social networks and websites, for example LinkedIn, Xing or professional directories.


  4. CATEGORIES OF PERSONAL DATA PROCESSED, PURPOSES AND LEGAL BASIS FOR THE FIRM’S PROCESSING OF PERSONAL DATA
  5. The Firm processes various categories of personal data for the purposes discussed above and identified in this section.  Our legal basis for doing so will vary with the type of data processing activity involved, and will typically include the following:

    • where necessary for the Firm to carry out its responsibilities under the partnership agreement or employment contract which we are discussing and/or negotiating with you;
    • where necessary for the Firm to pursue its legitimate interests or those of our clients, provided that those interests are not overridden by your interests, fundamental rights and freedoms;
    • where necessary for the Firm to comply with its legal obligations; or
    • on the basis of your consent.

    To the extent not addressed below, we will point out, at the time of data collection, if the processing of your personal data by the Firm is a statutory or contractual requirement, whether you are obligated to provide the personal data and the possible consequences of your failure to do so.  In circumstances where consent is the basis for the Firm to process your personal data, we will request this from you at the point of data collection.

    The Firm processes your personal data to carry out its recruitment activities in order to attract new talent to the Firm, including partners, associates and staff as well as independent contractors and consultants.

    The categories of personal data that the Firm processes about you, for the purpose of recruitment, include the following:


     

    Initial Screening of Applications

    Categories of personal data:

    We may use your personal data to:

    Our lawful basis for doing so is:

    Our legitimate interests in doing so are to:

    Identification data (i.e. name, mobile telephone number, email address)

    Contact you about your application to us

    Our legitimate interests

    Allow appropriate assessment of applications and selection of suitable Applicants for roles with the Firm

    CV/Résumé (or profile on professional social networks or websites), details of your qualifications and experience, employment history (including job titles, salary and benefits packages and any relevant working hours), interests, information about your academic history, qualifications including professional certifications and credentials, language skills

    Consider your qualifications, skills and experience to ensure they are suitable for the position

    Our legitimate interests

    Allow appropriate assessment of applications and selection of suitable Applicants for roles within the Firm

    Details of your right to work in the location for which you are applying

    Ensure that you have the right to work in the country you have applied to work in

    Legal obligation

    N/A

     

    Further Data Which May Be Requested During Applicant Assessment and Selection

    (All UK and EU Offices)

    Categories of personal data:

    We may use your personal data to:

    Our lawful basis for doing so is:

    Our legitimate interests in doing so are to:

    Detailed evidence of your relevant skills and details of your previous experiences and the career choices you have made (usually assessed at a face-to-face or telephone interview)

    Consider your suitability for the position

    Our legitimate interests

    Allow selection of suitable Applicants for vacancies within the Firm

    Video recording of your responses to interview questions using our digital assessment platform

    Consider your suitability for the position

    Consent

    N/A

    Residential addresses (current and, in some cases, previous) and background checks

    Consider your background and history

    Our legitimate interests

    Assessment of senior hire’s suitability for the position

    For more senior fee earning Applicants: details of prior and, where pertinent, projected client base and activity including details of acting for any parties that are adverse to our Firm or its predecessor firms

    Evaluate the business case and consider whether potential clients might pose a conflict of interest

    Our legitimate interests

    Assessment of senior hire’s suitability for the position

    For more senior fee earning Applicants: details of ownership interests in any client

    Consider whether your personal business interests are compatible with those of the Firm

    Our legitimate interests

    Assessment of senior hire’s suitability for the position

    Details of bar admissions and relevant reference numbers

    Consider your suitability for the position

    Legal obligation

    N/A

     


    Further Data Which May Be Requested Prior to Start of Employment

    (All UK and EU Offices)

    Nature of data:

    We may use your personal data to:

    Our lawful basis for doing so is:

    Our legitimate interests in doing so are to:

    References from clients (for senior hires only)

    Consider your suitability for the position

    Our legitimate interests

    Assessment of senior hire’s suitability for the position

     

    Compliance with Legal and Regulatory Obligations Relating to Employment (UK Offices only)

    In the UK only, we request and collect Special Categories of Data and other personal data relevant to diversity reporting and monitoring from employees and job applicants.  The provision of such data is optional, with no impact on our consideration of the application.  Any data that you choose to provide is used for statistical purposes in line with UK legislation.

    We also collect health information necessary to comply with workplace health and safety regulations and equality and employment rights legislation.

    For certain positions in the Finance department, we may require a basic criminal records check as a condition of employment and annually during employment to comply with anti-money laundering regulations.

    The categories of personal data that the Firm may process about you for the above  purposes, include the following:

     

    Compliance with Legal and Regulatory Obligations Relating to Employment

    (UK Offices only)

    Categories of personal data:

    We may use your personal data to:

    Our lawful bases for doing so are:

     

    Relevant legislation or our legitimate interests:

     

     

     

    GDPR Article 6:

    UK Data Protection Act 2018

     

    Special Categories of Personal Data related to diversity and equality: Race, ethnic origin, sexual orientation, religion or belief, disability status

    Monitor and measure the results of our Firm diversity and inclusion strategies

    Comply with diversity and equality reporting requirements of the Solicitors Regulation Authority and other relevant organisations

    Legal obligation

    Carry out our obligations under employment, social security and social protection law

    UK Data Protection Act 2018 Schedule 1, Part 1, Para 1

    Equality Act 2010;

    Employment Rights Act 1996

    Solicitors Regulation Authority diversity reporting requirements

    Other data for diversity monitoring and reporting: Gender, age bracket, free school meals, name of secondary school, whether first in family to attend university, if primary carer for a child, if carer for others (including if registered carer), refugee and asylum seeker status

    Monitor and measure the results of our Firm diversity and inclusion strategies

    Comply with diversity and equality reporting requirements of the Solicitors Regulation Authority and other relevant organisations

    Legal obligation

    Carry out our obligations under employment, social security and social protection law

    UK Data Protection Act 2018 Schedule 1, Part 1, Para 1

    Solicitors Regulation Authority diversity reporting requirements

    Special Categories of Personal Data: Information concerning health

    To be aware of any medical conditions for Health & Safety reasons;

    To make reasonable workplace adjustments to enable a disabled person to work.

    Legal obligation

    Carry out our obligations under employment, social security and social protection law

    UK Data Protection Act 2018 Schedule 1, Part 1, Para 1

     

    Health and Safety at Work Act 1974;

    Equality Act 2010;

    Employment Rights Act 1996

    Criminal Convictions Data: Details of any unspent criminal convictions recorded against your name by the Courts of England and Wales

    To comply with anti-money laundering regulations and safeguard client monies

    Legitimate interests

    Regulatory requirements relating to unlawful acts and dishonesty

    UK Data Protection Act 2018 Schedule 1, Part 2, Para 12

    and

    Schedule 1, Part 3, Para 36

    To screen for the conduct and integrity of certain employees in the Finance department

    To comply with the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017, Article 21

    Credit Checks: Publicly available information related to financial integrity, including County Court Judgements (CCJ’s), Bankruptcy, Bankruptcy Restriction Orders, Individual Voluntary Arranagments, Fast Track Voluntary Arrangements, Debt Relief Orders, Debt Restriction Orders, Decrees, Sequestration Orders, Notices of Correction

    To comply with anti-money laundering regulations and safeguard client monies

    Legitimate interests

    N/A

    To screen for the conduct and integrity of certain employees in the Finance department

    To comply with the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017, Article 21

     

  6. RETENTION OF PERSONAL DATA

    The Firm retains your personal data for the period necessary to fulfil the purposes set out in this Privacy Notice or as required by applicable law or in order to establish, exercise or defend potential legal claims or to pursue our legitimate interests.

    It is our general policy to retain potential personnel records until the end of Firm’s recruitment process regarding your application, extended to cover the relevant statutory period or for the duration of any relevant legal proceedings. More specifically, your personal data will be retained as follows:

    If you submit your own personal data and are an unsuccessful Applicant:

    • Our policy is to delete your personal data in its entirety after the expiration of 180 days following the conclusion of the recruitment process for the role for which you have applied, unless you tell us that you are happy for us to retain your data for a further 180 days in case a suitable opportunity arises in the future.

    If you apply via a third-party staffing or recruiting company and are an unsuccessful Applicant:

    • Our policy is to delete your personal data after the expiration of 180 days following the conclusion of the recruitment process for the role for which you have applied, save that your name, email address and the name of the agency that submitted your name will be retained for 12 months.This is to enable us to meet our contractual obligations with the third-party staffing and recruiting company that referred you to us.

    We delete any introductory communications that we may have with you via social media sites, such as LinkedIn, within one month following of the close of our dialogue with you using such sites. 


  7. HOW WE SHARE YOUR PERSONAL DATA WITHIN THE FIRM AND THIRD PARTIES

    The ways in which we share personal data relating to Applicants among our EU Offices and our other offices worldwide, and also with trusted third-party vendors and business partners, are set out below.

    Intra-Group

    Relevant personal data of Applicants is shared with authorized Firm personnel in and outside of the EU, including selected interviewers and, where relevant to a particular Applicant, members of the Global Board, the Legal Personnel Committee, the relevant Practice Group Leader or the Director of business unit, the Office Managing Partner, relevant Industry Group Leader, relevant HR and Finance personnel and others involved in managing the Firm and administering its hiring and compensation policies in a fair and coordinated manner across all of our offices and practice groups worldwide.

    For all hires we use:

    • The Firm’s dedicated Recruitment Platform, which holds the personal data that you or the recruitment agency that has introduced you to us submit in your initial application to the Firm.This platform is hosted by the Firm in the United States and is used to manage the information you provide us in a secure manner.
    • The Firm’s internal management platform which allows us to gain approval to make individual hires, and which holds individuals’ names, educational background, professional background and proposed salary details. This is hosted by the Firm in the United States.
    • Various other multiple use systems such as email systems, conflict management systems, finance systems, our digital assessment platform and HR management systems that are used for the purposes of communications and general business management, which are hosted by the Firm on servers located in the UK and in the United States.

    Third Parties

    Our UK and EU Offices also share the personal data of Applicants with trusted service providers (processors) pursuant to contractual arrangements with them, which will include appropriate safeguards to protect any personal data that we share with them.  The data recipients may include, for example, IT service providers, talent management software providers, HR information systems and referencing and background check firms.

    Your personal data may also be shared with the Firm’s business partners, acting as independent data controllers, to provide services to you and, in some cases, your family members.  These companies may include, for example:  recruitment agencies; accountants; banks involved in processing expense reimbursements; telecommunications and conference companies; relocation firms; travel agencies, hotels, airlines, car rental agencies and other companies involved in providing corporate travel services.


  8. INTERNATIONAL TRANSFERS OF PERSONAL DATA

    Intra-Group

    Due to the global nature of our operations, your personal data may be transferred to and shared with authorised Firm personnel in offices outside the UK and the EU.  The transfers are protected by means of international data transfer agreements that incorporate the Standard Contractual Clauses approved by the European Commission.  You may request a copy of the Firm’s EU Standard Contractual Clauses by contacting the DPO as indicated in Section 2 above.

    Third Parties

    Some of the third parties with which we share your personal data are located outside the UK and the EU/EEA.  Unless the recipients are located in countries that have been deemed adequate by the European Commission, we will put in place data transfer agreements based on the applicable EU Standard Contractual Clauses or rely on other available data transfer mechanisms (e.g., Binding Corporate Rules or approved Certifications or Codes of Conduct) to protect personal data that is transferred to recipients outside the EU.  In exceptional cases, we may rely on statutory derogations for international data transfers.

    You may request a copy of the Firm’s EU Standard Contractual Clauses or other relevant international transfer documentation by contacting the DPO as indicated in Section 2 above.


  9. RIGHTS OF INDIVIDUALS IN RELATION TO THEIR PERSONAL DATA

    The Applicable Data Protection Laws and other applicable EU and Member State data protection laws provide certain rights to data subjects in relation to their personal data.  These include the rights to:


    1. request details about the personal data that we process, and obtain a copy of the data that we hold about them;
    2. correct or update their personal data;
    3. transmit personal data that the data subject has provided to us, in machine readable format, to another party;
    4. erase the data that we hold about them;
    5. restrict or object to a processing activity; and
    6. object to processing:

      (i)         if based on grounds relating to the individual’s particular situation, where the processing is based on the legitimate interest of Squire Patton Boggs; or

      (ii)        where personal data is being processed for direct marketing purposes; and

    7. decline to consent or withdraw your consent, if consent is the basis for processing your personal data.

    In some cases, the exercise of these rights (for example, erasure, objection, restriction or the withholding or withdrawing of consent to processing) may make it impossible for us to achieve the purposes identified in Section 4 of this Privacy Notice in relation to your potential employment or partnership with the Firm.

    To assist us in complying with our obligation to maintain the accuracy of your personal data, please notify us in writing of any changes to your personal data by updating your information using the Recruitment Platform or contacting the Resourcing Team.  Where you have notified us or we otherwise become aware of an inaccuracy in your information, we will take appropriate steps to rectify the inaccuracy.

    The Firm’s response to data subject action requests (“DSARs”) in regard to the exercise of their rights under the Applicable Data Protection Law is overseen by an internal team consisting of the DSAR Manager, the Office of General Counsel, the DPO and other professionals needed to respond to the particular request.

    Any individual wishing to assert his or her rights under the Applicable Data Protection Law should address the relevant request to:

    By post:

    DSAR Manager
    Squire Patton Boggs (UK) LLP
    Room 4.65
    6 Wellington Place
    Leeds LS1 4AP
    England

    By email:         DataSubjectRequests@squirepb.com

     

    Further information and a form that you can use at your discretion to exercise your rights may be downloaded using this link.

    You also have the right to submit a complaint concerning the processing of your personal data to the appropriate supervisory authority.

               

     

Annex 1

Definitions

Applicable Data Protection Law means the GDPR, the UK GDPR, the UK Data Protection Act 2018 and any national laws governing the protection of personal data as many be amended from time to time.

Applicant

as defined in the Introduction to this Privacy Notice.

Data Controller or Controller

means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.

Employees

includes full-time employees, part-time employees, temporary employees, reinstated employees, rehired employees and retired and former employees.

GDPR

means the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (Text with EEA relevance).

Personal Data

means any information relating to an identified or identifiable natural person (“data subject”); an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Processing

means any operation or set of operations performed on personal data or on sets of personal data, whether or not by automated means (e.g., computers), such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

Partner

means an individual authorised by the Firm to use the title of partner.

Potential Personnel

means (for the purposes of this Privacy Notice) potential employees and/or partners, as well as independent contractors or consultants.

Special Categories of Personal Datab means personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic data, biometric data (for the purpose of uniquely identifying a natural person), data concerning health or data concerning a natural person's sex life or sexual orientation.
UK GDPR means UK legislation incorporating the provisions of the GDPR into the body of UK law.

 

 

Annex 2

Squire Patton Boggs Branch Offices and Legal Entities in the United Keyboard and the European Union

Squire Patton Boggs (UK) LLP
2 & A Half Devonshire Square
London EC2M 4UJ
England

Branch offices of Squire Patton Boggs (UK) LLP in the UK

Squire Patton Boggs (UK) LLP
Rutland House
148 Edmund Street
Birmingham B3 2JR
England 

Squire Patton Boggs (UK) LLP
6 Wellington Place
Leeds LS1 4AP
England 

Squire Patton Boggs (UK) LLP
No 1 Spinningfields
1 Hardman Square
Manchester M3 3EB
England

Other constituent legal entities in the United Kingdom

Squire Patton Boggs Park Lane Limited
Rutland House
148 Edmund Street
Birmingham B3 2JR
England

Squire Patton Boggs (Australia) LLP 
2 & A Half Devonshire Square
London EC2M 4UJ
England

Branch offices of Squire Patton Boggs (UK) LLP in the European Union

Squire Patton Boggs (UK) LLP
Avenue Lloyd George, 7
1000 Brussels
Belgium

Squire Patton Boggs (UK) LLP
Plaza Marques de Salamanca 3-4, 7th Floor
28006 Madrid
Spain

Squire Patton Boggs (UK) LLP
Via San Raffaele 1
20121 - Milan
Italy 

Squire Patton Boggs (US) LLP
7 Devonshire Square
London EC2M 4YH
England

Branch offices of Squire Patton Boggs (US) LLP in the European Union

Squire Patton Boggs (US) LLP
Rechtsanwälte, Steuerberater und Attorneys-at-Law
Unter den Linden 14
10117 Berlin
Germany

Squire Patton Boggs (US) LLP
Rechtsanwälte, Steuerberater und Attorneys-at-Law
Herrenberger Straße 12
71032 Böblingen
Germany

Squire Patton Boggs (US) LLP
Avenue Lloyd George, 7
1000 Brussels
Belgium

Squire Patton Boggs (US) LLP
Rechtsanwälte, Steuerberater und Attorneys-at-Law
Eurotheum, Neue Mainzer Straße 66-68
60311 Frankfurt am Main
Germany

Other constituent legal entities in the European Union 

Advokátska kancelária
Squire Patton Boggs s.r.o.
Zochova 5
811 03 Bratislava
Slovak Republic

Squire Patton Boggs s.r.o.,
advokátní kancelář
Václavské náměstí 813/57
110 00 Prague 1
Czech Republic

Haussmann Associés SELARL trading under the name Squire Patton Boggs
7, rue du Général Foy
75008 Paris
France

Squire Patton Boggs Krześniak sp.k.
Rondo ONZ 1
00-124 Warsaw
Poland

 


[1] Solely for the purposes of this Privacy Notice, the term “Applicant” may also be construed to include individuals applying to provide us with relevant services as independent contractors or consultants.

 

Back to top