Recruitment Privacy Notice

    Effective Date: 28 August 2018

    INTRODUCTION

    This Privacy Notice describes the ways in which Squire Patton Boggs (“the Firm,” “we”, “us”) processes and protects the personal data of prospective partners and employees1 (collectively, “Applicants1”) who submit applications for consideration and processing by any of our European Union (“EU”) offices or affiliated legal entities (“our EU Offices”).

    We are a global law firm operating under a Swiss verein structure that comprises Squire Patton Boggs (UK) LLP, Squire Patton Boggs (US) LLP, Squire Patton Boggs (AU) and other constituent legal entities.  A full description of our organisation can be found on the Legal Notices page on our website.

    As a law firm, we take our responsibilities and obligations to protect the personal data of our potential personnel very seriously.  We have a robust information security management program in place to protect the personal data and other information that we process, and have achieved ISO27001 certification of the Firm’s technical and organisational controls across a broad spectrum of systems and processes.  These measures are monitored, reviewed and regularly enhanced in order to meet our professional responsibilities and the needs of our clients.

    In line with the transparency requirements of Articles 13 and 14 of the EU General Data Protection Regulation (“GDPR”), this Privacy Notice sets out the following information:

    1. Identification of the Data Controller;
    2. Contact Details of our Data Protection Officer;
    3. Sources of Personal Data;
    4. Categories of Personal Data Processed; Purposes and Legal Bases for the Firm’s Processing of Personal Data;
    5. Retention of Personal Data;
    6. How We Share Your Data within the Firm and with Third Parties;
    7. International Transfers of Persona Data; and
    8. Rights of Individuals in Relation to their Personal Data.

    For the definition of certain terms used in this Privacy Notice, please refer to Annex 1.

    1. IDENTIFICATION OF THE DATA CONTROLLER

    The relevant data controller for your personal data is the Squire Patton Boggs EU Office to which you have submitted your application.

    Our EU Offices form part of, or are otherwise associated with, either Squire Patton Boggs (UK) LLP or Squire Patton Boggs (US) LLP.  A list of each of the Firm’s EU Offices, the associated Squire Patton Boggs partnership and relevant contact details are provided in Annex 2 to this Privacy Notice.

    Our EU Offices operate as joint controllers in regard to some processing activities relating to the personal data of Applicants, and each of our EU Offices is responsible for making this Privacy Notice accessible to Applicants for positions with their offices or other offices of the Firm.  Our EU Offices will collaborate with one another and with other offices of the Firm, as necessary, to address requests by data subjects to exercise their rights under the GDPR, as set out in Section 8 below.

    The main establishment for all of our EU offices for purposes of compliance with the GDPR is Squire Patton Boggs (UK) LLP, 7 Devonshire Square, London EC2M 4YH, England.

    2. CONTACT DETAILS OF OUR DATA PROTECTION OFFICER

    Squire Patton Boggs has elected to appoint a Data Protection Officer (“DPO”) who acts on behalf of all of our EU Offices to support the Firm’s GDPR compliance efforts in relation to the processing of personal data concerning potential personnel, clients and business contacts.

    The contact details for our DPO are as follows:

    By post:           

    Data Protection Officer
    Squire Patton Boggs
    7 Devonshire Square
    London EC2M 4YH
    England

    By email:         DataProtectionOfficer@squirepb.com

    Please direct all general communications or queries relating to this Privacy Notice or the Firm’s compliance with the GDPR to our DPO.  With regard to the exercise of data subject rights under the GDPR, a specific email address is provided in Section 8 below for the convenience of individuals wishing to submit a data subject request.

    3. SOURCES OF PERSONAL DATA

    We also sometimes use email to process applications for available positions in the Firm where technically necessary.  This assists us in collecting the personal data of Applicants where use of the Recruitment Platform is not available and also in managing certain practical aspects of our data processing, such as organising interviews and receiving evaluation information.

    Personal data concerning Applicants is generally obtained from three sources, as discussed below.

    Personal Data Provided by You

    The Firm generally collects personal data directly from you (electronically, in writing, or verbally), or via the recruitment agency with which you are associated, including by means of the Recruitment Platform and by email.  The Firm may ask you for information regarding your contact information, experience and qualifications and other information relevant to the recruitment process and the position for which you are applying.

    The Firm will not take responsibility for any personal data provided by you that is outside the requested or permitted range of personal data.  For example, where special categories of personal data are not requested or relevant to the position, we will decline to process the data and delete it from our system.

    Personal Data Generated by the Firm

    The Firm generates derived data from the interviews in which you participate (electronically or verbally, by telephone, face-to-face and digital interviews and assessments) and evaluations provided by those who have interviewed you.

    Personal Data from Third Parties

    The Firm may also obtain personal data from third parties that provide services to the Firm or to you, such as companies that provide recruitment services.  For example, if you apply through a third-party staffing or recruiting firm, we will receive personal data regarding your experience and qualifications from such firms.  We may also use digital platforms hosted by third parties that facilitate recorded video interviews, written questions and answers and skills tests that we administer and evaluate. 

    We may also receive information from referees that you authorise us to contact.  Where permitted or otherwise authorised by applicable laws, information received from third parties may include the results of background checks and referencing.

    Finally, we may also obtain personal data from the public areas of third-party professional social networks and websites, for example LinkedIn, Xing or professional directories.

    4. CATEGORIES OF PERSONAL DATA PROCESSED, PURPOSES AND LEGAL BASIS FOR THE FIRM’S PROCESSING OF PERSONAL DATA

    The Firm processes various categories of personal data for the purposes discussed above and identified in this section.  Our legal basis for doing so will vary with the type of data processing activity involved, and will typically include the following:

    • where necessary for the Firm to carry out its responsibilities under the partnership agreement or employment contract which we are discussing and/or negotiating with you;
    • where necessary for the Firm to pursue its legitimate interests or those of our clients, provided that those interests are not overridden by your interests, fundamental rights and freedoms;
    • where necessary for the Firm to comply with its legal obligations; or
    • on the basis of your consent.

    To the extent not addressed below, we will point out, at the time of data collection, if the processing of your personal data by the Firm is a statutory or contractual requirement, whether you are obligated to provide the personal data and the possible consequences of your failure to do so.  In circumstances where consent is the basis for the Firm to process your personal data, we will request this from you at the point of data collection.

    The Firm processes your personal data to carry out its recruitment activities in order to attract new talent to the Firm, including partners, associates and staff as well as independent contractors and consultants.

    The categories of personal data that the Firm processes about you, for the purpose of recruitment, include the following:

    Initial Screening of Applications

    Nature of data:

    We may use your personal data to:

    Our lawful basis for doing so is:

    Our legitimate interests in doing so are to:

    Identification data (i.e. name, mobile telephone number, email address)

    Contact you about your application to us

    Our legitimate business interests

    Allow appropriate assessment of applications and selection of suitable Applicants for roles with the Firm

    CV/Résumé (or profile on professional social online networks or professional websites) which includes details of your qualifications (professional and otherwise), experience, employment history (including job titles, salary and benefits packages and any relevant working hours), interests, information about your previous academic history and qualifications including professional certifications and credentials, language skills

    Consider your qualifications, skills and experience to ensure they are suitable for the position

    Our legitimate business interests

    Allow appropriate assessment of applications and selection of suitable Applicants for roles within the Firm

    Details of your right to work in the location for which you are applying

    Ensure that you have the right to work in the country you have applied to work in

    Legal obligation

    n/a

     

    Further Data Which May Be Requested During Applicant Assessment and Selection

    Nature of data:

    We may use your personal data to:

    Our lawful basis for doing so is:

    Our legitimate interests in doing so are to:

    Detailed evidence of your relevant skills and details of your previous experiences and the career choices you have made (usually assessed as part of a digital assessment or at a face-to-face or telephone interview)

    Consider your suitability for the position

    Our legitimate business interests

    Allow selection of suitable Applicants for vacancies within the Firm

    Residential addresses (current and, in some cases, previous) and background checks

    Consider your  background and history

    Our legitimate business interests

    Ensure that senior hires within the Firm are qualified and able to assume financial responsibilities of participation in the Firm

    For more senior fee earning Applicants: details of prior and, where pertinent, projected client base and activity including details of acting for any parties that are adverse to our Firm or its predecessor firms

    Evaluate the business case and consider whether potential clients might pose a conflict of interest

    Our legitimate business interests

    Protect the Firm’s commercial interests

    For more senior fee earning Applicants: details of fiduciary positions, directorships and trusteeships held, together with ownership interests in any client

    Consider whether your personal business interests are compatible with those of the Firm

    Our legitimate business interests

    Protect the Firm’s commercial interests

    Details of bar admissions and relevant reference numbers

    Consider your suitability for the position

    Legal obligation

    n/a

    For more senior fee earning Applicants: details of involvement in administrative proceedings, arbitrations, civil court actions

    Consider your financial background and history

    Our legitimate business interests

    Ensure that senior hires are qualified and able to assume the financial responsibilities of participation in the Firm

     

    Further Data Which May Be Requested Prior to Start of Employment

    Nature of data:

    We may use your personal data to:

    Our lawful basis for doing so is:

    Our legitimate interests in doing so are to:

    References from clients (for senior hires only)

    Consider whether you have the skills and experience suitable for the position

    Our legitimate business interests

    Allow selection of suitable senior Applicants for open positions

     

    Special Categories of Data (requested in the UK only)2

    Nature of data:

    We may use your personal data to:

    Our lawful basis for doing so is:

    Our legitimate interests in doing so are to:

    Gender, age bracket, free school meals, name of secondary school, whether first in family to attend university, if primary carer for a child, if carer for others (including if registered carer), race, ethnic origin, sexual orientation, religion or belief, disability status, refugee and asylum seeker status, whether day-to-day activities are limited by a health problem

    Provide anonymised diversity and equality reporting to the Solicitors Regulatory Authority and to other relevant organisations, and measure the results of our Firm diversity and inclusion strategies

    As authorised by DPA 2018

    n/a


    5. RETENTION OF PERSONAL DATA

    The Firm retains your personal data for the period necessary to fulfil the purposes set out in this Privacy Notice or as required by applicable law or in order to establish, exercise or defend potential legal claims or to pursue our legitimate interests.

    It is our general policy to retain potential personnel records until the end of Firm’s recruitment process regarding your application, extended to cover the relevant statutory period or for the duration of any relevant legal proceedings. More specifically, your personal data will be retained as follows:

    If you submit your own personal data and are an unsuccessful Applicant:

    • Your personal data will be deleted in its entirety after the expiration of 90 days following the conclusion of the recruitment process for the role for which you have applied, unless you tell us that you are happy for us to retain your data for a further 90 days in case a suitable opportunity arises in the future.
    If you apply via a third-party staffing or recruiting company and are an unsuccessful Applicant:
    • Your personal data will be deleted after the expiration of 90 days following the conclusion of the recruitment process for the role for which you have applied, save that your name, email address and the name of the agency that submitted your name will be retained for 12 months.  This is to enable us to meet our contractual obligations with the third-party staffing and recruiting company that referred you to us.

    We delete any introductory communications that we may have with you via social media sites, such as LinkedIn, within one month following of the close of our dialogue with you using such sites. 

    6. HOW WE SHARE YOUR PERSONAL DATA WITHIN THE FIRM AND THIRD PARTIES

    The ways in which we share personal data relating to Applicants among our EU Offices and our other offices worldwide, and also with trusted third-party vendors and business partners, are set out below.

    Intra-Group

    Relevant personal data of Applicants is shared with authorized Firm personnel in and outside of the EU, including selected interviewers and, where relevant to a particular Applicant, members of the Global Board, the Legal Personnel Committee, the relevant Practice Group Leader or the Director of business unit, the Office Managing Partner, relevant Industry Group Leader, relevant HR and Finance personnel and others involved in managing the Firm and administering its hiring and compensation policies in a fair and coordinated manner across all of our offices and practice groups worldwide.

    For all hires we use:

    • The Firm’s dedicated Recruitment Platform, which holds the personal data that you or the recruitment agency that has introduced you to us submit in your initial application to the Firm.  This platform is hosted by the Firm in the United States and is used to manage the information you provide us in a secure manner.
    • The Firm’s internal management platform which allows us to gain approval to make individual hires, and which holds individuals’ names, educational background, professional background and proposed salary details.  This is hosted by the Firm in the United States.
    • Various other multiple use systems such as email systems, conflict management systems, finance systems, our digital assessment platform and HR management systems that are used for the purposes of communications and general business management, which are hosted by the Firm on servers located within the EEA and in the United States.
    Third Parties

    Our EU Offices also share the personal data of Applicants with trusted service providers (processors) pursuant to contractual arrangements with them, which will include appropriate safeguards to protect any personal data that we share with them.  The data recipients may include, for example, IT service providers, talent management software providers, HR information systems and referencing and background check firms.

    Your personal data may also be shared with the Firm’s business partners, acting as independent data controllers, to provide services to you and, in some cases, your family members.  These companies may include, for example:  recruitment agencies; accountants; banks involved in processing expense reimbursements; telecommunications and conference companies; relocation firms; travel agencies, hotels, airlines, car rental agencies and other companies involved in providing corporate travel services.

    7. INTERNATIONAL TRANSFERS OF PERSONAL DATA

    Intra-Group

    Due to the global nature of our operations, your personal data may be transferred to and shared with authorised Firm personnel in offices outside the EU.  The transfers are protected by means of international data transfer agreements that incorporate the Standard Contractual Clauses approved by the European Commission.  You may request a copy of the Firm’s EU Standard Contractual Clauses by contacting the DPO as indicated in Section 2 above.

    Third Parties

    Some of the third parties with which we share your personal data are located outside the EEA.  Unless the recipients are located in countries (or certified under schemes such as the EU-US Privacy Shield Framework) that have been deemed adequate by the European Commission, we will put in place data transfer agreements based on the applicable EU Standard Contractual Clauses or rely on other available data transfer mechanisms (e.g., Binding Corporate Rules or approved Certifications or Codes of Conduct) to protect personal data that is transferred to recipients outside the EU.  In exceptional cases, we may rely on statutory derogations for international data transfers.

    You may request a copy of the Firm’s EU Standard Contractual Clauses or other relevant international transfer documentation by contacting the DPO as indicated in Section 2 above.

    8. RIGHTS OF INDIVIDUALS IN RELATION TO THEIR PERSONAL DATA

    The GDPR and other applicable EU and Member State data protection laws provide certain rights to data subjects in relation to their personal data.  These include the rights to:

    • request details about the personal data that we process, and obtain a copy of the data that we hold about them;
    • correct or update their personal data;
    • transmit personal data that the data subject has provided to us, in machine readable format, to another party;
    • erase the data that we hold about them;
    • restrict or object to a processing activity; and
    • object to processing:
      • if based on grounds relating to the individual’s particular situation, where the processing is based on the legitimate interest of Squire Patton Boggs; or
      • where personal data is being processed for direct marketing purposes; and
    • decline to consent or withdraw your consent, if consent is the basis for processing your personal data.

    In some cases, the exercise of these rights (for example, erasure, objection, restriction or the withholding or withdrawing of consent to processing) may make it impossible for us to achieve the purposes identified in Section 4 of this Privacy Notice in relation to your potential employment or partnership with the Firm.

    To assist us in complying with our obligation to maintain the accuracy of your personal data, please notify us in writing of any changes to your personal data by updating your information using the Recruitment Platform or contacting the Resourcing Team.  Where you have notified us or we otherwise become aware of an inaccuracy in your information, we will take appropriate steps to rectify the inaccuracy.

    The Firm’s response to data subject action requests (“DSARs”) in regard to the exercise of their rights under the GDPR is overseen by an internal team consisting of the DSAR Manager, the Office of General Counsel, the DPO and other professionals needed to respond to the particular request.

    Any individual wishing to assert his or her rights under the GDPR should address the relevant request to:

    By post:          

    DSAR Manager
    Squire Patton Boggs (UK) LLP
    Room 4.65
    6 Wellington Place
    Leeds LS1 4AP
    England

    By email:         DataSubjectRequests@squirepb.com

    Further information and a form that you can use at your discretion to exercise your rights may be downloaded using this link.

    You also have the right to submit a complaint concerning the processing of your personal data to the appropriate supervisory authority.



    Annex 1

    Definitions

    Applicant

    as defined in the Introduction to this Privacy Notice.

    Data Controller or Controller

    means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.

    Data Protection Laws

    means the GDPR and the relevant national implementing legislation.

    Employees

    includes full-time employees, part-time employees, temporary employees, reinstated employees, rehired employees and retired and former employees.

    GDPR

    means the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (Text with EEA relevance).

    Personal Data

    means any information relating to an identified or identifiable natural person (“data subject”); an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

    Processing

    means any operation or set of operations performed on personal data or on sets of personal data, whether or not by automated means (e.g., computers), such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

    Partner

    means an individual authorised by the Firm to use the title of partner.

    Potential Personnel

    means (for the purposes of this Privacy Notice) potential employees and/or partners, as well as independent contractors or consultants.


    Annex 2

    Squire Patton Boggs Branch Offices and Legal Entities in the European Union

    Squire Patton Boggs (UK) LLP

    7 Devonshire Square
    London EC2M 4YH
    England

    Branch offices of Squire Patton Boggs (UK) LLP

    Squire Patton Boggs (UK) LLP
    Rutland House
    148 Edmund Street
    Birmingham B3 2JR
    England

    Squire Patton Boggs (UK) LLP
    Avenue Lloyd George, 7
    1000 Brussels
    Belgium

    Squire Patton Boggs (UK) LLP
    6 Wellington Place
    Leeds LS1 4AP
    England

    Squire Patton Boggs (UK) LLP
    Plaza Marques de Salamanca 3-4, 7th Floor
    28006 Madrid
    Spain

    Squire Patton Boggs (UK) LLP
    No 1 Spinningfields
    1 Hardman Square
    Manchester M3 3EB
    England

    Squire Patton Boggs (US) LLP
    7 Devonshire Square
    London EC2M 4YH
    England

    Branch offices of Squire Patton Boggs (US) LLP

    Squire Patton Boggs (US) LLP
    Avenue Lloyd George, 7
    1000 Brussels
    Belgium

    Squire Patton Boggs (US) LLP
    Rechtsanwälte, Steuerberater und Attorneys-at-Law
    Unter den Linden 14
    10117 Berlin
    Germany

    Squire Patton Boggs (US) LLP
    Rechtsanwälte, Steuerberater und Attorneys-at-Law
    Herrenberger Straße 12
    71032 Böblingen
    Germany

    Squire Patton Boggs (US) LLP
    Rechtsanwälte, Steuerberater und Attorneys-at-Law
    Eurotheum, Neue Mainzer Straße 66-68
    60311 Frankfurt am Main
    Germany

    Other constituent legal entities

    Squire Patton Boggs Park Lane Limited
    Rutland House
    148 Edmund Street
    Birmingham B3 2JR
    England
    Advokátska kancelária

    Squire Patton Boggs s.r.o.
    Zochova 5
    811 03 Bratislava
    Slovak Republic
    Wilkinson European Community Jurist Office

    Squire Patton Boggs (US) LLP
    Roosevelt Irodaház
    Széchenyi István tér 7-8.
    Budapest 1051
    Hungary

    Haussmann Associés SELARL trading under the name Squire Patton Boggs
    7, rue du Général Foy
    75008 Paris
    France

    Squire Patton Boggs s.r.o.,
    advokátní kancelář
    Václavské náměstí 813/57
    110 00 Prague 1
    Czech Republic

    Squire Patton Boggs Święcicki Krześniak sp.k.
    Rondo ONZ 1
    00-124 Warsaw
    Poland


    [1]  Solely for the purposes of this Privacy Notice, the term “Applicant” may also be construed to include individuals applying to provide us with relevant services as independent contractors or consultants.

    [2]  We only request and collect Special Categories of Data from UK Applicants, and the provision of such data is optional, with no impact on our consideration of the application.  Any data that you choose to provide is used for statistical purposes in line with UK legislation (and as outlined in our Equal Opportunities Data Policy).