Prospective Personnel Data Protection Notice - London
ABOUT THIS NOTICE
The purpose of this notice is to make you aware of the basis on which any personal data Proskauer Rose (UK) LLP (referred to as “Proskauer”, “we”) collect about you, or that you provide to us (either directly or indirectly), will be processed by us.
We collect and hold personal data (on paper, electronically, or otherwise) about prospective personnel for the purposes set out in this notice. We recognise the need to treat your personal data in an appropriate and lawful manner. This notice is non-contractual and may be amended at any time. This version was last updated on 21 May 2018.
PURPOSE AND THE LAWFUL BASIS OF THE PROCESSING
In the course of our exchanges (as well as from recruiters and other third parties or publically available sources), we will collect and process (which means doing anything with the data, such as obtaining, using, holding, amending, disclosing, deleting, destroying, storing and transferring the data in any way) personal data (which is any information we hold about a living individual from which that individual can be identified for example, the contents of your CV, our notes of any interviews or discussions or your responses to any questions we may ask you during our recruitment processes) we receive from you, either directly or indirectly (for example, either on your own account, or through a recruitment consultant, by completing application forms or by corresponding with us by mail, phone, email or otherwise):
in order to take preparatory steps to potentially enter into a contract with you, so that we can evaluate your suitability for a role at Proskauer;
for compliance with a legal obligation as a potential future employer; or
for our legitimate interests or the legitimate interests of others (including legal, investigatory, personnel, administrative and management purposes).
We will endeavour not to keep your personal data in a form that allows you to be identified for any longer than is reasonably necessary for achieving the permitted purposes (which, where you do not become a member of Proskauer personnel, will usually mean for no longer than three years). This means that we will endeavour to destroy or erase personal data from our systems or anonymise it when it has reached this retention period. If you do join Proskauer, retention of your personal data will be subject to internal personnel retention periods.
PROCESSING IN LINE WITH YOUR RIGHTS
In certain circumstances, you may have the right to:
request access to any personal data we hold about you;
object to the processing of your data;
ask to have inaccurate data held about you amended or updated;
ask to have your data erased or to restrict processing in certain limited situations;
request the porting of your personal data to another organisation in control of your personal data; and/or
object to any decision that significantly affects you being taken solely by a computer or other automated process.
If you wish to make a formal request for information we hold about you, you must do so in writing to the Director of Professional and Administrative Resources – London Office, at our London Office address as set out on our website: Proskauer.com.
You also have the right to lodge a complaint with the UK’s data supervisory authority, the ICO.
Maintaining data security means seeking to guarantee the confidentiality, integrity and availability (for authorised purposes) of the personal data. We will seek to ensure that appropriate measures are taken against unlawful or unauthorised processing of personal data, and against the accidental loss of, or damage to, personal data.
We have in place procedures and technologies which seek to maintain the security of all personal data from the point of collection to the point of destruction. We will only transfer personal data to a third party in the limited instances set out below.
DISCLOSURE AND SHARING OF PERSONAL INFORMATION
For the purposes of this section, the “Firm” shall mean each and all of Proskauer Rose LLP, a New York registered limited liability partnership; Proskauer Rose (UK) LLP, an English registered limited liability partnership and Proskauer Rose LLP - Consultores Em Direito Estrangeiro/Direito Norte-Americano E Direito Inglês, a Brazilian partnership, together with their respective branches and affiliated offices.
We may share personal data we hold with any entity, branch or office constituting part of the Firm. It will also be shared with relevant personnel within the Firm for the purposes described in this notice.
We may also disclose personal data we hold to certain third parties, including legal advisers, experts, translators, law enforcement authorities, regulators, recruitment agencies, background check agencies, potential referees, government authorities, benefit administrators, payroll providers, accountants, adverse parties who have a legal right to receive such information and their counsel and experts. We will disclose this data:
in order to comply with legal governmental and/or regulatory processes or obligations, conduct internal reviews, and address potential risk or harm to the Firm and/or our personnel;
to enforce or apply any contract with you or other agreements;
to protect our rights, our property or the safety of our personnel or others; and
in order for authorized third party providers to conduct payroll processing or benefits administration or to carry out reference checks and/or background checks or for the purposes of recruitment.
In the event that we sell or buy any business or assets, we may disclose personal data we hold to the prospective seller or buyer of such business or assets. In addition, if all or substantially all of our assets are acquired by a third party, the personal data we hold will be one of the transferred assets.
We will take all steps reasonably necessary to ensure that your personal data is treated securely and in accordance with this notice and applicable laws.
TRANSFERRING PERSONAL DATA TO A COUNTRY OUTSIDE THE EEA
Personal data may be transferred outside of the EEA to any constituent entity, branch or office of the Firm or to other third party service providers as set out above, provided that certain conditions as set out in the applicable legislation are complied with.
We will require that there is an adequate level of protection for the personal data under applicable law and that appropriate technical and organizational security measures are in place to protect personal data against accidental or unlawful destruction, accidental loss or alteration, unauthorized disclosure or access and against all other unlawful forms of processing.
The constituent entities of the Firm are parties to a data transfer agreement and we will (i) keep that document up to date with current law, and (ii) only engage in data transfers in accordance with such an agreement or an alternative means of transfer in compliance with data protection legislation.