Sidley Austin LLP Applicant Data Protection Notice
This notice is to give job applicants of Sidley Austin LLP, including its affiliated partnerships (collectively, the “Firm”) (“Applicants”) information on how their personal data (i.e., information which directly or indirectly identifies an Applicant) are processed by the Firm when they apply for a role or vacancy with the Firm.
Data That May Be Collected. The Firm may collect certain personal data with respect to Applicants directly from the Applicant but also from external recruitment agencies and background checks vendors. Personal data collected and processed on Applicants include, without limitation: (i) contact information (e.g., name, home and business address, phone numbers, email addresses, emergency contact information); (ii) personal information (e.g., date of birth, nationality); (iii) employment and education history (including internal and external employment history, references and organizational data such as department, work location, job title and seniority); and (iv) any other information which may be voluntarily disclosed by the Applicant in the course of the application process. Where the Firm carries out background checks on Applicants this may involve the processing of sensitive personal data. It may also involve the processing of criminal record data and this will only be processed where such processing is specifically authorized or required by law.
Use of Applicant Personal Data. The provision of personal data by an Applicant may be necessary in order for the Firm to fulfil its legal obligations and where in the legitimate interests of the Firm to consider an Applicant for a role or vacancy in accordance with the Firm’s recruitment process including to carry out background checks. In the event the Firm makes an offer of employment and the Applicant accepts, their personal data will be held and processed by the Firm to the extent necessary for the Firm to fulfil its legal and contractual obligations and where in the legitimate interests of the Firm for the performance of the employment relationship and in line with the Firm’s Employees Privacy Notice.
Disclosure to Certain Third Parties. The Firm may disclose certain personal data for the above purposes to the following recipients: (i) to other affiliates partnership of the Firm, service providers (e.g., IT service providers, background checks vendors and external recruitment agencies) and advisors; (ii) to fraud prevention agencies and law enforcement agencies; (iii) to courts, governmental and non-governmental regulators and ombudsmen; (iv) or as required or permitted by law, including to comply with a subpoena or similar legal process or government request, or when the Firm believes in good faith that disclosure is legally required or the Firm has a legitimate interest in making a disclosure, such as where necessary to protect the Firm’s rights and property.
Transfer of Personal Data Outside the EEA and Switzerland. The Firm may disclose Applicants’ personal data for the above listed purposes to recipients (including affiliated partnerships) located in countries outside of the European Economic Area (“EEA”) and Switzerland, including in the U.S. that do not have data protection laws equivalent to those in the EEA and Switzerland. In such a case, the Firm will take all necessary steps to ensure the safety of Applicants’ personal data in accordance with applicable data protection laws. For transfers of personal data within the Firm to offices outside of the EEA the Firm has put in please Model Contract. You can request a copy of the Model Contracts by contacting dataprotectionadmin@sidley.com.
Rights of Applicants. Under applicable European data protection laws, Applicants may have a right to: (i) request access to and rectification or erasure of their personal data; (ii) obtain restriction of processing or to object to processing of their personal data; and (iii) the right to ask for a copy of your personal data to be provided to you, or a third party, in a digital format. Applicants also have the right to lodge a complaint about the processing of their personal data with their local data protection authority.
Security and Retention. The Firm will take steps to protect Applicants’ personal data against loss or theft, as well as from unauthorized access, disclosure, copying, use or modification, regardless of the format in which it is held. We may retain information provided by Applicants for 6 months for unsuccessful applicants and in line with our procedures and policies if Applicant is hired and his Applicant personal data is transferred to Applicant employee file.
Enquiries, Requests or Concerns.
For the purposes of European data protection laws, the Firm is the data controller of Applicant personal data.
All enquiries, requests or concerns regarding this Notice or relating to the processing of Applicant personal data including all requests as detailed in the Rights of Applicants Section above, should be sent to dataprotectionadmin@sidley.com.or Sidley Austin LLP, 70 St Mary Axe, London, EC3A 8BE.