Arthur Cox LLP (collectively referred to as “Arthur Cox”, “we”, “us” or “our”) are committed to protecting and respecting your privacy. This Privacy Notice sets out the basis on which the personal data collected from you, or that you provide to us, will be processed by us in connection with our recruitment processes.

For the purpose of the General Data Protection Regulation (“GDPR”) Arthur Cox is the controller and is responsible for your personal data. Our full details are on the Contact Us page of our website.

We use online software products provided by third party suppliers to assist with our recruitment process. We will share your personal data with these third parties in order to receive their services. These suppliers are only entitled to process your personal data in accordance with our instructions and for the purposes set out in the table below under the heading ‘Purposes of Processing’.

Where you apply for an opportunity posted by us, this Privacy Policy will apply to our processing of your information, in addition to our general Privacy Notice which is available here.

Your Personal Information

Information we collect from you

Personal data, or personal information, means any information about an individual from which that person can be identified.

We may collect and process some or all of the following types of information from you:

• Identity Data includes information that you provide when you apply for a role. This includes information provided through an online application, via email, in person at interviews and/or by any other method. In particular, we process personal details such as name, date of birth, qualifications, experience and any information relating to your employment history, skills and experience that you provide to us.
• Contact Data includes email address, address, and telephone number. In addition, if you contact us, we may keep a record of that correspondence.
• Technical Data includes details of your visits to our careers website including, but not limited to, traffic data, location data and other communication data, and the site that referred you to our careers website.
• Profile Data includes your username and password, your interests, preferences and feedback.
• Usage Data includes information about how your use our careers website and the resources that you access.

Information we collect from other sources

The online software provided to us by third parties provides us with the facility to link the data you provide to us with other publicly available information about you that you have published on the Internet. This may include sources such as LinkedIn and other social media profiles.

This technology enables us to search various databases, which may include your personal data, to find possible candidates to fill our job openings. Where we find you in this way we will obtain your personal data from these sources.

Uses made of your information

Lawful basis for processing

We rely on legitimate interest as the lawful basis on which we collect and use your personal data. Our legitimate interests are the recruitment of staff for our business.

Purposes of processing

We will only use your personal data when the law allows us to, for example where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.

We have set out below, in table format, a description of all the ways we plan to use your personal data, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate. Note that we may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data. Please contact us if you need details about the specific legal ground we are relying on to process your personal data where more than one ground has been set out in the table below.

Purpose/Activity	Type of data	Lawful basis for processing
To consider your application in respect of a role for which you have applied.	Identity Contact	Necessary for our legitimate interests (recruitment and selection processes)
To consider your application in respect of other roles.	Identity	Necessary for our legitimate interests (recruitment and selection processes)
To communicate with you in respect of the recruitment process.	Identity Contact Profile	Necessary for our legitimate interests (recruitment and selection processes)
To enhance any information that we receive from you with information obtained from third party data providers.	Identity Contact Technical Profile Usage	Necessary for our legitimate interests (recruitment and selection processes)
To find appropriate candidates to fill our job openings.	Identity Contact	Necessary for our legitimate interests (recruitment and selection processes)

Automated decision making / profiling

We may leverage the online software provided to us by our third party suppliers to help us select appropriate candidates for us to consider based on criteria we have identified. The process of finding suitable candidates is automatic, however, any decision as to who we will engage to fill the job opening will be made by our team.

How we store your personal data

Security

We take appropriate measures to ensure that all personal data is kept secure including security measures to prevent personal data from being accidentally lost, used or accessed in any unauthorised way, altered, or disclosed. We limit access to your personal data to those who have a genuine business need to view it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.

We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.

Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted through any online means, therefore any transmission remains at your own risk.

Where we store your personal data

The data that we collect from you and process will be transferred to and stored by our third party suppliers at one of several datacentre locations in the European Economic Area and in the United Kingdom. Where we transfer personal data to the United Kingdom, we do so in reliance on the EU-UK adequacy decision issued by the European Commission on 28 June 2021, which is available here. By submitting your personal data, you agree to this transfer, storing or processing.

How long we keep your personal data

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, and in any event for a maximum period of 12 months from the time of application.

Your legal rights

Under the GDPR you have a number of rights in relation to your personal data, including the right to:

• Request access to your personal data;
• Request correction of the personal data we hold about you;
• Request the erasure of your personal data. We may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request;
• Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party);
• Request the restriction of our processing of your personal data in certain circumstances;
• Request the transfer of your personal data to a third party in certain situations;
• Withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent.

If you would like to exercise any of those rights, please contact us at [email protected], ensuring we have enough information to identify you, proving your identity and address and confirming which information to which your request relates.

You also have the right to make a complaint at any time to the Data Protection Commission, the Irish supervisory authority for data protection issues.