This Applicant Data Protection Notice (“Notice”) explains how Sidley Austin LLP and affiliated partnerships (the “Firm”, “we”, “us” and “our”) process personal data (i.e., information that directly or indirectly identifies you) pertaining to individuals who apply for a position or role at the Firm’s Brussels office (“Applicants”, “your”, “your”). For purposes of EU data protection legislation, Sidley Austin (CE) LLP Brussels Branch, located at Rue Montoyer 51, 1000 Brussels, Belgium is the data controller responsible for your personal data. This Notice covers Applicants who are applying for a role as employee as well as a self-employed lawyer or consultant with the Firm’s Brussels office.
Personal Data We Collect. We collect certain personal data with respect to Applicants directly from the Applicant when you apply (by sending us an e-mail at firstname.lastname@example.org) and visit our offices, but also receive your personal data from non-publicly accessible sources such as external recruitment agencies and background check vendors. Personal data collected and processed may include: (i) contact information (e.g., name, home and business address, phone numbers and email addresses); (ii) personal information (e.g., date of birth, nationality); (iii) employment and educational history (CV, references and organizational data such as department, work location, job title and seniority); and (iv) any other information which may be voluntarily disclosed by the Applicant in the course of the application process. Where the Firm carries out background checks on Applicants this may involve the processing of sensitive personal data. Where we process your sensitive data, we will only do so with your explicit consent or as permitted or required by law. As part of our background check process, we may also process your criminal record data where such processing is specifically authorized or required by law.
Use of Applicant Personal Data. The provision of personal data by an Applicant is necessary for the Firm to consider the Applicant for employment or engagement. If the Applicant does not provide the personal data, we are not able to proceed with the application and consider you for a position. We process the Applicant’s personal data to consider an Applicant for a specific position or role in accordance with the Firm’s recruitment process. Our processing of the personal data is based on our compliance with legal obligations, for our legitimate interest to consider the Applicant for a vacancy, in order to take steps prior to entering into a contract with the Applicant, or, in exceptional circumstances, the Applicant’s consent. We have carefully balanced our legitimate interest against your data protection rights. If you wish to obtain more information on the balancing exercise we performed, please contact us by using the contact details below.
Data Retention. In the event we make an offer and the Applicant accepts, your personal data will be held and processed in accordance with our Employee or Lawyer Data Protection Notices and other relevant procedures and policies. In case of a decision not to make an offer, the Firm may retain the personal data of the Applicant for a maximum period of 1 year after the end of the application procedure in order to be able to contact the Applicant if any future job opportunities would seem to match his/her profile. We consider that this is in the legitimate interest of the Firm.
Disclosure to Certain Third Parties. We may disclose certain personal data for the above purposes to the following recipients: (i) to other affiliated partnerships of the Firm, self-employed lawyers engaged by the Firm, service providers (e.g., IT service providers, background checks vendors and external recruitment agencies) and advisors; (ii) to fraud prevention agencies and law enforcement agencies; (iii) to courts, governmental and non-governmental regulators; (iv) or as required or permitted by law, including to comply with a subpoena or similar legal process or government request, or when the Firm believes in good faith that disclosure is legally required or the Firm has a legitimate interest in making a disclosure, such as where necessary to protect the Firm’s rights and property.
Transfer of Personal Data Outside the EEA. The Firm may transfer Applicants’ personal data for the above listed purposes to recipients (including affiliated partnerships) located in countries outside of the European Economic Area (“EEA”), including the U.S., that are not considered by the European Commission to have data protection laws equivalent to those in the EEA. In such a case, the Firm will take all necessary steps to ensure the safety of Applicants’ personal data in accordance with applicable data protection laws. For transfers of personal data from the Firm’s Brussels office to Sidley Austin offices outside of the EEA, controller-to-controller Model Contracts were put in place pursuant to art. 46(2) of the EU General Data Protection Regulation 2016/679. You can request a list of the countries in scope and a copy of the Model Contracts by contacting email@example.com.
Rights of Applicants. Applicants have the right to: (i) request access to and rectification and erasure of their personal data; (ii) obtain restriction of processing of their personal data; (iii) withdraw your consent at any time (without affecting the lawfulness of the processing based on your consent prior to withdrawal); and (iii) ask for a copy of your personal data to be provided to you, or a third party, in a digital format. Applicants also have the right to lodge a complaint about the processing of their personal data with their local supervisory authority. You also have the right to object, at any time, to the processing of your personal data which is based on our legitimate interests.
Automated Decision Making. Automated decisions are decisions about individuals that are based solely on the automated (i.e., computerized) processing of data and that produce legal effects or that significantly affect the individuals involved. As a rule, the Firm does not make use of automated decision-making as described above when considering you for a position at the Firm.
Security. The Firm takes steps to protect Applicants’ personal data against loss or theft, as well as from unauthorized access, disclosure, copying, use or modification, regardless of the format in which it is held.
Updates. We evaluate our privacy notices and procedures to implement improvements and refinements from time to time. If we make material changes to this Notice that affect you, we will notify you by regular communication channels.
Enquiries, Requests or Concerns. All enquiries, requests or concerns regarding this Notice or relating to the processing of Applicant personal data and all requests as detailed in the Rights of Applicants Section above, should be sent to firstname.lastname@example.org. You may also contact our Data Protection Officer at email@example.com.