Candidate privacy notice


We’re committed to protecting the privacy and security of candidates’ personal data. This privacy notice describes how we collect and use personal data about you during and after the recruitment process in accordance with the General Data Protection Regulation (GDPR) and the Data Protection Act 2018.

Our philosophy and approach to your personal data is that we will do our best to:

  • comply with relevant data protection legislation and all other applicable laws
  • be open and transparent about how we use your personal data
  • only collect personal data that may be required as part of the recruitment process
  • make sure you can access and exercise your other rights under relevant data protection legislation
  • protect your personal data and keep it secure 
  • train our staff on the importance of privacy and make them aware of the correct processes to follow in relation to privacy and the handling of personal data.

The types of personal information we may collect and hold about you?

Personal data means any information about an individual that can identify that person. It does not include anonymous data. The categories of personal data we may collect and hold about you may include:

  • Personal contact details like your name, title, addresses, telephone numbers, and personal email addresses
  • Personal details such as date of birth, gender and nationality
  • CVs or cover letters or any other supplementary document included as part of the application process
  • Information about your right to work in the UK
  • Information regarding your work history, qualifications, professional memberships, education, experience, or employment references
  • Video recordings such as those that may be submitted as part of the recruitment process (in response to specific screening questions)
  • Photographs if included on CVs or otherwise on supplementary document submitted as part of the recruitment process
  • The results of any personality profiling assessment that we may carry out as part of the recruitment process

We may also collect, store and use the following special categories of more sensitive personal data, which could include:

  • Information about whether or not you have a disability for which we need to make reasonable adjustments as part of the recruitment process
  • Information about criminal convictions and offences (where the nature of the job requires this) 

More information about how we treat special categories of personal data is set out below.


how is your personal data collected?

We may collect this information in a variety of ways. For example, data might be collected through application forms; your CV; from correspondence with you; or through interviews, meetings or other assessments.

We may collect personal data about you from third parties, such as references supplied by former employers or agencies and information from criminal records checks permitted by law.


Where is your personal data stored?

Your personal data will be stored in a range of different places, including in our recruitment files, in our HR system, and in other IT systems (including its email system).


Who has access to your data?

Your information will be shared internally for the purposes of the recruitment exercise. This includes members of the People Team, relevant hiring managers and interviewers involved in the recruitment process, and IT staff if access to the data is necessary for the performance of their roles.

The Law Boutique will only share your data with third parties for the purposes of assessing your application for employment. This will be with authorised third parties that have been engaged by The Law Boutique such as professional advisors, external consultants, recruitment agencies etc. If you are successful in your application and we make an offer of employment, we will ask for your nominated referees and contact them in order to obtain references for you and we will use your name within that correspondence, and we may contact the Disclosure and Barring Service to undertake necessary criminal records checks (if required for the nature of the role).

Your data may be transferred outside the European Economic Area (EEA) with hiring managers or those participating in recruitment and selection processes as part of the recruitment process.

However, to ensure that your personal information does receive an adequate level of protection we have put in place appropriate measures to ensure that your personal information is treated by those third parties in a way that is consistent with and which respects the EU and UK laws on data protection. These measures are set out below.


Is my data secure?

We take the security of your data very seriously. We have internal policies and controls in place to try to ensure that your data is not lost, accidentally destroyed, misused or disclosed, and is not accessed except by its employees in the performance of their duties.

Where we engage third parties to process personal data on our behalf or we share personal data with third parties, those third parties do so on the basis of written instructions, are under a duty of confidentiality and are obliged to implement appropriate technical and organisational measures to ensure the security of data.

We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.


How long do you retain my data for?

We will not hold your personal data longer than we need it. If unsuccessful, we generally keep the majority of your information for the duration of the recruitment process plus an additional 12 months thereafter. If you are successful in your application, information collected as part of the recruitment process will be transferred to your personnel file and retained during your employment. The periods for which your data will be held will be provided to you in a new privacy notice.


Automated processing

We do not make any recruitment decisions based solely on automated decision-making. In the event that we do ever use automated decision-making that could have a significant impact on you, we will let you know in advance and give you an opportunity to object.


What happens if you fail to provide personal data

You are under no statutory or contractual obligation to provide data to The Law Boutique during the recruitment process. However, if you do not provide the information, we may not be able to process your application properly or at all. If your application is successful, it will be a condition of any job offer that you provide evidence of your right to work in the UK and satisfactory references.

You are under no obligation to provide information for equal opportunities monitoring purposes and there are no consequences for your application if you choose not to provide such information.

Thank you for reading our privacy policy!

Subscribe to our blog

It doesn’t have to end. We’d love to stay in touch. Subscribe to our newsletter for insights on everything from legal design to legal ops, plus all the latest news, delivered straight to your inbox. Join our growing community!

You have Successfully Subscribed!

Pin It on Pinterest