Privacy Notice for London Candidates
Thank you for your interest in Cooley. When you apply for a position at Cooley, whether as an employee or contractor, we need to gather personal information from you and other sources. This notice details how we process your personal information, including the types of information we collect, sources from which we collect your personal information, the purposes for which we collect your personal information, how long we retain your personal information and your rights with respect to the personal information we collect.
We will process your personal information in compliance with applicable data protection laws and principles. We will:
- Process your personal information only in a fair, lawful and transparent way.
- Collect your personal information only for valid purposes, which we identify in this notice.
- Limit our processing of your personal information to the purposes we describe in this notice, and not use your personal information in any way that is incompatible with those purposes.
- Make sure your personal information is accurate and kept up to date.
- Keep your personal information only so long as necessary for the purposes we describe in this notice.
- Ensure your personal information is kept securely.
Who we are
Cooley UK is a Limited Liability Partnership law firm incorporated in England and Wales. The UK office is an affiliate of Cooley LLP, a global law firm headquartered in the United States with offices around the world. For more information about Cooley, please review the About link on the Cooley.com webpage.
Details of processing
Subject to the disclosures in this notice, we may process any information we collect from your CV, cover letter and application, as well as any information we receive from a recruitment or placement agency, to decide whether you meet the basic requirements for the position for which you have applied. If you fail to provide information necessary for us to consider your application, we may not be able to process your application. If we decide to invite you for an interview, we may also require you to go through a testing process administered by us or a third party. If we extend an offer to you, we may reach out to third parties to validate information about you, including your education, employment (including any gaps in employment and a review of potential client conflicts) and professional certifications, and social media activity. We may contact any references you have provided, and we may use the services of third party vendor to conduct background screens regarding your credit, criminal or professional history for a period up to the past 10 years. Any employment offer is contingent on our receipt of satisfactory information from these background checks and screens; otherwise we may not be able to complete an employment contract with you. You will not be subject to decisions that will have a significant impact on you based solely on automated decision-making.
Personal information we collect about you when you apply for a role at Cooley
When you apply for an opening at Cooley, we will collect, store, and use the following categories of personal information about you:
- Information you provide us in your curriculum vitae and cover letter.
- Information about you, your background and qualifications that you provide in your online application.
- Any information we receive from an employment recruiting or placement agency, if one is involved in your recruitment.
- Any information you freely provide to us as part of an interview or assessment process.
- Any information that we collect from references or referees that you identify in your online application.
- Any information that we collect from third parties that validate your employment, education or licensing qualification certificates.
- Data collected from testing or assessments conducted by us, or a third party, during the recruitment process.
- Any information we receive from a third party we engage to perform a background check which may include:
- an identification verification screen,
- a financial integrity check looking back 6 years,
- CV and employment verification, including any gaps in employment looking back 10 years for Partner positions and 6 years for all other roles,
- compliance and sanctions, and legal regulatory screens, and
- education, professional certification and directorship verification.
- Publicly available Information from social media sites or other online sources.
Sensitive personal information
We may also ask you to provide information that is categorized as Special Categories of data under the General Data Protection Regulation including information:
- From you about your gender, race or ethnicity or disability status. You do not have to provide this information and your refusal to provide it will not impact our hiring decisions.
- From background check providers regarding any unspent criminal convictions or offences.
Sources from which we collect your personal information
We collect personal information about you as a candidate from the following sources:
- You, the candidate.
- Third parties that we may need to engage to validate information you provide or perform services necessary to our recruiting process, including:
- Employment recruiting or placement agencies that you may have applied through or may have referred you to us.
- References and referees that you have named for us to contact.
- Employers, educational institutions or professional certification organizations you’ve identified in your CV or application.
- Where applicable and to the extent permitted by local law, background check providers.
- Publicly available information on social media sites.
How we will use your personal information
We process the personal information we collect for the following purposes:
- To establish a recruitment pool of qualified applicants for employment.
- Evaluate your application for employment.
- Carry out a criminal background (Disclosure and Barring Service (DBS)) check.
- Validate your employment history, educational credentials and references.
Legal basis for processing personal data
- When we process personal information that we collect from you or third parties, we do so based on our legitimate interests in our recruiting and hiring process, specifically:
- Recruiting a qualified applicant pool from which we may fill job openings.
- Ensuring the validity of information that you have submitted in your CV and application.
- Maintaining records of our hiring process.
- Reviewing public news and social media sites for content adverse to Cooley.
- Performing background checks of your financial and criminal records to the extent permitted by law.
- In addition to these legitimate interests for processing your personal information, should we ultimately offer you a position, we rely on your information as the basis of an employment contract.
When Cooley processes Sensitive Personal Information, as defined in GDPR, we do so because it is necessary for the purposes of carrying out our obligations and exercise specific rights in the field of employment, specifically:
- We will use information about your disability status to consider whether we need to provide appropriate adjustments during the recruitment process or your potential employment.
- We will use information about your race or ethnic origin, religious or philosophical beliefs, sexual orientation and gender identity to ensure meaningful equal opportunity monitoring and reporting.
- We will use information about your socio-economic background, refugee/asylum seeker status and time spent in local authority care to assess the context and strength of the work experience, education and other achievements.
How we share your information
We may share your personal information, to the extent necessary to fulfil one of the purposes of our hiring process, with:
- Other Cooley offices.
- Third parties including;
- Criminal background and credit check service providers,
- Previous employers that you have identified in your CV or application,
- Educational institutions that you have identified in your CV or application,
- Professional certification bodies that you have identified in your CV or application,
- Providers of sanctions and “politically exposed persons” screening lists.
We will only share your personal information for the purposes of processing your application. We require that third parties with whom your information is shared take appropriate security measures to protect your personal information in line with our policies. We do not allow our third-party service providers to use your personal information for their own purposes and only permit them to process your personal information for the purposes indicated in this Notice and in accordance with our instructions. To the extent that this sharing involves a transfer outside of the EEA, we will address possible risks to you arising from the absence of adequate protection, and ensure that your personal information is sufficiently protected by entering into data transfer agreements incorporating the EU’s standard contractual clauses.
Retention period for personal information
We will retain your personal information for a period of one year before we purge your application information in accordance with our data retention policy. During the time period that we hold your information, we may reach out to you if we consider you for a future position.
Your rights regarding personal information we process
Under certain circumstances and to the extent provided for by law, you have the right to:
- Request access to your personal information and receive a copy of the personal information we hold about you.
- Request correction of any incomplete or inaccurate personal information that we hold about you.
- Request erasure of your personal information that we hold about you.
- Object to processing of your personal information where we are processing your personal information on the basis of a legitimate interest.
- Withdraw Consent to process your personal information where we are processing your personal information on the basis of consent.
- Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you.
- Request the transfer of your personal information to another party. This right can only be exercised if we are processing your personal information based on your consent or on an agreement have concluded with you.
If you want to take advantage of your rights with respect to any personal information that we are processing, please contact us via this web form.
Data protection officer
We have appointed a data protection officer (DPO) to oversee compliance with this privacy notice. If you have any questions about this privacy notice or how we handle your personal information, please contact the DPO at privacy@cooley.com.
You have the right to make a complaint at any time to the competent supervisory authority for data protection issues. For the United Kingdom:
Information Commissioner’s Office
Data Protection Authority
Wycliffe House
Water Lane
Wilmslow
Cheshire
ico.org.uk/global/contact-us/