Candidate data protection standards

Last updated: June 28, 2022

CANDIDATE DATA PROTECTION STANDARDS

Kilpatrick Group S.A and its brands SkyHunters, TaskForce and Kilpatrick Executive is privately-held global executive search firm and advisor for many international companies seeking guidance and counsel on senior leadership needs. Clients turn to us to seek highly-qualified and talented executives and directors such as you.

Given the importance of safeguarding and keeping your information up-to-date to ensure you are considered as a candidate when the opportunity arises, we have committed ourselves to protecting the privacy of your Personal Data. The following describes our firm’s policy regarding the collection, use, and transfer of your Personal Data.

Objectives & Scope

The purpose of the Candidate Data Protection Standards (the “Standards”) is to provide consistent safeguards for the processing of the Personal Data of candidates by Kilpatrick.

  1. Processing refers to any human manual or automated action performed on Personal Data by Kilpatrick. This includes, but is not limited to: recording, organizing, storing, modifying, disseminating, transferring, disclosing, deleting, and sharing such data among the Kilpatrick Group in accordance with Kilpatrick’s policies.
  2. Candidate is any individual whom Kilpatrick presents to a client. This includes but is not limited to: executive, director, and management search and assessment services.
  3. Personal Data is any information about a Candidate originally collected or otherwise used by a Kilpatrick data controller in the European Union in the context of a search or assessment assignment. Personal Data includes, but is not limited to: candidate name, contact information, professional experience, academic qualifications, skills, etc.

Please note these Standards do not apply to any Personal Data that has been anonymized and used in the aggregate such as compiling industry and employment statistics where such data does not involve personally identifying information and individuals are not identifiable from it.

Global Standards & Local Laws of Kilpatrick

We currently operates more than 42 countries with 6 global locations throughout the world. Regardless of the jurisdiction, each office and entity of Kilpatrick is required to abide by these Standards through the creation of a binding agreement throughout all Kilpatrick entities. Doing so protects the Personal Data processed by Kilpatrick in countries that possess less rigorous protection than those contained in these Standards. Kilpatrick will ensure that any new entities formed after the creation of these Standards will abide by the protections described herein. Of course, where certain countries or supranational entities in which Personal Data is processed employ more stringent regulations than those contained in these Standards, Kilpatrick will naturally comply with those more stringent regulations.

Processing Personal Data
  • Kilpatrick’s Standards require the following with regard to processing Personal Data:
  • Personal Data is processed fairly and lawfully;
  • Personal Data is processed for legitimate purposes associated with Kilpatrick’s services (“Purposes”);
  • Personal Data is not processed in any manner incompatible with these Purposes;
  • Personal Data is always relevant to the Purposes for which the Personal Data is obtained;
  • Personal Data is only used by Kilpatric and is not sold or shared for related or unrelated purposes to non-licensed third parties unless otherwise stated at the time of collection or as required by law;
  • Personal Data is processed and maintained in a manner that assures reasonable accuracy; o Personal Data that is inaccurate is corrected, updated, or deleted within a reasonable time of the discovery of the inaccuracy;
  • Personal Data is stored only for the duration necessary to fulfill these Purposes;
  • Personal Data is protected by all necessary and appropriate protective measures – both technological and legal.
  • Personal Data will not be automatically processed in any manner which will have a significant effect on the data subject except where authorized by a law which also safeguards the data subject’s legitimate interests.
  • Personal Data will not be transferred to third parties without adequate protections in place unless an exception permitting such transfers, as found in European and Swiss data protection laws, applies.
Purposes for Personal Data Processing

Kilpatrick processes and disseminates Personal Data only for its own use, only for legitimate Purposes, and in accordance with applicable law. Such Purposes include:

  • Executive, Board, and Management Search: Kilpatrick processes and disseminates Personal Data in order to match Candidates who are qualified for a particular position with client organizations who have an opening for such a position. Examples of processing for this purpose include, but are not limited to: collecting data from the Candidate directly, performing background searches with the Candidate’s consent, relaying Personal Data to a client with the Candidate’s consent, and receiving referrals from individuals associated with the Candidate.
  • Management Assessment Kilpatrick processes and disseminates Personal Data in order to evaluate the efficiency, productivity, and benefits of a client organization at the client’s request. Examples of processing for this purpose include, but are not limited to, collecting data from a Candidate directly, administering tests and assessing the Candidate’s results, relaying Personal Data to a client with Candidate’s consent, and receiving referrals and evaluations from individuals associated with the Candidate.
  • Information sharing globally within Kilpatrick or Kilpatrick Brands: Kilpatrick operates in a global marketplace and collects and disseminates Personal Data within and across its worldwide network of offices for the purposes of Executive and Management Search and Executive Assessment Services as described above. This will involve the collection of Personal Data on Candidates and the storage of that information in secure data centers in Switzerland which is then accessible by all Kilpatrick offices worldwide.
Security, Confidentiality and Enforcement

Kilpatrick will take all necessary and appropriate protective measures to prevent unauthorized access, loss, or damage to Personal Data and to ensure any processing of Personal Data is done in accordance with these Standards. Those measures include:

  • Employee Contracts and Policies: Kilpatrick’s policy is to keep all Personal Data confidential. All employees of Kilpatrick are required to sign and abide by the following:
  • All employees of Kilpatricksign our Code of Conduct outlining the values and commandments of the company and it requires strict adherence to the confidentiality and integrity
  • Employment Contract: All employees of Kilpatrick sign employment contracts that contain robust confidentiality clauses.
  • Confidentiality Agreement: In addition, all employees of Kilpatrick are required to sign a separate and extensive confidentiality agreement.
  • Training: All employees of Kilpatrick who have permanent or regular access to Personal Data, who are involved in the collection of Personal Data or in the development of tools used to process Personal Data are trained in these Standards and the best practices of handling such data.
  • Access Security: Personal Data is securely stored and can only be accessed via Kilpatrick Group’s proprietary software. Personal Data is only accessible by our own Kilpatrick employees from Kilpatrick’s computers and only through Kilpatrick’s private network. Access is continually monitored and restricted to employees of Kilpatrick and is secured by appropriate physical, electronic, and managerial security procedures to prevent unauthorized access, loss, or damage to the Personal Data.
  • Contractor Obligations: All Contractors performing services for Kilpatrick must execute a written service contract. Beyond business terms, these service contracts include confidentiality and security obligations and data protection provisions and provide enforcement mechanisms through all available legal remedies.
  • To safeguard all Personal Data that is submitted by Candidates via kilpatrickexecutive.com, appropriate physical, electronic, and managerial security procedures have been put in place to prevent unauthorized access, maintain the accuracy of data and ensure proper use of information via kilpatrickexecutive.com.
  • Candidate Consent Forms: All Candidates are presented with consent forms which must be signed before any Personal Data will be disclosed to a client organization or other third party.
Required Processing

In situations where Personal Data must be disclosed as a matter of law, Kilpatrick will use its best efforts to lawfully resist, limit, or delay disclosure and will ensure that only the Personal Data that is necessary and relevant to the request is provided. In the event that Kilpatrick becomes aware of any legislation applicable to it which is likely to have a substantial adverse effect on the ability of Kilpatrick to comply with these Standards, Kilpatrick will determine a suitable course of action aimed at ensuring compliance with these Standards in consultation with the relevant Data Protection Authority.

Candidate Rights of Access, Rectification and/or Deletion

Given the nature of Kilpatrick’s services, the Candidate is involved in the processing of his or her Personal Data in furtherance of the Purposes. Additionally, the Candidate may, at any time, in accordance with local law, contact Kilpatrick and inquire about his or her Personal Data. Requests by the Candidate for access to his or her Personal Data, for revisions, or for Kilpatrick to cease processing of Personal Data can be made to any Kilpatrick employee or via email to privacy@kpexs.com.

The Data Protection Officer for the Kilpatrick office where the Personal Data was processed will coordinate all revisions or deletions of Personal Data.

Upon request, Kilpatrick will compile the information and provide it to the Candidate. The Candidate may request a revision of his or her Personal Data if it is incomplete or contains inaccuracies. Kilpatrick updates or revises the Personal Data as the situation or law requires. A Candidate may also request that his or her Personal Data no longer be processed. All requests to stop processing of a Candidate’s Personal Data will promptly be honored by Kilpatrick and, unless otherwise noted in the request, will apply to all forms of processing by Kilpatrick (including search and assessment services and any marketing communications).

Candidate Enforcement Rights and Mechanisms

Any person may inquire as to the nature of the data stored or processed about him or her by Kilpatrick. Any Kilpatrick employee contacted regarding such a request will forward the information to their local Data Protection Officer. The Data Protection Officer will contact the individual directly and will remain Kilpatrick’s liaison with the individual while the handling of the request is ongoing. If the Candidate believes his or her Personal Data is being processed in contravention of these Standards, the Candidate may report the concern to their contact at Kilpatrick, to any Kilpatrick employee, or via email to privacy@kpexs.com. The matter will then be reported to the Data Protection Officer of Kilpatrick Switzerland or the office of where the Personal Data was processed. Should the Candidate and Data Protection Officer be unable to resolve the dispute within nine months, the Candidate can lodge a complaint before the competent Data Protection Authorities and enforce these Standards as third-party beneficiaries against Kilpatrick Group S.A located in Switzerland (“Kilpatrick Group S.A ”) either in the courts of the jurisdiction in which the Kilpatrick Group entity responsible for exporting such data is established or the Lugano – in which case the Candidate may be represented by an association or other body if they so wish and if permitted by law.

Internal Oversight Procedures

Kilpatrick ensures enforcement of these Standards through a regional Data Protection Officers who monitor processing of Personal Data and conduct periodic data protection compliance audits. The local Data Protection Officers are further responsible for investigating any claims related to data processing and may coordinate with an external Legal Counsel to analyze the scope of the alleged violation. In addition, employees will self-police their actions and the actions of peers regarding the processing of Personal Data. Employees are required to immediately report any violation to their direct superior who will notify and work with the local Data Protection Officer to investigate the claim.

To the extent that such matters cannot be adequately handled within Kilpatrick’s own resources, Kilpatrick may appoint an independent third party to conduct an investigation/audit of any of the procedures or issues involving its Candidate Data Protection Standards.

Modification of Standards

Kilpatrick reserves the right to modify these Standards as needed. Where local law requires a higher standard for Personal Data it will take precedence over these Standards. Should Kilpatrick make any substantive modifications to these Candidate Data Protection Standards, the changes will be promulgated throughout Kilpatrick via an email announcement, a posting of the revised Candidate Data Protection Standards to in the library and training in accordance with any legal requirements. Candidates will be informed going-forward and have access to the updated Candidate Data Protection Standards at app.kpexs.com. Kilpatrick will also take appropriate steps to notify the relevant Data Protection Authorities.

Obligation to data Protection Authorities

Klpatrick will respond diligently and appropriately to all requests from data protection authorities regarding these Standards, including consenting to requests by a competent Data Protection Authority to audit Kilpatrick’s compliance with these Standards. Kilpatrick will abide by the advice of the Data Protection Authorities on any issues related to the interpretation and application of Kilpatrick’s Candidate Data Protection Standards. Upon request, the Data Protection Authority shall receive a copy of any compliance audits conducted by Kilpatrick regarding these Standards and Kilpatrick will further comply with requests by the Data Protection Authorities for additional review of company-wide compliance including a current list of Kilpatrick Offices.