Kroll Employee Privacy Notice

Kroll LLC (and all affiliates and subsidiaries, collectively "Kroll"), is committed to complying with the applicable data privacy and security requirements in the countries in which it operates.  Kroll complies with internationally recognized standards of privacy protection, and with various privacy laws globally including, but not limited to, the EU General Data Protection Regulation (GDPR). This Privacy Notice applies only to employee data.

Kroll takes the protection and privacy of its employees seriously. This Privacy Notice provides important information about your privacy in connection with your employment or engagement by Kroll. Please review it carefully as it describes the information Kroll collects and how we store, use, transfer and disclose (collective known as process) this information.

The term “employee” is intended to cover all situations where there is an employment relationship with Kroll, whether such person is a full or part-time employee, contractor or subcontractor, temporary worker, intern or senior advisor.

If you are a California resident who is an employee of Kroll, please see the California Privacy section of this policy.


Who is Collecting Data

Data will be collected by or on behalf of Kroll LLC or the relevant affiliate or subsidiary who employs you (collectively "Kroll"), the Data Controller.

Data We Collect

Kroll collects personal information about you during the recruiting process (as set out in Kroll’s Talent Acquisition Privacy Notice) which becomes part of your employee record when you are hired. Most of the information we hold will have been provided by you, but some may come from other internal sources, such as your manager, or in some cases, external sources, such as references. Data we collect include the following categories, as applicable to your employment:

  • Contact information, such as name, address, phone number, email address, job title, etc.

  • Human resources data, such as job function, contractual details, education, data of birth, marital status, employment actions (hire/rehire/termination), reason for employment actions, assignments, training history, attendance, competencies, hours worked, vacation/personal days etc.

  • Payroll data, such as national ID/social security number, banking information, dependent details, salary/wages, compensation details, holiday/vacation, expenses, travel details

  • Training and assessment information, such as work experience, education, accomplishments, career goals and type, development plans, performance, talent review meeting information, project assignments, etc.

  • Job applicant information, in accordance with Kroll’s Talent Acquisition Privacy Notice

  • Health/Benefit information, such as illness and accidents information, health, disability information, insurance and savings plan information, including deductions, eligibility and coverage, enrollment, paid sick leave, etc. 

  • Background check information, such as criminal and credit checks, references, employment history and education, where permitted or required by law

  • Information Technology information, such as system access requests, system access rights, access logs, credentials, etc.

Processing of Personal Data

Kroll processes your personal information where processing is necessary for the purposes of the legitimate interests of Kroll and Kroll"s employees, which include human resources and business management. When we process your personal information for our legitimate interests, we make sure to consider and balance any potential impact on you and your rights under data protection laws. Our legitimate business interests do not automatically override your interests - we will not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law).

The purposes for processing your information include:

  • management of the employment relationship;

  • workflow management, such as assigning, managing, and administering projects or training;

  • travel and expense tracking and budgeting; business travel (e.g. commercial flights, hotels, rental cars), expense management (e.g., corporate card) and processing corporate expenses and reimbursements;

  • compensation administration, including payroll, bonus, commission as well as stock plan administration, approval and processing; benefits monitoring, calculation, administration and planning; competitive pay analysis, and job grading;

  • talent management; performance appraisals, promotion, and career development activities; succession planning; retirement planning, monitoring of training and development;

  • personnel administration; managing the hiring, rehiring, and termination processes;

  • enrollment with and administration of health and medical benefits, or retirement plans;

  • administration of leave of absence, time off, sick leave or other types of employee leave as per applicable law and/or company policies;

  • managing sickness, injury and/or disability requirements;

  • facilitating employee relocations and international assignments;

  • background checks, where permitted or required by law

  • managing communications with employees, including for business continuity/disaster recovery purposes

  • organizational development; preparation, management, and use of an internal business directory;

  • employee discipline; internal company and/or external investigations into misconduct and/or performance concerns; audit requirements

  • exercise of our rights under local laws and compliance with applicable legal and regulatory requests and obligations (including investigations in relation to the same); establish or defend legal claims and allegations; complying with applicable laws, regulations, corporate governance requirements, legal processes or enforceable governmental requests

  • authorizing, granting, administering, monitoring and terminating access to or use of company systems, facilities, records, property and infrastructure, such as the corporate email system and company directory; ensuring network and information security, and preventing fraud Page 3 of 6

  • other general human resources purposes

Kroll may also process personal data for other lawful reasons:

  • Where processing is necessary for the performance of a contract to which you are a party or in order to take steps prior to entering into such contract;

  • Where processing is necessary for compliance with a legal obligation to which Kroll is subject;

We will not use your personal data for marketing purposes or other purposes incompatible with the employment relationship unless we obtain your consent.

Processing of Sensitive Data

Kroll may request certain sensitive personal information, such as race, ethnicity, marital status, religion, or disability. Requests to provide sensitive information will be voluntary, except where required by law. Collection and processing of sensitive information is necessary for Kroll to carry out the obligations and exercise specific rights in the field of employment and social security. For example, we may need information to verify that you are permitted to work in a certain country, or to process immigration applications. Your sensitive personal data will not be used for any other purpose other than for your employment with Kroll, in accordance with this policy.

Information about Dependents/Contacts

If you provide us with personal data about members of your family and/or dependents or beneficiaries (e.g., for emergency contact or benefits administration purposes), it is your responsibility to inform them of their rights with respect to such information. You also are responsible for obtaining the consent of these individuals (unless you can provide such consent on their behalf) to the processing of that personal data for the purposes set out in this Notice.

How Data is Processed

Personal data is processed both manually and electronically in accordance with the above-mentioned purposes and in compliance with current regulations. Within the Kroll group of companies your personal data will be disclosed only to a limited number of restricted individuals within the information technology, human capital, finance, legal and compliance, and benefits departments as well as certain managers (only persons with assigned responsibility or managerial responsibility for the employee or groups of employees) to the extent any of these functions need access to your personal data in connection with their job responsibilities. Access will be provided on a need-to-know basis. We permit only authorized Third-Party processors to have access to your information. Employees and Third-Party processors are appropriately designated and trained to process data only according to the instructions we provide them.

Storage of Personal Data

Kroll will retain personal data for a reasonable period, taking into account legitimate business needs to capture and retain such information. Information will also be retained for a period necessary to comply with state, local, federal regulations, or country specific regulations and requirements, and in accordance with Kroll’s Document Retention Schedule.

Disclosure/Sharing of Personal Data

We only share your personal data with your consent or in accordance with this notice. We will not otherwise share, sell or distribute any of the information you provide to us except as described in this Privacy Notice.

  • We share personal data among Kroll-controlled affiliates and subsidiaries who act for Kroll for the purposes set out in this notice.

  • Kroll may share your information with external third parties, such as vendors, consultants and other service providers who are performing certain services on behalf of Kroll. Such third parties have access to Personal Data solely for the purposes of performing the services specified in the applicable service contract, and not for any other purpose. Kroll requires these third parties to undertake security measures consistent with the protections specified in this Notice.

  • Kroll may be required to disclose personal data in response to lawful requests by public authorities, including meeting national security or law enforcement requirements.

  • If Kroll’s business enters into a joint venture with or is merged with another business entity, your information may be disclosed to our new business partners

Cross – Border Transfers of Personal Data

Kroll is a global firm with operations in over 25 countries. Personal information may be transferred, accessed and stored globally as necessary for the uses stated above in accordance with this notice. Personal Data may be transferred to or processed in locations outside of the European Economic Area (EEA), some of which have not been determined by the European Commission to have an adequate level of data protection. In that case, for personal data subject to European data protection laws, we take measures designed to provide the level of data protection required in the EU, including ensuring transfers are governed by the requirements of the Standard Contractual Clauses adopted by the European Commission, or another adequate transfer mechanism. Kroll entities have entered into intragroup transfer agreements based on the Standard Contractual Clauses which allows for the processing and transfer of personal data.

Where we receive requests to disclose personal data from law enforcement or regulators, we carefully validate these requests, including reviewing the legality of any order and challenging the order if there are grounds under the law to do so, before any personal data is disclosed.

Your Rights 

Depending on the laws of the jurisdiction governing the processing of your personal data, you may have certain rights under applicable data protection laws including:

  • Access: You have the right to request to access personal information that Kroll holds about you. • Rectification: You have the right to ask us to rectify information Kroll holds about you if it is inaccurate or not complete.

  • Erasure: You can request that Kroll erase your personal data if data is no longer necessary for the purpose for which it was collected or processed, or if you believe personal data have been unlawfully processed. We will keep basic data to identify you and retain it solely for preventing further unwanted processing. Page 5 of 6

  • Restrict Processing: You have the right to ask Kroll to restrict how we process your data. This means we are permitted to store the data but not further process it. We keep just enough data to make sure we respect your request in the future.

  • Object to Processing: Where processing is based on legitimate interests, you have the right to object to Kroll processing your data. Kroll will discontinue processing your data, unless we can demonstrate compelling legitimate grounds for the processing. We will keep basic data to identify you and retain it solely for preventing further unwanted processing.

  • Portability: Where processing is based on consent or performance of a contract, you have the right to data portability. Kroll must allow you to obtain and reuse your personal data for your own purposes in a safe and secure way without this effecting the usability of your data. This right only applies to personal data that you have provided to Kroll as the Data Controller

Please contact [email protected] to request access, rectification, or erasure, or to restrict processing, to object to processing, to request data portability.

Subject to legal considerations or certain exemptions, we may not always be able to address your request, for example if it would impact the duty of confidentiality we owe to others, or if we are legally entitled to deal with the request in a different way.

Workplace Monitoring

In accordance with Kroll’s Information Security Policy, Kroll has the ability to monitor, review, audit, or intercept Information stored, sent, received or otherwise facilitated by or through Kroll Systems, in order to administer the use and access to Kroll Systems and ensure network and information security.

Kroll has the ability to monitor the content of electronic communications, including Kroll email and instant messaging, where permitted by local law. However, Kroll does not perform such monitoring in the ordinary course. Such monitoring of electronic communications may only be conducted by authorized representatives of the Firm, which are those employees approved and designated as authorized representatives by the General Counsel or the Human Capital Managing Director.

Notwithstanding the above, Employees associated with Kroll Securities, LLC (FINRA regulated broker-dealer) and Kroll Securities Canada Limited (OSC regulated Exempt Market Dealer) are subject to routine monitoring of electronic communications by Compliance, as required by relevant securities regulations.

Access to Kroll offices is controlled by a centralized global Access Control System, which allows for the creation of specific access permissions, which can be granted to individually assigned keycards and assigned to specific doors. When an employee presents their assigned keycard to a card reader, such employee is recognized by the security system as authorized to have access, and is granted access by the door unlocking. A record of the transaction is automatically generated and recorded in the security system. Kroll also employs the use of video monitoring systems in some facilities at ingress and egress points, to enhance general security and protection of our facilities. Video monitoring is not intended and will not be used to review employees’ general work performance and attendance.

Automated Decision Making

Automated decisions are defined as decisions about individuals that are based solely on the automated processing of data and that produce legal effects that significantly affect the individuals involved. Kroll does not make automated decisions for employee data.

If automated decisions are made, affected persons will be given an opportunity to express their views on the automated decision in question and object to it

Providing Information to Kroll

If you choose not to provide certain personal information, we may not be able to administer your employment with Kroll.

Third Party Websites or Other Services

You may choose to provide us with access to certain personal information maintained by third parties such as LinkedIn. The information we may receive varies by site and is controlled by the operator of the site and your privacy settings thereon. We are not responsible for the privacy practices of any non-Kroll operated websites, mobile apps or other digital services, including those that may be linked through Kroll systems or websites, and we encourage you to review the privacy policies or notices published thereon.

Contact Us

Please contact us at Kroll with questions, concerns, or complaints:

Kroll Corporate Headquarters
55 E 52 Street
New York, NY 10055
[email protected]

If you are in the EU: 

Kroll EU Data Protection Officer: Daniela Mosca

  • Email: [email protected]

  • Telephone +

  • Post: Daniela Mosca at Kroll Advisory Holding SpA, Centro Direzionale Colleoni, Palazzo Cassiopea 3, 7th Floor, Via Paracelso 26, 20864 Agrate Brianza (MB) - Italy

For data subjects located in the EU: if we are not able to satisfactorily resolve your questions, concerns, or complaints, or if you believe that the processing of your personal data infringes on your rights under applicable data protection laws, you have the right, without prejudice to any other administrative or judicial remedies, to lodge a complaint with a supervisory authority, in particular, in the Member State of your habitual residence, place of work or place of the alleged infringement. Contact information for the supervisory authorities may be found here: EU Data Protection Authorities

California Privacy Notice and Policy

This California Privacy Notice and Policy section, effective as of January 1, 2023, supplements the Kroll Talent Acquisition Privacy Notice and applies to the personal information of California residents who are Kroll job applicants.

Categories of Personal Information We Collect

In the past 12 months, we have collected, used, and disclosed for business purposes, the following categories of personal information relating to California residents covered by this policy:


Examples May Include


Name, alias, postal address, unique personal identifier, online identifier, internet protocol address (IP Address), email address, account name, social security number, driver’s license number, passport number, or other similar identifiers

Personal Information categories described in California Customer Records statute (Cal. Civ. Code § 1798.80(e))

Name, signature, social security number, physical characteristics or description, address, telephone number, passport number, driver’s license or state identification card number, education, employment, employment history

Protected classification characteristics under California or federal law

Age, race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status

Commercial information

Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.

Internet/network activity

Browsing history, search history, and information regarding a consumer’s interaction with an internet website, application, or advertisement

Geolocation data

Physical location.

Professional or employment-related information

Current or past job history

Non-public education information (per the Family Educational Rights and Privacy Act

Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student financial information

Inferences drawn from other personal information.

Inferences drawn to create a profile about a consumer reflecting the consumer’s preferences, characteristics, psychological trends, preferences, predispositions, behavior, attitudes, intelligence, abilities and aptitudes.

Sources of Personal Information We Collect

  • directly from your application and resume or curriculum vitae submitted through our online recruiting system, or from third parties designated by you, such as recruiting agencies.
  • from interviews and phone-screenings you may have.
  • From certain third parties, to: (a) verify information about your credentials, such as education and prior employment, (b) follow-up on references that you may provide, and (c) conduct background investigations, where permitted or required by law. We will only collect such information from third parties if you have completed an employment application authorizing us to do so, or we have otherwise obtained your authorization to proceed.
  • Information we automatically collect when you interact with Kroll websites or applications, such as your IP address and the pages you visited or activities you performed.

Business Purposes

We collect personal information for our operational purposes in recruiting and hiring employees. We use personal information for the business purposes set out in the “Processing of Personal Data” section above.

Disclosure of Personal Information to Third Parties

We do not disclose personal information to Third Parties (not including service providers) unless you direct us to do so, or where required by law.

Selling/Sharing of Personal Data

We do not, and have not in the preceding 12 months, sold personal information or shared personal information with a third party for cross-context behavioral advertising.

Disclosure of Personal Data for our Business Purposes

Within the last 12 months, we have disclosed Personal Information identified in the “Categories of Personal Information We Collect” section above for business purposes to the following categories of parties:

  • Our affiliates, as needed to operate our business and provide services.
  • Service providers or contractors, such as vendors, consultants and other service providers who perform certain services on behalf of Kroll, in which case we enter a contract that describes the purpose of processing and requires the recipient to not use it for any purpose except performing the contract.
  • Third parties to whom you or your agents request or authorize us to disclose your personal information.

Data Retention

Kroll will retain personal information for a reasonable period, taking into account legitimate business needs to capture and retain such information. Information will also be retained for a period necessary to comply with state, local, and federal regulations, and in accordance with Kroll’s Document Retention Schedule.

Your Rights

Subject to the CCPA, CPRA, and other applicable laws, you have the following rights concerning your data processed by Kroll:

  • Deletion: You have the right to request that Kroll erase your personal information, and Kroll will erase such information unless it is reasonably necessary for Kroll to maintain your personal data in accordance with CCPA 1798.105 (d) or 1798.145.
  • Correction: You have the right to request that Kroll correct inaccurate personal information, taking into account the nature and purpose of processing the information.
  • Access: You have the right to request to access the personal information that Kroll has collected about you.
  • Non-discrimination: Kroll will not discriminate against an individual because the individual exercised any of the individual’s rights under the CCPA or CPRA.

Contact Us

Please contact us if you wish to exercise your rights under CCPA/CPRA:

Email: [email protected]
In Writing: Kroll Compliance and Privacy Office, 167 N. Green St., Floor 12, Chicago, IL 60607