Kroll Talent Acquisition Privacy Notice

Kroll LLC (and all affiliates and subsidiaries, collectively "Kroll"), is committed to complying with the applicable data privacy and security requirements in the countries in which it operates. Kroll complies with internationally recognized standards of privacy protection, and with various privacy laws globally including, but not limited to, the EU General Data Protection Regulation (GDPR). This Privacy Notice applies only to job applicant data.  

If you are a California resident who is a job applicant of Kroll, please see the California Privacy section of this policy.

Who is Collecting Data

Data will be collected by or on behalf of Kroll LLC or the relevant affiliate or subsidiary of which you are a job applicant (collectively "Kroll"), the Data Controller.

Data We Collect

Most of the personal data Kroll collects about you is directly from your application and resume or curriculum vitae submitted through our online recruiting system, or from third parties designated by you, such as recruiting agencies. We may also collect data from interviews and phone-screenings you may have.

We collect data contained in your social media profile, such as LinkedIn, when you choose to share this with us. We may collect information about you from certain third parties, to: (a) verify information about your credentials, such as education and prior employment, (b) follow-up on references that you may provide, and (c) conduct background investigations, where permitted or required by law. We will only collect such information from third parties if you have completed an employment application authorizing us to do so, or we have otherwise obtained your authorization to proceed. 

Processing of Personal Data

Kroll collects and uses your data to take steps prior to entering into an employment contract. Kroll also collects and uses your data for the purposes of the legitimate interests of our company in human resources and business management. When we process your personal data for our legitimate interests, we make sure to consider and balance any potential impact on you and your rights under data protection laws. Our legitimate business interests do not automatically override your interests - we will not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law). Such legitimate interests may include:

  • Managing your job applicant account, including password recovery
  • Where you have applied for a position with Kroll:
    • Assessing your skills and qualifications for employment and reaching a hiring decision
    • Verifying your information and carrying out reference checks and/or conducting background checks, where permitted or required by law.
    • Communicating with you about the recruitment process and/or your application(s).
    • If you are offered and accept employment with Kroll, the information collected during the application and recruitment process will become part of your employment record. Candidates offered employment by Kroll will be provided with a separate privacy policy addressing the way in which their personal data will be used at the commencement of their employment.
    • Analyzing the hiring process and outcomes
  • Complying with applicable laws, regulations, corporate governance requirements, legal processes or enforceable governmental requests

Kroll also processes your data for other purposes if you have provided us consent for such specified purposes. Such other purposes will be clearly provided at the time you provide consent. For example, where you have consented, we will send you email notifications whenever a new position matching your profile is posted. You have the right to withdraw your consent at any time. You can unsubscribe from these communications at any time by sending a request via email to: [email protected]

Processing of Sensitive Data

Kroll may request certain sensitive personal data, such as race, ethnicity, marital status, religion, or disability during the recruitment process. Requests to applicants to provide sensitive data will be voluntary, except where required by law. Collection and processing of sensitive data is necessary for Kroll to carry out the obligations and exercise specific rights in the field of employment and social security. For example, we may need information to verify that you are permitted to work in a certain country, or to process immigration applications.

Your sensitive personal data will not be used for any other purpose other than for your recruitment and/or your future employment with us.

How Data is Processed

Personal data is processed both manually and electronically in accordance with the above-mentioned purposes and in compliance with current regulations. We permit only authorized Kroll employees and Third-Party processors to have access to your information. Such employees and Third-Party processors are appropriately designated and trained to process data only according to the instructions we provide them. 

Storage of Personal Data

Kroll will retain personal data for a reasonable period, taking into account legitimate business needs to capture and retain such information. Information will also be retained for a period necessary to comply with state, local, federal regulations, or country specific regulations and requirements, and in accordance with Kroll’s Document Retention Schedule.

Disclosure/Sharing of Personal Data

We only share your personal data with your consent or in accordance with this policy. We will not otherwise share, sell or distribute any of the information you provide to us except as described in this Privacy Notice. 

  • We share personal data among Kroll-controlled affiliates and subsidiaries who act for Kroll for the purposes set out in this notice. 
  • Kroll may share your information with external third parties, such as vendors, consultants and other service providers who are performing certain services on behalf of Kroll. Such third parties have access to Personal Data solely for the purposes of performing the services specified in the applicable service contract, and not for any other purpose. Kroll requires these third parties to undertake security measures consistent with the protections specified in this notice.
  • Kroll may be required to disclose Personal Data in response to lawful requests by public authorities, including meeting national security or law enforcement requirements.
  • If Kroll’s business enters into a joint venture with or is merged with another business entity, your information may be disclosed to our new business partners.

Cross – Border Transfers of Personal Data

Kroll is a global firm with operations in over 25 countries. Personal data may be transferred, accessed and stored globally as necessary for the uses stated above in accordance with this notice, and in compliance with local regulations.

Personal Data may be transferred to or processed in locations outside of the European Economic Area (EEA), some of which have not been determined by the European Commission to have an adequate level of data protection. In that case, for personal data subject to European data protection laws, we take measures designed to provide the level of data protection required in the EU, including ensuring transfers are governed by the requirements of the Standard Contractual Clauses adopted by the European Commission, or another adequate transfer mechanism. Kroll entities have entered into intragroup transfer agreements based on the Standard Contractual Clauses which allows for the processing and transfer of personal data.

Your Rights 

Depending on the laws of the jurisdiction governing the processing of your personal data, you may have certain rights under applicable data protection laws including:

  • Access: You have the right to request access to personal data that Kroll holds about you.
  • Rectification: You have the right to ask us to rectify information Kroll holds about you if it is inaccurate or not complete.
  • Erasure: You can request that Kroll erase your personal data. We will keep basic data to identify you and retain it solely for preventing further unwanted processing.
  • Restrict Processing: You have the right to ask Kroll to restrict how we process your data. This means we are permitted to store the data but not further process it. We keep just enough data to make sure we respect your request in the future.
  • Object to processing: Where processing is based on legitimate interests, you have the right to object to Kroll processing your data. Kroll will discontinue processing your data, unless we can demonstrate compelling legitimate grounds for the processing.  We will keep basic data to identify you and retain it solely for preventing further unwanted processing.
  • Portability: Where processing is based on consent or performance of a contract, you have the right to data portability. Kroll must allow you to obtain and reuse your personal data for your own purposes in a safe and secure way without this effecting the usability of your data. This right only applies to personal data that you have provided to Kroll as the Data Controller.

Please contact [email protected] to request access, rectification, or erasure, or to restrict processing, to object to processing, to request data portability.

Subject to legal considerations or certain exemptions, we may not always be able to address your request, for example if it would impact the duty of confidentiality we owe to others, or if we are legally entitled to deal with the request in a different way.

Automated Decision Making

In some instances, processing of your personal data may result in automated decisions that may affect the outcome of your job application. For example, we use automated decisions to assess whether an applicant possesses the basic qualifications which are required for a position.

When we make an automated decision about you, you have the right to contest the decision, to express your point of view, and to request a human review of the decision. You can ask about decisions made about your application by speaking to your contact within our recruitment team or by emailing [email protected].

Providing Information to Kroll

If you choose not to provide certain personal information, we may not be able to consider you for employment with Kroll.

Third Party Websites or Other Services

You may choose to provide us with access to certain personal data maintained by third parties such as LinkedIn. The information we may receive varies by site and is controlled by the operator of the site and your privacy settings thereon. We are not responsible for the privacy practices of any non-Kroll operated websites, mobile apps or other digital services, including those that may be linked through the recruitment system, and we encourage you to review the privacy policies or notices published thereon.

Contact Us

Kroll Corporate Headquarters
55 E 52 Street
New York, NY 10055
[email protected] 

If you are in the EU: 
Kroll EU Data Protection Officer: Daniela Mosca

  • Email: [email protected]
  • Telephone +39.039.64.23.812
  • Post: Daniela Mosca at KROLL Advisory Holding SpA, Centro Direzionale Colleoni, Palazzo Cassiopea 3, 7th Floor, Via Paracelso 26, 20864 Agrate Brianza (MB) - Italy 

For data subjects located in the EU: if we are not able to satisfactorily resolve your questions, concerns, or complaints, or if you believe that the processing of your personal data infringes on your rights under applicable data protection laws, you have the right, without prejudice to any other administrative or judicial remedies, to lodge a complaint with a supervisory authority, in particular, in the Member State of your habitual residence, place of work or place of the alleged infringement. Contact information for the supervisory authorities may be found here: EU Data Protection Authorities

California Privacy Notice and Policy

This California Privacy Notice and Policy section, effective as of January 1, 2023, supplements the Kroll Talent Acquisition Privacy Notice and applies to the personal information of California residents who are Kroll job applicants.

Categories of Personal Information We Collect

In the past 12 months, we have collected, used, and disclosed for business purposes, the following categories of personal information relating to California residents covered by this policy:

Category

Examples May Include

Identifiers

Name, alias, postal address, unique personal identifier, online identifier, internet protocol address (IP Address), email address, account name, social security number, driver’s license number, passport number, or other similar identifiers

Personal Information categories described in California Customer Records statute (Cal. Civ. Code § 1798.80(e))

Name, signature, social security number, physical characteristics or description, address, telephone number, passport number, driver’s license or state identification card number, education, employment, employment history

Protected classification characteristics under California or federal law

Age, race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status

Commercial information

Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.

Internet/network activity

Browsing history, search history, and information regarding a consumer’s interaction with an internet website, application, or advertisement

Geolocation data

Physical location.

Professional or employment-related information

Current or past job history

Non-public education information (per the Family Educational Rights and Privacy Act

Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student financial information

Inferences drawn from other personal information.

Inferences drawn to create a profile about a consumer reflecting the consumer’s preferences, characteristics, psychological trends, preferences, predispositions, behavior, attitudes, intelligence, abilities and aptitudes.

Sources of Personal Information We Collect

  • directly from your application and resume or curriculum vitae submitted through our online recruiting system, or from third parties designated by you, such as recruiting agencies.
  • from interviews and phone-screenings you may have.
  • From certain third parties, to: (a) verify information about your credentials, such as education and prior employment, (b) follow-up on references that you may provide, and (c) conduct background investigations, where permitted or required by law. We will only collect such information from third parties if you have completed an employment application authorizing us to do so, or we have otherwise obtained your authorization to proceed.
  • Information we automatically collect when you interact with Kroll websites or applications, such as your IP address and the pages you visited or activities you performed.

Business Purposes

We collect personal information for our operational purposes in recruiting and hiring employees. We use personal information for the business purposes set out in the “Processing of Personal Data” section above.

Disclosure of Personal Information to Third Parties

We do not disclose personal information to Third Parties (not including service providers) unless you direct us to do so, or where required by law.

Selling/Sharing of Personal Data

We do not, and have not in the preceding 12 months, sold personal information or shared personal information with a third party for cross-context behavioral advertising.

Disclosure of Personal Data for our Business Purposes

Within the last 12 months, we have disclosed Personal Information identified in the “Categories of Personal Information We Collect” section above for business purposes to the following categories of parties:

  • Our affiliates, as needed to operate our business and provide services.
  • Service providers or contractors, such as vendors, consultants and other service providers who perform certain services on behalf of Kroll, in which case we enter a contract that describes the purpose of processing and requires the recipient to not use it for any purpose except performing the contract.
  • Third parties to whom you or your agents request or authorize us to disclose your personal information.

Data Retention

Kroll will retain personal information for a reasonable period, taking into account legitimate business needs to capture and retain such information. Information will also be retained for a period necessary to comply with state, local, and federal regulations, and in accordance with Kroll’s Document Retention Schedule.

Your Rights

Subject to the CCPA, CPRA, and other applicable laws, you have the following rights concerning your data processed by Kroll:

  • Deletion: You have the right to request that Kroll erase your personal information, and Kroll will erase such information unless it is reasonably necessary for Kroll to maintain your personal data in accordance with CCPA 1798.105 (d) or 1798.145.
  • Correction: You have the right to request that Kroll correct inaccurate personal information, taking into account the nature and purpose of processing the information.
  • Access: You have the right to request to access the personal information that Kroll has collected about you.
  • Non-discrimination: Kroll will not discriminate against an individual because the individual exercised any of the individual’s rights under the CCPA or CPRA.

Contact Us

Please contact us if you wish to exercise your rights under CCPA/CPRA:

Email: [email protected]
In Writing: Kroll Compliance and Privacy Office, 167 N. Green St., Floor 12, Chicago, IL 60607