Kroll LLC (and all affiliates and subsidiaries, collectively "Kroll"), is committed to complying with the applicable data privacy and security requirements in the countries in which it operates. Kroll complies with internationally recognized standards of privacy protection, and with various privacy laws globally including, but not limited to, the EU General Data Protection Regulation (GDPR). This Privacy Notice applies only to job applicant data.
- Who is Collecting Data
- Data We Collect
- Processing of Personal Data
- Processing of Sensitive Data
- How Data is Processed
- Storage of Personal Data
- Disclosure/Sharing of Personal Data
- Cross – Border Transfers of Personal Data
- Your Rights
- Automated Decision Making
- Providing Information to Kroll
- Third Party Websites or Services
- Contact Us
Data will be collected by Kroll LLC (and all affiliates and subsidiaries, collectively "Kroll"), the Data Controller.
Most of the personal data Kroll collects about you is directly from your application and resume or curriculum vitae submitted through our online recruiting system, or from third parties designated by you, such as recruiting agencies. We may also collect data from interviews and phone-screenings you may have.
We collect data contained in your social media profile, such as LinkedIn, when you choose to share this with us. We may collect information about you from certain third parties, to: (a) verify information about your credentials, such as education and prior employment, (b) follow-up on references that you may provide, and (c) conduct background investigations, where permitted or required by law. We will only collect such information from third parties if you have completed an employment application authorizing us to do so, or we have otherwise obtained your authorization to proceed.
Kroll collects and uses your data to take steps prior to entering into an employment contract. Kroll also collects and uses your data for the purposes of the legitimate interests of our company in human resources and business management. When we process your personal data for our legitimate interests, we make sure to consider and balance any potential impact on you and your rights under data protection laws. Our legitimate business interests do not automatically override your interests - we will not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law). Such legitimate interests may include:
- Managing your job applicant account, including password recovery
- Where you have applied for a position with Kroll:
- Assessing your skills and qualifications for employment and reaching a hiring decision
- Verifying your information and carrying out reference checks and/or conducting background checks, where permitted or required by law.
- Communicating with you about the recruitment process and/or your application(s).
- Analyzing the hiring process and outcomes
- Complying with applicable laws, regulations, corporate governance requirements, legal processes or enforceable governmental requests
Kroll also processes your data for other purposes if you have provided us consent for such specified purposes. Such other purposes will be clearly provided at the time you provide consent. For example, where you have consented, we will send you email notifications whenever a new position matching your profile is posted. You have the right to withdraw your consent at any time. You can unsubscribe from these communications at any time by sending a request via email to: [email protected]
Kroll may request certain sensitive personal data, such as race, ethnicity, marital status, religion, or disability during the recruitment process. Requests to applicants to provide sensitive data will be voluntary, except where required by law. Collection and processing of sensitive data is necessary for Kroll to carry out the obligations and exercise specific rights in the field of employment and social security. For example, we may need information to verify that you are permitted to work in a certain country, or to process immigration applications.
Your sensitive personal data will not be used for any other purpose other than for your recruitment and/or your future employment with us.
Kroll will retain personal data for a reasonable period, taking into account legitimate business needs to capture and retain such information. Information will also be retained for a period necessary to comply with state, local, federal regulations, or country specific regulations and requirements, and in accordance with Kroll’s Document Retention Schedule.
We only share your personal data with your consent or in accordance with this policy. We will not otherwise share, sell or distribute any of the information you provide to us except as described in this Privacy Notice.
- We share personal data among Kroll-controlled affiliates and subsidiaries who act for Kroll for the purposes set out in this notice.
- Kroll may share your information with external third parties, such as vendors, consultants and other service providers who are performing certain services on behalf of Kroll. Such third parties have access to Personal Data solely for the purposes of performing the services specified in the applicable service contract, and not for any other purpose. Kroll requires these third parties to undertake security measures consistent with the protections specified in this notice.
- Kroll may be required to disclose Personal Data in response to lawful requests by public authorities, including meeting national security or law enforcement requirements.
- If Kroll’s business enters into a joint venture with or is merged with another business entity, your information may be disclosed to our new business partners.
Kroll is a global firm with operations in over 25 countries. Personal data may be transferred, accessed and stored globally as necessary for the uses stated above in accordance with this notice, and in compliance with local regulations.
Personal Data may be transferred to or processed in locations outside of the European Economic Area (EEA), some of which have not been determined by the European Commission to have an adequate level of data protection. In that case, for personal data subject to European data protection laws, we take measures designed to provide the level of data protection required in the EU, including ensuring transfers are governed by the requirements of the Standard Contractual Clauses adopted by the European Commission, or another adequate transfer mechanism. Kroll entities have entered into intragroup transfer agreements based on the Standard Contractual Clauses which allows for the processing and transfer of personal data.
- Access: You have the right to request access to personal data that Kroll holds about you.
- Rectification: You have the right to ask us to rectify information Kroll holds about you if it is inaccurate or not complete.
- Erasure: You can request that Kroll erase your personal data. We will keep basic data to identify you and retain it solely for preventing further unwanted processing.
- Restrict Processing: You have the right to ask Kroll to restrict how we process your data. This means we are permitted to store the data but not further process it. We keep just enough data to make sure we respect your request in the future.
- Object to processing: Where processing is based on legitimate interests, you have the right to object to Kroll processing your data. Kroll will discontinue processing your data, unless we can demonstrate compelling legitimate grounds for the processing. We will keep basic data to identify you and retain it solely for preventing further unwanted processing.
- Portability: Where processing is based on consent or performance of a contract, you have the right to data portability. Kroll must allow you to obtain and reuse your personal data for your own purposes in a safe and secure way without this effecting the usability of your data. This right only applies to personal data that you have provided to Kroll as the Data Controller.
Please contact [email protected] to request access, rectification, or erasure, or to restrict processing, to object to processing, to request data portability.
Subject to legal considerations or certain exemptions, we may not always be able to address your request, for example if it would impact the duty of confidentiality we owe to others, or if we are legally entitled to deal with the request in a different way.
In some instances, processing of your personal data may result in automated decisions that may affect the outcome of your job application. For example, we use automated decisions to assess whether an applicant possesses the basic qualifications which are required for a position.
When we make an automated decision about you, you have the right to contest the decision, to express your point of view, and to request a human review of the decision. You can ask about decisions made about your application by speaking to your contact within our recruitment team or by emailing [email protected].
If you choose not to provide certain personal information, we may not be able to consider you for employment with Kroll.
You may choose to provide us with access to certain personal data maintained by third parties such as LinkedIn. The information we may receive varies by site and is controlled by the operator of the site and your privacy settings thereon. We are not responsible for the privacy practices of any non-Kroll operated websites, mobile apps or other digital services, including those that may be linked through the recruitment system, and we encourage you to review the privacy policies or notices published thereon.
Kroll Corporate Headquarters
55 E 52 Street
New York, NY 10055
If you are in the EU:
Kroll EU Data Protection Officer: Daniela Mosca
- Email: [email protected]
- Telephone +39.039.64.23.812
- Post: Daniela Mosca at KROLL Advisory Holding SpA, Centro Direzionale Colleoni, Palazzo Cassiopea 3, 7th Floor, Via Paracelso 26, 20864 Agrate Brianza (MB) - Italy
For data subjects located in the EU: if we are not able to satisfactorily resolve your questions, concerns, or complaints, or if you believe that the processing of your personal data infringes on your rights under applicable data protection laws, you have the right, without prejudice to any other administrative or judicial remedies, to lodge a complaint with a supervisory authority, in particular, in the Member State of your habitual residence, place of work or place of the alleged infringement. Contact information for the supervisory authorities may be found here: EU Data Protection Authorities