EMEA Candidate Privacy Notice

Introduction

This Candidate Privacy Notice (“Notice”) explains how Jefferies processes personal data during the recruitment process.  By “Jefferies” (including “we”, “our” or “us”), we mean: Jefferies International Limited, Jefferies GmbH and each branch, affiliate or subsidiary in the Jefferies Group operating in the UK, European Union, Switzerland, Israel, Dubai International Finance Centre (DIFC) or Abu Dhabi General Market (ADGM). The recruitment process commences from the point at which you apply to work at Jefferies and ends when you accept a position with us, or your application is otherwise closed.   

“Personal data” is information that can be used to identify an individual or relates to an identifiable individual and “processing” includes any collection, use, transfer and storage of that personal data. This Notice applies to candidates for all positions with Jefferies, including employees or interns to be engaged directly in Jefferies’ business and others providing services to Jefferies (including consultants, non-executive directors, senior advisors, temps and vendor staff) (collectively “Candidates”). We refer to Candidates as “you” and “your” in this Notice.

Jefferies respects your privacy, is committed to protecting your personal data and will handle your personal data in accordance with applicable data protection law. For the purpose of applicable data protection legislation, the entity responsible for your personal data is Jefferies International Limited if you are applying for roles in the UK, Switzerland, DIFC, ADGM and Israel and Jefferies GmbH if you are applying for roles in continental Europe (being the data controllers). Contact details for these entities are set out in Section 12 of this Notice.

Please note that this Notice is non-contractual and we may amend it from time to time. The most recent version of this Notice will be available on Jefferies’ recruitment portal (careers.jefferies.com) as well as in the email footers of the Jefferies recruiting team.

What types of personal data do we collect?

The table in this Section 2 sets out the different categories and types of your personal data that Jefferies may process during the recruitment process.

Jefferies may also process more sensitive types of your personal data which your local legislation may refer to as “special category” or “sensitive” personal data (“Sensitive Personal Data”). This processing occurs where required, necessary or permitted under applicable data protection law in your jurisdiction. We may also process such personal data where volunteered by you for “equality and inclusion” purposes, including meaningful equal opportunity monitoring and reporting in aggregate form. If you choose not to provide this information, it will not impact your application.

Sensitive Personal Data includes information relating to your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, genetic data, biometric data and criminal convictions data. Where you are based in the DIFC, Sensitive Personal Data also includes information revealing your communal origin and in the ADGM it includes information revealing any security measures related to your criminal record.

Categories of personal data that may include Sensitive Personal Data elements are marked with a “*” in the table below. Details regarding the specific purposes for which we process your personal data are set out in Section 4 below.

CategoriesTypes of Personal Data
Personal contact dataFirst name, last name, title, personal email address, personal mobile number, residential postal address, written signature
Identification dataDate of birth, age, copies of photo identification documents (such as a driving licence, passport, and/or identity card), national identification number, nationality, citizenship, place of birth, country of residence
CV and application dataCV information, including your job title, education, qualifications, employment history, languages spoken, professional memberships, online test results, hobbies and interests
Correspondence dataInformation contained in emails and messages that we exchange with you, attendance notes of meetings or calls
Careers portal login dataUsername, password
Remuneration dataSalary, bonus, benefits arrangements
Disciplinary dataDisciplinary and investigation details, litigation or claims in court, tribunal or similar forum (whether brought by you, against you or in which you are otherwise involved)
Visa and work permit data*Nationality, citizenship, current residential address (including country of residence), details of current work permits or visas, racial or ethnic origin
Referee dataFirst name, last name and contact information for individuals that you have named as your referees.  Please note you are responsible for ensuring that you obtain their agreement to your providing Jefferies with their information (any personal information that you send to us about your referees should be sent securely and will be held and processed in accordance with Jefferies’ Third Party Data Protection Notice, available on the Privacy & Cookies page of Jefferies.com.
Website and device dataIP address, device ID, browser type and version, length of visit, location, operating system and platform, cookie data
Marketing and communications dataFirst name, last name, corporate email address, personal email address, job title, employer
Health data*Details of any physical or mental health medical conditions, special educational needs or disabilities
Criminal record data*Information relating to current or spent criminal convictions, including offences, alleged offences, court sentences and unspent criminal convictions
Relationship data*Details of any relationships you have with staff members at Jefferies, with current or potential clients, vendors or companies covered by Jefferies Research and with employees or consultants of a government organisation, agency or instrumentality or public international organisation
Equality and inclusion data* (voluntary only)Sensitive Personal Data: Racial origin, ethnicity, sexual orientation, disability status Non-Sensitive Personal Data: Sex, gender identity, transgender status, veteran status, marital status Note: Racial origin and ethnicity information is not collected in France. For the DIFC and ADGM, no information pertaining to sexual orientation, gender identity, transgender status or marital status is collected.
Visitor data*Sensitive Personal Data:  Dietary requirements, mobility requirements Non-Sensitive Personal Data: First name, last name, CCTV images

Please note that if you fail to provide (when requested) information which is necessary for us to consider your application, we will not be able to take your application further. This may be because we need to collect certain personal data to comply with applicable law or to enter into a contractual relationship with you. If we decide to offer you a role, then we will carry out employment background checks, in which case we will manage your personal data in accordance with the EMEA Staff Privacy Notice which will be made available to you at the time of any offer being made.  

How do we collect your personal data?

We collect your personal data either from you directly or from other sources. Where we obtain it indirectly, we will always do so in accordance with applicable law and only to the extent it is necessary for your application with us.

We collect your personal data from you directly when:

  • You contact us directly in relation to your application, usually by corresponding with us by phone, providing CVs to us via email and filling in forms;
  • You attend an interview (whether in person or virtually) and we compile meeting notes or update our records for you based on the interview output;  
  • You visit our website and enter your information in relation to an application you are submitting; and / or
  • You visit our website and enter your information to subscribe for our newsletter or event notifications.

We collect your personal data indirectly when:

  • We use third party sources, such as LinkedIn and other recruitment and professional networking sites to search for potential Candidates;
  • We contact Jefferies staff that have an existing relationship with you or Jefferies staff that have had contact with you during the recruitment process;
  • We contact your current and / or former colleagues or contacts that you have named as your referees; and / or
  • We work with third parties providing recruitment services to Jefferies, such as employment agencies, headhunters or similar.

How and why do we use your personal data?

Depending on the nature of our relationship with you, we may process your personal data for a range of different purposes. Where we process your personal data, we must identify a lawful basis in order to do so under applicable data protection law.

Please refer to the table in Appendix 1 that sets out: (i) the purposes for which we may process your personal data; (ii) which personal data categories are in scope of each purpose; and (iii) the lawful basis/bases we rely upon to lawfully process personal data for each purpose. Where we are relying on an additional processing condition to process your Sensitive Personal Data, this is marked with a “*”.

We may process your personal data for these purposes for both mandatory and optional reasons. We will not process your personal data for any additional purposes that are incompatible with the original purpose for which it was collected unless permitted by applicable law.

All of the information obtained during the application process will only be accessed and used for the purpose of progressing your application, or to fulfil legal or regulatory requirements as necessary.

Voluntarily provided Equality and Inclusion Data

At Jefferies, we believe that an equitable and inclusive workplace fosters creativity, innovation and thought leadership through the infusion of new ideas and perspectives. We have made a commitment to building a culture that provides opportunities for all staff regardless of our differences and supporting a workforce that is reflective of the communities where we work and live. As part of our commitment to fostering an inclusive and equitable workplace, we invite candidates to voluntarily provide equality and inclusion data during the recruitment process.* This equality and inclusion data that you can opt to voluntarily provide includes both general personal data and Sensitive Personal Data, namely your race and ethnicity, sexual orientation, disability status, sex, gender identity, transgender status, veteran status and marital status (“E&I Data”).

Your E&I Data is confidential and will only be used where necessary by the recruitment team to assess representation and ensure fair treatment across candidates.

Please note that the provision of your E&I Data is entirely voluntary and you will not suffer any adverse consequences if you choose not to provide it. You can withdraw your consent to our processing of your E&I Data at any time by contacting your recruitment contact or the Data Privacy Team directly.

* Please Note: Racial origin and ethnicity information is not collected in France. For the DIFC and ADGM, no information pertaining to sexual orientation, gender identity, transgender status or marital status is collected.

Who do we share your personal data with?

We may share your personal data with third parties where it is appropriate and / or necessary to do so under applicable law and regulations. We may share your personal data with the following categories of recipients:

  • Affiliates within the Jefferies Group;
  • Colleagues within Jefferies, including those who may have interacted with you during the recruitment process or whose team you may have applied to join (where appropriate, this may include colleagues in overseas offices);
  • Individuals who you have listed as your referees, such as current and former colleagues or employers;
  • Third party Recruitment Process Outsource providers who assist us with our recruitment activities by, for example, sourcing candidates, reviewing CVs and conducting interviews, in addition to third party recruitment agencies and headhunters;
  • Third party online recruitment platforms and applicant tracking system providers that enable our ongoing management of the applications we receive for various positions across our business;
  • Third party outsourced IT and document storage providers;
  • Third parties that may hold information in relation to your educational and professional achievements, such as educators, examining bodies and professional bodies;
  • Individuals and organisations who hold information related to your reference or application to work with us, such as current, past or prospective employers, educators and regulatory bodies; and / or
  • Third party professional advisers such as immigration and employment lawyers and consultants.

Where third parties have access to your personal data, we will ensure that we always have a valid lawful basis to share your personal data, that appropriate measures have been put in place and, where necessary, contractual terms are entered into in order to ensure that your personal data receives an adequate level of protection. We only permit third parties to process your personal data for specified purposes and in accordance with our instructions.

How do we store and safeguard your personal data?

We are committed to protecting the security and confidentiality of all personal data that we process. This includes taking all reasonable steps to protect it from misuse, loss, alteration or unauthorised access. We do this by implementing a range of appropriate technical and organisational measures. These include the utilisation of industry standard encryption, robust access controls, network security controls, intrusion detection systems and training for staff on confidentiality and handling personal data.

Please note you are responsible for ensuring that any information that you send to us is sent securely (e.g. encrypting attachments) and that you do not share your login details with anyone.

How do we transfer your personal data internationally?

The different purposes for which we process your personal data, as set out in Section 4 above, may require us to transfer your personal data outside of the jurisdiction in which it was collected. This would include transferring your personal data to the third parties listed in Section 5 above and to our parent company based in the United States.

Where an international transfer occurs, we will take steps to ensure that your personal data is adequately protected, including by ensuring that appropriate safeguards are in place in accordance with applicable data protection laws, particularly where your personal data is transferred to countries that are not considered “adequate” by applicable data protection law or the relevant authorities in your jurisdiction. For example:

  • For international transfers within the Jefferies Group, we have an intra-group data transfer agreement in place that is signed by all relevant entities and includes EU Standard Contractual Clauses, the UK Addendum and other necessary provisions to ensure that transfers take place in accordance with the data protection laws in Europe, the UK, Switzerland, Israel, the DIFC and ADGM; and
  • For international transfers to third parties, including service providers and regulators, we will ensure that appropriate measures are in place to ensure an adequate level of protection for your personal data, usually by including EU Standard Contractual Clauses, the UK Addendum and other jurisdiction-specific transfer clauses and provisions in our agreements (alongside implementing other supplementary technical and/or contractual measures as necessary).

For your information, a copy of the EU Standard Contractual Clauses can be found here, the UK Addendum to those Clauses can be found here, guidance from Switzerland on amending the EU Standard Contractual Clauses to suit the purposes of Swiss data protection law requirements can be found here, the DIFC Standard Contractual Clauses can be found here and the ADGM Standard contractual Clauses can be found here.

How long do we keep your personal data for?

If your application is successful, the information you provide during the application process will be transferred to your employee file and retained in line with our EMEA Staff Privacy Notice which will be made available to you when you join us.

If your application is unsuccessful, we will retain your personal data for a period of 6 months (or for such other period as we may be required to by law) after we have communicated to you our decision about not to engage or employ you. We retain your personal information for that period in the event that (i) a further opportunity may arise in future and we may wish to consider you for that; and/or (ii) a legal claim is brought regarding our recruitment process or decision-making so that we can show that we have conducted the recruitment exercise in a fair and reasonable way and have not discriminated against Candidates on prohibited grounds. After this period, we will securely destroy your personal information in accordance with applicable laws and regulations.

What rights do you have in relation to your personal data?

Under applicable data protection law, you may have rights in relation to the personal data that we hold about you. These rights may include, where permitted under applicable law and subject to certain exceptions and restrictions:

  • Access: You may ask us to confirm, and provide copies of, your personal data that we hold;
  • Erasure: You have the right to request that we erase your personal data in certain circumstances;
  • Restrict processing: You have the right to request that we restrict our processing of your personal data in certain circumstances;
  • Rectification: You have the right to request that we rectify any personal data that you believe is inaccurate or incomplete, and we will aim to notify you, and any parties to whom the personal data was disclosed, promptly once this has been done;
  • Data portability: You have the right to ask us to transfer personal data that you have provided to us to yourself or to another data controller in certain circumstances;
  • Object to processing:  You have the right to object to us processing your personal data where we do so: (i) on the basis of our legitimate interests; or (ii) to send you and marketing communications, such as those relating to careers events, open opportunities or our services that we think you may be interested in. If you no longer wish to receive marketing communications from us, you can opt out by either liaising with your Jefferies contact or by electronically unsubscribing from emails we have sent you; and
  • Withdraw Consent: In the limited circumstances where you have provided, and Jefferies relies on, your consent to process your personal data for a specific purpose, you have the right to withdraw your consent for that specific processing at any time (which will not affect the lawfulness of any processing based on consent before its withdrawal). To withdraw your consent, please contact your Jefferies recruitment contact or HR representative in the first instance. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law.

If you would like to exercise any of these rights, details of how to contact us can be found in Section 12. Note that if your personal data is subject to applicable data protection laws in the DIFC, you will also be entitled to not be discriminated against or adversely treated when exercising your personal data rights.

In accordance with applicable data protection laws you also have the right to lodge a complaint with your local supervisory authority, details of which can be found in Section 12. 

Automated decision making and profiling

Jefferies does not use automated decision making or profiling in our recruitment processes. In the context of data protection legislation, ‘automated decision making’ is the process of making a decision using solely automated means without any human involvement. ‘Profiling’ is the automated processing of personal data to evaluate certain things about an individual.

We use electronic and manual tools to aid us during the recruitment process but do not use features nor software to make automated decisions about your application.

Cookies

Our recruiting database provider may collect personal data through the use of cookies. A cookie is a small file containing data that is created and stored on your device when you visit a website using a computer or mobile device. When you visit a website, a cookie may be used to track the activities of your browser and provide you with a more consistent and efficient online experience.

Cookies Policy on our website.

Although you can click the ‘decline’ button on our website to opt out of most cookies, please note that our ‘strictly necessary’ cookies are necessary for the website to function and cannot be turned off in our systems. You can set your browser to block these cookies, but some parts of the site may not work if you do. 

Contacting us in relation to your privacy and details of local supervisory authorities

If you would like further information about any of the matters in this Notice, have any questions about how we collect, store or use your personal data, or would like to exercise any of the rights set out above, please contact us by email at [email protected] or by post using the contact details set out below. 

  • For individuals in the UK, Switzerland, Israel, DIFC or ADGM, please contact Jefferies International Limited by post at 100 Bishopsgate, London, EC2N 4JL, United Kingdom.
  • For individuals in the EEA, please contact Jefferies GmbH by post at Bockenheimer Landstraße 24, 60323 Frankfurt am Main, Germany.

Details for the relevant supervisory authorities are set out in the table below:

JurisdictionSupervisory AuthorityAddress
UKInformation Commissioner’s OfficeWycliffe House, Water Lane Wilmslow, Cheshire, United Kingdom, SK9 5AF
Germany and rest of EEAHessischer Beauftragter für Datenschutz und InformationsfreiheitPostfach 3163, 65021 Wiesbaden
SwitzerlandFederal Data Protection and Information CommissionerFeldeggweg 1, CH – 3003 Bern
IsraelPrivacy Protection AuthorityTel Aviv Government Complex, P.O. BOX 33503, Tel-Aviv 6133401
DIFCCommissioner of Data ProtectionDubai International Financial Centre Authority, Level 14, The Gate Building, Dubai International Financial Centre (DIFC), Dubai, UAE
ADGMOffice of Data ProtectionADGM Building, ADGM Square, Al Maryah Island, PO Box 111999, Abu Dhabi, UAE

APPENDIX 1

PURPOSES OF PROCESSING AND APPLICABLE LAWFUL BASES

Purpose for processingCategories of personal dataLawful basis for processing
Collecting information that relates to your application, such as your CV and employment history, and any information you provide to us during interviewsAll data types listed above* (excluding voluntary equality and inclusion data)Legitimate interests: To establish whether your qualifications and experience are aligned with the position for which we are recruiting, ensure a thorough and fair recruitment process, confirm your references and educational background and consider your suitability for any current recruitment requirements.Employment legal obligation*: We must process certain types of personal data to comply with our regulatory and legal obligations including, without limitation, protecting against money laundering and terrorist financing and accommodating for reasonable adjustments.Consent and explicit consent*: Where you share information relating to your dietary, mobility or other requirements (from which we may infer Sensitive Personal Data) for the purposes of attending our offices or events we will rely on your explicit consent to process such data.   
Assessing your skills, qualifications and suitability for the role, including the results of any tests you complete for us, and determining whether you meet the basic requirements for the roleCV and application data, remuneration data, disciplinary data, criminal record data*, correspondence data, referee dataLegitimate interests: To establish whether your qualifications and experience are aligned with the position for which we are recruiting, ensure a thorough and fair recruitment process, confirm your references and educational background and consider your suitability for any current recruitment requirements.Legal obligation*: As an investment bank our regulators require us in certain circumstances to assess the criminal record history of applicants to determine if they are suitable to work within a regulated entity.  
Communicating with you in relation to the recruitment process, including inviting you to interviews and keeping you up-to-date with the processPersonal contact data, correspondence data, visitor data*Legitimate interests: To liaise with you in relation to your application and pursue our recruitment interests. Consent and explicit consent*: Where you share information relating to your dietary, mobility or other requirements (from which we may infer Sensitive Personal Data) for the purposes of attending our offices we will rely on your explicit consent to process such data.   
Considering and (where appropriate) making reasonable adjustments to our application and/or recruitment process to accommodate any health conditions or disabilities disclosed by youHealth data*, visitor data*  Legal obligation: To consider and implement reasonable adjustments to the recruitment process in accordance with legal requirements. Employment and legal obligation*: We must process information relating to your disability, dietary, mobility or other requirements (from which we may infer Sensitive Personal Data) to comply our with legal requirements relating to reasonable adjustments.   
If you are successful, conducting referral checks and determining the terms of your employment offerPersonal contact data, identification data, CV and application data, correspondence data, remuneration data, visa and work permit dataContract: To construct a job offer and employment contract that is appropriate to your experience and our requirements for the role and to verify the experience you have gained with your referees.     
Conducting checks regarding your right to work in the relevant jurisdiction and global mobility requirementsPersonal contact data, identification data, visa and work permit data*Legitimate interest and legal obligation: To verify you have the right to work in the jurisdiction where you have applied for a role and to assess any additional requirements.Employment legal obligation*: To conduct checks to verify you have the right to work in the jurisdiction where you have applied for a role which may involve the processing of your Sensitive Personal Data.
Reviewing your criminal record and associated information, such as that relating to disciplinary action taken against youCriminal record data*, disciplinary dataLegitimate interests: To identify any issues that could pose a risk to our business, such as those relating to honesty and integrity. Employment legal obligation*: As an investment bank our regulators require us in certain circumstances to assess the disciplinary and criminal record history of applicants to determine if they are suitable to work within a regulated entity.  
Identifying and reviewing any relationships you have with Jefferies staff, clients, vendors or international organisationsPersonal contact data, relationship data*Legal obligation: To identify and respond to any potential conflicts of interest in accordance with our legal and regulatory obligations.  Employment legal obligation*: Where you disclose relationship information that reveals Sensitive Personal Data we process that information to manage any potential conflicts of interest, ensure fairness in the recruitment process and ensure confidentiality within our business.   
Equality and inclusion monitoring    Equality and inclusion data*Consent and Explicit consent*: Where appropriate and in accordance with any local laws and requirements, we may rely on your explicit consent to process certain equality and inclusion information (detailed above) that is volunteered by you. Processing this data helps us to monitor and improve our equality and inclusion strategy, assess representation and ensure fair treatment across the recruitment process. The provision of this information is entirely voluntary and you will not suffer any adverse consequences if you choose not to provide it.
Contacting you to keep you up to date with careers events and opportunities that may be of interestPersonal contact data, marketing and communications data, website and device data, CV and application dataConsent: To send you selected communications about opportunities, roles, services and events we think may be relevant to you. You can opt out at any time.
Preparing for you to visit our offices, for instance where you have an interview or attend a careers eventPersonal contact data, visitor data*Legitimate interests: To invite you to online events that we are hosting in connection with our services and accommodate you at our offices for in-person meetings. Consent and explicit consent*: Information relating to your dietary and mobility requirements may be considered Sensitive Personal Data. On that basis, we will only process such information with your explicit consent, which you can withdraw at any time.
Establishing, exercising and/or defending legal claimsAll data types listed aboveLegitimate interests: To establish, exercise or defend legal claims concerning our business and our recruitment process.  Legal claims*: To establish, exercise or defend legal claims concerning our business and our recruitment process.