Last updated: May 20, 2019
CarterBaldwin (“we,” “us” or “our”) is a global executive search firm headquartered in Roswell, Georgia, United States with an office in Washington, DC.
Our corporate office is located at 200 Mansell Court East, Suite 450, Roswell, GA, 30076.
We collect, use and are responsible for certain personal information about you. When we do so, we may be regulated by certain data protection laws and regulations, including the European Union’s General Data Protection Regulation (“GDPR”).
As a business or controller, we determine the purposes and means for processing your personal information. In this capacity, we may rely on processors or service providers, which may collect, store, use, disclose, transmit and share your personal information on our behalf for the purposes we outline below.
Our contact information
If you wish to contact us, please use the details below and mark your correspondence “Data Protection.”
200 Mansell Court East, Suite 450
Roswell, GA 30076
Information We Collect and the Lawful Basis for Processing Personal Information about You
How We Use Personal Data
How We Share Information about You
How to Complain
“You” are an existing candidate, potential candidate, client contact, consultant/contractor, referee, source or vendor involved in the introduction and/or supply of our executive search.
“Candidate” means an individual (applicant, prospect, existing) who is considered, evaluated or assessed by CarterBaldwin to fill a temporary or permanent role with a client.
“Client” means a hiring organization looking to recruit temporary or permanent executives to whom we provide our executive search service to.
“Client Contact” means an individual who is an employee and responsible owner of the client.
“Employee” means an individual who holds a position (whether paid or unpaid) of employment at CarterBaldwin.
“Referee” means an individual who provides employment or personal reference for a candidate.
“Source” means an individual who helps us identify and provide market intelligence about a potential candidate.
“Vendor” means any entity other than CarterBaldwin that provides products or executive search to CarterBaldwin to a contract with CarterBaldwin.
“Personal Data” and “Personal Information” have the meanings set forth in the GDPR and CCPA.
Information We Collect and the Lawful Basis for Processing Information about You
Our main purpose for collecting personal data from you, the Candidate, is to provide you with executive search services to recruit you into an executive position specified by a client. Thus, our primary lawful basis for processing your personal data is that it is in our legitimate interests to do so.
Where this is the case, we have carried out a Data Protection Impact Assessment (“DPIA”) to ensure that we have weighed your interests and any risk posed to you against our own interests, ensuring that they are proportionate and appropriate.
For example, when a candidate has made his or her CV available to us for the express reason of potential employers being able to access this data, we consider our legitimate interests as an executive search agency and those of our clients are likely to align with the interests of that candidate. Clearly, it is in the interests of all parties to match the right candidate to the right position, and as such, these interests do not outweigh the candidate’s privacy rights.
We also collect professional profile information about you that you have made publicly available through online services, such as LinkedIn. We do so to try to identify good candidates for job positions we are trying to fill. Where we do so, we will reach out to you to let you know we have obtained your information and from whom, inform you of our purposes for processing your information, and may also ask you for additional information. If you inform us that you do not want us to continue processing your data for those purposes, we will honor that request and will stop processing your information.
Another lawful basis for processing personal data as a Candidate is through your valid and informed consent. By giving us your consent, you authorize us to collect, store, disclose and transmit the personal data you provide to us to conduct our executive search services in order to potentially recruit you into an executive position with a Client. The information we collect for these purposes comes from you (such as your name, CV information and financial information) and from third parties.
Whenever we rely on consent as our lawful basis, we obtain your valid and informed consent prior to processing personal data about you. You may withdraw your consent or exercise any of the other rights available to you under applicable data protection laws by contacting us through the means listed below.
In the tables below, we describe in more detail the personal data we process, the basis of processing and the purpose for which that information is being processed.
Information Candidates provide to us: You provide information to us when you speak with a CarterBaldwin employee, provide us with your CV, apply for an advertised role on LinkedIn or via a print or digital posting, or communicate with us in any way relating to the executive search function we provide.
You are not obligated to provide CarterBaldwin with any personal information or participate in our executive search. Therefore, when we collect personal information directly from you, we consider this to be voluntary. If you are unwilling to provide us with certain requested information, please be aware this may limit our ability to consider you regarding the executive search service we provide.
|Personal data we process||Basis of processing||Purpose of processing|
|If you are interested in becoming an applicant, we will collect from you your name, postal address, email address, telephone number or other identifiers by which we may contact you online or offline.||Legitimate Interest and consent||It is necessary for us to contact you as part of the executive search.|
|If you become an applicant, we will collect your CV, which may include your name, address, telephone number, email, work and salary history as well as other information like your educational history and any special skills, interests or hobbies.||Legitimate interest and consent||This is required for us to determine whether you might be a suitable match for the position we have been retained to fill to potentially pass to clients for their executive search purposes.|
|If you need to travel for an interview, we may collect your name, date of birth, gender, passport number, known traveler or redress number and credit card information.||Legitimate interest and consent||This is required to book and arrange for your travel to interview for a position, as well as to reimburse any appropriate expenses incurred.|
|If you correspond with us, we will collect your name, contact details, and the details of your correspondence. Verbal communications may be recorded in accordance with local law.||We retain this information to keep track of our communications with you, and to respond to your requests and inquiries.|
|If necessary, we will collect your employment eligibility information (e.g. citizenship or other right-to-work status).||We collect this information to ensure you are legally eligible to work in the position.|
|If you access our website, we will collect non-persistent information about your computer equipment, device IP address, operating system, browser type, language preferences, location information, and browsing behavior including the details of your visits to our website, such as which pages you visit.||We process this information to enable and monitor your use of our website and services, and to improve those services.
We also use this information to track the number of candidates that are interested in specific positions for jobs we are filling.
|We may collect your contact information, including your name, e-mail address, telephone number and postal address, for marketing purposes.||We collect and share this information based on your consent in order to send you specific position descriptions, as well as send you a general quarterly update email.|
|As applicable, we may collect information about your health, including any disability status, as well as any religious or political affiliations.||We collect this information to ensure that appropriate accommodations are met.|
Information we collect from third party sources about Candidates: We may collect personal information about you from publicly available sources, and non-public third party sources, such as previous employers, your school, university or college, professional regulators or government bodies based on information that has been provided by the candidates themselves. When we obtain information about you, from vendors or third-party providers, we ensure they are legally permitted or required to disclose such information to us.
|Source of information||Personal data we process||Basis of processing||Purpose of processing|
|Publicly available third party sources (such as from your LinkedIn and government bodies)||Through these sources, we may collect your contact information (name, email address, telephone number) and professional details (job title, occupation, academic and professional qualifications and employment history).||Legitimate Interest and Consent||This is required for us to determine whether you might be a suitable match for potential clients.|
|Non-publicly available third party sources (such as your employers, your educational institutions and third-party data providers (like ZoomInfo and InsideView))||Through these sources, we may collect your contact information, professional details, and academic history (such as verification of your educational background)||Legitimate Interest and Consent||This is required for us to determine whether you might be a suitable match for potential clients and to verify the information you provide to us.|
|Where permissible under local law, and as appropriate, we may collect your consumer report through a consumer reporting agency, which may contain information about your driving record, civil and criminal court records, credit, drug screening results, workers’ compensation record, education, credentials, identity, past addresses, social security number, previous employment and personal references.||We collect this information in order to conduct a credit and background check for our clients.||Consent||This is required for us to determine whether you might be a suitable match for potential clients and to verify certain information you provide to us.|
|Referees||We may collect and process information that your references provide about you. This information includes your contact information, employment history, assessments about your character, and other behavioral information.||Legitimate Interest and Consent||This is required for us to determine whether you might be a suitable match for potential clients and to verify the information you provide to us.|
Clients and Client Contacts
Our main purpose for collecting personal data from you, the Client, is either to enter into a contract with you or to fulfill our contractual obligation to you while we support you in recruiting executives via a retained search.
The tables set out below explain the information we collect from you and from third parties, our lawful basis and our purpose in processing the information.
Information Clients provide to us: We require your contact details (such as name, telephone number, email address and job title) to ensure our relationship is efficiently managed. Collecting information about you is essential to our service and we may collect information when you contact us with a view to providing a service, email us with an interest to work with us, provide us with your business card or other information given to our employees at sales and marketing events, post information on websites or social media websites and sign a contractual agreement with us. We also collect any feedback or opinion you share with us regarding a candidate, queries you raise regarding our service and details of resourcing and recruitment requirements you share with us.
|Personal data we process||Basis of processing||Purpose of processing|
|If you sign on as a client with us, we will collect contact information (such as name, telephone number, email address, job title, and job description).||Necessity of fulfilling a contract or entering into a contract||It is necessary for us to contact you as part of the executive search and for us to fulfill our obligations to you under our contract.|
|If you contact us, we will collect your contact details, as well as information related to any queries you have pertaining to the services we provide (such as social media information, employment information, and recruitment requirements).||Necessity of fulfilling a contract or entering into a contract||This information is necessary for us to conduct our executive search function, as well as for us to meet our contractual obligations to you.|
|If you correspond with us, we will collect your name, contact details, and the details of your correspondence.||We retain this information to keep track of our communications with you, and to respond to your requests and inquiries.|
Information we collect from third party sources about Clients: We may seek more information about you or your colleagues by way of due diligence or other market intelligence including: (i) from third-party market research and by analyzing online and offline media; (ii) from attendee lists at relevant events, networking and conferences; and (iii) from other limited sources and third parties. This information may not constitute personal data.
Information Referees provide to us: If you choose to provide a reference, the personal information that we collect and use from you is your contact information (name, email address, telephone number), which we need to secure a reference for our candidate. We may also collect certain professional details (job title, occupation, etc.) and your connection to the candidate (such as your relationships to, experience with, and opinions about the relevant candidate). Candidates tend to provide us with contact and employment information about you, but we may supplement it with information we collect about you from publicly available sources (such as LinkedIn) or by asking you directly.
Our lawful basis for processing this personal information collected from referees is consent and that it is in our legitimate interests to do as an executive search company.
Information Sources provide to us: If you choose to be a source, the personal information we collect from you is your contact information (name, email address, telephone number), professional details (job title, occupation, academic and professional qualifications, and employment history) and information about your connection to the candidate (such as your relationships to, experience with, and opinions about the relevant candidate). This information may be collected directly from you and/or publicly available sources (such as LinkedIn).
Our lawful basis for processing this information collected from sources is consent and that it is in our legitimate interests to do as an executive search company.
Information Vendors provide to us: The personal information we collect and use from you is your contact information (name, email address, telephone number) to ensure our working relationship is efficiently managed. The contact details we collect of individuals in your organization is to enable communication, and any financial information we collect is for the purpose of obtaining payment for the executive search functions we provide (if this is part of the contractual agreement between us).
Thus, our primary lawful bases for processing this information collected from vendors is the necessity of entering into or performing on a contract.
How We Use Your Personal Data
Executive Search: We use the personal data about you to provide our executive search service to our clients. This includes conducting research projects to assess the market for suitable candidates, engaging with candidates to complete our manual screening process, interviewing over the phone or in person as part of our initial assessment against the client brief, shortlisting candidates as specified by our client, supporting clients with the final appointment process and maintaining contact with appointed candidates.
Marketing Activities: We may use this data to send you direct marketing information which we have identified as beneficial to you based on your consent. If you no longer wish to receive our marketing information, you can contact us at the information provided above. In all cases, we ensure any marketing activities comply with the GDPR and other legal requirements (such as the Privacy and Electronic Communications Regulations 2003, also known as “PECR“) which govern how we can contact you by electronic means or by using new technologies.
Clients and Client Contacts
Executive Search: We use your data to provide our executive search service to you. This includes engaging with you to confirm our contractual obligation as identified in the retained executive search terms and conditions, contacting you to feedback on research projects via candidate reports, telephone calls and face-to-face meetings, shortlisting candidates with you as specified in the brief you provide and supporting you with the final appointment process.
Business Development and other Marketing Activities: We may use your data to send you direct marketing information for business development and with the view to perform a contract with you. If you no longer wish to receive our marketing information, you can contact us at the information provided above.
Executive Search: We use personal data about you to complete reference checks for client candidates. This includes contacting you to identify your working relationship with the candidate and getting your written feedback about the candidate.
We use personal data about you to contact you about potential candidates, clients and client contacts that you may identify to us based on your current or past working relationship with the candidate, client or client contact.
We use personal data about you to contact you about services you provide to us as per the contractual agreement we have in place with you.
Automated Decision-Making (Profiling)
We do not carry out automated decision making or profiling activities with respect to our candidates, sources, referees, vendors or clients.
How We Share Your Information
We share your personal information solely for conducting our executive search. We do not sell your personal information to third parties. How we share your information is dependent on the processing activity involved and may entail any of the following:
Candidates, Clients, Referees, Sources and Vendors
- Your information may be shared with our Employees based in the USA. Your information is kept on our secure network and CRM database and accessible only to our employees worldwide.
- Your information may be shared with any competent law enforcement body, regulatory or government agency, court or other third party where we believe disclosure is necessary as a matter of applicable law or regulation to exercise, establish or defend our legal rights.
- Your information may be shared with third party service providers (our vendors) who perform functions on our behalf (including external consultants, business associates and professional advisers, such as lawyers, auditors, accountants, technical support providers, third-party travel agencies, outsourced IT and document storage providers).
- Your information may be shared with candidates during our executive search activities.
Sources and Referees
- We keep your information confidential from candidates but under limited circumstances, your information may be disclosed to them.
Cookies are widely used to make websites work, or to work more efficiently, and our site relies on cookies to optimize user experience and for features and services to function properly. Most web browsers allow some control to restrict or block cookies through the browser settings, however if you disable cookies you may find this affects your ability to use certain parts of our website or services.
We use Google Analytics, a web analytics service provided by Google Inc. Google Analytics sets cookies in order to evaluate your use of our website and compile reports for us on activity on it.
Google stores the information collected by the cookies on servers in the United States. Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google’s behalf. Google will not associate your IP address with any other data held by Google. By using our website and accepting cookies from it, you acknowledge the processing of data about you by Google in the manner and for the purposes set out above.
We do not support the “Do Not Track” browser option.
As part of the executive search process we may need to send your personal information to a prospective employer in a country outside of the United States, including prospective employers in countries which the European Commission has not recognized as having an adequate level of data protection. We will ask for your consent before making such transfers.
We take appropriate technical and organizational measures to safeguard personal data about you. We work hard to protect you and your information from unauthorized access, alteration, disclosure or destruction and have several layers of security measures in place. We have implemented reasonable security, technical, physical and legal policies and procedures to protect confidentiality of the personal data collected and to prevent accidental loss. We regularly review and assess these security measures to best ensure they are up to date with technological and legal developments. We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach as appropriate or required.
We retain personal information for as long as it is necessary for the purposes for which we collected it, and we have strict review and retention policies in place to meet these obligations. We collect and retain your personal data during our active relationship with you (for the duration of the executive search, or pursuant to the intended conclusion of a contract, during the performance of any contract with you). When this relationship ends or when any contract with you is terminated, we delete the information, except as necessary to:
- Meet our legal obligations, including those related to taxation and audit.
- Meet our internal legitimate operations (including in the pursuit or defense of a legal claim): We will retain your personal data securely for six years for this purpose.
- If you so request to remain in our database.
Specifically, with respect to candidates, how long we keep your information will depend on whether your application is successful and whether you become employed by one of our clients, the nature of the information concerned and the purposes for which it is processed. Generally, we will keep recruitment information about you (including interview notes) for 3 years after notice of an unsuccessful recruitment so that we are able to respect our equal opportunities obligations. Before we delete personal data about you, we will check with you to see whether you still want us to keep your details on file should you wish to use our services for your future job hunt, unless you expressly tell us otherwise.
Where you have consented to us using your details for direct marketing, we will keep such data until you notify us otherwise and/or withdraw your consent. In this case, we always respect the rules surrounding electronic communications and the use of new technologies (such as information gathered by cookies) and security breaches pursuant to PECR. In this case, we will always ask you at the outset and will always provide you with the possibility to opt-in and opt-out.
Depending on your jurisdiction and residency, you may have various rights under data protection legislation.
To the extent permitted by applicable law and subject to certain conditions, you may: (1) seek confirmation regarding whether CarterBaldwin is processing personal data about you; (2) request access to the personal data that we maintain about you; (3) request that we update, correct, amend or erase or restrict information about you; or (4) exercise your right to data portability, by contacting us directly at firstname.lastname@example.org. In addition, you may object to CarterBaldwin’s processing of your personal data at any time; however, doing so may impact your use of the services that we provide. To protect your privacy, we will take commercially reasonable steps to verify your identity before granting access to or making any changes to your personal data.
The following chart summarizes the rights you may have available under the GDPR or other applicable data privacy laws:
|Your right||What does it mean?||How do I execute this right?||Conditions to exercise?|
|Right of access||Subject to certain conditions, you have a right to access personal data about you which we hold||You may make a request for access to personal data in writing to email@example.com. Please specify the type of personal data you would like to access. You may also submit a request by calling us at +1 678-448-0000.||We must be able to verify your identity.
Your request may not affect the rights and freedoms of others.
We generally do not provide access to data we keep solely for data backup purposes.
|Right of data portability||Subject to certain conditions and limitations, you have the right to receive from us personal data which you have provided to us.||You may make a request in writing to firstname.lastname@example.org. Please specify the type of information you would like to receive. You may also submit a request by calling us at +1 678-448-0000.||While in some jurisdictions the right is more generally available, under the GDPR, your right to data portability may apply when:
1. Our processing is based on your consent or on our contract with you; and
2. When our processing is done through automated means (e.g. not paper records); and
3. You provided us with the personal data at issue.
|Rights in relation to inaccurate personal or incomplete data||You may challenge the accuracy or completeness of personal data about you. If the personal data is inaccurate, you are entitled to have the inaccurate data removed, corrected or completed, as appropriate.||Please notify us of any changes regarding personal data about you as soon as they occur.
You may make a request in writing to email@example.com. You may also submit a request by calling us at +1 678-448-0000.
|This right only applies to personal data about you. When exercising this right, please be as specific as possible.|
|Right to object to or restrict our data processing||Subject to certain conditions, you have the right to object to or ask us to restrict the processing of personal data about you.||You may make a request in writing to firstname.lastname@example.org. You may also submit a request by calling us at +1 678-448-0000.
|This right applies only if our processing of personal data about you is based on our legitimate interests. Any objections must be based on your particular situation and must contain specific reasons.|
|Right to have personal data erased||Subject to certain conditions, you have a right to have your personal data erased (such as where you think that the information we are processing is inaccurate, or the processing is unlawful).||You may make a request in writing to email@example.com. You may also submit a request by calling us at +1 678-448-0000.||We may not be in a position to erase personal data about you, for example when:
1. Where we have to comply with a legal or contractual obligation;
2. In case of exercising or defending legal claims; or
3. Where retention periods apply by law or regulations.
|Right to withdrawal||You have the right to withdraw your consent to any processing for which you have previously given that consent.||You may make a request in writing to firstname.lastname@example.org. You may also submit a request by calling us at +1 678-448-0000.||If you withdraw your consent, this will only take effect for the future.|
Children’s personal data:
The services we offer are designed for a general audience and are not intended for children under the age of 18. We do not knowingly collect personal data from children under 18. If we learn we have collected or received personal data form a child under the age of 18, we will promptly delete the information.
How to Complain
We hope that we can resolve any query or concern you raise about our use of your information.
The GDPR also gives you right to lodge a complaint with a supervisory authority, in particular in the European Union (or European Economic Area) state where you work, normally live or where any alleged infringement of data protection laws occurred. The supervisory authority in the UK is the Information Commissioner who may be contacted at https://ico.org.uk/concerns/ or by telephone at +44 (0) 303-123-1113.