Sapphire is an executive search firm, based in London that works with private, public and not for profit organisations on executive and non‐executive searches. Sapphire’s registered address is 23 Golden Square, London, W1F 9JP and its company registration number is 5336509.
Sapphire is registered as a data controller with the Information Commissioner’s Office (ICO) and its registration number is Z1674577.
In this Policy, the following terms have the meanings as below:
“Client” means any of our clients and their employees who are looking to recruit or assess executives and to whom we provide the Services.
“Candidate” means any candidate, applicant, prospect, or Client employee who is considered, evaluated, or assessed by Sapphire in connection with the Services.
“Referee” means any individual who provides employment or personal references for a particular Candidate.
“Source” means any individual who helps to identify and provide market intelligence about potential Candidates.
“Vendor” means any entity other than Sapphire that provides products or services to Sapphire pursuant to a contract with Sapphire.
This applies to information we collect and process on Candidates, Clients, Referees, Sources, and Vendors.
What Personal Information Do We Collect?
We collect the information Candidates provide to us: Candidates, may provide personal information to us, e.g. emailing their CV to a Sapphire employee, speaking with a Sapphire employee or communicating with Sapphire in any way. Additionally, we may obtain information about candidates from other sources.
You are not obliged to provide Sapphire with any information or engage with Sapphire. As such, we will consider any information we collect directly from you as having been provided voluntarily. If, however, you are unwilling to provide certain requested information, it may limit Sapphire’s ability to consider you in connection with its search work.
The information we may collect for all Candidates typically includes:
Contact details: such as name, e‐mail address, postal address, and telephone number.
CV information: such as your contact details, employment history, job titles, educational history, professional qualifications, demographic information, as well as languages and other skills and
The information we collect for all Candidates may include:Identification data:
such as your civil/marital status, photograph, date of birth, gender, national origin e.g. national insurance number or equivalent in your country, driver’s license, or national ID/passport number.
Lifestyle preferences and personality profile: such as community involvement and memberships, hobbies, social activities, and/or individual preferences, intellectual capacity, personality, behaviour, executive competencies, and/or character traits. Diversity, health and criminal conviction information: where appropriate, and in accordance with local law, we may also collect information related to your health, diversity information (including racial or ethnic origin, religious or other similar beliefs, and physical and/or mental health, including disability‐related information), and/or details of any criminal convictions.
Financial information: to reimburse expenses incurred in connection with the Services e.g. travel, lodging and/or meal costs when attending an interview with a Client, we may collect certain financial information needed to document the expense and to reimburse you e.g. bank account number and/or credit card number.
Further details: such as your prior military service, compensation and benefit details (where permitted by local law), performance history, details of any dependents, immigration status, and, any other relevant information you may choose to share with us. We also keep a record of our contact history with you.
The information Sapphire collects from third party sources about Candidates: Sapphire may collect any of the above personal information about a Candidate from publicly available sources, and third parties, including, under the following circumstances: (i) Sources and Referees may disclose personal information about Candidates; (ii) Sapphire’s Clients may share personal information about Candidates; (iii) we may obtain information about Candidates from publicly available, third party sources (e.g. LinkedIn, newspapers, press releases); and (iv) Sapphire may source personal information about Candidates from third party data providers (e.g. BoardEx, Bloomberg). When we obtain information about you from third party providers or vendors, we take appropriate steps to ensure that such third parties are legally permitted or required to disclose such information to us.
Information Clients provide to Sapphire: Sapphire’s Clients may provide personal information about certain Candidates in connection with its Services (for example, they may provide a list of Candidates they would like Sapphire to assess). Sapphire typically processes this personal information as a processor on its Client’s behalf. We use that information to provide the Services to our Client and as instructed by our Client. Under these circumstances, it is our Client, as the controller, that controls what personal information about you we collect and how we use it. If you have privacy‐related questions or concerns about a Client's privacy practices or the choices a Client has made to share your information with us or any other third party, you should reach out to the Client or review their privacy policies. We are not responsible for the privacy or security practices of our Clients, which may differ from those set forth in this Policy.
Information Clients provide to Sapphire: Sapphire may need to collect and use information about Clients or individuals at Client organisations in the course of providing its Services to Clients. Sapphire typically only has contact details or the details of individual contact(s) at the organisation (such as name, telephone number, email address, and job title). Sapphire also holds information relating to a Client’s engagement with Candidates and will keep a record of its contact with Clients. Sapphire may also hold extra information about Clients that someone in the Client organisation has chosen to tell us.
Information we collect from third party sources about Clients: Where appropriate and in accordance with local laws and requirements, we may seek more information from other sources generally by way of due diligence or other market intelligence including: (i) from third party market research and by analysing online and offline media (which we may do ourselves or employ other organisations to do for us); (ii) from attendee lists at relevant events; and/or (iii) from other limited sources and third parties.
Sapphire may process a Source’s contact details (such as name, email address, and telephone number), professional details (such as job title, occupation, academic and professional qualifications, and employment history) and information about the Source’s connection to a Candidate (such as the Source’s relationship to, experience with, and opinions about the relevant Candidate). Sapphire may collect this information directly from the Source and/or from publicly available sources (such as LinkedIn). In some cases, Sapphire may collect the information from its Candidates.
Sapphire may need a small amount of information from its Vendors. Sapphire may need contact details of relevant individuals at the organisation so it can communicate with the Vendor. It may also need other information such as a Vendor’s bank details so that it can pay for the services provided if necessary.
Sapphire may use the personal information it collects through its Services in a number of ways. Candidate data:
Sapphire typically uses Candidate data for the following purposes:
Search: to provide its Clients with the Services, including assessing a Candidate’s suitability for executive roles with a Client; contacting a Candidate about board and executive search or assessment assignments conducted for Clients; sending Candidate information to its Clients; and/or verifying the details a Candidate has provided (such as through psychometric evaluations or by requesting information from third parties e.g., Referees). Sapphire may also use a Candidate’s personal information for other business purposes such as data analysis, identifying usage trends, creating anonymised data sets for research, statistics and analytics purposes, creating knowledge pieces (such as white papers), determining the effectiveness of our Services, and/or to enhance, customise, and improve Sapphire’s features, products and services.
Marketing Activities: to send Candidates information (such as reports, promotions, research, white papers, events and general information about, for example, relevant industry sectors) that we think you may find interesting.
Equal Opportunity Monitoring: ensures that our recruitment processes are aligned with our commitment to ensuring equal opportunities. Some of the data Sapphire may collect about Candidates (in appropriate circumstances and in accordance with applicable local law) falls under the umbrella of “diversity information”. This could be information about a Candidate’s ethnic background, gender, disability, age, sexual orientation, religion or other similar beliefs, and/or social‐ economic background.
Where appropriate and in accordance with local laws and requirements, Sapphire will use this information to provide Clients with diverse pools of qualified Candidates. It may also disclose this data (suitably anonymised where appropriate) to Clients where this is contractually required or if the Client specifically requests such information to enable them to comply with their own employment processes or legal requirements.
Sapphire may also collect other sensitive personal information about Candidates including health‐ related information, religious affiliation, or details of any criminal convictions if this is appropriate in accordance with local law and is required for a role for which we are recruiting. We will never do this without a Candidate’s explicit consent.
Sapphire typically uses Client data for the following purposes:
Search: to provide the Services to a Client organisation; to manage its relationship and account with a Client and a Client’s organisation; and/or for our other business purposes such as data analysis, identifying usage trends, creating anonymised data sets for research, statistics and analytics purposes, creating knowledge pieces (like white papers), determining the effectiveness of its Services, and/or to enhance, customise, and improve its features, products, and services.
Marketing: to send information (such as reports, promotions, research, white papers, and event invitations) that Sapphire thinks Clients may find interesting.
Referee data: Sapphire uses Referee Data to obtain opinions regarding Candidates in the course of providing the Services to its Clients. In addition, Sapphire may use a Referee’s details to contact a Referee in relation to any of its Services that it thinks may be of interest to a potential Client or Candidate.
Source data: Sapphire uses Source Data to identify and gather information on potential Candidates in the course of providing the Services to its Clients. In addition, Sapphire may use a Source’s details to contact a Source in relation to any of its Services that Sapphire thinks may be of interest to a Source as a potential Client or Candidate.
Vendor data: Sapphire typically uses Vendor Data: to store (and update when necessary) a Vendor’s details in its database, so that Sapphire can contact the Vendor in relation to its agreements; to obtain support and services from the Vendor; to perform certain legal obligations; to help Sapphire target appropriate marketing campaigns; and to help Sapphire establish, exercise, or defend legal claims.
This Section applies to personal information that Sapphire collects and processes through its Website in the usual course of its business, such as in connection with its events and marketing activities.
What Personal Information Does Sapphire Collect?
Sapphire may ask for personal information voluntarily, for example, it may ask for contact details (i.e. name, email address, and phone number) to complete surveys, subscribe to marketing communications (like newsletters), submit inquiries, and/or otherwise communicate or interact with Sapphire.Sapphire may also collect personal information offline, such as when someone attends an event. There is no obligation to provide Sapphire with any information or participate in any of the Services it offers. As such, Sapphire will consider any information it collects directly as having been provided voluntarily. If, however, anyone is unwilling to provide certain requested information, it may limit the ability to participate in its Services.
Links to Other Websites
Sapphire’s website may certain links to other websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over that website. Therefore, we cannot be responsible for the protection and privacy of information which you provide whilst visiting such sites and such sites are not governed by this Policy. You should exercise caution and look at the privacy statement applicable to the website in question.
Sapphire may share personal information with the following types of third parties for the purposes described in this Policy:
Sapphire freely shares information with its employees. The information is maintained on Sapphire’s database, which is secure and accessible only to Sapphire employees. Sapphire may share information with any competent law enforcement body, regulatory or government agency, court or other third party where it believes disclosure is necessary as a matter of applicable law or regulation; to exercise, establish, or defend our legal rights; or to protect your vital interests or those of any other person.
In the case of Candidates, Referees, and Sources, Sapphire may share information with Clients who may need to process the information for the purposes described in this Policy.
Similarly, for Candidates, Sapphire may share information with Sources and Referees with whom it liaises in connection with providing the Services to its Clients.For Sources and Referees, Sapphire endeavours to keep information confidential from the Candidates they discuss with us, but under limited circumstances, the information may be disclosed to them.
Sapphire may share information with third party service providers (our Vendors) who perform functions on our behalf (including external consultants, business associates and professional advisers, such as lawyers, auditors, accountants, technical support providers, and third party travel agencies, outsourced IT and document storage providers).
Sapphire may share information with a potential buyer (and its agents and advisers) in connection with any proposed purchase, merger, or acquisition of any part of our business, provided that we inform the buyer it must use your personal information only for the purposes disclosed in this Policy.
Sapphire may share information with its marketing partners to send emails on its behalf.
Sapphire may share information with any other person with the individual’s consent.
The Legal Basis For Processing Personal Information (for residents in the EEA)
For residents in the European Economic Area, Sapphire’s legal basis for collecting and using the personal information described above will depend on the personal information concerned and the specific context in which it is collected.
Sapphire will normally collect personal information where the processing is in its legitimate interests and not overridden by data protection interests or fundamental rights and freedoms. In connection with Sapphire’s Services, it typically relies on legitimate interests to process personal information for its Search work and some marketing activities.
Individuals have the following data protection rights:
If an individual wishes to access, correct, update, or request deletion of personal information, an individual can do so at any time by contacting Sapphire using the contact details provided under the Section headed “How to Contact Us” below. When asked to remove a record from its database, Sapphire will retain minimal personal information in order to prevent future contact, to keep a record of the information disclosed to its Clients and Candidates, and to preserve Sapphire’s interests in accordance with any applicable legal requirements.
In addition, residents of the European Economic Area can object to processing of their personal information, ask Sapphire to restrict processing of personal information, or request portability of their personal information. These rights can be exercise by contacting Sapphire using the contact details provided under the Section headed “How to Contact Us” below.
Individuals have the right to opt‐out of marketing communications sent at any time by clicking on the “unsubscribe” link in the marketing e‐mails Sapphire sends. If Sapphire has collected and processed personal information with an individual’s consent, that consent can be withdrawn at any time. Withdrawing consent will not affect the lawfulness of any processing Sapphire conducted prior to the withdrawal, nor will it affect processing of personal information conducted in reliance on lawful processing grounds other than consent. If consent is withdrawn, it will not be possible to be part of a Sapphire search or to be invited to any of Sapphire’s events or receive research or market insights.
Individuals have the right to complain to a data protection authority about Sapphire’s collection and use of personal information. For more information, please contact the local data protection authority.
Sapphire responds to all requests it receive from individuals wishing to exercise their data protection rights in accordance with applicable data protection laws.
How Long Is Personal Information Kept?
Sapphire will retain information it collects where it has an ongoing legitimate business need to do so (e.g. to provide its Services or to comply with applicable legal, tax, or accounting requirements).
For any questions about how long Sapphire retains personal information, you may contact Sapphire using the contact details provided under the Section headed “How to Contact Us” below.
How Does Sapphire Keep Personal Information Secure?
Sapphire is committed to ensuring that personal information is kept secure and follows strict security procedures as to how personal information is stored, used and who sees it, in order to help stop any unauthorised person getting access to it and it is located behind a firewall. Unfortunately, transmission of data via the internet is not completely secure or error‐free. We strive to ensure the protection of personal data, but cannot guarantee the security of the data so we cannot accept any liability for the loss, theft or misuse of personal information.
Sapphire takes appropriate technical and organisational measures to protect personal information from loss, misuse, unauthorised access, disclosure, alteration, and destruction. The measures used are designed to provide a level of security appropriate to the risk of processing the personal information and to help ensure that data is safe, secure, and only available to the individual and those with authorised access. For any questions about the security of personal information, you may contact Sapphire using the contact details provided under the Section headed “How to Contact Us” below.
Sapphire may update this Policy in response to changing legal, technical, or business developments. It is possible to see when this Policy was last updated by checking the “Last Updated” date displayed at the top of this Policy.
Please feel free to contact Sapphire with any comments, questions, complaints, or suggestions you might have regarding the information or practices described in this Policy.Sapphire can be contacted by sending a message to firstname.lastname@example.org or by writing using the details below:
Sapphire Partners Ltd
23 Golden Square London
W1F 9JPAttention: Sapphire Privacy Office