CF Diversity is a leadership consulting firm that handles a variety of personal data necessary to provide leadership services. The type of information depends on our relationship with you.

The categories of personal data we collect may include the following information and identifiers of individuals: name, contact information (e-mail address, address, telephone number), professional experience, photographs, individual capabilities, qualifications, professional style profile, peer reviews, executive competencies, interview notes as well as recordings and transcripts of such (if applicable). This data may be obtained directly from you, through publicly available sources, your professional networking profile, news reports, and/or third parties such as our clients, professional partners, sources/referees, and/or our authorized background check/verification providers. If you are an executive search candidate, in addition to the information listed above, we may collect information regarding your education history, languages, social activities, compensation details (where permitted by applicable legislation), information relating to references, offer letters, identification data (civil/marital status, gender, nationality), and contact history.

In order to align our processes with our commitment to ensuring equal opportunities, we may collect information about you (in the appropriate circumstances and in accordance with applicable local law) which may be classified as diversity information, such as your racial or ethnic background, gender, disability, age, sexual orientation, religion or beliefs, and/or socioeconomic background. Additionally, as some of our clients may be subject to employment diversity requirements, CF Diversity may be required to share such information insofar as it pertains to the assignment you are a part of. Providing this additional information is voluntary and declining to do so will not affect any assessment or search.

If you participate in our Individual evaluations, coaching or related elements or are assessed as part of our services, in addition to the information listed above, we may collect information regarding your responsibilities at work, character traits, details regarding your employment and development preferences, as well as any other information and responses you may provide through evaluative measures or surveys. Providing additional personal data such as age, gender, and ethnicity is voluntary and will not affect the assessment results.

If you provide a personal reference or feedback for an individual (depending on the circumstances we may classify you as a Referee), we may collect and process your name, contact details, certain professional and employment details (such as title, occupation, qualifications and employment history), references and feedback, and your connection to the individual. We may collect this information directly from you, the individual, or publicly available sources. Any reference or feedback you provide about an individual would not be attributed to you if shared with third parties unless you allow us to do so.

If you are a CF Diversity client or supplier, data collected will typically comprise your contact details (such as name, telephone number, address, email address, job title, and business record related to the services).

We will process your personal data in the context of providing our Services and maintaining our business relationship with you. This may include contacting you about an assignment, verifying profile details, identifying, assessing and evaluating individuals, and/or presenting our insights, analysis or reports to our clients.

We may also use the data in circumstances such as the following:

as part of a press check or background check, including; verification of educational or professional credentials;
to help support and improve our business operations (e.g. interview transcription (if applicable), audit procedures, security processes, document storage, maintenance of our systems and infrastructure, data analytics, benchmarking, statistics, creating knowledge pieces, determining the effectiveness of our Services);
to share marketing and promotional materials (e.g., intellectual capital, thought leadership pieces, etc.);
to invite you to an industry and/or role-specific event (e.g., forum, charity event, etc.);
to work with partners, sponsors and vendors;
maintaining business records, including those related to our Services;
to exercise our legal rights, protect your interests or as required by applicable law;
We strive to ensure that your personal data is accurate, complete, and current. Your data will only be used in a way that is compatible with its intended use and will not be processed in any way that is contrary to what is outlined in this policy. We will not sell your personal data.

CF Diversity’s legal basis for processing your personal data in the context of providing its Services will depend on the personal information and processing activity involved and the specific context in which it was obtained. This can be:

our legitimate business interest, provided the processing of such information is not overridden by your own interests or your fundamental rights and freedoms. For example: managing, operating or promoting our business, building and maintaining relationships with you, our clients and vendors, analysing and improving our Services, managing our IT systems (including audits);
your consent, where required by applicable law. For example: for background checks, for any potentially sensitive information that may come to light during interviews, for employment diversity requirements, for recorded interview sessions; or
our compliance with legal and regulatory requirements under applicable laws such as: keeping records for tax purposes or for accounting, or providing information to public authorities.

Personal information is held on CF Diversity’s secure global proprietary database, which is accessible to CF Diversity offices worldwide. A list of our offices can be found on our website. In order to guarantee that the appropriate and suitable safeguards for the protection of your personal data are in place, in addition to the privacy practices set out in this policy, CF Diversity has a set of Corporate Rules. These Corporate Rules are a commitment by CF Diversity to adequately protect personal information of data subjects, regardless of where the data resides.

CF Diversity may, in the course of our business, transfer your information to clients, partners, or approved third-party providers (such as background check providers) in the context of the activities outlined in this policy.

We may disclose personal information where required by law or in connection with any legal claims, subpoenas, warrants or other governmental/regulatory/judicial requests. If CF Diversity receives a lawful access request from a third-country authority, our best efforts will be made to use all legal, technical, organizational, and supplementary measures available to limit the data that can be accessed in order to support the protection of your rights. We may disclose data where necessary to exercise, establish, or defend our legal rights, or to protect your vital interests or those of any other person.

CF Diversity has implemented appropriate legal, physical, organizational, and technical security measures and procedures to safeguard personal information collected, ensure its proper use and prevent against accidental loss, unauthorized access, or unlawful processing. These measures are periodically reviewed and updated to remain aligned with legal and technological developments. Such measures include but are not limited to contractual provisions, encryption and access security.

CF Diversity will retain your personal data for as long as the data is needed in connection with the purposes for which it is being processed and depending on the nature of our relationship with you.

Specifically, we will retain personal data for as long as we have your consent or a legitimate interest to do so. We may also be required to retain certain personal information (i) for our business records (ii) to show that we have fulfilled our obligations towards relevant parties such as our clients and candidates, or to continue meeting any of our obligations once we have completed an assignment in which you may have been involved in, (iii) for us to be able to establish, exercise or defend our legal rights, or (iv) to otherwise comply with our legal obligations.

Once the need to retain your data has expired, we will delete or anonymize it in accordance with data minimization principles. If this is not possible at the time, (for example, because your personal information has been stored in backup archives) then we will securely store your personal information and isolate it from any further processing until deletion is possible.

You have the right to access, erase, correct, update, or complete your personal data, or to request no further contact from CF Diversity. Additionally, to the extent permittable under applicable laws, you have the right to request the transfer of your personal data to a third-party, to object to our use of your personal information, or to object to certain types of processing of your personal information. You can also withdraw your consent at any time; however, such withdrawal will not affect any processing performed prior to your withdrawal, nor will it affect processing on the basis of other lawful grounds. Should you request that we delete your personal information, please note that we may keep a minimal amount of data for record keeping purposes (for example, to record your wish for your data to be deleted). If you wish to exercise any of these rights, you may contact us or your point of contact at our firm. Additionally, you may bring a complaint to the relevant data protection authority about our processing of your personal information.

You may be prompted to visit, utilize, and subsequently register for certain third-party services or websites in conjunction with your interactions with CF Diversity. These third parties use of your personal data will be governed by that party’s own privacy policy. CF Diversity’s use of your personal data will be governed by this Privacy Policy.

Data Privacy Framework
Recipients of the data disclosures described in this Privacy Policy are located in the United Kingdom and elsewhere in the world, including where privacy laws may not provide as much protection as those of your country of residence.

For certain personal data we receive as a data controller on behalf of certain clients or candidates, CF Diversity has certified its compliance under the EU-U.S. Data Privacy Framework (“EU DPF”), the United Kingdom Extension to the EU-U.S. Data Privacy Framework (“UK DPF”), and the Swiss-U.S. Data Privacy Framework (“Swiss DPF”). We refer to these three programs collectively as the “DPFs.” The DPFs are designed in accordance with the principles required by the relevant location sending data to the US (“DPF Principles”).

Accordingly, CF Diversity receives transfers of personal data from certain clients and candidates under (1) the DPFs, (2) under our Corporate Rules, (3) under Standard Contractual Clauses, or (4) through one or more derogations under GDPR Article 49, or its UK or Swiss equivalent, depending on the situation and our contract with our client.

In certain situations, we may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

CF Diversity’s accountability for personal data that it receives from such data subjects under the DPF and subsequently transfers to a third-party is described in the DPF Principles. In particular, CF Diversity remains responsible and liable under the DPF Principles if third-party agents that it engages to process the personal data on its behalf do so in a manner inconsistent with the DPF Principles, unless CF Diversity proves that it is not responsible for the event giving rise to the damage.

We may update this policy. Any material changes made will be posted on this page and the appropriate measures will be taken to keep you informed. Please visit this page on a regular basis to ensure that you remain up to date with our policy.

If you have any questions about this Privacy Policy, please contact us via our contact form online or via your point of contact at our firm.