Introduction

This Privacy Policy is provided by Susan Pike & Partners (“Susan Pike”, “we” or “us”) and applies to individuals outside our organization with whom we interact, including candidates, clients, and references (together, “you”).

We are committed to safeguarding your personal data in line with the GDPR. We value your privacy. Your personal information is used solely for authorized purposes and handled securely and transparently.

Susan Pike & Partners is the Data Controller for the purposes of this Policy. Our contact details are provided at the end of this document.

This Policy may be updated from time to time to reflect changes in our data practices or applicable law. We will notify you of any significant changes.

Collection and Use of Your Personal Data

Personal Data We Collect

We may collect the following types of personal data:

• Personal details: Name, gender, date of birth, nationality, photograph, job title, employer, department, salary details, and work authorization information
• Contact details: Address, telephone numbers, email addresses, and social media profiles
• Employment records: Current and former positions, employers, dates of employment, job titles, locations, and experience
• Reference information: Details of referees you provide, including your relationship with them
• Background check information: Information revealed by background checks conducted with your explicit consent
• Views and opinions: Assessments and evaluations relevant to recruitment processes

How We Collect Personal Data

We may collect your personal data through:

• • Direct provision by you (e.g., when you contact us or submit your résumé/CV)
  • Our ongoing relationship with you
  • Publicly available sources, including social media profiles you make public
  • Third parties (e.g., references, former employers, educational institutions)
  • Background checks (with your prior explicit written consent)

• Your visits to our website

Personal Data About Others

If you provide us with personal data about others (e.g., when acting as a reference), you must ensure you have a lawful basis for sharing that information with us.

Legal Basis for Processing

Your data will only be processed with your consent and shared with third parties when necessary or legally required. We process your personal data based on one or more of the following legal grounds:

• Your consent (only for entirely voluntary processing)
• Necessity for a contract with you
• Compliance with legal obligations
• Protection of vital interests
• Our legitimate interests, which include:
  • Management and operation of our business
  • Promotion of our services
  • Provision of services to our clients

We never share your data without your consent, except when required by law.

Sensitive Personal Data

We do not seek to collect or process sensitive personal data (special categories of data) except where:

• Necessary for crime detection or prevention
• Necessary for establishing, exercising, or defending legal rights
• We have obtained your explicit consent

Purposes of Processing

We may process your personal data for:

• Executive search and recruitment on behalf of clients
• Leadership consulting and assessments
• Coaching and mentoring services
• Organizational design services
• Service provision and communication
• Website operation and management
• Training and interview preparation
• Newsletters and marketing communications (subject to applicable law)
• IT operations and security
• Health and safety compliance
• Surveys and service improvement
• Succession and organizational planning

Disclosure of Personal Data

We may share your personal data with:

• Our offices in different locations, for legitimate business purposes
• Legal and regulatory authorities when required
• Our clients, for providing contracted services
• Professional advisors (e.g., accountants, auditors, lawyers)
• Third-party service providers (e.g., background check services)
• Relevant parties for legal purposes
• Law enforcement agencies when legally required
• Third parties in the event of a business sale or transfer
• Third parties associated with website plugins or content

When we engage third-party processors, they are contractually bound to process data only according to our instructions and to implement appropriate security measures.

International Transfers

Due to the international nature of our business, we may transfer your personal data between our offices and to third parties in different countries. When transferring data outside the European Economic Area, we implement appropriate safeguards in accordance with GDPR requirements.

Data Security

We have implemented appropriate technical and organizational security measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction.

Data Accuracy

We take reasonable steps to ensure your personal data is accurate and updated when necessary. You may request correction of inaccurate data.

Data Minimization

We only process personal data that is necessary for the purposes outlined in this Policy.

Data Retention

We retain your personal data only for as long as necessary for the purposes described in this Policy, or to comply with legal, regulatory, and business requirements. Specifically, we retain data:

• While we maintain an ongoing relationship with you
• As necessary for the legitimate purposes outlined in this Policy
• For the duration of applicable limitation periods for legal claims
• For an additional short period following limitation periods to address any claims made at the end of the limitation period
• As needed to process any ongoing legal claims

Once these periods expire, we will either delete, destroy, or anonymize your personal data.

Your Rights

You have the right to access, correct, delete your data, and withdraw consent at any time. Your trust matters to us.

Subject to applicable law, you have the right to:

• Access your personal data
• Request correction of inaccurate data
• Request erasure of your data
• Request restriction of processing
• Object to processing
• Data portability
• Withdraw consent (where processing is based on consent)
• Lodge complaints with a Data Protection Authority

You can exercise your rights to access, update, or delete your data anytime by contacting us using the contact information provided below.

Cookies

Our website may use cookies to record information about your device, browser, and browsing preferences. For details, please see our Cookie Policy on our website.

Your Responsibilities

If you are a candidate, we rely on you to provide complete and accurate personal data.

If you provide references or information about others, you must ensure you are lawfully able to disclose that information to us.

Contact Information

For any inquiries or to exercise your rights regarding your personal data, please contact us at:

Email: privacy@susanpike.com 

Address: 14 rue Wilhem, 75016 Paris, France

For data protection matters, you may also contact your local Data Protection Authority.

Definitions

• Candidate: An individual who is or may be considered for a position with a client.
• Client: A client of Susan Pike & Partners.
• Controller: The entity that determines how and why personal data is processed.
• Data Protection Authority: An independent public authority responsible for monitoring compliance with data protection laws.
• Personal Data: Information relating to an identified or identifiable individual.
• Processing: Any operation performed on personal data, including collection, storage, use, and erasure.
• Processor: An entity that processes personal data on behalf of the controller.
• Sensitive Personal Data: Special categories of data including racial/ethnic origin, political opinions, religious/philosophical beliefs, trade union membership, health data, sexual orientation, and criminal records.

Last updated: March 14, 2025