Careers at ClientEarth

Recruitment Privacy Notice

1. Introduction

This Privacy Notice explains how we collect, use, store, and protect personal information about individuals who apply for roles with us (“candidates”). We are committed to handling your data lawfully, fairly, and transparently, in accordance with applicable data‑protection laws, including:

UK GDPR and Data Protection Act 2018 (United Kingdom)
EU GDPR (European Union)
Relevant local laws in the US, China and Japan (or as may apply).

This notice applies to all recruitment activities, whether conducted directly or through recruitment platforms, agencies, or assessment providers.

2. Data We Collect

We may collect the following categories of personal data:

A. Information you provide

Contact details (name, email, phone number, address)
CV/resume, cover letter, work history, education
Skills, qualifications, certifications
Contact details for referees
Interview responses, availability and assessment results
Right‑to‑work documentation (where legally required)

B. Information we generate

Interview notes, shortlisting scores, hiring team comments
Communications and scheduling records

C. Information from third parties

Recruiters or job boards
Professional references
Background‑check providers (where permitted)
Public professional profiles (e.g., LinkedIn)

D. Special categories (processed only when necessary and lawful)

Health information (e.g., reasonable adjustments)
Criminal‑offence data (e.g., DBS checks in the UK)

What about Diversity Survey data?

As part of your application, a voluntary diversity survey will appear. You are under no obligation to complete any of this survey. It is also is anonymous: ClientEarth never receives this information except in the aggregate with small sample sized masked and other similar protections to make re-identification impossible.

Hiring panels will never have any access to this data – it is used annually for consideration of whether our hiring practices are inclusive and equitable, to ensure we have an effective global workforce and to reveal any barriers to application which we may otherwise not be in a position to identify.

Please note: the questions are by necessity aimed at a global audience and therefore may not perfectly align with the typical categorisations in your country. However, we have attempted to sensitively manage this for the jurisdictions we typically anticipate to hire from.

3. Lawful Bases for Processing

We process candidate data under the following lawful bases:

A. Legitimate Interests

To manage recruitment processes, assess suitability, communicate with candidates, and improve our hiring practices.

B. Contractual Necessity

To take steps at your request before entering into an employment contract (e.g., arranging interviews).

C. Legal Obligation

Where required by law, such as right‑to‑work checks or regulated‑role background checks.

D. Consent

Used only where required (e.g. talent‑pool retention). You may withdraw consent at any time.

E. Criminal‑Offence Data (UK/EU only)

Processed only where permitted under Article 10 GDPR and the Data Protection Act 2018 (Schedule 1).

4. How We Use Your Data

We use your information to:

Review and evaluate your application
Communicate with you about the recruitment process
Schedule interviews and assessments
Verify information and conduct background checks (where lawful)
Maintain recruitment records
Consider you for future opportunities (if you opt in to our Talent Pool) or send you alerts for vacancies with your consent.

Pinpoint has AI features contained within its software package however we do not use any automated decision‑making that produces legal or significant effects without human involvement.

5. Sharing Your Data

We may share your data with:

Pinpoint, our Recruitment Software Provider
Background‑check agencies (where lawful)
Third party assessment providers
Professional referees which you have indicated we may contact
Government or regulatory bodies (where required by law)

All third parties are required to protect your data and use it only for the purposes we specify.

6. International Transfers

Your data may be transferred outside your country of residence. Where this occurs, we implement appropriate safeguards, such as:

UK/EU Standard Contractual Clauses
Adequacy decisions
Data‑processing agreements
Additional security measures

7. Data Retention

We retain candidate data only for as long as necessary for recruitment purposes, typically 12 months following an unsuccessful application. We adhere to all local data protection requirements, and so in some jurisdictions in which we operate, this is 6 months. You may request deletion at any time unless we are legally required to retain certain information. You can use the Manage Your Data tool to amend or delete your profile. Enter the email address that you used to create your profile and you will be sent a link to a web page where you can view all applications that you have submitted. You also have the ability to remove your applications, i.e. remove your personal information from our system. Alternatively, email our data protection team per the email address below for assistance or any questions.

8. Your Rights

You have the right to:

Access your data
Correct inaccurate information
Request deletion
Restrict or object to processing
Withdraw consent
Request data portability
Lodge a complaint with a supervisory authority

US Candidates

Depending on your state, you may have rights to:

Access your personal information
Request deletion
Opt out of certain data uses
Non‑discrimination for exercising privacy rights

9. Security

We use technical and organisational measures to protect your data, including:

Access controls
Encryption
Secure storage
Monitoring and auditing
Vendor due‑diligence processes

10. Data Protection Support

If you have questions or wish to exercise your rights, you can contact dataprotection@clientearth.org.