Skip to main content

Processing of (personal) data by the entity in charge of the online application process

Morgan Latif Ltd
Privacy Policy & Recruitment Privacy Notice
(UK GDPR, EU GDPR & U.S. Privacy Law Aligned)
Last updated: 03.02.2026
 
1. Introduction
Morgan Latif Ltd (“Morgan Latif”, “we”, “us”, “our”) is committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, store, share, and protect personal data in accordance with applicable data protection laws, including the UK General Data Protection Regulation (“UK GDPR”), the EU General Data Protection Regulation (“GDPR”), and relevant United States privacy laws.
We process personal data responsibly, transparently, and proportionately, and we aim to use personal data only in ways that are fair, ethical, and aligned with our professional obligations as an executive search and work-finding services provider.

This policy applies to:
  • Job applicants and candidates
  • Clients and prospective clients
  • Suppliers, service providers, and business partners
  • Visitors to our website
 
2. Data Controller
Morgan Latif Ltd is the data controller for the purposes of data protection legislation.

Registered office:
13 Grosvenor Gardens
London, SW1W 0BD
United Kingdom
Email: info@morganlatif.com
Telephone: +44 (0)203 983 3227
 
3. Personal Data We Collect
Depending on your interaction with us, we may collect and process the following categories of personal data:

  • Identity & Contact Data
Name, email address, telephone number, postal address, nationality, professional title, and (where legally required) tax identifiers.
  • Recruitment & Career Data
CVs, cover letters, employment history, education, qualifications, references, interview notes, assessments, and related correspondence.
  • Client & Supplier Data
Business contact details, role or position, contractual information, billing details, correspondence, and records of services provided or received.
  • Technical & Usage Data
IP address, browser type and version, operating system, device identifiers, login data, time zone settings, and website usage data.
  • Marketing & Communications Data
Preferences relating to marketing and other communications.
  • Special Category Data
Where lawful and necessary, we may process limited sensitive personal data (for example, diversity monitoring or right-to-work information), strictly for recruitment, employment, or legal compliance purposes.

4. How We Collect Personal Data
We collect personal data through:
  • Direct interactions (applications, enquiries, correspondence)
  • Recruitment platforms and 3rd party submissions
  • Website usage via cookies and similar technologies
  • Third-party systems and publicly available professional sources, where permitted by law

5. Purposes of Processing & Legal Bases
We process personal data to provide executive search, recruitment, and work-finding services, to manage our business relationships, and to operate and improve our website.
Purposes include:
  • Assessing candidate suitability and matching candidates with opportunities
  • Introducing candidates to clients with appropriate authority
  • Managing recruitment and selection processes
  • Communicating with candidates, clients, and suppliers
  • Administering contracts, invoicing, and payments
  • Improving our services and website functionality
  • Preventing fraud and maintaining security
  • Complying with legal, regulatory, and professional obligations

We rely on one or more of the following legal bases:
  • Consent, where required
  • Performance of a contract or steps taken at your request prior to entering a contract
  • Legal obligation
  • Legitimate interests, provided those interests are not overridden by your rights
We do not represent or introduce candidates without a lawful basis, which may include consent, contractual necessity, or legitimate interests, depending on the circumstances.

6. Data Sharing & Third Parties
We may share personal data with trusted third parties where necessary, including:
  • Recruitment, HR, CRM, and assessment platforms
  • Background checking, credit reference, or fraud-prevention providers (where appropriate)
  • Professional advisers (legal, financial, compliance)
  • Regulators or authorities where legally required
Where third parties act as data processors, we ensure appropriate contractual safeguards are in place in accordance with Article 28 GDPR or equivalent legal standards.

7. Data Retention
We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, including legal, regulatory, accounting, or legitimate business requirements.
Personal data relating to candidates, clients, and suppliers is reviewed periodically and securely deleted or anonymised when no longer required.

8. Data Security
We have implemented appropriate technical and organisational measures to protect personal data against unauthorised access, loss, misuse, alteration, or disclosure.
Access to personal data is restricted to those with a legitimate business need. While we take reasonable steps to protect electronic communications, no transmission over the internet can be guaranteed as fully secure. Users are responsible for maintaining the confidentiality of their login credentials. Morgan Latif Ltd will never request password details.
9. Marketing Communications

We may send information about our services where permitted by law.
You may:
  • Opt out of marketing communications at any time
  • Object to your data being used for marketing purposes
Requests can be made via the communication received or by contacting info@morganlatif.com.

10. Cookies
Our website uses cookies and similar technologies to improve functionality and user experience.
Cookies may be used to:
  • Recognise returning visitors
  • Understand how our website is used
  • Improve content and performance
  • Deliver relevant advertising
You can manage cookies through your browser settings. Disabling cookies may affect website functionality.
Further information is available at: allaboutcookies.org

11. International & Overseas Transfers
Personal data may be transferred between the UK, EEA, United States, and other jurisdictions where required to deliver our services or operate third-party systems.
Where international transfers occur, we ensure appropriate safeguards are in place, such as adequacy decisions, standard contractual clauses, or equivalent lawful mechanisms.

12. Your Data Protection Rights
Depending on your location, you may have the right to:
  • Access your personal data
  • Rectify inaccurate or incomplete data
  • Request erasure
  • Restrict processing
  • Object to processing
  • Request data portability
  • Withdraw consent at any time
Requests should be submitted to info@morganlatif.com. We respond within statutory time limits.

13. Complaints & Supervisory Authorities
If you have concerns about how we process your data, please contact us first.
You also have the right to lodge a complaint with the relevant supervisory authority, including:
  • UK Information Commissioner’s Office (ICO): ico.org.uk/concerns
Where personal data is processed outside the UK, you may contact the applicable local authority.

14. Changes to This Policy
We may update this Privacy Policy to reflect legal, regulatory, or operational changes. The most current version will always apply.

15. Contact
Email: info@morganlatif.com
Telephone:+44 (0)203 983 3227


Addendum 1: California Privacy Notice
(CCPA / CPRA – California Residents Only)
Effective date: 0.02.2026

This California Privacy Notice supplements the Morgan Latif Ltd Privacy Policy and applies solely to individuals who reside in the State of California (“consumers” or “you”). It describes our information practices and your rights under the California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act (“CCPA/CPRA”).

1. Categories of Personal Information We Collect
Within the last 12 months, Morgan Latif Ltd may have collected the following categories of personal information, as defined under the CCPA/CPRA:
  • Identifiers: name, email address, telephone number, business contact details
  • Professional or employment-related information: CVs, employment history, qualifications, references
  • Commercial information: records of services provided or received
  • Internet or network activity: IP address, browser type, website usage
  • Sensitive personal information (limited): where lawful and necessary (e.g. right-to-work verification)
We collect this information directly from you, from recruitment platforms, from our website, or from third parties where permitted by law.

2. Purposes for Collection and Use
We collect and use personal information for the following business purposes:
  • Providing executive search, recruitment, and work-finding services
  • Assessing candidate suitability and introducing candidates to clients
  • Managing relationships with clients and suppliers
  • Communicating regarding opportunities, services, or enquiries
  • Operating, maintaining, and securing our website and systems
  • Complying with legal, regulatory, and professional obligations
  • Preventing fraud and ensuring security
We collect only personal information that is reasonably necessary and proportionate for these purposes.

3. Sharing of Personal Information
We may disclose personal information to third parties for business purposes, including:
  • Recruitment, HR, CRM, and assessment platforms
  • Professional advisers (legal, financial, compliance)
  • Service providers supporting our operations
  • Regulators or authorities where legally required
All service providers are contractually required to process personal information only on our instructions and to protect it appropriately.

4. Sale or Sharing of Personal Information
Morgan Latif Ltd does not sell personal information as defined under the CCPA/CPRA.
We also do not knowingly share personal information for cross-context behavioural advertising in a manner that would require an opt-out under the CPRA. Should this change, we will update this notice accordingly.

5. Retention of Personal Information
We retain personal information only for as long as reasonably necessary to fulfil the purposes for which it was collected, including legal, regulatory, and legitimate business requirements. Retention periods vary depending on the nature of the data and the context in which it is processed.

6. Your California Privacy Rights
If you are a California resident, you have the right to:
  • Right to Know: request details about the personal information we collect, use, and disclose
  • Right to Access: request a copy of the personal information we hold about you
  • Right to Correct: request correction of inaccurate personal information
  • Right to Delete: request deletion of personal information, subject to legal exceptions
  • Right to Limit Use of Sensitive Personal Information: where applicable
  • Right to Non-Discrimination: you will not be discriminated against for exercising your rights

7. How to Exercise Your Rights
You may submit a request by contacting us at:
Email: info@morganlatif.com
We may need to verify your identity before responding. Requests will be handled in accordance with CCPA/CPRA timelines.
You may also designate an authorised agent to make a request on your behalf, subject to verification requirements.

8. Children’s Information
Morgan Latif Ltd does not knowingly collect personal information from individuals under the age of 16. If you believe such information has been collected, please contact us so it can be deleted.

9. Changes to This California Privacy Notice
We may update this notice from time to time. Any changes will be posted on our website and will apply from the effective date stated above.

10. Contact Information
If you have questions about this California Privacy Notice or your rights under California law, please contact:
Morgan Latif Ltd
Email: info@morganlatif.com
Telephone:+44 (0)203 983 3227

Addendum 2: Regulatory & Ethical Compliance Statement
(UK, EU, US & B Corp Alignment)

This addendum is provided for transparency and audit purposes.

A. United Kingdom Compliance
Morgan Latif Ltd operates in accordance with:
  • UK GDPR
  • Data Protection Act 2018
  • Employment Agencies Act 1973
  • Conduct of Employment Agencies and Employment Businesses Regulations 2003
We ensure:
  • Transparency around work-finding services
  • Lawful authority before introducing candidates
  • Suitability assessments are conducted
  • Candidate data is handled securely and proportionately

B. European Union Compliance
Where EU personal data is processed, we comply with the EU GDPR, including:
  • Lawful bases for processing
  • Data minimisation and purpose limitation
  • Individual rights under Chapter III GDPR
  • Safeguards for international data transfers

C. United States Compliance
For individuals located in the United States, we process personal data in accordance with applicable U.S. privacy laws, including relevant state-level legislation such as the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA), where applicable. We process personal data of U.S. residents in accordance with applicable federal and state privacy laws, and we provide individuals with rights and protections consistent with those laws. Depending on jurisdiction, individuals may have rights to:
  • Know what personal data is collected
  • Request access, correction, or deletion
  • Opt out of certain data sharing or processing
  • Requests may be made via info@morganlatif.com.

D. B Corp Alignment & Ethical Data Use
As a B Corp-certified organisation, Morgan Latif Ltd commits to:
  • Data minimisation: collecting only data that is relevant and necessary
  • Fairness & transparency: avoiding unexpected or unjustified uses of personal data
  • Accountability: regularly reviewing data protection practices and third-party providers
  • Responsible growth: balancing commercial objectives with individual rights and societal impact
Our approach to data protection reflects not only legal compliance, but our broader commitment to ethical business practices and stakeholder trust.

Processing of (personal) data by the operator of the recruitment website

General information

This recruitment website is operated by Personio SE & Co. KG, which offers a human resource and candidate management software solution (https://www.personio.com/legal-notice/). Data transmitted as part of your application will be transferred using TLS encryption and stored in a database. The sole controller of this data within the meaning of article 24 of the GDPR is the enterprise carrying out this online application process. Personio’s role is limited to operating the software and this recruitment website and, in this context, being a processor under article 28 of the GDPR. In this case, the processing by Personio is based on an agreement for the processing of orders between the controller and Personio. In addition, Personio SE & Co. KG processes further data, some of which may be personal data, to provide its services, in particular for operating this recruitment website. We will refer to this in more detail below.

The controller

The controller under data protection law is:
Personio SE & Co. KG
Seidlstraße 3
80335 München
Tel.: +49 (89) 1250 1004
Entry in the commercial register
Commercial register entry number: HRA 115934
Registration Court: Amtsgericht München
Data Protection Officer contact: privacy@personio.com

Access logs (“server logs”)

Each access to this recruitment website automatically causes general protocol data, so-called server logs, to be collected. As a rule, this data is a pseudonym and thus does not allow for inferences about the identity of an individual. Without this data, it would, in some cases, be technically impossible to deliver or display the contents of the software. In addition, processing this data is absolutely necessary under security aspects, in particular for access, input, transfer, and storage control. Furthermore, this anonymous information can be used for statistical purposes and for optimizing services and technology. In addition, the log files can be checked and analyzed retrospectively when unlawful use of the software is suspected. The legal basis for this is §25 subsection 2 Sentence 2 TDDDG. Generally, data such as the domain name of the website, the web browser and web-browser version, the operating system, the IP address, as well as the timestamp of the access to the software is collected. The scope of this log process does not exceed the common log scope of any other site on the web. These access logs are stored for a period of up to 7 days. There is no right to object to this.

Error logs

So-called error logs are generated for the purpose of identifying and fixing bugs. This is absolutely necessary to ensure we can react as quickly as possible to possible problems with displaying and implementing content (legitimate interest). As a rule, this data is a pseudonym and thus does not allow for inferences about the identity of an individual. The legal basis for this is §25 subsection 2 Sentence 2 TDDDG. When an error message occurs, general data such as the domain name of the website, the web browser and web-browser version, the operating system, the IP address, as well as the timestamp upon occurrence of the respective error message and/or specification is collected. These error logs are stored for a period of up to 7 days. There is no right to object to this.

Use of cookies

So-called cookies are used on parts of this recruitment website. They are small text files which are stored on the device with which you access this recruitment website. As a general rule, cookies serve the purpose of ensuring secure access to a website (“absolutely necessary”), implementing certain functionalities such as standard-language settings (“functional”), improving the user experience or the performance of the website (“performance”), or placing targeted advertisements (“marketing”). On this recruitment website, we generally use only cookies that are absolutely necessary, functional or performance-related, in particular for implementing certain default settings such as language, for identifying the job advertising channel, or for analyzing the performance of a job advert via which a user accessed this recruitment website. The use of cookies is absolutely necessary for providing our services and thus for the performance of the contract (article 6 (1) b) of the GDPR). Period of storage: up to 1 month or until the end of the browser session Right to object: You can determine via your browser settings whether you allow or object to the use of cookies. Please note that deactivating cookies may result in limited or completely blocked functionalities of this recruitment website.

Rights of data subjects

If Personio SE & Co. KG as the controller processes personal data, you as the data subject have certain rights under Chapter III of the EU General Data Protection Regulation (GDPR), depending on the legal basis and the purpose of the processing, in particular the right of access (article 15 of the GDPR) and the rights to rectification (article 16 of the GDPR), erasure (article 17 of the GDPR), restriction of processing (article 18 of the GDPR), and data portability (article 20 of the GDPR), as well as the right to object (article 21 of the GDPR). If the personal data is processed with your consent, you have the right to withdraw this consent under article 7 III of the GDPR. To assert your rights as a data subject in relation to the data processed for the purpose of operating this recruitment website, please refer to Personio SE & Co. KG’s Data Protection Officer (see item B).

Concluding provisions

Personio reserves the right to adjust this data privacy statement at any point in time to ensure that it is in line with the current legal requirements at all times, or in order to accommodate changes in the services offered, for example when new services are introduced. In this case, the new data privacy statement applies to any later visit of this recruitment website or any later job application.