Find Talent Find a Job

Morgan McKinley Recruitment Data Protection Statement

Last Updated: June 19th 2024

Morgan McKinley Recruitment Data Protection Statement

This recruitment data protection statement sets out specific information relating to applicants applying for positions internally in our company (“Applicants”).

We treat the protection of your personal data seriously and when we collect and process your Personal Data, we will do so in accordance with the GDPR and relevant local data protection laws (the “Data Protection Laws”).

Expand all

Morgan McKinley provides recruitment solutions, talent solutions and executive search to meet our clients' needs by connecting specialised talent with leading employers across multiple geographies, industries, and disciplines.

We are a recruitment agency and recruitment business as defined in the applicable employment and industry specific legislation and regulations, including but not limited to, the Employment Agencies and Employment Businesses Regulations 2003.

When you apply for a role with Morgan McKinley, your relationship may be with one, or several, companies in the Group depending on your location and the position you are applying for. Each company is referred to herein as a Group Entity and together they are the Group. Each group entity and their location is specified below.

This Data Protection Statement applies to the following companies in the Group.

Group Entity Name Company Address Location

Premier Recruitment International Unlimited Company

trading as Morgan McKinley
Penrose Dock 2, Alfred St, Victorian Quarter, Cork, T23 YY09, Ireland Ireland Applicants
Morgan McKinley Group Limited 15 Fetter Lane, Holborn, London EC4A 1BW UK Applicants
Morgan McKinley Pte Ltd One Raffles Place Tower 1, Singapore, 048616 Singapore Applicants
Morgan McKinley Ltd Suite 3407 Lippo Centre, Tower II, 89 Queensway, Admiralty, Hong Kong Hong Kong Applicants
Morgan McKinley Job Intermediary (Shanghai) Co. Ltd Unit 3102 - 3104, Level 31, K. Wah Centre, 1010 Middle Huaihai Road, Xuhui District, Shanghai 200031 China Applicants
Morgan McKinley KK (Japan) Holland Hills Mori Tower 17F, 5-11-2 Toranomon Minato-ku, Tokyo 105-0001, Japan Japan Applicants
Morgan McKinley Pty Ltd (Australia) 9/383 Kent St, Sydney NWS 2000, Australia Australia Applicants
Morgan McKinley Services Pvt Ltd Building No. IV/905.B, Near Shalimar House, Manjakkal, Mahe, Puducherry, India. India Applicants
Morgan McKinley Inc. (Canada) Unit 204, 107 Atlantic Ave, Toronto, Ontario, M6K 1Y2, Canada Canada Applicants


Premier Recruitment International UC is available as your central point of contact for all queries at:

Data Protection Officer
Penrose Dock Two, Alfred St,
Victorian Quarter,
Cork, T23 YY09


This Data Protection Statement applies to the Personal Data we process about Applicants applying for positions as employees at our company.

For the purposes of this recruitment Data Protection Statement, an applicant includes:

  • an active job seeker, who applies to a role that we have advertised; or
  • someone we identify as a potential job seeker;

When we refer to “Personal Data” in this Data Protection Statement we mean any information relating to an identified or identifiable natural person ('Data Subject'); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

We process all Personal Data lawfully and in accordance with the requirements of the Data Protection Laws. The GDPR sets out the legal grounds for processing Personal Data.

When Morgan McKinley processes Personal Data about Applicants, any one of the following legal grounds will generally apply. Further detail about the lawful basis for our processing activities is included in the relevant sections of this Data Protection Statement.


We will process Personal Data where necessary to perform our obligations relating to or in accordance with any contract that we may have with you or to take steps at your request prior to entering that contract.

When you apply for a job some of our processing activities will be carried out in order to take steps necessary to enter into a contract of employment with you.


For certain processing activities we may rely on your consent.

Where we are unable to collect consent for a particular processing activity, we will only process the Personal Data if we have another lawful basis for doing so.

You can withdraw consent provided by you at any time by contacting us at


At times we will need to process your Personal Data to pursue our legitimate interests, for example for administrative purposes, to provide information to you, to operate, evaluate, maintain, develop and improve our websites and recruitment portals or to maintain their security and protect intellectual property rights.

We will not process your Personal Data on a legitimate interest basis where the impact of the processing on your interests or fundamental rights and freedoms outweighs our legitimate interests.

You may object to any processing we undertake on this basis. If you do not want us to process your Personal Data on the basis of our legitimate interests, contact us at and we will review our processing activities.


If we have a legal obligation to process Personal Data, we will process Personal Data on this legal ground.


In limited circumstances and in accordance with the law we may use personal data in the defence of legal claims or enforcing legal rights.

We receive Personal Data about Applicants from a variety of sources. Usually, an Applicant provides us with certain information directly, for example, when the Applicants sends us their CV, applies directly for a position advertised on the Morgan McKinley website or interacts with our communications (e.g. websites and advertisements).

We may also receive Personal Data about an Applicant when:

  • the Applicant applies to a position advertised on a third-party job’s website;
  • the Applicant may be sourced from publicly accessible platforms such as LinkedIn;
  • the Applicants may be sourced from third party CV providers such as jobs websites that provide CV search facilities and where users have made their CV data available to registered customers of these sites; and
  • the Applicant’s nominated referees or other individuals may provide us with Personal Data relating to the Applicants.

This section describes the personal data that we collect about Applicants. We only collect the personal data that we require in order to provide and deliver the services that you expect. We have described here the personal data that we use in order to provide our services.

The table below sets out the general categories of Personal Data that we collect in relation to Applicants.

Personal Data Category Description
Contact Data may include a person’s name, email address, phone number, postal address, other communication details including social media links (e.g. LinkedIn)
Identification Data may include a person’s name, date of birth, driver’s license, national tax identification number and passport information
Professional Data may include information about previous professional experience such as profession, company, department, employment history, skills/experience, membership of professional bodies
Education Data may include educational history such as degrees, certificates and diplomas awarded, languages and qualifications
CV Data may include Contact Data, Identification Data, Professional Data, Education Data and information about achievements and hobbies
Application Data may include information provided when applying for a role such as, CV Data, Financial Data, Position Data, Media Data, and details of visa or eligibility to work.
Financial Data may include payment and bank details, tax information, payroll information, professional fee rate expectations, Limited/Umbrella company details
Test Data may include test answers and results for any job application
Health Data may include health information including information about any disability or illness.
Media Data may include photographs provided by Applicants
Legal Data may include criminal record and credit checks undertaken where required as part of the application process.
Position Data may include information relevant to a position such as rate of pay, working hours, reporting lines, job description and performance
Emergency Contact Data may include the name and contact details provided by an Applicants in case of an emergency.
Communications Data may include Personal Data included in communications with us over email, text, phone or letter.
Marketing Data may include your Contact Data and any preferences in receiving marketing from us and your communication preferences.
Web Data may include information provided on any forms on our website and, to the extent that it includes Personal Data, information on the type of device you are using, its IP address, operating system, referral source, length of visit, page views and website navigation paths, as well as information about the timing, frequency and pattern of your service use.

We can only collect your Personal Data if we have a lawful basis for doing so.

We have set out in the table below, the general purpose of processing, the categories of Personal Data processed and the related lawful basis for processing.

Purpose/Activity Type of Personal Data Lawful basis for processing
Applicants Sourcing
  • to advertise roles on the Morgan McKinley website
  • to create a record/file for the Applicant on our system and to associate all notes and tracking throughout the interview, and onboarding process
  • to keep up to date information about Applicants in relation to their requirements, in order to assess their suitability for current or future vacancies
  • to maintain our database
  • screening and identification of Applicants for available positions
  • to communicate with Applicants about positions that might be of interest to them
  • to receive and review Applicants applications
  • to understand current and expected salary, notice period and availability.

CV Data

Communications Data

Marketing Data

Legitimate interest


Job Applications
  • responding to Applicants queries
  • receiving and reviewing applications received from Applicants directly
  • communications with Applicants re application
  • setting up interviews with the Applicant

CV Data

Media Data

Communications Data


Legitimate Interest


Job Interview
  • to arrange and undertake interview
  • recording notes of Interview
  • to communicate with the Applicants following interview

CV Data

Communications Data


Legitimate Interest


Applicants Screening (where relevant to the position)
  • to identify if the Applicant is fit to work
  • to assess the Applicant working capacity

CV Data

Health Data

Test Data



Applicants Finance Activities
  • to endeavour that salary expectations are met
  • to remunerate Applicant for interview / travel expenses

Contact Data

Position Data

Financial Data


Legitimate Interest


Applicants IT Activities
  • back-up and storage of Applicant data
  • to make improvements and efficiencies in the recruitment process

Contact Data

Identification Data

Professional Data

Education Data

Communications Data

Marketing Data


Legitimate Interest

Website Delivery
  • to respond to web forms completed by applicants;
  • to administer the Website;
  • for internal operations, including support, troubleshooting, data analysis, testing, research, statistical and survey purposes
  • to ensure the safety and security of our website and our services.

Contact Data

Web Data


Legitimate Interest

Marketing activities
  • to respond to any requests from Applicants
  • to send newsletters and other information that may be of interest
  • to participate in recruitment conferences, seminars, events
  • to personalise marketing information
  • to segment and distribute targeted marketing

Marketing Data

Contact Data

Web Data


Legitimate Interest

We only keep your Personal Data as long as it is necessary for the purposes of processing it or to comply with legal or regulatory requirements.

Our retention policy is as follows:

Purpose of Processing Retention Period
Job Applications

Unsuccessful Applicants Duration of campaign +18 months

Successful Applications Per Employee Notice

Applicant Interview Duration of campaign +18 months
Applicant Expense Reimbursement Duration of campaign +7 years

In some circumstances it is not possible for us to specify in advance the period for which we will retain your Personal Data. In such cases we will determine the appropriate retention period based on balancing your rights against our legitimate interests. We may also retain certain Personal Data beyond the periods specified herein in some circumstances such as where required for the purposes of legal claims. We may also delete Personal Data earlier than the specified Retention Period where the Personal Data is no longer required for the purpose.

We may need to share your personal data in order to manage our recruitment activities. We will always ensure that any disclosure of personal data is undertaken in compliance with Data Protection Law and ensure that appropriate technical and organisational measures are undertaken to protect and secure any personal data that is transferred.

Personal Data is shared in certain circumstances as follows:

  • to other companies in the Group including the affiliated companies documented in this Data Protection Statement for the purposes of administration, marketing and provision of our services
  • to business partners and third-party service providers for the purposes of servicing our company and administration of our business, including email, chat, ticketing, Customer Relationship Management, Applicant Tracking System, payment processors, data aggregators, hosting service providers, external consultants, accountants, auditors, IT consultants and lawyers
  • if a company in the group or substantially all of its assets are acquired by a third party, in which case personal data held by us will be one of the transferred assets
  • if we are under a duty to disclose or share personal data in order to comply with any legal obligation (including tax, audit or other authorities), or in order to enforce or apply any contracts that we have
  • to official authorities to protect our rights, property, or safety, or those of other persons (including you)
  • to payment service partners for the processing of payments to and from our business,
  • to protect our rights, property, or safety, or that of our customers or others. This may include exchanging information with other companies and organisations for the purposes of fraud protection
  • for the purposes of third-party screening and verification, including doctors or testing companies (for example, criminal record checks / pre-employment screening services and assessments)
  • to analytics and search engine providers that assist us in the improvement and optimisation of our Website. This consists of information relating to the web pages visited on the Website and tracking codes from service providers like LinkedIn and Google
  • to insurance brokers and providers where required for administering claims
  • to our email distribution partner and service providers in the case of marketing and newsletter

We monitor for and do everything that we can to protect personal data and prevent security breaches.

We will take all steps reasonably necessary to ensure that all personal data is treated securely in accordance with this Data Protection Statement and the Data Protection Laws. In particular, we employ appropriate technical and organisational procedures to safeguard and secure the personal data we process to prevent unauthorised access.

We monitor for and do everything we can to prevent security breaches of the personal data that we process. Once we have received your personal data, we will use strict procedures and security features for the purpose of preventing unauthorised access and ensuring that only those who need to have access to your personal data can access it.

We also use secure connections to protect personal data during its transmission. Where you have been given (or where you have chosen) a password which enables you to access services, you are responsible for keeping this password confidential. Please do not share your password with anyone.

If you think that there has been any loss or unauthorised access to personal data of any individual, please let us know immediately.

In some circumstances we may need to transfer personal data outside of the country where it was originally collected. We will always undertake such transfers in accordance with data protection laws.

We may transfer Personal Data outside of your home country; however, we will always ensure that this is done in compliance with the relevant laws of your country.

We will normally use and share personal data outside of your country for the following reasons:

  • to carry out corporate oversight of our global business organisation
  • to provide shared services in certain functions such as HR, Talent Acquisition, Finance, Marketing, Legal, Privacy and IT
  • to deploy certain tools and resources across the global organisation
  • to facilitate interactions between our employees across our global locations
  • to work with our group companies

It is important to be careful when visiting third party websites and when providing personal data to third parties. We have no control over third party websites that you may access.

Websites that you access via a link on the Morgan McKinley website are outside our control and are not covered by this Data Protection Statement. If you access other websites using the links provided, the operators of these websites may collect Personal Data from you, which will be used by them in accordance with their own Data Protection Statements, which may differ from ours. Please check the Data Protection Statements on those websites before you submit any Personal Data to them.

Please see our separate Cookie Notice available at for further information.

We will update the date on this Data Protection Statement when we make changes to it.

We will post any changes to this Data Protection Statement on the Website and when doing so will change the effective date at the top of this Data Protection Statement.

In some cases, we may provide you with additional notice of changes to this Data Protection Statement, such as via email. We will always provide you with any notice in advance of the changes taking effect where we consider the changes to be material.

Please contact us if you have any questions or concerns about how your personal data is being used by us.

Premier Recruitment International UC is available as your central point of contact for all queries at:

Data Protection Officer
Penrose Dock Two, Alfred St,
Victorian Quarter,
Cork, T23 YY09


You have various rights relating to how your Personal Data is used.

Right of access to Personal Data

You have the right to ask for all the Personal Data we have about you. When we receive a request from you in writing, we must give you access to everything we have recorded about you as well as details of the processing, the categories of Personal Data concerned and the recipients of the Personal Data.

We will provide the first copy of your Personal Data free of charge, but we may charge you a reasonable fee for any additional copies.

We cannot give you access to a copy of your Personal Data in some limited cases including where this might adversely affect the rights and freedoms of others.

Right of rectification of Personal Data

You should let us know if there is something inaccurate in your Personal Data.

We may not always be able to change or remove that Personal Data, but we will correct factual inaccuracies and may include your comments in the record to show that you disagree with it.

Right of erasure of Personal Data (right to be forgotten)

In some circumstances you can ask for your Personal Data to be deleted, for example, where:

  • your Personal Data is no longer needed for the reason that it was collected in the first place
  • you have removed your consent for us to use your Personal Data (where there is no other lawful basis for us to use it)
  • there is no lawful basis for the use of your Personal Data
  • deleting the Personal Data is a legal requirement

Where your Personal Data has been shared with others, we will do what we can to make sure those using your Personal Data comply with your request for erasure.

Please note that we cannot delete your Personal Data where:

  • we are required to have it by law
  • it is used for freedom of expression
  • it is used for public health purposes
  • it is used for scientific or historical research or statistical purposes where deleting the Personal Data would make it difficult or impossible to achieve the objectives of the processing
  • it is necessary for legal claims.

Right to restrict what we use your Personal Data for

You have the right to ask us to restrict what we use your Personal Data for where:

  • you have identified inaccurate Personal Data, and have told us of it
  • where we have no legal reason to use the Personal Data, but you want us to restrict what we use it for rather than erase the Personal Data altogether

When Personal Data is restricted it cannot be used other than to securely store the Personal Data and with your consent to handle legal claims and protect others, or where it's for important public interests.

Right to have your Personal Data moved to another provider (data portability)

You have the right to ask for your Personal Data to be given back to you or another service provider of your choice in a commonly used format. This is called data portability.

This right only applies if we are using your Personal Data with consent and if decisions were made by a computer and not a human being. It does not apply where it would adversely affect the rights and freedoms of others.

Right to object

You have the right to object to processing of your Personal Data which is based on public interest or legitimate interest processing. We will no longer process the Personal Data unless we can demonstrate a compelling ground for the processing.

Right not to be subject to automated decision-making

You have the right not to be subject to a decision based solely on automated processing. This right shall not apply where the processing is necessary for a contract with you, or the processing is undertaken with your explicit consent or the processing is authorised by law.

You can make a complaint

You have the right to lodge a complaint with the local supervisory authority for data protection in the EU member state where you usually reside, where you work or where you think an infringement of data protection law took place.

Please contact us using the following details if you have any questions or concerns:

Premier Recruitment International UC is available as your central point of contact for all queries at:

Data Protection Officer
Penrose Dock Two, Alfred St,
Victorian Quarter,
Cork, T23 YY09


If You consider that the processing of personal data infringes the GDPR or local Data Protection and Privacy Laws, you have the right to lodge a complaint with or consult with your local Data Protection Authority.

We have provided contact details for the relevant Data Protection authorities below, where possible:

You also have the right to lodge a complaint with the Data Protection Commission (DPC) in Ireland
The contact details for the DPC in Ireland are:


Address: 21 Fitzwilliam Square South, Dublin 2, D02 RD28, Ireland

Address: +353 578 684 800

Address: +353 761 104 800

Back to top