Data Privacy Policy

(A)  This Policy

This Policy is provided by Saxton Bampfylde Hever Limited on behalf of itself, its subsidiaries and its affiliates. Where this Policy refers to “Saxton Bampfylde”, “we”, “us” or “our”, it is referring to the relevant company within the group. It is addressed to individuals outside our organisation with whom we interact, including (but not limited to) Candidates, Client personnel, Participants, Sources and visitors to our websites (together, “you”).

Defined terms used in this Policy are explained further in Section (O) below.

For the purposes of this Policy, Saxton Bampfylde is the Controller. Contact details are provided in Section (N) below.

Please note that this Policy does not apply to the Processing by Saxton Bampfylde of the Personal Data of Saxton Bampfylde employees, contractors, secondees, temporary workers or other staff in connection with the roles they perform for Saxton Bampfylde. A separate privacy internal policy governs such Processing.

This Policy may be amended or updated from time to time to reflect changes in our practices with respect to the Processing of Personal Data, or changes in applicable law. We encourage you to read this Policy carefully, and to regularly check this page to review any changes we might make in accordance with the terms of this Policy. We will notify you of any significant changes.

(B)  Processing your Personal Data

Collection of Personal Data: We may collect Personal Data about you from the following sources:

  • Directly from you (e.g., where you contact us via email or telephone, or by any other means, provide us with information including résumés related to Client opportunities, or subscribe to our publications or updates).
  • We may collect your Personal Data in the ordinary course of our relationship with you (e.g., if we offer to connect you with our Clients we may collect your Personal Data that are related to such Client opportunities, such as your résumé).
  • From other entities within our corporate group, to the extent that they provide it to
  • From our Clients, in connection with Client opportunities in which you are
  • From publicly available sources, including social media to the extent that you choose to make your profile publicly visible.
  • From third parties who provide it to us (e.g., past employers; referees; law enforcement agencies; and providers of assessment services, including psychometric testing where you have consented to such testing).
  • We may, with your prior express written consent, conduct background checks, in accordance with the protections provided by applicable law, and in these circumstances we may receive Personal Data from providers of such services.
  • Via automated technologies when you visit any Saxton Bampfylde website (a “Site”) or use any features or resources available on or through a When you visit a Site, your device and browser will automatically disclose certain information (such as device type, operating system, browser type, browser settings, IP address, language settings, dates and times of connecting to a Site and other technical communications information), some of which may constitute Personal Data. Please see our cookie policy at http://www.saxbam.com/cookies for further details.
  • From providers of social media platforms (such as X, Facebook (Meta) and Instagram) where you share or engage with our content.

Creation of Personal Data: We may also create Personal Data about you, such as records of any interviews you attend.

Personal Data you provide about others: In some circumstances, you may provide us with Personal Data about others. For example, you might act as a Source and provide comments on a Candidate or Participant.

If you provide Personal Data to us about someone else you must ensure that you are entitled to disclose that Personal Data to us and that, without our taking any further steps, we may collect, use and disclose that Personal Data as described in this Privacy Notice.

You must ensure the individual concerned is aware of the various matters detailed in this Privacy Notice, as those matters relate to that individual, including our identity, how to contact us, the way in which we collect and use Personal Data and our Personal Data disclosure practices, that individual’s right to obtain access to the Personal Data and make complaints about the handling of the Personal Data, and the consequences if the Personal Data is not provided.

If you are unable to meet these requirements, please refrain from providing the Personal Data of third parties to us.

Relevant Personal Data: The categories of Personal Data about you that we may Process include:

  • Personal details: This includes Personal Data which relates to your identity such as your given name(s); preferred name; gender; date of birth / age; nationality; photograph and marital status; passport number (where applicable); visa number (where applicable); and work authorisation number (where applicable).
  • Contact details: This includes Personal Data such as your home address; work address; home telephone number; work telephone number; work mobile number; personal mobile telephone number; personal email address; work email address; and social media profile details.
  • Employment records: This includes Personal Data that relates to your employment history such as details of current and former positions held; details of current and former employers; dates of employment; job titles; job locations; subject matter experience; salary and compensation data (including non-salary benefits, bonuses and incentives and other financial information); annual leave information; retirement and pensions information; performance reviews and disciplinary information; compliance with environmental, health, and safety policies, procedures, standards and guidelines; and training and development, and compliance with applicable policies, procedures, standards and guidelines and related
  • Details of referees: details of referees you may provide, including the relationship that you may have with each such referee, and the duration for which you have known each such referee.
  • Background checks: details revealed by background checks conducted in accordance with applicable law and subject to your prior express written consent, including details of past employments, details of residence, credit reference information, and criminal records checks.
  • Views and opinions: your views on Candidates or Participants, where applicable, and views and opinions of Clients regarding your suitability for a particular role within a Client’s organisation.
  • Marketing Data: This includes Personal Data which relates to your advertising preferences, such as information about your preferences in receiving marketing materials from us and our third parties and your communication preferences as well as your personal interests.
  • Information Technology Data: This includes Personal Data which relates to your use of our website, such as your internet protocol (IP) address, login data, traffic data, weblogs and other communication data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access our website.

We also obtain and use certain aggregated data such as statistical or demographic data for any purpose (“Aggregated Data”). Aggregated Data may be derived from your Personal Data but does not directly or indirectly reveal your identity. For example, we may aggregate your Information Technology Data to calculate the percentage of users accessing a specific feature on our website. However, if we re-combine or re-connect Aggregated Data with your Personal Data so that it can directly or indirectly identify you, we treat the combined data as Personal Data which will be used in accordance with this Privacy Notice.

We may also on occasion Process your Special Category Personal Data, including:

  • Health data: This includes Personal Data which may be contained in the results of reports gathered from any psychometric testing you agree to undergo and documentation such as CVs, annual leave information, performance reviews and disciplinary information, and records of compliance with health and safety policies. It also includes any health data that you voluntarily disclose to us, for example in the context of our diversity, equality and inclusion initiatives (Diversity, Equity & Inclusion– Saxton Bampfylde – Global Executive Search & Leadership Consulting).
  • Political opinions or religious or philosophical beliefs: This includes Personal Data which may be contained in records such as your social media presence and
  • Racial or ethnic origin: This includes data which may be contained in documentation such as CVs and voluntary participation in diversity, equality and inclusion initiatives.

We also collect information about criminal convictions and offences, including where we conduct background checks with your prior express written consent.

Lawful basis for Processing Personal Data: In Processing your Personal Data in connection with the purposes set out in this Policy, we may rely on one or more of the following legal bases:

  • we have obtained your prior express consent to the Processing (this legal basis is only used in relation to Processing that is entirely voluntary – it is not used for Processing that is necessary or obligatory in any way). In the event that we rely on your consent, you may at any time withdraw the specific consent you give to our Processing your Personal Please contact us using the contact details set out in section (N) below to do so. Please note even if you withdraw consent for us to use your Personal Data for a particular purpose we may continue to rely on other lawful bases to Process your Personal Data for other purposes;
  • the Processing is necessary in connection with any contract that you may enter into with us, or in order to take steps at your request prior to entering into a contract;
  • the Processing is necessary in order for us to comply with our legal obligations;
  • the Processing is necessary to protect the vital interests of any individual;
  • the Processing is necessary for the establishment, exercise or defence of legal claims; or
  • we have a legitimate interest in carrying out the Processing, which is not overridden by your interests, fundamental rights, or freedoms.

Processing your Special Category Personal Data: Where we are Processing your special category Personal Data one of the following conditions will also apply:

  • you have given your explicit consent to the Processing;
  • the Processing relates to Personal Data which are manifestly made public by you;
  • the Processing is necessary for the establishment, exercise or defence of legal claims;
  • the Processing is necessary for archiving purposes in the public interest; scientific or historical research purposes or statistical purposes;
  • the Processing is necessary to protect an individual’s vital interests where the individual cannot give consent;
  • the Processing is necessary for reasons of substantial public interest; or
  • Processing is necessary in relation to your or our rights in the field of employment and social security and social protection law.

Purposes for which we may Process your Personal Data and the lawful bases

Our Processing of your Personal Data will depend on our relationship with you. This table sets out in more detail the purpose of the Processing activities and which lawful basis we rely on to do so. We have also identified what our legitimate interests are where appropriate.

Read more

(A)  Disclosure of Personal Data to third parties

We may disclose your Personal Data to other entities within our corporate group, for legitimate business purposes. Any such disclosure will only be so that we can Process your Personal Data for the purposes set out in this Privacy Notice.

In addition, we may disclose your Personal Data to:

  • legal and regulatory authorities, upon request, or for the purposes of reporting any actual or suspected breach of applicable law or regulation;
  • our Clients, for the purposes of providing services to those Clients, in accordance with the provisions of this Policy;
  • accountants, auditors, lawyers and other outside professional advisors;
  • third party Processors or service providers (such as providers of background checking services) subject to the requirements noted below in this Section (C);
  • HMRC, legal and other regulators or authorities, including those who request your Personal Data or to report any potential or actual breach of applicable law or regulation;
  • any relevant party, law enforcement agency or court, to the extent necessary for the establishment, exercise or defence of legal rights;
  • any relevant party for the purposes of prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, including the safeguarding against and the prevention of threats to public security; and
  • third parties which are considering or have decided to acquire some or all of our assets or shares, merge with us or to whom we may transfer our business (including in the event of a reorganisation, dissolution or liquidation).

If we engage a third-party Processor to Process your Personal Data, the Processor will be subject to binding contractual obligations, including obligations to: (i) only Process the Personal Data in accordance with our prior written instructions; and (ii) use measures to protect the confidentiality and security of the Personal Data.

(B)  International transfer of Personal Data

Because of the international nature of our business, we may need to transfer your Personal Data to other members of our corporate group, and to third parties as noted in Section (C) above, in connection with the purposes set out in this Policy. For this reason, we may transfer your Personal Data to other countries that may have different laws and data protection compliance requirements to those that apply in the country in which you are located. In particular, your Personal Data may be disclosed to other members of our corporate group, to the extent appropriate, in connection with any Client opportunities in respect of which you are a Candidate, or any Leadership Assessment in which you are a Participant.

In connection with such transfers we will ensure that:

  • there are appropriate safeguards in place such as binding corporate rules or approved model contractual clauses. A copy of the appropriate safeguard can be obtained by contacting us using the contact details set out in Section (N) below; or
  • the transfer is to a country that provides an adequate level of protection; or
  • one of the derogations for specific situations applies to the transfer including explicit consent or necessary for the performance of a contract or exercise or defence of legal claims.

(C) Automated Processing and artificial intelligence

We may on occasion make use of artificial intelligence tools which utilise automated Processing techniques to analyse or collate your Relevant Personal Data in connection with the routine administration of our business. We do not take decisions about you based solely on the use of artificial intelligence or any other form of automated Processing, nor do we use these tools or any other form of automated Processing for the purpose of profiling.

(D)  Data Security

We have implemented appropriate technical and organisational security measures designed to protect your Personal Data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, unauthorised access, and other unlawful or unauthorised forms of Processing, in accordance with applicable law. However, no system can be 100% secure, and so we cannot be held responsible for unauthorised or unintended access that is beyond our reasonable control.

You are responsible for ensuring that any Personal Data that you send to us are sent securely.

(E)  Data Accuracy

It is important that the Personal Data we hold about you is accurate and current and we take all reasonable precautions to ensure that this is the case but we do not undertake to check or verify the accuracy of Personal Data provided by you. Please keep us informed if your Personal Data changes during your relationship with us either by logging onto your account on the website or by contacting us. We will not be responsible for any losses arising from any inaccurate, inauthentic, deficient or incomplete Personal Data that you provide to us.

(F)   Data Minimisation

We take every reasonable step to ensure that your Personal Data that we Process are limited to the Personal Data reasonably required in connection with the purposes set out in this Policy.

(G) Data Retention

We will keep copies of your Personal Data in a form that permits identification only for as long as is necessary in connection with the purposes set out in this Policy, unless applicable law permits or requires a longer retention period, and in accordance with the following criteria.

We will store your Personal Data for the time period which is appropriate in accordance with the following criteria:

  • the on-going business operation / relationship that we have with you;
  • the completion of the purpose for which the Personal Data was given;
  • our legal obligations in relation to that Personal Data and other legal requirements;
  • the type and size of the data held and whether any if it is deemed to be Special Category Personal Data; and
  • our accounting requirements in relation to that Personal

(H) Your legal rights

Subject to applicable law, you may have a number of rights regarding the Processing of your Personal Data, including:

  • the right to request access to, or copies of, your Personal Data that we Process or control;
  • the right to request rectification of any inaccuracies in your Personal Data or, taking into account the purposes of our Processing, to request that incomplete data is completed;
  • the right to request, on legitimate grounds:
    • erasure of your Personal Data that we Process or control; or
    • restriction of Processing of your Personal Data that we Process or control;
  • the right to object, on legitimate grounds, to the Processing of your Personal Data;
  • data portability, to the extent applicable in law;
  • where we Process your Personal Data on the basis of your consent, the right to withdraw that consent; and
  • the right to lodge complaints regarding the Processing of your Personal Data with a Data Protection Authority.

This does not affect your statutory rights.

To exercise one or more of these rights, or to ask a question about these rights or any other provision of this Policy, or about our Processing of your Personal Data, please use the contact details provided in Section (N) below.

(I)  Cookies

A cookie is a small file that is placed on your device when you visit a website (including our Sites). It records information about your device, your browser and, in some cases, your preferences and browsing habits. We may Process your Personal Data through cookie technology, in accordance with our Cookies policy http://www.saxbam.com/cookies.

(J)  Terms of Use

All use of our Sites are subject to our website terms https://www.saxbam.com/legal-disclaimer.

(K)  Your obligations

If, and to the extent that, you are a Candidate or Participant, we rely on you to provide us with complete and accurate Personal Data about you, so that we can provide appropriate services to you and to our Clients.

If, and to the extent that, you are a Source, we rely on you to ensure that you are lawfully able to disclose Personal Data to us, as set out in this Policy.

(L)  Contact details

If you have any comments, questions or concerns about any of the information in this Policy, or any other issues relating to the Processing of Personal Data by Saxton Bampfylde, please contact:

Saxton Bampfylde
The Ministry,
79-81 Borough Road
London
SE1 1DN

data@saxbam.com

(M)  Definitions

  • ‘Candidate’ means a candidate, or potential candidate, for a position with a
  • ‘Client’ means a client of Saxton
  • ‘Controller’ means the entity that decides how and why Personal Data is In many jurisdictions, the Controller has primary responsibility for complying with applicable data protection laws.
  • ‘Data Protection Authority’ means an independent public authority that is legally tasked with overseeing compliance with applicable data protection laws.
  • Leadership Assessment’ means any leadership assessment service (including, but not limited to, any management audit, leadership consulting service, coaching, team development, team effectiveness analysis, or succession planning) provided to a Client for the purposes of assessing the leadership potential of its own Personnel or other individuals selected by the Client.
  • Participant’ means any individual participating in a Leadership
  • ‘Personal Data’ means information that is about any individual, or from which any individual is identifiable. Examples of Personal Data that we may Process are provided in Section (B)
  • Personnel’ means any current, former or prospective employee, consultant, temporary worker, intern, other non-permanent employee, contractor, secondee or other personnel.
  • ‘Process’, ‘Processing’ or ‘Processed’ means anything that is done with any Personal Data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
  • ‘Processor’ means any person or entity that Processes Personal Data on behalf of the Controller (other than employees of the Controller).
  • ‘Special Category Personal Data’ means Personal Data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the Processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation.
  • ‘Source’ means any person that provides any view or opinion regarding the qualities of any Candidate or Participant, for any purpose, including but not limited to the suitability of a Candidate or Participant for a particular role.