Privacy Policy

This policy sets out the basis on which Landrum and Brown (“we”) will process any personal data we collect from individuals (“you”), or that you provide to us. Please read the following carefully to understand our practices regarding your personal data and how we will treat it.  For the purpose of applicable Data Protection Legislation, we are the data controller of the data that you provide to us.  You can contact us by sending email to privacy@landrumbrown.com.

  • How do we collect information?
    • We obtain information from our employees, clients, service providers, and other individuals during the normal course of our business.
    • We obtain information from our job applicants when applying for a job.
    • We obtain information from potential business partners and business intermediaries as set out in the Business Partner Due Diligence Policy.
    • We may collect information that is available in the public domain, including but not limited to: newspaper or online media items, publicly available posts on social media platforms, or business registries.
    • We obtain personal information from you when you inquire about our activities, register with us, send or receive an email, ask a question or otherwise provide us with personal information.
    • We may also receive information about you from third parties that introduce you to us, for example from our service providers or partner organizations who provides us with your information.
    • We may obtain information from you if you “like” our page on Facebook, follow us on X (formerly Twitter) or connect with us on LinkedIn (‘social media platforms’). We would only have access to your information to the extent that you have made it public on those or similar social media platforms.
  • What information do we collect?
    • The personal information we may collect includes but is not limited to name, email address, postal address, telephone number, image, resume/CV information, job title, academic/professional qualifications, employment history, skills, education, references, and military status.
    • We collect additional information from employees, as set out in our Employee Data Privacy Policy;
    • If you are a job applicant, we may collect national identification numbers, nationality, residency, and immigration information.
    • Where allowed by applicable law, we may also collect information relating to health or medical information (including disability), race/ethnic information, and criminal convictions (‘Sensitive Personal Data” for the purpose of Data Protection Legislation). We only collect Sensitive Personal Data to the extent necessary to comply with our employment law obligations or official security purposes, or as otherwise permitted by law. Where required under applicable local law, Sensitive Personal Data will be processed with explicit consent. Additionally, consent to transfers or use of Sensitive Personal Data will be opt-in where local applicable law requires it. Sensitive Personal Data may also be collected when the data has been made public by the individual to whom the data belongs. In situations where Sensitive Personal Data is necessary for reasons of substantial public interest, or the carrying out of obligations or specific rights in the field of employment or social security or social protection law, such data may be processed.
    • For potential business partners and business intermediaries, the information we collect might include shareholder information, percentage of shares ownership information, directors’ information, date of birth, nationality, citizenship status, country of birth, photo/image, and disclosure of any history of criminal activities.
  • How do we use this information?
    • We take steps to ensure that data collected about you and others is relevant, adequate, not excessive, and processed for limited purposes.
    • We will use your personal information:
      • to provide and promote our professional services;
      • to provide you with products or information you have requested;
      • for direct marketing;
      • to maintain our own accounts and records;
      • to evaluate potential job candidates;
      • to comply with applicable laws;
      • to support and manage our employees (see in more detail our Employee Data Privacy Policy); and
      • for the purpose of due diligence as set out in the Business Partner Due Diligence Policy.
    • We take appropriate measures to ensure that the personal information disclosed to us is kept secure, accurate and up to date and kept only for so long as is necessary for the purposes for which it is used.
  • With whom do we share information?
    • We may share your information with other members of the Sidara group of companies, for the purposes listed above. This may require transfers of your information to other countries inside and outside the European Economic Area (EEA).
    • Such transfers may be made with your consent where applicable, and/or as permitted through an applicable adequacy decision or by having an agreement in place with the recipient using the applicable EU Model Contract clauses. Where we do not have consent and no Model Contract or adequacy decision is in place, we only make such transfers as expressly permitted under applicable Data Protection Legislation.
    • We may pass your information to our data processors, agents, and associated organizations for the purpose of providing services to you and for the other purposes listed at paragraph 3 Where we use data processors, we will make sure there are appropriate controls in place to protect your data. This means that all data will be processed in accordance with applicable data protection laws, the Code of Conduct, and this Data Privacy Policy.
    • We may also need to disclose your information to third parties if required by law (for example to government bodies and law enforcement agencies) or if we have your permission to do so.
    • We may, with your consent, share your information with third parties who request references from us.
  • How long do we keep your information?
    • We keep your information for no longer than is necessary. We will retain your information for any period required by law or contract. Where we are not under a legal obligation to retain your information, we will determine what is necessary by reference to the lawful basis for processing set out above and our legitimate interests.
    • If you have any questions about how long we keep your information, please contact us at the email address stated at the beginning of this document.
  • How do we protect personal information?

We take appropriate technical and organizational measures to ensure that the information disclosed to us is kept secure, accurate, and up to date and kept only for so long as is necessary for the purposes for which it is used.

  • Your rights
    • You have a right to ask us to confirm whether we are processing information about you, and to request access to this information (‘right of access’).
    • You also have the right to be informed of the safeguards we have in place relating to any transfers of your information to another country or to an international organization.
    • You may ask us, or we may ask you, to rectify information you or we think is inaccurate, and you may also ask us to remove information which is inaccurate or complete information which is incomplete (‘right to rectification’). If you inform us that your personal data is inaccurate, we will inform relevant third parties with whom we have shared your data so they may update their own records.
    • You have a right to ask us to restrict our processing of your information (‘right to restriction’) if:
  • you contest its accuracy, and we need to verify whether it is accurate;
  • the processing is unlawful, and you ask us to restrict use of it instead of erasing it;
  • we no longer need the information for the purpose of processing, but you need it to establish or defend legal claims;
  • you have objected to processing of your information being necessary for the performance of a task carried out in the public interest, or for the purposes of our legitimate interests. The restriction would apply while we carry out a balancing act between your rights and our legitimate interests; or
  • you exercise your right to restrict processing, but we still need to process your information for the purpose of exercising or defending legal claims, protecting the rights of another person, or public interest reasons.
    • You have a right to obtain your personal data from us and reuse it for your own purposes, perhaps for another service, without hindering the usability of the data (‘right of portability’). This right does not apply where processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us.
    • You have a right to seek the erasure of your data (often referred to as the ‘right to be forgotten’). You may wish to exercise this right for any reason, for example where it is no longer necessary for us to continue holding or processing your personal data you may withdraw your consent. You should note that we are entitled to and reserve the right to retain your data for statistical purposes. This right is not absolute, as we may need to continue processing this information, for example, to comply with our legal obligations, or for reasons of public interest.
    • You have the right to lodge a complaint with a supervisory authority in your region.
    • If you wish to exercise these rights, contact us using our contact details above.
  • Changes
    • If your personal details change, please help us to keep your information up to date by notifying us at the above address. This does not affect any HR process or system already in place with regards to notification of any change in personal data.

We may change the terms of this Data Privacy Policy from time to time.  Where such changes affect the purposes for which we use your personal information we will let you know.