Privacy notice – candidates

Who we are

We are Temple Bright LLP, a limited liability partnership registered in England and Wales with registered number OC352276. “Temple Bright” is the business name for the legal practice carried on by Temple Bright LLP. Accordingly, references to “Temple Bright”, “the firm”, “we”, “us” or “our” should be read as referring to Temple Bright LLP.

Purpose of this privacy notice

This privacy notice is addressed to candidates who apply to join the firm. It aims to give you information on how we collect and process your personal data. We are the data controller of your personal data. We are responsible for its security and for ensuring that we use it only for the purposes outlined in this notice. This notice tells you about how we look after your personal data, about your privacy rights and about how the law protects you.

Other privacy notices on our website

There are separate notices relevant to clients and others and users of our website, which can be accessed via our Legal notices page. The notice for website users is also likely to be relevant to you; if you use our website, that notice should be read alongside this one.

Questions and concerns

If you have any questions about this privacy notice or need to contact us in connection with your personal data, including any requests to exercise your legal rights referred to at the end of this notice, please contact Justyn McIlhinney, whom we have appointed as our representative for the purposes of the Data Protection Act 2018 and UK GDPR:

[email protected]

Although you have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (, we would, of course, appreciate the chance to deal with your concerns about data protection directly so please contact us in the first instance.

The data we collect about you

Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data). We may collect, use, store and transfer different kinds of personal data about you which we have grouped together as follows:

  • Identity Data including first name, maiden name, last name, username or similar identifier, marital status, title, date of birth, gender, your job function, your employer or department.
  • Contact Data including postal address, email address and telephone numbers including frequency of contact.
  • Correspondence Data includes email and other correspondence (which may include information included in your CV).
  • Career History Data includes information about your career history, including current and previous roles, where you choose to provide this to us or where such information is available from publicly accessible sources (see below for examples) on a search of your name.
  • Interview Data includes information you share with us in conversations.

How is your personal data collected?

We may collect data about you from different sources, including without limitation:

  • From you.
  • From third parties. It is possible that we may collect your data from other parties, such as recruitment agencies, your named referees or other persons who are connected with you or who have worked with you, as colleagues or otherwise.
  • From publicly accessible sources. It is possible that we may collect your data from publicly available databases or websites, including without limitation Companies House, LinkedIn and other social media platforms, and professional regulation websites such as the Solicitors Regulation Authority and the Law Society.

We may use a range of different collection methods, including without limitation:

  • Communication in person.
  • Communication by phone, email, fax, SMS or any other electronic communication method.
  • Communication by letters, notices, information sheets or any other paper-based communication methods.
  • Your use of our website, social media channels, or other technologies.
  • You visiting us (for example, if you sign in or are recorded on CCTV while visiting our offices, or you give us the registration details of your vehicle).

How we use your personal data

We will only use your personal data when the law allows us to. Most commonly, we will use your personal data:

  • To assess your skills, qualifications, and suitability for the role.
  • To carry out background and reference checks, where relevant.
  • To communicate with you about the recruitment process.
  • To keep records related to our recruitment process.
  • Where we need to comply with a legal or regulatory obligation.
  • Where you have given us your express consent for use of your data in connection with a particular purpose.

We need to process your personal data to decide whether to enter into a contract with you.

Having received your CV and covering letter, we will then process that information, and we may also collect further personal data from the sources and using the methods referred to above (“How is your personal data collected?”), to decide whether you meet the basic requirements to be considered for the role. If you do, we will decide whether your application is strong enough to invite you for an interview. If we decide to call you for an interview, we will use the information we have already collected, together with information which you provide to us at the interview, to decide whether to offer you the role. If we decide to offer you the role, we may then take up references and/or collect further personal data before confirming your appointment.

If you fail to provide personal data

If you fail to provide information when requested, which is necessary for us to consider your application (such as evidence of qualifications or work history), we will not be able to process your application successfully. For example, if we require references for this role and you fail to provide us with relevant details, we will not be able to take your application further.

Disclosures of your personal data

For the purposes set out above (“How we use your personal data”), we may need to share your personal data with appropriate third parties, including without limitation:

  • Our IT support and hosting companies, providing us with IT services.
  • Other business partners, suppliers and sub-contractors with whom we work.
  • Google Analytics or similar, for analysis of website use (see the separate privacy notice for website users found on our Legal notices page).
  • Our professional advisers.
  • Third parties to whom we may sell, transfer, or merge parts of our business, or whose businesses we may acquire in whole or in part (or third parties with whom we are considering doing any of the foregoing). If a change happens to our business, the new owners may use your personal data in the same way as set out in this privacy notice.
  • Relevant public bodies including without limitation courts and regulators.
  • Other businesses associated with us (such as Source Professional Support Limited).

As far as lies within our power, we require all third parties to respect the security of your personal data and to treat it in accordance with the law.

We may allow Source Professional Support Limited to use your personal data for equivalent purposes to those for which we use your personal data (as detailed above), subject to that company’s own privacy policy which can be found here. Source Professional Support Limited may also provide us with certain services from time to time and in so doing, may process your personal data.

Subject to the foregoing points which are specific to Source Professional Support Limited, we do not allow our third party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.

International transfers

To the extent that our third party service providers may have servers or operations based outside the UK or the European Economic Area, we ask that they have appropriate protections in place so that we know all data will be looked after as though it were subject to the UK’s laws on data protection. Should you need further details on which third party processors we use that are based outside the UK, please let us know.

We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.

Data security

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

Data retention

How long will you use my information for?

Except where you join the firm (in which case we will retain your personal data throughout your membership of the firm and for five years after you leave), we will retain your personal data for a period of six months after the later of: (i) us communicating to you (or a person acting on your behalf) our decision about whether to appoint you to the role, and (ii) you (or a person acting on your behalf) communicating to us your decision about whether to take up the role. We retain your personal data for that period so that we can show, in the event of a legal claim, that we have not discriminated against candidates on prohibited grounds and that we have conducted the recruitment exercise in a fair and transparent way. After this period, we will securely destroy your personal data in accordance with applicable laws and regulations; save that a longer period of retention may apply for any of your personal data which is also subject to one of the other two notices accessed via our Legal notices page, where a longer period of retention for such data is anticipated under that notice.

If we wish to retain your personal data on file, on the basis that a further opportunity may arise in future and we may wish to consider you for that, we will write to you separately, seeking your explicit consent to retain your personal data for a fixed period on that basis. We may also, in any event, retain certain details of your application and our communications with you on file (including your name, contact details and our correspondence with you). This is for reference should there be a future application by you or, in a case where you have joined the firm and worked with our clients, should issues later arise in respect of which it is helpful for us to have such a record available.

Data protection – your obligations

If you send us personal data about anyone other than yourself you will ensure you have any appropriate consents and notices in place to enable you to transfer that personal data to us, and so that we may use it for the purposes for which you provide it to us.

Data protection – your rights

Under certain circumstances, by law you have the right to:

  • Request access to your personal data (commonly known as a “data subject access request”). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
  • Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
  • Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have exercised your right to object to processing (see below).
  • Object to processing of your personal data where we are relying on a legitimate interest (or that of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal data for direct marketing purposes.
  • Request the restriction of processing of your personal data. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it.
  • Request the transfer of your personal data to another party.

If you want to review, verify, correct or request erasure of your personal data, object to the processing of your personal data, or request that we transfer a copy of your personal data to another party, please contact Justyn McIlhinney.

More information on these rights and when they apply is available here:

Right to withdraw consent

When you applied for this role, you provided consent to us processing your personal data for the purposes of the recruitment exercise. You have the right to withdraw your consent for processing for that purpose at any time. To withdraw your consent, please contact Justyn McIlhinney in writing, such as by using the above email address. Once we have received notification that you have withdrawn your consent, we will no longer process your application and, subject to our retention policy, we will dispose of your personal data securely.

EU residents

We have appointed IT Governance Europe Limited to act as our EU Representative. If you wish to exercise your rights under the EU General Data Protection Regulation (GDPR), or have any queries in relation to your rights or privacy matters generally please email our Representative at [email protected] or post your request or query to:

EU Representative, IT Governance Europe, The Mill, Newtown Link Rd, Stagreenan, Drogheda, Co. Louth, A92 CD3D, Ireland

When contacting our Representative please ensure you include our firm name in any correspondence.