1.1 Automated Decision Making: a decision which produces legal effects concerning an Executive or a Candidate or which significantly affects an Executive or a Candidate, and which is based solely on automated processing of Personal Data intended to evaluate certain personal aspects relating to the Executive or Candidate such as his performance at work, reliability, decision-making skills and processes, conduct, etc.

1.2 Candidate: an Executive who is being seriously considered by a Client for a specific job opportunity, who has received information about that position, and who is qualified for and interested in the position; or in the context of a management appraisal or talent review, an employee of a client.

1.3 Client: an organization seeking to recruit or evaluate an Executive via Consulting Activities.

1.4 Consent: There are three types of Consent referred to in this Code:
General Consent, Sensitive Data Consent and Transfer Consent do not necessarily imply or require written or affirmative consent, unless required by applicable national laws.

The terms “Consents” means collectively General Consent, Sensitive Data Consent and Transfer Consent.

All Consents must be freely given, unambiguous, informed and with such specificity as is necessary given the purposes of the Consent. Consents may be obtained verbally, in writing with electronic signatures or via email.

1.5 Consulting Activities: management consulting activities, which consist of:
1.6 Data Subject: The individual whose data are being processed. Data Subjects for purposes of this Code are either an Executive or a Candidate.

1.7 Directive: Directive 95/46 of the European Parliament and of the Council of 24th October 1995.

1.8 European Economic Area (EEA): composed of EU countries, plus Iceland, Norway and Liechtenstein. The EU Directive 95/46/EC is addressed to the member states of the EEA.

1.9 Executive: a natural person who has submitted Personal Data or a natural person who has been included in the Firm’s database following research or market networking, and who in each instance is qualified to be considered by the Firm for an executive position with a Client, and who has not yet been determined to be a Candidate.

1.10 Essential Information includes the following:
1.11 Final Candidate’s Evaluation Report: written report made by the executive search consultant to the Client on the career history of a Candidate and containing the consultant’s evaluation and/or opinion of the Candidate’s qualifications and fit for a specific job position and Reference Checks.

1.12 Firm: Egon Zehnder International.

1.13 Notes: the notes and comments of the executive search consultant(s) regarding an Executive or a Candidate, including, without limitation, summaries of interviews with the Executive or Candidate.

1.14 Personal Data: any information relating to an identified or identifiable natural person (i.e. an Executive or Candidate). An identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to his/her physical, physiological, mental, economic, cultural or social identity. For purposes of this Code, Personal Data includes “Non Sensitive Data” [10] and “Sensitive Data” [11]

1.15 Proactive Data Collection: the gathering of Personal Data by use of desk research, networking discussions with sources to identify Executives/Candidates.

1.16 Processing of Personal Data: any operation or set of operations which is performed upon Personal Data, whether or not by automatic means, such as collection, recording, organization, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, blocking, erasure or destruction.

1.17 Reactive Data Collection: the receipt of unsolicited Personal Data from Executives wishing to make contact with the Firm. Such reactive data whether electronic or printed is received via personal delivery, mail, facsimile, email or the Firm’s website.

1.18 Reference Checks: comments and opinions made by former employers, colleagues and other third parties on the Candidate’s experience and strengths and weaknesses against the job specification.

1.19 Source: an individual who may be willing to suggest, refer or comment on an Executive in his field of expertise or industry.

1.20 In this present Code:

2.1 This Code applies to the collection and processing of Personal Data of Executives/Candidates in connection with Consulting Activities.

2.2 This Code only applies to Personal Data processed for the purpose of Consulting Activities.

2.3 The Firm shall process Personal Data fairly and lawfully.

2.4 The Firm will process Personal Data in a manner compatible with the purposes for which such Personal Data were originally collected.

2.5 If the Firm intends to process Personal Data for a purpose different than that for which the Personal Data were originally collected, the Firm should check if the new purpose is compatible with the original purpose. If it is compatible, processing for this new purpose is allowed. If it is not compatible, further processing is only allowed if it is in accordance with applicable data protection laws.

3.1 Unless otherwise precluded by applicable local law, the Firm may collect, the following categories of Personal Data relating to Executives (referred to in this Code as “Non-Sensitive Data”):
3.2 The following categories of Personal Data relating to an Executive/Candidate are referred to in this Code as “Sensitive Data”:

4.1 The Firm will seek not to collect or store Sensitive Data which are excessive for the purpose for which such Sensitive Data are collected.

4.2 When it does collect Sensitive Data, the Firm will:
4.3 The Firm may collect Sensitive Data when necessary for the purposes of carrying out the obligations of the Firm under local employment law [12] or to implement national or local or community policies, such as:
4.4 Sensitive Data cannot be used by the Firm to unlawfully exclude Executives from job opportunities.

5.1 General Consent. General Consent is required to process Personal Data, unless the data processing is otherwise allowed under applicable national law without such consent or as foreseen under Section 5.2 of this Code.
5.2 Proactive Data Collection. In so far as allowed under national law, Proactive Data Collection does not require the Executive’s consent.
5.3. Reactive Data Collection. The processing of Personal Data resulting from Reactive Data Collection does not require Consent from the Executive, because by providing the Firm with unsolicited data, the Executive is deemed to have implicitly consented to the collection and use of his or her Personal Data and agreed to be considered for executive search assignments.
5.4 Sensitive Data Consent. If Sensitive Data Consent is required, it must be obtained by the Firm prior to the processing of such Sensitive Data.

5.5 Transfer Consent. If Transfer Consent is required, it must be obtained by the Firm prior to the transfer of Personal Data to non-EEA countries that have not been determined to provide an adequate level of data protection by the EU Commission.

5.6 Obtaining All Consents At the Same Time. The Firm may obtain all Consents in a single transaction with the Executive. When doing so, the Firm must avoid misleading the Executive by clearly explaining the scope of the various Consents.

6.1 The Firm must provide Executives with the Essential Information as defined under Section 1.10 and provided in this Section. The Essential Information shall be provided at the earliest reasonable opportunity in the search process,
6.2 If disclosure of an Executive’s Personal Data to a Client is envisaged, the Essential Information should be given to the Executive no later than when the Executive becomes a Candidate.

7.1 The transfer of Personal Data to countries not offering an adequate level of protection may take place without a Transfer Consent to the extent the Firm provides appropriate guarantees regarding protection of privacy and fundamental rights and freedom, as well as with regard to the exercise of these rights, in particular by adopting and implementing this Code in all countries in which it operates.

7.2 The transfer of Personal Data to third countries not offering an adequate level of protection may nevertheless take place without a Transfer Consent if in some specific circumstances, the transfer is necessary to comply with a legal obligation imposed on the Firm by an EU or national legal instrument [14].

7.3 The Firm will, despite the worldwide adoption and implementation of this Code, use its best endeavors to obtain a Transfer Consent from the Executive that his Personal Data may be communicated freely within the Firm.

8.1 The Firm will retain Personal Data only as long as necessary to fulfill the purposes for which the Personal Data were originally collected, such as:
8.2 By way of example, data retention is necessary:
8.3 a. The Firm will exercise commercially reasonable efforts to maintain its databases as current and accurate. They will update an Executive’s file by checking Personal Data whenever the Executive is contacted and by encouraging Executives to rectify and correct their Personal Data whenever possible.

9.1 An Executive/Candidate may:
9.2 In all the above cases, the Firm will act on any opt-out request from an Executive/Candidate by removing or suppressing all Personal Data except identification information to ensure that he will not be further contacted. This identification information will not be used for any other purpose than to avoid further contact.

10.1 The Firm ensures Executives’/Candidates’ rights to obtain, upon request and within 30 days unless otherwise stipulated in national laws , the following information:
10.2 The Executive’s right of access covers all the categories of Personal Data listed under Section 3 of this Code as well as the Final Candidate Evaluation Report - if and to the extent such a report exists. It does not include Notes taken during the interview and evaluation process as defined under Section 1.13.

10.3 By exception based upon confidentiality obligations and other individuals’ privacy rights, to be assessed on an ad hoc and individual basis, and provided it is lawful under local law, the Firm may prohibit or limit the right of access to Reference Checks and Sources comments if the Firm believes in good faith that:
10.4 In addition to the Executive’s/Candidate’s right to opt out described in Section 9.1 and Section 9.2, the Firm must act on any request from Executives regarding their right to:

11.1 The Firm will take necessary steps to make its Clients aware of the existence of this Code and of the obligations and rights resulting from it.

12.1 If the Firm would rely on contractors or subcontractors to assist in the performance of Consulting Activities, it shall inform its contractors and subcontractors that they should adhere to this Code of Conduct and comply with national laws.

13.1 The Firm has appointed in each country a person responsible for data administration within the Firm who will:
13.2 The Firm’s data administrators ensure that their processing operations are registered and notified with relevant data protection authorities where necessary under applicable national laws.

14.1 The Firm employs appropriate technical and organizational security measures to adequately protect Personal Data against accidental or unlawful destruction, accidental loss, improper alteration, or unauthorized disclosure or access. Account will be taken of specific requirements set out in national laws, if any, in particular with regard to processing of the Personal Data by electronic networks.

14.2 The Firm has taken steps to provide that Personal Data that are held in the Firm’s databases are password-protected and only accessible by individuals such as employees, contractors or subcontractors authorized to access the Personal Data in the field of their competence and/or employment.

14.3 The Firm has taken steps to provide that Sensitive Data, which are processed under the limited restrictions laid down under Section 4, should only be viewed by those individuals who need to know such information in connection with the performance of their duties.

14.4 The Firm has taken appropriate measures so that Personal Data collected online via the Firm’s website are protected in such a way (through login, passwords and other technology) to prevent unauthorized disclosure or access.

15.1 Unless otherwise permitted under Section 15.2 below, the Firm shall not base its recommendations or evaluations for specific assignments exclusively on Automated Decision Making.

15.2 The Firm may base their recommendations or evaluations for specific assignments exclusively on automated processing of Personal Data intended to evaluate certain aspects relating to the Executive, such as the Executive’s performance, reliability, conduct, et cetera, if that decision, recommendation or evaluation is either:

16.1 This Code of Conduct is valid until it is specifically revoked. The Firm will proactively review this Code and update it if needed to stay in line with future legislation and good practices.