Recruitment Privacy Notice


Scope of privacy notice

Like most businesses, we hold and process a wide range of information, some of which relates to individuals who work for us. This Privacy Notice explains the type of information we process, why we are processing it and how that processing may affect you.

The notice focuses on individuals who work for us, whether employed by us or not. It also covers information on those who apply to work for us and former employees.

This Privacy Notice including the Supplementary Information in the annex to this document can be found on the Maven OpsWiki.

This policy covers all maven offices globally to the extent a separate policy on data protection does not exist for a particular jurisdiction.

In the Supplementary Information, we explain what we mean by “personal data”, “processing”, “sensitive personal data” and other terms used in the notice.

In brief, this notice explains:

    • what personal data we hold and why we process it;
    • the legal grounds which allow us to process your personal data;
    • where the data comes from, who gets to see it and how long we keep it;
    • how to access your personal data and other rights;
    • how to contact us.

Personal data – what we hold and why we process it

We process data for the purposes of our business including management, administrative, employment and legal and regulatory purposes. The Supplementary Information provides more specific information on these purposes, on the type of data that may be processed and on the grounds on which we process data. See below for more information on the data we process and our purposes.

Where the data comes from and who gets to see it

Some of the personal data that we process about you comes from you. For example, you tell us your contact and banking details.

Other personal data about you is generated in the course of your work, for example, from your managers, colleagues and customers or others outside our organisation with whom you deal.

Your personal data will be seen internally by managers, HR and, in some circumstances, colleagues. We may also pass your data outside the organisation, for example to third parties you are dealing with and payroll agencies.

Further information on this is provided in the Supplementary Information. See Where the data comes from and Who gets to see your data?

How long do we keep your personal data?

We do not keep your personal data for any specific period but will not keep it for longer than is necessary for our purposes. In general, we will keep your personal data for the duration of your employment and for a period afterwards.

See Retaining your personal data – more information in the Supplementary Information.

International Transfers of personal data (for example outside the EEA)

We may transfer your personal data within and outside the EEA to members of our group and other data processors and controllers.

Further information on these transfers and the measures taken to safeguard your data are set out in the Supplementary Information under Transfers of personal data outside the EEA – more information.

Your data rights

You have a right to make a subject access request to receive information about the data that we process about you. Further information on this and on other rights is in the Supplementary Information under Access to your personal data and other rights. We also explain how to make a complaint about our processing of your data.

Contact details

In processing your personal data, we act as a data controller. Our contact details are as follows:

Data Privacy Team

The Data Privacy team will respond to your queries and will inform and advise employees who are involved in processing data of their obligations under data protection legislation.

Status of this notice

This notice including the Supplementary Information does not form part of your contract of employment and does not create contractual rights or obligations. It may be amended by us at any time.

Supplementary Information

What do we mean by “personal data” and “processing”?

“Personal data” is information relating to you (or from which you may be identified) which is processed by automatic means or which is (or is intended to be) part of a structured manual filing system. It includes not only facts about you, but also intentions and opinions about you.

Data “processed automatically” includes information held on, or relating to use of, a computer, laptop, mobile phone or similar device. It covers data derived from equipment, such as access passes within a building, data on use of vehicles and sound and image data such as CCTV or photographs.

“Processing” means doing anything with the data. For example, it includes collecting it, holding it, disclosing it and deleting it.

“Sensitive personal data” consists of racial or ethnic origin, political opinions, religious or philosophical beliefs, health, sexual orientation, sex life, trade union membership and genetic and biometric data are subject to special protection under EU privacy law.

References in the Privacy Notice to employment, work (and similar expressions) include any arrangement we may have under which an individual provides us with work or services. By way of example, when we mention an “employment contract”, that includes a contract under which you provide us with services; when we refer to ending your employment, that includes terminating a contract for services. We use the word “you” to refer to anyone within the scope of the notice.

Legal grounds for processing personal data What are the grounds for processing?

Under data protection law, there are various grounds on which we can rely when processing your personal data. In some contexts, more than one ground applies. We have summarised these grounds as Contract, Legal obligation, Legitimate Interests and Consent and outline what those terms mean in the following table.


Ground for processing



Processing necessary for performance of a contract with you or to take steps at your request to enter a contract.

This covers carrying out our contractual duties and exercising our contractual rights.

Legal obligation

Processing necessary to comply with our legal obligations.

Ensuring we perform our legal and regulatory obligations. For example, providing a safe place of work and avoiding unlawful discrimination.

Legitimate Interests

Processing necessary for our or a third party’s legitimate interests.

We or a third party have legitimate interests in carrying on, managing and administering our respective businesses effectively and properly and processing your data in connection with those interests.

Your data will not be processed on this basis if our or a third party’s interests are overridden by your own interests, rights and freedoms.


You have given specific consent to processing your data

In general, processing of your data in connection with employment is not conditional on your consent. But there may be occasions where we do specific things such as provide a reference, deduct union dues or obtain medical reports and rely on your consent to our doing so.


Processing sensitive personal data

If we process sensitive personal data about you, as well as ensuring that one of the grounds for processing mentioned above applies, we will make sure that one or more of the grounds for processing sensitive personal data applies. In outline, these include:

    • Processing being necessary for the purposes of your or our obligations and rights in relation to employment in so far as it is authorised by law or collective agreement;
    • complying with health and safety obligations;
    • Processing relating to data about you that you have made public (e.g. if you tell colleagues that you are ill);
    • Processing being necessary for the purpose of establishing, making or defending legal claims;
    • Processing being necessary for provision of health care or treatment, medical diagnosis, and assessment of your working capacity;
    • Processing for equality and diversity purposes to the extent permitted by law.

Further information on the data we process and our purposes

The Core Notice outlines the purposes for which we process your personal data. More specific information on these, examples of the data and the grounds on which we process data are in the table below.

The examples in the table are not exhaustive. For example, although the table does not mention data relating to criminal offences, if we were to find out that someone working for us was suspected of committing a criminal offence, we might process that information if relevant for our purposes.


Examples of personal data that may be processed

Grounds for processing


Information concerning your application and our assessment of it, your references, any checks we may make to verify information provided or background checks and any information connected with your right to work in the UK. If relevant, we may also process information concerning your health, any disability and in connection with any adjustments to working arrangements.


Legal obligation Legitimate interests


Descriptions of your experiences, images and videos of you, testimonials and any other information gathered during employment, work experience or similar recruitment program.

Legitimate interests

Your employment contract including entering it, performing it and changing it.

Information on your terms of employment from time to time including your pay and benefits, such as your participation in pension arrangements, life and medical insurance; and any bonus or share schemes.


Legal obligation Legitimate interests

Contacting you or others on your behalf

Your address and phone number, emergency contact information and information on your next of kin.


Legitimate interests

Payroll administration

Information on your bank account, pension contributions and on tax and national insurance.

Information on attendance, holiday and other leave and sickness absence.


Legal obligation

Legitimate interests

Supporting and managing your work and performance and any health concerns

Information connected with your work, anything you do at work and your performance including records of documents and emails created by or relating to you and information on your use of our systems including computers, laptops or other device.

Management information regarding you including notes of meetings and appraisal records.

Information relating to your compliance with our policies. Information concerning disciplinary allegations, investigations and processes and relating to grievances

in which you are or may be directly or indirectly involved.


Legal obligation

Legitimate interests



Examples of personal data that may be processed

Grounds for processing


Information concerning your health, including self- certification forms, fit notes and medical and occupational health reports.


Changing or ending your working arrangements

Information connected with anything that may affect your continuing employment or the terms on which you work including any proposal to promote you, to change your pay or benefits, to change your working arrangements or to end your employment.


Legitimate interests

Physical and system security

CCTV images.

Records of use of swipe and similar entry cards.

Records of your use of our systems including computers, phones and other devices and passwords.

Legal obligation

Legitimate interests

Providing references in connection with your finding new employment

Information on your working for us and on your performance.


Legitimate interests

Providing information to third parties in connection with transactions that we contemplate or

carry out

Information on your contract and other employment data that may be required by a party to a transaction such as a prospective purchaser, seller or outsourcer.

Legitimate interests

Monitoring of diversity and equal opportunities

Information on your nationality, racial and ethnic origin, gender, sexual orientation, religion, disability and age.

Legitimate interests

Legal Obligation

Consent (If applicable)

Health and safety

Information related to your health, including results of temperature readings, diagnosis and symptoms.

Any information relevant in light of any current epidemics, pandemics or similar including travel history or travel plans.

Legal obligations

Legitimate interests

Consent (if applicable)



Examples of personal data that may be processed

Grounds for processing

Monitoring and investigating compliance with policies and rules – both generally and specifically

We expect our employees to comply with our policies and rules and may monitor our systems to check compliance (e.g. rules on IT Use policies, or reporting to the regulator in respect of regulated trading activity). We may also have specific concerns about compliance and check system and other data to look into those concerns (e.g. log in records,

records of usage and emails and documents, CCTV images trader related data).

Legitimate interests

Legal Obligation

Disputes and legal proceedings

Any information relevant or potentially relevant to a dispute or legal proceeding affecting us.

Legitimate interests

Legal obligation

Trade union check off arrangements

Details of trade union membership and deductions of contributions made at source


Day to day business operations, including Setting up trading relationships with third parties and enabling trading on exchanges customer/client relations.

Information relating to the work you do for us, your role and contact details including relations with current or potential customers or clients.

This may include a picture and/or video of you for internal or external use.

Legitimate interests


Maintaining appropriate business records during and after your employment

Information relating to your work, anything you do at work and your performance relevant to such records.


Legal obligation Legitimate interests


Where the data comes from

  1. When you start employment with us, the initial data about you that we process is likely to come from you: for example, contact details, bank details and information on your immigration status and whether you can lawfully work and emergency contact details. We may also require references and information to carry out background checks. In the course of employment, you may be required to provide us with information for other purposes such as sick pay (and SSP) and family rights (e.g. maternity and paternity leave and pay). If you do not provide information that you are required by statute or contract to give us, you may lose benefits, or we may decide not to employ you or to end your contract. If you have concerns about this in a particular context, you should speak to HR.
  2. In the course of your work, we may receive personal data relating to you from others. Internally, personal data may be derived from your managers and other colleagues or our IT systems; externally, it may be derived from our brokers, service providers, investors or such other persons with whom you communicate by email or other systems.
  3. In the course of your employment, we may obtain sensitive personal data from you regarding your health (e.g. symptoms, temperature readings, diagnosis) where we have a legitimate interest to process this data or where necessary to comply with our health and safety (or other applicable legal) obligations.

Who gets to see your data? Internal use

Your personal data may be disclosed to your managers, HR, finance, tax, investor relations (if you are an employee investor in the fund), compliance and other administrators for employment, administrative, payment and management purposes as mentioned in this document. We may also disclose this to other members of our group.

External use

  1. We will only disclose your personal data outside the group if disclosure is consistent with a ground for processing on which we rely and doing so is lawful and fair to you.
    We may disclose your data if it is necessary for our legitimate interests as an organisation, for example to enable you to trade with certain brokers or to send reports to our many regulators in respect of trading or the interests of a third party (but we will not do this if these interests are over-ridden by your interests and rights in particular to privacy). We may also disclose your personal data if you consent, where we are required to do so by law and in connection with criminal or regulatory investigations.
  2. Specific circumstances in which your personal data may be disclosed include:

    • Disclosure to organisations that process data on our behalf such as our payroll service, insurers and other benefit providers, our bank and organisations that host our IT systems and data;
    • Disclosure to external recipients of electronic communications (such as emails) which contain your personal data;
    • Disclosure to brokers, exchanges and regulators all in connection with your trading activities (if trading staff) and other job responsibilities (support staff);
    • Disclosure to our fund administrators for KYC and background checks and in order to provide fund investment services;
    • Disclosure to our Fund administrator (if you are an employee-investor);

    • Disclosure on a confidential basis to a potential buyer of our business or company for the purposes of evaluation – but only if we were to contemplate selling.

Retaining your personal data – more information

Although there is no specific period for which we will keep your personal data, we will not keep it for longer than is necessary for our purposes. In general, we will keep your personal data for the duration of your employment and for a period afterwards. In considering how long to keep it, we will take into account its relevance to our business and your employment, either as a record or in the event of a legal claim.

If your data is only useful for a short period (for example, CCTV or a record of a holiday request), we may delete it.

Personal data relating to job applicants (other than the person who is successful) will normally be deleted after 24 months.

Transfers of personal data outside the EEA – more information

In connection with our business and for employment, administrative, management and legal purposes, we may transfer your personal data across the jurisdictions where Maven has a presence, other data processors and controllers. We will ensure that the transfer is lawful and that there are appropriate security arrangements.

If applicable to you, where we do transfer data outside of the EEA to a country not determined by the European Commission as providing an adequate level of protection for personal data, the transfers will be subject to adequate protections under applicable data protection legislation, such as the EU approved model clauses, which you can find by clicking here.

Access to your personal data and other rights

We try to be as open as we reasonably can about personal data that we process. If you would like specific information, please get in touch with us (

You also have a legal right to make a “subject access request”. If you exercise this right and we hold personal data about you, we are required to provide you with information on it, including:

    • Giving you a description and copy of the personal data
    • Telling you why we are processing it

If you make a subject access request and there is any question about who you are, we may require you to provide information from which we can satisfy ourselves as to your identity.

As well as your subject access right, you may have a legal right to have your personal data rectified or erased, to object to its processing or to have its processing restricted. If you have provided us with data about yourself (for example your address or bank details), you have the right to be given the data in machine readable format for transmitting to another data controller. This only applies if the ground for processing is Consent or Contract.

If we have relied on consent as a ground for processing, you may withdraw consent at any time – though if you do so that will not affect the lawfulness of what we have done before you withdraw consent.


If you have complaints relating to our processing of your personal data, you should raise these with HR in the first instance or with our Data Privacy team.You may also raise complaints with the Information Commissioner who is the statutory regulator. For contact and other details ask HR or see: (UK) (HK) (AUS/NSW) (US)

Status of this notice

This notice does not form part of your contract of employment and does not create contractual rights or obligations. It may be amended by us at any time.