Privacy Notice to Candidates (UK, EU and Switzerland)

Effective Date: 8 April 2024

KKR respects your privacy and is committed to protecting your personal information. This privacy notice informs you about how we look after your personal information and tells you about your privacy rights and how the law protects you. This notice applies to you only if you are based in the United Kingdom, Switzerland or a member state of the European Union or the European Economic Area.

This privacy notice is provided in a format so that you can find relevant information using the following table of contents.

IMPORTANT INFORMATION
DATA PROTECTION PRINCIPLES
WHAT PERSONAL INFORMATION WE HOLD ABOUT YOU
HOW IS YOUR PERSONAL INFORMATION COLLECTED?
PURPOSES FOR WHICH WE USE YOUR PERSONAL INFORMATION
HOW WE USE PARTICULARLY SENSITIVE PERSONAL INFORMATION
INFORMATION ABOUT CRIMINAL CONVICTIONS
AUTOMATED DECISION-MAKING (INCLUDING PROFILING)
DATA SHARING
DATA SECURITY
DATA RETENTION
YOUR RIGHTS IN RELATION TO YOUR PERSONAL INFORMATION

1. IMPORTANT INFORMATION

KKR respects your privacy and is committed to protecting your personal information.

This privacy notice describes how we collect and use personal information about you during and after your application to work with KKR in accordance with the General Data Protection Regulation (“GDPR”) and the Swiss Federal Act on Data Protection (“FADP”), as applicable. References to the GDPR in this privacy notice include the GDPR as it forms part of the laws of the United Kingdom of England and Wales, Scotland and Northern Ireland (sometimes referred to as the “UK GDPR”).

This privacy notice applies to all candidates for positions with KKR in a member state of the European Union or the European Economic Area, the United Kingdom or Switzerland. If you are successful in your application to KKR, we will provide you with a different privacy notice.

This privacy notice is issued on behalf of the KKR Group so when we mention “KKR”, “we”, “us” or “our” in this privacy notice, we are referring to the relevant entity in the KKR Group responsible for processing your personal information.

Depending on which company in the KKR Group you have applied to (for further details, please see below as appropriate), that company is responsible for this privacy notice and is the controller. This means that we are responsible for deciding how we hold and use personal information about you. We are required under the GDPR and FADP to provide you with the information contained in this privacy notice.

If you have any questions about this privacy notice, including any requests to exercise your legal rights, please contact the Data Privacy Team at dataprivacyoffice@kkr.com or using the details set out below for the location relevant to you.

You have the right to make a complaint at any time to the relevant data protection authority. We would, however, appreciate the chance to deal with your concerns before you approach the data protection authority, so please contact us in the first instance.

If you are applying for a role in the United Kingdom, please click here for further details.

If you are applying for a role in the Republic of Ireland, please click here for further details.

If you are applying for a role in Luxembourg, please click here for further details.

If you are applying for a role in Spain, please click here for further details.

If you are applying for a role in France, please click here for further details.

If you are applying for a role in Germany, please click here for further details.

If you are applying for a role in Sweden, please click here for further details.

If you are applying for a role in Switzerland, please click here for further details.

This notice does not form part of any contract of employment or other contract to provide services.

It is important that you read this notice, together with any other privacy notice we may provide on specific occasions when we are collecting or processing personal information about you, so that you are aware of how and why we are using such information.

We reserve the right to update this privacy notice at any time. When we make any substantial updates, we will provide you with a new privacy notice or notify you in other ways from time to time about the processing of your personal information.

2. DATA PROTECTION PRINCIPLES

We will comply with data protection law. This means that the personal information we hold about you must be:

used lawfully, fairly and in a transparent way;
collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes;
relevant to the purposes we have told you about and limited only to those purposes;
accurate and to the extent appropriate, kept up to date;
kept only as long as necessary for the purposes we have told you about; and
kept securely.

3. WHAT PERSONAL INFORMATION WE HOLD ABOUT YOU

Personal information, or personal data, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).

There are more sensitive types of personal information which require a higher level of protection, known as ‘special categories of personal data’ under the GDPR and FADP.

Please see below for a list of the categories of personal information about you that we may collect, store, and use:

Personal contact details such as name, title, addresses, telephone numbers, and personal email addresses
Date of birth
Gender
Nationality
Current salary, annual leave, pension and benefits information
Current notice period
Desired start date with KKR
Desired office location
Recruitment information (including copies of right to work documentation, references, the contents of online job applications that you complete and other information included in a CV or cover letter or as part of the application process) as well as any other personal information that you voluntarily choose to provide to us in connection with your application.
Employment records (including job titles, responsibilities, work history, working hours, language capabilities, skills, training records, appraisal and fitness and propriety records and professional memberships)
Compensation history
Social media handles and contents of social media profiles and posts (e.g. LinkedIn)
Visual images and photographs required for business purposes
Where you communicate with members of our personnel by email, metadata relating to information stored or communicated via Microsoft Outlook on KKR’s IT systems which may be analysed to obtain insights about KKR’s relationships with third parties for business development purposes.
If you visit our offices:
- Information collected and used by us as part of operating physical security measures at our premises, including, CCTV footage and other security‐related information obtained through electronic means such as access key card records.
- Footage collected via video conference call cameras that are installed in meeting rooms at KKR’s offices for the coordination of video conferencing. These cameras are only used by the IT team for meeting logistics and coordination. A live video feed with no audio capability is accessible via password by authorized members of the IT team. The feed is managed entirely within the KKR network and no footage is stored or recorded.

Please see below for a list of the ‘special categories’ of more sensitive personal information about you that we may collect, store, and use:

Information voluntarily provided by you about your race or national or ethnic origin, religious, philosophical or moral beliefs, your sexual life or sexual orientation or your gender self‐identification, to ensure meaningful equal opportunity monitoring and internal reporting.
Information voluntarily provided by you about your physical or mental health, health conditions or disability status, to ensure your health and safety in the workplace, including, maintaining health and safety records. In the event of a pandemic, subject to our compliance with applicable legal requirements, if you will be visiting our offices, we may also process limited information about your health (e.g. vaccination status) to assist in the control of infectious diseases.
Information voluntarily provided by you about your physical or mental health, health conditions or disability status to enable us to make reasonable adjustments in connection with your application (e.g. accessibility or occupational health related) or address other special requirements (e.g. dietary requirements).
Information about criminal convictions and offences.
Any other sensitive information that you may choose to voluntarily provide to us in connection with your application.

4. HOW IS YOUR PERSONAL INFORMATION COLLECTED?

We collect personal information about candidates through the application and recruitment process, either directly from you or sometimes from a recruitment agency. Recruitment agencies may collect and use your personal information for the purposes of introducing you as a candidate to KKR. In connection with this, the recruitment agency acts as an independent controller of your personal information and so is subject to obligations to make its own separate privacy notice available to you.

We may sometimes collect additional information from third parties, including, former employers, credit reference agencies or other background check agencies.

If a job offer is made and you accept it, we will then arrange for our service provider to conduct a background check by collecting personal information directly from you. The amount and types of personal information collected and processed as part of the background check will depend on the nature of the role to which you applied and where the role is located.

We will collect additional personal information about you throughout the period of your application process, for example, during interviews or recruitment tests.

5. PURPOSES FOR WHICH WE USE YOUR PERSONAL INFORMATION

We will only use your personal information when the law allows us to. Most commonly, we will use your personal information in the following circumstances:

to take steps prior to entering into a contract with you (for example your employment contract, consultancy contract or partnership agreement);
where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests; or
where we need to comply with a legal or regulatory obligation.

We may also use your personal information in the following situations, which are likely to be rare:

where we need to protect your interests (or someone else’s interests);
with your explicit consent; or
where applicable laws permit us to process the data because it is in the public interest.

We have set out below, in a table format, a description of the ways we may use your personal information, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are for processing your personal information where appropriate.

Note that we may process your personal information under more than one lawful basis depending on the specific purpose for which we are using your data. Please contact us if you need details about the specific lawful bases that we are relying on to process your personal information where more than one has been set out in the table below.

PURPOSE/ACTIVITY	LAWFUL BASIS FOR USING THE PERSONAL INFORMATION INCLUDING, WHERE APPLICABLE, THE BASIS OF THE LEGITIMATE INTEREST	WHO WILL RECEIVE THE PERSONAL INFORMATION AND WHERE?
We may need to process your personal information to carry out pre-joining checks. Depending on the position for which you have applied, the location of that position and your previous address history, such pre-joining checks may include: Reviewing information regarding criminal convictions or offences that is voluntarily disclosed or obtained through official criminal record checks Reviewing credit record history obtained through background checks Reviewing references and your response to any fitness and propriety questionnaire Checking you are legally entitled to work in the location where you will be based	Compliance with a legal obligation Legitimate Interests (of assessing your suitability as a candidate)	Providers of employment screening, regulatory technology services, and document management system providers KKR Group companies The above may be in the United States and other locations globally
Making a decision about your candidacy, recruitment or appointment (including, arranging interviews with you)	Legitimate Interests (of assessing your candidacy for the role for which you have applied) Contract (steps prior to entering into a contract with you)	KKR Group companies The above may be in the United States and other locations globally
Onboarding and determining the terms on which you work for us	Contract (steps prior to entering into a contract with you) Legitimate Interests (of negotiating appropriate terms with prospective members of staff)	Cloud based human resources platform KKR Group companies The above may be in the United States and other locations globally
Facilitating travel to interviews and recruitment tests	Legitimate interests (to facilitate the assessment of prospective members of staff)	Travel agents Transport, accommodation providers and other local services Embassies / consulates for visa / work permit and similar applications and advisers Travel expense, payment and invoice management providers Travel security and risk consultants Travel medical advisers, such as, in the event of a pandemic, vaccination clinics Relocation advisers and service providers KKR Group companies The above may be in the United States and other locations globally
Assisting with accessibility and making reasonable adjustments	Compliance with a legal obligation Legitimate interests (of ensuring accessibility and making reasonable adjustments for job candidates)	KKR Group companies Occupational health consultants The above may be in the United States and other locations globally
Live video conferencing cameras in meeting rooms to facilitate interview logistics and coordination	Legitimate interests (to facilitate interviews with candidates)	KKR Group Companies Third party (including cloud) IT Providers Telecoms providers The above may be in the United States and other locations globally
Addressing whistleblowing	Legitimate interests (to protect the interests of KKR and other staff)	KKR Group Companies Whistle-blowing hotline providers Regulators The above may be in the United States and other locations globally
To prevent fraud, insider trading or crimes.	Legitimate interests (to indicate possible criminal acts or threats to public security and transmitting the relevant personal information to a competent authority)	KKR Group companies Police, regulators, legal authorities Regulatory technology providers including trade/transaction monitoring and reporting The above may be in the United States and other locations globally
Monitoring time of entry to office by security access system and access controls Special notice for Switzerland: If you apply for a role in Switzerland and visit our offices, data is not collected for these purposes by KKR in relation to KKR’s Swiss offices. However, for security‐related purposes, please be aware that data may be collected for these purposes by or on behalf of the landlord acting as an independent data controller. For information about such data collection activities carried out by the landlord, please refer to the landlord’s applicable privacy notice.	Legitimate interests (to secure our facilities) Compliance with a legal obligation (access controls to protect information)	KKR Group companies Third party (including cloud) security providers The above may be in the United States and other locations globally
Managing health and safety in the workplace, including maintaining details of accidents at KKR	Compliance with a legal obligation. Legitimate interests (of ensuring health and safety in the workplace)	KKR Group companies Third party (including cloud) facilities and medical providers Insurers The above may be in the United States and other locations globally
Video images of you in the office from CCTV cameras Special notice for Switzerland: If you apply for a role in Switzerland and visit our offices, data is not collected for these purposes by KKR in relation to KKR’s Swiss offices. However, for security‐related purposes, please be aware that data may be collected for these purposes by or on behalf of the landlord acting as an independent data controller. For information about such data collection activities carried out by the landlord, please refer to the landlord’s applicable privacy notice.	Legitimate interests (to secure our facilities)	KKR Group companies Third party (including cloud) security providers Law enforcement authorities, regulators The above may be in the United States and other locations globally
Complying with legal or regulatory obligations or requests	Compliance with a legal obligation Legitimate interests (of ensuring that we comply with the legal and regulatory obligations applicable to our business)	Regulators and governmental agencies Lawyers Accountants Regulatory advisers The above may be in the United States and other locations globally
For administrative purposes within the KKR Group (for example to process candidates’ travel expenses we have agreed to reimburse)	Legitimate interests (for internal administrative purposes)	KKR Group companies The above may be in the United States and other locations globally
Equal opportunities monitoring	Legitimate interests (of carrying out equal opportunities monitoring)	KKR Group Companies Third party providers of HR software The above may be in the United States and other locations globally

Some of the above lawful bases for processing will overlap and there may be several bases which justify our use of your personal information.

If you fail to provide personal information

If you fail to provide certain information when requested, we may not be able to take the necessary steps prior to entering into a contract with you (such as your employment contract or services contract), or we may be prevented from complying with our legal obligations (such as to ensure the health and safety of candidates or our staff).

Change of purpose

We will only use your personal information for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal information for an unrelated purpose, where necessary we will notify you and we will explain the legal basis which allows us to do so.

Please note that we may process your personal information without your knowledge or consent where this is required or permitted by law.

6. HOW WE USE PARTICULARLY SENSITIVE PERSONAL INFORMATION

“Special categories” of particularly sensitive personal information require higher levels of protection. In addition to the lawful basis set out above, we need to have a further justification for collecting, storing and using this type of personal information (to the extent required by applicable law).

The justifications for KKR processing special categories of personal information are as follows:

with your explicit written consent;
where we need to carry out our legal obligations; or
where applicable laws permit us to carry out the processing because it is in the public interest, such as, for equal opportunities monitoring, public health, in relation to our occupational pension scheme or for the purposes of detecting or preventing unlawful acts.

Less commonly, we may process this type of information where it is needed in relation to legal claims or where it is needed to protect your vital interests (or someone else’s vital interests) and you are not capable of giving your consent, or where you have already made the information public.

The purposes for which we may use particularly sensitive personal information

We may use your particularly sensitive personal information in the following ways:

We may use information voluntarily provided by you about your race or national or ethnic origin, religious, philosophical or moral beliefs, your sexual life or sexual orientation or your gender self‐identification, to ensure meaningful equal opportunity monitoring and internal reporting.
We may use information voluntarily provided about your physical or mental health, health conditions or disability status, to ensure your health and safety in the workplace, including, maintaining health and safety records. In the event of a pandemic, subject to our compliance with applicable legal requirements, if you will be visiting our offices, we may also process limited information about your health (e.g. vaccination status) to assist in the control of infectious diseases.
We may use information voluntarily provided about your physical or mental health, health conditions or disability status to enable us to make reasonable adjustments in connection with your application (e.g. accessibility or occupational health related) or address other special requirements (e.g. dietary requirements).
We may use any other sensitive personal information you voluntarily choose to provide to us to the extent necessary in connection with processing your application.

Do we need your consent to use particularly sensitive information?

We do not need your consent if we use special categories of your personal information in accordance with our written policy to carry out our legal obligations or exercise specific rights in the field of employment law. In limited circumstances, we may approach you for your written consent to allow us to process certain particularly sensitive data. If we do so, we will provide you with full details of the information that we would like and the reason we need it, so that you can carefully consider whether you wish to consent. You should be aware that it is not a condition of your entering into a contract with us that you agree to any request for consent from us and once given, you may withdraw your consent at any time.

7. INFORMATION ABOUT CRIMINAL CONVICTIONS

We may only use information relating to criminal convictions where the law allows us to do so. This will usually be where such processing is necessary to carry out our obligations and provided we do so in line with the KKR Group European Data Protection Policy.

Less commonly, we may use information relating to criminal convictions where it is necessary in relation to legal claims, where it is necessary to protect your interests (or someone else’s interests) and you are not capable of giving your consent, or where you have already made the information public.

Where appropriate, depending on the role for which you have applied and where it is located, we will collect information about criminal convictions as part of the recruitment process, including, as applicable for senior managers and certified persons as part of the annual fitness and propriety assessment process. We may use information about criminal convictions and offences in the following ways:

to assess your suitability for pursuing or entering a specified occupation;
as part of the pre-hiring ‘fit and proper’ assessment or other similar regulatory tests for applicants who will be certified persons or senior managers under financial services regulations; or
as part of the ongoing assessment of fitness and propriety under the senior manager and certification regime or similar regimes under financial services regulations.

Where applicable, we are allowed to use your personal information in the above described ways to exercise employment rights and comply with legal obligations. We have in place an appropriate policy and safeguards which we are required by law to maintain when processing data for these purposes.

8. AUTOMATED DECISION-MAKING (INCLUDING PROFILING)

Automated decision-making (including profiling) takes place when an electronic system uses personal information to make a decision without human intervention. We do not envisage that any decisions will be taken about you using automated means, however, we will notify you in writing if this position changes.

You will not be subject to decisions that will have a significant impact on you based solely on automated decision-making (including profiling) unless we have a lawful basis for doing so and we have notified you.

9. DATA SHARING

We seek to share your personal information with third parties only where we believe it is necessary or consistent with our legitimate interests, including third-party service providers and other KKR Group companies.

We require third parties to respect the security of your personal information and to treat it in accordance with the law. We use a range of third parties from time to time to provide a wide range of services, including telecoms, IT, courier, HR, security, legal, accountancy, data, and catering services.

We may transfer your personal information outside the European Union, European Economic Area, Switzerland or the United Kingdom and, when we do, you can expect a similar degree of protection in respect of your personal information.

Why do we share your personal information with third parties?

We will share your personal information with third parties where required by law, where it is necessary to administer our relationship with you or where we have another legitimate interest in doing so. “Third parties” includes third-party service providers (including contractors and outsourced service providers) and other KKR Group companies worldwide.

Which third-party service providers use your personal information?

Please see the column ‘Who will receive the personal information and where?’ in the table at section 5 (Purposes for which we use your personal information) above for information about the types of third-party service providers that may process your personal information.

How secure is your personal information with third-party service providers and other companies in our group?

All our third‐party service providers and other companies in KKR Group are required to take appropriate security measures to protect your personal information in accordance with the GDPR and FADP, as applicable. Except where needed for their own direct relationship with you or where they otherwise act as a controller of your personal information, we do not allow our third‐party service providers to use your personal data for their own purposes. Where service providers are engaged by us to process data on our behalf, we only permit them to process your personal data for specified purposes and in accordance with our instructions.

All KKR Group companies maintain cybersecurity policies and the KKR Group invests significant resources in cybersecurity.

When do we share your personal information with other companies in the KKR Group?

We will share your personal information with other companies in the KKR Group for internal administrative purposes or where your application relates to a role in a team that contains KKR colleagues located across different offices.

When do we share your personal information with any other third parties?

We may share your personal information with other third parties, for example in the context of the possible sale or restructuring of the business. If needed to comply with law and regulations, we will also need to share your personal information with our auditors, regulators, any governmental agencies or otherwise.

When do we transfer your personal information outside Europe?

When we share your personal information within the KKR Group, this may involve transferring your personal information within and outside the United Kingdom (UK), Switzerland or the European Union (EU)/European Economic Area (EEA).

Many of our third‐party service providers are based outside, or have operations outside, the EU/EEA, Switzerland, or the UK so their processing of your personal information may involve the transfer of your data outside the EU/EEA, Switzerland, or the UK.

Special notice for data transfers from Switzerland: The processing of your personal information by KKR Switzerland LLC (if applicable) may involve the transfer of your data to KKR Group companies and third parties (as described in this privacy notice) located in Europe and North America.

Whenever we transfer your personal information outside of the EU/EEA, Switzerland or the UK, we take steps to procure that such transfer is carried out in compliance with applicable laws and regulations. Unless we are entitled to rely on an applicable exception, we do this by taking steps that have the aim of ensuring an essentially equivalent degree of protection is applied to your data through:

Transferring your personal information to countries that have been deemed to provide an adequate level of protection for personal information by the European Commission or the competent Swiss or UK authorities (as applicable). For further details about adequacy decisions made by the European Commission, see European Commission: Adequacy of the protection of personal data in non‐EU countries. The list of countries that are considered to offer adequate protection from a Swiss law perspective is available at https://www.fedlex.admin.ch/eli/cc/2022/568/en#annex_1 .
Using specific contractual terms approved by the European Commission or the competent Swiss or UK authorities (as applicable), including adaptations for compliance with national legislation (if necessary), that give personal data an essentially equivalent level of protection to that which it has in the EEA, Switzerland or the UK. For further details, see European Commission: Model contracts for the transfer of personal data to third countries.
Where we use third‐party service providers based in the US that participate in the EU‐US Data Privacy Framework (which is subject to an adequacy decision by the European Commission), we may transfer data to such providers under that Framework, as well as under any applicable UK or Swiss extension to that Framework that has been approved by the competent UK or Swiss authorities. For further details, see European Commission: EU‐US Data Privacy Framework.

Please contact us (preferably via email at dataprivacyoffice@kkr.com) if you would like further information on the specific mechanisms used by us when transferring your personal information outside of Switzerland, the EU/EEA or the UK.

10. DATA SECURITY

We have put in place appropriate security measures designed to protect personal information. Third parties will only process your personal information where they have agreed to treat the information confidentially and to keep it secure.

We have put in place appropriate security measures to prevent your personal information from being accidentally or unlawfully lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal information to those employees, agents, contractors and other third parties who have a business need to access it. They will only process your personal information on our instructions, and they are subject to a duty of confidentiality.

We have put in place procedures to investigate any suspected data security breach. In the event of an actual data security breach that affects your data, we will comply with any legal obligations that we may have to notify you and/or the applicable regulator(s).

11. DATA RETENTION

How long will you use my information for?

We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for, including, for the purposes of satisfying any legal, accounting, or reporting requirements. To determine the appropriate retention period for personal information, we consider the amount, nature, and sensitivity of the personal information, the potential risk of harm from unauthorised use or disclosure of your personal information, the purposes for which we process your personal information and whether we can achieve those purposes through other means, and the applicable legal requirements.

Should you be unsuccessful in your application, we will retain your application information for a period of up to three years. We retain your application information for this period so that we may take your application information into account as part of considering any future job applications that you may submit, or we may contact you if we consider that a suitable vacancy has arisen. As set out at Section 12 (Your rights in relation to your personal information) below, you may exercise your right to request that we delete information about your past or current applications at any time.

If we carry out a criminal record check as part of processing your application, we will only retain the information obtained where it is lawful to do so, and only for such period as is necessary for compliance with legal or regulatory requirements or to defend ourselves from legal claims.

Should you be successful in your application, we will only transfer personal information to your employment record if it is relevant to your ongoing working relationship with KKR.

In some circumstances we may anonymise your personal information so that it can no longer be associated with you, for example, for equal opportunities monitoring, in which case we may use such information without further notice to you.

Where we retain any personal information relating to you (as set out above), we will retain that information in accordance with KKR’s data retention policy and also delete it in accordance with KKR’s applicable policies and processes.

12. YOUR RIGHTS IN RELATION TO YOUR PERSONAL INFORMATION

Your duty to inform us of changes

It is important that the personal information we hold about you is accurate and current. Please keep us informed if your personal information changes during your working relationship with us.

Your rights in connection with your personal information

Under certain circumstances, under applicable data protection law you have the right to:

Request access to your personal information (commonly known as a “data subject access request”). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.
Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
Request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below).
Object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes.
Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it.
Request the transfer of your personal information which you have provided to us in a structured, commonly used and machine‐readable format to you or a third party nominated by you.

If you want to review, verify, correct or request erasure of your personal information, object to the processing of your personal data, or request that we transfer a copy of your personal information to you or a third party nominated by you, please contact us via dataprivacyoffice@kkr.com.

Circumstances where we may charge a reasonable fee or refuse to comply

You will not have to pay a fee to access your personal information (or to exercise any of the other rights). However, we may, where the relevant law permits, charge a reasonable fee, e.g. if your request for access is clearly unfounded or excessive (for example, for repeat copies). Alternatively, we may refuse to comply with the request in such circumstances.

What we may need from you

We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal information is not disclosed to any person who has no right to receive it.

Your right to withdraw consent

In the limited circumstances where you may have provided your consent to the collection, processing or transfer of your personal information for a specific purpose, you have the right to withdraw your consent to that specific processing at any time. To withdraw your consent, please contact us at dataprivacyoffice@kkr.com or via the other contact details set out at Section 1 (Important Information) above. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law.

Opportunity Knocks

Privacy Notice to Candidates (UK, EU and Switzerland)