01 Overview
Hartwell Search LLC ("Hartwell Search," "we," "us," or "our") is a Delaware-incorporated employment agency conducting recruiting and staffing operations throughout the United States. We serve as the data controller for the personal information addressed in this Privacy Policy.
This Privacy Policy describes the personal information we obtain from candidates, clients, and visitors to our website (hartwellsearch.com), the purposes for which we obtain it, how we use and disclose it, and the rights you hold with respect to it. It covers every individual who interacts with us, whether via our website, email, telephone, or in person at any of our nine US offices.
We adhere to applicable US federal statutes (including Title VII, the ADA, and the FCRA where relevant), state privacy legislation (including California’s CCPA/CPRA, Virginia’s VCDPA, Colorado’s CPA, and Connecticut’s CTDPA), and SOC 2 Type II controls. California residents are encouraged to review our dedicated Your Privacy Choices page as well.
@hartwellsearch.com.
02 Information we collect
2.1 — Information you give us directly
When you apply for a position, provide your résumé, participate in a consultation, or otherwise engage with us, we gather:
- Identifiers such as your full name, postal address, phone number, and email address;
- Professional and employment-related information including résumé/CV, work history, education, certifications, licenses, references, current and target compensation, work authorization status, and notice period;
- Information about your job preferences (industry, geography, remote/hybrid/on-site, seniority);
- Communications and notes we record during our discussions with you;
- Information you share voluntarily for diversity-equity-inclusion analytics, where you have explicitly opted in.
2.2 — Information we receive from third parties
With your permission (and solely where permitted by law), we may obtain information from:
- Professional networking platforms such as LinkedIn, where your profile is publicly available;
- References and previous employers you have authorized us to contact;
- Background-check vendors (FCRA-compliant) when a client’s offer is contingent on a check;
- Our clients, when they refer you to us or share search-specific feedback;
- Publicly available sources such as company websites, news articles, and regulatory filings.
2.3 — Information we collect automatically
When you browse our website, certain technical data is collected automatically via cookies and comparable technologies: IP address, browser type and version, operating system, device identifiers, referring and exit pages, click-through behavior, and time spent on each page. Refer to Section 9 for additional detail.
2.4 — Sensitive personal information
We make every effort to avoid collecting sensitive personal information (as defined under US state laws). We will request such data — for instance, a Social Security Number for an FCRA-compliant background check — only with your explicit consent and only when it is strictly required for a specific search in which you are actively participating. We never ask for banking details, government-issued ID scans, or payment information.
03 How we use information
We process personal information to fulfill the following objectives:
- Search delivery: matching candidates to suitable open roles and presenting qualified candidates to clients;
- Communication: contacting candidates about opportunities, scheduling interviews, and providing updates on active engagements;
- Client engagement: fulfilling our contractual obligations to our retained-search and direct-hire clients;
- Quality & compliance: internal audits, ensuring fair-hiring practices, complying with EEO and state employment laws;
- Aggregate analytics: understanding placement trends, time-to-hire benchmarks, and salary ranges — always in de-identified form;
- Marketing: sending career-relevant communications and market updates (you can unsubscribe at any time);
- Security: preventing fraud and impersonation (see our team directory for verified contacts).
04 Sharing & disclosure
We do not sell personal information. We have never done so and have no intention of doing so. We disclose personal information only in the following circumstances:
- To client employers with whom we are conducting a search, only after you have given us informed consent to be presented for a specific opportunity;
- To service providers bound by written confidentiality and data-processing agreements: applicant-tracking system (Greenhouse), email infrastructure (Google Workspace), background-check vendors (Checkr), payment processors (Stripe, for client billing only), and cloud hosting (AWS us-east-1, SOC 2-compliant);
- To professional advisors such as our attorneys, accountants, and auditors when required for the conduct of our business;
- To law enforcement when compelled by a valid subpoena, court order, or warrant under US law;
- In a corporate transaction — if Hartwell Search LLC is acquired or merged, we will provide notice before personal information is transferred and becomes subject to a different privacy policy.
05 Legal bases for processing
We rely on the following legal bases under US state privacy law to process personal information:
- Consent — when you actively submit your information for a specific search or sign up for our market updates;
- Performance of a contract — to fulfill our engagement letter with the client and our placement obligations with you;
- Legitimate interest — for fraud prevention, security monitoring, and internal quality assurance, balanced against your rights and interests;
- Compliance with legal obligation — for tax reporting, EEO record-keeping, and regulatory audits.
06 Data retention
We keep candidate personal information for as long as reasonably needed to deliver our services, meet our legal obligations, resolve disputes, and enforce our agreements. The specific retention periods are:
| Data category | Retention period |
|---|---|
| Active candidate profile | Indefinitely while you remain available for searches |
| Inactive candidate (no engagement in 36 months) | Anonymized within 6 months unless you request earlier deletion |
| Placed candidate records | 7 years post-placement (EEO & client-audit compliance) |
| Communications & notes | 4 years from last interaction |
| Background-check data (FCRA) | 5 years from check completion, then destroyed |
| Website analytics | 26 months (Google Analytics default) |
You may request earlier deletion at any time using the contact details in Section 13, subject to any legal hold or contractual obligation requiring continued retention.
07 Security measures
We employ administrative, technical, and physical safeguards intended to protect personal information from accidental loss, unauthorized access, modification, or disclosure. Our security program includes:
- SOC 2 Type II certification (audited annually by an AICPA-accredited firm);
- Encryption in transit (TLS 1.3) and at rest (AES-256);
- Access controls based on least-privilege principles, with MFA required for all employees;
- Annual security training for all team members, including phishing awareness;
- Incident response plan with notification within 72 hours of any confirmed breach affecting your personal data;
- Background-checked employees with confidentiality agreements covering candidate data.
No method of internet transmission is completely secure. While we cannot promise absolute security, we work rigorously to implement industry-standard protections.
08 Your rights
Depending on the state in which you reside, you may exercise the right to:
- Access the personal information we hold about you;
- Correct inaccuracies in your information;
- Delete your information (subject to retention obligations above);
- Port your data to another service in machine-readable format;
- Opt out of marketing communications at any time;
- Withdraw consent for ongoing search engagements;
- Non-discrimination — we will not retaliate or refuse service for exercising any of these rights.
California residents have additional CCPA/CPRA rights; see our Your Privacy Choices page. To exercise any right, email privacy@hartwellsearch.com. We will respond within 30 days (45 days for California requests).
09 Cookies & tracking
Our website employs the following categories of cookies:
- Strictly necessary — session and security cookies that cannot be turned off;
- Analytics — Google Analytics 4 for understanding aggregate site usage (IP anonymization enabled);
- Functional — remembers your preferences (e.g. cookie banner acknowledgment);
- Marketing — only used with your explicit opt-in via our cookie banner.
You may adjust your preferences at any time through your browser settings or by selecting "Manage Preferences" in our cookie banner. We recognize the Global Privacy Control (GPC) signal as a valid opt-out request.
10 Children’s privacy
Our services are designed exclusively for adults aged 18 and older who are seeking employment opportunities. We do not knowingly gather personal information from individuals under 18. If we discover that we have collected data from a minor, we will delete it without delay. Please contact privacy@hartwellsearch.com if you believe a minor has submitted information to us.
11 International transfers
Hartwell Search is headquartered in the United States, and all primary data processing takes place domestically. If you are located outside the US and provide information to us, you consent to the transfer of your data to the US for processing. We rely on appropriate safeguards, including Standard Contractual Clauses, where mandated by the laws of your country of residence (e.g., EU/UK GDPR).
12 Changes to this policy
We may revise this Privacy Policy periodically to account for changes in our practices, technology, legal requirements, or other considerations. When we make material changes, we will:
- Update the "Effective" date at the top of this page;
- Notify candidates with an active engagement via email at least 30 days before the change takes effect;
- Post a prominent notice on our website for at least 30 days;
- Maintain prior versions on request for transparency.
13 Contact us
For questions regarding this Privacy Policy or to exercise your data-protection rights, please reach out to our Privacy team:
Hartwell Search LLC · Attn: Privacy Officer
485 Lexington Avenue, 26th Floor
New York, NY 10017
Email: privacy@hartwellsearch.com
Toll-free: +1 (833) 261-4087
Response time: 30 days (45 days for California CCPA/CPRA requests)
If you feel we have not satisfactorily resolved your concern, you may also contact your state Attorney General’s office or, for California residents, the California Privacy Protection Agency at cppa.ca.gov.