- Introduction
Grasp International Recruitment Limited (“Grasp“) is a specialist legal recruitment firm operating internationally, including within the European Union. We take our obligations under the General Data Protection Regulation (“GDPR“) seriously and welcome the opportunity to clarify our data–processing practices.
This response addresses the Litigation Chamber’s request for information regarding the collection of contact details and compliance with requests for access to personal data.
DOS–2025-02855 brief
- How Grasp Collects Contact Information
Grasp collects personal data strictly within a professional recruitment context. Contact details are obtained through the following lawful channels:
- Professional networking platforms (e.g. LinkedIn)
- Publicly accessible law–firm or professional–directory websites, e.g. where our Consultant came across the complainant’s email address.
- Direct applications or CVs submitted to Grasp
- Professional referrals
- Prior professional contact with the data subject
Only business–related contact information is processed, such as:
- Name
- Professional title
- Employer
- Work email address
- Practice area and seniority
Grasp does not collect sensitive personal data for recruitment outreach purposes.
- Legal Basis for Processing
Grasp relies on Article 6(1)(f) GDPR – Legitimate Interests.
Our legitimate interest is:
- Identifying and contacting qualified legal professionals
- In relation to potential career opportunities aligned with their professional profile
This processing is:
- Necessary for recruitment activity
- Expected within the legal profession
- Limited to professional relevance
- Balanced against the rights of the data subject
A legitimate–interest assessment is applied in practice, ensuring that outreach is proportionate and respectful.
- Transparency and Safeguards
Grasp applies the following safeguards:
- Initial contact clearly identifies Grasp as a recruitment firm
- The purpose of contact is explained
- Data subjects are informed of their rights under GDPR
- An opt–out or objection is respected immediately
- No repeated contact once an objection is raised
A privacy notice is made available upon request and can be provided directly to data subjects.
- Retention of Personal Data
Personal data is retained only for as long as it remains professionally relevant.
Where:
- No engagement occurs, data is periodically reviewed and deleted
- A data subject objects or requests erasure, data is removed unless legal obligations require otherwise
- Handling of Requests for Access (DSARs)
Grasp recognises the right of data subjects to access their personal data under Article 15 GDPR.
Requests are handled as follows:
- Requests are logged upon receipt
- Identity is verified where necessary
- A response is provided within the statutory timeframe
In the present case, Grasp acknowledges that the response process did not meet the expected standard. This was due to an administrative oversight rather than an intention to withhold information.
Corrective steps have since been taken to ensure:
- Clear internal escalation of DSARS
- Centralised monitoring of response deadlines
- Improved documentation of responses
7. Conclusion
Grasp remains committed to GDPR compliance and continuous improvement of its data-protection practices. We trust that this response clarifies our position and addresses the Litigation Chamber’s request for information.
We remain at the disposal of the Litigation Chamber should further clarification be required.