Privacy Policy


Tenor Legal, Inc. (“Tenor Legal”) respects your privacy and is committed to protecting your Personal Data.  It is our duty to comply with the various applicable regulations that govern the collection and Processing of Personal Data.

Protecting the personal rights and privacy of each individual is at the core of the foundation of trust in our business relationships and of Tenor Legal’s reputation as an attractive and responsible organization. We recognize the need for appropriate safeguards and management practices in relation to the collection and use of your Personal Data.

We want to ensure that you understand what information we collect about you and how we use it. This Privacy Notice sets out the principles Tenor Legal follows when we collect and Process your Personal Data through your use of our website or when you otherwise engage with Tenor Legal and it applies to our candidates, clients, suppliers, website-users and anyone who participates in our programs, platforms or similar activity.

This website is not intended for children and we do not knowingly collect data relating to children.

We may amend this Privacy Notice from time to time so please visit this page occasionally to ensure that you understand any amendments. If we need your Consent to Process your Personal Data in a different way, we will seek your permission in advance.

Please use the Glossary to help you understand the meaning of some of the terms used.  If you have any questions regarding the Notice, contact us at [email protected].

Who We Are


Tenor Legal, Inc. is legal talent consulting and management firm headquartered at 3344 Peachtree Road NE, Atlanta, GA 30326.

Unless specified otherwise in this Privacy Notice, Tenor Legal is the Data Controller of your Personal Data which means that Tenor Legal decides why and how your Personal Data is Processed. Tenor Legal is the Data Controller responsible for this website.

What Personal Data We Collect And How We Collect It

“Personal Data” is any information about an individual from which that person can be identified. It might include your name, mailing address, email address, telephone number, company, title, site username or site password. It does not include data where the identity has been removed (anonymous data).

We collect, store and Process your Personal Data by different methods depending on whether you are a candidate, client, supplier or website user.


You may be a past candidate or a candidate in Process or you may have participated in our recruitment or other similar events.

How we collect your data:

  • You may provide Personal Data to us by email, post, telephone, during meetings (whether face-to-face or through video conferences) or at our events, through our website, or through other onboarding and/or due diligence questionnaires that we send you; or
  • We may collect your data indirectly or from third parties: through recruitment agencies, social media searches (such as LinkedIn), research companies, client or supplier conversations, or referrals from other third parties.

What data we collect:

  • The Personal Data we collect about candidates includes: first name, maiden name, last name, username or similar identifier, marital status, title, date of birth and gender, right to work, social security/national insurance number, nationality, employment and education history, skills proficiency, references, or qualifications information contained in your resume/CV, or written records of our conversations or meetings.

We do not mandate the collection of any Special Categories of Personal Data about you through this website (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data).

We will ask for your Explicit Consent before we collect Special Category Personal Data, except in circumstances:

  • where required by law;
  • for employment purposes; or
  • where required to carry out criminal or other background checks.


When you are enquiring about or using our services we collect and use information to understand your requirements, agree role specifications, propose candidates, discuss our contract, provide training or consultancy services or to share Tenor Legal content which is likely to be relevant and useful to you.

How we collect your data:

  • You may provide Personal Data to us by email, post, telephone, during meetings (whether face to face or through video-conferences) or through our website; or
  • We may collect it from your colleagues, social media, our network of contacts, others who may know you, event delegate lists or third-party market research.

What data we collect:

  • Data we collect includes the Personal Data of individual contacts who we deal with at your organization such as: name, job title, management level, business relationships, memberships, work history, work address, telephone numbers, and email address or written records of our conversations or meetings.


When supplying services to us or contracting with us we need certain information so that we can receive and pay for the services you provide.

How we collect your data:

  • You may provide Personal Data to us by email, post, telephone, face to face or to our website; or
  • We may collect it from candidates, social media, from our network contacts / others who may know you, event delegate lists or third-party market research.


What data we collect:

  • This includes the Personal Data of individual contacts we engage with at your organization such as: name, job title, work address, telephone numbers, email address or written records of our conversations or meetings.


When you are using our website, which may include when you download content or contact us via our website.

How we collect your data:

  • You may provide Personal Data by completing online registration forms, by applying for roles via our website, or when you create or update any of your marketing preferences; or
  • We may collect your data automatically via cookies, in line with cookie consent, server logs and other similar technologies preferences and settings in your browser.

What data we collect:

  • We collect the information you provide which may include your name and contact details, email address and telephone number, the resume/CV you submitted it to us online.
  • In addition, we collect a limited amount of data which we use to help us to improve your experience when using our website and to help us manage the services we provide. This includes information on how you use our website and the location you view our website from (IP address).


We may wish to record a call or video-conferences with you through software (such as Zoom, Microsoft Teams or RingCentral) as well as use artificial intelligence software (such as Showpad, BrightHire or Chorus) so that we can analyze conversations with you, obtain insight to help us from a business perspective and/or with training Tenor Legal staff. If we intend to record a call or video conference, you will be notified in one or more of the following ways: (i) in the meeting invite that you receive from us; (ii) through a notification from the third-party software provider that we propose to use and/or; (iii) at the beginning of the call or video conference.

  • If you accept the invite, we will consider this to be your Consent to being recorded for the purposes outlined above.
  • If you do not wish for your visual to be recorded, you have the option to switch off your camera during the meeting.
  • If you do not wish for your audio to be recorded, please decline the meeting invite.
  • If you accept the meeting and subsequently change your mind, you have the option to withdraw your Consent by declining the meeting before the meeting commences.


How We Use Your Personal Data

We collect, Process or disclose your Personal Data for our legitimate business purposes including:

  • To provide our services to clients, candidates or web users or to fulfil our contractual obligations;
  • To maintain our business relationships;
  • To match candidate details with client requirements for roles and to send candidates’ Personal Data which may include special category data to clients to fill those roles;
  • To notify candidates of roles which we feel would be of interest to them;
  • To provide candidates with HR related support and services;
  • To market events, promotions, competitions, webinars, reports, our services, news, or relevant industry updates. Depending on which jurisdiction you are in, we may be required to give you an option to “opt-in” and we will always provide you with an option to “opt-out” with each marketing communication;
  • As required by law or regulation;
  • For our business purposes, such as data analysis, audits, fraud monitoring and prevention;
  • To develop new products, services and offerings, or to enhance, improve or modify our products and services; or
  • To record your usage of our website in accordance with our Cookie Notice.


What Is The Legal Basis For Processing Your Data

We rely on the following main grounds to Process Personal Data of candidates, clients, suppliers, web users or other third parties:

  • Necessary for entering into, or performing, a contract – to perform obligations that we undertake in providing a service to you, or to take steps at your request to enter into a contract with us (such as where you are a candidate or a client.
  • Necessary for compliance with a legal obligation – we are subject to certain legal requirements which may require us to Process your Personal Data. We may also be obliged by law to disclose your Personal Data to a regulatory body or law enforcement agency.
  • Necessary for the purposes of Legitimate Interests – we, or a third party, will Process your Personal Data for the purposes of our (or a third party’s) Legitimate Interests, provided we have established that those interests are not overridden by your rights and freedoms, including your right to have your Personal Data protected. Our Legitimate Interests include responding to requests and enquiries from you or a third party, optimizing our website and customer experience, informing you about our products and services and ensuring that our operations are conducted in an appropriate and efficient manner.
  • Consent – in some circumstances, we may ask for your Consent to Process your Personal Data.
  • Necessary to protect the vital interests of the data subject or of another natural person.


Where we need to collect Personal Data as it is necessary for entering into or performing a contract or due to legal obligations and you fail to provide that Personal Data when requested, we may not be able to perform the contract we have or are trying to enter into with you (e.g., to provide you with our services). In this case, we may have to cancel our provision of services and would notify you in advance of doing so.


We will only use your Personal Data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the Processing for the new purpose is compatible with the original purpose, please contact us at [email protected].

If we need to use your Personal Data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so or seek your Consent, providing you with a clear, conspicuous and readily available mechanism for you to exercise choice.

Please note that we may Process your Personal Data without your knowledge or Consent where this is required or permitted by law.

How We Share Your Personal Data

We will not sell or rent to anyone the Personal Data provided to us or obtained by us.

In certain circumstances we will share your Personal Data with other parties. When we do, we take responsibility and bear liability for such sharing in accordance with this Privacy Notice and applicable law.

We may share your data, as applicable, with other entities within Tenor Legal acting as joint controllers or processors. We do this to provide sales and marketing, IT, HR, system administration services, product development and undertake internal reporting. We will also share your Personal Data across Tenor Legal entities to provide candidates to our clients to fulfil client engagements, for business development, to improve our client service and to make our services more valuable to you.

We also share your Personal Data with the following third parties:

  • Service providers acting as processors who provide IT and system administration services, including Salesforce, Workday, OpenAir and Bullhorn;
  • Professional advisers acting as Data Controllers;
  • Regulators and other authorities who require reporting of Processing activities in certain circumstances.
  • Clients who have roles in which you are interested;
  • Trusted third parties who provide employment related services for us, including reference, qualification, and criminal record checking (where required), evaluation or skills tests. In such circumstances we may disclose Special Category data; or
  • Third parties to whom we may choose to sell, transfer, or merge parts of our business or our assets. If a change happens to our business, then the new owners may use your Personal Data in the same way as set out in this Privacy Notice.

We require all third parties to respect the security of your Personal Data and to treat it in accordance with applicable laws. We do not allow our third-party service providers to use your Personal Data for their own purposes and only permit them to Process your Personal Data for specified purposes and in accordance with our instructions.

We also collect, use and share aggregated data such as statistical or demographic data for purposes which include monitoring how we are doing against our Diversity and Equality targets. Aggregated data is not Personal Data as this data does not directly or indirectly reveal your identity. For example, we may aggregate your Personal Data where we are required by law to report on mixes of religious beliefs or political opinions or affiliations.


International Transfers Of Data

We share your Personal Data within Tenor Legal. We may transfer the Personal Data we collect about you to countries outside of the United States. Those countries may not have the same data protection laws as the country in which you initially provided the information. When we transfer your information to other countries, we will protect that information as described in this Privacy Notice.

Tenor Legal has put in place appropriate transfer mechanisms and safeguards to protect Personal Data when it is crossing borders. Due to the number of jurisdictions in which Tenor Legal may operate, the appropriate transfer mechanisms vary and as such Tenor Legal requires that you understand and agree to provide it with Consent to transfer your Personal Data across borders.

Tenor Legal may be subject to the jurisdiction, enforcement, and investigatory authority of the United States Federal Trade Commission as well as Canadian, European Union, and United Kingdom (UK) protection supervisory authorities, as applicable.

Tenor Legal commits to cooperate with all data protection supervisory authorities and comply with the direction given by such authorities on information transferred from these countries / jurisdictions.


If you are located in the European Economic Area (EEA) or the UK, this may involve transferring your Personal Data outside of the EEA and/or the UK. Whenever we transfer your Personal Data out of the EEA and/or the UK, we ensure a similar degree of protection is afforded to it by ensuring that safeguards such as the following are implemented.

  • We will only transfer Personal Data to countries where it has in place an adequate level of protection for Personal Data that is approved by the European Commission or the Information Commissioner’s Office.
  • Where we engage with certain third-parties, we may use specific contracts approved by the European Commission (such as the Standard Contractual Clauses) or the Information Commissioner’s Office (such as the International Data Transfer Agreement) which ensure that your Personal Data is given the same protection it has in the EEA or the UK.


Tenor Legal uses industry standard physical, technical, and administrative controls to protect your Personal Data by:

  • Not collecting or retaining excessive amounts of data;
  • Protecting Personal Data from loss, misuse, unauthorized access and disclosure. Any employees, agents, contractors or third parties who are so authorized act on our instructions and are subject to a duty of confidentiality;
  • Keeping Personal Data up to date;
  • Storing and destroying it securely;
  • Ensuring that appropriate administrative, technical and physical safeguards are in place to protect Personal Data. These measures include measures to deal with any suspected data breach; and
  • Regularly reviewing our information collection, storage and Processing practices, including physical security measures.

While we operate to the highest standards we are also aware that the transmission of information via the internet is not completely secure. We cannot guarantee the security of your data transmitted to our website and any transmission is at your own risk. Where we have given you (or where you have chosen) a password which enables you to access any of our online or electronic resources, you are responsible for keeping this password confidential. We advise you not to share your password with anyone.

You should note that this website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their content or privacy statements. When you leave our website, we encourage you to read the privacy notice of every website you visit.



Tenor Legal may use “cookies” on its websites and digital platforms (referred to as sites). A cookie is a piece of data stored on a site visitor’s system that help us improve your access to our site and identify repeat visitors to our sites.

Cookies can also enable us to track and target the interests of our users to enhance their experience on our sites. Except where 1) contacts elect to identify themselves for purposes of receiving information from Tenor Legal or inquiring as to a business relationship with Tenor Legal or 2) candidates elect to establish and use an account to apply to Tenor Legal and employment opportunities with Tenor Legal, cookies are not linked to any personally identifiable information.

You can disable or remove any cookies already stored on your computer, but these may stop our websites from functioning properly.

Data Retention

Where we collect your Personal Data, the length of time for which we retain it depends on the type of data, the purpose for which we use that data and our accounting, regulatory and legal data retention obligations. We do not retain Personal Data in an identifiable format for longer than:

  • The period necessary for the relevant activity or services;
  • Any retention period that is required by law or contract; or
  • The period in which litigation or investigations might arise in respect of the relevant activity or services

after which, it is likely your Personal Data will no longer be relevant for the purposes for which it was collected and we will delete or destroy it.

In some circumstances we may anonymize your Personal Data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.

Your Legal Rights

Under certain circumstances, you have the right to:

  • Request access to your personal information (commonly known as a “subject access request” or “SAR”). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully Processing it;
  • Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected;
  • Request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to Process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to Processing. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request;
  • Object to Processing of your personal information where we are relying on a Legitimate Interest (or those of a third party) and there is something about your particular situation which makes you want to object to Processing on this ground. You also have the right to object where we are Processing your personal information for direct marketing purposes;
  • Request the restriction of Processing of your personal information. This enables you to ask us to suspend the Processing of personal information about you, for example if you want us to establish its accuracy or the reason for Processing it; and/or
  • Request the transfer of your personal information to another party.

If you want to review, verify, correct or request erasure of your personal information, object to the Processing of your Personal Data, or request that we transfer a copy of your personal information to another party, please contact us by email at [email protected].


You will not have to pay a fee to access your personal information (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.


We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal information is not disclosed to any person who has no right to receive it.


In the limited circumstances where you may have provided your Consent to the collection, Processing and transfer of your personal information for a specific purpose, you have the right to withdraw your Consent for that specific Processing at any time. To withdraw your Consent, please send us email at [email protected]. Once we have received notification that you have withdrawn your Consent, we will no longer Process your information for the purpose or purposes you originally agreed to, unless we have another legitimate legal basis for doing so.


We try to respond to all legitimate requests within one month unless required by law to respond earlier (such as in the case of an objection to marketing request which is required to be responded to within five business days in certain jurisdictions).

Please note that occasionally it may take us longer than a month if your request is incomplete and we need to write to you for more information or is particularly complex or you have made several requests. In these cases, we will notify you and keep you updated.

How To Make A Complaint

Data privacy laws are constantly evolving, and we endeavor to maintain best practice. However, we recognize that we may not always get it right and if you are not satisfied in the way we handle your Personal Data or you wish to discuss our processes then we would like to hear from you.


If there is something which we have not done correctly with your Personal Data then we would appreciate the chance to deal with your concerns before you approach a data protection supervisory authority, so please contact us in the first instance – [email protected]. All complaints are taken seriously and managed by our Data Privacy Team.


You have the right to make a complaint at any time about how and/or why we are Processing your Personal Data.

The data protection supervisory authorities that may regulate Tenor Legal are as follows:

In the EU we may be subject to the relevant data supervisory authority of each member state under the GDPR, as applicable.


Consent: agreement which must be freely given, specific, informed and be an unambiguous indication of the Data Subject’s wishes by which they, by a statement or by a clear positive action, signifies agreement to the Processing of Personal Data relating to them.

Data Controller: the person or organization that determines when, why and how to Process Personal Data. It is responsible for establishing practices and policies in line with the GDPR. We are the Data Controller of all Personal Data relating to our Company Personnel and Personal Data used in our business for our own commercial purposes.

Data Subject: a living, identified or identifiable individual about whom we hold Personal Data. Data Subjects may be nationals or residents of any country and may have legal rights regarding their Personal Data.

EEA: the 27 countries in the EU, and Iceland, Liechtenstein and Norway.

Explicit Consent: consent which requires a very clear and specific statement (that is, not just action).

General Data Protection Regulation (GDPR): the General Data Protection Regulation ((EU) 2016/679). Personal Data is subject to the legal safeguards specified in the GDPR.

Legitimate Interest: means the interest of our business in conducting and managing our business to enable us to give you the best service/product and the best and most secure experience. We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we Process your Personal Data for our legitimate interests. We do not use your Personal Data for activities where our interests are overridden by the impact on you (unless we have your Consent or are otherwise required or permitted to by law).

Personal Data: any information identifying a Data Subject or information relating to a Data Subject that we can identify (directly or indirectly) from that data alone or in combination with other identifiers we possess or can reasonably access. Personal Data includes Special Category (Sensitive) Personal Data and pseudonymized Personal Data but excludes anonymous data or data that has had the identity of an individual permanently removed. Personal data can be factual (for example, a name, email address, location, or date of birth) or an opinion about that person’s actions or behavior.

Privacy Notices: separate notices setting out information that may be provided to Data Subjects when Tenor Legal collects information about them. These notices may take the form of general privacy statements applicable to a specific group of individuals (for example, employee privacy notices or the website privacy notice) or they may be stand-alone, one-time privacy statements covering Processing related to a specific purpose.

Processing or Process: any activity that involves the use of Personal Data. It includes obtaining, recording or holding the data, or carrying out any operation or set of operations on the data including organizing, amending, retrieving, using, disclosing, erasing or destroying it. Processing also includes transmitting or transferring Personal Data to third parties.

Special Category or Sensitive Personal Data: information revealing racial or ethnic origin, political opinions, religious or similar beliefs, trade union membership, physical or mental health conditions, sexual life, sexual orientation, biometric or genetic data, and Personal Data relating to criminal offenses and convictions. For the purposes of any Swiss-US transfer framework, Sensitive Personal Data will also include ideological or trade union related views or activities, or information on social security measures or administrative or criminal proceedings and sanctions, which are treated outside pending proceedings.

Last Revised:  June 8, 2023