McKinsey Recruitment Privacy Notice

Last updated and effective: April 2026

McKinsey & Company Inc., and its subsidiaries and affiliates are committed to respecting your privacy and protecting your personal data. For the purposes of this Recruitment Privacy Notice (the “Privacy Notice”), personal data means information about an identified or identifiable individual (collectively, “personal data”), and does not include information that cannot be attributed to an identifiable individual, such as information of an anonymous nature.

This Privacy Notice describes how we handle and protect your personal data in connection with McKinsey’s recruiting processes and programs. In case of a conflict between this Privacy Notice and applicable law, applicable law will govern.

“McKinsey,” “Firm,” or “we” refers to the McKinsey & Company family of commonly owned affiliates. While our affiliates engage in a number of business activities and have different entity names, they all share the “McKinsey,” “a McKinsey company,” “by McKinsey,” or “acquired by McKinsey” branding or sub-logo, and they all follow, and are covered by, this Privacy Notice.

This Privacy Notice only applies to the personal data of job applicants, potential candidates for employment or partnership, and those who participate in our recruiting programs and events.

By submitting your personal data to us, you acknowledge that:

• You have read and understood this Privacy Notice and agree to the use of your personal data as set out herein.
• Your personal data may be transferred and processed worldwide, including in countries that may not be deemed to provide the same level of data protection as your home country, for the purposes and in the manner specified in this Privacy Notice.
• You are not required to provide any requested information to us, but your failure to do so may result in our not being able to continue your candidacy for the job for which you have applied.
• All of your representations are true and correct to the best of your knowledge and belief, and you have not knowingly omitted any related information of an adverse nature. Providing any inaccurate information may make you ineligible for employment.
• This Privacy Notice does not form part of any contract of employment offered to candidates hired by McKinsey.

If you are a California resident, please see our specific privacy information for you below.

By submitting an application, you confirm that you have read and understand the terms of this Privacy Notice. If you do not understand or agree with any part of this Privacy Notice, please refrain from applying and contact us for clarification before proceeding.

Personal data we collect

The types of personal data that we request from you and the ways that we process it are determined by a combination of the requirements of the country in which the role you apply for is located and the country in which you reside. Should you apply to more than one location or should the role to which you apply be available in more than one country, the types of personal data we request from you and the ways that we process it are determined by the requirements of all the countries in which the position is located in conjunction with the requirements of the country in which you reside. We strive to uphold data minimization principles and only seek to collect personal data from you for the purposes described in this Privacy Notice.

We usually collect personal data directly from you when you apply for a role with us through our online application process, such as your name, address, contact information, work and educational history, achievements, identity documents, test results, any information that may be required due to legal requirements (e.g. residence or work permits) and other categories of data that you voluntarily decide to share with us. We also collect data about you which is created by our recruiting personnel in the course of their interactions with you during the recruiting process or through your participation in our interactive assessment tools. Where permitted by law, we may collect photographs or videos, including those obtained during our recruiting events or as part of the recruiting process itself. If you receive an offer from us, we may then conduct a background check and, to the extent permitted by applicable law, we may also collect data related to criminal offences and proceedings. We also collect similar personal data about you from third parties, such as professional recruiting firms, your references, prior employers, McKinsey employees with whom you have interviewed or who recommended your candidacy, and, to the extent permitted by applicable law, employment background check providers. We may also collect personal data about you online to the extent that you have chosen to make this information publicly available on professional social media websites. For example, we may find your profile on LinkedIn and contact you about suitable roles.

Sensitive personal data is a subset of personal data that includes ethnicity, health, trade union membership, philosophical beliefs, sexual orientation, and other categories as prescribed by law. We may collect sensitive personal data about a candidate to the extent permitted or required to do so by applicable laws (e.g., U.S. equal opportunity laws) and to support our efforts to create an inclusive and diverse work environment. Under limited circumstances and to the extent permitted by applicable law, we may also collect sensitive personal information relating to health and medical characteristics, to address our public health and workplace safety obligations, to provide reasonable accommodations to facilitate the interview process (in case of disabilities) and to protect the Firm and its employees, clients, and third parties.

Use of your personal data

We collect and use your personal data for legitimate human resources and business management reasons, including:

• identifying and evaluating candidates for potential employment, as well as for future roles that may become available;
• maintaining records in relation to recruiting and hiring;
• ensuring compliance with legal requirements, including those relating to public health and workplace safety;
• fostering our diversity and inclusion programs and practices;
• if you receive an offer from us, conducting background checks, including, to the extent permitted by applicable law, criminal history checks;
• protecting our legal rights to the extent authorized or permitted by law; and
• protecting the workplace and communicating with medical professionals, law enforcement, or other public authorities in the event of an emergency or public health event, such as when the health or safety of you or one or more individuals may be endangered.

We may also use your personal data for McKinsey analytics purposes to improve our recruitment and hiring process and augment our ability to attract successful candidates.

Please note that we may also process your personal data and transform it into anonymized or aggregated data, and we may use such data for our own legitimate business purposes.

When you apply for a position with us, your email address will be added to our recruitment events and programming list, ensuring you receive invitations to relevant events and initiatives. You may unsubscribe from these communications by: clicking on the link in the email you receive from us or by emailing us at Global_Unsubscribes@mckinsey.com.

We do not use personal data for the purpose of profiling that produces significant effects

Legal basis for processing your personal data

Our processing of your personal data for the purposes mentioned above is based on one or several of the following legal grounds:

• in part, on our legitimate business interests in evaluating your application to manage our relationship with you, to ensure that we recruit appropriate employees, and to evaluate and maintain the efficacy of our recruiting process more generally; and in operating our business and protecting the Firm and its employees, clients, and third parties. When we rely on this legal ground, McKinsey will only process your personal data after assessing the adequacy, proportionality, and legitimacy of the data processing activity
• in part, on our performing contractual and precontractual measures relating to our potential employment relationship with you;
• in part, on our complying with applicable law regarding personal data necessary to satisfy our legal and regulatory obligations, including with regard to public health and workplace safety;
• in part, on your consent, if we offer you the opportunity to participate in our optional recruiting programs or if we collect sensitive personal data for legally permitted purposes other than compliance with our legal obligations regarding public health and workplace safety.

Background screening

We may conduct a background check on you or instruct a third party to do so on our behalf. Background screening will only be done where permitted by the law applicable to the location where the position is located and to the extent necessary and proportionate to the role that you are being offered. A background check will only involve criminal background data to the extent permitted by law. Additionally, as part of our background screening process, we may assess whether you have any connections with politicians, political appointees, or politically exposed persons, where relevant to the role and in compliance with applicable laws. This is done to ensure compliance with legal, regulatory, and ethical obligations, including those related to anti-corruption and conflicts of interest. Our legal basis for background screening is our need to perform precontractual measures related to establishing our employment relationship. If a background screening is required, you may be contacted by a third-party background screening service provider to request authorization for the release of your information, and at that time you will be provided with further information about the process and what personal data it might involve.

Data recipients and international data transfers

Your personal data may be accessed by recruiters and interviewers working in the country(ies) where the position(s) for which you are applying is(are) based, as well as by recruiters and interviewers working in different countries within the McKinsey global organization. Individuals performing administrative functions and IT personnel within McKinsey may also have access on a need to know basis to your personal data to the extent necessary perform their jobs. In some countries, you may have fewer rights under local law than you do in your country of residence, but we have put in place legal mechanisms designed to ensure adequate data protection for your personal data when it is processed by McKinsey subsidiaries and affiliates within the McKinsey global organization and by McKinsey’s service providers, including the transfer of your personal data to countries other than the one in which you reside.

We use third-party service providers to provide a recruiting software system. We also share your personal data with other third-party service providers that may assist us in identifying and recruiting talent, administering and evaluating pre-employment screening and testing, and improving our recruiting practices.

Except to the extent necessary to accomplish the McKinsey uses and purposes described in this Privacy Notice, we do not disclose your personal data to third parties. We also prohibit our service providers from using your personal data for non-McKinsey purposes. To be clear, we do not sell personal data governed by this Privacy Notice to third parties for monetary or other valuable consideration, and we do not share personal data governed by this Privacy Notice with third parties for targeted advertising or cross-context behavioral advertising.

We maintain processes designed to help ensure that any processing of personal data by third-party service providers is consistent with this Privacy Notice and protects the confidentiality, availability, and integrity of your personal data in compliance with applicable law. Where required by law, we put in place additional legal mechanisms designed to help ensure adequate data protection for your personal data when transferred to another country.

In addition, we may disclose or transfer your personal data in the event of a re-organization, merger, sale, joint venture, assignment, or other transfer or disposition of all or any portion of our business.

Automated sorting of applications

In certain jurisdictions, we may use various technologies, data analytics, algorithms, and chat bots to help us to review and analyze the large quantities of candidates and application data that we receive. These technologies help us prioritize the application review process and sort candidates on the basis of professional characteristics that suggest strengths and capabilities necessary to perform the relevant role.

The automated outputs are considered in combination with other information about the candidate and each candidate's assessment is based on human judgment. We evaluate each individual candidate on their own merits.

Certain roles may require specific prerequisites or skills (for example, fluency in a certain language, particular professional qualifications or certifications, or number of years in a similar role). Applications that do not meet those requirements may be rejected.

Data retention

If you accept an offer of employment with us, any relevant personal data collected during your pre-employment period will become part of your personnel records and will be retained in accordance with specific country requirements and with the privacy notice applicable to McKinsey employees, which will be provided during the on-boarding process.

If we do not employ you, and unless you object by following the process described in the Section “Your Rights” below, we may nevertheless continue to retain and use your personal data for a period of time (which may vary depending on the country) for system administration purposes, to consider you for potential future roles, and to perform research. Thereafter, we retain a minimal amount of your personal data to record your recruiting activity with us.

To the extent that we have collected personal data, including sensitive personal data, for the specific purpose of fulfilling our legal obligations regarding disabilities, public health, or workplace safety, we will retain that data for the duration of those legal obligations. Thereafter, we retain a minimal amount of your personal data to establish our compliance with those obligations.

We may want to remain in contact with you and consider you for future employment opportunities. In such an event, we will seek your consent to include you in one of our recruiting programs that provides you ways to further learn about and stay in touch McKinsey, either prior to or after you formally apply for a job opportunity. Participation in these recruiting programs is entirely optional.

If you join a recruiting retention program, we retain your personal data for a period of time specific to that program, but if you wish to withdraw at any time, please contact us at keep-in-touch@mckinsey.com. For candidates in Germany, please contact us at karriere@mckinsey.com.

Security

McKinsey protects and safeguards your personal data globally, in accordance with applicable law, our privacy and data security policies, and this Privacy Notice. We use generally accepted standards of technical and operational security to protect your personal data against accidental or unlawful loss, misuse, alteration, or destruction, in consideration of the risks associated with the personal data and its processing, and we require the same level of protection and safeguarding from our subsidiaries and affiliates, our service providers, and third parties. Only authorized personnel of McKinsey and of our service providers are permitted to access personal data, and these employees and service providers are required to treat this information as confidential. Despite these precautions however, McKinsey cannot guarantee that unauthorized persons will not obtain access to your personal data.

Your rights

We take reasonable steps that are designed to keep your personal data accurate, complete, and up-to-date for the purposes for which it is collected and used. We also have implemented measures that are designed to help ensure that our processing of your personal data complies with this Privacy Notice and applicable law.

Subject to the local data privacy laws in your jurisdiction, including exceptions, you may have the following rights with regard to the personal data that we collect about you:

• right to request information about the personal data that we hold about you, including information about how we use your personal data.
• right to request a copy of the personal data that we hold about you;
• right to request portability of your data to permit you to provide a copy of your personal data in a structured, commonly used, and machine-readable format and to transmit that personal data to another controller;
• right to request that we correct or otherwise amend your personal data if it is not correct or otherwise not complete, timely, and accurate for the purposes for which we are using it;
• right to request deletion of your personal data;
• right to request that we cease processing or restrict or limit the processing of your personal data;
• right to withdraw your consent to our processing of your personal data where the basis of our processing is your consent. This right may not apply if there are other legal justifications to continue processing or we need to retain certain personal data where required or permitted under applicable law
• right to not be discriminated against for exercising your individual rights regarding your personal data;
• right to request review by McKinsey’s Global Protection Officer and, if applicable, McKinsey’s data protection officer for your jurisdiction, of our response to your request to exercise your individual data protection rights; and
• right to seek additional legal remedies regarding our response to your request to exercise your individual data-protection rights, depending upon your jurisdiction, by lodging a complaint with your data-protection authority or initiating a legal proceeding.

If you would like to exercise your data protection rights regarding your personal data, you can do so by:

• completing the data subject request form
• emailing your request to us at: DataSubjectRights@mckinsey.com
• contacting us by phone at +1 (844) 582-3015
• contacting us by postal mail at: McKinsey & Company Attn: Privacy 1200 19th St NW STE 1000 Washington, DC 20036
• (for opt-out requests) clicking the “Your Privacy Choices” link on the applicable homepage. We also recognize Global Privacy Control (GPC) signals and other user-enables opt-out preference signals as valid opt-out requests where required by applicable law. Please note that your opt-out preference signal will be applied only to your current browser and device. To learn more about the GPC, you can visit its website here.

Upon receipt of your request to exercise your data protection rights, we will acknowledge receipt within the time period required by applicable law and provide you with information about the next steps in the process and the timing. Depending upon the nature of your request, we may take reasonable steps to verify your identity before acting on certain data protection rights, in accordance with applicable law. This process may require us to request additional personal data from you, including, but not limited to, your email address, mailing address, and/or date of last interaction with us. In certain circumstances, we may decline a request to exercise a privacy right, particularly where we are unable to verify your identity.

You may designate an authorized agent to submit a request on your behalf. To designate an authorized agent, you must (1) verify your own identity directly with us; and (2) provide the authorized agent with written documentation of their authority to act on your behalf, such as a power of attorney or sufficient evidence to show that you have provided the authorized agent signed permission to act on your behalf. We may request further evidence of the agent’s right to act on your behalf, including contacting you to verify the request. We may deny a request from an authorized agent that does not submit proof that they have been authorized by you to act on your behalf.

Please note that applicable laws include exceptions to assertions of data protection rights that may prevent us from providing access to your personal data or otherwise fully complying with your request. If we believe exceptions apply, we will respond to your request to the extent we are able to do so, and we will provide an explanation of the basis for not complying wholly or partially with your request.

Certain US residents also have the right to appeal our decision to your request regarding your personal data. We respond to all appeal requests as soon as we reasonably can, and no later than legally required. See the appendix below for our appeal process.

Social Media Tools

Our application process allows you to provide us with relevant personal data from information you have on third-party websites (such as LinkedIn, Google Drive and Dropbox). If you choose to incorporate your personal data from third-party websites, it will be used in accordance with this Privacy Notice.

Cookies and other tracking technologies

McKinsey may use first- and third-party cookies, pixel tags, web beacons, and other similar technologies to gather information on our digital properties. This information is used for a variety of purposes, such as to manage our websites and services, identify you and your interests and remember your preferences, and to collect analytics about how you use our websites and services. McKinsey may also collect information about whether you open or click any links in the knowledge, research, or event communications that we send you. You have options regarding our use of cookies and other tracking technologies. Please refer to our Cookie Notice and “Your data protection rights” section below for more details and to manage your choices. There is no industry standard for how Do Not Track consumer browser settings should work on commercial websites and therefore, due to the lack of such standards, our websites and services do not currently change the way they operate upon detection of a Do Not Track setting.

In addition, we use tools and applications that reduce security threats and reduce the risk of access by bots and automated devices, but we do not use those tools and applications for non-security purposes. Some of our online recruiting activities are hosted by third parties. When you access sites operated by these third parties, they may to the extent permitted by applicable law, including your consent to the extent required, and consistent with this Privacy Notice, place their own cookies or other tracking technologies on your device. Please visit the third party’s privacy notice for more information.

Availability of the Recruiting Privacy Notice in Other Languages

This Privacy Notice is also available in other languages. In the event of any conflict between the English version and any translations of this Privacy Notice, the English version shall prevail.

Changes to this privacy notice

McKinsey reserves the right to modify this Privacy Notice as required by changes to our business processes or applicable law. We will post any changes to our Privacy Notice on this page. Please check this page regularly to keep up-to-date.

Please note that the rules and regulations implementing various data privacy laws have not yet been finalized. We are continuously working to better comply with these laws, and we will update our processes, disclosures, and this notice as these rules and regulations are finalized.

Contact Us

We welcome questions, comments, and feedback on this Privacy Policy and our management of personal data. If you have questions, concerns, or feedback, you can always contact us using the information below. For your protection, we may need to verify your identity before assisting with your questions, comments, or feedback.

• Email: Privacy@mckinsey.com
• Phone: +1 (844) 582-3015
• Mail:
  McKinsey & Company
  Attn: Privacy
  1200 19th St NW STE 1000
  Washington, DC 20036

Your California Privacy Rights Appendix

This appendix seeks to provide additional information to residents of California and supplements the information provided in the Privacy Notice.

As disclosed above, we do not “sell” or “share” personal data as that term is defined under California privacy law. We also do not share personal data with third parties for their own direct marketing purposes without your consent. We do not purposefully “sell” or “share” the personal data of individuals under the age of 16. California residents under 18 years old, in certain circumstances, may request and obtain removal of personal data or content that you have posted on our websites. Please be mindful that this would not ensure complete removal of the content posted by you on our websites.

To learn more about the categories of personal data we collect, how we collect it, why it is collected, with whom we share it, and how long we retain it, please see the items below. Please see the instructions provided above in order to submit a privacy right request.

US Privacy Rights Appeal Appendix

Certain US residents have the right to appeal our decision regarding their privacy rights if they have submitted a request (e.g., to access, delete, or correct your information) and we have denied it, either in whole or in part. We are committed to addressing appeals in a transparent and timely manner.

We encourage you first to discuss relevant issues with our legal team, who may resolve the issue so that you do not have to formally initiate the appeals process. Our legal team will consider your perspective and seek to address your concerns in accordance with our company policies and applicable law. To contact our legal team, please email privacy@mckinsey.com.

Appeal Process

1. Submit your appeal
   • Email the following information to datasubjectrights@mckinsey.com with the subject line “Notice of Appeal”:
     • Your name and contact information.
     • A copy of the original request you submitted.
     • Any correspondence or communications related to your original request.
     • The remedy that you seek by appealing.

     • The reason for your appeal (e.g., why you believe the decision should be reconsidered).

       Please also provide any documentation necessary to validate the claims you are making in the appeal.

2. Acknowledgement of appeal
   • You will receive a confirmation email acknowledging receipt of your appeal within ten (10) business days.
   • This acknowledgement may contain requests for additional information to help us properly investigate or adjudicate the appeal. Your failure to provide substantive responses to our requests may materially impact our ability to investigate and/or adjudicate the relevant issue.
3. Investigation
   • Your appeal will be reviewed and investigated by members of our Privacy Legal Team who were not involved in the original decision, based on the information and documentation you have provided.
   • We will evaluate all relevant facts and applicable laws during the review process.
4. Notification of outcome
   • Following the investigation, we will reach a determination of your appeal, which may include modifying or upholding the original decision.
   • We will notify you of our determination in writing within sixty (60) days of receipt of your written notice of appeal, and we will include the explanation for our determination of your appeal. If we deny your appeal, you may file an appeal with the relevant regulator.

Scope of Appeal

The appeal will review whether the decision made by the privacy team that you appealed was fair and consistent with applicable privacy law. You may only appeal a decision that applies to your personally unless you are otherwise authorized to act on another person’s behalf, in which case you must provide evidence that you are authorized by the person on whose behalf you have submitted an appeal.

The appeal will focus exclusively on the decision being appealed. Broader issues related to our company policies, management style, or other issues will not be considered as part of the appeal.

Withdrawal of Appeal

You may withdraw or end your appeal at any time by providing us with written notice.

No Discrimination

We do not discriminate against any person who initiates an appeal.

Record Keeping

We will retain a record of your appeal, including the final determination, in accordance with applicable laws and our record retention policies.