Morgan Stanley

Applicant Privacy Notice

Revised February 2025

We respect your Privacy.

When you submit a job application Morgan Stanley collects, holds, uses, verifies, and discloses (“processes”) information about you which may constitute personal data under applicable data protection and privacy laws (“Personal Data”). The application process has multiple stages which will involve different processing activities. Morgan Stanley has a global framework to comply with applicable data protection and privacy laws, which includes policies and procedures that prescribe how Morgan Stanley personnel must process your Personal Data.

Unless advised otherwise, all references to Morgan Stanley, "we", or "our" or the “Firm” in this Privacy Notice includes, individually and collectively, Morgan Stanley entities that process Personal Data as controllers. A list of Morgan Stanley firms can be found on the corporate website of Morgan Stanley here.

This Privacy Notice describes:

  • What Personal Data we collect;
  • How we collect your Personal Data;
  • What Personal Data is obtained from other sources;
  • The purposes for which we use your Personal Data;
  • The monitoring and profiling we do;
  • Whether we use emerging technologies such as artificial intelligence and machine learning;
  • When we disclose your Personal Data;
  • How we protect your Personal Data;
  • How we retain your Personal Data;
  • Your rights under applicable law;
  • How we update this Privacy Notice; and
  • How you can contact us.

Please read this Privacy Notice carefully to understand how we process your Personal Data.

1. What Personal Data we collect?

Depending on the stage of the application process, we collect the following types of personal data about you:

  • Personal details, such as name, age, date of birth, gender, citizenship, occupation, and marital status;
  • Contact details, such as current and previous address, telephone, email, in some cases both private and work-related contact details;
  • Records such as, CCTV footage, entry and exit information data and visitor registration when you visit our offices;
  • Copies of identification documents, which generally include a head and shoulders photograph from, as applicable, your passport, national identity card or driver's license, as required and permitted by applicable laws and regulations addressing due diligence and related matters;
  • A government-issued personal identifier, such as depending on your country of residence, your Social Security Number, National Insurance Number, Tax File Number or Medicare Number etc. (as permitted by law);
  • Personal details relating to your immediate family members and details relating to any senior political figures (e.g., senior military or government official) to whom you are connected;
  • Financial information such as bank account information;
  • Information relating to your previous career history and academic qualifications, any political affiliations, trade union membership, membership of a professional or trade association, criminal convictions, and/or sentiments and expression of religious or philosophical beliefs.
  • Information about your racial or ethnic origin, your sex life or sexual orientation, biometric, disability, and/or health information

Please note that some of this information may constitute sensitive personal data, under applicable data protection and privacy laws (“Sensitive Personal Data”). As with any Personal Data, we will only process such Sensitive Personal Data where we have an appropriate legal basis.

While we make every effort to ensure that all Personal Data we process about you is accurate, complete, and up to date, you can help us considerably in this regard by promptly notifying us if there are any changes to your Personal Data. To the extent permissible under applicable law, we shall not be responsible for the authenticity of any Personal Data or Sensitive Personal Data or any losses arising from any inaccurate or deficient Personal Data or Sensitive Personal Data that you supply to us.

2. How do we collect your Personal Data?

The Personal Data we collect regarding you comes primarily from information that you submit to us through your resume, job application form, or your former employer(s).

We also collect Personal Data when we monitor or record our communications with you or through use of certain technology as detailed further below.

3. Personal Data obtained from other sources

We also obtain your Personal Data from various third parties which can be, but not limited to, the following: 

  • our agents or service providers acting on our behalf;
  • authorized third parties performing identity verification procedures on our behalf;
  • social media companies where you have published your Personal Data.

Some of this information is publicly accessible and/or available via reliable and independent databases that we access through an authorized third party to whom we disclose your Personal Data for the purpose of performing required identity verification procedures and pre-employment screening.

4. What are the purposes and legal basis for which we use your Personal Data?

We are not allowed to process Personal Data if we do not have a valid legal bases. Accordingly, we, our associated firms and/or other persons acting on our or their behalf will only process your Personal Data:

(a) if necessary for our legitimate interests, (in each case provided such interests are not overridden by your privacy interests), such as when we process your Personal Data including:

  • To administer and operate the services in accordance with your application;
  • To provide operational support, development of our businesses and improve our services including to evaluate customer service, efficiency and cost, as well as risk management purposes; and to train our business models including those that use new data processing technologies such as artificial intelligence and machine learning techniques;
  • For monitoring purposes specified section 5 below; and
  • For other legitimate interest as listed in (b) to (d) inclusive below.

(b) Where necessary for taking steps to enter into an employment arrangement and/or executing a contract with you for employment; or for carrying out our obligations under such a contract, in this case, the provision of your Personal Data is a requirement necessary to enter into an employment arrangement and/or a contract with us, meaning that you are obliged to provide your Personal Data to us in order to carry out the relevant arrangement and/or contract (which otherwise, we will not be able to do), including:

  • For recruitment purposes, to confirm your references and educational background and to consider your suitability for any current or future recruitment requirements;
  • In case of a successful application, to carry out the employment relationship, to fulfil our duties as an employer and to make use of our rights as employer; and
  • For internal training purposes (such as system, process, and risk training)

(c) To exercise and defend our legal rights anywhere in the world including in relation to any litigation, disputes, or contentious matter we or that of any Associated Firm anywhere in the world are involved in and/or to assist with investigations, complaints, regulatory requests, government inquiries, litigation, arbitration, mediation, or requests from individuals;

(d) In order to comply with legal and regulatory obligations and requests, (including any legal or regulatory guidance, codes, or opinions), applicable to us anywhere in the world or for the performance of a task carried out in the public interest, including:

  • To carry out credit, money laundering and conflict checks and for fraud, financial crime prevention purposes (this may include consideration of information regarding political affiliations and criminal offences committed or alleged to have been committed); to verify your Personal Data we collect from you for such credit, money laundering and conflict checks;
  • For reporting (including without limitation transaction reporting) to, and audits by, national and international regulatory, enforcement or exchange bodies and complying with court orders associated with us; and for monitoring purposes specified below.

(e) where we have your consent (where we are legally required to do so).

Personal Data may be anonymized, aggregated, or de-identified and used for employee demographic benchmarking, metrics reporting, professional development opportunities, employee wellbeing, other benefits programs or other business purposes consistent with applicable law, such as to evaluate and improve our recruitment process. In addition, we may aggregate, anonymize, or de-identify your data for our Diversity and Inclusion strategy as described below.

Morgan Stanley’s diversity and inclusion strategy supports the Firm’s core values and has been designed to help us achieve our ambition of a diverse and inclusive workforce. In order to support our strategy and comply with our legal obligations in certain jurisdictions, we ask both hired and prospective talent to provide information defined by applicable data protection and privacy laws as Sensitive Personal Data (e.g., ethnicity, disability, sexual orientation, religion etc.).

5. What monitoring and profiling do we conduct?

To the extent permitted by applicable law, we, our associated Firms or any other persons on our or their behalf access, review, disclose, intercept, monitor and/or record (“Monitor”) (i) verbal and electronic messaging and communications with you; (ii) the use of technology owned by or made accessible by the Firm, including but not limited to systems that facilitate verbal and electronic messaging and communications with you, (e.g., telephone, SMS, instant message, email, Bloomberg, Skype and video conferencing, Teams, and any other electronic or recordable communications); and (iii) information processing, transmission, storage and access, as well as remote or physical access, and use of and access to Firm premises (collectively “Firm Systems”) and any data moving through, processed and/or residing thereon (“Firm System Data”).

“Profiling” means any form of systematic and/or extensive processing of Personal Data, including the use of cookies or similar technology, to evaluate, analyze or predict personal aspects concerning that individual's performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location, or movements.

We will only Monitor Firm Systems and Firm System Data and Profile to the extent permissible under applicable law from time to time for the following purposes (“Monitoring and Profiling Purposes”):

a) to establish the existence of facts (e.g., keeping records of transactions);

b) to ascertain compliance with regulatory or self-regulatory practices or procedures which relate to the Firm;

c) to ascertain or demonstrate standards which are achieved or ought to be achieved by persons using Firm Systems, including compliance with any terms of use associated with use of Firm Systems;

d) to prevent, detect or investigate crime, money laundering, fraud, financial crime and/or other breaches of applicable law or regulatory requirement;

e) to comply with applicable laws and regulations, this Privacy Notice and any applicable policies and procedures;

f) to safeguard against the loss, theft, unauthorised and unlawful collection, use, disclosure, destruction or other processing or misuse of confidential and proprietary information

g) to prevent, detect or investigate unauthorised use of Firm Systems and Firm System Data (e.g., Monitoring and Profiling to ensure compliance with our policies and procedures, including without limitation those relating to information security, cyber security, data protection and privacy);

h) to manage and ensure the effective operation of Firm Systems (including telephones, email, and internet);

i) for security or health and safety purposes e.g., monitoring access to and use of; Firm premises;

j) for support and administration purposes, including to manage and administer the employment contract and/or employment relationship and the policies and procedures relating to the employment relationship;

k) to assist with investigations, complaints, regulatory requests, government inquiries, litigation, arbitration, mediation, or requests from individuals;

l) in the course of the operational support and development of our businesses, such as to evaluate the quality of customer service, workplace management, efficiency, cost and risk management purposes; or

m) to protect the Firm and its legal interests

Monitoring and Profiling is conducted by us using various methods, including: (i) the use of traditional tools such as CCTV and building access records (ii) the use of “intelligent” automated Monitoring and Profiling tools, such as those tools that deploy artificial intelligence and machine learning technologies; (iii) IT filtering tools which review Firm Systems and Firm System Data based on key words and lexicons; (iv) Monitoring and Profiling of use of Firm Systems and Firm System Data based on supervisory procedures or requirements under applicable laws, e.g., by authorised supervisors joining on-going telephone calls on the sales and trading floors or systematically via electronic communication recording tools; (v) specific Monitoring and/or Profiling of particular Firm Systems and Firm System Data e.g. in relation to investigations, regulatory requests, government inquiries, subject access requests, litigation, arbitration or mediation or; (vi) data tracking, aggregation and analysis tools that pull data from various disparate data sources, to draw linkages and/or detect behavioral patterns, interactions or preferences for analysis (including predictive analysis); and/or (vii) using other similar Monitoring and Profiling technology that may become available from time to time (collectively and individually “Monitoring and Profiling Tools”).

We also use cookies and similar technologies to collect information about you when you visit our websites or interact with us on-line e.g. via email or other electronic means. To find out more about how we use cookies and similar technologies, how we process the information obtained through cookies and how to reject cookies, see Our Global Cookie Policy.

6. Does Morgan Stanley use emerging technologies such as artificial intelligence and machine learning?

Morgan Stanley leverages artificial intelligence and machine learning technologies in connection with your application for employment.  Specifically, Morgan Stanley uses these technologies to learn from publicly available sources and/or information that you provide to us about your skills, experience, titles, etc. that may be relevant to the jobs we think you would be interested in and/or to which you have applied. Such technologies are used to create match scores associated with profiles that help recruiters filter candidates for jobs. Morgan Stanley personnel review the scores and profiles produced by these technologies prior to using them to make employment decisions. In addition, Morgan Stanley trains recruiters and hiring managers to recognize and mitigate biases and help prevent it.

7. When do we disclose Personal Data we collect about you?

Morgan Stanley does not disclose your Personal Data, except as described in this Privacy Notice.

Our processing and use of your Personal Data, for the purposes specified in this Privacy Notice, includes disclosure:

  • With hiring managers and divisional stakeholders to consider you for the job you have applied for and any other relevant open positions.  We will notify you if suitable opportunities have been identified and you will have the opportunity to opt out of receiving these notifications;
  • Between us and our associated firms, a list of which may be referred to in the corporate website of Morgan Stanley here;
  • To other persons processing your Personal Data on our behalf or otherwise providing us or them with professional or other services including our associated firms and vendors which conduct operational, technology and customer service functions in various jurisdictions, including cloud service providers. For further information contact our Data Protection Office as described below;
  • To persons to whom we assign or novate our rights or obligations;
  • To a prospective seller or buyer in the event that we sell or buy any business or assets or if all or substantially all of our assets are acquired by a third party, in which case Personal Data held by it about its applicants will be one of the transferred assets;
  • To national and international regulatory, enforcement or exchange bodies or courts anywhere in the world as required by applicable law or regulations or at their request;
  • As required by applicable law or regulations; and
  • To any third party to whom you authorise us to disclose your Personal Data.

These disclosures involve processing, including transfers of, your Personal Data in countries or territories where the laws may provide a different level of data protection. Without limiting the foregoing, your data will be disclosed by us to our associated firms and vendors which conduct operational, technology and customer service functions in various jurisdictions including China, Hong Kong, Hungary, India, Japan, Singapore, United Kingdom and the United States of America and other countries where Morgan Stanley operates (Global Offices). When Personal Data is transferred to countries or territories that are not recognised under applicable law as offering an adequate level of data protection, we have put in place appropriate data transfer mechanisms and conducted data transfer assessments, where required under applicable law to ensure Personal Data remains protected. You can obtain a copy of the relevant data transfer mechanism we have put in place to protect Personal Data which are available here.

8. How do we protect your Personal Data?

Morgan Stanley maintains appropriate physical, technical, and organizational safeguards designed to protect any information that you provide to us from accidental or unauthorised loss, misuse, damage, destruction, modification, access, or disclosure.

Morgan Stanley has established a global information security program, to:

  • Safeguard the confidentiality and privacy of information resources;
  • Properly classify information resources;
  • Meet legal and regulatory obligations concerning the protection of information resources;
  • Implement and maintain information security policies and procedures;
  • Integrate protection of information resources into the process lifecycles of the business;
  • Educate those working for or on behalf of Morgan Stanley on Information Security policies and responsibilities; and
  • Authenticate users and limit access to information resources based on authorization that has been granted.

Third parties who process your Personal Data on our behalf are required to adhere to appropriate security standards designed to protect such information against unauthorised access, destruction, or loss as part of their contractual obligations.

In addition, we recommend you keep any passwords and access codes confidential and secure at all times. You should contact Morgan Stanley immediately if you believe that your passwords or access codes may have been disclosed to any other person.

9. How do we retain your Personal Data?

We retain Personal Data in an identifiable form in accordance with our records retention policy which establishes general standards and procedures regarding the retention, handling, and disposition of Personal Data. Personal Data is retained as long as necessary to meet legal, regulatory, and business requirements. Retention periods will be extended if we are required to preserve Personal Data in connection with litigation, investigations, and proceedings. Upon request, we and/or our Associated Firms will provide you with more information on the retention periods applied to your information.

10. What rights do you have?

To the extent provided by applicable law and subject to exemptions thereunder, you have the right to request access to and rectification or erasure of Personal Data; to obtain restriction of the processing of Personal Data; to object to the processing of Personal Data (including direct marketing); and to data portability. If we have collected Personal Data with your consent, please note that you have the right to withdraw this consent at any time, subject to applicable law and exemptions thereunder.

If you wish to exercise any of your data protection rights or if you consider that we have processed Personal Data in violation of applicable law, please contact our Data Protection Office at dataprotectionoffice@morganstanley.com

You may be required to supply a valid means of identification as a security precaution to assist us in preventing the unauthorized disclosure of your Personal Data. We will process your request within the time provided by applicable law. If you consider that we have processed Personal Data in violation of applicable law and failed to remedy such violation to your reasonable satisfaction, you may also lodge a complaint with a competent data protection authority.

In the case of a request for access to Personal Data, we reserve the right to charge an appropriate fee, if applicable and where permitted under applicable law. If a fee is chargeable we will advise you of the likely fee in advance where required under applicable law.

In the event that you require reasonable accommodations to complete the electronic online application form and/or the interview process then please contact Morgan Stanley at 866-227-3123 or via email at carebox@morganstanley.com.

For New York City Residents only: When you apply to jobs through our career site, artificial intelligence and machine learning technologies will be used in connection with your application.  You may take at least 10 business days to decide whether to submit your information through this process.  By continuing, you acknowledge your understanding of that and, if you elect to proceed before the expiration of 10 business days, your knowing and wilful decision to proceed sooner.

11. How do we update this Privacy Notice?

We may change or update portions of this Privacy Notice to reflect changes in our practices and or applicable law and regulation. Please check this Privacy Notice from time to time so you are aware of any changes or updates to the Privacy Notice, which may be indicated by a change in the effective date noted at the beginning of the Privacy Notice. Where required under applicable data protection and privacy laws, we will notify you of any change or update portions of this Privacy Notice by individual message or by disclosing the changes to the data processing on a publicly available medium.

12. How can you Contact Us?

If you would like to contact us in respect of any element of this Privacy Notice, including, without limitation and subject to applicable data protection law, where you wish to exercise any of your data protection rights or where you wish to raise a complaint or grievance please contact our International Data Protection Office at the details below.  To request this notice in an alternative format please contact dataprotectionoffice@morganstanley.com. 

If you make a complaint about a breach of applicable data protection laws by Morgan Stanley, Morgan Stanley will respond as soon as possible to let you know who is responsible for managing your complaint. Morgan Stanley will investigate the complaint and where necessary we will consult with third parties who may be involved in the processing of your Personal Data. Morgan Stanley will respond to all complaints within such timeframes required under applicable law. If further investigation is required, it will be carried out and then you will be notified of a proposed remedy. This will be confirmed to you in writing.

If you do not receive a response from us within such timeframes required under applicable law or your complaint is not resolved within that time to your satisfaction, you may apply to the applicable data protection authorities to have your complaint heard and determined.

We will investigate any complaint and will notify you of the making of a decision in relation to your complaint as soon as is practicable after it has been made.

Contact Details:
By email: dataprotectionoffice@morganstanley.com
By post: International Data Protection Officer/Canada Data Protection Officer
Legal & Compliance Division
Morgan Stanley & Co International plc
20 Bank Street, Canary Wharf
London E14 4AD