BCG Recruitment Privacy Policy

The Boston Consulting Group, Inc. and its subsidiaries and affiliates (“we”, “BCG”) understand that your privacy is important. With this Privacy Policy, BCG aims to make sure you understand how BCG maintains and collects your personal information[1], explain the purposes of BCG processing your personal information, for how long, and additionally inform you on your rights and give an understanding of certain requirements under any applicable data protection legislation that relate to data protection, privacy, the use of information relating to individuals, and or the information rights of individuals to which you and/or BCG are subject to, and any relevant national laws implementing the same (“Applicable Data Privacy Laws”). 

This Privacy Policy only applies to the personal information of job applicants, potential candidates for employment, and participants of our optional recruiting programs and events. 

Some of our online recruiting activities enable access to external sites operated by third parties, which are not governed by this Privacy Policy. We encourage you to review the privacy policies of any such sites before you submit information there. 

The types of personal information that BCG requests from you and the ways that we process it are determined by the requirements of the BCG office’s country in which the position is located, and not the country in which you reside. If you apply to more than one location or if the role to which you apply is available in more than one country, the types of personal information we request from you and the ways that we process it are determined by the requirements of all BCG offices’ countries in which the position is located. It can include e.g. your name, contact data of email address, phone number, CV/Resume information, employment and educational history, grades, and data relating to your recruiting performance, where applicable documentation required under immigration laws as well as criminal records or other data revealed during background screenings.  

In addition to information you may submit directly to us now, we also collect information from third-party sources, such as professional recruiting firms, resume books, student organizations, and social media sites, and from BCG employees who referred you for the role in order to populate your profile. As a result, you may see information in your profile which you did not provide directly to us. We encourage you to revise any data which you feel is inaccurate or outdated or that you prefer not to include and we thank you for your help in keeping your profile up to date. 

We may collect sensitive personal data about a candidate to the extent prescribed by applicable laws (e.g., U.S. equal opportunity laws) and, where applicable, to support our efforts to support BCG’s diversity goals, evaluate the effectiveness of our equal opportunity policy and create an inclusive and diverse work environment.   We may collect some optional information that may reveal your sensitive personal data when we ask you about your dietary requirements for events registration, or whether you are interested in BCG LGBTQ+ initiatives (e.g. Pride@BCG etc.) to invite you specifically to the events based on your choices, and you may share with us information or a photo or video, which can reveal for instance your ethnicity or disability status. If you choose to provide your sensitive data, your data will be shared only with the authorized BCG employees on a strictly need-to-know basis only for the purposes explained at the time of collection, subject to your consent and will never be used for any individual employment decision making. Sensitive personal information is a subset of personal information and includes ethnicity, health, sexual orientation, as well as other categories, political opinions, religious or philosophical beliefs, trade union membership, genetic data, and biometric data[2] as prescribed by Applicable Data Privacy laws or other relevant laws. 

You are not required to provide any requested information to us, but failing to do so may result in not being able to continue your candidacy for the job for which you have applied.


Personal information is processed in the following ways and in accordance with Applicable Data Privacy Laws, the processing is based on the lawful bases as stated below. 

  • In some situations, as listed below, we may need to process your personal data for the legitimate interests pursued by us for the following purposes, unless consent is required specifically under applicable Data Privacy laws; 
  • recruiting and business management reasons including, identifying and evaluating candidates for potential employment, as well as for future roles that may become available;  
  • inviting you to recruiting events and keeping you informed about recruiting programs; 
  • in case of active sourcing, analyzing if you might fit with a role and initiating contact with you; 
  • to assess suitability for the role you apply and to communicate with you in relation to your application and, 
  • in case you accept an offer from BCG for a role, running background checks [3], financial checks where applicable, and identity verification 
  • record keeping in relation to recruiting and hiring; we will retain your data for a period of up to five years subject to your consent, if you join a recruiting program; 
  • store your data on a global tool which also enables BCG to assess your application for available roles in different BCG offices; 
  • and for marketing communications from BCG based on your consent where required[4] ensuring compliance with legal requirements (e.g. immigration laws, tax laws), including diversity requirements and practices; and protecting our legal rights to the extent authorized or permitted by law. 

Whatever the outcome of your application or other interaction with us, we may also analyze, in anonymized form, your personal information or aggregated data to improve our recruitment and hiring process by using such information to build algorithms that will inform our decisions about future candidates, and augment our ability to attract successful candidates from diverse backgrounds.

We process your personal information for the purposes described above: when we have your consent to do so, where applicable; when necessary to enter into an employment contract with you; when necessary for us to comply with a legal obligation; or when necessary for the purposes of our legitimate interests as an employer operating globally. You may withdraw your consent at any time by sending an email to For candidates in Germany please email us at 


In certain jurisdictions, our recruitment process may include data analytics and algorithms to help us efficiently review the large quantities of candidates and application data that we receive.  When you submit a job application, the information you share with us will be screened and compared to the predefined responses and scores set for the relevant roles. You may also undergo a series of online assessments. We may collect data generated by your participation in psychological, technical, or behavioral assessments. The predefined responses are based on data that indicates what good job performance at BCG looks like and/or in relation to these assessments.  You will receive more information about the nature of such assessments before your participation in any of them. 

These results are always considered in tandem with, and not in lieu of, human judgment and evaluation of individual candidates.


BCG uses carefully selected third-party service providers and business partners who: 

  • provide a recruiting software system; 
  • process information on our behalf to help run some of our internal business operations including email distribution and IT services; 
  • assist us in recruiting talent, administering and evaluating pre-employment screening and testing, and improving our recruiting practices; 
  • assist in scheduling, organizing and hosting events, meetings and interviews; 
  • law enforcement bodies in order to comply with any legal obligation or court order. 

BCG will ensure that legal mechanisms are in place with such third parties to protect your personal information. 


Because BCG is a global organization we need to transfer personal information across geographical borders to BCG entities, our service providers or business partners in other countries working on our behalf in accordance with Applicable Data Privacy Laws. Our affiliates and third parties may be based in different countries around the world, including outside of the EEA and the UK. BCG maintains and stores personal information in systems and applications located in Europe and the United States, and the personal information is only accessible by authorized persons or vendors who are bound by privacy requirements. Personal information may be processed at various locations where BCG conducts business, including in the United States and other countries[5]. Examples of countries we transfer personal information to include, but are not limited to, Germany, the Netherlands, the United States of America, Singapore, and India. We only make these arrangements or transfers where we are satisfied that adequate levels of protection are in place to protect information held in that country. 


BCG has in place appropriate technological and operational security processes designed to protect your personal information from loss, misuse, alteration or destruction. Only authorized employees and providers will have access to any data provided by you, and that access is limited by need. Each employee or provider having access to any personal information is obligated to maintain its confidentiality. Although we take steps that are generally accepted as industry standard to protect your personal information, BCG cannot guarantee that your personally identifiable information will not become accessible to unauthorized persons. 


If we do not employ you, we may continue to retain and use your personal information for a period of time (which may vary depending on the country) for system administration purposes, and to perform research. At the expiry of this period, we will retain a minimum amount of your personal information to record your recruiting activity with us. In addition, we may ask you for permission to retain your personal data to consider you for future employment opportunities, as part of our optional recruiting programs. In this case, we will retain your data for a period of up to five years. If you join a recruiting program, but subsequently wish to withdraw, please contact us at For candidates in Germany please email us at


In accordance with Applicable Data Privacy Laws, you have a right to request a copy of the personal information we hold about you and details of how we use that information. If any of the information held about you is incorrect or out of date, you have the right to amend or rectify it. Please follow the process outlined below and we will amend our records where appropriate. You also have the right to require us to erase your personal data, stop processing your personal data, restrict the processing of your personal information, right of portability of your personal information and/or to withdraw your consent to processing. This may not apply if there are other legal justifications to continue processing. 

If you think we may have incorrect personal information, or would like a copy of the personal information we hold on you, or to exercise any other data protection right, please write to: You also have a right to lodge a complaint with your local supervisory authority. 

For further questions you may contact the appropriate data protection point of contact:

Data Protection Office 
Boston Consulting Group Inc. 
200 Pier Four Boulevard 
Boston, MA 02210 
Contact Us 

California residents may exercise their privacy rights by calling us toll free at 
1-866-I-OPT-OUT (1-866-467-8688) and entering service code 837# to leave us a message. 
Contact Us 

Data Protection Officer (Der Datenschutzbeauftragte) 
Boston Consulting Group GmbH 
Ludwigstrasse 21 
80539 Munich Germany 
Contact Us 

[1] Personal data only includes information relating to natural persons who can be identified or who are identifiable, directly from the information in question; or who can be indirectly identified from that information in combination with other information. 

[2] Sensitive data may involve financial information such as bank account or credit card or debit card or other payment instrument details in some jurisdictions. 

[3] BCG only uses publicly available information for running background checks. 

[4] In our marketing communications with you, we monitor and comply with applicable data privacy laws and if at any time, you prefer not to receive further communications from us in any or all forms you will have the ability to unsubscribe from such communications by means of a link provided in every e-mail that is sent to you by us. When subscribing to BCG e-mail newsletters, you are given the opportunity to select which promotions, news, and information you would like to receive at the time of signing up, and you will have the opportunity to unsubscribe from such communications.

[5] Data transfers within BCG entities are governed by BCG’s intra-company agreements, local data export restrictions, and/or local data privacy laws.