Code of conduct

Code of conduct

In accordance with the General Regulations on the Protection of Data (GDPR), directly applicable in all EU Member States. May 25th 2018



In accordance with the General Regulations on the Protection of Data (GDPR), directly applicable in all EU Member States.

– May 25th 2018


This Code of Conduct agreement has been set in place as guiding principles on the legal and ethical behavior of the members of the Federation Recruitment Search & Selection (fr2s).

It is applicable to the members of fr2s, that is, the companies, their management and employees.

Members of fr2s commit to behave in an ethical, respectful, non-discriminative and honest manner. They agree to treat the individual as a human being, to be supportive of diversity and integrity and to respect the privacy of the individual.

The members of the fr2s promise to develop a positive image of the association by conforming to all regulatory and legislative law in particular in accordance with the General Regulations on the Protection of Data (GDPR), directly applicable in all EU Member States since 25 May 2018. In due reference to the aforementioned regulation, recruitment firms are deemed to be data controllers.

The aim of this association is to enhance the Recruitment Search & Selection industry by creating a framework of good practices that promotes our business in a positive manner. We expect our members to respect and apply the following guidelines set out in this document in full.






A “ candidate ” is an individual who started a relationship with a member of fr2s following a first contact initiated by this individual or by the member. The candidate will be registered as such as a “ candidate ” in a database under the standards applied by the internal procedures of the member of fr2s.


A “ client ” is a company who is offered services from a member of fr2s with whom they have a commercial relationship and terms of business in place. Services should be regulated by this contract and the terms of business agreed between the client and the member of fr2s.It is understood that a commercial relationship exists for a period of 1 year following the issuance of the last invoice and payment of such.


A “ member ” is a recruitment company that has been accepted by the board of administration to the fr2s association and has paid full membership.



“ Recruitment ” covers the overall process of attracting and sourcing the most suitable candidate to fill an open job vacancy (internally or externally). In order to attract candidates, a variety of recruitment methodologies can be applied including: media & online advertising, database searching, networking, social media, etc.



The “ selection ” process covers the personal input of the agency in reviewing and selecting the most suitable applicant for a given role based on a whole range of criteria for the specific job vacancy.


Search / Direct Approach

“ Search ” / “ Direct Approach ” is a methodology or a strategy that consists of proactively approaching suitable candidates to fill an open and defined job vacancy.


General Data Protection Regulation (GDPR)

Regulation No. 2016/679, known as the General Data Protection Regulation (GDPR), is a European Union regulation which constitutes the protection of personal data. Directly enforced, it strengthens and unifies data protection for individuals in all EU Member States since 25 May 2018.


Personal data

Any information relating to an identified or identifiable natural person; an “ identifiable natural person ” is deemed to be a natural person who can be identified, directly or indirectly, in particular by reference to an identifier, such as a name, an identification number, location data, an online identifier, or to one or more specific elements specific to its physical, physiological, genetic, psychic, economic, cultural or social identity. (Article 4 (2) GDPR)



Any operation or set of operations carried out (automated or otherwise), and applied to data or sets of personal data, such as collection, recording, organisation, structuring, preservation, adaptation or modification, extraction, consultation, use, transmission, dissemination or any other form of making available, reconciliation or interconnection, limitation, erasure or destruction. (Article 4 (2) GDPR)


Violation of personal data

A security breach resulting in accidental or unlawful destruction, loss, alteration, unauthorised disclosure of personal data, diffused, stored or otherwise processed, or unauthorised access to such data. (Article 4 (12) GDPR)


Supervisory Authority

An independent public authority established by a Member State under Article 51 of the GDPR.


Privacy by design

The concept of “ Privacy by design ” aims to ensure that privacy protection is integrated into new technology and business applications from the moment they are designed. For each new application, product or service processing personal data, companies and other data controllers should offer their users or customers the highest possible level of data protection. (


Privacy by default

According to the concept of “ Privacy by default ”, each company processing personal data must guarantee by default to the highest possible level of data protection.(




Members of the fr2s undertake to treat the information provided by the candidate in a strictly confidential manner and in compliance with all provisions of the GDPR and the key principles of Privacy by design and Privacy by default. Fr2s members undertake to use the candidate’s personal data for the sole purpose of recruitment. The legal basis for the treatment of data (Article 66 of the GDPR) is based on contractual execution and legitimate interest. Prior to the collection of personal data, members of the fr2s undertake to inform candidates of the exact nature in accordance with the GDPR.

The candidate has, on request, a right of access to the personal data concerning him/her. Fr2s members also undertake, as far as possible, to respect all other NOTES candidates’ rights detailed by the GDPR in order to enable them to have permanent and effective control of their personal data.7 The members of the fr2s undertake not to process sensitive data within the meaning of article 9 of the GDPR, unless the treatment is legitimised by paragraph 2 of the same article. Members of the fr2s commit themselves to appoint a Data Protection Officer, external or internal, full-time or part- time, in accordance with Article 37 (1) (b) of the GDPR.

In cases of a personal data breach, the members of the fr2s undertake to notify the relevant supervisory authority in accordance with Article 55 of the GDPR as soon as possible and, if possible, 72 hours at the latest after being made aware of such a breach, unless the violation in question is not likely to create a risk to candidates’ privacy. Members of the fr2s undertake to provide the relevant supervisory authority with the reasons for the delay when notification to the latter does not occur within 72 hours. Where a certain type of processing of personal data is likely to give rise to a high risk for the protection of the privacy of candidates, prior to this processing, fr2s members shall carry out an impact assessment of the processing operations envisaged for the protection of personal data. (Article 35 du RGPD).


Sending of applications with authorisation

Members of fr2s commit to operate in a professional capacity in all aspects of the relationship with the candidate, being respectful and acting without any form of discrimination. The candidate will only be presented to the client when the three following conditions have been met:

  • The candidate has been interviewed in person (or for logistical and geographical reasons, by video conference and in exceptional circumstances by phone interview. If the candidate has not had a face-to-face interview, members are bound to inform their client of such) ;
  • The candidate is made aware through the course of the recruitment process all information transmitted to the client ;
  • The candidate received the most complete and objective information on the vacancy.

These conditions also apply to anonymous applications. The sending of an anonymous application can only be justified if a candidate is not willing to divulge his or her identity (e.g.: when the name of the employee cannot be given upfront).


Reference checking

Members of fr2s commit to taking references only when the candidate gives his or her consent. When a candidate stipulates “ references available ” on his or her CV, this grants the member of fr2s the right to obtain those references.

Members of fr2s commit to ensure that candidates are protected during the reference checking process, and that clients conform with the relevant procedures to safeguard this privileged information.


Relationship candidate /member of fr2s

The members of fr2s commit to not charging the candidate for the services they provide.

The candidate is free to register with any recruitment agency of his or her choice.




Fr2s members undertake to treat the information provided by the client in a confidential manner before, during and after the tasks assigned by implementing the appropriate technical and organizational measures to ensure a level of security adapted to the risk (Article 32 du RGPD).

Members will ensure that all parties involved in ongoing research act with the utmost discretion with regard to the candidates submitted, particularly as regards the protection of personal data.


Transparency : methodology applied, the achieved targets and the fees


When starting a search, the recruitment agency will explain in a clear manner the applied methodology to find the right candidate (recruitment, direct approach). The employer and the recruitment agency will agree on the applicable fee in writing. Members commit to inform their clients on the progress of the search on a regular basis, being totally transparent at all times during the course of the recruitment process, while also respecting the code of ethics as stipulated in this document. Members also commit to disclose to their clients the type of interview that has been performed during the recruitment process (in person, video conference, phone).



Members of fr2s commit not to approach employees of the companies they have a business relationship with and recruit for. Each member will define the scope with their client that will apply to this clause. This clause is not applicable when candidates apply directly to the agency, unless there is an explicit agreement between the client company and the member of fr2s referring to this.



Members of fr2s commit to respect this code of conduct, to pay their annual fee and to be present or represented during each General Assembly. Members agree to participate as much as they can in initiatives and events (trainings, collaborations with partners) initiated by the board of management of fr2s in conformity with the statutory provisions. Members commit to promote and convey a positive image of fr2s through their interactions with their employees, clients, the Luxembourg authorities, candidates and in general through their professional environment.



Members will avoid any action that could have a negative impact on the association of fr2s, its members, or the general actions or initiatives of the association. Members agree not to harm the reputation of fellow members.



Members commit not to poach any employees of other members of fr2s.



Should a member not adhere to any one of these rules or harm the reputation of the Federation or one of its members, this member risks being dismissed from the Federation. The procedure applied will be the following:

  • Invitation of the member to a discussion with the board of fr2s – sent by the board by registered letter ;
  • Interview with the relevant party, who can be accompanied by another person of their choice;
  • Actions or proposals by the board of administration of fr2s.

Should the exclusion of the member come into force, no refund of the annual fee will be possible. This information will be communicated to all the members of the Federation.

This code is not immutable and is subject to change.

Last update : 2019
Code of conduct (EN)

Scroll to Top