Last Modified: September 13, 2018
Introduction and scope of privacy notice
This Recruitment Privacy Notice explains the type of information we process, why we are processing it and how that processing may affect you.
What do we mean by "personal data" and "processing"?
"Personal data" is information relating to you (or from which you may be identified) which is processed by automatic means or which is (or is intended to be) part of a structured manual filing system. It includes not only facts about you, but also intentions and opinions about you.
"Processing" means doing anything with personal data. For example, it includes collecting it, holding it, disclosing it or deleting it.
Personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, health, sexual orientation, sex life, trade union membership and genetic and biometric data are subject to special protection and considered by EU privacy law to be "sensitive personal data".
Your personal data
We process your personal data for the purposes of fulfilling our recruitment practices. Some of the personal data that we process about you comes from you. For example, you tell us your contact details, like your first and last name, email address, and phone number. Other personal data about you is generated from references and third party companies such as recruitment agencies, and information about you that is available on the internet, such as from Facebook, LinkedIn, Twitter and Google. Your personal data will be seen internally by managers, administrators and HR. We may also share your data with external law firms for assessment of employment permits and visa options.
During the recruitment process, we try not to collect or process any “Sensitive Personal Information” unless authorized by law or where necessary to comply with applicable laws. Sensitive Personal Information includes the following: information that reveals your racial or ethnic origin, religious, political, or philosophical beliefs, or trade union membership; genetic data; biometric data for the purposes of unique identification; or information concerning your health, sex life, or sexual orientation.
How long do we keep your personal data?
If you are successful in your application your data will be kept on your personnel/employee file. We retain Personal Information that you provide to us where we have an ongoing legitimate business need to do so. When we have no ongoing legitimate business need to process your personal data, we securely delete the information or anonymise it or, if this is not possible, then we will securely store your personal data and isolate it from any further processing until deletion is possible. Generally this means your personal information will be kept for the duration of the application process plus a reasonable period of time after confirmation that your application was unsuccessful. We will delete this information from the servers at an earlier date if you so request, as described below.
Transfers of personal data outside the EEA
We are headquartered in the United States. Therefore, we may transfer your personal data outside the EEA to members of our group and to sub-processors. You can review the list of sub-processor in Appendix C (below). Where necessary these transfers are covered by an intra-group transfer agreement ensuring appropriate and suitable safeguards with our group members. If you wish to see details of these safeguards, please contact HubSpot by emailing email@example.com.
Legal grounds for processing personal data
What are the grounds for processing?
Under data protection law, there are various grounds on which we can rely when processing your personal data. In some contexts more than one ground applies. Three of those grounds can be summarised as Legal Obligation, Legitimate Interests, and Consent. We outline what those terms mean below:
Processing sensitive personal data
If we process sensitive personal data about you, as well as ensuring that one of the grounds for processing mentioned above applies, we will make sure that one of the grounds for processing sensitive personal data applies, including (for example) that the processing is for equality and diversity purposes to the extent permitted by law.
Further information on the data we process and our purposes
Examples of the data and the grounds on which we process data are explained below. This is not an exhaustive list of examples.
Who gets to see your data?
Your personal data may be disclosed to managers, HR and administrators for employment, administrative and management purposes as mentioned in this document. We may also share your data with external law firms for assessment of employment matters, permits, and visa options. We may also disclose this to other members of our group.
Access to your personal data and other rights
You have a legal right to make a "subject access request". If you exercise this right and we hold personal data about you, we are required to provide you with information on it, including a description and copy of the personal data and an explanation of why we are processing it. If you make a subject access request and there is any question about who you are, we may require you to provide information from which we can satisfy ourselves as to your identity.
You have the right to complain to a data protection authority about our collection and use of your personal information.
You may also raise complaints with the statutory regulator in your jurisdiction.
Please see the Appendix relevant to the jurisdiction in which you applied for a position for information about the relevant statutory regulator.
Contact detailsIn processing your data we, and in some cases our group companies, may act as a data controller. Please contact us by emailing firstname.lastname@example.org.