GDPR Job Applicant Privacy Notice
Effective Date: May 23, 2018
Last reviewed: June 17, 2024
1. PURPOSE OF THIS DOCUMENT
This Job Applicant Privacy Notice (“Privacy Notice”) applies solely to candidates who are in the European Economic Area (“EEA”), United Kingdom, and/or Switzerland, and apply for an open position to work at ZipRecruiter (whether as an employee or a contractor) (“you” or “applicant”). This Privacy Notice does not apply to job seekers that use www.ziprecruiter.co.uk or any other ZipRecruiter website or application to search and/or apply for open positions with third-party companies.
This Privacy Notice explains the type of personal data we process, how and why we process it, and how long it will usually be retained. It provides you with certain information that must be provided under the General Data Protection Regulation ((EU) 2016/679), the United Kingdom General Data Protection Regulation and the UK Data Protection Act 2018.
ZipRecruiter UK Ltd. (the “Company”) and ZipRecruiter, Inc. (the “Parent Company”, and collectively with the Company, the “Group Companies”, “ZipRecruiter”, “our”, “we” or “us”) are each a ‘data controller’ with respect to personal data about you that is processed during the application, recruitment, interview, and/or any on-boarding process.
This Privacy Notice applies to processing of personal data wholly or partly by automated means, and to processing other than by automated means of personal data which forms or is intended to form part of a filing system. Personal data means any information about or relating to an identifiable individual; processing means doing anything with the data, including collecting, holding, disclosing, or deleting it.
DISCLAIMER: Providing you with this Privacy Notice is not an indication and does not guarantee that you will be interviewed for the position to which you applied or that you will be offered employment by the Group Companies.
2. THE KIND OF INFORMATION WE HOLD ABOUT YOU
During the course of our recruitment process, we may collect, store, and use the following categories of personal data:
- Personal contact details such as name, title, address and location, telephone number, and email address.
- Social media accounts that you choose to provide as part of your application (such as your LinkedIn profile).
- Employment history and other relevant professional experience, including information contained in your curriculum vitae (CV), cover letter, or job application, such as your employment history, qualifications, and/or professional memberships.
- Education information, including degrees awarded, educational achievements, transcripts, graduation year and other information provided in support of the job application.
- Information collected during phone screenings and interviews, or information you provide in emails to us.
- Details regarding the type of employment sought, desired salary, willingness to relocate, job preferences, and other information related to compensation and benefits.
- Reference information and information you provide during any background check, where applicable.
- The results of any checks we make to verify the information you provide.
- Information necessary to demonstrate your ability to work in a particular jurisdiction.
- Other information that you provide and/or that we may need to collect during the recruiting and/or during any on-boarding process prior to employment (for example, if you are traveling for an interview with us, we may need to collect your date of birth, gender and/or other information to book your flight).
- Information that records the fact that we received your application and our assessment of it.
- If relevant, information concerning your health, or any disability in connection with any adjustments you may need for any interview or ongoing working arrangements.
- Information about your nationality, racial and ethnic origin, gender, sexual orientation, religion, disability and/or age in relation to our monitoring of diversity and equal opportunities.
3. HOW YOUR PERSONAL DATA IS COLLECTED
The majority of personal data about you that we process comes from you. For example, you tell us your contact details. Other personal data about you may come from the following sources:
- Recruitment or staffing agencies (if you applied through this method)
- Current employees
- Through our own recruiting efforts
- From your references
4. HOW WE USE YOUR PERSONAL DATA
We will use your personal data in connection with carrying out our application, recruitment, and on-boarding process (as applicable), including to:
- Process and review your job application, including any cover letter, CV, and/or references.
- Consider you for employment opportunities and assess your skills, qualifications, and interests for a particular position.
- Contact you if we need more information related to your application or to respond to questions from you.
- Schedule and/or conduct an interview with you.
- Record the fact of your application for a role and our assessment of your application and suitability.
- Reimburse you for any travel expenses relating to interviews and/or any on-boarding prior to employment.
- Verify your information and carry out employment or reference checks.
- Communicate with you about the recruitment process and your application.
- Manage any on-boarding process or procedures
- Keep records related to our hiring processes, and monitor diversity and equal opportunities.
- Analyze and assess the effectiveness of our recruiting processes.
- Comply with legal, compliance, regulatory, and/or other corporate governance requirements (including, for example, to ensure compliance with applicable non-discrimination laws).
- Protect the rights and property of the Group Companies, other job applicants, our employees, or the public.
- Detect and protect against security incidents and malicious, deceptive, fraudulent or illegal activity, or violations of Group Companies’ policies or the law; for fraud and crime prevention; and for information protection and cybersecurity.
- Collect information for internal business, product, strategy, and technological development.
- Comply with our disaster recovery, business continuity, and record keeping obligations.
5. OUR LEGAL BASIS FOR PROCESSING YOUR PERSONAL DATA
We will only process your personal data where permitted by applicable law. Most commonly, we will use your personal data in the following circumstances:
- Where processing is necessary for our or a third party's legitimate interests. For example, it is in our legitimate interests to decide whether to appoint you to the position to which you applied, since it is beneficial to our business to appoint a suitable candidate to that position. Your data will not be processed on this basis if our or a third party's interests are overridden by your own interests, rights and freedoms.
- Where processing is necessary to comply with our legal obligations. For example, we need to perform our legal obligations in relation to your right to work in the U.K., to provide a safe place to work and to avoid unlawful discrimination.
6. PROCESSING SENSITIVE PERSONAL DATA
If we process sensitive personal data about you, as well as ensuring that one of the grounds for processing mentioned above applies, we will make sure that one of the grounds for processing sensitive personal data applies, including (for example) that the processing is for equality and diversity purposes to the extent permitted by law.
7. IF YOU FAIL TO PROVIDE PERSONAL DATA
If you fail to provide information when requested, which is necessary for us to consider your application (such as evidence of qualifications or work history), we may not be able to process your application successfully. For example, if we require references and you fail to provide us with relevant details, we will not be able to take your application further.
8. AUTOMATED DECISION-MAKING
You will not be subject to decisions that will have a significant impact on you based solely on automated decision-making.
9. WHO GETS TO SEE YOUR DATA
Personal data about you may be disclosed to managers, ZipRecruiter’s People Team and administrators for employment, administrative and management purposes as mentioned in this Privacy Notice. We may also disclose this to other members of our Group Companies.
10. DATA SHARING
We may share your personal information with the following third parties:
- Service providers used to assist us with administering the recruitment process, and only for that purpose. We require all our third-party service providers, by written contract, to implement appropriate security measures to protect your personal information consistent with our policies and any data security obligations applicable to us.
- Professional advisers, such as lawyers, bankers, auditors and insurers who provide consultancy, banking, legal, insurance, financial, auditing, and accounting services to us so we can operate our business.
- Law enforcement agencies, courts, supervisory authorities, regulatory bodies and certain other third parties, to the extent that we are permitted or required to do so by applicable law, or in order to comply with our legal and regulatory obligations, or in the interests of national security, or to respond to verified requests relating to a criminal investigation or alleged or suspected illegal activity.
- To protect the rights, property, or safety of Group Companies, our services, employees or others, or to investigate, prevent, or take action regarding suspected or actual illegal activities.
11. DATA TRANSFER
We are headquartered in the United States.
The information that you provide or that we collect in connection with the application, recruitment, or on-boarding process, will be transferred outside the EEA and the U.K. to our Group Companies and/or to where we have engaged data processors or subprocessors.
We will ensure that any such transfer is lawful and that there are appropriate safeguards in place. All our third-party service providers and any Group Companies are required to take appropriate security measures to protect your personal data in line with our policies. We do not allow our third-party service providers to use your personal data for their own purposes. We only permit them to process your personal data for specified purposes and in accordance with our instructions.
We have entered into an agreement ensuring appropriate and suitable safeguards with our Group Companies. This is in standard terms adopted by the U.K. Information Commissioner (“ICO”) and approved by the European Commission. If you would like further details about these safeguards please contact [email protected].
12. DATA SECURITY
We have implemented appropriate physical, technical, and organizational security measures designed to secure your personal data against accidental loss and unauthorized access, use, alteration or disclosure. In addition, we limit access to your personal data to those employees, agents, contractors, and other third parties who have a legitimate business need for such access. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
13. DATA RETENTION
We keep the personal data that we obtain about you during the recruitment process for no longer than is necessary for the purposes for which it is processed. How long we keep your personal data will depend on whether you become employed by us, the nature of the personal data concerned, and the purposes for which it is processed.
14. RIGHTS OF ACCESS, CORRECTION, ERASURE, AND RESTRICTION
Under certain circumstances, by law you have the right to:
- Request access to your personal data (commonly known as a “data subject access request”). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
- Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
- Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have exercised your right to object to processing (see below).
- Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal data for direct marketing purposes.
- Request the restriction of processing of your personal data. This enables you to ask us to suspend the processing of personal data about you, for example if you want us to establish its accuracy or the reason for processing it.
- Request the transfer of your personal data to another party.
We are unlikely to rely on consent as a ground for processing. However, if we do, you may withdraw consent at any time – though if you do so that will not affect the lawfulness of what we have done before you withdraw consent.
If you want to review, verify, correct or request erasure of your personal data, object to the processing of your personal data, or request that we transfer a copy of your personal data to another party, please contact us at the email address listed below.
15. CONTACT OR QUESTIONS
If you have any questions about this Privacy Notice or how we handle your personal data, please contact us at [email protected] or at the mailing addresses listed below.
If we are not able to address your concern and if you are located in the EEA, Switzerland, or the U.K., you have the right to lodge a complaint with the Data Protection Authority where you are located or where the issue took place. For contact details of your local Data Protection Authority, please see www.ec.europa.eu/justice/data-protection/article-29/structure/data-protection-authorities/index_en.htm. Contact information for the Information Commissioner’s Office (ICO), which is the supervisory authority in the U.K. can be found at https://ico.org.uk/make-a-complaint.
U.S. Mailing Address |
U.K. Mailing Address |
|---|---|
ZipRecruiter, Inc. |
ZipRecruiter UK Ltd. |
Article 27 Representatives | |
|
EU GDPR Representative: ZipRecruiter, Inc. |
U.K. GDPR Representative: ZipRecruiter UK Ltd. |