Candidates Privacy Notice
Last Updated: June 14, 2023
This Job Candidate Privacy Notice (“Notice”) describes the types of Personal Data or Personal Information (as defined below) collected and processed by Akeyless Security Ltd., together with its affiliates and subsidiaries (collectively “Akeyless”, “we” or “us”) from its job candidates and applicants (“Candidates”, “you” or “your”) during the recruitment process and thereafter. As a global company, this Notice applies to Candidates in Israel, the EU, the US and other locations around the world as applicable, and is subject to applicable data protection laws, including the Israeli Protection of Privacy Law 5741-1981 (“IPPL”), the EU General Data Protection Regulation (Regulation 2016/679) (“GDPR”), and the California Consumer Privacy Act of 2018 as revised and amended by the California Privacy Rights Act of 2020 (“CCPA”, and collectively “Data Protection Laws”).
This Notice will further explain how we handle, use and disclose your Personal Data, what are your applicable right regarding your Data and how you can exercise them.
Please note, you are not obliged by law to provide us with any Personal Data. However, we must obtain certain types of Personal Data in order to process and examine your job application.
Under the applicable Data Protection Laws, Akeyless is considered as the “Database Owner”, the “Controller” or the “Business” in regards to its Candidates’ Personal Data. This means that we are responsible for deciding how we hold and use your Personal Data (as shall be described herein), as well as to implement applicable measures in order to secure your Personal Data we hold, and where applicable, enable you to exercise your rights.
For the purpose of this Notice, the term “Personal Data” or “Personal Information” refer to individually identifiable information, namely information that identifies an individual or may with reasonable effort identify an individual. For example, it could include your name, national ID number, social security number, email address and other contact information (including your email address and telephone number), etc. Personal Data may further include, and Akeyless may further collect and process types of information defined under applicable Data Protection Laws as “Sensitive Data” or “Sensitive Personal Information” (or the equivalents under applicable Data Protection Laws) which might refer to a Candidate’s social security number, state identification card, professional qualifications, etc.
It is important that you read this Notice, together with any other notices that might be provided on specific occasions when we are collecting Personal Data about you, so that you are aware of how and why we are collecting and using such Personal Data. For any questions or concerns you might have regarding your Personal Data please contact our privacy team at: [email protected].
1) THE TYPES OF PERSONAL DATA WE COLLECT1
The specific types of Personal Data Akeyless collects, the purpose of use and the lawful basis for each use, are detailed under the table below:
|Categories and types of Personal Data
|Purpose of collection and use
|Lawful bases for candidates located in the EEA or UK
|Categories under the CCPA
|● Personal identification information: such as full name, date of birth, and government-issued identification number (e.g., ID, SSN, passport number).
● Contact information: such as email address, phone number, and address.
● Employment history: such as previous employers, job titles, dates of employment, responsibilities, achievements, etc.
● Education and qualifications: such asinformation on educational institutions attendance and dates, degrees or certifications obtained, fields of study, etc.
● Skills, abilities, and expertise: such asinformation related to the Candidate’s relevant competencies, skills, language proficiency, and any other expertise that may be pertinent to the position being applied for.
● Assessment results: information gathered from tests, interviews, or assessments conducted during the recruitment process to evaluate the Candidate’s suitability for the role.
Further, and to the extent applicable:
● Background check information: information obtained through background checks, such as, subject to applicable laws, criminal records and verification of employment and education history.
● Eligibility to work: information regarding the Candidate’s legal right to work in the relevant country, such as citizenship or visa status.
● Communication and internal records: such as correspondence, and records of phone calls or other interactions between the Candidate and Akeyless during the recruitment process.
● Any additional information voluntarily included by the Candidate in its resume (CV), and supporting documents submitted by the Candidate.
If, and to the extent applicable:
● Equal opportunity data: information provided voluntary by the Candidate related to gender, race, ethnicity, national origin, disability and medical or health condition, veteran or military status or other protected characteristics for the purpose of monitoring equal opportunity policies and practices.
|● Job Application evaluation: to assess the Candidate’s qualifications, skills, and suitability for the position applied for, and to identify potential matches with other open positions within Akeyless.
● Communication: to facilitate our correspondence with the Candidate during the recruitment process, including scheduling interviews, providing updates, and addressing inquiries.
● Verification and reference checks: to verify the accuracy of the information provided by the Candidate, including employment history, education, and professional references, as well as conducting background checks where necessary.
● Compliance with legal requirements: to ensure adherence to relevant employment laws, regulations, and industry standards.
● Eligibility to work: to confirm the Candidate’s legal right to work in the relevant country and comply with immigration requirements, if applicable.
● Decision-making and selection: to facilitate the decision-making process, compare Candidates, and ultimately select the most suitable individual for the position.
● Record-keeping and documentation: to maintain a record of the recruitment process, including Candidate evaluations, assessments, and decisions, this may be used for future reference or to address potential disputes or legal claims.
● Administration and performance of human resources related duties, obligations and procedures.
● Continuous improvement: to analyze and refine our recruitment strategies, practices, and processes.
● Equal opportunity monitoring: Akeyless is committed to equal opportunity in the workplace. We do not discriminate, either directly or indirectly, on the grounds of sex, sexual orientation, gender identity, race, ethnic origin, religion, belief, disability, marital status, creed, nationality, national origin, color, or age. We may ask for information on the ethnic origin, gender, and disability of a Candidate for the purpose of monitoring equal opportunity and ensuring Akeyless diversity and inclusion as required and permitted under applicable laws.
● Record-keeping and documentation: to maintain a record of the recruitment process, which may be used for internal and external reporting responsibilities (e.g., legal and regulatory requirements), future reference or to address potential disputes or legal claims.
● Administration and performance of human resources related duties, obligations and procedures.
|We collect and process these types of Personal Data only where we have lawful bases for doing so under applicable laws. The lawful bases depend on the type of Personal Data and the purpose we process it. This means we collect and process such Personal Data only where:
● We need it to administer an employment contract with you;
● It satisfies a legitimate interest which is not overridden by your privacy rights (e.g., assessing your suitability, evaluating our recruiting processes, protecting our legal rights and interests);
● You provide us consent for a specific purpose (e.g., where applicable for certain background checks);
● We need to comply with a legal obligation (e.g., conducting legally required background checks); or
We deem required, for exercise, establish, or defend any legal claims at present or any future claim.
|Category A – Identifiers.
Category B –
Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)).
Category C –
Protected classification characteristics under California or federal law.
Category I –
Professional or employment-related information.
Category L –
Sensitive personal information.
1 This table also represents the Personal Information collected by Akeyless in the preceding 12 months.
* Please note that the specific types of Personal Data collected may vary depending on the position and legal requirements.
2) CATEGORIES OF SOURCES OF PERSONAL DATA
- Personal Data that you directly provide – this includes information you share when you submit your application; and
- Personal Data provided by third parties – recruitment agencies, background check services (as applicable and subject to applicable law), or your references former employers, etc.
3) WITH WHOM WE SHARE YOUR PERSONAL DATA
We share your Personal Data with third parties, including within our corporate group and with our employees, contractors, consultants and service providers that help us with our business operation as well as administration and performance of human resources related duties, obligations and procedures, including where needed to establish, manage or terminate your employment or other engagement with Akeyless. We take applicable measures to ensure your Personal Data will be accessed only by those who has such need in order to perform their tasks and duties, and by third parties who need such access in order to provide their services as required by Akeyless and in accordance with our instructions.
Below you can find information about the categories of such third-party recipients.
|Category Of Recipient
|Category of Personal Data
|Purpose of Sharing
|Akeyless Affiliates or Corporate Group
|All types of Personal Information (Category A, B, C, I, L)
|We may share Personal Data with our affiliates or corporate group to allow us to manage our recruitment process as a global group at the organizational level, and for human resources management. This will include information shared with third party including by way of merger, acquisition or purchase of all or part of its assets, your personal data may be shared with the parties involved in such event.
|Contractors and Service Providers
|All types of Personal Information (Category A, B, C, I, L)
|We may disclose Personal Data to our trusted agents and service providers (including, for example, human resources agencies, recruitment management providers, cloud providers, etc.). We share your Personal Data with such third parties so that they can perform the necessary services applicable through the requirement process on our behalf. These entities are prohibited from using your Personal Data for any purposes other than providing us with requested services.
|Third parties you have requested us to share your Personal Data with
|All types of Personal Information per your request (Category A, B, C, I, L)
|To the extent permitted under applicable laws, we will share your Personal Data as you request us to share. In such event, the provision of your Personal Data will be subject to such third parties’ policies and practices only.
|Governmental agencies, or authorized third parties
|Subject to law enforcement authority request.
|In the event of legal and law enforcement inquiry we may disclose certain Personal Data, such as in response to verified requests relating to criminal investigations or alleged illegal activity, or any activity that may expose us, you, or any other third party to legal liability, and solely to the extent necessary to comply with such purpose.
We may further share Personal Data where and to the extent needed to protect you, or third parties; enforce our policies and agreements or defend our rights, including the investigation of potential violations, alleged illegal activity, or addressing fraud or security issues; as well as in response to disputes, claims, demands, or legal proceedings involving you and us or any third party as required to defend our legitimate interests and as permitted under law.
We will not “sell” nor “share” your Personal Data (as such terms are defined under the CCPA) with third parties for their marketing purposes, or for other advertising purposes.
4) WHERE DO WE STORE THE CANDIDATE DATA?
Due to our global operation, your Personal Data may need to be processed or accessed in countries other than your jurisdiction, including, for example, when shared or accessed by our service providers or other affiliates. This may include transfer of Personal Data to the State of Israel, or to the US.
Akeyless only transfers Personal Data to another country, including within its corporate group, in accordance with applicable Data Protection Laws. We take appropriate measures to ensure that your Personal Data receives an adequate level of protection, including by using contractual obligations or other data transfer mechanisms that were per-approved by applicable data protection authorities to ensure your Personal Data is protected.
5) INFORMATION SECURITY
We take great care in implementing and maintaining the security of your Personal Data. We employ industry standard procedures and policies to ensure the safety of Personal Data and prevent unauthorized disclosure or use of any such. In addition, we limit access to your Personal Data to those employees, agents, contractors and other third parties who have the “need to know”. They will only process your Personal Data on our instructions. We have implemented technical, physical and administrative security measures to protect the Personal Data we collect and store, including procedures to detect and manage suspected or actual security breach.
Although we take reasonable steps to safeguard information, we cannot be responsible for the acts of those who gain unauthorized access or abuse our systems and network, and will not always be able to prevent such access.
Subject to applicable laws requirements, we will notify you and the appropriate authorities in the event that we discover a security incident or breach related to your Personal Data.
6) DATA RETENTION
Your personal data will be stored in accordance with applicable laws and kept as long as needed to carry out the purposes described in this Notice (or as otherwise required by applicable law). If you are successful with your job application, your Personal Data will be kept in accordance with our Employee Privacy Notice. If you are unsuccessful with your job application, your personal data will be kept for the duration of the application process, plus a reasonable period of time after confirmation that your application was unsuccessful to allow us to record the reasons for our decision in relation to your application (including so that we can exercise, establish, or defend any legal claims). Where permissible under applicable laws, or subject to your consent, we may also retain your Personal Data for a reasonable period to consider you for other suitable openings within Akeyless in the future.
If you would like to opt-out from Akeyless’ policy of retaining your information for the purposes of considering you for other suitable openings, please contact us at: [email protected], or as detailed under our Data Subject Request form available here.
7) YOUR RIGHTS RELATED TO YOUR PERSONAL DATA AND HOW TO EXERCISE THEM
Under certain circumstances, subject to applicable Data Protection Laws and the exceptions under such law, you may have the following principal rights related to your Personal Data:
- The right to know what Personal Data we collect about you, the purpose of collection, with whom we share your Personal Data, and additional information such as the categories of sources from which the Personal Data is collected – as provided under this Notice;
- The right to request access and inspect your Personal Data. This right entitles you to receive a copy of certain Personal Data we hold about you;
- The right to correct inaccuracies in your PersonalData. This right entitles you to have any incomplete or inaccurate Personal Data we hold about you corrected;
- The right to restrict and delete the Personal Data we collect about you. This right entitles you to request us to delete Personal Data where there is no good reason for us to continue processing it (as permitted under applicable Data Protection Laws);
- The right to request the transfer of your Personal Data to another party (commonly known as “data portability”);
- The right to withdraw your consent at any time.
- The right to object to the processing of your Personal Data that was based on a public or legitimate interest
- The right not to be subjected to automated decision making and profiling; and
- Exercise your privacy rights without receiving discriminatory treatment by Akeyless.
We sometimes need to request specific information from you to help us confirm your identity and ensure the requested rights apply to you. This is another appropriate security measure to ensure that Personal Data is not disclosed to any person who has no right to receive it. Information provided in connection with such request will be processed only for the purpose of processing and responding to your request, and it may be shared with our legal and administrative teams.
We reserve the right to periodically revise this Notice, which will have immediate effect upon posting of the revised Notice on our website. The last revision date will be reflected in the “Last Updated” heading at the top of the Notice. We will make a reasonable effort to provide a notice if we implement any changes that substantially change our privacy practices or your rights. We recommend you review this Notice periodically to ensure that you understand our privacy practices and to check for any amendments.