Privacy Policies Hub

CANDIDATE PRIVACY NOTICE

 

Version: 1.0

Effective: October 22, 2024
Date Last Updated: December 10, 2024

 

TABLE OF CONTENTS:

  1. Introduction
  2. Who we are
  3. How is your personal data processed
  4. What personal data do we process
  5. How we use your personal data
  6. How we share your personal data
  7. International data transfers
  8. Data security
  9. Data retention
  10. Your data protection rights
  11. Automated decision-making
  12. Changes to this Privacy Notice
  13. Contacting us
  14. Supplementary information for California Candidates

1. INTRODUCTION

We are committed to protecting the privacy of your personal data. This Candidate Privacy Notice (“Notice”) applies to all candidates (“Candidate,” “You,” “Your”) of Cloud Linux Software, Inc. (“Us,” “We,” or “Our”) whose personal data is processed during the recruitment process. 

 

This Notice describes how we collect, use, store, and disclose personal data about individuals applying for open positions, those we contact regarding employment and contractual relationship opportunities, individuals expressing interest in such opportunities, attendees of recruitment events, and those undergoing interviews or assessments. It also outlines the rights Candidates may have concerning the personal data we process about them.

 

As used in this Notice, “Personal Data” or “Personal Information” refers to any information that relates to, identifies, or can reasonably be used to identify an individual, directly or indirectly.

This Notice does not cover:

  • Your interactions with our non-career websites or when you engage with our products and services;
  • Our processing of your personal data as an employee.

 

These processing activities are governed by other privacy notices, which will be provided to you as applicable. We recommend reading this entire Notice to ensure you are fully informed about how we collect, use, store, disclose, or otherwise process your personal information, as well as your privacy rights.

2. WHO WE ARE AND OUR DATA PROTECTION OFFICER

Cloud Linux Software, Inc. is registered at 20791 Three Oaks Pkwy, #980, Estero, FL 33929, USA, may access your personal data for recruitment purposes. If you have any questions about this Privacy Notice or want to know more about how we handle your personal data, please contact our Data Protection Officer (DPO) via email at: [email protected]

3. HOW IS YOUR PERSONAL DATA PROCESSED

In most cases, we collect personal data directly from you. We may also receive information from third parties (e.g., referrers, recruiting agencies, previous employers, and background check providers). Additionally, we use publicly available sources like job boards and social networking platforms to contact potential candidates. You are not legally required to provide us with your personal data. However, failure to provide certain information may prevent us from processing your application (e.g., if we cannot verify your right to work in the relevant country). Accurate and complete information is essential for the recruitment process.

4. WHAT PERSONAL DATA WE PROCESS

Subject to applicable law, we may collect the following categories of personal information during the application and recruitment process:

  • Identity and Contact Data: Full name, date of birth, gender, contact details (e.g., phone number, email address, messenger), photograph, work and personal references, and other similar contact data.
  • National identifiers and work eligibility information: This may include your national identification number, social insurance number, government-issued ID, nationality, visa status, residency, work permit status, and immigration information, where permitted by law.
  • Employment history and recruitment data: This includes your resume, work history, skills, qualifications, professional background, reference check, interview notes, social media profiles (if applicable), criminal background records, and other information revealed during background checks (subject to applicable law).
  • Educational information: Your academic history, degrees, certifications, training, and transcript information.
  • Sensitive personal information: Where permitted by law, we may process data related to racial or ethnic origin, health, or biometric data. Where the processing of this personal data is not required by law, we will seek your consent to process your data and, in the consent mechanism, we will explain the purposes for which we will use your data. This will be voluntary, and you may decide whether or not to give consent.
  • Video Interviews and Recording: We conduct candidate interviews using video technology, which may be used at various stages of the recruitment process. The company may record live video interviews to assist in evaluating candidates. However, candidates have the right to decline the recording of their interview, and doing so will not negatively impact their opportunity to interview with our company.
  • Other information: Any other information you voluntarily submit during your application (e.g., compensation history, professional portfolio).
  • Online data: Publicly available information such as LinkedIn profiles or other sources.
  • Usage data: Information collected during your interactions with our websites.

5. HOW WE USE YOUR PERSONAL DATA

We will use your personal data for the following purposes and related lawful bases:

 

Purpose of processing Lawful basis Types of personal data
To process job applications and manage our recruitment process, including reviewing information on application forms or CVs, shortlisting, setting up and conducting interviews and tests for applicants, evaluating and assessing the results, and communicating with applicants. Legitimate interests Consent

Identity and Contact Data;

National identifiers and work eligibility information;

Employment history and Recruitment Data;

Educational information;

Video interviews;

Other information;

Online data.
For pre-engagement verification, conducting reference checks and background screening (if and to the extent allowed by law), to enter into a contract with applicants.

Consent

Legitimate interest Legal obligations

Identity and Contact Data;

National identifiers and work eligibility information;

Employment history and Recruitment Data.
We reserve the right to record the interviews with Candidates as part of our recruitment process. 

Consent

Legitimate interest

 Video interviews.
To assess the Candidate’s suitability for other roles and provide information about other job opportunities which we consider may be of interest to applicants Legitimate interest Identity and Contact Data.
To defend against legal claims and potential litigation Legitimate interests  Any information relevant or potentially relevant to a dispute or legal proceeding affecting us.
For compliance with applicable legal, regulatory, and corporate obligations, including applicable licensing and other regulatory requirements imposed by relevant government authorities

Legal obligations

Legitimate interests

Identity and Contact Data;

National identifiers and work eligibility information;

Employment history and Recruitment Data;

Other information.
To assess effectiveness and improve our recruitment processes, analyzing and discovering trends Legitimate interests (e.g., to effectively organize our recruitment)

Identity and Contact Data;

Employment history and Recruitment Data;

Other information.

6. HOW WE SHARE YOUR PERSONAL DATA

6.1. Sharing with service providers. Your personal information may be disclosed to service providers who assist us with recruitment, background checks, or technological services. These providers are required to protect your data under strict contractual terms.

 

Type of service provider Purpose of sharing
Applicant Tracking System To manage and streamline the recruitment process, including receiving, reviewing, and processing applications
IT and Data Storage Services For secure storage and maintenance of Personal Data, ensuring accessibility and data integrity throughout the recruitment process
Background Checks Providers To perform pre-engagement checks, including verification of employment history, education, and, where applicable, criminal records 
Audit, Legal and Compliance Services To comply with legal obligations, audits, and any internal or external compliance reviews 
Electronic Signature Services To facilitate the signing of contractual relationship-related documents, such as contracts and agreements, in a secure and legally binding manner

6.2. Sharing under legal or regulatory obligations We may disclose your data to comply with legal requirements, court orders, or in the event of a merger or acquisition.

7. INTERNATIONAL DATA TRANSFERS

We work with providers globally and may transfer your data to countries outside the European Economic Area (EEA) or the UK. To ensure an adequate level of data protection, we implement the following measures:

 

Transfer Mechanism  Description
Adequacy decision We may transfer personal data to countries that have been officially recognized as providing an adequate level of data protection by the relevant regulatory authorities. For more information about “Adequacy decisions” for the EEA, click here. For information on “Adequacy regulations” for the UK, click here.
Appropriate safeguards We ensure appropriate safeguards by implementing binding standard data protection clauses approved by regulatory authorities. These clauses are enforceable by individuals within the United Kingdom and/or the European Economic Area. For more information about Standard Contractual Clauses for the EEA and UK, click here. For details on the international data transfer addendum and agreement for the UK, click here.
Derogations In certain cases, we may also transfer personal data based on specific derogations, such as the explicit consent of the individual, the necessity for contract performance involving the data subject, significant public interest, or the establishment, exercise, or defense of legal claims.

8. DATA SECURITY

We implement appropriate security, technical, and organizational measures to protect your personal data against theft, loss, or unauthorized access. We limit access to your data on a genuine business need-to-know basis. If you suspect that your personal data has been compromised, please contact us immediately for investigation. We have established procedures to address potential data security breaches and will inform you and any relevant regulator of a suspected breach, as legally required.

9. DATA RETENTION

We do not retain your personal data longer than necessary. The duration for which we keep your personal data varies depending on many factors. To determine the appropriate retention period for personal data, we consider the volume, nature, and sensitivity of the personal data, the risk of harm from unauthorized use or disclosure, the processing purposes, and whether these purposes can be achieved by other means, along with legal requirements.

When determining the relevant retention periods for your personal data, we will take into account factors including:

  • Legal obligations under applicable law;
  • Our legitimate interests (e.g., to protect our business against potential legal claims);
  • Guidelines issued by relevant data protection authorities.

For instance, the default data retention period for most processing activities is 3 years. However, please be aware that the specific retention period may vary depending on the country you are applying to work in. You can request information about the retention period applicable to you by contacting us at [email protected].

You have the right to ask for your data to be deleted at any time. When we no longer need to keep your personal data, we delete or anonymize it following applicable security standards, so it can never be linked back to an individual.

10. YOUR DATA PROTECTION RIGHTS

Under the applicable data protection laws, you have the following rights regarding your personal data:

  • Right to access. You have the right to obtain confirmation that your personal data is processed and to obtain a copy of your personal data.
  • Right to rectification. You have the right to ask us to rectify data you think is inaccurate. You also have the right to ask us to complete data you think is incomplete.
  • Right to erasure. You have the right to ask us to delete your personal data in certain circumstances.
  • Right to restriction of processing. You have the right to ask us to restrict the processing of your personal data in certain circumstances but we need to verify whether we have overriding legitimate grounds to use it.
  • Right to object to processing. You have the right to object to processing if we are able to process your data based on our legitimate interests. Please note that in some cases, we may demonstrate that we have legitimate grounds to process your data which override your rights and freedoms.
  • Right to data portability. You have the right to ask that we transfer the information you gave us from one organization to another, or give it to you. The right only applies if we are processing information based on your consent or under, or in talks about entering into a contract and the processing is automated.
  • Right to withdraw consent. When we rely on consent to process your personal data, you have the right to withdraw your consent at any time.
  • Right to complain. If you have concerns about how we handle your personal data, you can contact our Data Protection Officer (DPO) for assistance. Additionally, you have the right to file a complaint with the relevant data protection authority in your country.

You are not required to pay any charge for exercising your data protection rights. We have one month to respond to you. Please contact us at [email protected] if you wish to exercise your data protection rights. We may need to request specific information from you to confirm your identity before complying with your request.

11. AUTOMATED DECISION MAKING

Automated decision-making takes place when an electronic system uses personal data to make a decision without human involvement. We do not use automated decision-making that produces legal effects concerning you or similarly significantly affects you. Nevertheless, under the applicable data protection laws, you have the right to not be subject to a decision based solely on automated processing, without human involvement, that has a legal effect or significantly affects you. This right allows you to request the involvement of one of our employees or representatives in the decision-making process.

12. CHANGES TO THIS NOTICE

We may, from time to time, change or update this Notice. All changes to this Notice will be published on this page. We recommend that you revisit and read this Notice regularly to ensure that you are up-to-date. In case of substantial changes to this Notice, we will take additional steps to ensure you are aware of them.

13. CONTACTING US

If you have any questions or comments about this Notice or want to know more about how we use your personal data, please contact our Data Protection Officer (DPO) via email at: [email protected].

14. SUPPLEMENTAL INFORMATION FOR CALIFORNIA CANDIDATES

According to the California Consumer Privacy Act (“CCPA”), this section applies to certain personal data collected about Candidates who are California residents and supplements the rest of our Notice above. 

 

14.1. How We Collect, Use, and Share Your Personal Information

Sections 3-6 above contain information detailing the categories of Personal Data and to whom it was disclosed. We have not sold or shared personal data of Candidates. We only use Sensitive Personal Information, as defined by California law, consistent with the exceptions to the right to limit Sensitive Personal Information.

 

14.2. Your California Rights

You have certain rights regarding the Personal Information we collect or maintain about you. Please note these rights are not absolute, and there may be cases when we decline your request as permitted by law.

  • The right of access means that you have the right to request that we disclose what Personal Information we have collected, used, and disclosed about you in the past 12 months.
  • The right of deletion means that you have the right to request that we delete Personal Information collected or maintained by us, subject to certain exceptions.
  • The right to non-discrimination means that you will not receive any discriminatory treatment when you exercise one of your privacy rights.

 

CLOUD LINUX does not sell Personal Information to third parties (under California Civil Code §§ 1798.100–1798.199, also known as the California Consumer Privacy Act of 2018).

 

14.3. How to Exercise Your California Rights

You can exercise your rights yourself or you can alternatively designate an authorized agent to exercise these rights on your behalf. Please note that to protect your Personal Information, we will verify your identity by a method appropriate to the type of request you are making. We may also request that your authorized agent have written permission from you to make requests on your behalf, and we may also need to verify your authorized agent’s identity to protect your Personal Information.

Please use the contact details provided in this Notice, if you would like to:

  • Access this policy in an alternative format;
  • Exercise your rights;
  • Learn more about your rights or our privacy practices; or
  • Designate an authorized agent to request on your behalf.