Last updated: 1/24/2024
This Job Candidate Privacy Notice (“Notice”) describes what personal data we, Triple Whale, Inc. and our affiliates (“Triple Whale”, “we”, “our” or “us”) - collect and process on our job candidates and applicants (“Candidates”, “you” or “your”) with respect to our application and recruitment process, why we collect it and how we use it. It also describes how candidates may exercise their rights to such data held with us.
We strongly urge you to read this Notice and make sure that you fully understand and agree to it. If you do not agree to this Notice, please avoid providing us with your data.
You are not legally required to provide us with any personal data, but without it we may not be able to process your application.
1. What data do we collect, how do we collect it, and how do we use it?
Throughout the application and recruitment process, you may provide us (or we may otherwise have access to) personal data about you, such as your identifying data, contact details, resume/CV, work-related data, recommendations, social media activity, etc. We may collect this data directly from you, as you provide it voluntarily through your application and candidacy review process, or from other sources such as recruitment agencies, background check services (as applicable and subject to applicable law), or your references.
In some regions, we may also require you to submit sensitive data such as ethnicity, gender, and whether you have a disability, to ensure our compliance with our legal obligations under applicable law. We may also collect sensitive data about your prior criminal convictions and offences as part of our background checks for specific roles if permitted or required by law. To the extent legally required, we will obtain your explicit consent prior to any such collection and use.
For the purposes of the California Consumer Privacy Act (“CCPA”), in the last 12 months, we have collected the above-mentioned types of personal information about Job Candidates, which pertain to the following categories: Identifiers; Customer Record Information; Protected Characteristics; Professional or Employee-Related Information; Geolocation Data; Audio, Electronic or Similar Information; Education information; and Inferences from Personal Information collected. We may also require you to submit Sensitive Personal Information (as outlined above).
2. For what purposes do we use your data?
We will use and process your personal data as part of the employment application process at Triple Whale for the following business purposes and in reliance on the lawful bases detailed below:
If you reside in a territory governed by privacy laws under which “consent” is the only or most appropriate legal basis for the processing of personal data as described herein, your continued interaction with our application process means that you have had the opportunity to read this Notice and that you accept this Notice, and will be deemed as your consent to the processing of your personal data for all purposes detailed in this Notice, unless applicable law requires a different form of consent. If you wish to revoke such consent, please contact us at [email protected].
We do not use or disclose sensitive personal information outside of the purposes allowed by the CCPA.
3.Where do we store your data?
Your personal data will be maintained, processed and stored by Triple Whale and our Service Providers (as defined in Section 6 below) in relevant Triple Whale offices worldwide including Israel and the United States, in the applied position’s location(s), and other jurisdictions, as necessary for the proper processing of your candidacy.
While privacy laws may vary between jurisdictions, Triple Whale, its affiliates and Service Providers processing personal data on our behalf are each committed to protect personal data in accordance with this Notice, customary industry standards, and such appropriate lawful mechanisms and contractual terms requiring adequate data protection, regardless of any lesser legal requirements that may apply in the jurisdiction to which such data is transferred.
To the extent we transfer Candidates’ personal data originating in the European Economic Area (EEA), UK, or Switzerland to countries that have not been recognized as offering an adequate level of data protection by the relevant competent authority, we rely on appropriate contractual undertakings and data transfer mechanism as established under applicable law, such as the standard contractual clauses adopted by the EU (available here) and the UK (available here).
4. How long may we keep your data for?
We may retain Candidates’ data even after the applied position has been filled or closed. This is done so we can reconsider Candidates for other positions and opportunities at Triple Whale (subject to their specific consent, where required by law); so we may use their personal data as reference for future applications submitted by them; in case the Candidate is hired, for additional employment and business purposes related to their work; and as reasonably necessary to comply with our legal obligations, to resolve disputes, prevent fraud and abuse, enforce our agreements or otherwise protect our legitimate interests.
5. How do we secure your data?
Triple Whale has implemented physical, procedural and electronic security measures designed to protect the personal data of our Candidates consistent with applicable privacy and data security laws and regulations, including requiring service providers to use appropriate measures to protect the confidentiality and security of personal data. Please be aware that regardless of the measures we take and the efforts we make, we cannot and do not guarantee the absolute protection and security of any personal data stored with us.
6. Who will have access to your data?
Triple Whale will disclose your personal data to several selected third-party service providers, whose services and solutions complement, facilitate and enhance the processing of your application and our recruitment process. These include any recruitment firms or individuals that have referred you to us (or vice versa), candidate evaluation centers, applicant tracking systems, recruitment software providers, background checks providers, data storage and cybersecurity services, web analytics, and our business, legal, compliance and financial advisors (collectively, "Service Providers"). Such Service Providers may receive or otherwise have limited access to our Candidates’ personal data, depending on each of their particular roles and purposes in facilitating and enhancing our recruitment process, and may only use it for such purposes.
Additionally, we may disclose or otherwise allow access to any Candidates’ personal data pursuant to a legal request, such as a subpoena, search warrant or court order, or in compliance with applicable laws, with or without notice to you, if we have a good faith belief that we are legally required to do so, or that disclosure is appropriate in connection with efforts to investigate, prevent, or take action regarding actual or suspected illegal activity, fraud or other wrongdoing. We may also share your personal data with others, with or without notice to you, if we believe in good faith that this will help protect the rights, property or personal safety of Triple Whale, any of our customers or employees, or any member of the general public, including yourself or other applicants.
In addition, we may share personal data internally within our family of companies, for the purposes described above. Finally, should Triple Whale undergo any change in control, including by means of merger, acquisition or purchase of all or part of its assets, your personal data may be shared with the parties involved in such event.
For the purposes of the CCPA, in the past 12 months, we may have disclosed to the above-mentioned parties, the following categories of personal information relating to our Candidates: Identifiers; Customer Record Information; Protected Characteristics; Professional or Employee-Related Information; Geolocation Data; Audio, Electronic or Similar Information; Education information; Inferences from Personal Information collected; Sensitive Personal Information.
We do not sell or share your personal information for the intents and purposes of the CCPA.
7. Which cookies and tracking technologies do we use?
8. How can you exercise your rights?
If you wish to exercise your privacy rights under applicable law, such as the EU General Data Protection Regulation (GDPR), UK GPDR, or the CCPA, you may do so by contacting us via [email protected], Such rights may include – each to the extent available to you under the laws that apply to you – including the right to know/request access to your data, specific pieces of personal data collected, categories of data collected, and sources from whom it was collected, as well as the purposes of collecting it and categories of third parties to whom we have disclosed it; the right to request rectification or erasure of your personal data held with us; to port it or to restrict its processing; to object to any processing of your data based on our legitimate interests (as detailed in Section 2 above); to withdraw your consent to any processing of your data; or the right to equal services and prices (e.g., freedom against discrimination).
Please note that such rights are not absolute. There are instances where applicable law or regulatory requirements allow or require us to refuse to provide some or all of the personal data that we hold about you. In the event that we cannot accommodate your request, we will inform you of the reasons why, subject to any legal or regulatory restrictions.
You may designate an authorized agent, in writing or through a power of attorney, to request to exercise your privacy rights on your behalf. The authorized agent may submit a request to exercise these rights by emailing us.
Please note that we may require additional information, including certain personal data, in order to authenticate and process your request. Such additional information may be then retained by us for legal purposes (e.g., as proof of the identity of the person submitting the request), in accordance with Section 2 above.
Additionally, you have a right to lodge a complaint with a competent data protection authority, such as the supervisory authority in the EU Member State of your habitual residence, place of work, or of the alleged GDPR infringement, the UK’s Information Commissioner’s Office, or your State’s Attorney General (as applicable).
9. Will this Notice be updated?
We may update this Notice to reflect changes in our privacy practices. If we make any changes that we deem as "material", we will update this page prior to the change becoming effective.
10. What if you have any questions?
Triple Whale has appointed PrivacyTeam Ltd. as its Data Protection Officer (DPO), for monitoring and advising on Triple Whale’s ongoing privacy compliance and serving as a point of contact on privacy matters for data subjects and supervisory authorities. If you have any comments or questions regarding this Notice, if you have any concerns regarding your privacy, or if you wish to make a complaint about how your personal data is being processed by Triple Whale, you can contact our DPO at [email protected].
© Triple Whale Inc.
266 N 5th Street, Columbus OH 43209