Code42 Applicant Privacy Statement

Effective: May 18, 2018

Code42 Software, Inc. (“Code42”) knows that you care about your personal data, and your privacy is important to us. This Applicant Privacy Statement explains what personal data we collect in connection with employee recruiting, how we use that data and your privacy rights. For information about how we collect and use personal data collected through our website (which occurs while you are applying for a position), see our Privacy Statement. This Applicant Privacy Statement provides the following information:

Personal data that we collect
How we use personal data
When we share personal data
How long we retain personal data
When we transfer personal data to other countries
How we secure personal data
How our Privacy Shield certification applies
Your privacy rights
Changes to this Applicant Privacy Statement
How you can contact us
Code42 affiliates

Personal data that we collect
To process your application, we ask you to provide personal data. You provide this information voluntarily, and you determine what information to provide. However, some information is required to complete our evaluation of your application, and without sufficient information we will have only a limited ability to evaluate you as a candidate. We also receive information from other sources. The following are examples of the types of personal data that we use for employee recruiting:

  • Personal data that you provide: We request personal data, including information about your educational and employment background, contact information and preferences, job qualifications and job interests. You may provide additional information like your CV, resume, transcripts, references and compensation request.
  • Sensitive personal data that you provide: If permitted or required by applicable law, we also request information treated as sensitive personal data. This may include your government-issued identification number (such as a social security number or driver’s license number), information relating to your race or ethnic origin, physical or mental health or condition, sexual orientation, trade union membership, and any related legal actions. If you provide this information, it will not be viewable during the selection or hiring process.
  • Data we receive from other sources: We obtain information about you from other sources, to the extent permitted by applicable law. We receive information from third parties such as employment research firms, recruiters, identity verification services, and other websites on the Internet (for example, LinkedIn). In addition, where permitted by law, we use a third party to carry out a background check to determine your suitability for a position.

How we use personal data
Code42 uses your personal data collected in connection with recruiting. For EU data subjects, we process your personal data as a data controller pursuant to your request that we consider you for employment and our legitimate interest in doing so. For example, we use your personal data: (i) to process and evaluate your application and make hiring decisions; (ii) to communicate with you and inform you of current and future career or scholarship opportunities (unless you tell us that you do not want us to keep your data for that purpose); (iii) to manage and evaluate the effectiveness of our recruiting and hiring processes; (iv) to conduct reference and background checks where required or permitted by applicable local law; and (v) for compliance with corporate governance and legal and regulatory requirements. If you are hired, your personal data will be used as part of your employee record under our Employee Privacy Statement.

When we share personal data
We share your personal data only as necessary to evaluate your application.  We do not sell your information to others or share it except as described below.
  • Code42 affiliates:  If you will be employed by a Code42 affiliate, for example if you are located in the United Kingdom or Germany, Code42 will share your personal data with that affiliate to process your application and notify you of other opportunities.  Our affiliates will process your data as data controllers and will treat your personal data in accordance with this Applicant Privacy Statement.  See “Code42 affiliates” for more information about these Code42 Affiliates.
  • Service providers:  Code42 uses other companies and individuals to provide services on its behalf.  For example, we use vendors to assist with recruiting, employment consulting, legal review and background checking.  Those service providers have access to the personal data required to provide their services and are prohibited from using the personal data for any other purpose.
  • Business transfers:  In the event that Code42 or substantially all of its assets are acquired, the personal data held by Code42 will be one of the transferred assets.
  • Protection of Code42 and others:  Code42 shares personal data when required by law or to respond to legal process, to protect others, and to protect the rights or property of Code42.
  • With your consent:  Except as described above, we will provide you with notice when your personal data will be shared with third parties, and you may choose not to share that information.

How long we retain personal data
If you are hired, your personal data will be used as part of your employee record under our Employee Privacy Statement. If you are not hired, Code42 will retain your personal data for three years. You can request deletion of your personal data at any time (see “Your Privacy Rights” for further information) and we will consider your request in accordance with applicable laws.

When we have no justifiable business need to process your personal data, we will either delete or anonymize it. If this is not possible (for example, because your personal data has been stored in backup archives), then we will securely store your personal data and isolate it from any further processing until deletion is possible.

When we transfer personal data to other countries
Code42 is headquartered in the United States, and we have entities, operations and service providers in the United States and throughout the world. We and our service providers may transfer your personal data to, or access it from, counties other than the one in which you are located. Some of these countries might have data protection laws less stringent than, or different from, the laws in effect in the country in which you are located. We will take steps to ensure that your personal data receives an adequate level of protection where it is processed. For additional information, see “How does our Privacy Shield certification apply?”

How we secure personal data
Code42 uses administrative, organizational, technical and physical safeguards to protect your personal data. For example, we use physical access controls, encryption, Internet firewalls, intrusion detection and network monitoring depending on the type of data. We require our service providers to use appropriate security measures.

How our Privacy Shield certification applies
Code42 participates in, and has certified its compliance with, the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework. We are committed to subjecting all personal data received from European Union (EU) member countries and Switzerland, respectively, in reliance on each Privacy Shield Framework, to the Framework’s applicable Principles. To learn more about the Privacy Shield Frameworks, and to view our certification, visit the U.S. Department of Commerce’s Privacy Shield List.

Code42 is responsible for the processing of personal data it receives, under each Privacy Shield Framework, and subsequently transfers to a third party acting as an agent on its behalf. Code42 complies with the Privacy Shield Principles for all onward transfers of personal data from the EU and Switzerland, including the onward transfer liability provisions.

With respect to personal data received or transferred pursuant to the Privacy Shield Frameworks, Code42 is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission. In certain situations, we may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

In compliance with the Privacy Shield Principles, Code42 commits to resolve complaints about our processing of your personal data. Individuals with inquiries or complaints regarding our Privacy Statement should first contact Code42 at privacy@code42.com.

If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third party dispute resolution provider (free of charge).

Under certain conditions, more fully described on the Privacy Shield website, you may be entitled to invoke binding arbitration when other dispute resolution procedures have been exhausted.

Your privacy rights
  • Updating Your Information: If you would like to update personal data that you have provided to us, please logon to our online applicant portal, such as Jobvite, and update your profile.  You must ensure that the information you provide to us is honest, accurate and not misleading in any way.
  • Additional Rights for the EEA and Certain Other Territories: If you are located in certain territories (such as the European Economic Area), you have the right to exercise other privacy rights available to you under applicable laws.  These additional rights are described below:Right of access: You may have the right to access the personal data that we hold about you.Right of erasure: In certain circumstances, you have the right to the erasure of personal data (for example if it is no longer necessary for the purposes for which it was originally collected).Right to object to processing: You have the right to request that Code42 stop processing your personal data, and we will do so if we rely on our legitimate interest to process your personal data – unless we demonstrate compelling legitimate grounds to continue the processing.Right to rectification: You have the right to require us to correct any inaccurate or incomplete personal data.Right to restrict processing: You have the right to request that we restrict processing of your personal data in certain circumstances (for example, where you believe that the personal data we hold about you is not accurate or lawfully held).Right to lodge a complaint with the data protection authority: If you have a concern about our privacy practices, including the way we handled your personal data, you can report your concerns to the data protection authority that is authorized to hear those concerns.

If you would like to exercise any of the above rights, please contact privacy@code42.com so that we can consider your request under applicable law. To protect your privacy and security, we will take steps to verify your identity before complying with the request.

Changes to this Applicant Privacy Statement
Our business changes constantly, and our Applicant Privacy Statement will change also. We may e-mail periodic reminders of our Applicant Privacy Statement, but you should check our website frequently to see recent changes. If you are located in certain territories (such as the European Economic Area), we will notify you of any material or substantive changes to this Applicant Privacy Statement as required by applicable law.

Unless stated otherwise, our current Applicant Privacy Statement applies to all information that we have about you. But we will never materially change our policies and practices to make them less protective of personal data collected in the past without the consent of affected individuals.

How you can contact us
If you have any questions about this Privacy Statement, you can write to us or any of our affiliates at privacy@code42.com or by mail at:

Code42 Software, Inc.
100 Washington Ave. S, 20th Floor
Minneapolis, MN 55401
United States
Attn: General Counsel

Our EU Data Representative is Code 42 Software UK LTD. You can contact our EU Data Representative at privacy@code42.com or by mail at:

Code 42 Software UK LTD
Third Floor – The Pearce Building
West Street, Maidenhead SL6 1RL
United Kingdom
Attention: General Counsel

Code42 affiliates

Code 42 Software UK LTD
Third Floor – The Pearce Building
West Street, Maidenhead SL6 1RL
United Kingdom

Code42 Software GmbH
Luise-Ullrich-Straße 20
80636 München
Deutschland