Zscaler Applicant Privacy Policy
Last Updated: May 24, 2018
Introduction
In this Applicant Privacy Policy we describe how Zscaler, Inc. and its affiliates (collectively “Zscaler”, “we”, or “us”) processes the Personal Data (as defined below) of each individual who applies to work with us (“Applicant”, “you” or “your”). We value our Applicants and their privacy.
This Applicant Privacy Policy describes the Personal Data we collect, what we do with it, whom we share it with, how we secure it, how long we store it for and what rights and obligations you as an Applicant have.
Personal Data about You that We Collect and Use
We collect and use the following data about you, to the extent permitted under applicable law: contact information (such as name, address, email address, and phone number); education certificates; experience information (such as education, skills, work experience and/or CVs, photograph, references, employee records and appraisals); demographic information (such as age, date of birth, gender); psychometric and ability test results; interview records; data from public profiles; and other information necessary for making a recruitment decision or otherwise voluntarily provided by you (all such data hereinafter referred to as “Personal Data”).
Personal Data we collect and use about you may also include, to the extent permitted under applicable law, special categories of personal data such as: physical or mental health data and other special categories of personal data such as racial or ethnic origin; the commission or alleged commission by you of any offence; and any proceedings for any offence committed or alleged to have been committed by you, the disposal of those proceedings or the sentence of any court in those proceedings.
If you are an Applicant in Germany, the special categories of personal data that may be collected and used about you include only information on whether you are physically or mentally fit for your role; the commission or alleged commission by you of any offence and any proceedings for any offence committed or alleged to have been committed by you, the disposal of those proceedings or the sentence of any court in those proceedings to the extent relevant for your role.
Legal Bases for Personal Data Collection and Use
At all times, we collect and use your Personal Data in accordance with applicable data protection laws. This means that we will always collect and use Personal Data only for one of the following legal bases:
- in order to take steps to assess your suitability for the vacancy prior to entering into an employment contract (necessity for hiring decisions)*;
- where we need to comply with a legal obligation to which we are subject**;
- where it is necessary to serve our legitimate interests, and your interests and fundamental rights do not override those interests***Legitimate interest, as used herein, means our interest to hire qualified and appropriate people, to find the right candidate for future vacancies and to secure, defend and develop our business;
- where we have your free and explicit consent****You may revoke your consent at any time as set forth in the Your Rights section below;
- to deal with legal disputes and to establish, exercise and defend (potential) legal claims*****.
This Applicant Privacy Policy indicates the legal basis applicable to the respective Personal Data collections and usage, as set forth under Personal Data about You that We Collect and Use, by means of asterisks (*).
The Personal Data requested in the application process is required by us in order to assess your application for employment with us. If you do not provide some or all of this Personal Data, it may affect our ability to process your application and therefore to enter into an employment agreement with you.
Purposes for Using Your Personal Data
Zscaler collects and uses your Personal Data for the purpose of administrating the application process. More specifically, we use your Personal Data:
- to administer and manage your application process*;
- to assess your skills, qualifications and your suitability for our career opportunities*/***;
- to take measures to verify that the information you have provided is true and accurate, e.g. by means of reference checks*/***/****;
- to conduct (criminal) background checks to the extent applicable law permits and as required for your role**/***;
- to keep your record for future hiring needs, including for the purpose of communicating with you and providing you with information regarding potential career opportunities that suit your profile***;
- to deal with legal disputes and to establish, exercise and defend (potential) legal claims**/***/*****;
- to comply with applicable (employment) laws and regulations, such as anti-discrimination legislation**.
Please refer to Personal Data about You that We Collect and Use for an overview of Personal Data that we collect and use for the above purposes.
We may also in the future carry out activities which constitute 'automated decision making' for the purposes of data protection law. 'Automated decision making' refers to a decision which is taken solely on the basis of automated processing of your personal data. This means processing using, for example, software code or an algorithm, which does not require human intervention. We will notify you before we do so and implement suitable measures to safeguard the integrity and accuracy of these processes. You have a right to express your view on any automated decision, and if you contest it, to require us to revisit it, including by obtaining human intervention into the decision.
Retention of Your Personal Data
We will retain your Personal Data for as long as necessary for the purposes for which the Personal Data was collected and used by us, as stated in this Applicant Privacy Policy, and generally no more than 12 months from when the last position you have applied for has been closed (unless you are hired by us). With your consent, we may retain your Personal Data for an additional 12 months, for consideration for further job opportunities. In case you object, we will delete your Personal Data. Please note that in certain cases, legal or regulatory obligations require us to retain specific records for a set period of time.
If you accept employment with Zscaler, your Personal Data will be held on the basis set out in our Employee Privacy Notice, which is provided to all employees. This will generally be for the duration of your employment relationship with the Zscaler plus any applicable statutory retention periods.
Disclosure and Transfer of Your Personal Data
For the purposes listed under Purposes for Using Your Personal Data, we may share your Personal Data on a need to know basis with certain Zscaler employees based on their function within Zscaler (both in the country where you apply and in other countries in which we have operations, including to countries outside the European Economic Area ("EEA")), as well as vendors and suppliers we use to process data on our behalf, successors in title of our business in case of a corporate transaction, and competent regulatory authorities, enforcement authorities and other governmental agencies. This will include transfers of your Personal Data both in the country where you apply and to other countries in which we have operations.
Zscaler takes all reasonably necessary steps to ensure that your Personal Data is shared and treated securely and in accordance with this Applicant Privacy Policy and applicable legislation. This means that we entered into legally necessary contracts with recipients of your Personal Data, including Standard Contractual Clauses as approved by the European Commission or equivalent means with parties outside the EEA that do not provide for an adequate level of protection. You are entitled to receive a copy of any documentation showing the suitable safeguards that have been taken by making a request via [email protected].
Security
We will take reasonable steps to ensure that your Personal Data is properly secured using appropriate technical, physical, and organizational measures, so that they are protected against unauthorised or unlawful use, alteration, unauthorised access or disclosure, accidental or wrongful destruction, and loss.
We take steps to limit access to your Personal Data to those persons who need to have access to it for one of the purposes listed in this Applicant Privacy Policy. Furthermore, we contractually ensure that any third party processing your Personal Data equally provides for confidentiality and integrity of your Personal Data in a secure way.
Your Rights
ubject to the conditions set forth in the applicable law, you have the following rights with regard to our processing of your Personal Data:
Right to access, correct and delete your Personal Data - Zscaler will take steps to maintain correct Personal Data. You also have a responsibility to ensure that changes in personal circumstances (for example, change of address, etc.) are notified to Zscaler so that we can ensure that your Personal Data is up-to-date.
You have the right to request access to any of your Personal Data that Zscaler may hold, and to request correction of any inaccurate Personal Data relating to you. You furthermore have the right to request deletion of any irrelevant Personal Data we hold about you.
Right to withdraw consent - In the event your Personal Data is processed on the basis of your consent, you have the right to withdraw consent at any time by sending an email to [email protected] specifying your request, without affecting the lawfulness of processing based on consent before its withdrawal.
Data portability - To the extent that we use your Personal Data for the performance of the employment contract and that Personal Data is processed by automatic means, you have the right to receive all such Personal Data that you have provided to Zscaler in a structured, commonly used and machine-readable format, and also to require us to transmit it to another data controller where this is technically feasible.
Right to restrict Personal Data use - You have the right to restrict our use of your Personal Data where (i) you contest the accuracy of the Personal Data; (ii) the use is unlawful, but you do not want us to erase the Personal Data; or (iii) we no longer need the Personal Data for the relevant purposes, but you require it for the establishment, exercise or defense of legal claims.
Right to object - To the extent that we are relying on our legitimate interests to use your Personal Data, you have the right to object to such use, and we must stop such processing unless we can either demonstrate compelling legitimate grounds for the use that override your interests, rights and freedoms, such as where we need to process the Personal Data for the establishment, exercise or defense of legal claims.
Lodge a complaint - You also have the right to lodge a complaint with a supervisory authority in your country of residence if you consider that the collection and use of your Personal Data infringes this Applicant Privacy Policy or applicable law.
Digital Legacy - If you are an Applicant in France, you also have the right to issue directives relating to the disposition of your Personal Data after your death.
For further information regarding your rights, or to exercise any of your rights, please contact [email protected]. We reserve the right to request proof of identity from requesters, and to refuse to comply with, excessive or manifestly unfounded requests.
Please note that we may need to retain certain Personal Data for recordkeeping purposes and/or to complete any transactions that you began prior to requesting a change or deletion.
Contact Us
If you have any questions or concerns regarding our use of your Personal Data, or to exercise any of your rights, please contact Zscaler’s Senior Manager, EMEA People and Culture or Zscaler's Data Protection Officer at [email protected].
The controller for your personal information is Zscaler, Inc., 110 Rose Orchard Way, San Jose, CA 95134 USA, who maintains our third-party job site, Jobvite, for the Zscaler group companies. In addition, the Zscaler entity with whom you apply for a position is a joint-controller for Applicant Personal Data. This Applicant Privacy Policy applies to both Zscaler entities, and data subjects may exercise their rights with respect to their Personal Data by contacting Zscaler Inc. as set forth herein.