Last Updated: January 2023
Personal Data That We Collect and Process About You
We collect and use the following data (hereinafter referred to as “Personal Data”) about you to the extent permitted under applicable law:
• contact information (such as name, address, email address, and phone number);
• education certificates;
• experience information (such as education, skills, work experience and/or CVs, photograph, references, employee records, and appraisals);
• demographic information (such as age, date of birth, gender);
• citizenship and work authorization status;
• psychometric and ability test results;
• interview records; and
• data from public profiles, including social media profiles.
To the extent permitted under applicable law, we may also collect and process Personal Data that is viewed as sensitive Personal Data by some jurisdictions. This sensitive Personal Data may include:
• physical or mental health data;
• racial or ethnic origin;
• the commission or alleged commission by you of any offense; and
• any proceedings for any offense committed or alleged to have been committed by you, the disposal of those proceedings, or the sentence of any court in those proceedings.
We will collect and process any sensitive Personal Data in accordance with applicable data protection laws.
If we ask you to provide any other Personal Data not described above, then we will provide you a clear notice of the Personal Data being collected and the reasons why at the time we collect it.
Purposes and Legal Bases for Personal Data Collection and Use
The Personal Data requested in the application process is required in order to assess your application for employment with us. If you do not provide some or all of this Personal Data, it may affect our ability to process your application and therefore enter into an employment agreement with you.
At all times, we collect and use your Personal Data in accordance with applicable data protection laws. Our legal bases and respective purposes for collecting and processing your personal information are as follows:
Zscaler’s Legitimate Interests: We have a legitimate interest in the selection, evaluation, and hiring of qualified and appropriate candidates for future vacancies and in the management and administration of our hiring process, to the extent these activities do not prejudice or harm your rights and freedoms. With this basis in mind, we use your Personal Data to:
• assess your skills, qualifications, and suitability for our career opportunities prior to entering into an employment contract;
• take measures to verify that the information you have provided is true and accurate (e.g., by means of reference checks);
• keep your record for future hiring needs, including for the purpose of communicating with you and providing you with information regarding potential career opportunities that suit your profile; and
• administer and manage your application process.
Zscaler’s Legal Obligations: We must comply with legal obligations to which we are subject. Therefore, we may process Personal Data to:
• conduct criminal background checks to the extent applicable law permits and as required for your role; and
• carry out our responsibilities under applicable employment laws and regulations, such as anti-discrimination or disability legislation.
Legal Disputes: Zscaler can use your Personal Data to deal with legal disputes and to establish, exercise, and defend (potential) legal claims.
Applicant’s free and explicit consent: We may seek your consent to process your personal information in specific circumstances or process it where necessary to comply with legal obligations or for purposes connected to legal claims.
Retention of Your Personal Data
If your application for employment is unsuccessful, we may retain your Personal Data for consideration for further job opportunities. We will retain your Personal Data for no more than two years from when the last position you have applied for has closed, or until you request your Personal Data is deleted, we. Please refer to the Your Rights section below for more information on how to delete your Personal Data. Please note that in certain cases, legal or regulatory obligations may require us to retain specific records for a different period of time.
If you accept employment with Zscaler, your Personal Data will be held on the basis set out in our Employee Privacy Notice, which is provided to all employees. This will generally be for the duration of your employment relationship with Zscaler, plus any applicable statutory retention periods.
Access to and Transfer of Your Personal Data
We will take reasonable steps to ensure that your Personal Data is properly secured, using appropriate technical, physical, and organizational measures to protect it against unauthorized or unlawful use, alteration, unauthorized access or disclosure, accidental or wrongful destruction, and loss.
Subject to the conditions set forth in the applicable law, you have the following rights with regard to our processing of your Personal Data:
Right to access, correct, and delete your Personal Data - Zscaler will take steps to maintain correct Personal Data. You also have a responsibility to communicate changes in personal circumstances (e.g., change of address) to Zscaler so that we can ensure that your Personal Data is up to date.
You have the right to request access to any of your Personal Data that Zscaler may hold, and to request correction of any inaccurate Personal Data relating to you. You furthermore have the right to request deletion of any irrelevant Personal Data we hold about you.
Right to withdraw consent - In the event your Personal Data is processed on the basis of your consent, you have the right to withdraw consent at any time by sending an email to [email protected] specifying your request, without affecting the lawfulness of processing based on consent before its withdrawal.
Data portability - To the extent that we use your Personal Data for the performance of the employment contract and that Personal Data is processed by automatic means, you have the right to receive all such Personal Data that you have provided to Zscaler in a structured, commonly used, and machine-readable format. You further have the right to require us to transmit it to another data controller where this is technically feasible.
Right to restrict Personal Data use - You have the right to restrict our use of your Personal Data where (i) you contest the accuracy of the Personal Data; (ii) the use is unlawful but you do not want us to erase the Personal Data; or (iii) we no longer need the Personal Data for the relevant purposes but you require it for the establishment, exercise, or defense of legal claims.
Right to object - To the extent that we rely on our legitimate interests to use your Personal Data, you have the right to object to such use, and we must stop such processing unless we can either demonstrate compelling legitimate grounds for the use that override your interests, rights, and freedoms, such as where we need to process the Personal Data for the establishment, exercise, or defense of legal claims.
For further information regarding your rights, or to exercise any of your rights, please contact [email protected]. We reserve the right to request proof of identity from requesters, as well as to refuse to comply with excessive or manifestly unfounded requests.
Please note that we may need to retain certain Personal Data for recordkeeping purposes and/or to complete any transactions that you began prior to requesting a change or deletion.
To learn more about Zscaler’s approach to Privacy, please visit https://www.zscaler.com/privacy/overview.
If you have any questions or concerns regarding our use of your Personal Data, or to exercise any of your rights, please contact Zscaler’s Senior Manager of EMEA People and Culture or Zscaler's Data Protection Officer at [email protected].