SITECORE TRUST CENTER
Last updated: 22 May 2018
At Sitecore, we understand the value of data and the importance of its protection. We therefore want to be transparent about the information we collect as part of Sitecore’s employment candidate application and recruitment processes, and how we process, store and share that information.
- The types of information we collect (both online and offline) during our application and recruitment process;
- Where we collect information from;
- How we use and share that information;
- Who may have access to your information;
- Cross-border transfers of information;
- How we keep your information secure;
- Your privacy rights;
- How to contact us; and
- Updates to this Policy.
In this Policy, the words 'our', 'us', 'we' and 'Sitecore' refer to Sitecore Holding II A/S, a Danish limited liability company (CVR No. 37624071) and our affiliate entities worldwide.
For the purposes of this Policy, 'Personal Data' are any information from which you could be identified, directly or indirectly.
THE TYPES OF INFORMATION WE COLLECT
Sitecore collects information, including Personal Data, about you during our application and recruitment process, and Sitecore is considered a controller for purposes of protecting such Personal Data, including:
- Your name, address, telephone number, email address and other contact details;
- Your CV or resumé, skills, experience, education, current and/or previous employment, educational details, qualifications and educational transcripts;
- Details of the type of employment you are or may be looking for, desired salary and other terms relating to compensation packages and benefits;
- Work authorisation or eligibility to work in the region where you have applied to work;
- Willingness to relocate or other job preferences;
- Details of how you learned of the job vacancy;
- Reference information and/or information received from background checks (where applicable), including information provided by third parties; and
The information you provide to Sitecore during our application and recruitment processes is voluntary, and you can choose how much to provide. However, please note that some of the questions and fields in the candidate profile of our online recruitment tool are obligatory, such as your name and contact information. If you decide not to provide that information, it may affect our ability to consider you for employment.
Sitecore does not require or request sensitive Personal Data such as gender, height, weight, religion, biometric or genetic data, philosophical or political beliefs or financial data as part of our recruiting or candidate selection. If you have a disability and would like Sitecore to consider any accommodation, you may provide that information during the recruiting process. Please note that in some countries we ask for information such as race or ethnicity for the purpose of monitoring equal opportunity as may be required under local law; however, we do not require applicants to provide race or ethnicity information, and if you provide this information it will not be viewable in the hiring or selection process.
To the extent that the information you choose to provide may contain sensitive Personal Data, such as racial or ethnic origin, political opinions or beliefs, religious beliefs, physical or mental health condition, sexual orientation, criminal offenses, trade union or works council membership, job evaluations or educational records, you expressly authorise Sitecore to process such sensitive Personal Data in accordance with this Policy.
WHERE WE COLLECT INFORMATION FROM
Sitecore collects information about you (including Personal Data) from the following sources:
- From You When you submit an application and during the application, interview and selection process
- References We may collect information about you as part of a pre-employment reference check. Candidates and job applicants are responsible for obtaining any notices or consents for Sitecore to collect and use information from references in accordance with this Policy.
- From other third parties This includes service providers used to perform credit or background checks (to the extent that they are relevant and permitted by applicable local law) and recruiting agencies.
HOW WE USE AND SHARE THAT INFORMATION
Sitecore will collect, use, store and otherwise process your information (including Personal Data) on the grounds of legitimate interest for the purposes of Sitecore job applications, recruiting and resourcing activities, which include:
- Communications We may contact you to inform you of vacancies, discuss current or prospective roles and provide you with information regarding your application.
- Managing recruitment and resourcing activities This includes assessing your skills, qualifications and interests for alignment with Sitecore career opportunities, setting up and conducting interviews and assessments or other activities related to organisation planning and assisting you with obtaining an immigration visa or work permit, to the extent that these may be required.
- Verification of your information We may use your information to verify your identity or to conduct pre-employment background or reference checks (to the extent these may be permitted by local labour or data privacy laws).
- Development of services We may use your Personal Data to develop and improve our recruitment processes, websites and other related services. Where feasible, we use aggregated anonymous information in context of the development activities.
- Legal and regulatory compliance We may obtain and disclose Personal Data as required by law (including laws outside of your country of residence), judicial process or to respond to public or government agencies, or for national security and/or law enforcement purposes.
- To conduct other similar uses pertaining to employment, candidate applications and recruitment
If you are offered and accept employment with Sitecore, the information collected about you during the application and recruitment process will become a part of your employment record.
WHO MAY HAVE ACCESS TO YOUR INFORMATION
Sitecore may share your Personal Data among the Sitecore group of companies and with our service providers or other third parties that may be necessary for the purposes of recruiting, pre-employment checks, corporate governance, acquisitions and legal or regulatory requirements.
When we share your Personal Data within Sitecore or with authorised third parties, we will ensure that there is a genuine need to transfer your Personal Data and share only the information necessary for the performance of that specific purpose. Authorised third parties include, for example, recruitment agencies, auditors, professional advisors, external legal counsel, consumer credit reporting agencies and recruiting systems providers. Sitecore contractually requires that its service providers and other authorised third parties handling Personal Data are bound by confidentiality. We restrict service providers by contract and require them to process your Personal Data only in connection with the specific purpose for which it was disclosed. We also require them to act consistently with this Policy and to use and maintain reasonable administrative, physical and technical controls designed to protect the confidentiality and security of your Personal Data.
CROSS-BORDER TRANSFERS OF INFORMATION
Sitecore has entered into and executed an agreement for the international transfer of Personal Data within the Sitecore group of companies ('Intra-Company Agreement') which governs the processing of your Personal Data by Sitecore entities. The Intra-Company Agreement also incorporates the European Union Model Clauses requirements for transfers of your Personal Data.
Sitecore is a global company with business processes, management structures and technical systems that cross national borders. This means that your Personal Data may be transferred internally to Sitecore affiliates and externally to third parties (including partners and service providers) across international borders for the purposes described in this Policy. Sitecore transfers data only in accordance with legally approved transfer mechanisms that are appropriate under applicable data protection laws, including the Standard Contractual Clauses and the Privacy Shield.
Sitecore has selected Jobvite as our global online recruitment management system. Jobvite and its servers are located in the United States. For more information about Jobvite and its privacy practices, please go to: www.jobvite.com/privacy-policy.
HOW WE KEEP YOUR INFORMATION SECURE
At Sitecore, we understand the importance of information and the need to keep Personal Data secure. We have implemented and maintain technical, administrative and physical security measures designed to protect your information from unauthorised access, disclosure, misuse, alteration, accidental loss or destruction.
We regularly review our security procedures to maintain the confidentiality, integrity, availability and resilience of all data both online and offline. These security procedures and measures vary based on the sensitivity of the information that we collect, process and store and the current state of technology, but include firewalls, data encryption, physical access controls and information access authorisation controls. Sitecore has implemented an incident response plan with a company protocol we follow in the event of any data breach. We take steps to monitor our systems regularly for vulnerabilities and to ensure that we only share information with those who need to know it.
However, no website or Internet transmission is completely secure. While we strive to protect your data, we cannot guarantee that unauthorised access, hacking, data loss or a data breach will never occur, and we cannot warrant the security of any information that you provide to us.
We require that our third-party service providers and partners agree to keep the information we share with them confidential, and to use the information only to perform their obligations in the agreements we have in place with them. Sitecore has implemented internal policies to ensure that such parties are required under contract to maintain privacy and security protections which are, at the least, consistent with our own policies and practices.
Sitecore will retain your Personal Data on file to consider you for other job opportunities for a period of three years. At the end of the period, or earlier if you exercise your privacy rights, your Personal Data is deleted and securely destroyed. Whenever necessary and to the extent permitted or required by law, Sitecore will delete and/or anonymise Personal Data that is no longer needed. Accordingly, you should retain your own copy of any information that you submit to us.
YOUR PRIVACY RIGHTS
You may access the Personal Data you have submitted through Jobvite by accessing your Jobvite account. You may be able to delete your Jobvite profile by contacting Jobvite. You may contact firstname.lastname@example.org to submit other requests to correct, amend or delete inaccurate information in a job application.
Additionally, depending on where you are located, you may have other rights.
European privacy laws may grant you the following additional following rights, including the right of access, right to rectification, right to erasure, right to restrict processing, right to data portability and the right to object to Sitecore’s processing of your Personal Data on compelling legitimate grounds. You may exercise these rights by contacting us at email@example.com, and we will review your request in accordance with applicable laws.
You are responsible for the information you provide or make available to Sitecore, and you must ensure that it is honest, truthful, accurate and not misleading in any way. You must ensure that the information provided does not contain material that is obscene, defamatory or infringing on any rights of any third party; does not contain malicious code; and is not otherwise legally actionable.
If you revoke your consent, object to certain processing activities or delete your profile completely, please note that Sitecore may be unable to continue the recruitment process with you.
We have recruiting teams in the United States, Denmark, the United Kingdom, the Ukraine, Singapore and Malaysia. If you have any questions about a job application, please reach out to firstname.lastname@example.org.
Written inquiries may be addressed to our Chief Legal Officer at:
Chief Legal Officer
101 California Street
San Francisco, CA 94111
Phone: +1 415 380 0600
Fax: +1 415 380 0730
If you feel that you have not received a timely or satisfactory response from us to your question or complaint, please contact the EU Data Protection Authorities (DPAs).
UPDATES TO THIS POLICY
From time to time, we may change this Policy to accommodate new technologies, industry practices, regulatory requirements or to reflect any changes in how we process information. Any changes to this Policy will be effective when we post the revised Policy on this website. The 'Last Updated' section at the top of this Policy states when this Policy was last revised and serves as notice of the update.
Last updated: 22 May 2018
Approved by: Sitecore General Counsel