GDPR Candidate Privacy Notice
Pegasystems is committed to protecting the privacy and security of your personal information. This privacy notice sets out how we collect your personal data and makes you aware of how and why your data will be used, namely for the purpose of the recruitment exercise, and how long it will usually be retained for. It provides you with the information that must be provided under the General Data Protection Regulation (GDPR) and it also covers matters relating to our Privacy Shield Certification. It applies to all candidates in the European Union (EU), the UK and Switzerland. For any questions regarding this privacy notice, please refer to the “Contact Details and Your Rights of Complaint” section below.
Responsibility for your information
Pegasystems Limited and Pegasystems Inc are ‘data controllers’ of your personal information for the purposes of processing your candidacy. For candidates for roles based in:
- Poland, Pegasystems Software Limited Sp. z o.o. Oddział w Polsce is also a data controller;
- Germany and Switzerland, Pegasystems GmbH is also a data controller;
- France, Spain and Italy, Pegasystems France S.A.R.L is also a data controller; and
- Netherlands, Sweden, Belgium and Finland, Pegasystems B.V. is also a data controller.
This means that we are responsible for deciding how we hold and use personal information about you as a candidate for a position at Pegasystems (whether as an employee, contractor, trainee or intern).
The types of information we hold about you
We collect, store and use the following categories of information about you during our recruitment process:
- Your name, address, email address, telephone number and other contact information
- The information you have provided to us in your CV/resume and covering letter
- Any additional information you provide to us in support of an application
- Information included in your profile created on our external careers site
- Information from interviews and screenings you may have
- Details of the type of role you are looking for, current salary (where relevant) and salary expectations, and other terms relating to compensation and benefits packages, or other job preferences
- Details of how you heard about the position you are applying for
- Results of the Predictive Index (PI) survey, where relevant
- Reference information and/or information received from background checks, including information provided by third parties
- Information relating to any previous recruitment and/or employment history with us
- If we offer you reimbursement of costs incurred by you in connection with the recruitment process and you accept such an offer - information necessary to execute such reimbursement;
- Information relevant to your right to work or being eligible for internship/traineeship, including nationality, or citizenship, for visa purposes
- CCTV footage when you are visiting our premises.
We may also collect, store and use the following ‘special categories’ of more sensitive personal information:
- Information about your national origin, where relevant for visa purposes
- Medical or health information, where relevant
- Information about criminal convictions and offences where required for the role and legally permissible (UK only).
How is your personal information collected?
We collect personal information about candidates from the following sources:
- You (the candidate)
- Our background check provider for roles in all countries except Poland, from whom we collect the following categories of data:
- Six years’ activity history (including employment history)
- Full academic history
- Address verification
- Professional qualifications history
- Credit check (for roles in professional services, finance and legal only)
- Driving license endorsements check (for roles in professional services, finance and legal in the UK only)
- Directorship check
- Global Watchlist check (roles outside the UK only)
- Our PI provider, from whom we collect the PI report generated as a result of data submitted by you to the PI provider
- Our recruitment service providers with whom we cooperate;
- Disclosure and Barring Service in respect of criminal convictions in the UK, for the roles outlined above
- Your named referees, from whom we collect confirmation of your role and dates of employment
- Any external provider who advertises a role on our behalf
- Information about you, including your contact details, your profile and CV (if available) from the following publicly available sources: LinkedIn, Xing, pracuj.pl, No Fluff and Twitter
How we will use the information about you
We will use the personal information we collect about you to:
- Assess your skills, qualifications and suitability for the role for which you are being considered, or other relevant roles we have
- Carry out background and reference checks, where applicable
- Communicate with you about the recruitment process including, in appropriate cases, informing you of other potential career opportunities with us
- Create records relating to our hiring process
- Assist you with obtaining an immigration visa or work permit where required
- Review our recruitment practices, including diversity monitoring
- Reimburse you for the costs incurred by you in connection with the recruitment process (where relevant)
- Comply with legal or regulatory requirements
If you accept a role with us, the information collected during the recruitment process will become part of your employment record.
It is your responsibility to obtain consent from referees to the processing of their personal information before providing it to us.
How we use sensitive information
We use your sensitive information in the following ways, where relevant:
- We will use information about your disability status to consider whether we need to adjust the recruitment process
- If relevant, we may use information about your national origin for visa and immigration purposes
- We will use information about criminal convictions for roles which involve a high degree of trust and integrity and for roles where this is a customer requirement (UK only)
We may only use information relating to criminal convictions where the law allows us to do so. We have in place appropriate safeguards when processing this data which are required by law.
Legal basis for processing personal information and sensitive personal information
Our legal basis for processing your personal information includes processing that is necessary for our legitimate interests including the processing activities described above for our recruitment process.
Our legal basis to process your sensitive personal information includes processing that is based on your consent to us processing your personal information for the purposes of recruitment. You have the right to withdraw your consent to this processing at any time. To withdraw your consent, please contact email@example.com. Once we have received your notification that you have withdrawn consent, you will be withdrawn from our recruitment process and, subject to our retention policy, we will dispose of your data securely, unless we have another legal basis for processing it in law.
If you fail to provide personal information
If you fail to provide information when requested, which is necessary for us to consider your application, we will not be able to take you forward in our recruitment process. For example, if we require a reference for this role and you fail to provide us with relevant details, we will not be able to take your candidacy further.
AUTOMATED DECISION MAKING
You will not be subject to decisions that will have a legal or similarly significant impact on you based solely on automated decision-making.
Why might you share my data with third parties?
We will share your information with other companies in the Pegasystems group as well as limited members of our human resources, IT and finance departments. In addition, as relevant, with our background check provider, our recruitment service providers and with our PI provider. All our third party providers and other entities in the group are required to take appropriate security measures to protect your personal information. We do not allow our third party service providers to use your personal data for their own purposes. We only permit them to process your personal data for specified purposes and in accordance with our instructions.
We may also be required to disclose your information to external third parties such as local labour authorities, courts and tribunals, regulatory bodies and/or law enforcement agencies for the purpose of complying with applicable laws and regulations or in response to legal process. For internship and traineeship opportunities we may also be required to share your data with relevant educational entities to comply with applicable laws and regulations.
Transferring information outside the EU
We will transfer some of the personal information we collect about you to the following countries outside the EU: USA, UK (at the time of updating, the UK was due to leave the EU in 2020) India (expenses only), and Switzerland if any part of the hiring team is based there. Other than Switzerland, there is not an adequacy decision by the European Commission in respect of those countries, which means that the countries to which we transfer your data are not deemed to provide an adequate level of protection for your personal information.
However, to ensure that your personal information does receive an adequate level of protection, we have put intercompany agreements including Standard Contractual clauses in place with these entities outside the EU, which is a mechanism approved by the European Commission to give appropriate protection. In addition, we are certified for the Privacy Shield Frameworks (see below). If you would like further information about this, please contact firstname.lastname@example.org.
We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal information to those employees, contractors and other third parties who have a business need to know. They will only process your personal information on our instructions and they are subject to a duty of confidentiality.
How long will you use my information for?
We will retain your information in accordance with applicable law and our Retention Policy. We retain your information for that period so we can comply with legal requirements. After this period, we will securely destroy your personal information in accordance with applicable laws and regulations.
If we wish to retain your personal information on the basis that a further opportunity may arise in future and we may wish to consider you for that, we will contact you separately, seeking your explicit consent to retain your information for a fixed period on that basis.
RIGHTS OF ACCESS, CORRECTION, ERASURE, RESTRICTION AND PORTABILITY
Your responsibility to inform us of changes
It is important that the personal information we hold about you is accurate. Please keep us informed if your personal information changes during your recruitment process with us.
Your rights in connection with personal information
You may, in accordance with applicable law have the right to:
- Request access to your personal information. This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it
- Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
- Request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us to continue to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below).
- Object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground.
- Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it.
- Request the transfer of your personal information to yourself or another party (the right to portability).
If you want to review, verify, correct or request erasure of your personal information, object to the processing of your personal data, or request that we transfer a copy of your personal data to another party, please contact email@example.com.
No fee usually required
You will not have to pay a fee to access your personal information (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in these circumstances.
What we may need from you
We may need to ask for specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal information is not disclosed to any person who does not have the right to receive it.
CONTACT DETAILS AND YOUR RIGHTS OF COMPLAINT
If you have any questions about this privacy notice or how we handle your personal information, please contact firstname.lastname@example.org.
You have the right to make a complaint at any time to the relevant supervisory authority for data protection issues in the country in which you are based.
Privacy Shield Certification
As described in our Privacy Shield certification https://www.privacyshield.gov/, we comply with the EU-US and Swiss-US Privacy Shield Frameworks as specified by the US Department of Commerce regarding the collection, use and retention of personal information from European Union member countries and Switzerland. Pegasystems Inc has certified that it adheres to the Privacy Shield Principles. Pegasystems remains liable for any of your personal information that is shared under the Onward Transfer Principle with third parties for external processing on our behalf, as described above. To learn more about the Privacy Shield programme, and to view Pegasystems’ certification, please visit the Privacy Shield website https://www.privacyshield.gov/. Pegasystems is subject to the investigatory and enforcement powers of the US Federal Trade Commission (FTC). In certain circumstances, the Privacy Shield Framework provides the right to invoke binding arbitration to resolve complaints not resolved by other means, as described in Annex I to the Privacy Shield Principles https://www.privacyshield.gov/.
Status of and Changes to this notice
This notice does not form part of any employment contract or other contract to provide services. We may update this notice at any time and changes will appear on this page.
Last updated 2 December 2019