Applicant and Candidate Privacy Notice
How we manage your personal data when you apply to work here.
At Stack, we take the privacy of our users, our Stackers, and potential Stackers seriously. This Applicant and Candidate Privacy Notice is intended to provide you with information about the personal data we collect from you and how we use it, as well as the rights you have regarding your personal data. If you have any questions, please contact us at email@example.com
What Personal Data do we collect directly from you?
We only collect the minimum amount of information we need from you to provide a best-in-class candidate evaluation and interview process, which includes:
- Identifying information, including your name and contact details (e.g., phone number, email address, postal address, etc.)
- Credentials, such as a username and password, for our online recruiting tools
- Professional and employment history contained in your resume or CV, along with other documents related to the application process, such as a cover letter
- Education history and qualifications, such school transcripts, proof of certifications and skills, and job history
- Personal information volunteered by you in completing the application, including gender, race and ethnicity, veteran status, and/or disability status
- Personal information required by law in certain circumstances, such as proof of citizenship or immigration information (e.g., right to work information, to obtain a worker visa)
When conducting interviews, whether in-person or virtual, we may collect additional information, including:
- Video surveillance footage obtained for security monitoring purposes
- Information about your health status, where appropriate, to confirm your wellness prior to attending in-person
- Information about any health issues or disabilities so as to accommodate during the interview process
While you will not be asked to provide certain personal or otherwise sensitive information, you may intentionally or otherwise provide information in the course of the interviews, such as criminal records history, compensation history, family history, or a personal situation, all of which would also be considered personal data.
What Personal Data do we collect from other sources?
Some of the personal data we would otherwise collect directly from you may be obtained using a third-party application, agency, or recruiter who you have authorized to provide such personal data to Stack, including screening agencies, publicly available registers or databases, former employers, and/or educational institutions. As with the information we collect directly from you, we minimize the amount of information we collect or process about you from other sources and will only collect or process such data in accordance with local data protection laws. Such externally sourced data may include:
- Criminal records history
- Employment and educational history
- Compensation history
How do we use your Personal Data?
In general, and subject to applicable data protection laws, we may use your personal data to:
- Process your application for employment
- Manage the interview process, including managing meetings and communicating via email or phone
- Manage the lifecycle of your application for employment throughout the recruitment process
- Assess your eligibility and interest for the applied for role and/or another current or future job opportunity
- Evaluate your background and skills based on job requirements
- Contact references with your authorization
- Conduct background checks with your authorization
- Conduct internal analyses to understand the job applicants and/or candidates who apply
- Assess and improve our recruitment process, including our diversity and equal employment opportunities efforts
- Comply with legal obligations (e.g., health and safety, anti-discrimination laws)
We may combine the information we collect in aggregate or have de-identified to limit or prevent identification of any particular individual, such as to help with goals like research and recruiting. Once such information has been aggregated and anonymized (i.e., no longer considered personal data under applicable data protection law), this Notice does not apply.
What Personal Data do we share with other processors?
While we will not sell or market your personal data, we rely on certain third parties to process certain personal data, including those service providers and business partners that perform business operations on our behalf. If data protection laws require a lawful basis for processing, our lawful basis for collecting and using the personal data described herein will depend on the type of personal data concerned and the specific context in which we collect or use it. Additionally, depending on the jurisdiction in which you live, there may be other applicable lawful bases for processing your personal data that are not listed here.
We normally collect or use personal information from you or others where the processing is in our legitimate interests and not overridden by your data protection interests or fundamental rights and freedoms (e.g., to communicate with you, to evaluate your application, to manage our recruitment processes efficiently and fairly), or where applicable, where we have obtained your consent to process for a specific purpose. In certain situations, we may be required to comply with a legal or regulatory obligation in limited situations (e.g., court order, tax/government authority).
Where is your Personal Data stored and processed?
Stack operates with a globally situated remote-first workforce. As such, your personal data may be transferred, stored, or otherwise processed in a different country than you reside. In certain instances, contractual obligations and safeguards (e.g., the EU/UK Standard Contractual Clauses or other adequate data transfer mechanism) are put in place to receive assurances that your personal data is sufficiently protected.
What rights do you have for your Personal Data?
Subject to applicable local laws or exemptions, you have certain rights regarding your personal data, which include:
- Right to erasure (a.k.a. the “right to be forgotten”). This right gives you the right to have your personal data erased.
- Right to rectification. This right gives you the right to correct any inaccurate personal data.
- Right of access. This right gives you the right to obtain a copy of your personal data in order to help you understand how and why your data was collected.
- Right to restriction of processing. This right gives you the right to restrict the processing of your personal data in certain circumstances, such as if you contest the accuracy of the data being processed.
- Right to data portability. This right gives you the right to receive personal data you have provided to us in a structured, commonly used, and machine-readable format.
- Right to object to processing. This right gives you the right to object to the processing of your personal data at any time where Stack is relying on its legitimate interests as the legal basis for processing.
- Right to lodge a complaint with your local data protection authority or regulatory body.
How do we keep your Personal Data secure?
Stack employs security and privacy by design and default principles through various technical and organizational measures to ensure the ongoing integrity and confidentiality of your personal data. As an additional measure, we will delete your personal data when it is no longer necessary to retain it, with exceptions for legal or regulatory data retention requirements, or longer with your consent (e.g., to suggest roles that may be of interest to you). Stack ensures only certain Stackers (e.g., HR, Talent Acquisition, etc.) have access to certain personal data through access controls and other security measures
How long do we retain your Personal Data?
While we will only retain certain information for as long as it is necessary to fulfill the applicable processing activity for which it was collected, the length of time we retain personal data may be subject to certain regulatory requirements. To ensure our compliance, we have set a retention period of 1 year from the date of the hiring decision (i.e., the date the position applied for was filled).
Does Stack rely on automated decision-making?
Stack’s candidate recruitment and evaluation processes are not based solely on automated decision-making.
Updates to the Policy
Stack may modify or update this Notice, such as to comply with applicable data protection laws or regulations. If we make material changes and have retained your email address in compliance with this Notice, we will notify you of the change.
While you are not legally required or contractually obligated to provide the personal data described herein, if you do not provide such information, Stack may not be able to effectively process your application.
For the purposes of the California Privacy Rights Act of 2020 (the “CPRA”), the above applies to data collected the previous 12 months.