Global Candidate Privacy Notice

Effective Date: May 18, 2021

1. Introduction

Thank you for your interest in joining ThreatConnect! This Global Candidate Privacy Notice (this “Notice”) is a supplement to the Privacy Policy. Below, you will find more information as to how we handle your personal information when you apply for a job or other role with us and the rights you have in connection with that information. We suggest you read this Notice in its entirety. The term “Candidate” or “you” as used in this hereafter refers to anyone who applies for a job role, or who otherwise seeks to work with or for us (whether on a permanent or non-permanent basis). ThreatConnect will process information in accordance with this Notice, unless in conflict with requirements of applicable law, in which case applicable law will prevail.

2. Definitions

Candidate Data is identifiable information that an individual makes available to ThreatConnect either directly or indirectly in connection with the recruiting process, or sharing your work experience or interests. ThreatConnect may collect Candidate Data directly from a job candidate or from third parties, for example, in connection with a background or employment check or employment reference, subject to your consent where required by law. Candidate Data may include a variety of information, such as candidate status, work history/job data, education, compensation, employer feedback, questionnaire results, contact information, previous addresses or names, additional information provided by the candidate (e.g., a cover letter), expertise or project work publicly shared, driver’s license number or other national identifiers as required for certain positions, references, and criminal history where permitted by law.

Processing refers to any action performed on Candidate Data, such as collecting, recording, organizing, storing, transferring, modifying, using, disclosing, or deleting.

Sensitive Candidate Data is Candidate Data concerning nationality or citizenship, race or ethnic origin, criminal history, or trade union membership. ThreatConnect does not request or consider information concerning religion, sex life or political opinions in connection with recruiting.

3. Information We May Collect, How We Use It, and How It Is Shared

ThreatConnect will process Candidate Data for legitimate recruitment and hiring purposes, for business management purposes, and to comply with applicable regulations and laws. This may include setting up an electronic job applicant file; managing your application; conducting assessments; organizing interviews, including arranging or reimbursing for your travel, if necessary; providing accommodations; processing interview feedback; on-boarding; and conducting background checks and screening. Your data may also be used to notify you about other ThreatConnect job opportunities. We may process your information to meet recordkeeping and internal and external reporting responsibilities. Your data may also be used in investigations or as needed in legal proceedings.

Candidate Data will only be shared within ThreatConnect where lawful to do so and for legitimate purposes. We take appropriate steps to ensure that people who receive your information are bound to maintain its confidentiality. ThreatConnect may transfer Candidate Data to external third-party providers performing certain services for ThreatConnect. Such third-party providers have access to Candidate Data solely for the purposes of performing the services specified in the applicable service contract, and ThreatConnect requires the providers to undertake security measures consistent with the protections specified in this Notice.

We may be required to disclose certain Candidate Data to other third parties (1) as required by law; (2) to protect our legal rights to the extent authorized or permitted by law; or (3) in an emergency where the health or safety of a candidate or other individual may be endangered. In addition, in the event of a reorganization, merger, sale, joint venture, assignment, or other transfer or disposition of all or any portion of ThreatConnect’s business, ThreatConnect may transfer Candidate Data to successor entities or parties.

4. Retention and Security

If your application for employment is successful and you become a ThreatConnect employee, your information may be transferred and processed consistent with ThreatConnect’s Employee Privacy Notice.

If your application for employment is not successful, we will generally keep your information beyond the end of the application process for the purposes of (i) contacting you for future job vacancies, (ii) to meet recordkeeping requirements, and (iii) for potential use in legal proceedings. The length of time we may retain your information may vary depending on applicable law and regulation.

We maintain physical, electronic, and procedural safeguards to protect the confidentiality of your information, including security measures to protect against unlawful or unauthorized processing of your information, and against the accidental loss of, or damage to, your information.

5. International Data Transfers

ThreatConnect maintains a global presence, As such, Candidate Data may be transferred to and processed in the US and other countries that may not be deemed to provide the same level of data protection as your home country. We maintain and apply employment data protection standards consistent with those specified in this Notice to our global operations.

If you are a Candidate in the EEA, Switzerland, or the UK applying for a position within ThreatConnect, ThreatConnect, Inc. will be the controller of your data for the purposes of your application, administration, resource management, etc. Local hiring entities are data controllers for local recruitment, on-boarding, and any subsequent employment-related processing. For the processing of Candidate Data originating in the EEA, Switzerland, or the UK that is transferred to a ThreatConnect entity outside the EEA deemed to have an inadequate level of protection as determined by the European Commission, is transferred in accordance with intercompany agreements that include the EU Standard Contractual Clauses (the “SCC”). You can review the SCC’s on the European Commission’s website here.

6. Sensitive Candidate Data

ThreatConnect may perform background and criminal checks where permitted by law, and may process other Sensitive Candidate Data, such as citizenship or nationality information or health information, when relevant for a position and permitted by law. If ThreatConnect intends to collect Sensitive Personal Data from third parties, you will be provided notice and the opportunity to consent. If you have a disability and would like ThreatConnect to consider an accommodation, you may provide that information during the recruiting process.

To the extent you make Sensitive Candidate Data available to us, you consent to ThreatConnect processing such Sensitive Candidate Data in accordance with this Notice.

7. Candidate Rights

You may exercise the following rights in relation to your Candidate Data:

  • Access, Correction, Deletion and Portability: ThreatConnect will provide you access to your Candidate Data that we hold, as well as a means to make that data portable, to the extent required by law in your home country, regardless of the location of the Candidate Data processing. You may request correction or deletion of that Candidate Data, except where retention is required by your contractual relationship with us, in the context of a legal dispute, or as otherwise required by law. If access, correction, deletion or portability is denied, the reason for the denial will be communicated to you.
  • Inquiries, Complaints, Objections and Restrictions: You may withdraw consent to the processing of your Candidate Data or submit inquiries, complaints, objections and/or requests to restrict processing to the processing of your Candidate Data by sending a request in writing to: Human Resources Data Protection Administrator, 3865 Wilson Boulevard, Suite 550, Arlington, VA 22203; by email at privacy@threatconnect.com. The processes described in this Notice supplement any other remedies and dispute resolution processes provided by ThreatConnect and/or available under applicable law.

8. Changes

We reserve the right to modify this Notice by posting changes to this website. If you submit additional Candidate Data or request to be considered for a ThreatConnect position following the effective date of the modified Notice, your Candidate Data will be handled in accordance with the Notice in effective at that time.