Your privacy and the protection of your personal data is important to us. This Candidate Privacy Notice describes how, why, and when BeyondTrust processes your personal data when you apply for a job with our organization.
Please note that when you receive and accept an offer of employment, we will process your personal data according to our internal Employee Privacy Notice, starting from the official date of employment.
BeyondTrust Corporation and its corporate affiliates (referred to as “BeyondTrust”, “we”, “us” or “our”) offer intelligent identity and secure access products and services.
We are the controller of your personal data and we are responsible for processing it when you apply for a job role.
Our principal office is located at 11695 Johns Creek Parkway, Suite 200, Johns Creek, Georgia 30097 and we are a U.S. corporation registered in Delaware. For more information on our global offices, see our Contact page.
Data Protection Officer (DPO): We have appointed a DPO who is responsible for answering questions about this Candidate Privacy Notice and the processing of your personal data. If you have questions, please contact our DPO, Valerie Moulden, at dataprotectionofficer@beyondtrust.com.
When you apply for a job with BeyondTrust, we may collect, use, store, and transfer different categories and types of your personal data. In this section you will find:
Employment & Job Application Data: Education data and other employment related personal data on your application, resume, CV, and/or cover letter. For example, education, degrees and training history, previous employment information, professional experience, job title, qualifications and/or professional certifications, salary related information, professional references, and right to work information.
Contact Information: Your full name, your work and/or home address, home or mobile telephone number, personal or professional email address, and social media contact/accounts.
Identity Data: Information which relates to your identity, including your date of birth; passport or national identity card details, social security number (SSN), visa and work permit details, citizenship, and legal residency status.
Special Categories of Personal Data: Including gender, race and ethnicity, disability status, criminal convictions and offence records, and other sensitive data you may submit as part of your application.
Purpose/Activity:
Our recruitment process includes the following activities: (i) receiving your job application; (ii) setting up and conducting interviews and tests; (iii) assessing and evaluating of interview, tests, and overall application;(iv) carrying out references and background checks; (v) initiating procedure to enter into an employment agreement; and (vi) any other recruiting related activity.
We process your personal data as part of the above activities for the following purposes:
Type of Personal Data:
Lawful Basis:
We use the following lawful grounds of processing in relation to job applications:
Purpose/Activity:
We may perform background checks on job applicants to whom we would like to offer a position. During these background checks we may process certain criminal convictions and offences information about you. We have in place an appropriate policy document which we are required by law to maintain when processing such data. Please note that we carry out background checks to ensure that there is nothing in your criminal convictions history which makes you unsuitable for the position.
Type of Personal Data:
Special categories of personal data
Lawful Basis:
The processing is necessary for the purposes of carrying out certain obligations we have under employment, social security, or social protection law, as well as under equal opportunity and anti-discrimination laws.
Purpose/Activity:
During the recruitment process we may collect sensitive personal data such as your gender, race and ethnicity, or disability status. We collect and process this data to ensure meaningful equal opportunity monitoring and reporting, as well as to ensure we do not discriminate on the basis of any protected group status.
Type of Personal Data:
Special categories of personal data
Lawful Basis:
The processing is necessary for the purposes of carrying out certain obligations we have under employment, social security, or social protection law, as well as under equal opportunity and anti-discrimination laws.
Data provided by you:
You may provide us with your personal data when you submit an application via our Career webpage, Greenhouse platform, or via any other means.
Data we collect or receive from external third parties:
We may receive your personal data from the following third party subjects:
Please note that if you fail to provide information that is necessary for us to consider your application, we may not be able to process your application successfully.
We may share your personal data with external third parties in the following cases:
Please note that we do not "sell" or "share" (as defined under the California Consumer Privacy Act (CCPA)) your personal data for any form of monetary or non-monetary consideration.
You have various rights under applicable data protection laws in relation to your personal data, and we have listed them in the table below. You may exercise your rights by contacting us at dataprotectionofficer@beyondtrust.com. When contacting us, please ensure that you provide us with sufficient information to confirm your identity and deal with your request, including your name, surname, email and/or postal address (as applicable). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it.
We will respond to all legitimate requests within one month (or within the different timeframe provided by applicable law). Occasionally it may take us longer if your request is particularly complex or you have made a number of requests. In this case, we will notify you, explain the reasons, and keep you updated.
You also have the right to make a complaint to the relevant supervisory authority for data protection issues. We would, however, appreciate the chance to deal with your concerns before you approach the supervisory authority, so please contact us in the first instance.
Your Privacy Right | Description |
---|---|
Access Your Personal Data | You can request access to your personal data. This enables you to confirm if we are processing your personal data and receive a copy of the same. |
Objection Against Advertising |
|
Withdrawal of Consent | Where we rely on your consent to process your personal data, you can withdraw such consent at any time. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. |
Correction of Your Personal Data | You can request the correction of any of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected. Note that we still may need to verify the accuracy of the new personal data that you provide to us. |
Data Deletion |
|
Objection of Processing of Your Personal Data | Where we rely on a legitimate interest to process your personal data, you can object to this processing. For example, you may ask us to stop processing your personal data because you feel it impacts your rights and freedoms in a particular situation.. When you object, we will no longer process your personal data in this way, unless we can demonstrate that we have compelling legitimate grounds to process it, which outweigh your rights and freedoms. |
Restriction of Processing of Your Personal Data |
|
Data Portability | You can ask us to transfer your personal data to you or to a third party. We will provide you, or the third party, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to personal data we processed in an automated way on the basis of your consent or to perform a contract with you. |
We have appropriate physical, technical, and administrative data security measures to protect your personal data. This allows to prevent unauthorized access, use or disclosure, to maintain data accuracy, and to ensure the appropriate use of your personal data. However, no method of transmission over the Internet, or method of electronic storage, is 100% secure.
We have procedures in place to deal with any suspected data breach, and will notify you and/or any competent authority of a breach where it is legally required. For more information on our security program and certifications, visit our Trust Center.
We will only keep your personal data for as long as necessary to fulfil the purposes we collected it for. This includes the purposes of satisfying any legal, accounting, or reporting requirements. We consider different factors to determine the appropriate retention period for personal data. For example, we consider the amount, nature, and sensitivity of the personal data; the potential risk of harm from unauthorized use or disclosure of your personal data; the purposes of processing and if we can achieve those purposes in other ways; and the applicable legal requirements.
If you become one of our employees, your data will be kept in accordance with the retention periods set out in BeyondTrust’s internal employee policies.
BeyondTrust is an organization based in the US and operating globally. Your personal data may therefore be transferred outside of your country of residence or presence to where BeyondTrust or its third party suppliers and service providers operate. No matter where your personal data may be transferred, we will always protect it as described in this notice.
When we transfer personal data originating from the EU, the UK, or Switzerland, we rely on the following transfer mechanisms:
BeyondTrust complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. BeyondTrust has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF. BeyondTrust has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/.
BeyondTrust is committed to processing personal data transferred from the EU, UK and Switzerland in compliance with the EU-U.S. Data Privacy Framework Principles, the UK Extension to the EU-U.S. DPF and the Swiss-U.S. Data Privacy Framework Principles, listed below:
If there is any conflict between this privacy notice and the Data Privacy Framework Principles, the Data Privacy Framework Principles prevails.
BeyondTrust is responsible and liable for the processing of data it receives, under the Data Privacy Framework, and subsequently transfers to a third party acting as an agent on its behalf. BeyondTrust complies with the Data Privacy Framework Principles for all onward transfers of personal data from the EU, UK and Switzerland, including the onward transfer liability provisions.
The Federal Trade Commission has jurisdiction BeyondTrust’s compliance with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF). In certain situations, we may be required to disclose EU or Swiss personal data in response to lawful requests by US public authorities, including to meet national security or law enforcement requirements. To learn more about the Data Privacy Framework and view our certification, visit the U.S. Department of Commerce's Data Privacy Framework List.
In compliance with the EU-U.S. DP, the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, BeyondTrust commits to resolve DPF Principles-related complaints about our collection and use of your personal information. EU, UK and Swiss individuals with inquiries or complaints regarding our handling of personal data received in reliance on the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF should first contact BeyondTrust at: dataprotectionofficer@beyondtrust.com.
In compliance with the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, BeyondTrust commits to refer unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF to TRUSTe, an alternative dispute resolution provider based in the United States. If you do not receive timely acknowledgment of your DPF Principles-related complaint from us, or if we have not addressed your DPF Principles-related complaint to your satisfaction, please visit https://feedback-form.truste.com/watchdog/request for more information or to file a complaint. The services of TRUSTe are provided at no cost to you.
Under certain conditions, that are fully described in Annex I of the DPF Principles, you may invoke binding arbitration for complaints regarding DPF compliance not resolved by any of the other DPF mechanisms.
We may update this Candidate Privacy Notice to reflect changes to our privacy and security practices. If we make any material changes, we will provide notice on our website as soon as practicable and, if possible, before the change becoming effective. We encourage you to periodically review this Candidate Privacy Notice for the latest information on how we process your personal data.
It is also important that the personal data we hold about you is accurate and up to date. Please let us know if your personal data changes during your relationship with us.
Address |
11695 Johns Creek Parkway, Suite 200, Johns Creek, Georgia 30097. You can also find our global offices in our Contact page. |
Telephone | 1-877-826-6427 |
We will process your enquiries as soon as practicable in accordance with our legal requirements and, if appropriate, inform you which measures we have taken.
Last Updated: April 23, 2024