(1) INTRODUCTION AND SCOPE OF THIS NOTICE
This Candidate Privacy Notice (“Notice”) describes how Zesty Tech Ltd., its affiliated companies and subsidiaries (collectively “Zesty”, “we” or “us”) collects and processes your Personal Data (as defined below) when you apply for a position at Zesty (whether for an employee, worker or contractor position, and collectively “Candidate” or “you”), upon submission of your application, as well as during the recruitment process and thereafter.
This Notice applies to Candidates in the territory in which we offer job opportunities and is subject to applicable data protection laws, including, as applicable, the Israeli Protection of Privacy Law (“IPPL”), the EU and UK Data Protection Regulation (“GDPR”) and the California Privacy Protection Act (“CCPA”) (collectively “Data Protection Legislation”). This Notice provides Candidates with information about the Personal Data we collect, how and why your Personal Data will be used, how long we retain it, with whom we share it, our cross-border data transfer practices, and your rights related to the Personal Data we process.
Please note that, the information contained in this Notice supplements the information contained in our Privacy Policy regarding your use of our website from which you submitted your application. For additional information required under the CCPA, please see the Additional Information for California Residents paragraph below.
ANY PERSONAL DATA YOU PROVIDE IS MADE AT YOUR FREE WILL AND CONSENT (WHERE REQUIRED UNDER APPLICABLE DATA PROTECTION LEGISLATION), AND YOU ACKNOWLEDGE THAT YOU ARE NOT UNDER ANY STATUTORY OBLIGATION TO PROVIDE PERSONAL DATA TO ZESTY. HOWEVER, IF YOU WILL NOT PROVIDE US WITH CERTAIN PERSONAL DATA, WE WILL NOT BE ABLE TO EXAMINE YOU APPLICATION (INITIALLY OR IN LATER STAGES). For information, See the Purpose of Collection and Use paragraph below.
In addition, if following the recruitment process a Candidate is hired or otherwise engaged by Zesty, the Personal Data collected through the course of the recruitment process will be subject to our internal privacy policies, as provided to our employees and staff members.
It is important that you read this Notice, together with any other notices that might be provided on specific occasions when we are collecting Personal Data about you, so that you are aware of how and why we are collecting and using such Personal Data. For any questions or concerns you might have regarding your Personal Data please contact us as set forth in the Contact Information and Data Controller Information paragraph below.
(2) CONTACT INFORMATION AND DATA CONTROLLER INFORMATION
Zesty is the data controller of the Personal Data collected from Candidates (or any equivalent definition under applicable Data Protection Legislation, such as “business” under the CCPA). This means that we are responsible for deciding how your Personal Data is processed, as well as to implement applicable measures in order to secure the Personal Data we store, and where applicable, enable you to exercise your rights. At Zesty, we respect privacy rights, and we are committed to ensure your Personal Data will be processed in compliance with applicable Data Protection Legislation.
For any question, inquiry or concern related to this Notice or the processing of your Personal Data, you may contact as follows:
Zesty Data Protection Officer:
By Mail: privacy@zesty.co
Zesty Tech Ltd.
20 Lincoln, Tel Aviv-Jaffa, Israel 6713412
Representative for data subjects in the EU and UK:
We value your privacy and your rights as a data subject and have therefore appointed Prighter Group with its local partners as our privacy representative and your point of contact.
Prighter gives you an easy way to exercise your privacy-related rights (e.g., requests to access or erase personal data). If you want to contact us via our representative, Prighter or make use of your data subject rights, please visit the following website. https://prighter.com/q/17277710417
(3) THE TYPES OF PERSONAL DATA WE COLLECT & PURPOSE OF COLLECTION AND USE
By using the term “Personal Data” under this Notice we refer to information that identifies, relates to, or could reasonably be linked with an individual using reasonable means (which can be further defined under Data Protection Legislation as “personal information”, “personally identifying information”, etc.). Personal Data may further include types of information defined under Data Protection Legislation as “Sensitive Data” which may include, depending on the applicable law, information such as governmental identification number or certificate, professional qualifications, etc. (and can be further defined under applicable Data Protection Legislation as “special categories of personal data”, “sensitive personal information”, etc.).
We will collect, store, and use various types and categories of Personal Data about Candidates, which may further include Sensitive Data. The table below details the categories of Personal Data we collect and process and the purpose for which we collect and use each such category, as well as our lawful basis for processing (where the GDPR applies to your Personal Data).
Please note that the specific categories or types of Personal Data collected may vary depending on the position you apply to and legal requirements under applicable Data Protection Legislation.
Zesty will not process your Personal Data to perform automated decision-making.
Types of Personal Data Collected | Purpose of Collection and Use | Lawful Basis (under the GDPR, where applicable) |
Personal identification information: your full name and identifying information such as date of birth, government-issued identification number, copy of identification certificate (e.g., ID, passport, SSN) and your photo. Contact information: such as your phone number, email address, and residence address. Education, qualifications, skills, and expertise: such as educational institutions you studied, degrees or certifications, language proficiency, competencies, skills, and any other expertise which may be applicable to the position you apply to. Employment history: such as previous employers, job titles, dates of employment, responsibilities, etc. Eligibility to work: information related to your legal right to work in the applicable territory or country where the position is offered (e.g., citizenship or visa status). Assessments and results, our communications with you, and internal records: information we collect and gather as part of the recruitment process including interviews, tests and assessments conducted by Zesty (directly or by outsource providers) to evaluate the suitability for the position, and internal notes and assessments, as well as our correspondence with you, and records or recording (subject to your consent) of phone calls, video interview or other interactions between the Candidate and Zesty. Background check information: information obtained through background checks, where required and as permitted under applicable laws, such as verification of employment and history. Any additional information provided by you voluntarily: such as information included in its resume (CV) and supporting documents you provide or submit. | To process and evaluate your job application as part of our decision making process: we process the information to assess the experience, qualifications, skills, etc., and determine your eligibility for the position you have applied for, to facilitate our decision-making process, and in addition, subject to applicable laws, identify potential applicability to other open positions at Zesty. To communicate with you: we process the information to communicate with you during the recruitment process, for example to schedule interviews, send you updates regarding the process, our decision regarding your application, etc. To verify the information you provided and for reference checks: we may need to verify the accuracy of certain information you have provided to us, for example information related to your education, employment history, and similar professional references. To the extent required or permitted under applicable laws, we may further conduct background checks. To ensure your eligibility to work: where applicable, we may need to ensure your legal right to work in the country or territory in which the applicable position is offered and comply with immigration related laws. To comply with legal requirements: we process certain information to ensure we adhere to and comply with relevant laws and regulations, including labor, privacy laws, etc. Internal documentation and record-keeping purposes: we process and retain the information we need to maintain records of the recruitment process, including evaluations, assessments, and decisions, which may be used for future reference or to handle potential disputes or legal claims. Administration and human resources procedures performance and improvement: we process the information to track the application through the recruitment process and to further analyze and refine our recruitment strategies, practices, and processes.
| Our lawful basis to process Personal Data depend on the purpose for which we collect, use, and retain it, and as follows: Personal Data is mainly processed under our legitimate interest, as needed for our assessment, selection process and decisions making. Meaning we mainly process all types of Personal Data to determine if a Candidate is suitable to a certain job position. We may further retain certain types of Personal Data, even after we have decided not to engage with a Candidate, under our legitimate interest, for the purpose of record keeping, compliance with applicable laws, evaluating our recruiting processes, and to address and defend against potential legal claims. In addition, we retain Personal Data where we are required to do so in order to comply with our legal obligations. Where required under applicable Data Protection Legislation, we will obtain the Candidate’s consent to further retain and use Personal Data for future job opportunities or other offered positions at Zesty. You have the right to withdraw consent at any time.
|
Sensitive Data: we collect this information solely where there is a specific law requirement or necessity to obtain it, and solely where provided voluntarily by the Candidate or otherwise where the Candidate provided its consent. Such information may include national origin and citizenship, military status and criminal history. | To monitor equal opportunity: we may ask for Candidates to provide such information where needed to monitor equal opportunity and for us to ensure diversity and inclusion. To ensure compliance with applicable laws or security standards: to the extent required or permitted by applicable law, we may conduct background checks that may involve criminal record information. Internal documentation and record-keeping purposes: we may process this information to maintain a record of the recruitment process, which may be used for internal and external reporting responsibilities (e.g., legal, and regulatory requirements), and to address potential disputes or legal claims. Administration and human resources procedures performance and improvement purposes. Note that, Zesty does not discriminate and Candidate, either directly or indirectly, on the grounds of gender, ethnic origin, religion, belief, marital status, nationality, national origin, color, age, sex, sexual orientation, or similar protected characteristics. | These types of Personal Data will be initially collected subject to obtaining your consent. You have the right to withdraw consent at any time. We may further retain certain types of Personal Data, under our legitimate interest, for the purpose of record keeping, compliance with applicable laws, evaluating our recruiting processes (e.g., for diversity and ensure our process is not discriminating or bias), and addressing potential future disputes or legal claims. In addition, Personal Data will be retained by us where we are required to do so in order to comply with our legal obligations. |
(4) SOURCE OF PERSONAL DATA
We collect Personal Data directly from you (e.g. when you voluntarily provide it as part of your CV, etc.) or, where applicable as described in the table above, from third parties (e.g., another person or entity) such as an employment agencies, recruitment or professional networking website, background check provider, or references.
(5) WHO DO WE SHARE YOUR PERSONAL DATA WITH?
We disclose your Personal Data internally with personnel involved in the recruitment and hiring process (i.e., human resources, managers, affiliates). We further share Personal Data with relevant third parties who support our recruitment processes and other third parties where needed to comply with our legal obligations or to exercise and defend our rights. The categories of such third parties with whom we share Personal Data are as set forth below:
- Zesty company group: we share Personal Data within our company group to allow us to manage our recruitment process at the organizational level, and for human resources management procedures. This further includes information shared with a third party by way of merger, acquisition, or purchase of all or part of our assets, your Personal Data may be shared with the parties involved in such corporate event.
- Service providers and contractors: we will share Personal Data with our vendors and service providers that perform certain services on our behalf, for example, service providers and vendors related to recruitment, talent acquisition and administration, technology services (e.g., SaaS recruitment management providers and cloud providers), background checks providers, legal counsels, etc. We ensure to contractually obligate our service providers to address safeguarding and properly using Personal Data solely for the purpose of providing us with requested services (unless they are otherwise required under applicable laws).
- Governmental agencies authorized third parties or disclosure due to a legal process: we may need to disclose your Personal Data to comply with legal obligations (including court orders and subpoenas), defend against potential, threatened, or actual litigation, or when we are legally obliged to share information with law enforcement.
The categories of Personal Data that will be shared can include any of the types of Personal Data detailed under this Notice, however solely to the extent necessary to comply with such purpose.
We may further disclose Personal Data to third parties if you request us to do so, and in such event, the provision of your Personal Data will be subject to such third parties’ policies and practices only.
(6) FOR HOW LONG DOES ZESTY RETAINS YOUR PERSONAL DATA?
As a principal, we will only retain your Personal Data for as long as necessary to fulfill the purposes for which we collected it, including for the purposes of satisfying any legal, administrative, record keeping, or reporting requirements.
The criteria according to which we determine the retention periods are as follows:
- The type of Personal Data and the purpose for which it was collected: meaning, we take into consideration for how long we need to retain the Personal Data in order to achieve the purposes for which it was collected, as well as the scope, nature, and sensitivity of the Personal Data and the potential risk of harm from unauthorized use or disclosure.
- The recruitment process: meaning, we take into consideration the stage in which we have decided regarding your application (i.e., not to proceed with employment or engagement process). This stage may further affect the potential of legal claims and disputes and thus, is taken as a factor.
- Our legal obligations: the retention period further depends on the laws of the applicable territory, as under certain laws, we are required to retain certain types of Personal Data (for different retention periods). In addition, we may retain certain types of Personal Data in the event we are required to do so subject to a binding legal request or a court order.
- Dispute, claims, and legal proceedings: we may retain certain types of Personal Data where we find it reasonably necessary to defend against a threatened or potential legal claim. The periods of retention are determined mainly according to statutory limitation periods. In the event of a dispute between you and us, including any legal proceedings, we will retain the Personal Data until such dispute is resolved, and following, if we find it necessary, in accordance with applicable statutory limitation periods. In addition, if you request to exercise your rights related to your Personal Data, we will maintain the applicable records for as long as needed to demonstrate compliance, usually also in accordance with statutory limitation periods.
- Your reasonable expectations or consent: depending on the applicable Data Protection Legislation, we may further retain Personal Data for as long we consider it to be applicable to examine your application as per new or future job position. This is based also on what we believe to be a reasonable expectation of Candidates, or otherwise, if required, based on the Candidate’s consent we will obtain for such use.
According to the criteria set forth above – we determine when we no longer have a legal justification for retaining Personal Data, and at such instances we will delete or de-identify the Personal Data so it can no longer be associated with you by reasonable means. In addition, we may retain limited Personal Data as a reference for any future applications submitted. If you are hired, we will store your Personal Data collected through the recruitment process for the term of your employment and thereafter, according to our practices and policies related to our employees and staff members’ Personal Data.
Except as we are required by applicable law, we will not be obligated to retain your Personal Data for any particular period, and we may delete it for any reason and at any time, without providing you with prior notice if our intention to do so.
(7) HOW DOES ZESTY SECURES YOUR PERSONAL DATA?
To maintain the security of Personal Data we collect and store, we have implemented technical and organizational security measures designed to prevent unauthorized use, disclosure, change or destruction of information. These measures include access controls (only on a need-to-know basis), firewalls, network intrusion detection, etc.
Although we take reasonable steps to safeguard Personal Data, we cannot always be able to prevent unauthorized actions or abuse our systems and network.
Subject to applicable Data Protection Legislation requirements, we will notify you and the appropriate authorities in the event that we discover a security incident or breach related to your Personal Data.
(8) CROSS-BORDER DATA TRANSFERS
Due to our global operation and our company group locations, your Personal Data may need to be processed or accessed in countries other than your jurisdiction, including, for example, when shared or accessed by our service providers or other affiliates. Specifically, this may include the transfer of Personal Data from and to the State of Israel, the US, or the EU and UK. We transfer Personal Data to another country in compliance with applicable Data Protection Legislation. We take appropriate measures to ensure that your Personal Data receives an adequate level of protection, including by using contractual obligations or other data transfer mechanisms that were pre-approved by applicable data protection authorities to ensure your Personal Data is protected (such as the Standard Contractual Clauses or the EU-US data transfer framework). Where you consent is required under applicable Data Protection Legislation for the transfer of your Personal Data, by submitting your application you are deemed to have consented to the transfer of your Personal Data, as described herein.
(9) YOUR RIGHTS
You have the right to exercise certain choices, rights, and controls in connection with your Personal Data. Depending on your relationship with us, your jurisdiction and the applicable Data Protection Legislation, these rights may include one or more of the following principal rights:
- The right to know what Personal Data we collect about you, the purpose of collection, with whom we share it, etc. – all as provided under this Notice;
- The right to request access and inspect your Personal Data, which entitles you to review or receive a copy of certain Personal Data we hold about you;
- The right to correct (“rectify”) inaccuracies, which entitles you to have any incomplete or inaccurate Personal Data is corrected or deleted;
- The right to request deletion, which entitles you to request us to delete Personal Data (subject to applicable Data Protection Legislation, which permits or requires the retention of certain Personal under certain circumstances);
- The right to request to restrict processing, which entitles you to request to limit the purposes for which we process your Personal Data (subject to certain conditions under Data Protection Legislation);
- The right to object, which entitles you to object to our processing of your Personal Data (subject to certain conditions under Data Protection Legislation);
- The right to data portability, which entitles you to receive the Personal Data you have provided, in a structured, commonly used and machine-readable format and transmit it to another controller;
- The right to withdraw consent, where we are processing your Personal based on your consent;
You further have the right to appeal or lodge a complaint. If we decline to take action on your request, we will inform you without undue delay as required under applicable Data Protection Legislation. For EU/UK Candidates, you have the right to lodge a complaint with the applicable Data Protection Authority in the EU or the Information Commissioner in the UK.
You may exercise any or all of your above rights in relation to your Personal Data by filling out the Data Subject Request (“DSR”) form available here or by sending us an e-mail to privacy@zesty.co.
You may have additional rights as described in this Notice or applicable laws. Please note that we may be required to ask you for further information to confirm your identity before we provide the requested information. Specifically, we may send a separate email to verify your email address on file.
(10) ADDITIONAL INFORMATION FOR CALIFORNIA RESIDENTS
The below provides further information and disclosures required under the CCPA with regards to our data collection and privacy practices of Candidates’ “personal information”, in our capacity as the “business”. This section is an integral part of this Notice and supplements the information provided under the Notice.
Categories of Personal Information We Collect
Under this Notice we have provided comprehensive information regarding the Personal Data we collect and process. The table below further provides details regarding the CCPA categories of personal information under which the Personal Data we process is classified (and that we have collected in the previous 12 months). Please note that under the CCPA, personal information does not include: publicly available information that is lawfully made available from government records, that a consumer has otherwise made available to the public; de-identified or aggregated consumer information; information excluded from the CCPA’s scope, such as: Health or medical information covered by the Health Insurance Portability and Accountability Act of 1996 and the California Confidentiality of Medical Information Act or clinical trial data; personal information covered by certain sector-specific privacy laws, including the Fair Credit Reporting Act, the Gramm-Leach-Bliley Act or California Financial Information Privacy Act and the Driver’s Privacy Protection Act of 1994.
Category | Example | Collected |
A. Identifiers. | A real name, alias, postal address, unique personal identifier, Social Security number, driver’s license number, passport number, or other similar identifiers. | Yes – as elaborated under the “Types of personal data we collect & purpose of collection and use” paragraph of this Notice, and for example, name, address, SSN. |
B. Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)). | A name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver’s license or state identification card number, education, employment, employment history, medical information. Some personal information included in this category may overlap with other categories. | Yes- as elaborated under the “Types of personal data we collect & purpose of collection and use” paragraph of this Notice, and for example name, SSN, address, telephone number, employment history.
|
C. Protected classification characteristics under California or federal law. | Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, sexual orientation, veteran or military status. | Yes – as elaborated under the “Types of personal data we collect & purpose of collection and use” paragraph of this Notice, and for example: citizenship . |
D. Commercial information. | Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies. | No |
E. Biometric information. | Genetic, physiological, behavioral, and biological characteristics or activity patterns used to extract a template or other identifier or identifying information. | No |
F. Internet or other similar network activity. | Browsing history, search history, information on a consumer’s interaction with a website, application, or advertisement. | No |
G. Geolocation data. | Physical location, approximate location derived from IP address or movements. | Yes – as elaborated under the “Types of personal data we collect & purpose of collection and use” paragraph of this Notice, and for example, IP address. |
H. Sensory data. | Audio, electronic, visual, thermal, olfactory, or similar information. | Yes – as elaborated under the “Types of personal data we collect & purpose of collection and use” paragraph of this Notice, and for example, video interviews recorded with your approval. |
I. Professional or employment-related information. | Current or past job history or performance evaluations. | Yes – as elaborated under the “Types of personal data we collect & purpose of collection and use” paragraph of this Notice, and for example, previous job positions. |
J. Non-public education information (per the Family Educational Rights and Privacy Act). | Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes. | No
|
K. Inferences drawn from other personal information. | Profile reflecting a person’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes. | No |
L. Sensitive personal information. | Government-issued identifying numbers, financial account details, genetic data, precise geolocation, race or ethnicity, religious or philosophical beliefs, union membership, mail, email, text messages, biometric data, health data, and sexual orientation or sex life. | Yes – as elaborated under the “Types of personal data we collect & purpose of collection and use” paragraph of this Notice, and for example, government-issued identifying numbers if needed. |
Categories of Sources of Personal Information & Use of Personal Information:
The source from which we obtain personal information is mainly from you (i.e., you directly provide it to us), or third parties (for example a previous employer you have provided as reference) – as further detailed under the “Source of Personal Data” paragraph of this Notice. The purpose for which we collect personal information and how we use it is mainly to manage the recruitment process and asses your application for decisions making, as well as, to comply with applicable laws and defend our rights – as further detailed under the “Types of personal data we collect & purpose of collection and use” paragraph of this Notice. We will not collect additional categories of personal information or use the personal information we collected for materially different, unrelated, or incompatible purposes without providing notice.
Disclosures of Personal Information for a “Business Purpose”:
We may disclose your personal information for a business purpose, and mainly with relevant third parties who support our employment processes and other third parties to comply with legal obligations or to exercise and defend our rights. The categories of such third-party recipients with whom we share personal information are details under “Who do we share your personal data with” paragraph of the Notice, and includes: Zesty company group, to allow us to manage our recruitment process as a business; Service providers and contractors, to perform certain services requested on our behalf, for example, service providers and vendors related to recruitment, talent acquisition and administration, technology services, background checks, where allowed by applicable law, etc. The categories of personal information we disclose, include any of the categories detailed under the table above (A, B, C, G, H, I and L) – as needed to fulfill the purposes. When we disclose personal information for a business purpose, we enter a contract that describes the purpose and requires the recipient to both keep that personal information confidential and not use it for any purpose except performing the contract, we further restrict the contractor and service provider from selling or sharing your personal information.
Sale or share of personal information:
We do not “sell” your personal information to any third party nor “share” it, as defined under the CCPA, meaning, we do not disclose or share your personal information in exchange for money or some other form of consideration.
Data Retention:
The retention periods are determined according to the criteria broadly explained under the “For How long Zesty store your personal data” paragraph of this Notice, and mainly: for as long as it remains necessary in order to achieve the purpose for which the personal information was initially processed; to comply with our regulatory obligations; to resolve a claim or a dispute with you.
Your Rights Under The CCPA:
Please see the “Your Rights” paragraph under this Notice which details your principal rights as for your personal information, including under the CCPA and how you may exercise them. In addition to those rights, under the CCPA you further have the right to: limit the use or disclosure of your “sensitive personal information”; not to receive not to be discriminated against for exercising your rights.
You can designate an authorized agent to submit requests to exercise rights on your behalf. However, we will require written proof of the agent’s permission to do so and verify your identity directly.
(11) AMENDMENTS
We reserve the right to periodically revise this Notice, which will have immediate effect upon posting of the revised version, provided that in the event we will make changes that may affect your rights, or where required under Applicable Data Protection Laws, we will make reasonable efforts to notify Candidates or otherwise obtain consent. We recommend you review this Notice periodically to ensure that you understand our privacy practices and to check for any amendments.
