CANDIDATES PRIVACY NOTICE
Last Updated: January 31, 2025
1) INTRODUCTION AND SCOPE OF THIS NOTICE
This Candidates Privacy Notice (“Notice”) describes how Akeyless Security Ltd., and its affiliates companies and subsidiaries (collectively “Akeyless”, “we” or “us”) collects and processes your Personal Data (as defined below) when you apply for a position at Akeyless (whether for an employee, worker or contractor position, and collectively “Candidates”, “you” or “your”) upon submission of your application, throughout the recruitment process, and thereafter.
This Notice applies to Candidates in the territory in which we offer job opportunities and is subject to applicable data protection laws that applies to Akeyless when processing your Personal Data.
This Notice provides you with information about the Personal Data we collect, how your Personal Data will be used, how long we will retain it, with whom we share it, our cross-border data transfer practices, and your rights regarding your Personal Data we process. This Notice further includes or incorporates specific information required under applicable data protection laws for residents of certain jurisdictions, among others, if you are a located in the EEA or UK – this Notice further details our lawful basis for processing Personal Data, as well as additional information we are required to disclose to you under the EU and the UK General Data Protection Regulations (“GDPR”). If you are a California resident – please see Section 10 of this Notice – “Additional Information for California Residents” for information required to be disclosed under the California Privacy Rights Act 2018 as amended by the California Privacy Rights Act (“CCPA”) including your rights under the CCPA.
Please note that, the information provided in this Notice is an integral part of Akeyless Privacy Policy governing the use of Akeyless’s website (in the event your application is submitted from the website), and supplements the information provided therein. In addition, if following the recruitment process you are engaged with Akeyless, your Personal Data collected through the course of the recruitment process will be subject to our internal privacy policies, as provided to our employees and staff members.
YOU ACKNOWLEDGE THAT YOU ARE NOT UNDER ANY STATUTORY OBLIGATION TO PROVIDE AKEYLESS WITH PERSONAL DATA AND ANY PERSONAL DATA YOU PROVIDE WHEN YOU SUBMIT THE APPLICATION AND THROUGHOUT THE RECRUITMENT PROCESS IS PROVIDED AT YOUR FREE WILL AND CONSENT (WHERE YOUR CONSENT IS REQUIRED UNDER APPLICABLE DATA PROTECTION LAWS). Without derogating from the above, you should be advised that we must collect or receive some Personal Data to examine your application (initially or in later stages), and if you will not provide us with the required Personal Data, we will not be able to fulfill certain purposes, for example, we will not be able to examine your application if we are not provided with the information needed to decide whether you qualify for a certain position, decide if you are legally entitled to work in certain territories, etc., all as described under Section 3 of this Notice – “The Types of Personal Data We Collect, Purpose of Collection and Use & Lawful Basis” which details the purposes for which we need and use each type of Personal Data collected.
It is important that you read this Notice, together with any other notices that might be provided on specific occasions when we are collecting Personal Data about you, so that you are aware of how and why we are collecting and using such Personal Data.
For any questions or concerns you might have regarding our collection or use of your Personal Data please contact us as set forth in the Contact Information and Data Controller Information paragraph below.
2) CONTACT INFORMATION & DATA CONTROLLER INFORMATION
Under applicable data protection laws, Akeyless is considered as the “data controller” (or the “business” under the CCPA) of the Personal Data collected from Candidates. Meaning – Akeyless and the applicable entity of its company group are responsible for deciding how your Personal Data is processed (as shall be described herein), as well as to enable you to exercise your rights.
For any question, inquiry or concern you might have regarding this Notice or our processing of your Personal Data, you may contact us as follows:
- Our Data Protection Officer:
By Email: [email protected]
By Mail:Akeyless Security Ltd., Ze’ev Jabotinsky St. 7, 33 Floor, Ramat Gan, Israel 5252007 (Attn: Akeyless DPO).
- Our Data Protection Representative for Data Subjects in the EU or the UK:
Prighter Group, with its local partners, are our privacy representative and your point of contact. Prighter gives you an easy way to exercise your privacy-related rights (e.g., requests to access or erase personal data). If you want to contact us via our representative, or make use of your data subject rights, please visit the following website: https://prighter.com/q/19968914192
3) THE TYPES OF PERSONAL DATA WE COLLECT, PURPOSE OF COLLECTION AND USE & LAWFUL BASIS
For the purpose of this Notice, the term “Personal Data” refers to information that can identify an individual, either directly or through reasonable effort (which can be further defined under data protection laws as “personal information”, “personally identifying information”, etc.). Personal Data may further include types of information defined under applicable data protection laws as “Sensitive Data” which may include, depending on the applicable law, information such as governmental identification number or certificate, professional qualifications, financial information, personality assessments, and health related information, etc. (and can be further defined under applicable data protection law as “highly sensitive information”, “special categories of personal data”, “sensitive personal information“, etc.).
Akeyless collects, stores, and uses various types and categories of Personal Data about Candidates, which may also include Sensitive Data. The table below outlines the categories of Personal Data Akeyless collects and processes, along with the purposes for which Akeyless collects and uses each such category (as well as our lawful basis for processing where the GDPR applies to your Personal Data).
Please be aware that the specific categories or types of Personal Data collected may differ based on the position for which you apply and the legal requirements under applicable data protection laws.
Akeyless will not process your Personal Data to perform automated decision-making.
| CATEGORIES AND TYPES OF PERSONAL DATA | PURPOSE OF COLLECTION AND USE | LAWFUL BASIS (under the GDPR, where applicable) |
| • Identification information: your full name and identifying information such as your photo, government-issued identification number, a copy of identification certificate (e.g., ID, passport, SSN), and date of birth. • Contact information: such as your phone number, email and residence address. • Employment history, education, and qualifications: such as previous employers and job positions you fulfilled, dates of employment, responsibilities, achievements, educational institutions you studied, degrees or certifications, fields of study, etc. • Skills, abilities, and expertise: such asinformation related to your relevant competencies, skills, language proficiency, and any other expertise that may be relevant to the position you apply to. • Assessment results: information we gather from tests, interviews, or assessments conducted by us during your recruitment process, to evaluate your suitability for the position you apply to. • Background check information (to the extent applicable): information obtained through background checks, solely where required or as permitted under applicable laws, such as verification of your previous or current employment and education. • Eligibility to work: information related to your legal right to work in the relevant country or territory where the position is offered, such as citizenship or visa status. • Our communication with you and internal records: such as our correspondence with you, and records or recording of phone calls, interviews or other interactions between you and us during the recruitment process. • Any additional information provided by you voluntarily: such as information included in your application or resume (CV), and supporting documents submitted by you. • Sensitive Data: we collect certain information that, depending on the applicable data protection law, might be considered as Sensitive Data. Such information will be collected by us solely where required under applicable law or where we have a specific necessity to obtain it for the recruitment process, and solely in the event you provided such information voluntarily e or otherwise where we obtain your consent. This information may include Personal Data about the privacy of a Candidate’s family life or personality, personality assessments (conducted by a professional entity we engage with to evaluate significant personality characteristics) ethnicity, national origin, disability and medical or health condition, veteran or military status, or other protected characteristics, and certain data that might be gathered as part of background checks (such as criminal records). | • Job application processing and evaluation: to assess your qualifications, experience, skills, etc., to determine your eligibility for the role you have applied for, to facilitate our decision-making process, as well as, subject to applicable laws, identify potential suitability to other open positions offered by Akeyless. • Communication with you: to facilitate our correspondence with you during the recruitment process, including scheduling interviews, providing updates, etc. • Verification and reference checks: we may need to verify the accuracy of the information you provided, for example regarding your employment history, education, and professional references. To the extent permitted or required by applicable law, we may conduct background checks to verify certain information. • Compliance with legal obligations: to ensure we comply with relevant labor laws, regulations, and industry standards. • Eligibility to work: to confirm your legal right to work in the country or territory where the position is offered, and ensure we comply with immigration requirements, if applicable. • Decision-making: to facilitate the decision-making process, and ultimately select the most suitable individual for the position. • Internal record-keeping: to maintain records of the recruitment process, including evaluations, assessments, and decisions, which may be used for future reference or to address potential disputes or legal claims. • Administration and performance of human resources related duties, procedures and obligations. • To improve our recruitment process: such as to track an application through the recruitment process analyze and refine our recruitment practices, strategies, and processes. • Monitoring equal opportunity: Akeyless is committed to applying equal opportunity in our workplace and we may ask for information on the ethnic origin, gender, and disability of a Candidate for the purpose of monitoring equal opportunity and ensuring Akeyless diversity and inclusion as required and permitted under applicable laws. • Compliance with legal obligations or security standards: to the extent required or permitted under applicable laws, we may conduct background checks that may include criminal record information. • Internal record-keeping: to maintain a record of the recruitment process, which may be used for internal and external reporting responsibilities (e.g., legal and regulatory requirements), as well as future reference or to address potential disputes or legal claims. • Administration and performance of human resources related duties, procedures and obligations. | Our lawful basis is subject to and depends on the purpose for which we collect, use, and retain Personal Data, as set forth below: • Legitimate interest: We process Personal Data as needed for our assessment, selection process and decisions making. Meaning we mainly process all types of Personal Data listed herein to determine if you are suitable to a certain job position and decide which Candidate we find the most suitable to our requirements, needs and criteria. We may further retain certain types of Personal Data, even after we have decided not to engage with you, for the purpose of record keeping, compliance with applicable laws and our legal obligations, evaluating our recruiting processes, and to address and defend against potential, threatened or actual legal claims and disputes. • Consent: Where required under applicable data protection laws, we will obtain your consent to process Personal Data – for example for certain background checks, or to further retain and use Personal Data for future job opportunities offered at Akeyless. You have the right to withdraw consent at any time. Our lawful basis is subject to and depends on the purpose for which we collect, use, and retain Sensitive Data, as set forth below: • Consent: Sensitive Data will be initially collected subject to obtaining your consent. You have the right to withdraw consent at any time. • Legitimate interest: We may further retain certain types of Sensitive Data, under our legitimate interest, for record keeping, compliance with applicable laws, evaluating our recruiting processes (for example, for diversity and to ensure our process is not discriminating or bias), and where applicable, to address potential, threatened or actual disputes or legal claims. |
4) SOURCES OF PERSONAL DATA
Personal Data about Candidates is collected, as follows:
- Personal Data that you directly provide – this includes information you voluntarily provide as part of your application, CVs, etc.; and
- Personal Data provided by third parties – this includes information we obtain from employment agencies, recruitment or professional networking platforms, background check services (as applicable and subject to applicable law), or your references former employers, etc.
5) WHO DO WE SHARE YOUR PERSONAL DATA WITH?
Akeyless discloses your Personal Data internally with personnel involved in the recruiting and hiring processes (i.e., human resources, managers, and our corporate group) or externally with our third party contractors, consultants and service providers that help us with our recruitment process operation, administration and performance, and where needed to comply with our legal obligations or to exercise and defend our rights. We implement measures to ensure your Personal Data will be accessed on a “need to know” basis and in accordance with our instructions.
The table below outlines the categories of such third-parties we share Personal Data with and purpose of sharing.
| Category Of Recipient | Purpose of Sharing & Category of Personal Data Shared |
| Akeyless Company Group | We may share Personal Data within our company group to enable us to manage our recruitment procedures as a global group at the organizational level, and for human resources management. This will include information shared with third party involve in a corporate event such as a merger, acquisition or purchase of all or part of our assets. The categories of Personal Data that will be shared can include any of the types of Personal Data detailed under this Notice, as needed to fulfill such purposes. |
| Our Contractors and Service Providers | We disclose Personal Data to our trusted agents, contractors, vendors, and service providers so that they can perform requested services and functions on our behalf. These third parties may include, recruiting services, technology services (e.g., SaaS recruitment management providers and hosting providers), background checks service providers, legal counsels, etc. We contractually obligate these third parties to use your Personal Data only to provide us with requested services and not for any other purpose. The categories of Personal Data that will be shared can include any of the types of Personal Data detailed under this Notice, as needed to fulfill such purposes. |
| Third Parties You Have Requested Us to Share Your Personal Data With | We will share your Personal Data if your direct or request us to share it. In such event, the provision of your Personal Data will be subject solely to such third parties’ policies and practices. The categories of Personal Data that will be shared will be as requested by you. |
| Governmental Agencies, Authorized Third Parties, or Disclosure due to a Legal Process | In the event of legal and law enforcement requirement, we may disclose certain Personal Data, such as in response to an order, a verified requests relating to criminal investigations or alleged illegal activity. We may further disclose Personal Data in the event of any activity that may expose us, you, or other third party to legal liability, as well as to defend against potential, threatened, or actual claims, demands or litigation process. The categories of Personal Data that will be shared can include any of the types of Personal Data detailed under this Notice, as needed to fulfill such purposes however solely to the extent necessary to comply with such purpose. |
6) DATA SECURITY
At Akeyless, security is our highest priority. We design our systems with your security and privacy in mind. We have implemented physical, technical, and administrative security measures that comply with applicable laws and industry standards. The methods that we use to protect your Personal Data includes: maintaining compliance programs that validate our security controls; protecting the security of your information during transmission to or from our website, by using encryption protocols and software. You can further review our here: https://www.akeyless.io/data-protection-measures.
Note that we cannot be held responsible for unauthorized or unintended access beyond our control, and we make no warranty, express, implied, or otherwise, that we will always be able to prevent such access.
Please contact us at: [email protected] if you feel that your privacy was not dealt with properly, or if you become aware of a third party’s attempt to gain unauthorized access to any of your Personal Data. We will make a reasonable effort to notify you and the appropriate authorities (if required by applicable law) in the event that we discover a security incident related to your Personal Data.
7) DATA RETENTION
We retain Personal Data we collect as long as it remains necessary for the purposes set forth above, all in accordance with applicable laws.
The criteria according to which we determine the retention periods are as follows:
- The type of Personal Data and the purpose of the collection: we take into consideration for how long we need to retain the Personal Data in order to achieve the purposes for which it was collected, as well as the sensitivity of the Personal Data and the potential risk of harm from unauthorized use or disclosure.
- The stage of the recruitment process: we take into consideration the stage in which we have decided regarding your application since it may further affect the potential of legal claims and disputes.
- Our legal obligations: the period for which we will retain your Personal Data further depends on the laws of the applicable territory, as under certain laws, we may be required to retain Personal Data (for minimum retention periods). In addition, we may retain certain types of Personal Data in the event we are required to do so subject to a legal request or a court order.
- Dispute, claims, and legal proceedings: we may retain certain types of Personal Data where we find it reasonably required to defend against a threatened, potential or actual legal claim or litigation process. The periods of retention are determined mainly according to statutory limitation periods or until a dispute is resolved. In addition,we will maintain the records related to exercising your rights for as long as needed to demonstrate compliance, usually also in accordance with statutory limitation periods.
- Your reasonable expectations or consent: depending on the applicable data protection law, we may retain Personal Data for as long we consider it to be applicable to examine your potential suitability to future job position. This is based also on what we believe to be a reasonable expectation of Candidates, or otherwise, if required, based on the Candidate’s consent. If you would like to opt-out from Akeyless’s policy of retaining your information for the purposes of considering you for other job offers, or otherwise, where applicable, withdraw consent, please contact us at: [email protected] or as detailed under our Data Subject Request form available here.
In addition to the above, we may retain limited Personal Data as a reference for any future applications submitted. If you are hired, we will store your Personal Data collected through the recruitment process in accordance with our practices and policies related to our employees and staff members’ Personal Data.
Please note that except as required by applicable law, we will not be obligated to retain your Personal Data for any particular period, and we may delete it for any reason and at any time, without providing you with prior notice if our intention to do so.
8) CROSS BORDER PERSONAL DATA TRANSFERS
Due to our global operation, your Personal Data may need to be processed or accessed in territories other than your jurisdiction, including, for example, when shared or accessed by our service providers or other affiliates. This may include transfer of Personal Data to, or from, the State of Israel, the US and the EEA.
Akeyless only transfers Personal Data to another country, including within its corporate group, in accordance with applicable data protection laws. We take appropriate measures to ensure that your Personal Data receives an adequate level of protection, including by using contractual obligations or other data transfer mechanisms.
Personal Data transferred from within the EU and the UK to Akeyless Security USA Inc., are subject to the EU-U.S. DPF Principles and to Akeyless adherence to the EU-U.S. DPF and the UK Extension to the EU-U.S, as applicable.
For more information on international transfer, please see here: https://www.akeyless.io/transfer-impact-assessment/, and well as the DPF certification and statement here: https://www.akeyless.io/data-privacy-framework
9) RIGHTS YOU HAVE IN RELATION TO YOUR PERSONAL DATA AND WAYS TO EXERCISE THEM
We acknowledge that different people have different privacy concerns and preferences. Our goal is to be clear about what Personal Data we collect so that you can make meaningful choices about how it is used. We allow you to exercise certain choices, rights, and controls in connection with your information. Depending on your jurisdiction and the applicable data protection laws that apply to you, these rights may include one or more of the following principal rights:
- The right to know what Personal Data we collect about you, the purpose of collection and how we use it, with whom we share your Personal Data, and additional information such as the categories of sources from which the Personal Data is collected and for how long we retain Personal Data – as provided under this Notice;
- The right to access and inspect your Personal Data. This right entitles you to review or receive a copy of certain Personal Data we hold about you;
- The right to correct inaccuracies in your Personal Data. This right entitles you to have any incomplete, inaccurate or not updated Personal Data we hold about you corrected (or otherwise request its deletion);
- The right to request deletion of your Personal Data. This right entitles you to request us to delete Personal Data (subject to applicable data protection laws, which permits or requires the retention of certain Personal Data);
- The right to request to restrict processing of your Personal Data. This right entitles you to request us to limit the purposes for which your Personal Data is processed (subject to certain conditions under data protection laws);
- The right to object to processing of Personal Data. This right entitles you to object to processing of your Personal Data (subject to certain conditions under data protection laws);
- Data Portability – this right entitles you to receive the Personal Data you have provided, in a structured, commonly used and machine-readable format and transmit it to another controller;
- The right to withdraw consent, where we are processing Personal Data based on your consent;
- The right to appeal or lodge a complaint. In the event that we do not fulfill your request, we will inform you without undue delay as required under applicable data protection laws and you may have the right to appeal such decision. For EU/UK Candidates, you have the right to lodge a complaint with the applicable Data Protection Authority in the EU or the Information Commissioner in the UK.
You may exercise any or all of your above rights in relation to your Personal Data, directly or through an agent, by filling out the Data Subject Request form available here, or by sending us an e-mail to: [email protected].
You may have additional rights as described in this Notice or applicable laws. We sometimes need to request specific information from you to help us confirm your identity and ensure the requested rights apply to you. This is another appropriate security measure to ensure that Personal Data is not disclosed to any person who has no right to receive it. Information provided in connection with such request will be processed only for the purpose of processing and responding to your request.
10) ADDITIONAL INFORMATION FOR CALIFORNIA RESIDENTS
The below provides further information and disclosures required under the CCPA with regards to our data collection and privacy practices of Candidates’ “personal information”, in Akeyless’s capacity as the “business”. This section is an integral part of this Notice and supplements the information provided under the Notice.
Categories of Personal Information Collected
This Notice provides comprehensive information regarding the Personal Data we collect and process.
In the table below we further provide details regarding the categories of “personal information” collected as defined and listed under the CCPA (and that we have collected in the previous 12 months).
Please note that under the CCPA, personal information does not include: publicly available information that is lawfully made available from government records, that a consumer has otherwise made available to the public; de-identified or aggregated consumer information; information excluded from the CCPA’s scope, such as: Health or medical information covered by the Health Insurance Portability and Accountability Act of 1996 and the California Confidentiality of Medical Information Act or clinical trial data; personal information covered by certain sector-specific privacy laws, including the Fair Credit Reporting Act, the Gramm-Leach-Bliley Act or California Financial Information Privacy Act and the Driver’s Privacy Protection Act of 1994.
Categories of Sources of Personal Information & Use of Personal Information
The source from which we obtain personal information is mainly from you (i.e., you directly provide it to us), or third parties (for example a previous employer you have provided as reference) – and as further described under Section 4 of this Notice – “Sources of Personal Data”. The purpose for which we collect personal information is mainly to manage the recruitment process and asses your application for decisions making, as well as, to comply with applicable laws and defend our rights – as described under Section 3 of this Notice – “The Types of Personal Data We Collect Purpose of Collection and Use & Lawful Basis”. We will not collect additional categories of personal information or use the personal information we collected for materially different, unrelated, or incompatible purposes without providing notice and where required, obtain your consent.
Disclosures of Personal Information for a “Business Purpose”
We may disclose your personal information for a business purpose, and mainly with relevant third parties who support our recruiting processes or to comply with legal obligations and exercise and defend our rights. The categories of such third-party recipients with whom we share personal information are as described under Section 5 of this Notice – “Who Do We Share Your Personal Data With?”and includes: Akeyless company group, to allow us to manage our recruitment process as a business at the organizational level; Service providers and contractors, to perform certain services and functions requested on our behalf, for example, service providers and vendors related to recruitment, talent acquisition and administration, technology services, background checks, where allowed by applicable law, etc.
The categories of personal information we disclose, include any of the categories detailed under the table above (A, B, C, H, I and L) – as needed to fulfill the purposes. When we disclose personal information for a business purpose, we enter a contract that describes the purpose and requires the recipient to keep that personal information confidential and not use it for any purpose except performing the contract.
Sale or Share of Personal Information
We do not “sell” your personal information to any third party nor “share” it, as defined under the CCPA, meaning, we do not disclose or share your personal information in exchange for monetary or some other form of consideration.
Data Retention
The retention periods are determined according to the criteria explained under Section 7 of this Notice – “Data Retention”, and mainly for as long as it necessary in order to achieve the purpose for which it was initially collected; to comply with our regulatory obligations and to resolve a claim or a dispute with you.
Your Rights Under the CCPA
Please see Section 9 of this Notice – “Rights You Have in Relation to Your Personal Data and Ways to Exercise Them”, which details your principal rights as for your personal information, including under the CCPA and how you may exercise them. In addition to those rights, under the CCPA you further have the right to: limit the use or disclosure of your “sensitive personal information” and not to be discriminated against for exercising your rights.
You can designate an authorized agent to submit requests to exercise rights on your behalf. However, we will require written proof of the agent’s permission to do so or to verify your identity directly.
11) NOTICE AMENDMENTS
We reserve the right to amend this Notice from time to time, which will have immediate effect upon posting of the updated Notice on our website. The most recent revision date will be indicated in the “Last Updated” heading at the top of the Notice. We will make a reasonable effort to notify you if we implement any changes that significantly change our privacy practices or your rights, and, where necessary under applicable data protection laws, obtain your consent. We suggest reviewing this Notice periodically to ensure that you understand our privacy practices and to check for any updates.
