Applicant privacy notice
Introduction
This Applicant Privacy Notice (“Applicant Privacy Notice”) describes how ZipHQ, Inc. and its affiliates’ (“Zip”, “we”, “us”, “our”) collect, use and disclose personal information during our recruitment process.
Please review this Applicant Privacy Notice carefully to understand our practices regarding your personal information. If you have any comments or questions about this Applicant Privacy Notice, please Contact Us.
About us
Zip provides a software-as-a-service platform designed to offer one place for employees of our enterprise customers to initiate a purchase or vendor request, and for our enterprise customers to manage and oversee internal purchases.
Applicant privacy notice applicability
This Applicant Privacy Notice applies to any individuals who apply for an advertised position, provide their personal information for general employment inquiries, or otherwise seek to work for Zip, regardless of how you provide your personal information whether through ziphq.com or any other websites managed by Zip that refers to this Applicant Privacy Notice (collectively, the “Websites”) or in any other manner. This Applicant Privacy Notice applies in addition to our general Zip Privacy Notice. Please refer to the Zip Privacy Notice for our practices related to personal information submitted for other purposes and details of how to Contact Us.
How we collect your personal information
The ways that we may collect personal information about you when you interact with us fall into the following categories:
Personal information you may provide to us
We collect personal information that you provide voluntarily such as when you:
- send us your CV or complete an online application to apply to work for us, or otherwise inquire about possible job opportunities at Zip; or
- interact with us by communicating through email, social media, or by telephone.
Automatic data collection
We may collect certain personal information automatically from your device when you visit our Websites.
Please see the Automatic data collection section of the Zip Privacy Notice and our Cookie Notice for further information about information that is automatically collected when you use our Websites.
Third party sources
We may also collect personal information about you from third party sources such as:
- background screening agencies, recruitment agencies, referrals and referees; and
- from publicly available sources, including any social media platforms you use or other information available online.
What personal information we collect
During the recruitment process, we will collect certain data about you, either from you directly, or from third parties with your approval. This data may include the following:
Personal information you may provide to us
- Contact data - your full name, email address, home address and phone number.
- Professional and employment information - your resume or CV, work experience, professional references, work permit status, or other information about your professional background.
- Educational information - your school history, technical or professional qualifications and certification.
- Citizenship information - your visa and right to work status, government identification number and age.
- Assessment details – if you interview with us, that may include assessments and interview notes.
- Sensitive information – that you may choose to provide to us during the recruitment process such as demographic information, or information about your gender, race, ethnicity, and disabilities.
- Other information you choose to submit to us as part of your application.
Third-party sources
We may combine personal information we receive from you with personal information we obtain from other sources, such as:
- information received from third parties such as reference checks or background checks;
- information provided by recruitment agencies;
- publicly available information that may help us decide on your candidacy, such as your professional social media profiles; and
- references provided by referees.
In each case, where permissible and in accordance with applicable law.
Automatic data collection
Please see the Automatic data collection and Cookies and similar technologies sections of the Zip Privacy Notice and our Cookie Notice for further information about information that is automatically collected when you use our Websites.
Declining to provide information
We may need to collect certain personal information to assess your eligibility for a particular role. If you do not provide the information we identify as required or mandatory, we may not be able to proceed with your job application.
If we ask you to provide any such information we will make this clear at the relevant time and advise you whether the provision of your personal information is mandatory or not (as well as of the possible consequences if you do not provide your personal information).
Data about others
Zip contacts may wish to refer other contacts to us and share their contact information with us. Please do not refer someone to us or share their contact information with us unless you have their permission to do so.
How we use your data and legal basis for processing
How we use your personal information depends on how you interact with us. The specific purposes for which we use the data we collect about you are listed below.
In some jurisdictions, including those subject to the EU-U.S. DPF and, as applicable, the UK Extension to the EU-U.S. DPF, and/or the Swiss-U.S. DPF, EU General Data Protection Regulation (GDPR) or UK General Data Protection Regulation (UK GDPR), we may only process your personal information when we have a legal basis to do so. Our legal basis for processing your personal information is listed with each purpose for processing below.
Data we collect about you as part of our recruitment process may be used for the following purposes:
- To evaluate your application to make an employment decision. We use your personal information to evaluate your application for a role at Zip. As part of doing so we may take steps to verify the data submitted or collected about you by speaking to refences, previous employers, using third party background screening agency (where applicable) and checking publicly available information.
Legal Basis for Processing: We have a legitimate interest in processing your personal information to determine suitability for the role you have applied for and to reach a hiring decision prior to entering an employment contract with you. - To manage our relationship and communicate with you. We will send you emails or otherwise communicate with you in responses to your questions, feedback, comments, and your application. Where we use a recruitment agency or employment business partner, we may also communicate through that third party.
Legal Basis for Processing: We have a legitimate interest in corresponding with you when you have contacted us to apply for a role at Zip, or when we have identified you may have a particular interest in working for Zip (when not prohibited by law). Otherwise, when processing your personal information for marketing communications, we rely on your consent. - To comply with our legal requirements. We may use your personal information to comply with applicable laws, such as immigration and / or employment laws or regulations. We may also use your personal information to comply with applicable laws, lawful requests and legal process, such as to respond to subpoenas or requests from government authorities. We may also use your personal information where permitted by law in connection with any legal investigation and to prosecute or defend legal claims. As a global company there are a wide variety of laws that might compel processing of your data under this legal basis, but they may include the following types of laws: civil and commercial laws, criminal laws, consumer laws, and corporate and taxation laws.
Legal Basis for Processing: We may rely on compliance with a legal obligation where required to comply with employment and / or immigration laws or in the event of a legal investigation or request from a law enforcement or governmental entity. - To make improvements to our recruiting processes. We may use information you provide to use during your application process to improve our recruiting processes. Where appropriate we will remove personal identifiers from data containing personal information so that it cannot be traced back to an individual and aggregate it by combining it with the data from multiple sources and/or individuals.
Legal Basis for Processing: We have a legitimate interest in improving our recruitment process. - With your consent. In some cases, we may ask for your consent to collect, use or share your personal information in ways we have not described here. When we do that, we will always record your consent and you may change your mind and opt out by Contacting Us.
If you are offered and accept a position with Zip, your data will become part of your employment records. At that point, your data will be subject to our Employee Privacy Notice which will be made available to you as part of your onboarding with Zip.
If you are not hired, or elect to withdraw or decline our employment offer, we will retain your applicant data as described in the Data Retention section of this Applicant Privacy Notice.
How we share your data
Except for as mentioned below, we do not share your personal information with any other companies.
We may share your personal information as follows:
- With Affiliates. We may share your personal information with our subsidiaries, joint ventures, or other companies under common control, in which case we will require those entities to honor this Applicant Privacy Notice. As a global company, we have employees employed by subsidiary companies across the world. We may share any of the data listed above with any of these affiliated companies.
- Your References and Previous Employers. We may contact your references and your previous or current employers to perform professional reference and employment checks.
- With Third Party Agents and Service Providers. We have third party agents and service providers that perform functions on our behalf, such as our employment business partners including recruitment and employment agencies, recruitment platform providers and background screening firms. We also use third party service providers for data storage and hosting of our careers website. These entities may have access to your personal information to the extent needed to perform their services. All such third parties are contractually obligated to maintain the confidentiality and security of your personal information, and are restricted from using your personal information other than to provide their services.
- By Linking to Third Party Sites. Our Websites may link to other websites or services operated by third parties, whose privacy practices may differ from ours and are governed by their own privacy policies, not this Applicant Privacy Notice. We do not control or endorse any of these third party websites or services, and we encourage you to carefully review the privacy policy of any website you visit.
- With Law Enforcement, Government Entities, and Other Companies and Organizations. In rare circumstances, we may share your personal information with law enforcement or governmental entities for compliance with the law or to investigate legal claims. In the event of confirmed fraudulent activity, we may also exchange information with other companies and organizations for fraud protection.
- Through Business Transfers. We may sell, transfer or otherwise share some or all of our business or assets, including your personal information, in connection with a business deal (or potential business deal) such as a merger, consolidation, acquisition, reorganization, sale of assets or in the event of bankruptcy.
Anonymized, aggregated, or de-identified data
Anonymization is a data processing technique that modifies personal information so that it cannot be associated with a specific individual. Except for this section, none of the other provisions of this Applicant Privacy Notice apply to anonymized, aggregated (i.e., information about applicants that we combine so that it no longer identifies or references an individual applicant) or de-identified data. We may use this anonymized, aggregated, or de-identified data and share it with third parties for our lawful business purposes, including to analyze and improve our recruitment processes and promote our business.
Data retention
Our goal is to keep your personal information for as short period as possible to achieve the purpose for which your personal information is collected. We will retain your personal information as needed to fulfill the purposes for which it was collected. We may retain your personal information as needed to comply with our business requirements and legal obligations and resolve disputes.
Your personal information collected during the recruitment process will be retained:
- in accordance with the retention periods set out in Zip Employee Privacy Notice (where you become our employee); or
- for a period of three years after the submission date of your application, unless a longer period is required by applicable law or to establish, exercise, or defend legal challenges related to our recruitment processes.
We hold your data for three years so that we may consider you for other positions that arise within our organization and to comply with our regulatory requirements.
To request deletion of your personal information before the expiry of our retention period, please Contact Us.
Data security
We take security very seriously. We take appropriate measures, including organizational, technical, and physical precautions to help protect against unauthorized access to, alteration of, or destruction of your personal information.
While we follow industry standards and best practices to protect your data, no transmission of data over the Internet or any public network can be guaranteed to be 100% secure.
Children’s data
Our careers websites are not directed to anyone under the age of 16. A parent or guardian who becomes aware that his or her child under the age of 16 has provided us with personal information may Contact Us and we will delete the child’s data.
Exercise your data rights
Please see the Exercise Your Data Rights section of our Privacy Notice for information about your data rights.
EEA, Swiss and UK residents
The information below supplements the information provided in the generally applicable portion of our Applicant Privacy Notice and applies solely to individuals that are in the EEA, Switzerland or UK and where EU General Data Protection Regulation (GDPR) or UK General Data Protection Regulation (UK GDPR), or EU-U.S. Data Privacy Framework, the UK Extension to the EU-U.S. Data Privacy Framework, the Swiss-U.S. Data Privacy Framework apply.
Zip complies with the EU-U.S. and Swiss-U.S. Data Privacy Frameworks, as well as the UK Extension to the EU-U.S. Data Privacy Framework (collectively, the “Data Privacy Framework”), as set forth by the U.S. Department of Commerce regarding the processing of personal information transferred from the European Union, the European Economic Area, the United Kingdom, and Switzerland to the United States (“DPF Principles”). Zip has certified to the U.S. Department of Commerce that Zip adheres to the DPF Principles with respect to such personal information. If there is any conflict between this Privacy Notice, Zip People Handbook, Applicant Privacy Notice, and the Data Privacy Framework principles, the DPF Principles shall govern. In accordance with the DPF Principles, Zip shall remain liable for onward transfers if a processor processes personal information in a manner inconsistent with the DPF Principles. To learn more about the Data Privacy Framework, and to view our certification, visit https://www.dataprivacyframework.gov/.
In other circumstances, the law may permit us to otherwise transfer your personal information outside the UK or the EU/EEA or outside another relevant location (e.g. the location in which your personal information was collected). In all cases, any transfer of your personal information will be compliant with applicable data protection law.
You can obtain more details of the protection given to your personal information when it is transferred outside the UK or the EU/EEA (including a sample copy of the European Commission SCCs or UK IDTA or UK Addendum) by contacting us.
Your additional EEA, Swiss and UK privacy rights
If you are located in the European Economic Area, Switzerland, or United Kingdom, you have additional data privacy rights that include the right to:
- access, correct update or request deletion of your personal information;
- object to the processing of your personal information, ask us to restrict processing of your personal information, or request portability of your personal information;
- opt out of marketing communications we send you at any time;
- withdraw your consent for processing, if we are processing your personal information based on consent. Note that withdrawing consent does not affect the lawfulness of processing based on consent before its withdrawal; and
- make a complaint to a data protection authority about our collection and use of your personal information.
Our legal basis for processing your personal information is listed with each purpose for processing in the How We Use Your Data and Legal Basis for Processing section of this Applicant Privacy Notice.
International transfers of data
Please see the International Transfers of Data section of our Privacy Notice for information about how we may transfer your personal information outside of the EU/EEA or the UK.
Exercise your EEA, Swiss and UK privacy rights
To exercise these rights you can use any of the methods described in the Exercise Your Data Rights of our Privacy Notice or you can Contact Us.
Please submit a written request to exercise your rights or choices to the contact information provided in our Privacy Notice. Zip may request specific information from you to confirm your identity in an effort to respond to your request.
Please note that in some situations, Zip may act as a processor on behalf of its enterprise customers. In such situations, Zip kindly asks you to first contact the relevant enterprise customer or indicate the relevant enterprise customer in your request so that Zip can redirect and respond to the request.
Zip is subject to oversight by the U.S. Federal Trade Commission. Zip has also appointed an alternative dispute resolution provider, JAMS, which is the US-based independent organization responsible for reviewing and resolving complaints about our Data Privacy Framework compliance—free of charge to you. We ask that you first submit any such complaints directly to us via privacy@ziphq.com or please write to the following address:
ZipHQ, Inc.
One Sansome St
Suite 3000
San Francisco
CA 94104
Attn: Legal
If you aren’t satisfied with our response, please contact JAMS at https://www.jamsadr.com/DPF-Dispute-Resolution to open an EU-U.S. DPF and, as applicable, UK Extension to the EU-U.S. DPF, and/or Swiss-U.S. DPF Dispute Resolution case In the event your concern still isn’t addressed by JAMS, you may be entitled to a binding arbitration as set forth in Annex I of the Data Privacy Framework Principles.
In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, Zip commits to cooperate and comply respectively with the advice of the panel established by the EU data protection authorities (DPAs) and the UK Information Commissioner’s Office (ICO) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to unresolved complaints concerning our handling of human resources data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF in the context of the employment relationship.
California residents
The information below supplements the information provided in the generally applicable portion of our Applicant Privacy Notice and applies solely to individuals that are residents of California and qualify as a “Consumer” under the California Consumer Privacy Act of 2018 (including as amended by the California Privacy Act of 2020) (“CCPA”).
This section of our Applicant Privacy Notice provides additional information about how we collect, use, disclose, and otherwise process the personal information of California Consumers within the scope of the CCPA.
Categories of CCPA personal information
The below table summarizes:
- the categories of personal information collected by Zip in the past 12 months;
- the sources of collection of the personal information;
- how we use your personal information; and
- the categories of personal information disclosed for business purposes by Zip (including to third parties) in the past 12 months.
Please see the generally applicable section of this Applicant Privacy Notice for additional information on Zip’s information practices, including more detail on how we use and disclose your personal information.
- To provide an individualized experience on the Solution and Websites
- To understand and manage our relationship with you
- To communicate with you
- To create anonymous data for use in product development
- For security, compliance, fraud prevention and safety
- For compliance with law or to investigate legal claims
- Third Party Agents and Service Providers
- Third parties that provide cookies on our Websites
- By Linking to Third Party Sites
- With Law Enforcement, Government Entities, and Other Companies and Organizations
- Through Business Transfers
- Other users and the public
- To provide an individualized experience on the Solution and Websites
- To understand and manage our relationship with you
- To communicate with you
- To create anonymous data for use in product development
- For security, compliance, fraud prevention and safety
- For compliance with law or to investigate legal claims
- To provide an individualized experience on the Solution and Websites- To understand and manage our relationship with you
- To create anonymous data for use in product development
- For security, compliance, fraud prevention and safety
- For compliance with law or to investigate legal claims
- To provide an individualized experience on the Solution and Websites
- To understand and manage our relationship with you
- To create anonymous data for use in product development
- For security, compliance, fraud prevention and safety
- For compliance with law or to investigate legal claims
Categories of CCPA sensitive personal information
As part of the application process Zip may collect the following categories of ‘sensitive personal information’ as defined by CCPA. The categories of sensitive personal information Zip may collect are described below along with details of what we use the information for and whether the information is sold or shared.
Zip does not sell or share this sensitive information.
Your additional California privacy rights
If you are a California resident, you may have additional rights under CCPA described in the Your additional California Privacy Rights section of our Privacy Notice.
Sale and sharing of personal information
While Zip does not ‘sell’ personal information in exchange for money, we may share personal information with the third parties that provide cookies on our Websites for the purpose of displaying advertisements that are selected based on personal information obtained or inferred over time from your activities across businesses or distinctly-branded websites, applications or other services (otherwise known as ‘targeted advertising’ or ‘cross-context behavioral advertising’), for personalization features, for tracking and analytics. The categories of personal information impacted in the preceding 12 months may include:
- Identifiers;
- Internet or other electronic network activity information; and
- Inferences
The Solution and Websites are not directed to anyone under the age of 16 and Zip has no actual knowledge that the ‘sales’ or ‘sharing’ described above include the personal information of individuals under 16 years of age.
Exercise your California privacy rights
To exercise these rights you can use any of the methods described in:
- the Exercise Your Data Rights section of our Privacy Notice;
- the Exercise Your California Privacy Rights section of our Privacy Notice; or
- you can Contact Us.
Changes to this Zip privacy notice
We reserve the right to modify this Applicant Privacy Notice at any time. If we make material changes to this Applicant Privacy Notice, we will notify you by updating the date of this Applicant Privacy Notice and posting it on the Websites. If required by law we will also provide notification of changes in another way that we believe is reasonably likely to reach you, such as via email or another manner through the Websites or your application process. Any modifications to this Applicant Privacy Notice will be effective upon our posting the modified version (or as otherwise indicated at the time of posting). In all cases, your use of the Websites and continuation of the application process after the effective date of any modified Applicant Privacy Notice indicates your acceptance of the modified Applicant Privacy Notice.
Contact us
Please see the Contact Us section of our Privacy Notice for details of how to contact us.