Last Updated: December 20, 2019
This data protection notice describes the handling of personal data obtained about internal and external job applicants, including referral and applicants who have applied directly through the KnowBe4’s careers page as well as through third party agencies and recruiters on behalf of candidates. It also describes the handling of personal data of any prospective candidates, such as those individuals who expressed an interest in receiving news and details about future KnowBe4 opportunities. Personal data is any information relating to an identifiable individual (i.e. you).
This data protection notice describes how KnowBe4, Inc., and its affiliates relevant to the job in question, ('we', 'us', ‘our’ 'KnowBe4') collects and processes personal data about you, how we use and protect this information, and your rights in relation to this information.
This data protection notice applies to all applicants based in the European Economic Area. We may modify or update this data protection notice from time to time. If we make a material change this data protection notice, we will notify you of the change.
- Personal data we use:
We will collect your personal data from you directly and potentially from other sources.
1.1 Information we hold about you:
The categories of data that we collect directly from you include:
- Recruitment information: any information shared in the application process, including information from a cover letter, resume, application form or similar documentation—this includes information such as employment history, education, skills or any other details typical to the application and interview process
- Contact information: contact information, home address, phone number, and personal email addresses
- Career and job performance information: job level/position, details of skills and experience, and referrals
- Aptitude and leadership skills related information:Q., personality and work style assessment, leadership skills, and critical thinking skills
- Background check information: authorized by applicant if and to the extent allowed by applicable law (e.g., information about judicial disputes and criminal records)
- Automatically collected information: information collected via cookies and Web beacons, including IP address, browser name, operating system details, domain name, date, time of visit and pages viewed
Generally, prior to collecting special categories of data about you (e.g. political beliefs, data relating to gender, race or ethnic origin, political opinions etc.), KnowBe4 will obtain your explicit consent. The collection of such information may be mandatory, in which case another legal basis for processing will be used for the collection of data (e.g. a legal basis may be that the data collected is required by law for employment purposes).
1.2 Data we collect from other sources:
We collect the following data about you from other sources:
- background check data, potentially including your criminal records history, employment history, educational history and/or compensation history, from employment screening agencies, publicly available registers or databases, former employers and/or educational institutions (as allowed by local laws)
- publicly available information from websites or social media, including information that you choose to voluntarily submit to us in connection with your application (e.g. when applying through Linkedin, Indeed, Monster or other similar sites)
- information about you from KnowBe4 employees who interview you and who provide feedback about you
- information about your performance or conduct from references, other KnowBe4 employees, clients or service providers, or former employers you work with and/or or with whom you have worked in the past who provide feedback about you
- How we use your personal data:
We limit our use of your personal data. We aim to only collect and use your personal data for specific, necessary reasons and aim to explain our use of your personal data. For example, we use your personal for:
- Recruitment: (e.g., to contact, interview, screen, evaluate, select or hire you)
- Comply with legal obligations: (e.g., in connection with litigation or an internal investigation or audit, if and to the extent allowed by applicable law)
- To the extent appropriate and in accordance with applicable law, KnowBe4 may seek additional data and/or verify your personal data by contacting your references, referrer and other third parties, as applicable. We will maintain your personal data for legitimate business reasons and only as long as required to complete your application procedure, as requested by you (e.g., to inform you about job positions in the future and to facilitate your applications in the future), for keeping track of rejected applications as required by law, in accordance with section 4 of this data protection notice, or as otherwise required by law or regulation. KnowBe4 will not sell, trade or lease your personal data ato any third party.
- To meet our legitimate interests, for example to conduct our recruitment processes efficiently and fairly or to manage applicants effectively. When we process personal data to meet our legitimate interests, we put in place robust safeguards to ensure that your privacy or other fundamentals rights and freedoms are not overridden by our legitimate interest to comply with our legal obligations, for example obtaining proof of your right to work status to enable us to meet relevant obligations.
2.1 Your rights as an applicant allow you to do the following, provided it would not involve disproportionate efforts:
- Request access to your personal data. This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it
- Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
- Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask use to delete or remove your personal data where you have exercised your right to object to processing.
- Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party).
- Request the restriction of processing of your personal data. This allows you to ask us to suspend the processing of personal data about you, for example if you want us to establish its accuracy or the reason for processing it.
- Request the transfer of your personal data to another party.
If you would like to review, verify, correct, or perform any of the aforementioned requests, please contact firstname.lastname@example.org.
We encourage you to contact us to update or correct your information if it changes or if the personal data we hold about you is inaccurate.
- How your personal data is shared:
While we do not sell or market your personal data, we share your personal data with third parties in limited situations, including with:
- KnowBe4 Affiliates. We share your personal data with other companies that fall within the KnowBe4 group, for example for recruitment purposes, human resource management and internal reporting.
- Service providers and business partners. We share your personal data with our service providers and business partners that perform business operations for us. For example, we partner with other companies to host the recruitment system and analyze data to improve performance or engage third parties to audit our systems, products or practices.
- Law enforcement agency, court, regulator, tax authority, government authority or other third party. We share your personal data with these parties if necessary, to comply with a legal or regulatory obligation, or otherwise to protect our rights, your rights or the rights of any third party.
- Ownership transferees. KnowBe4 reserves the right to share your personal data in the event it sells, licenses or transfers all or a portion of its business or assets. Should such a sale, lease (licensing) or transfer occur, KnowBe4 will direct the transferee to use your personal data in a manner that is consistent with our policies and procedures.
- Data security and retention:
KnowBe4 uses technical, administrative and physical safeguards to protect your personal data against accidental or intentional destruction, loss, alteration, unauthorized disclosure or access, and against other unlawful forms of collecting and processing. KnowBe4 follows industry standard practices to help protect the confidentiality and integrity of your personal data that is collected and processed. When your personal data is shared, KnowBe4 will take a proactive approach to prevent the unauthorized use of personal data.
Generally, KnowBe4 will retain your information for a period for no more than six (6) months (or if applicable, in accordance with local laws) after we have informed you that you have not been selected to work for our company. We retain your data for this period in order to be able to prove, in the event of a complaint, that we performed the application process in a fair and transparent way and no candidate was unlawfully discriminated. If no complaint has been filed by you, we will destroy your personal data after the expiration of the aforementioned period in a safe way and in accordance with our internal policies and applicable legal provisions; and/or a period of one (1) year after we have informed you that you have been not selected to work for KnowBe4 and you have agreed to extend the period of time that KnowBe4 can hold your personal data for evaluation with potential future career opportunities.
KnowBe4 retains your personal data:
- For as long as necessary to comply with its legal requirement;
- If data is in aggregated or anonymised form;
- To defend, establish, exercise or bring any existing or potential legal claims;
- To ensure fraud detection and prevention;
- To respond to any queries or complaints you may have; or
- To further suggest potential career opportunities that may be of interest to you, with your consent.
We will delete your personal data when it is no longer required for these purposes, provided it would not involve disproportionate efforts. If there is any personal data that we are unable, to delete entirely from our systems, we will ensure that appropriate measures are taken to prevent any further processing or use of your personal data.
- International Data Transfer
Because we operate as part of a global business, we transfer, store, or process your personal data in a country different from where you reside. If you reside in the European Economic Area, while we transfer, store, or process your personal data in a country that is not regarded as ensuring an “adequate” level of protection for personal data, we have put in place appropriate safeguards (such as the Standard Contractual Clauses) to ensure that your personal data is adequately protected.
- How to Submit Privacy Related Requests
If you have questions or concerns regarding the way in which your personal data has been used or about this data protection notice, please contact the Privacy Team at privacy@KnowBe4.com.
You have the right to make a complaint at any time to the supervisory authority for data protection issues in your home country. A current list of the supervisory authorities in the EU can be accessed here.