Surfshark Privacy Notice for Recruitment Purposes

Surfshark Privacy Notice for Recruitment Purposes

Last updated: 1 July 2024

At Surfshark, we understand the importance of personal data security, thus, here you can find our Privacy Notice for Recruitment Purposes (hereinafter – Privacy Notice), which describes how Surfshark (companies including Surfshark B.V. (the Netherlands), netflow, UAB (Lithuania), Radically Better Internet Poland Sp. z o.o. (Poland), depending on which company you are applying to work for) processes data in the context of recruitment.

If you have any questions or comments about how Surfshark processes your personal data or if you want to exercise your privacy rights, you are always welcome to contact us at support@surfshark.com.

See the respective sections below for more information about what personal data we process, how long we store it, and for what purposes it is used.

1. Purposes of personal data processing, personal data collected and legal grounds

We process your personal data:

• For recruitment purpose, i.e. to assess your application to our open positions

When you apply for an open position, for example, via our website or via LinkedIn, you will be asked to fill in a form by providing your personal data such as: your full name, email address, phone number, link to your LinkedIn profile, information about your current location and current company, your CV and a free-form comment from you.

We will also process the following information about you, such as: your communication with us, the position you applied to, qualifications, information relating to your employment history, your skills and experience, your preferred salary, the non-disclosure agreement and any information it contains, job interview notes, tasks performed by you during the recruitment process, other information you might provide us with during the recruitment process.

The legal basis for processing your data is our legitimate interest to effectively organize our recruitment process, including collecting information about your qualifications, professional abilities and professional qualities (when you apply for an open position), and your consent (when you apply and / or allow us to contact you with job offers in the future).

• to verify your information and carry out background checks (to the extent permitted by applicable laws)

To the extent permitted by applicable laws, we carry out background checks for each shortlisted candidate. For this purpose, we collect such categories of your data information as identification and contact data, professional or employment-related data, information about your career, education information, background screening data, references data, information about interaction with us, etc. Please note that the full list of personal information collected for this purpose will be provided to the shortlisted candidate in a separate privacy notice beforehand.

To perform background screening properly we may contact your former or current employer. We only do this with your separate consent.

The legal basis for processing your data is our legitimate interest to ensure that suitable and verified candidates are selected for work in the Company and your consent (in case we contact your former or current employer).

• to inform the referrer of the status and final outcome of your application (if you were referred)

We have a referral system where our current employees can recommend a potential candidate. The employee recommending a potential candidate may provide personal data (such as full name, CV and/or LinkedIn profile, email address, phone number, current location, current employer, links to professional social media accounts, portfolio URL) about a potential candidate to us and, therefore, the employee undertakes to inform a potential candidate about transfer of the Personal data to us and get a permission. Such an employee holds all responsibility regarding Personal data of a potential candidate.

• to transfer our business

We may share your personal data we have about you in those cases where we sell, negotiate to sell our business, go through a corporate merger, consolidation, acquisition, reorganization, or similar event. In these situations, we will continue to ensure the confidentiality of your personal data.

The legal basis for processing your personal data is our legitimate interest to continue our business.

• To solve a dispute between us

In case there is an ongoing dispute between us or if there is a good chance that a dispute might be raised, we will process your data that is needed to defend our rights and interests. We will only store your data for this purpose when there’s an objective reason to believe that a dispute might arise or if a dispute has already been raised.

The legal basis for data processing is our legitimate interest to defend our rights and interests in case of a dispute.

Your personal data processed for this purpose will be kept until applicable limitation periods set in relevant laws expire.

• Comply with legal or regulatory requirements

We may collect your personal data in cases we are required by the applicable laws (e.g., to process and keep personal data for accounting, tax purposes, etc.).

2. Retention

Your personal data processed for recruitment purposes will be kept until the end of the recruitment process and 6 (six) months after if longer terms are not required in order to comply with our legal obligations and/or to resolve disputes. If you become our employee, we will save your recruitment information as part of your employee records under our employee personal data processing policy.

Also, we may request your separate consent for the purposes of future recruitment processes. Such personal data will be stored for 3 (three) years following the receipt of your consent or until the day you withdraw your consent.

Please note that in certain cases, if required by law or if you have a legitimate interest (e.g. to defend our rights and interests in case of a dispute), we may store your personal data for a longer period.

3. Data from other sources

During the recruitment process, we receive personal data from sources other than you directly, including:

• Employment-oriented social media sites (e.g LinkedIn Corporation);
• Job search portals (e.g. MeetFrank OÜ, Indeed, Justjoin.it, Work in Lithuania)
• Recruitment agencies
• Background screening agency
• Github, Behance
• Our employees (in case they refer you for a job)
• Your named referees

4. Data sharing

We may share your data with other group companies if we see that you could be a great fit for an open position they have.

Also, in order to manage our processes efficiently, we may also share your data with our third-party service providers. In particular, we share your data with:

• Communication service providers
• IT, web hosting, and cloud service providers
• Recruitment service providers
• HR management tools
• If applicable, law enforcement, courts, lawyers, and supervisory authorities

In case the service provider is located outside the European Economic Area, we apply appropriate safeguards, such as entering into Standard Contractual Clauses (SCC) approved by the European Commission. More information about Standard Contractual Clause could be found here.

5. Information security measures

We take information security very seriously. We implement appropriate technical and organizational measures to protect the information from loss, misuse, and unauthorized access or disclosure. Nonetheless, given the nature of communications and information processing technology, we cannot guarantee that information, during transmission through the Internet or while stored on our systems or otherwise in our care, will be absolutely safe from intrusion by others.

6. Your rights

Here you can find some additional information about your privacy rights. We apply the highest standard of privacy protection despite the jurisdiction you come from.

We use the services of service providers some of which are located outside the European Economic Area. These locations may have different data protection rules compared to the place of your habitual residence. Nonetheless, we ensure an adequate level of data protection, for instance, by entering into the EU Standard Contractual Clauses (SCC).

Furthermore, you have some additional rights:

• right to receive confirmation whether we process information about you;
• right to get a copy of your personal data processed by us;
• right of rectification of your personal data;
• right of erasure of your personal data;
• right to restrict the processing of your personal data;
• data portability;
• right to object to the processing of your personal data;
• right to withdraw your consent;
• right to file a complaint with supervisory authority (you may file a complaint with the supervisory authority in the EU member state of your habitual residence, your place of work or the place of the alleged infringement).

If you would like to exercise any of these rights or have any questions or comments, you can always contact us at support@surfshark.com.

If you are a California resident, you can exercise your rights as provided in the California Consumer Privacy Act (“CCPA”) by contacting us at support@surfshark.com. Please note that we do not sell, share, lease, or rent your personal information.