- Solutions
- Products
- Community
- Resources
- Company
Contents
How We Obtain Your Personal Data
How We Share Your Personal Data
Legal Basis for Processing Personal Data
Effective Date: September 27, 2024
iCIMS maintains other privacy notices to address specific use cases applicable to iCIMS, which are available at the following locations:
The purpose of this notice is to give you a better understanding of who we are and our practices with respect to the personal data obtained in connection with employment at iCIMS.
iCIMS, Inc. and its subsidiaries, iCIMS International, LLC, TextRecruit, Inc., Opening HR Limited, EasyRecrue S.A.S., Altru Labs, Inc., Candidate ID Ltd, and SkillSurvey, Inc. (collectively, “iCIMS,” “we,” or “us”), respects the privacy of its employees (collectively, “employee(s) or “you”), and we are committed to protecting their respective personal data. To that end, we have put together this Employee Privacy Notice (“Employee Privacy Notice”) to give you a better understanding of who we are and our practices with respect to the collection, use, disclosure, and retention of personal data obtained in connection with employment at iCIMS.
To see information about iCIMS’ collection and processing of personal data obtained in connection with applying for a job at iCIMS and iCIMS’ recruitment process, please visit the iCIMS’ Talent Acquisition Privacy Notice.
For purposes of this Employee Privacy Notice:
Please take the time to read this Employee Privacy Notice and the related statements in their entirety to ensure you are fully informed. If you have any questions or concerns about our processing of your personal data, please contact us by using the contact details under the “Contact Information” heading below.
iCIMS complies with your local privacy laws.
Read more +
This Employee Privacy Notice is a general guide on how iCIMS processes its employees’ personal data. As such, employees should be aware that data protection and privacy laws can vary in different jurisdictions where iCIMS operates and has employees. iCIMS’ policy is to comply with applicable laws, including requirements in certain countries that iCIMS notify its employees in that country of its personal data practices, and in some cases, obtain consent to those practices.
Where applicable laws are stricter than the practices described in this Employee Privacy Notice, iCIMS has adopted specific privacy practices in those locations to satisfy those stricter requirements.
iCIMS collects personal data from employees, including the following data:
As further described below, we collect several types of personal data from employees, such as the following:
Where permitted by applicable law we also collect certain demographic data that qualifies as sensitive personal data, such as race, ethnicity, sexual orientation, and disability to help us understand the diversity of our workforce. When collected, this sensitive personal data is generally collected on a voluntary consensual basis.
Most often, the personal data we collect from employees is collected from them directly. In some cases, we collect personal data about employees from third parties; for example, when we perform background screening checks that are necessary for the role to be performed by the employee. In most circumstances, we will get your permission before we collect personal data about you from a third party.
If we ask you to provide any other personal data not described above, then the personal data we will ask you to provide, and the reasons why we ask you to provide it, will be made clear to you at the point we collect it. If we ask you to provide personal data that we consider to be mandatory for us to administer your employment relationship, we will inform you of such at the time of collection. In addition, we will also inform you of the consequences for not providing us with the mandatory personal data.
iCIMS uses employees’ personal data to manage its employment relationship, including for:
Our processing of personal data includes automated methods of processing, including sentimental analysis, machine learning, artificial intelligence, and generative intelligence capabilities.
iCIMS uses employees’ personal data that it collects primarily for the purposes of managing its employment relationship with its employees, along with other legitimate, business purposes. Such uses include:
Our processing of Personal Data for the purposes described in this Employee Privacy Notice also includes the use of automated methods of processing, including sentiment analysis, machine learning, artificial intelligence, and generative intelligence capabilities. to analyze your Personal Data, determine trends, or create AI-generated responses or other content. When you interact with the chatbot in our IT systems and software, we may also store the transcript for the purposes described in this Employee Privacy Notice.
If we need to process your personal data for an incompatible purpose not discussed in this Employee Privacy Notice, we will provide notice to you and, if required by law, seek your consent. We may process your personal data without your knowledge or consent only where required by applicable law.
iCIMS does not sell employee personal data.
We may share your personal data with those who need access to perform their duties, including:
iCIMS takes care to allow your personal data to be accessed only by those who need such access to perform their tasks and duties, and to third parties who have a legitimate purpose for processing or accessing it. As such, we will share your personal data as described in this Employee Privacy Notice with the following categories of recipients:
Please note that we do not sell (as defined in applicable data protection and privacy laws) your personal data (and will not sell it without providing any required notices and/or opt-in/opt-out rights).
Our legal basis for processing your personal data vary based on the data and the context. However, we normally process your personal data according to the following legal bases:
If you are an employee in the “EEA” or UK, our legal basis for collecting and using the personal data described above will depend on the personal data concerned and the context in which we collect it. However, we will normally collect personal data from you only where we need the personal data to carry out our employment contract with you, where we need the personal data to comply with our legal obligations or exercise rights in the field of employment, where the processing is in our legitimate interests and not overridden by your data protection interests or fundamental rights and freedoms, or where we have your consent to do so. In some limited cases, we will need the personal data to protect your vital interests or those of another person; for example, we will need to share your personal data with third parties for security reasons when we believe in good faith that disclosure is necessary to protect our rights, protect your or others’ safety, to investigate fraud, or respond to a related government request.
If we ask you to provide personal data to comply with a legal requirement or to perform a contract with you, we will make this clear at the relevant time and let you know whether the provision of your personal data is mandatory or not (as well as the possible consequences if you do not provide it). Similarly, if we collect and use your personal data in reliance on our legitimate interests (or those of a third party) that are not listed above, we will make clear to you at the relevant time what those legitimate interests are. If you have questions about or need further information concerning the legal basis on which we collect and use your personal data, please contact us using the contact details provided in the “Contact Information” section below.
iCIMS physically and electronically monitors its offices, information technology systems, and corporate network on a continuous basis for specific, lawful purposes.
We carry out monitoring for purposes including:
iCIMS physically and electronically monitors its offices, information technology systems, and corporate network on a continuous basis for specific, lawful purposes. Where permitted by applicable law, iCIMS will monitor and/or record activities that involve employee personal data. For example, we will monitor employees’ activity and presence in our offices with badge readers, sign-in technology, and/or surveillance cameras, and we will monitor or record employees’ activity on our information technology systems and corporate network, such as internet traffic, website filtering, email communications, and systems accessed. We generally conduct monitoring to protect our employees, authorized visitors, and property, and to prevent unauthorized access to our offices.
In addition, iCIMS will carry out monitoring for other purposes such as:
iCIMS’ monitoring activities will be performed by appropriate trained iCIMS personnel in a manner that is proportionate to the underlying purpose and only as required or permitted by applicable law.
If an iCIMS employee uses our information technology systems and corporate network for personal reasons, iCIMS will not monitor such personal correspondence if the employee stores such personal correspondence in a separate location (e.g., folder) that is labeled as private and deletes such correspondence at the end of the employment relationship.
iCIMS transfers personal data to other countries in accordance with applicable privacy laws. For transfers outside of the EEA or UK, iCIMS will implement appropriate safeguards to protect your personal data, including Standard Contractual Clauses.
iCIMS or its appointed service providers or contractors will collect, use, process, store and/or disclose employee personal data outside of the countries where certain iCIMS employees reside, including in the U.S., and in some cases, other countries, for the purposes described in this Employee Privacy Notice. These countries may have data protection and privacy laws that are different than the laws of the respective employee’s home country. iCIMS only transfers personal data to another country in accordance with applicable data protection and privacy laws, provided there are legally adequate protections in place for the personal data.
If an iCIMS’ employee’s personal data is processed within the EEA or UK, and for onward transfers of personal data to iCIMS’ appointed service providers or contractors, iCIMS and its appointed service providers and contractors, will protect that personal data (as defined in the European Union’s (“EU”) General Data Protection Regulation (“GDPR”)) when it is transferred outside of the EEA or UK by:
If you require further information about our international transfers of personal data, please contact us by using the contact details under the “Contact Information” heading below.
iCIMS complies with the EU-U.S. Data Privacy Framework (DPF) and the UK Extension.
iCIMS is committed to maintaining its DPF certification and will honor its obligation to comply with the DPF Principles. EEA and UK individuals with inquiries or complaints regarding our privacy practices should first contact iCIMS as provided in the “Contact Information” heading below.
iCIMS, Inc. and certain of its subsidiaries listed here comply with the EU-U.S. Data Privacy Framework (“EU-U.S. DPF”) and the UK Extension to the EU-U.S. DPF as set forth by the U.S. Department of Commerce. iCIMS has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Framework Principles (“EU-U.S. DPF Principles”) with regard to the processing of personal data received from the EEA in reliance on the EU-U.S. DPF and from the UK (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF. If there is any conflict between the terms in this Employee Privacy Notice and the EU-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (“DPF”) program and to view our certification, please visit https://www.dataprivacyframework.gov/.
iCIMS is responsible for the processing of personal data it receives, under the DPF, and subsequently transfers to a third party acting as an agent on its behalf. iCIMS complies with the DPF Principles for all onward transfers of personal data from the EEA and UK, including the onward transfer liability provisions.
Although iCIMS also relies on Standard Contractual Clauses or other lawful transfer mechanisms approved by the European Commission (or other relevant governmental authority) to transfer personal data from the EEA and UK, iCIMS is committed to maintaining its DPF certification and will honor its obligation to comply with the DPF Principles.
The Federal Trade Commission has jurisdiction over iCIMS’ compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF. In certain circumstances, iCIMS is required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
EEA and UK individuals with inquiries or complaints regarding our privacy practices should first contact iCIMS as provided in the “Contact Information” section below. In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF, iCIMS commits to cooperate and comply with the advice of the panel established by the EU Data Protection authorities (“DPAs”) and the UK Information Commissioner’s Office (“ICO”) and the Gibraltar Regulatory Authority (GRA) with regard to unresolved complaints concerning our handling of human resources data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF in the context of the employment relationship.
For complaints regarding DPF compliance not resolved by any of the other DPF mechanisms, you have the possibility, under certain conditions, to invoke binding arbitration. Further information can be found on the official DPF website.
iCIMS maintains appropriate safeguards to protect personal data from accidental, unlawful, or unauthorized access. Our personnel and service providers are required to keep personal data confidential and secure.
iCIMS has a dedicated team responsible for monitoring and responding to security events.
Read more +
iCIMS maintains appropriate technical and organizational measures, including, but not limited to, reasonably designed administrative, physical, and technical safeguards, designed to protect the personal data obtained as discussed in this Employee Privacy Notice from accidental or unlawful destruction, loss, alteration, unauthorized disclosure and access. iCIMS personnel, service providers, and contractors with access to personal data collected as discussed in this Employee Privacy Notice are required to keep such personal data confidential and secure. iCIMS has a dedicated team responsible for monitoring and responding to security events, and it notifies applicable parties of security or privacy incidents and data breaches in accordance with its incident response procedures and applicable law.
We will retain your data for as long as is needed to fulfill the purpose, after which we will either delete or anonymize it.
We reserve the right to use anonymous data for any legitimate business purpose without further notice to you or your consent.
Read more +
Unless a longer retention period is required by law, we will retain your personal data for as long as is needed to fulfill the purposes outlined in this Employee Privacy Notice or for as long as we have a legitimate business interest that is not outweighed by your data protection interests or fundamental rights and freedoms. Generally, this means we will keep your personal data until the end of your employment with us, plus a reasonable period of time after that where necessary to respond to any employment inquiries; to any legal, tax, accounting or administrative matters; or to provide you with ongoing benefits. When we have no ongoing legitimate business need to process your personal data, we will either delete or anonymize it or, if this is not possible (e.g., because your personal data has been stored in backup archives), then we will securely store your personal data and isolate it from any further processing until deletion is possible. As such, we reserve the right to use such anonymous data for any legitimate business purpose without further notice to you or your consent.
To exercise any of your privacy rights such as the right to access or delete your personal data, please contact us by using the contact details under the “Contact Information” heading below.
If you are a California resident, please see our Privacy Notice for California Residents for additional disclosures and information.
Certain jurisdictions provide individuals with privacy rights under applicable data protection or privacy laws regarding their personal data. These privacy rights vary from jurisdiction to jurisdiction. If you reside in one of these jurisdictions, you may have the right to:
In some cases, these rights are limited, for example, if fulfilling your request would reveal personal data about another individual, or if you ask us to delete personal data which we are required by law to keep or which we need to defend claims against us.
If you are a California resident, please see our Privacy Notice for California Residents for additional disclosures and information about the personal data we have collected about you over the last 12 months and rights you have regarding your personal data.
If we process your personal data in reliance upon your consent, you can contact us at any time to withdraw your consent.
To exercise any of these rights, please contact us by using the contact details under the “Contact Information” heading below.
We will respond to such requests in accordance with the requirements of applicable data protection and privacy laws. Please note that in order to fulfil your request, we will need you to provide certain additional personal data if we are unable to verify your identity. Depending upon applicable data protection and privacy law, individuals can also designate an authorized agent to exercise these rights on their behalf.
Please check this notice periodically to stay informed about any updates.
Read more +
iCIMS reserves the right to update or change this Employee Privacy Notice from time to time. If we make material changes to this Employee Privacy Notice, we will post it to our Employee Handbook and the applicable sections of our Website prior to or at the time of the change becoming effective. We ask that you review the Employee Privacy Notice periodically to stay informed about any updates or changes that we have made.
You can see when this Employee Privacy Notice was last updated by checking the “Effective Date” displayed at the top of this Employee Privacy Notice.
To ask questions or comment about this Employee Privacy Notice and our privacy practices or if you need to update, change, or remove your personal data or exercise any other rights, including contacting the iCIMS Grievance Officer for iCIMS employees residing in India who would like to address any discrepancies or grievances relating to the processing of their personal data,
Via Webportal: Click here
Via Email: privacy@icims.com
Via Mail: iCIMS, Inc., Attn: Privacy, Legal Department, 101 Crawfords Corner Road, Suite 3-100, Holmdel, NJ 07733 USA