Effective Date: May 12, 2021
California Consumer Privacy Act Annual Notice HR Applicant Supplement for California Residents
This Privacy Notice describes the categories of personal information we collect and the purposes for which we process that information in accordance with section 1798.100 (b) of the California Consumer Privacy Act (CCPA). The CCPA defines “personal information” as, “categories of information that identifies, relates to, describes or is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly to a particular individual or household.”
You, as an applicant, are responsible for ensuring that the data you submit to us is correct and true. You are under no statutory or contractual obligation to provide personal data to Smaato during the recruitment process. However, if you do not provide the information, we may not be able to process your application properly or at all. Your personal data will be treated as strictly confidential.
This Privacy Notice may be subject to modification from time to time, notably in the event of changes to legislation or the introduction of new laws. Any changes will be published on our website. We therefore recommend that you check this Privacy Notice regularly.How Smaato Collects, Shares, and Retains Your Data
We have set out below the categories of personal information we may have collected about California residents in the preceding twelve (12) months and, for each category of personal information that may have been collected, the categories of sources from which that information may have been collected, and the categories of third parties as defined under the CCPA with whom we may have shared the personal information.
|Category of Personal Information||We have collected such personal information from the following categories of sources:||We shared such personal information with the following categories of third parties:|
|Identifiers: e.g., real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, social security number, passport number, or other similar identifiers.||
Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)): e.g., name, contact information, insurance policy number, education, employment, employment history, financial information, medical information, and health insurance information.
Some personal information included in this category may overlap with other categories.
Characteristics of protected classifications under California or federal law: e.g., sex (including gender, gender identity, gender expression, pregnancy or childbirth, and related medical conditions), age, race, religion, national origin, disability, medical conditions and information, citizenship, immigration status and marital status; veteran or military status.
Professional or employment-related information: e.g.,
Employee pre-hire documents, such as job applications, resumes, background check forms and results, job interview notes, and candidate evaluation records; work history and prior employer, human resources data like performance evaluations and data necessary for benefits and related administrative services;
Education information, defined as information that is not publicly available personally identifiable information as defined in the Family Educational Rights and Privacy Act (20 U.S.C. section 1232g, 34 C.F.R. Part 99): e.g., student records.
Inferences drawn from any of the information identified in this subdivision to create a profile about a consumer reflecting the consumer’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.
Internet or network activity information: e.g., interactions with our website, applications, or systems.
Please see our California Consumer Privacy Act Notice for California Residents, including website users, located at www.smaato.com/ccpa-privacy for more information.
|Geolocation data: e.g., IP address|
Sharing for Legal Purposes: We may share personal information with third parties in order to: (a) comply with a legal process or a regulatory investigation (e.g., a subpoena or court order); (b) enforce our Terms of Service, this Privacy Notice, or other contracts with our business partners, including investigation of potential violations thereof; (c) respond to claims that any content violates the rights of third parties; and/or (d) protect the rights, property or personal safety of us, our platform, our business partners, our agents and affiliates, its users and/or the public. We likewise may provide information to other companies and organizations (including law enforcement) for fraud protection, and spam/malware prevention, and similar purposes.
Sharing In the Event of a Corporate Transaction: We may also share personal information in the event of a corporate transaction, including for example a merger, investment, acquisition, reorganization, consolidation, bankruptcy, liquidation, or sale of some or all of our assets, for purposes of due diligence connected with any such transaction or transition of service to another provider. In such cases, your personal information may be sold or transferred as part of such a transaction, as permitted by law and/or contract.
Sharing With Service Providers: We share any personal information we collect with our service providers, which may include (for instance) providers involved in technical or customer support, operations including payroll, benefits and/or pension, insurance, travel, background screening, search firms who submit candidate information to us, recruiting, web or data hosting, billing, accounting, auditing, legal consultancy, security, marketing, or otherwise assisting us to provide, develop, maintain, and improve our company and our services.
Sharing of Aggregate Information: We may aggregate and/or de-identify any information collected so that such information can no longer be linked to a single person (“Aggregate/De-Identified Information”). We may use Aggregate/De-Identified Information for any purpose, including without limitation for research and marketing purposes, and may also share such data with any third parties, including advertisers, promotional partners, and sponsors, in our discretion.
For Which Business Purposes Smaato Collects, Uses, Discloses, and Retains Your Data
We may collect, use, disclose and retain your personal information for one or more of the following business or commercial purposes (each, a “Business Purpose”):
Personal information will not be kept for longer than is necessary for the Business Purpose for which it is collected and processed and will be retained in accordance with our internal document retention policies. In certain cases, laws or regulations require us to keep records for specific periods of time, including following termination of the employment relationship. In other cases, records are retained in order to administer the employment relationship or to resolve queries or disputes which arise from time to time.
Over the preceding twelve (12) months, we disclosed certain categories of California residents’ personal information to the categories of third parties as shown in the table above. We do not and will not sell California residents’ personal information.
Occasionally we also have an interest in and need for competent applicants in other areas and would be happy to consider your application for other vacancies. With your application you agree that other recruiters from Smaato and/or its affiliated companies may also view your applicant data, including any sensitive data contained therein, and take it into account when filling vacancies.
Should you appear to be suitable for the vacancy, we would approach you to inquire whether you would be interested in participating in the selection process for the position to be filled.
Without being discriminated against for exercising these rights, California residents have the right to request that we disclose what personal information we collect from you, to delete that information, and to opt-out of the sale of your personal information, subject to certain restrictions. You also have the right to designate an agent to exercise these rights on your behalf. This section describes how to exercise those rights and our process for handling those requests, to the extent Smaato acts as a “business” (as opposed to a “service provider”) for purposes of handling personal information. (To the extent permitted by applicable law, we may charge a reasonable fee to comply with your request.)
a. Right to Opt-Out of the Sale of Your Personal Information.
California residents may opt-out of the “sale” of their personal information. California law broadly defines what constitutes a “sale” – including in the definition making available a wide variety of information in exchange for “valuable consideration”. We do not, and will not, sell your personal information.
b. Right to Request Deletion of Your Personal Information
You may also request that we delete any personal information that we have collected directly from you, such as if you have been a business partner of ours (note that this is different from your right to “opt-out” of us selling your personal information, which is described above). However, we may retain personal information for certain important purposes, such as (a) to protect our business, systems, and users from fraudulent activity, (b) to address technical issues that impair existing functionality (such as de-bugging purposes), (c) as necessary for us, or others, to exercise their free speech or other rights, (d) to comply with law enforcement requests pursuant to lawful process, (e) for scientific or historical research, (f) for our own internal purposes reasonably related to your relationship with us, or to comply with legal obligations. If you ask us to delete it, you may no longer be able to apply at Smaato.
c. Right to Request Access to Your Personal Information
California residents also have the right to request that we disclose what categories of your personal information we collect, use, or sell. As a California resident, you may request access to the specific pieces of personal information that we have collected from you.
California residents may learn more how to exercise these rights of information access by sending an email to datarights(at)smaato.com, or submitting a request to our online web form or by calling toll free at 1-866-I-OPT-OUT [tel:18664678688] and entering Service Code 255. We will only use the information you submit to respond to your request, and we may need to identify you and your state of residence before we can respond.
However, we may withhold some personal information where the risk to you or our business is too great to disclose the information, or where we cannot verify your identity in relation to such personal information. Thus, for security purposes (and as required under California law), we will verify your identity – partly by requesting certain information from you – when you request to exercise certain of your California privacy rights.
Once we have verified your identity, we will respond to your request as appropriate:
If we are unable to complete your requests fully for any of the reasons above, we will provide you with additional information about the reasons why we could not comply with your request.
d. Right to Nondiscrimination. We do not deny, charge different prices for, or provide a different level of quality of goods or services if you choose to exercise these rights.
e. Information About Persons Under 16 Years of Age
We do not knowingly collect personal information from minors under 16 years of age in California unless we have received legal consent to do so. If we learn that personal information from such California residents has been collected, we will take reasonable steps to remove their information from our database (or to obtain legally required consent).
f. Authorized Agents
You may also designate an agent to make requests to exercise your rights under CCPA as described above. We will take steps to verify the identity of the person seeking to exercise their rights as listed above, and to verify that your agent has been authorized to make a request on your behalf by providing us with a signed written authorization or a copy of a power of attorney.
We offer you an SSL (secure socket layer) security procedure together with a 256-bit encryption on our Smaato Career Portal and Smaato website. You can recognize the transfer of encrypted data by the picture of a closed key or lock symbol at the top or bottom of your browser.
We apply a high level of care and appropriate security standards in order to protect your personal data against unauthorized access or loss. We would like to point out that data transfer via the internet (for example, in the case of unencrypted communication by email) can pose security risks.
You have the possibility to contact us in several ways. By email, telephone, or mail. If you contact us, we will use the personal data that you voluntarily provide to us for the sole purpose of contacting you and processing your enquiry. In order to answer your request, it may be necessary to forward it together with your personal data to one of our affiliated companies.
If you have any questions or complaints about Smaato’s privacy practices, we encourage you to contact us at datarights(at)smaato.com and we will work with you to resolve your issue.
Data Protection Officer
Barcastraße 5, 1st Floor
22087 Hamburg, Germany