OpenX Applicant Privacy Policy

Last updated: August 21, 2024

  1. Data we collect
  2. Why do we process your personal data and on what basis?
  3. Disclosure to third parties
  4. Retention of your data
  5. Use of Cookies
  6. Your Rights
  7. Updates to this Privacy Notice
  8. Contact Us

This privacy policy sets out how OpenX (collectively, "OpenX" or "we") uses and protects your personal data in order to evaluate your candidacy for a position with OpenX.

Your personal data is provided to our applicant tracking vendor in order to maintain records and keep track of your recruiting status and information.

We encourage you to read the whole policy because it provides important information on your rights, and our obligations, with respect to your data.

1. Data we collect

If you apply for a job with us, we will collect, use, and store personal data about you. To the extent permitted by law, this may include:

Data you provide to us directly:
We process personal data contained in the job application that you send to us and information that you provide during the recruitment process (specifically data contained in your CV and additional data provided during recruitment). Those may include:

  • contact details (name, address, phone numbers, email, etc.);
  • qualification details (such as information on your previous work experience or education);
  • application information (such as expected income, type of job wanted or your availability);
  • identification details (such as date of birth, passport number, nationality and residence, government ID numbers (e.g. Social Security Number), ID card for identity verification purposes, immigration status);
  • any other data you submit to us, including any correspondence between you and OpenX exchanged during the application process;
  • if you granted us your explicit, voluntary consent - demographic data (e.g. information about your race or ethnicity).

Data from other sources: Generally, we collect data directly from you when you respond to our job application. Sometimes, we obtain data about you from other sources, such as your previous employers (if you consent to us collecting references), recruiters, market research companies, identity verification providers, and information accessible on the Internet and third-party websites, including LinkedIn. If we need additional information to complete your application process, we will ask for your consent prior to collecting it, where required by law.

Automatically collected information: When you submit an application through the careers page on our website, we may automatically gather some information from your computer, mobile phone or other device. This may include, but is not limited to, information such as your computer IP address, standard web log data or browser type.

2. Why do we process your personal data and on what basis?

OpenX may access, use and store your personal data for the reasons set out below.

Where this is necessary for OpenX to review and assess your application for employment. This may include:

  • assessing your skills and interest in career opportunities at OpenX;
  • processing your application;
  • analyzing and verifying your qualifications;
  • verifying your identity, including ID document verification, and your eligibility for employment; and
  • communicating with you about your application, to respond to your inquiries and schedule interviews.

Where necessary for OpenX's legitimate interests, as listed below, and where our interests are not overridden by your data protection rights. This may include:

  • Collecting details of professional registrations.
  • Protecting our legitimate business interests and legal rights. This includes use in connection with legal claims, compliance, regulatory, auditing, investigative and disciplinary purposes (including disclosure of such information in connection with legal process or litigation) and other ethics and compliance reporting requirements.
  • Maintaining the security and integrity of our facilities, equipment and electronic platforms. This includes administering access rights, monitoring compliance with company protocols, and where permitted by local law and in accordance with relevant policies, for investigations and disciplinary actions.

Where necessary to comply with a legal obligation. This may include disclosures to law enforcement agencies or in connection with legal claims, or regulatory purposes (including disclosure of such information in connection with legal process or litigation).

Where you have given consent. Please remember that you are never required to give consent whenever we ask for it. It’s always given on a voluntary basis. For example, we will ask for your consent to take part in future recruitment processes conducted by OpenX. We may also ask you questions related to demographic information which help us support diversity and inclusion programs.

We may also process your personal data on the basis of consent as required in certain jurisdictions. For example, if you apply to a position in Poland, we may ask for your permission to check references from previous employers. Also, by providing us with certain data that we do not request from you (e.g., your photo), you give us your consent for their processing.

3. Disclosure to third parties

Where necessary for business purposes, we may share your personal information with the following OpenX affiliated companies listed here.

Personal information may be shared with government authorities and/or law enforcement officials if required for the purposes above, if mandated by law, or if required for the protection of OpenX's legitimate interests (such as for the purpose of pursuing claims and defence against claims) in compliance with applicable laws.

Personal data may also be shared with third party service providers who will process it on behalf of OpenX for the purposes described above. This will include, specifically, our applicant tracking vendor who provides software that helps us manage the applications.

Additionally, we may receive personal data about you from recruitment agencies. We may also share very limited information about you with such entities (e.g. your public social media profile on LinkedIn). Agencies that share data with us will act as separate data controllers and may have their own policies that govern how they collect and use your data. To fully understand how your data is being processed, you should always carefully read the privacy policy of a recruitment agency you engaged with.

If OpenX or any of its affiliated entities is sold or integrated with another business, your details may be disclosed to OpenX advisers and any prospective purchaser's adviser and will be passed to the new owners of the business.

4. Retention of your data

We will retain your personal data in a form that identifies you for no longer than is necessary for the purposes needed for the application.

If your application is successful, the information provided may be retained for purposes of your employment.

If it is not successful and you have provided us with consent to retain your data for future recruitment purposes, we retain your data for the period of 2 years after the end of the recruitment process for the position you last applied for. Without your consent for future recruitments, we will retain your personal information for a reasonable time (no longer than 1 year) after the end of the recruitment process for the position you last applied for, so that we can repeat the recruitment process if needed or to address any misunderstandings between us and you.

5. Use of Cookies

You most likely visited our website in order to apply for a job opening. On our website, we use cookies to collect information about your online activity. Cookies are small pieces of information sent by a web server to a web browser which allows the server to uniquely identify your browser on each page. To learn more about the categories of cookies that we use on our website please review our Cookie Policy here.

6. Your Rights

For Applicants within the European Union

You have the right to ask OpenX to rectify, block or restrict access to, complete, and delete your personal data. You can also ‘port’ your personal data (that is, to ask us to provide it to you in a structured, commonly used and machine readable format and to transmit it directly to another organisation). You have the right to request access to your personal data and further information about the handling of your personal data.

In some circumstances you can also object to our processing of your data and, where we have asked for consent to process your data, at any time you may be able to withdraw that consent. Please note that withdrawing your consent will not impact the lawfulness of the processing before you withdrew the consent.

All requests will be dealt with at the earliest opportunity and any delay will be kept to a minimum. In any event, we will not exceed the statutory time limit.

However, there are exceptions to these rights. For example, access to personal data may be denied in some circumstances if making the information available would reveal personal information about another person or if OpenX is legally prevented from disclosing such information. In addition, OpenX may be able to retain data, even if you withdraw your consent, where OpenX can demonstrate that it has an alternative legal basis to process your data. We will inform you of relevant exemptions we rely upon when responding to any request you make.

If you have unresolved concerns, you have the right to complain to a data protection authority in the country where you live, where you work or where you consider that a breach of data protection has occurred. You’ll find contact details for your data protection authority here if you are an EEA based individual or here if you are a UK based individual.

We have carried out balancing tests for all the data processing we carry out on the basis of our legitimate interests. You can obtain information on any of our balancing tests by contacting us using the contact details set out below.

If you would like to exercise any of the rights listed above, please reach us here.

International Transfers

Please note that, if you are an applicant located in the European Union or United Kingdom and your personal data is transferred outside of the European Union or United Kingdom to our affiliates or a stakeholder or vendor in a country that is not subject to an adequacy decision by the EU Commission, OpenX has taken steps to make sure your data is adequately. In particular, OpenX complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF, as set forth by the U.S. Department of Commerce. OpenX has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF.

If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles, the applicable Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit the Data Privacy Framework website.

The Federal Trade Commission has jurisdiction over OpenX’s compliance with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF.

If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third party dispute resolution provider (free of charge) here.

Under certain conditions, more fully described on the DPF website here, you may be entitled to invoke binding arbitration when other dispute resolution procedures have been exhausted. In cases of onward transfer to third parties, OpenX is generally liable for the acts of the third party that are in violation of the DPF Principles.

In parallel to adhering to Data Privacy Framework, iIn the event that personal data collected from a UK or EEA data subject is transferred outside of the UK or the EEA to an organization in a country which is not subject to an adequacy decision by the EU Commission or considered adequate as determined by applicable data protection laws, we will take additional steps to ensure your personal data is adequately protected (e.g., by way of EU Commission-approved Standard Contractual Clauses or by relying on other data transfer mechanisms approved under applicable data protection laws). We are also committed to conducting data transfer impact assessments and adopting any supplementary measures required to mitigate any risks to you identified in such an assessment. A copy of the relevant mechanism can be obtained for your review on request by contacting us here.

For Applicants within the United States

Depending on the jurisdiction in which you live, you may have the right to ask OpenX to delete certain of your personal data, correct inaccurate personal data, and provide you with access to your personal data.

OpenX does not share or sell personal data collected from applicants for valuable consideration.

All requests will be dealt with at the earliest opportunity and any delay will be kept to a minimum. In any event, we will not exceed the statutory time limit. OpenX will never discriminate against you for exercising your data subject rights.

However, there are exceptions to these rights. For example, access to your personal data may be denied in some circumstances if OpenX is legally prevented from disclosing such information. In addition, OpenX may be able to retain your personal data, even if you request that it delete such data, where OpenX can demonstrate that it has a legal obligation to retain it or is otherwise entitled to do so. We will inform you of relevant exemptions we rely upon when responding to any request you make.

If you would like to exercise any of the rights listed above, please reach us here or at (855) 231-3834.

7. Updates to this Privacy Notice

This privacy notice may be updated periodically to reflect changes in our data practices. We will post a notice on our applicable websites, applications or materials to advise of any significant changes to our Privacy Notice and indicate in the notice when it was most recently updated.

8. Contact Us

The data controller, business, or equivalent entity that controls how your data will be processed is the OpenX entity to which you apply. A list of all OpenX affiliated entities is available here.

If you have a privacy question, concern or request, please contact our Data Protection Officer at dpo@openx.com or reach us here.