Candidate Privacy Notice
Last updated 17 May 2024
Pegasystems, including Pegasystems Inc. and its affiliates (“we”, “our” or “us”) is committed to protecting the privacy and security of your personal information. This privacy notice sets out how we collect your personal data and makes you aware of how and why your data will be used during the recruitment process (for employees, contractors, and interns), and how long it will retained. It provides you with the information that must be provided under the General Data Protection Regulation (GDPR). It applies to all candidates in the European Union (EU), the UK and Switzerland. For any questions regarding this privacy notice, please refer to the “Contact Details and Your Rights of Complaint” section below.
Responsibility for your information
Pegasystems Limited and Pegasystems Inc. are ‘data controllers’ of your personal information for the purposes of processing your candidacy. For candidates for roles based in:
- Poland, Pegasystems Software Limited Sp. z o.o. Oddział w Polsce is also a data controller;
- Germany and Switzerland, Pegasystems GmbH is also a data controller;
- France, Spain and Italy, Pegasystems France S.A.R.L is also a data controller; and
- Netherlands, Sweden and Belgium, Pegasystems B.V. is also a data controller.
This means that we are responsible for deciding how we hold and use personal information about you as a candidate for a position at Pegasystems (whether as an employee, contractor, trainee or intern).
The types of information we hold about you
We collect, store and use the following categories of information about you during our recruitment process:
- Your name, address, email address, telephone number and other contact information
- The information you have provided to us in your CV/resume and covering letter
- Any additional information you provide to us in support of an application
- Information included in your profile created on our external careers site
- Information from interviews and screenings you may have
- Details of the type of role you are looking for, current salary (where relevant) and salary expectations, and other terms relating to compensation and benefits packages, or other job preferences
- Details of how you heard about the position you are applying for
- Reference information and/or information received from background checks, security clearances held by you, including information provided by third parties
- Information relating to any previous recruitment and/or employment history with us
- Information regarding any professional certifications possessed by you
- If we offer you reimbursement of costs incurred by you in connection with the recruitment process and you accept such an offer - information necessary to execute such reimbursement;
- Information relevant to your right to work or being eligible for internship/traineeship, including nationality, or citizenship, for visa purposes
- CCTV footage when you are visiting our premises.
We may also collect, store and use the following ‘special categories’ of more sensitive personal information:
- Information about your national origin, where relevant for visa purposes
- Medical or health information, where relevant
- Information about criminal convictions and offences where required for the role and legally permissible (UK only),
- Diversity monitoring related data if you choose to share it voluntarily with us and only to the extent allowed under the law.
How is your personal information collected?
We collect personal information about candidates from the following sources:
- You (the candidate)
- Our background check provider for roles in all countries except Poland, from whom we collect the following categories of data:
- Five years’ activity history (including employment history)
- Highest level of education
- Address verification
- Our recruitment service providers with whom we cooperate;
- Your named referees, from whom we collect confirmation of your role and dates of employment
- Any external provider who advertises a role on our behalf
- Information about you, including your contact details, your profile and CV (if available) from the following publicly available sources: LinkedIn, Xing, No Fluff Jobs, justjoinit, Indeed and Glassdoor
How we will use the information about you
We will use the personal information we collect about you to:
- Assess your skills, qualifications and suitability for the role for which you are being considered, or other relevant roles we have
- Carry out background and reference checks, where applicable
- Communicate with you about the recruitment process including, in appropriate cases, informing you of other potential career opportunities with us
- Schedule interviews, utilizing an AI tool provided by a third party vendor
- Create records relating to our hiring process
- Assist you with obtaining an immigration visa or work permit where required
- Review our recruitment practices, including diversity monitoring
- Reimburse you for the costs incurred by you in connection with the recruitment process (where relevant)
- Comply with legal or regulatory requirements
If you accept a role with us, the information collected during the recruitment process will become part of your employment record.
It is your responsibility to obtain consent from referees to the processing of their personal information before providing it to us.
How we use sensitive information
We use your sensitive information in the following ways, where relevant:
- We will use information about your disability status to consider whether we need to provide you with reasonable accommodation during recruitment process;
- If relevant, we may use information about your national origin for visa and immigration purposes
- We will use information about criminal convictions for roles which involve a high degree of trust and integrity and for roles where this is a customer requirement (UK only)
- We will use diversity monitoring related data only to the extent allowed under the law
We may only use information relating to criminal convictions where the law allows us to do so. We have in place appropriate safeguards when processing this data which are required by law.
Legal basis for processing personal information and sensitive personal information
Our legal basis for processing your personal information includes processing that is necessary for our legitimate interests including the processing activities described above for our recruitment process. When we process your personal data to meet our legitimate interests we put in place appropriate safeguards to ensure that your fundamental rights are not overriden by our legitimate interests.
Our legal basis to process your sensitive personal information includes processing that is based on your consent to us processing your personal information for the purposes of recruitment. You have the right to withdraw your consent to this processing at any time. To withdraw your consent, please contact [email protected]. Once we have received your notification that you have withdrawn consent, you will be withdrawn from our recruitment process and, subject to our retention policy, we will dispose of your data securely, unless we have another legal basis for processing it in law.
If you fail to provide personal information
If you fail to provide information when requested, which is necessary for us to consider your application, we will not be able to take you forward in our recruitment process. For example, if we require a reference for this role and you fail to provide us with relevant details, we will not be able to take your candidacy further.
AUTOMATED DECISION MAKING
You will not be subject to decisions that will have a legal or similarly significant impact on you based solely on automated decision-making.
DATA SHARING
Why might you share my data with third parties?
We will share your information with other companies in the Pegasystems group as well as limited members of our human resources, IT and finance departments. In addition, as relevant, with our background check provider, and our recruitment service providers. All our third party providers and other entities in the group are required to take appropriate security measures to protect your personal information. We do not allow our third party service providers to use your personal data for their own purposes. We only permit them to process your personal data for specified purposes and in accordance with our instructions.
We may also be required to disclose your information to external third parties such as local labour authorities, courts and tribunals, regulatory bodies and/or law enforcement agencies for the purpose of complying with applicable laws and regulations or in response to legal process. For internship and traineeship opportunities we may also be required to share your data with relevant educational entities to comply with applicable laws and regulations.
Transferring information outside the EU/UK/Switzerland
We will transfer some of the personal information we collect about you to the following countries outside the EU: USA, UK, India , and Switzerland if any part of the hiring team is based there. Other than Switzerland and UK, there is not an adequacy decision by the European Commission in respect of those countries, which means that the countries to which we transfer your data are not deemed to provide an adequate level of protection for your personal information.
However, to ensure that your personal information does receive an adequate level of protection, we have put intercompany agreements including Standard Contractual clauses in place with these entities outside the EU, which is a mechanism approved by the European Commission to give appropriate protection.
Pegasystems Inc. outlines its compliance with the Data Privacy Framework Program in section ‘Data Privacy Framework’.
DATA SECURITY
We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal information to those employees, contractors and other third parties who have a business need to know. They will only process your personal information on our instructions and they are subject to a duty of confidentiality.
DATA RETENTION
How long will you use my information for?
We will retain your information in accordance with applicable law and our Retention Policy. We retain your information for that period so we can comply with legal requirements. After this period, we will securely destroy your personal information in accordance with applicable laws and regulations.
If we wish to retain your personal information on the basis that a further opportunity may arise in future and we may wish to consider you for that, we will contact you separately, seeking your explicit consent to retain your information for a fixed period on that basis.
RIGHTS OF ACCESS, CORRECTION, ERASURE, RESTRICTION AND PORTABILITY
Your responsibility to inform us of changes
It is important that the personal information we hold about you is accurate. Please keep us informed if your personal information changes during your recruitment process with us.
Your rights in connection with personal information
You may, in accordance with applicable law have the right to:
- Request access to your personal information. This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it
- Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
- Request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us to continue to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below).
- Object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground.
- Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it.
- Request the transfer of your personal information to yourself or another party (the right to portability).
If you want to review, verify, correct or request erasure of your personal information, object to the processing of your personal data, or request that we transfer a copy of your personal data to another party, please contact [email protected].
No fee usually required
You will not have to pay a fee to access your personal information (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in these circumstances.
What we may need from you
We may need to ask for specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal information is not disclosed to any person who does not have the right to receive it.
CONTACT DETAILS AND YOUR RIGHTS OF COMPLAINT
If you have any questions about this privacy notice or how we handle your personal information, please contact [email protected].
You have the right to make a complaint at any time to the relevant supervisory authority for data protection issues in the country in which you are based.
Data Privacy Framework
Pegasystems Inc. complies with the EU-U.S. Data Privacy Framework (“EU-U.S. DPF”) and the UK Extension to the EU – US DPF and the Swiss – U.S. Data Privacy Framework (“Swiss-U.S. DPF” as set forth by the U.S. Department of Commerce. Pegasystems Inc. has certified to the U.S. Department of Commerce that it adheres to:
- the EU – U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union and the United Kingdom in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF; and
- the Swiss – U.S. Data Privacy Framework Principles (Swiss – U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF.
If there is any conflict between the terms of this privacy notice and the EU – U.S. DPF Principles and/or Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the DPF program, and to view Pegasystems Inc.’s certification, please visit https://www.dataprivacyframework.gov/.
In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss – U.S. DPF, Pegasystems Inc. commits to cooperate and comply with the advice of the panel established by the EU data protection authorities (DPAs) and the UK Information Commissioner’s Office (ICO) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss – U.S. DPF.
Pegasystems Inc. remains liable for any of your personal information that is shared under the Onward Transfer Principle with third parties for external processing on our behalf, as described above.
Pegasystems Inc. is subject to the investigatory and enforcement powers of the US Federal Trade Commission (FTC). In certain circumstances, the Data Privacy Framework provides the right to invoke binding arbitration to resolve complaints not resolved by other means, as described in Annex I to the Data Privacy Framework Principles (https://www.dataprivacyframework.gov/s/).
Status of and Changes to this notice
This notice does not form part of any employment contract or other contract to provide services. We may update this notice at any time and changes will appear on this page.