CCPA and GDPR Job Applicant Privacy Notice

PRIVACY NOTICE TO JOB APPLICANTS FROM CALIFORNIA, THE EUROPEAN ECONOMIC AREA, SWITZERLAND, AND THE UNITED KINGDOM REGARDING THE COLLECTION OF PERSONAL INFORMATION

Effective Date: November 18, 2021

Gradle, Inc. (the “Company,” “us” or “we”) is committed to protecting the privacy and security of the personal information you provide to us. Please read this Job Applicant Privacy Notice (the “Privacy Notice”) to learn how we collect and process your personal information when you apply for a job or other role with us. As a job applicant, you have the right to know and understand the categories of personal information we collect about you, and the purposes for which we use such personal information, pursuant to the California Consumer Privacy Act of 2018 (the “CCPA”), the General Data Protection Regulation (Regulation (EU) 2016/679) and the United Kingdom Data Protection Act 2018 (the “GDPR”), the United Kingdom General Data Protection Regulation (the “UK GDPR”), and the Swiss Data Protection Act 2020, as applicable. This Privacy Notice only applies to job applicants who are residents of the State of California, the European Economic Area (“EEA”), Switzerland, and the United Kingdom (“UK”). The Company does not sell or otherwise disclose this personal information for monetary or other consideration to any third parties.

EU-U.S. Privacy Shield Framework and Swiss-U.S. Privacy Shield Framework

The Company complies with the EU-U.S. Privacy Shield Framework and Swiss-U.S. Privacy Shield Framework (together, the “Privacy Shield Framework”) as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union and Switzerland to the United States. Under the Privacy Shield Framework, the Company shall be subject to liability in cases of onward transfers of personal information to third parties, however the Company is required to disclose personal information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

The Company has certified to the U.S. Department of Commerce that it adheres to the Privacy Shield Principles, and under the Privacy Shield Framework, Gradle is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC). If there is any conflict between the terms in this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov/

In compliance with the Privacy Shield Principles, the Company commits to resolve complaints about our collection or use of your personal information. In the event of any disputes that may arise between the Company and any individual, such individual may, under certain conditions, invoke binding arbitration.

EU and Swiss individuals with inquiries or complaints regarding our Privacy Shield policy should first contact our privacy team at privacy@gradle.com.

The Company has further committed to cooperate with the panel established by the EU data protection authorities (DPAs) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to unresolved Privacy Shield complaints concerning human resources data transferred from the EU and Switzerland in the context of the employment relationship.

Categories of Personal Information Collected

In each case as permitted by applicable law, we collect the following categories of personal information for the purposes described below:

Personal identifiers, such as your name, preferred name, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, date of birth, and other similar identifiers.
Personal Records, such as your signature, address, telephone number, education, employment or employment history.
Protected characteristics, such as minority, veteran and disability status, VISA status, through voluntary self-disclosure. Such information will only be collected as permitted by applicable law and will not be used to make hiring decisions.
Internet or other similar network activity information, such as your IP address, log-in information or information regarding your interaction with a website, application or advertisement.
Geolocation Data, such as IP addresses from which we can determine your general location.
Sensory data, such as audio and visual information, for example if you use video interviewing as part of the application process. If you visit our facilities, your entry and exit may be monitored by CCTV.
Professional or employment-related information, such as your work history, references, information about skills and abilities, accomplishments and awards, training and development information, performance evaluation information, and employment termination information.
Education information, such as your education history, and other information included in your resume or cover letter.
Inferences drawn from other personal information, such as a profile reflecting your preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities and aptitudes.
Other: Job interview notes, responses to screening questions, assessment results, salary expectations, information available from your LinkedIn profile, and any other information you provide in connection with the recruitment process. We also collect legal and contractual information, such as information necessary to respond to law enforcement and governmental agency requests, comply with legal and contractual obligations, exercise legal and contractual rights, and initiate or respond to, or establish, exercise and defend, legal and contractual rights claims.

Sources of Personal Information

We collect personal information you voluntarily provide to us when you apply for a job or otherwise contact us in the recruitment context. If you are visiting our website or online job application, we may also automatically collect device information such as IP addresses and device identifiers.

We may also combine personal information collected from other sources with the personal information that you provide to us. For example, we may collect information from:

Recruiters or recruiting platforms (e.g., Greenhouse)
Prior employers (e.g., for references)
Professional references you provide to us
Educational institutions
Pre-employment screening services
Credentialing and licensing organizations
Publicly available sources such as your social media profile (e.g., LinkedIn, Twitter and Facebook)
Other sources as directed by you

Use of Personal Information

We use the categories of personal information listed above for the following purposes:

Process and manage your application: We use your personal information to process your job application, establish a job applicant profile for the recruitment process, assess your qualifications for a specific role with us, schedule and conduct interviews, communicate with you, and carry out background and reference checks (see the following bullet point for additional information). We may collect audio and visual information of job applicants through photographs used for identification purposes. With your consent, we may record video of you in connection with the application process, for example through a third party screening service. Additionally, if you are offered a position with us, we may use your personal information in the employee on-boarding process.
Conduct reference and background checks (as permitted by applicable law): We use personal information we collect to conduct reference checks and to evaluate your qualifications and experience. We may also conduct background checks (as authorized by you and permitted by applicable law).
Provide immigration support: If applicable and as permitted by applicable law, we may collect your personal information to assist with immigration support, such as applying for visas or work permits.
Analyze and improve our recruitment process and tools: For example, we analyze trends in our applicant pool, and use personal information to understand and improve our recruitment process and tools (including improving diversity and inclusion).
Record-keeping: We keep records of your personal information as required by law and in accordance with our record retention policies.
Meeting legal requirements and enforcing legal terms: We collect and process your personal information for purposes of: fulfilling our legal obligations under applicable law, regulation, court order or other legal process, such as preventing, detecting and investigating security incidents and potentially illegal or prohibited activities; protecting the rights, property or safety of you, us or another party; enforcing any agreements with you; responding to claims; and resolving disputes. Additionally, we may use information about protected characteristics to analyze and monitor the diversity of our job applicants in accordance with applicable laws.

Disclosure of Personal Information

We may share your personal information as necessary for the purposes described in this Privacy Notice, including internally with our personnel involved in the hiring process. For example, we share your personal information with the following parties:

Affiliates: We may share your personal information with our affiliates.
Service Providers: We use service providers to operate, host and facilitate our hiring and recruitment process. These include hosting, technology and communication providers; security and fraud prevention consultants; analytics providers; background and reference check screening services; and hiring process management tools.
Government authorities and law enforcement: In certain situations, we may be required to disclose Personal information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
Business transfers: Your personal information may be transferred to a third party if we undergo a merger, acquisition, bankruptcy or other transaction in which that third party assumes control of our business (in whole or in part).
Professional advisors: We may share your personal information with our professional advisors.
Other: We may also share your personal information with third parties in conjunction with any of the activities set forth under “Meeting legal requirements and enforcing legal terms” in the “Use of Personal Information” section above.

Job Applicants in the European Economic Area (EEA), Switzerland, and the United Kingdom (UK)

Under the GDPR, if you are a job applicant in the United Kingdom (“UK”), Switzerland or the European Economic Area (EEA), we are required to provide you with additional information about our processing of your personal information. Please note that the information in this section as well as the other sections of this Privacy Notice apply to you.

If you are a job applicant located in the UK, Switzerland or EEA, the Company is the controller of your personal information. As a data controller, the Company is responsible for ensuring that the Company’s processing of your personal information complies with the GDPR.

If you are accepted for a role at the Company, the information collected during the recruiting process will be processed in accordance with applicable law, including any Employee Privacy Notice, a copy of which will be provided when you are on-boarded as an employee if applicable.

Legal Basis for Processing your Personal Information

Our legal basis for collecting and processing your personal information for our legitimate interests (as described in “User of Personal Information” above) (and not overridden by your data protection interests or fundamental rights and freedoms) or as necessary to comply with a legal obligation that applies to us.

Rights of Access, Correction, Erasure, and Objection

It is important that the personal information we hold about you is accurate and current. Please keep us informed if your personal information changes during the recruitment process. By law, you may have the right to request access to, correct, and erase the personal information that we hold about you, or object to the processing of your personal information under certain circumstances. You may also have the right to request that we transfer your personal information to another party. If you would like to exercise any of these rights, please contact us at privacy@gradle.com. Any such communication must be in writing.

We may request specific information from you to help us confirm your identity and your right to access, and to provide you with the personal information that we hold about you or make your requested changes. Applicable law may allow or require us to refuse to provide you with access to some or all of the personal information that we hold about you, or we may have destroyed, erased, or anonymized your personal information in accordance with our record retention obligations and practices. If we cannot provide you with access to your personal information, we will inform you of the reasons why, subject to any legal or regulatory restrictions.

Cross-Border Data Transfers

Where permitted by applicable law, we may transfer the personal information we collect about you to the United States and other jurisdictions that may not be deemed to provide the same level of data protection as your home country for the purposes set out in this Privacy Notice. If you are located in the EU or UK, we have implemented the EU standard contractual clauses to secure the transfer of your personal information to the United States and other jurisdictions.

Data Retention

Except as otherwise permitted or required by applicable law or regulation, we will only retain your personal information for as long as necessary to fulfill the purposes we collected it for, as required to satisfy any legal, accounting, or reporting requirements, or as necessary to resolve disputes.

Under some circumstances we may anonymize your personal information so that it can no longer be associated with you. We reserve the right to use such anonymous and de-identified data for any legitimate business purpose without further notice to you or your consent.

If you are offered and accept employment with the Company, the personal information we collected during the application and recruitment process will become part of your employment record, and we may use it in connection with your employment consistent with our employee personal information policies.

If you do not become an employee, or, once you are no longer an employee of the Company, we will retain and securely destroy your personal information in accordance with our document retention policy and applicable laws and regulations. If you do not become an employee, we may still keep your application to allow us to consider you for other suitable openings within the Company in the future. If you would like to opt out from the Company’s policy of retaining your information for the purposes of considering you for other suitable openings, please email privacy@gradle.com.

Data Security

We have implemented reasonably appropriate physical, technical, and organizational security measures designed to secure your personal information against accidental loss and unauthorized access, use, alteration, or disclosure. In addition, we limit access to personal information to those employees, agents, contractors, and other third parties that have a legitimate business need for such access.

Changes to This Privacy Notice

We reserve the right to update this Privacy Notice at any time, and we will provide you with a new Privacy Notice when we make any updates. If we would like to use your previously collected personal information for different purposes than those we notified you about at the time of collection, we will provide you with notice and, where required by law, seek your consent, before using your personal information for a new or unrelated purpose. We may process your personal information without your knowledge or consent only where required by applicable law or regulation.

Contact for Questions

If you have any questions or concerns regarding this Privacy Notice or the collection of your personal information, please contact:

Rolf Dockter

Phone: +1 415-446-9553 / +49 30-609-886-880
Website: www.gradle.com
Email: privacy@gradle.com
Address: 2261 Market Street #4081, San Francisco, CA 94114, United States / Danckelmannstr. 21, 14059, Berlin, Germany

Job applicants with disabilities may access this notice in an alternative format by contacting privacy@gradle.com.