Forter is committed to protecting the privacy of candidates for employment or contractual services (both referred to as “you”). This Policy describes what Personal Data (defined below) we collect from you, how we use your Personal Data, who we share it with, and certain rights you may have with respect to your Personal Data.
This Policy does not create or form part of any employment contract or other contract between you and Forter. We also may provide you with additional information at the point when we collect your Personal Data, if we feel that it would be helpful to provide you additional information.
Our General Counsel, Scott Buell, has been appointed to serve as Forter’s Data Protection Officer, to monitor and advise on our ongoing privacy compliance, and to serve as a point of contact on privacy matters for data subjects and supervisory authorities.
If you have any questions regarding this Policy, or how Forter processes your Personal Data, please reach out to your local HR representative or send an email to [email protected].
As noted above, this Policy describes what Personal Data we collect from you, how we use your Personal Data, who we share it with, and certain rights you may have with respect to your Personal Data.
We respect our candidates’ privacy and will treat your Personal Data in accordance with the requirements under relevant data protection laws and regulations. While this Policy is intended to describe the broadest range of our data practices globally, local laws in many countries may be stricter than the policies described in this Policy. Notwithstanding the information contained in this Policy, Forter has adopted the relevant privacy practices and procedures to comply with local laws and regulations where applicable.
The Forter entity you have applied to or otherwise engaged is the controller of your Personal Data and is responsible for how your Personal Data is used.
In this Policy, “we”, “us”, “our”, or “Forter” refers to the Forter entity to which you have applied.
- Data we collect about you
1.1. Categories of Personal Data
“Personal Data” means any data that identifies you or that can be used to identify you, including your name, address, telephone number, email address, and IP address, as well as other information about you that is associated with or linked to any of the foregoing data.
We may collect and process the following categories of Personal Data from or about you during your candidacy for employment:
- Biographical information, such as your name, gender, date of birth, race and/or ethnicity (where legally permissible), professional history, references, language proficiencies, professional qualifications and registrations, training records, technical skills, education details, military and reserves status, information in your company biography, social media profiles and activity, and your photos;
- Contact information, such as your address, telephone number, email address, and social media handles;
- Identification information, such as your social security number, government-issued identification information and copies of documentation proving your identity and right to work (e.g., driver’s license, passport, visa, or ID card), photographs, or other similar identifiers;
- Nationality and immigration status, and other information such as residency and work permit status, that would allow us to verify your employment eligibility;
- Information provided in connection with accommodation requests and/or to ensure meaningful equal opportunity monitoring and reporting, including your personal preferences, potential disabilities, religious, moral, or philosophical beliefs, sexual orientation, ethnicity, or health-related conditions; and
- Other information you provide to us, such as your feedback and survey responses where you choose to identify yourself.
We may also collect and process sensitive personal information relating to you. Sensitive personal information we may collect and process includes any information that reveals your racial or ethnic origin, religious, political or philosophical beliefs, sexual orientation, trade union membership, criminal convictions, genetic data, biometric data for the purposes of unique identification, information about your health (“Sensitive Personal Information“) In the United States, Sensitive Personal Information also includes government identifiers (such as your social security number, driver license, state ID or passport number) and precise geolocation data. As a general rule, we try not to collect or process any Sensitive Personal Information about you, unless authorized by law, where necessary to comply with applicable laws or to provide benefits. We do not sell any of your Sensitive Personal Information collected under this Policy.
In certain cases, we may ask you for additional information for purposes of monitoring equal opportunity and/or complying with applicable laws. We may also inquire about criminal records. We will do so only where permitted by applicable law.
1.2. Sources of Personal Data
We collect and generate Personal Data from or about you during your candidacy for a job.
Generally, we collect information about you, directly from you, but we may also collect your Personal Data from other sources and combine it with the Personal Data you provide to us or that we otherwise generate. For example, we may collect your Personal Data from:
- Job board websites you use to apply for a job with us;
- Individuals you may refer you to Forter and provide your contact details
- Prior employers, for example when they provide us with employment references;
- Professional references that you authorize us to contact;
- Providers of background check, credit check, or other screening services (where permitted under applicable law);
- Your public social media profiles or other publicly available sources;
- Employment agencies or recruiters;
- Your related persons who choose to communicate with us directly; and
- Other Forter personnel.
- How we use your Personal Data
2.1. Purposes for which we use Personal Data
We may process your Personal Data for the following purposes:
- Recruitment Purposes. If you are applying for a role at Forter then the primary reason for collecting your data is to evaluate your qualifications for employment, including in connection with:
- Recruiting, interviewing, and evaluating you as a candidate for current and future opportunities at Forter;
- Tracking your application through the recruitment process;
- Conducting background, reference, or credit checks (where permitted under applicable law);
- Improving our application and/or recruitment process, including improving diversity and equal employment opportunities;
- Accommodating disabilities or health conditions; and
- Otherwise administering our relationship with you.
- Business operations. Operating and managing our business, including managing communications and IT systems; and internal communications.
- Compliance and safety. Complying with legal and other requirements, such as audit, recordkeeping, reporting, verifying identity and eligibility to work, and equal opportunities monitoring requirements; complying with legal requests and other legal processes, including sharing information with government authorities, law enforcement, courts or private parties for the foregoing purposes.
- Monitoring. Monitoring our offices, facilities and IT and communications systems, devices, equipment and applications through manual review and automated tools such as security software, website and spam filtering software, mobile device management software, and monitoring our physical premises (e.g., by using security cameras, CCTV and keycard scans) to protect our, your or others’ rights, safety and property; operate, maintain and protect the security of our network systems and devices; protect our proprietary and confidential information and intellectual property; for recordkeeping and archiving.
- Analytics. Developing, customizing, and improving our HR operations; creating anonymous, aggregated, or de-identified data that we use and share to analyze our workforce and business and for other lawful business purposes.
2.2. Legal basis for processing Personal Data
Our legal basis for collecting and processing the Personal Data described above will depend on the Personal Data concerned and the specific context in which we collect it.
We will collect Personal Data from you only where:
- we have your consent to do so. Where we have requested your consent to process your Personal Data you have the right to withdraw your consent at any time;
- we have a legal obligation to do so; and/or
- the processing is in our legitimate interests and not overridden by your data protection interests or fundamental rights and freedoms.
Note that we are not required to obtain your consent for most of the processing activities that we undertake in respect of your Personal Data. We may, however, ask for your consent in limited circumstances for some uses of certain Personal Data. You will never be obliged to provide us with consent. If we need your consent, we will notify you of the Personal Data we intend to use and how we intend to use it. Where you have given us consent to collect, use, or disclose your Personal Data in a certain way, you may withdraw your consent at any time. If you wish to withdraw any consent that you have given us, please contact your local HR representative or send an email to [email protected].
If you have questions about or need further information concerning the legal basis on which we collect and process your Personal Data for any specific processing activity, please contact your local HR representative or send an email to [email protected].
2.3. Sharing Personal Data
We may share your Personal Data with third parties where necessary for the purposes described above.
For example, we may share your Personal Data with the following third parties. The below list is not intended to be exhaustive.
- Forter affiliates. Your Personal Data may be shared by the Forter entity that employs you with other Forter entities, for purposes consistent with this Policy, to operate shared infrastructure, systems, and technology, and for group business planning, budgeting, accounting, reporting and strategy.
- Third party service providers. Providers of services to Forter, for example in connection with human resources, recruitment agencies, performance management, expense management, business travel, IT systems and support, hosting and data analytics, information and physical security, background checks and other screenings.
- Other Forter personnel. Other Forter employees may have access to certain of your Personal Data, for example an employee conducting an interview, and additional information depending on their specific roles and responsibilities and need for such information, all solely on a “need to know” basis.
- Governmental authorities and law enforcement. Your Personal Data may be shared with governmental or regulatory bodies and/or law enforcement, as required under applicable law, if we believe necessary to cooperate with such authorities and/or protect the rights, property, health, or safety of Forter, our employees or others and/or in connection with the performance of your employment contract.
- In connection with business transfer activities. Your Personal Data may be shared with third parties to whom we choose to sell, transfer, or merge parts of our business or our assets, or where we seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your Personal Data in the same way as set out in this Policy. In this situation we will, so far as possible, share anonymised data only with the other parties before the transaction completes. Once the transaction is completed, we will share your Personal Data with the other parties if and to the extent required under the terms of the transaction.
- Professional advisors. Accountants, auditors, lawyers, insurers, bankers, compliance, and other outside professional advisors who require your information in the course of providing their services.
- Where we transfer, store, and process your Personal Data
Your Personal Data may be maintained, processed, transferred, accessed, and stored by Forter in the United States, the United Kingdom, Israel, Singapore, and other countries based on where our offices, business operations and systems are located.
We may also transfer your Personal Data to the parties described in Section 2.3 above, who may be located in a different country to you.
While privacy laws may vary between jurisdictions, Forter is committed to protecting your Personal Data in accordance with this Policy, and will only transfer your Personal Data pursuant to appropriate lawful mechanisms and contractual terms requiring adequate data protection, regardless of any lesser legal requirements that may apply in the jurisdiction to which such data is transferred.
Personal data originating in the European Economic Area (EEA) or in the United Kingdom (UK) that is transferred to an entity outside the EEA or the UK will be processed pursuant to appropriate safeguards, including data protection clauses adopted by the European Union, or the United Kingdom, and such other appropriate lawful mechanisms designed to protect the data.
- How long we retain your Personal Data for
We will only retain your Personal Data for as long as necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
To determine the appropriate retention period for Personal Data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your Personal Data, the purposes for which we processed your Personal Data and whether we can achieve those purposes through other means, and the applicable legal requirements.
This means that we may retain your Personal Data for the duration of your employment with us, or such shorter or longer period as required by law and/or for the purpose for which the relevant data was collected. After this period we will securely delete your Personal Data in accordance with our data retention policy.
For further information on how long we retain your Personal Data for, please contact your local HR representative or a member of the Legal team.
- How we secure Personal Data
We have put in place appropriate security measures to prevent your Personal Data from being accidentally lost, used or accessed in an unauthorized way, altered or disclosed.
We will notify you and/or the applicable regulator of any data breach where we are legally required to do so.
- Your Rights
Under certain data protection laws, individuals have certain rights in relation to their Personal Data. These may include the following rights:
- The right to be informed about the processing of your Personal Data;
- The right to access your Personal Data;
- The right to rectification of your Personal Data;
- The right to erasure of your Personal Data;
- The right to correct any of your inaccurate Personal Data;
- The right to data portability;
- The right to withdraw consent;
- The right to object to processing of your Personal Data;
- The right to restrict processing of your Personal Data;
- The right to opt out of any sale of your Personal Data;
- The right to lodge a complaint with your national Data Protection Authority; and
- Rights in relation to automated decision making, including profiling.
Note that certain of the foregoing rights are not absolute and may be subject to certain exceptions under applicable law. In the event that we cannot or will not accommodate your request, we will inform you of the reasons why, subject to any legal or regulatory restrictions.
If you have any questions about, or wish to exercise, any of the foregoing rights that may be available to you under applicable law, please contact your local HR representative or email [email protected].