Candidate Privacy Notice

Introduction

This Candidate Privacy Notice (“Notice”) describes how Cloud Software Group, Inc. and its subsidiaries and related companies (collectively, “Cloud Software Group”) handle and protect your Candidate Data, as defined below, to which Cloud Software Group (“Cloud Software Group”, “We”, “Us” or “Our”) is provided access in connection with the talent acquisition process.

If you are a resident of California, please see also the California Consumer Privacy Statement for Candidates that describes the personal information collected consistent with the relevant notice requirements of the California Consumer Privacy Act of 2018.

By making available your Candidate Data, you confirm that:

• You have reviewed this Notice;
• You have provided any notices and obtained any consents needed to provide information concerning others (e.g., information about employment references); and
• Your Candidate Data may be transferred and processed worldwide, including in the US and other countries that may not be deemed to provide the same level of data protection as your home country, for the purposes and in the manner specified in this Notice.

We will process Candidate Data in accordance with this Notice, unless in conflict with requirements of applicable law, in which case applicable law will prevail.  You are under no statutory or contractual obligation to provide data to TIBCO during the talent acquisition process, but if do not provide certain information, we may not be able to process your application.

This Notice does not form part of any contract of employment offered to candidates hired by US.

For information about our processing activities in connection with your general use of Our websites and our use of cookies and similar technologies outside the scope of this Notice, please see the Cloud Software Group Privacy Policy.

Definitions

Candidate Data is identifiable information that an individual makes available to Us in connection with the talent acquisition process. Candidate Data may include a variety of information, such as candidate status, work history/job data, education, compensation, employer feedback, questionnaire results, contact information, previous addresses or names, additional information provided by the candidate (e.g., a cover letter), driver’s license number as required for certain positions, references, and criminal history where permitted by law.

Processing refers to any action performed on Candidate Data, such as collecting, recording, organizing, storing, transferring, modifying, using, disclosing, or deleting.

Sensitive Candidate Data is Candidate Data concerning nationality or citizenship, race or ethnic origin, criminal history, or trade union membership. We do not request or consider information concerning religion, or sexual orientation, or political opinions in connection with talent acquisition.

Collection

You may use various electronic and paper methods to submit Candidate Data to Us. The primary method is through our online application processing application (Hirebridge), through interviews and other direct interactions with you.  In addition, to the extent permitted by law, We may collect Candidate Data from third parties, for example, from recruiters, in connection with a background, credit or employment check or an employment reference (subject to your consent where required by law), from a recruiting or other publicly-available web site, such as your professional LinkedIn profile, your professional profile on your current employer’s website, speaker bios on the websites of professional conferences where you have spoken, or articles you have published.

Processing and Retention

We process Candidate Data for legitimate human resources and business management purposes.  These include identifying and evaluating candidates for Our positions; communicating with you including notifying you of relevant additional vacancies that may interest you; record-keeping related to hiring processes; analyzing the hiring process and outcomes; and conducting background checks, where permitted by law. We process Candidate Data for these purposes because it is necessary for our legitimate interests in recruiting staff and administering our hiring processes. In addition, Candidate Data may be used to comply with Our legal, regulatory and corporate governance requirements. If a candidate is hired, Candidate Data may be used in connection with his/her employment in accordance with the terms of Our Internal Privacy Policy.

In addition to using Candidate Data for the position for which you have applied, We may retain and use your Candidate Data to consider you for other positions. If you do not want to be considered for other positions or would like to have your Candidate Data removed, you may contact Us as specified under Inquiries, Complaints and Objections below. Unless required for tax or other legal purposes or in connection with employment as specified above, or some other retention period is required by local law, we will retain your personal information for a period of 12 months after we have communicated to you our decision about whether to appoint you to a role to which you have applied. We retain your personal information for the purposes specified in this section, including without limitation so that we can show, in the event of a legal claim, that we have not discriminated against candidates on prohibited grounds and that we have conducted our talent acquisition and hiring processes in compliance with applicable law.

If your application for employment is successful, personal data gathered during the talent acquisition process will be transferred to your Human Resources file (electronic and paper) and handled in accordance with the Our Internal Privacy Policy.

Sharing with Third Parties

We may share your personal information internally within Cloud Software Group and/or its affiliates for the purposes described in this notice.

We may transfer Candidate Data to external third-party service providers performing certain services on behalf of Cloud Software Group. Third-party service providers include talent acquisition operations, communication and verification providers used for the purposes of managing, coordinating, documenting and analyzing our talent acquisition efforts, facilitating communications, marketing and employment verification. Third-party service providers may also include external advisors (e.g., auditors and legal advisors), insurance carriers, benefits providers, and internal compliance and investigation teams (including external advisers appointed to conduct internal investigations).  Such third-party service providers have access to Candidate Data solely for the purpose of performing the services specified in the applicable service contract, and We require the service providers to undertake security measures consistent with the protections specified in this Notice.

We may be required to disclose certain Candidate Data to other third parties (1) as required by law, regulation or legal process (such as a court order or subpoena) in or outside of your home country; (2) to law enforcement authorities or other government officials to comply with a legitimate legal request; (3) to establish, exercise or defend our legal rights, and in connection with an investigation of suspected or actual fraud, illegal activity, security or technical issues; or (4) in an emergency where the health or safety of a candidate or other individual may be endangered. In addition, in the event of a re-organization, merger, sale, joint venture, assignment, or other transfer or disposition of all or any portion of Our business, We may transfer Candidate Data to successor entities or parties.

Sensitive Candidate Data

We may perform background and criminal checks where permitted by law, and may process other Sensitive Candidate Data, such as citizenship or nationality information or health information, in order to evaluate a potential reasonable accommodation in the talent acquisition and hiring process where requested, for equal opportunity monitoring, when relevant for a position and permitted by law. We process personal data for these purposes when we are required to do so by law or if you have given your explicit consent.

If We intend to collect Sensitive Personal Data from third parties, you will be provided notice and the opportunity to consent. If you have a disability and would like Us to consider a reasonable accommodation, you may provide that information during the talent acquisition process. We do not intend to collect any Sensitive Candidate Data from you unless specifically requested for the purposes described above.

Security and Confidentiality

We employ technical and organizational measures designed to protect the integrity, confidentiality, security and availability of Candidate Data, and to comply with applicable legal requirements for information security. We limit access to internal systems that hold Candidate Data to individuals who need access for a legitimate business purpose.

Candidate Rights

You may exercise the following rights in relation to your Candidate Data:

Access, Correction and Deletion: We will provide you access to your Candidate Data that We hold to the extent required by law in your home country, regardless of the location of the Candidate Data processing. You may request correction or deletion of that Candidate Data, except where retention is required by your contractual relationship with Us, in the context of a legal dispute, or as otherwise required by law. You also may request a copy of your Candidate Data in machine-readable format in some cases, or object to the processing of your Candidate Data.  These rights are not absolute and must take into account the interests of others.  If access, correction or deletion is denied, the reason for the denial will be communicated to you.  Where permitted by law, we reserve the right to charge a fee.

Restriction of Processing and Data Portability:  In limited circumstances, you may have the right to request that we restrict processing of your personal data.  You may also have the right to receive certain personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format and you may have the right to have the data transmitted to another entity.

Automated Decisions: Automated decision-making takes place when an electronic system uses personal information to make a decision without human intervention. In the event that We rely solely on automated decision-making that could have a significant impact on you, We will notify you, provide you an opportunity to express your views and provide any other safeguards required by law.

Inquiries, Complaints and Objections: You may withdraw consent to the processing of your Candidate Data or submit inquiries, complaints and/or objections to the processing of your Candidate Data by sending a request by email at Or by email at TAOps@cloud.com. The processes described in this Notice supplement any other remedies and dispute resolution processes provided by Us and/or available under applicable law.

If you are located in the EU, you also may lodge a complaint with the data protection supervisory authority in your country.

Direct Marketing

We will not use Candidate Data to offer you any products or services for personal or family consumption (“Direct Marketing”) or provide Candidate Data to third parties for their Direct Marketing. These restrictions do not apply to contact or other personal data obtained in the context of a customer, consumer or other non-employment relationship with Us.

International Data Transfers

Cloud Software Group is a global organization. Accordingly, Candidate Data may be transferred by Us (and Vista, as applicable) to and processed in the US and other countries that may not be deemed to provide the same level of data protection as your home country. When we transfer Candidate Data to a country outside of your home country, we may use a variety of legal mechanisms authorized by law, including standard contractual clauses approved by the European Commission, the United Kingdom’s Information Commissioner’s Office, or other valid data transfer agreements, the EU-U.S. or Swiss-U.S. Data Privacy Framework, consent of the data subject. You may obtain a copy of legal mechanisms we have put in place by contacting us as described below.

With respect to transfers of personal information from the EU, United Kingdom and Switzerland to the U.S., Cloud Software Group complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce.  Cloud Software Group has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) under the UK Extension to the EU-U.S. DPF.  Cloud Software Group has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland under the Swiss-U.S. DPF.  If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern.  To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/.

We are responsible for the processing of personal information it receives, under each Data Privacy Framework, and subsequently transfers to a third party acting as an agent on its behalf. We comply with the Data Privacy Framework Principles for all onward transfers of personal information from the EU, United Kingdom and Switzerland, including the onward transfer liability provisions.

With respect to personal information received or transferred pursuant to the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF, We are subject to the regulatory enforcement powers of the U.S. Federal Trade Commission. In certain situations, We may be required to disclose personal information in response to lawful requests by public authorities, including to satisfy national security or law enforcement requirements.

In compliance with the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF Principles, We commit to resolve complaints about our collection or use of your personal information. If you have questions or complaints regarding our Privacy Policy or practices, please contact us at privacy@cloud.com.

EU and Swiss individuals with inquiries or complaints regarding our Data Privacy Framework policy should first contact us at privacy@cloud.com. If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third party dispute resolution provider (free of charge) at https://feedback-form.truste.com/watchdog/request.

Cloud Software Group has further committed to cooperate and comply with the advice of the panel established by the EU data protection authorities (DPAs), the UK Information Commissioner’s Office (ICO) and the Gibraltar Regulatory Authority (GRA), and the Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to unresolved complaints concerning our handling of human resources data received in reliance on the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF in the context of the employment relationship.

Changes to this Notice

We reserve the right to modify this Notice by posting changes to Our relevant websites. If you submit additional Candidate Data or request to be considered for a Cloud Software Group position following the effective date of a modified Notice, your Candidate Data will be handled in accordance with the Notice in effect at that time.

Inquiries

For inquires related to this Statement, you may contact us by sending a request in writing to:

Senior Project Manager, Talent Operations
899 West Cypress Creek Road
Fort Lauderdale, FL 33309

Or by email at TAOps@cloud.com.