Imprivata Applicant Privacy Notice

Imprivata Applicant Privacy Notice

Effective Date: 05-20-2024

Thank you for your interest in working with Imprivata. This Applicant Privacy Notice describes how Imprivata, Inc., and/or its affiliates and subsidiaries, including Ground Control, Inc., FairWarning, LLC, SecureLink, Inc., OGiTiX Software AG (hereinafter "We", "Imprivata", or “Imprivata Group”) will processes your personal data to consider your employment application and your rights under applicable privacy laws.

The protection of your personal data is important to us. The personal data collected during your online application will be treated confidentially and strictly in accordance with the relevant laws.

Data Controller

The Imprivata Group company to which you submit your application via the application management system is responsible for processing your data.

Data Protection Officer

To contact our Data Protection Officer, please send an email to privacycommittee@imprivata.com.

Categories of Processed Data

The categories of personal data processed as part of the application process include:

  • General personal data (e.g. personal identifiers such as name, birthday, and postal address);
  • Documents (e.g. references, certificates, resumes, which may include professional or employment-related information)
  • Education and training details (e.g. data about school education, university, professional qualifications, and skills)
  • Communication data (e.g. other identifiers such as email address and (mobile) phone number)
  • Log data recorded while using recruiting and other applicant-related IT systems (e.g. electronic identifiers and internet activity information such as IP address, other online identifiers, and website interactions)
  • Compensation information that you voluntarily provide, and which may depend on your region and applicable laws and regulations
  • Social media information, such as if you provide us a link to or other access to a social media account, we may collect or access any information you permit to be shared through or from your social media account and other information depending on the social media platform
  • Background check information (e.g., criminal record, credit history, where permitted by law)

Required data will be explicitly marked as such during the application process. We kindly ask you to provide us with sensitive or special categories of personal data (such as health data or religious information) only if they are exceptionally relevant to the application process. In such cases, we will process this data together with your other applicant data. Do not provide any other sensitive or special categories of data that are not specifically requested as part of the application process.

You are responsible for the personal data you provide or make available to us. All personal information you provide, particularly in connection with our recruiting activities, must be truthful, accurate and not misleading in any way. You may not provide information that is obscene, defamatory, infringing, malicious, or that violates any law. If you provide personal data of a third party (such as for references), you are responsible for providing any notices and obtaining any consents necessary for us to collect and use such personal information as described in this Privacy Notice.

The processing of personal data during the applicant management process is for the purpose of preparing for an employment relationship with a company in the Imprivata Group.

The main legal basis for this purpose is the legal requirement to take steps at your request (the data subject) prior to entering into an employment contract.

We process your personal data in accordance with the requirements of the respectively applicable national and international laws, such as:

  • EU General Data Protection Regulation (“GDPR”) adopted by the European Parliament and the Council of the European Union on April 27, 2016 – in cases where it is applicable;
  • German Federal Data Protection Act;
  • UK Data Protection Act 2018 and UK GDPR;
  • The California Consumer Privacy Act of 2018 as amended by the California Privacy Rights Act of 2020 (“CPRA“) and other US state laws providing similar rights, as applicable; or
  • any other applicable national laws and regulations.

Other legal bases are your explicit consent to the processing of personal data (“Consent”, e.g. if we would like to keep you as a candidate in our talent pool) or legitimate interests pursued by Imprivata (for example, through application process evaluations, background checks verifying the legitimacy of the information provided by applicants, and analytical reporting, after careful consideration against your interest in the protection of your personal data in accordance with the relevant legal provisions).

Whenever special categories of personal data are processed with the respective data protection law and regulations requirements (e.g. health data, religion, or union membership), this processing is carried out in accordance with the relevant national and international data protection laws. Furthermore, it may be necessary to process your health data to assess your ability to work in accordance with national and international data protection law or for reasons of accommodation evaluation.

Collection of Personal Data

Your personal data will generally be collected directly from you as part of the recruitment process. We reserve the right to verify the integrity and accuracy of the personal information provided. We may be required by international law to conduct compliance and background checks as part of the application process. We may use specialist providers for this purpose.

In certain circumstances, your information may also be collected from third parties and publicly available information. For example, we may check your profile on professional social networking sites such as LinkedIn, if you provide us with the link to your profile, or we may receive your information from recruiting providers.

During the application process, we may ask you for your consent to forward your application documents to other vacancies that match your profile.

We will keep you informed of the status of your application via email.

Please see our Cookie Policy for details regarding how we use cookies and other similar technologies on our websites to automatically collect information from your browser or device.

Talent Pool

If you have consented to becoming part of our Talent Pool, we may use the data you provided in order to, for example, inform you about interesting job opportunities. This may be done by email or telephone. You may withdraw your consent at any time with future effect by contacting privacycommittee@imprivata.com.

Transfer and Disclosure of Personal Data

Within the respective Imprivata Group company to which you have applied, only those persons involved in the application process (e.g. line managers, employees and agents of the recruiting and HR departments) have access to your personal data for the purposes mentioned above. Other Imprivata Group companies may also be data controllers of your personal data. Your data may be transferred to the relevant persons worldwide within the Imprivata Group.

If you are hired, your data will be transferred from our application management system to our HR management systems. During this process, your information may be transferred to another company within the Imprivata Group, where it will be processed as employee information subject to the Imprivata Employee Privacy Notice. We may share your personal information with other companies within the Imprivata Group for the purpose of contract fulfillment and for our legitimate interest in organizing our internal operations.

We may disclose your personal data to other data controllers only if this is necessary for the application, if the third party or we have a legitimate interest in the disclosure, or if you have given your consent.

In addition, we use service providers to, among other things, fulfill our contractual and legal obligations. Where these service providers process personal data on our behalf, we have entered into the required data protection agreements with them. We select our service providers carefully and monitor them regularly, particularly regarding their careful handling and protection of the data they store and process. All service providers are required to maintain confidentiality and comply with applicable law. Third-party service providers may include but are not limited to background check companies (as indicated above), travel providers, and conferencing system providers. You may be asked to provide your personal data directly to these third parties in certain cases, and in such cases, the third party’s respective privacy terms will govern your provision of personal data to them in accordance with the section titled “Third-Party Sites” below. Service providers may also be other companies within the Imprivata Group.

International Transfers

Your personal data may be stored and processed in any country where Imprivata has facilities or in which Imprivata engages service providers. By using our websites or disclosing information to Imprivata, you consent to the transfer of information to countries outside of your country of residence, which could have different data protection rules than those of your country or the country in which you were located when you initially provided the information. Where required, Imprivata puts in place a solution to ensure that personal data transferred outside of the EEA is subject to adequate protection in compliance with applicable laws.

Imprivata complies with the EU-U.S. Data Privacy Framework, the Swiss-U.S. Data Privacy Framework, and the UK Extension to the EU-U.S. Data Privacy Framework (collectively, the “Data Privacy Framework”). Imprivata is committed to subjecting all personal data received from European Union (EU) member countries, the United Kingdom, and Switzerland, respectively, in reliance on each Data Privacy Framework, to the Data Privacy Framework’s applicable Principles. To learn more about the Data Privacy Frameworks, and to view Imprivata's certification, visit the U.S. Department of Commerce’s Data Privacy Framework website: https://www.dataprivacyframework.gov/. Click here to access Imprivata’s Data Privacy Framework Policy.

Imprivata is responsible for the processing of personal data it receives, under the Data Privacy Framework, and subsequently transfers to a third party acting as an agent on its behalf. Imprivata complies with the Data Privacy Framework Principles for all onward transfers of personal data from the EU, the United Kingdom, and Switzerland, including the onward transfer liability provisions.

With respect to personal data received or transferred pursuant to the Data Privacy Framework, Imprivata is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission.

Data Retention and Data Storage Protection

In general, we store your data for as long as necessary for the purposes for which it was collected or processed, or for as long as we have a legitimate interest in storing the data. In all other cases, we will delete or aggregate your personal data, or if this is not possible due to practical or legal requirements, then Imprivata will securely store your Personal Data, except for data that we are required to retain, in order to comply with legal obligations. The length of time for which we retain information depends on the purposes for which we collected and used it, requirements of applicable laws, the amount, nature, and sensitivity of the information, the potential risk of harm from unauthorized use or disclosure of the information, the resolution of any pending or threatened disputes, and enforcement of our agreements.

Upon completion of the application process (e.g., rejection by us or withdrawal by you), we will generally delete your personal data within six months.

We maintain physical, technical, and administrative safeguards that align with industry leading standards and are designed to protect personal data against accidental, unlawful or unauthorized access, destruction, loss, alteration, disclosure or use.

Your Rights

According to data protection laws applicable to you, you may have the right to access, the right to rectification/correction, the right to erasure/deletion, the right to restriction of data processing, the right to data portability/access, and the right not to be discriminated or retaliated against for exercising your above rights.

Furthermore, you have the right to lodge a complaint with a data protection supervisory authority if you believe that the processing of your personal data is not lawful.

If the processing is based on your consent, you have the right to withdraw your consent to the use of your personal data at any time. Please note that revocation only has a future effect. Please also note that we may need to retain certain information for a period of time in order to comply with legal requirements.

In accordance with the CPRA and other similar laws, as applicable, you have a right to know:

  • The categories of personal data we have collected about you;
  • The categories of sources from which the personal data was collected;
  • The categories of personal data about you we disclosed for a business purpose, sold, or shared, and the categories of third parties to whom the personal data was so disclosed, sold or shared, by category or categories of personal data for each category of third parties or persons to whom the personal data was disclosed, sold, or shared;
  • The categories of third parties to whom the personal data was disclosed for a business purpose, sold, or shared;
  • The business or commercial purpose for collecting, selling, or sharing the personal data; and
  • The specific pieces of personal data we have collected about you.

We do not “sell” or “share” data as these terms are specifically defined in certain US state data privacy laws such as the CPRA.

For more information on the personal data we collect, including the sources from which we receive such data, please review the “Categories of Processed Data” and “Collection of Personal Data” sections above. We collect and use these categories of personal data for the business purposes described in the “Purposes of Processing and Legal Basis” section above.

We use and partner with different types of entities to assist with our recruiting operations. Please review the “Transfer and Disclosure of Personal Data” section above for more detail about these disclosures.

How to Exercise Your Rights

If you have an account with us, you may exercise some of your rights by accessing your account or you may contact privacycommittee@imprivata.com. Imprivata will need to verify your identity in order to process any requests and will need your name, email address, and phone number to do so. Imprivata responds to requests within 30 days or other applicable period permitted by law. If a request requires additional time to be processed, Imprivata will notify you in writing. Certain exceptions apply in the law. If your request is denied, Imprivata will provide you with the reasons for such a denial.

If we are unable to verify your identity, we may deny your request. You can designate an authorized agent to submit requests on your behalf. However, we will require written proof of the agent’s permission to do so and verify your identity directly. We may not be able to provide all of the information requested or fulfill your request due to certain exceptions enumerated under applicable law. In such a case, you will inform you of the reasons we cannot fulfill all or parts of your request.

Right to object

Insofar as the processing of your personal data is carried out for the protection of legitimate interests, you have the right to object to the processing of this data at any time for reasons arising from your particular situation. We will then no longer process this personal data unless we can demonstrate compelling legitimate grounds for the processing. These must outweigh your interests, rights, and freedoms, or the processing must serve the assertion, exercise, or defense of legal claims.

If you have any questions about your individual rights, please feel free to contact us at any time: privacycommittee@imprivata.com.

Third-Party Sites

Imprivata may permit you to link to other websites on the Internet (“Third-Party Sites”), and other websites may contain links to our websites. These Third-Party Sites are not under Imprivata's control, and such links do not constitute an endorsement by Imprivata of those Third-Party Sites or the services offered through them. The privacy and security practices of Third-Party Sites are not covered by this Privacy Notice and may differ from those of Imprivata. Imprivata encourages you to read the privacy statement of any Third Party Sites because Imprivata is not responsible for Third-Party Sites' content, policies, or privacy or security practices.

Changes to This Privacy Notice

Imprivata will review this Privacy Notice annually and may amend where necessary. Use of information Imprivata currently collects is subject to the Privacy Notice in effect at the time such information is used. If Imprivata makes material changes to this Privacy Notice, Imprivata will notify you by posting the revised notice on its website or sending you an email, so you are always aware of what information Imprivata collects, how Imprivata uses it, and under what circumstances if any, it is disclosed.

Questions or Concerns

Your privacy is important to us. If you have any questions, concerns, or would like to submit a complaint regarding data privacy, please email privacycommittee@imprivata.com. You may also visit https://imprivatadsr.ethicspoint.com for more details and to submit a Data Subject Request.

Individuals and the data protection supervisory authorities in the EU may also contact our EU representative according to Art. 27 GDPR:
Imprivata OGiTiX GmbH, Hans-Böckler-Str. 12, 40764 Langenfeld, Germany
eurepresentative@imprivata.com