Axonius Global Job Candidate Privacy Notice

This Privacy Notice describes Axonius, Inc. and its affiliated companies (collectively, “Axonius”, “we”, “our” or “us”) privacy practices regarding job candidates or applicants who apply or are recruited for a job with us (“Candidate”). 

Axonius is a remote-first global company, with entities in the US, the UK, Portugal and Israel. While this Notice is intended to describe the broadest range of our privacy practices globally, those practices may vary based on the local legal requirements. This Notice does not create or form part of any contract for employment or otherwise. 

We collect Personal Data directly from a Candidate (such as when a Candidate submits the job application or during the recruitment process - including interviews), indirectly from a Candidate (such as when a Candidate interacts with our website), or via third parties or sources (such as job boards and professional networking websites, Candidate’s named references, other Axonius personnel, background check providers, employment agencies and recruiters, publicly accessible sources, and our service providers). We may combine the Personal Data that the Candidate provides us with Personal Data provided via third parties and sources.

The provision of Personal Data is mostly necessary for us to consider the application (such as evidence of qualifications or work history), and we will not be able to process the application successfully if the related Personal Data is not provided. The provision of some more sensitive Personal Data is voluntary (e.g., information about ethnicity, health conditions, religious beliefs, sexual orientation, and Personal Data provided through interview recordings) and will not have an impact on our consideration of the job application.

We, our service providers and contractors maintain, store and process Personal Data in the US, the UK, the EEA, and Israel as well as other locations as reasonably necessary for the purposes of processing listed above, or as may be required by law.

While privacy laws may vary between jurisdictions, Axonius, its service providers and contractors are committed to handling the transfer of Personal Data in accordance with any appropriate lawful mechanisms and contractual terms, including (where appropriate) standard contractual clauses or similar mechanism adopted by the EU or the UK, to ensure an adequate level of protection.

We retain Personal Data for as long as we deem reasonably necessary to fulfill the purposes of processing listed above, taking into account the amount, nature and sensitivity of the Personal Data, the potential risk of harm from unauthorized use or disclosure, and applicable legal and regulatory requirements.

We implement systems, applications, and procedures to safeguard Personal Data, to minimize the risks of theft, damage, loss, or unauthorized access or use of information. These measures provide robust, industry-standard security. To learn more about our cybersecurity program, please visit https://www.axonius.com/security-program.

In order to pursue the purposes of processing listed above, we may disclose Personal Data in the following ways:

Axonius affiliated companies; Change of control: We may disclose Personal Data internally within our group. In addition, should Axonius or any of its affiliates undergo any change in control or ownership, including by means of merger, acquisition or purchase of substantially all or part of its assets, or will be considered or found eligible for a governmental grant and/or a potential investment, Personal Data may be shared with the parties involved in such an event. 

Service providers and contractors: We may, upon the execution of a written contract, engage selected service providers, to perform services on our behalf, or contractors, to provide complementary services that help us manage the recruiting process and operate our business and, limited to this purpose, grant them access to Personal Data as necessary. Such service providers and contractors may include or be related to job boards, recruiters, interviewing and testing services, pre-employment screening, interview travel booking and expense reimbursement (where applicable), relocation (where applicable), recruitment analytics and software providers, and our business, immigration, legal, financial and compliance advisors. 

Government or law enforcement authorities: We may disclose Personal Data to government or law enforcement authorities if (a) we believe that disclosure is reasonably necessary to comply with any applicable law, regulation, legal process, or governmental request; (b) to enforce our agreements, policies, and terms of service; (c) the disclosure is appropriate in connection with efforts to investigate, prevent, or take action regarding actual or suspected illegal activity, fraud, or other wrongdoing; or (d) such disclosure is required to protect our legitimate business interests, including the security or integrity of our assets, personnel, and rights.

Additional disclosures: We may disclose Personal Data in additional manners, pursuant to the Candidate request or consent, if we are legally obligated to do so, or if we have successfully anonymized such Personal Data.

We do not sell Candidate Personal Information, or share it with third parties for cross-context behavioral advertising purposes.

To the extent available in the appropriate jurisdiction, Candidates may have rights concerning their Personal Data. To exercise these privacy rights – please submit a data subject Request via our dedicated page or contact us by e-mail at [email protected]. 

When Candidates ask us to exercise any of their privacy rights, we may require additional information, including certain Personal Data, in order to authenticate and process the request. Such additional information may be then retained by us for legal purposes (e.g., as proof of the identity of the person submitting the request).

US Data Protection Rights

Depending on the US state of residence and applicable laws, Candidates may have the right to:

• know whether or not we currently process (or have processed in the last 12 months) Personal Information, as well as information regarding our privacy practices related to the handling of Personal Information;
• access and receive a copy of the Personal Information we have collected in the prior 12 months;
• request that we correct inaccuracies in Personal Information;
• request the deletion of Personal Information that we have collected, subject to certain conditions and exceptions;
• opt-out of targeted advertising. We do not currently process Personal Information in this manner; 
• limit the use and disclosure of Sensitive Personal Information. We do not currently process Personal Information outside of the purposes allowed by the applicable laws;
• opt-out of sale or sharing of Personal Information. We do not currently process Personal Information in this manner;
• receive a copy of Personal Information in a portable and readily usable format;
• not be subject to discrimination for the exercise of these privacy rights;
• designate someone as an authorized agent to submit requests and act on Candidate’s behalf. To do so, the Candidate must provide us with written permission to the authorized agent. 

Israel Data Protection Rights

Subject to applicable laws, Candidates may have the right to:

• request confirmation of the processing of Personal Data;
• request access to Personal Data;
• receive copies of Personal Data;
• request that we correct inaccuracies in Personal Data;
• withdraw consent;
• delete Personal Data.

European Economic Area (EEA) and United Kingdom (UK) Data Protection Rights 

Subject to applicable laws, Candidates may have the right to:

• request access to, or to receive copies of, Personal Data, as well as with information regarding our privacy practice related to the handling of Personal Data;
• request rectification of any inaccuracies in Personal Data;
• request, on legitimate grounds, the erasure of Personal Data; 
• request, on legitimate grounds, the restriction of Personal Data processing activities;
• object, on grounds relating to their particular situation, to the processing of Personal Data by us or on our behalf; and the right to object to the processing of Personal Data, by us or on our behalf for direct marketing purposes; 
• have the Personal Data transferred to another controller, to the extent applicable;
• withdraw consent, where we process the Personal Data on the basis of it;
• not be subject to automated decision making, including profiling, which produces legal effects concerning the Candidate, under certain conditions;
• lodge complaints with a data protection authority regarding the processing of Personal Data by us or on our behalf.

Switzerland Data Protection Rights

Subject to applicable laws, Data Subjects may have the right to:

• request access to, or to receive copies of, Personal Data, as well as with information regarding our privacy practice related to the handling of Personal Data;
• request rectification of any inaccuracies in Personal Data;
• request the erasure, deletion, destruction or anonymization of Personal Data, to the extent applicable; 
• object, to the processing of Personal Data by us or on our behalf, including the right to restrict or prohibit the processing, or request the prohibition of a specific disclosure, to the extent applicable; 
• have the Personal Data transferred to another controller, to the extent applicable;
• not be subject to automated decision making, including the right to be heard in the case of automated decision making, to the extent applicable;
• have the Personal data marked as being disputed;
• lodge complaints with a data protection authority regarding the processing of Personal Data by us or on our behalf, and request that any judgment be communicated to third parties or published.

Updates and Amendments: We may update and amend this Privacy Notice from time to time by posting an updated version on our website. The amended version will be effective as of the date it is published. 

For any questions, concerns or complaints regarding this Privacy Policy or our privacy practices, Candidates are welcome to contact us at the following alternative contact points: 

• Data Protection Officerat: [email protected], or via post at:
  • 41 Madison Ave Floor 37, New York, NY 10010, USA 
  • 16 Great Queen Street, Covent Garden, London, United Kingdom, WC2B 5AH
  • 32 Menachem Begin Street, The Circular Tower, Floor 23 Tel Aviv, Israel 6701101.
  • Centro Empresarial Torres de Lisboa, Rua Tomás da Fonseca, Torre A, 13º Piso, C - D, 1600-209 Lisboa, Portugal.