

Contents
How We Obtain Your Personal Data
How We Share Your Personal Data
Legal Basis for Processing Personal Data
Security and Breach Notification
Cookies and Similar Technologies
How We Treat Do Not Track Signals
Effective date: February 3, 2025.
Please note, this Privacy Notice is available at https://www.icims.com/legal/academy-privacy-notice/ and its related domains and subdomains (each the “Website” as applicable). iCIMS maintains other privacy notices to address specific use cases applicable to iCIMS, which are available at the following locations:
Back to contents
iCIMS, Inc. and its subsidiaries, iCIMS International, LLC, TextRecruit, Inc., Opening HR Limited, EasyRecrue S.A.S., Candidate ID Ltd, and SkillSurvey, Inc. (collectively, “iCIMS,” “we,” or “us”), respects the privacy of its Subscribers, business partners, and prospects who use this Website (collectively, “you”), and we are committed to protecting their respective personal data. To that end, we have put together this iCIMS Academy Privacy Notice (“Privacy Notice”) to give you a better understanding of who we are and our practices with respect to the collection, use, disclosure, and retention of personal data obtained in connection with the use of this Website.
For purposes of this Privacy Notice:
Please take the time to read this Privacy Notice and the related statements in their entirety to ensure you are fully informed. If you have any questions or concerns about our processing of your personal data, please contact us by using the contact details under the “Contact Information” heading below.
As further described below, we collect several types of personal data from and about you that broadly falls into the following three (3) categories:
1. Personal data you voluntarily provide to us:
In each case, the personal data collected may include (but is not limited to):
If we ask you to provide any other personal data not described above, then the personal data we will ask you to provide, and the reasons why we ask you to provide it, will be made clear to you at the point we collect it. If we ask you to provide personal data that we consider to be mandatory for us to administer your relationship with us, we will inform you of such at the time of collection. In addition, we will also inform you of the consequences for not providing us with the mandatory personal data.
2. Personal data from third parties.
From time to time, we may collect and use personal data we receive about you from third parties in connection with your use of the Website or attendance at a training event. For instance, we may receive personal data about you from our business partners or service providers related to your use of the Website or registration information for training. We also use third parties for reporting and analytics to measure the effectiveness of our Website, marketing, and training efforts, and to identify areas for improvement.
We may combine personal data we collect from third parties with personal data you provide us to update, expand, or provide you with tailored information regarding our software, services, and training materials.
3. Data we collect as you navigate through the Website.
As is true of most websites, we gather certain data automatically. This data may include Internet protocol (“IP”) addresses, browser type, Internet service provider (“ISP”), referring/exit pages, the files viewed on our site (e.g., HTML pages, graphics, videos, and other content), operating system, date/time stamp, and/or clickstream data to analyze trends in the aggregate and administer the site.
Skilljar, the third-party service provider that hosts and provides the functionality of the Website, uses cookies or similar technologies to provide and administer the Website, and for tracking, analytics and personalization and optimization of the Website. You can control the use of cookies at the individual browser level, but if you choose to disable cookies, it may limit your use of certain features or functions on the Website. For more information about Skilljar’s use of cookies and similar technologies, please see Skilljar’s Privacy Notice.
We may use personal data that we collect about you for the following purposes:
Our processing of Personal Data for the purposes described in this Privacy Notice also includes the use of automated methods of processing, including machine learning and artificial intelligence to analyze your Personal Data and determine trends,
If we need to process your personal data for an incompatible purpose not discussed in this Privacy Notice, we will provide notice to you and, if required by law, seek your consent. We may process your personal data without your knowledge or consent only where required or permitted by law.
iCIMS limits access to your personal data to only those who need access to perform their tasks and duties, and to third parties who have a legitimate purpose for processing or accessing it. As such, we may share your personal data as described in this Privacy Notice to the following categories of recipients:
Please note that we do not sell (as defined in applicable data protection and privacy laws) your personal data (and will not sell it without providing any required notices and/or opt-in/opt-out rights).
If you are a resident of the EEA, the UK, or Switzerland, our legal basis for collecting and using the personal data described above will depend on the personal data concerned and the context in which we collect it. However, we will normally collect and/or process your personal data pursuant to one or more of the following legal bases:
If we ask you to provide personal data to comply with a legal requirement or to perform a contract with you, we will make this clear at the relevant time and let you know whether the provision of your personal data is mandatory or not (as well as the possible consequences if you do not provide it). Similarly, if we collect and use your personal data in reliance on our legitimate interests (or those of a third party) that are not listed above, we will make clear to you at the relevant time what those legitimate interests are. If you have questions about or need further information concerning the legal basis on which we collect and use your personal data, please contact us using the contact details provided in the “Contact Information” section below.
iCIMS or its appointed service providers or contractors may collect, use, process, store and disclose your personal data outside of your home country, including in the U.S., and in some cases, other countries, for the purposes described in this Privacy Notice. These countries may have data protection and privacy laws that are different than the laws of your home country. iCIMS only transfers personal data to another country in accordance with applicable data protection and privacy laws, provided there are legally adequate protections in place for the personal data. A list of iCIMS’ global offices is available here.
If your personal data is processed within the EEA, the UK, or Switzerland, and for onward transfers of personal data to iCIMS’ appointed service providers or contractors, iCIMS and its appointed service providers and contractors, will protect your personal data (as defined in the European Union’s (“EU”) General Data Protection Regulation (“GDPR”)) when it is transferred outside of the EEA, UK, or Switzerland by:
If you require further information about our international transfers of personal data, please contact us by using the contact details under the “Contact Information” heading below.
iCIMS, Inc. and certain of its subsidiaries listed here comply with the EU-U.S. Data Privacy Framework (“EU-U.S. DPF”), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (“Swiss-U.S. DPF”) as set forth by the U.S. Department of Commerce. iCIMS has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (“EU-U.S. DPF Principles”) with regard to the processing of personal data received from the EEA in reliance on the EU-U.S. DPF and from the UK (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF. iCIMS has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (“Swiss-U.S. DPF Principles”) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this Privacy Notice and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (“DPF”) program, and to view our certification, please visit the https://www.dataprivacyframework.gov/.
iCIMS is responsible for the processing of personal data it receives under the DPF and subsequently transfers to a third party acting as an agent on its behalf. iCIMS complies with the DPF for all onward transfers of personal data from the EEA, the UK, and Switzerland, including the onward transfer liability provisions.
Although iCIMS also relies on Standard Contractual Clauses or other lawful transfer mechanisms approved by the European Commission (or other relevant governmental authority) to transfer personal data from the EEA, the UK, and Switzerland, iCIMS is committed to maintaining its DPF certification and will honor its obligation to comply with the DPF Principles.
The Federal Trade Commission has jurisdiction over iCIMS’ compliance with the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF. In certain circumstances, iCIMS may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements, but iCIMS will attempt to resist such disclosures when possible.
EEA, UK, and Swiss individuals with inquiries or complaints regarding our privacy practices should first contact iCIMS as provided in the “Contact Information” section below. In compliance with the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF, iCIMS commits to refer unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF to TRUSTe, an alternative dispute resolution provider based in the United States. If you do not receive timely acknowledgment of your DPF Principles-related complaint from us, or if we have not addressed your DPF Principles-related complaint to your satisfaction, please visit https://feedback-form.truste.com/watchdog/request for more information or to file a complaint. The services of TRUSTe are provided at no cost to you.
For complaints regarding DPF compliance not resolved by any of the other DPF mechanisms, you have the possibility, under certain conditions, to invoke binding arbitration. Further information can be found on the official DPF website.
iCIMS maintains appropriate technical and organizational measures, including, but not limited to, reasonably designed administrative, physical, and technical safeguards, designed to protect the personal data obtained as discussed in this Privacy Notice from accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access. iCIMS personnel, service providers, and contractors with access to personal data collected as discussed in this Privacy Notice are required to keep such personal data confidential and secure. iCIMS has a dedicated team responsible for monitoring and responding to security events, and it notifies applicable parties of security or privacy incidents and data breaches in accordance with its incident response procedures and applicable law.
We use the following criteria to determine the length of time for which we retain personal data subject to this Privacy Notice:
When we have no legal obligation or ongoing legitimate business need to process your personal data, we will either delete or anonymize it or, if this is not possible (e.g., because your personal data has been stored in backup archives), then we will securely store your personal data and isolate it from any further processing until deletion is possible. As such, we reserve the right to use such anonymous data for any legitimate business purpose without further notice to you or your consent. In addition, we delete personal data if an individual makes a verifiable request to delete such personal data and no exception applies.
For information about the cookies and other tracking technologies used by our Website and how to manage your settings for these cookies and technologies, please see our Cookie Notice.
Certain jurisdictions may provide you with privacy rights under applicable data protection or privacy law regarding your personal data. In particular, you may have the right to:
These rights may be limited, for example, if fulfilling your request would reveal personal data about another individual, or if you ask us to delete personal data which we are required by law to keep or which we need to defend claims against us.
If you are a California resident, please see our Privacy Notice for California Residents for additional disclosures and information about the personal data we have collected about you over the last 12 months and rights you may have regarding your personal data.
If you do not wish to receive our email marketing communications for promotional purposes, you may opt out by clicking on the “unsubscribe” or “opt out” link in the marketing emails we send you.
If we process your personal data in reliance upon your consent, you can contact us at any time to withdraw your consent.
To exercise any of these rights, please contact us by using the contact details under the “Contact Information” heading below.
We will respond to such requests in accordance with the requirements of applicable data protection and privacy laws. Please note that in order to fulfil your request, we may need you to provide certain personal data to verify your identity. Depending upon applicable data protection and privacy law, individuals may also designate an authorized agent to exercise these rights on their behalf.
Various browsers (i.e., Internet Explorer, Chrome, Firefox, Edge, etc.) may allow a “do not track” (DNT) setting, which sends a signal to websites visited by an individual about their browser DNT setting. At this time, there is no general agreement on how companies, like iCIMS, should interpret DNT signals. Therefore, we do not currently commit to respond to DNT signals. We will continue to monitor developments around DNT browser technology and the implementation of a standard.
This Website may link to websites that are not owned or controlled by iCIMS. As such, this Privacy Notice does not apply to personal data collected on any third party site or by any third party application that may link to or be accessible from the Website. This Privacy Notice does not apply to personal data collected by Subscribers, our business partners, and other third parties or third party applications or services, even if this personal data is collected using our Website or at events.
The Website is not directed to or intended to be used by anyone under the age of 18. We do not knowingly collect personal data from anyone under the age of 18. If you are under 18, please do not attempt to fill out our forms or send any personal data about yourself to us. If we learn that we have collected personal data from a child under age 18, we will delete that data promptly.
iCIMS reserves the right to update or change this Privacy Notice from time to time. If we make material changes to this Privacy Notice, we will post it to the Website prior to or at the time of the change becoming effective. We ask that you review the Privacy Notice periodically to stay informed about any updates or changes that we may have made.
You can see when this Privacy Notice was last updated by checking the “Effective Date” displayed at the top of this Privacy Notice.
To ask questions or comment about this Privacy Notice and our privacy practices or if you need to update, change, or remove your personal data or exercise any other rights, please contact us as follows: