Effective Date: May 19, 2023

iCIMS maintains other privacy notices to address specific use cases applicable to iCIMS, which are available at the following locations:

• If you are a visitor to the icims.com website (“Website”) or a recipient of marketing communications from iCIMS, please refer to https://www.icims.com/legal/privacy-notice-website/ for the iCIMS Privacy Notice relating to the Website and iCIMS’ marketing efforts..
• If you are a California resident, please refer to https://www.icims.com/legal/ccpa-privacy-notice/ for the Privacy Notice for California Residents that contains additional disclosures and information about our privacy practices with respect to the collection, use, and disclosure of personal data of California residents.
• If you are an iCIMS Subscriber, please refer to icims.com/legal/privacy-notice-servicesfor the iCIMS Services Privacy Notice relating to the iCIMS Talent Cloud recruiting platform.
• If you are an applicant for a job or interested in potential employment opportunities at iCIMS, please refer to https://www.icims.com/legal/talent-acquisition-privacy-notice/for the iCIMS Talent Acquisition Privacy Notice relating to applying for a job at iCIMS and iCIMS’ recruitment process.
• If you are an authorized user of iCIMS Academy, please refer to https://academy.icims.com/partner/learn/policy/view;lng=en for the iCIMS Academy Privacy Notice relating to iCIMS’ training platform for Subscribers and partners. (Please note that this link is only available to current iCIMS Academy users who have valid login credentials.)

Introduction

iCIMS, Inc. and its subsidiaries, iCIMS International, LLC, Jibe, Inc., TextRecruit, Inc., Opening HR Limited, EasyRecrue S.A.S., Altru Labs, Inc., Candidate ID Ltd, and SkillSurvey, Inc. (collectively, “iCIMS,” “we,” or “us”), respects the privacy of its employees (collectively, “employee(s) or “you”), and we are committed to protecting their respective personal data. To that end, we have put together this Employee Privacy Notice (“Employee Privacy Notice”) to give you a better understanding of who we are and our practices with respect to the collection, use, disclosure, and retention of personal data obtained in connection with employment at iCIMS.

To see information about iCIMS’ collection and processing of personal data obtained in connection with applying for a job at iCIMS and iCIMS’ recruitment process, please visit the iCIMS’ Talent Acquisition Privacy Notice.

For purposes of this Employee Privacy Notice:

• The term “employee” refers to all current and former employees, directors, officers, and Board members of iCIMS. For the purposes of this Employee Privacy Notice, it also refers to independent contractors engaged by iCIMS, even though they are not otherwise employees.
• The term “personal data” means any information which relates to an identified or identifiable, living individual that directly or indirectly references one or more factors specific to their physical, physiological, mental, economic, cultural, or social identity. Personal data excludes anonymous data.
• The term “sensitive personal data” means personal data of children, or personal data that reveals information about a living individual’s physical or mental health, racial or ethnic origin, political or religious views, trade union membership, sexual orientation, genetic information, biometric information, commission or alleged commission of crime or related proceedings, and, in some countries, financial information.

Please take the time to read this Employee Privacy Notice and the related statements in their entirety to ensure you are fully informed. If you have any questions or concerns about our processing of your personal data, please contact us by using the contact details under the “Contact Information” heading below.

Back to top

Compliance with Local Laws

This Employee Privacy Notice is a general guide on how iCIMS processes its employees’ personal data. As such, employees should be aware that data protection and privacy laws can vary in different jurisdictions where iCIMS operates and has employees. iCIMS’ policy is to comply with applicable laws, including requirements in certain countries that iCIMS notify its employees in that country of its personal data practices, and in some cases, obtain consent to those practices.

Where applicable laws are stricter than the practices described in this Employee Privacy Notice, iCIMS has adopted specific privacy practices in those locations to satisfy those stricter requirements.

Back to top

How We Obtain Your Personal Data

As further described below, we collect several types of personal data from employees, such as the following:

• Identification data. Such as your name, gender, photograph, date of birth, employee identification number, driver’s license, and languages.
• Contact details. Such as home address, telephone, email addresses, and emergency contact details.
• Employment details. Such as job title, position, office location, hire dates, employment contracts, performance and disciplinary records, grievance procedures, and sickness and holiday records.
• Educational and professional background data. Such as academic and professional qualifications, education records, CV/résumé, reference letters, interview notes, and criminal records data (for vetting purposes, where permissible and in accordance with applicable law).
• National identifiers. Such as national ID, passport, immigration status and documentation, visas, social security numbers (for US only), and national insurance numbers.
• Spouse, beneficiary, and dependents information, and marital status.
• Financial data. Such as banking details, tax information, payroll information, withholdings, salary, bonus, benefits, expenses, and company allowances.
• Health data. Such as information about short- or long-term disabilities or illnesses that you might share with your HRBP or manager, particularly in relation to any leave of absence you may need to take.
• IT data. Such as information required to provide and monitor access to iCIMS’ IT systems and networks, specifically including IP addresses, log files, login information, and software and hardware inventories (for further information about how we process IT information, see our “Monitoring” section below).
• Other data you may choose to share with us, such as hobbies, social preferences, or survey data.

We may also collect certain demographic data that qualifies as sensitive personal data, such as race, ethnicity, sexual orientation, and disability to help us understand the diversity of our workforce. When collected, this sensitive personal data is generally done so on a voluntary consensual basis.

Most often, the personal data we collect from employees is collected from them directly. In some cases, we may collect personal data about employees from third parties; for example, when we perform background screening checks that are necessary for the role to be performed by the employee. In most circumstances, we will get your permission before we collect personal data about you from a third party.

If we ask you to provide any other personal data not described above, then the personal data we will ask you to provide, and the reasons why we ask you to provide it, will be made clear to you at the point we collect it. If we ask you to provide personal data that we consider to be mandatory for us to administer your employment relationship, we will inform you of such at the time of collection. In addition, we will also inform you of the consequences for not providing us with the mandatory personal data.

Back to top

How We Use Your Personal Data

iCIMS uses employees’ personal data that it collects primarily for the purposes of managing its employment relationship with its employees, along with other legitimate, business purposes. Such uses include:

• Determining eligibility for hiring, including the verification of references, qualifications, and criminal records checks data (for certain vetting purposes, where permissible and in accordance with applicable law);
• Administering payroll and benefits, processing employee work-related claims (e.g., worker compensation, insurance claims, etc.), and processing leave of absence requests;
• Establishing training and/or development requirements;
• Reviewing work performance and determining performance requirements;
• Enforcing disciplinary actions or termination;
• Establishing emergency contacts and responding to emergencies;
• Complying with applicable laws (e.g., labor and employment, health and safety, tax, and anti-discrimination laws), judicial requests from courts of competent jurisdiction, or exercising or defending legal rights;
• Compiling internal directories, such as employee directories;
• Preventing and detecting fraud or other types of wrongdoing;

• Evaluating or conducting a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which personal data held by us is among the assets transferred;

• Implementing and administering IT systems and information security, including authentication and authorization to access iCIMS’ IT systems and networks;
• Fulfilling the purpose for which you provide it; and
• For other lawful or legitimate purposes, which may be reasonably required for day-to-day operations, such as accounting, financial reporting, and business planning.

If we need to process your personal data for an incompatible purpose not discussed in this Employee Privacy Notice, we will provide notice to you and, if required by law, seek your consent. We may process your personal data without your knowledge or consent only where required by applicable law. Lastly, iCIMS does not subject its employees to automated decision-making.

Back to top

How We Share Your Personal Data

iCIMS takes care to allow your personal data to be accessed only by those who need such access to perform their tasks and duties, and to third parties who have a legitimate purpose for processing or accessing it. As such, we may share your personal data as described in this Employee Privacy Notice to the following categories of recipients:

• To other employees.
• To our subsidiaries, affiliates, or their or our successors or assigns.
• To our private equity investor, Vista Equity Partners, and its affiliates, including Vista Consulting Group (collectively, “Vista”), for administration, research, database development, workforce analytics and business operation purposes, in line with the terms of this Privacy Notice. Vista processes and shares your personal data with its affiliates, including other Vista portfolio companies, on the basis of its legitimate interests in managing, administering and improving its business and overseeing the recruitment process and, if applicable, your employment relationship with iCIMS. If you have consented to us doing so, we also share your personal data with other Vista portfolio companies for the purpose of being considered for other job opportunities in the pooling system, both inside and outside the European Economic Area (“EEA”) and United Kingdom (“UK”). Please find a full list of all Vista portfolio companies at: https://www.vistaequitypartners.com/companies/ and Vista’s privacy policy at https://www.vistaequitypartners.com/privacy/.
• To our contractors, business partners, service providers, and other third parties who require the data to assist us in establishing, managing, or terminating your employment with us, including third parties that provide products or services to us and, by extension, to our employees.
• To a potential buyer (and its agents and advisors) in connection with any proposed merger, acquisition, or any form of sale or transfer of some or all of our assets (including in the event of a reorganization, dissolution or liquidation), in which case, personal data held by us about you will be among the assets transferred to the buyer or acquirer.
• To a third party under the following circumstances where we, in good faith,: (i) believe we are compelled by applicable law or regulation, judicial request from a court of competent jurisdiction, or another legal process or government authority; (ii) find it necessary to exercise, establish or defend our legal rights; (iii) seek to protect iCIMS’ rights or property; (iv) seek to protect iCIMS, our other customers, or the public from harm or illegal activities; (v) seek to respond to an emergency which we believe, in good faith requires us to disclose data to prevent harm; and (vi) rely on your consent.

Please note that we do not sell (as defined in applicable data protection and privacy laws) your personal data (and will not sell it without providing any required notices and/or opt-in/opt-out rights).

Back to top

Legal Basis for Processing Personal Data

If you are an employee in the “EEA” or UK, our legal basis for collecting and using the personal data described above will depend on the personal data concerned and the context in which we collect it. However, we will normally collect personal data from you only where we need the personal data to carry out our employment contract with you, where we need the personal data to comply with our legal obligations or exercise rights in the field of employment, where the processing is in our legitimate interests and not overridden by your data protection interests or fundamental rights and freedoms, or where we have your consent to do so. In some limited cases, we may need the personal data to protect your vital interests or those of another person; for example, we may need to share your personal data with third parties for security reasons (when we believe in good faith that disclosure is necessary to protect our rights, protect your or others’ safety, to investigate fraud, or respond to a related government request).

If we ask you to provide personal data to comply with a legal requirement or to perform a contract with you, we will make this clear at the relevant time and let you know whether the provision of your personal data is mandatory or not (as well as the possible consequences if you do not provide it). Similarly, if we collect and use your personal data in reliance on our legitimate interests (or those of a third party) that are not listed above, we will make clear to you at the relevant time what those legitimate interests are. If you have questions about or need further information concerning the legal basis on which we collect and use your personal data, please contact us using the contact details provided in the “Contact Information” section below.

Back to top

Monitoring

iCIMS physically and electronically monitors its offices, information technology systems, and corporate network for specific, lawful purposes. Where permitted by applicable law, iCIMS may monitor or record activities that involve employee personal data. For example, we may monitor employees’ activity and presence in our offices with badge readers, sign-in technology, and surveillance cameras, or we may monitor or record employees’ activity on our information technology systems and corporate network, such as internet traffic, website filtering, email communications, or systems accessed. We generally conduct monitoring to protect our employees, authorized visitors, and property, and to prevent unauthorized access to our offices.

In addition, iCIMS may carry out monitoring for other purposes such as:

• Validating business transactions;
• Training and evaluation of employee performance;
• Protecting confidential information, intellectual property, and other business interests;
• Investigating breaches of iCIMS policies and procedures, or other unlawful or improper acts;
• Complying with legal obligations; or
• Any other legitimate purpose permitted by applicable law.

iCIMS’ monitoring activities will be done in a manner that is proportionate to the underlying purpose and only as required or permitted by applicable law.

Back to top

International Transfers

iCIMS or its appointed service providers or contractors may collect, use, process, store and disclose employees’ personal data outside of their home jurisdiction, including in the U.S., and in some cases, other countries, for the purposes described in this Employee Privacy Notice. These countries may have data protection and privacy laws that are different than the laws of the respective employee’s home country. iCIMS only transfers personal data to another country in accordance with applicable data protection and privacy laws, provided there are legally adequate protections in place for the personal data.

If an iCIMS’ employee’s personal data is processed within the EEA or UK, and for onward transfers of personal data to iCIMS’ appointed service providers or contractors, iCIMS and its appointed service providers and contractors, will protect that personal data (as defined in the European Union’s (“EU”) General Data Protection Regulation (“GDPR”)) when it is transferred outside of the EEA or UK by:

• Processing it in a territory which the European Commission (or other relevant governmental authority) has determined provides an adequate level of protection for personal data; or
• Otherwise implementing appropriate safeguards to protect your personal data, including through the use of Standard Contractual Clauses or another lawful transfer mechanism approved by the European Commission (or other relevant governmental authority).

Although iCIMS does not rely on the Privacy Shield Frameworks to protect personal data when it is transferred from the EEA or UK to the U.S., iCIMS, Inc. and certain of its subsidiaries continue to participate in and certify their compliance with the EU-U.S. Privacy Shield Framework and subject all personal data received from the EEA and UK to the Privacy Shield Principles. To learn more about the Privacy Shield Frameworks and to view our certification, visit the U.S. Department of Commerce’s Privacy Shield List.

If you require further information about our international transfers of personal data, please contact us by using the contact details under the “Contact Information” heading below.

Back to top

EU-U.S. Privacy Shield Framework

iCIMS, Inc. and certain of its subsidiaries participate in and have certified their compliance with the EU-U.S. Privacy Shield Framework. iCIMS is committed to subjecting all personal data received from the EEA and UK in reliance on the Privacy Shield Framework to the Privacy Shield Principles. To learn more about the Privacy Shield Framework and to view our certification, visit the U.S. Department of Commerce’s Privacy Shield List.

iCIMS is responsible for the processing of personal data it receives, under GDPR and the Privacy Shield Framework, and subsequent transfers to a third party acting as an agent on its behalf. iCIMS complies with GDPR and the Privacy Shield Principles for all onward transfers of personal data from the EEA and UK, including the onward transfer liability provisions.

iCIMS recognizes that the Court of Justice of the European Union ruled in July 2020 that a certification under the EU-U.S. Privacy Shield Framework no longer can serve as the basis by which entities subject to the GDPR transfer personal data to jurisdictions outside the EEA. Although iCIMS now relies on Standard Contractual Clauses or other lawful transfer mechanisms approved by the European Commission (or other relevant governmental authority) to transfer personal data from the EEA and UK, iCIMS will continue to maintain its Privacy Shield certification and will continue to honor its obligation to comply with the Privacy Shield Principles with respect to data that was previously transferred pursuant to the EU-U.S. Privacy Shield Framework.

With respect to personal data received or transferred pursuant to GDPR, iCIMS is subject to the regulatory enforcement powers of the EU in conjunction with the U.S. Federal Trade Commission. For the Privacy Shield Framework, iCIMS is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission. In certain circumstances, iCIMS may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

In compliance with GDPR and the Privacy Shield Principles, iCIMS commits to resolve complaints about our collection and use of your personal data. EEA and UK individuals with inquiries or complaints regarding our privacy practices should first contact iCIMS as provided in the “Contact Information” section below. If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, you have the right to file a complaint with a competent data protection authority, if you are a resident of an EEA member state. As such, iCIMS commits to cooperate with the panel established by the EU Data Protection authorities (“DPAs”) and comply with the advice given by the panel with regard to human resources data transferred from the EU and/or the UK in the context of the employment relationship. iCIMS has further committed to cooperate with EU DPAs for EEA residents with regard to unresolved Privacy Shield complaints concerning human resources data transferred from the EU and/or UK, respectively, in the context of the employment relationship.

Under certain conditions, more fully described on the Privacy Shield website, you may be entitled to invoke binding arbitration when other dispute resolution procedures have been exhausted.

Back to top

Security and Breach Notification

iCIMS maintains appropriate technical and organizational measures, including, but not limited to, reasonably designed administrative, physical, and technical safeguards, designed to protect the personal data obtained as discussed in this Employee Privacy Notice from accidental or unlawful destruction, loss, alteration, unauthorized disclosure and access. iCIMS personnel, service providers, and contractors with access to personal data collected as discussed in this Employee Privacy Notice are required to keep such personal data confidential and secure. iCIMS has a dedicated team responsible for monitoring and responding to security events, and it notifies applicable parties of security or privacy incidents and data breaches in accordance with its incident response procedures and applicable law.

Back to top

Data Retention

Unless a longer retention period is required by law, we will retain your personal data for as long as is needed to fulfill the purposes outlined in this Employee Privacy Notice or for as long as we have a legitimate business interest that is not outweighed by your data protection interests or fundamental rights and freedoms. Generally, this means we will keep your personal data until the end of your employment with us, plus a reasonable period of time after that where necessary to respond to any employment inquiries; to any legal, tax, accounting or administrative matters; or to provide you with ongoing benefits. When we have no ongoing legitimate business need to process your personal data, we will either delete or anonymize it or, if this is not possible (e.g., because your personal data has been stored in backup archives), then we will securely store your personal data and isolate it from any further processing until deletion is possible. As such, we reserve the right to use such anonymous data for any legitimate business purpose without further notice to you or your consent

Back to top

Your Privacy Rights

Certain jurisdictions may provide you with privacy rights under applicable data protection or privacy law regarding your personal data. In particular, you may have the right to:

• be informed about your personal data;
• access your personal data;
• correct any personal data that is inaccurate;
• have your personal data erased;
• restrict or suppress the processing of your personal data;
• obtain and reuse your personal data;
• object to the processing of your personal data;
• object to how your personal data is used in automated decision making, if applicable;
• lodge a complaint with a supervisory authority; and
• obtain a copy of Standard Contractual Clauses (if applicable).

These rights may be limited, for example, if fulfilling your request would reveal personal data about another individual, or if you ask us to delete personal data which we are required by law to keep or which we need to defend claims against us.

If you are a California resident, please see our Privacy Notice for California Residents for additional disclosures and information about the personal data we have collected about you over the last 12 months and rights you may have regarding your personal data.

If we process your personal data in reliance upon your consent, you can contact us at any time to withdraw your consent.

To exercise any of these rights, please contact us by using the contact details under the “Contact Information” heading below.

We will respond to such requests in accordance with the requirements of applicable data protection and privacy laws. Please note that in order to fulfil your request, we may need you to provide certain personal data to verify your identity. Depending upon applicable data protection and privacy law, individuals may also designate an authorized agent to exercise these rights on their behalf.

Back to top

Changes to this Notice

iCIMS reserves the right to update or change this Employee Privacy Notice from time to time. If we make material changes to this Employee Privacy Notice, we will post it to our Employee Handbook and the applicable sections of our Website prior to or at the time of the change becoming effective. We ask that you review the Employee Privacy Notice periodically to stay informed about any updates or changes that we may have made.

You can see when this Employee Privacy Notice was last updated by checking the “Effective Date” displayed at the top of this Employee Privacy Notice.

Back to top

Contact Information

To ask questions or comment about this Employee Privacy Notice and our privacy practices or if you need to update, change, or remove your personal data or exercise any other rights,

• Via Webportal: Click here
• Via Email: privacy@icims.com
• Via Mail:  iCIMS, Inc., Attn: Privacy, Legal Department, 101 Crawfords Corner Road, Suite 3-100, Holmdel, NJ 07733 USA

Back to top