Recruitment Candidate Privacy Statement
A. General Information
When does this Privacy Statement apply?
This Privacy Statement applies to information that can be used to identify you (“Personal Data”) and that you provide to Qualtrics or which is derived from the Personal Data as outlined below.
Who is the Data Controller?
The data controller of www.qualtrics.com is Qualtrics LLC, 333 W. River Park Drive, Provo, UT 84604, United States of America (“Qualtrics”). Where a registration form is presented on this website, the data controller may vary depending on the actual offering or the purpose of the data collection but it is in any case displayed on the individual registration form’s privacy statement. Qualtrics’ data protection officer can be reached at email@example.com.
What Personal Data does Qualtrics collect?
We process certain individually identifiable information about you when you apply for a role with Qualtrics, such as your:
- contact details;
- education details;
- prior work experience; and
- other personal data collected during the course of the recruitment process as part of responses to questions asked.
Why does Qualtrics need your Personal Data?
Qualtrics requires your personal data for the following purposes:
- the creation of your profile;
- application management;
- setting and management of interviews;
- assessment of suitability for the role applied for; and
- to inform you about updates relating to the role you have applied for.
We also required your personal data to comply with contractual and statutory obligations, including checks required by applicable export laws and to stay in touch with you. Although providing your Personal Data is voluntary, without your Personal Data, Qualtrics cannot process your application.
How long will Qualtrics store my Personal Data?
Data collected for the purposes hereunder will be stored only as long as necessary for a specific application, as well as a reasonable transition period thereafter to respond to queries or other matters (e.g., the compliance of Qualtrics’ obligations regarding data retention under applicable laws).
Who are recipients of your Personal Data and where will it be processed?
We transfer your personal data to other Qualtrics group companies; companies within the SAP group; vicarious agents (e.g., third party service providers for consulting services and other additional related services); other services providers (e.g. for the provision of the applications); state agencies, government agencies, regulators and bodies if required by law. Only authorized employees with a need to know have access to your personal data; this includes sharing of your personal data on a “need-to-know” basis between our employees in the recruiting department and other departments involved in the recruitment process.
Certain executives, managers and employees at other companies of the Qualtrics group may also have access to certain personal data, however, on a “need-to-know” basis if there are legitimate business purposes (e.g., enabling employees to arrange an interview or as required during an application process).
As part of a global group of companies operating internationally, Qualtrics has affiliates (the “SAP Group”) and third-party service providers outside of the European Economic Area (the “EEA”) and will transfer your Personal Data to countries outside the EA. If these transfers are to a country for which the EU Commission has not issued an adequacy decision, Qualtrics may use the EU standard contractual clauses to contractually require that your Personal Data receives a level of data protection consistent with the EEA. You can obtain a copy of such standard contractual clauses by sending a request to firstname.lastname@example.org. You can also obtain more information from the European Commission on the international dimension of data protection here.
Qualtrics also bases transfers of Personal Data to the US on the EU-U.S. Privacy Shield and the Swiss-U.S. Privacy Shield. For details about the Privacy Shield program, please visit https://www.privacyshield.gov/.
The key goals of Privacy Shield are to inform both EU and Swiss individuals about:
- the right of individuals to access their personal data
- the choices and means an organization offers individuals for limiting the use and disclosure of their personal data
- the requirement for an organization to disclose personal information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements
Qualtrics’ Privacy Shield self-certification does not cover human resources data.
Privacy Shield may provide individuals the right to (i) access the data that we hold about them, (ii) request that we correct, amend, or delete it if it is inaccurate or processed in violation of the Privacy Shield, or (iii) limit the use and disclosure of their personal information. In compliance with the Privacy Shield Principles, Qualtrics commits to resolve complaints about our collection or use of personal information. EU and Swiss individuals with inquiries or complaints regarding our Privacy Shield policy should first contact Qualtrics at: email@example.com.
Qualtrics has further committed to refer unresolved Privacy Shield complaints to the American Arbitration Association (AAA), an alternative dispute resolution provider located in the United States. If an individual does not receive timely acknowledgment of its complaint from us, or if we have not addressed an individual’s complaint satisfactorily, such individual should contact the AAA for more information or to file a complaint (contact details below). The services of the AAA are provided at no cost.
Because adequate protection is provided by Privacy Shield participants, contracts with Privacy Shield participants for mere processing do not require prior authorization (or such authorization will be granted automatically by the EU Member States), as would be required for contracts with recipients not participating in the Privacy Shield or otherwise not providing adequate protection.
Qualtrics self-certifies with Privacy Shield. A self-assessment is signed by a company officer or other authorized representative of the organization at least once a year and made available upon request by individuals or in the context of an investigation or a complaint about non-compliance. Qualtrics is required to respond promptly to EU or Swiss individual inquiries, and other requests for information from the Department of Commerce relating to its adherence to the Privacy Shield Principles.
Under Privacy Shield, an individual has the right, under certain conditions, to invoke binding arbitration for complaints regarding Privacy Shield compliance not resolved by any of the other Privacy Shield mechanisms. Under Privacy Shield, Qualtrics must respond to individual complaints within 45 days. For additional information, visit here.
Qualtrics’ Independent Dispute Resolution (IDR) Provider is:
American Arbitration Association
International Centre for Dispute Resolution
New York City, New York, USA
What are your data protection rights?
You can request from Qualtrics access at any time to information about which Personal Data Qualtrics processes about you and the correction or deletion of such Personal Data. Please note, however, that Qualtrics can or will delete your Personal Data only if there is no statutory obligation or prevailing right of Qualtrics to retain it. Kindly note further that if you request that Qualtrics deletes your Personal Data, you will not be able to continue with any job application or recruitment process.
If Qualtrics uses your Personal Data based on your consent or to perform a contract with you, you can further request from Qualtrics a copy of the Personal Data that you have provided to Qualtrics. In this case, please contact the email address below and specify the information or processing activities to which your request relates, the format in which you would like to receive this information, and whether the Personal Data should be sent to you or another recipient. Qualtrics will carefully consider your request and discuss with you how it can best fulfill it.
Furthermore, you can request from Qualtrics that Qualtrics restricts your Personal Data from any further processing in any of the following events: (i) you state that the Personal Data Qualtrics has about you is incorrect, subject to the time Qualtrics requires to check the accuracy of the relevant Personal Data; (ii) there is no legal basis for Qualtrics processing your Personal Data and you demand that Qualtrics restricts your Personal Data from further processing; (iii) Qualtrics no longer requires your Personal Data but you state that you require Qualtrics to retain such data in order to claim or exercise legal rights or to defend against third party claims; or (iv) in case you object to the processing of your Personal Data by Qualtrics based on Qualtrics legitimate interest (as further set out below), subject to the time required for Qualtrics to determine whether it has a prevailing interest or legal obligation in processing your Personal Data.
For individuals within the State of California, you instead have the right:
- to request from Qualtrics access to your Personal Data that Qualtrics collects, uses, discloses, or sells (if applicable) about you;
- to request that Qualtrics deletes Personal Data about you;
- to opt-out of the sale of Personal Data, if applicable;
- to non-discriminatory treatment for exercise of any of your data protection rights;
- in case of request from Qualtrics for access to your Personal Data, for such information to be portable, if possible, in a readily usable format that allows you to transmit this information to another recipient without hindrance.
How can you exercise your data protection rights?
Please direct any requests to exercise your rights to firstname.lastname@example.org, or, if you are located in the State of California, you can also call toll-free using the numbers provided here. You can also designate another person to submit requests to exercise your data protection rights to Qualtrics. You can give authorization to such person(s) by granting them a limited power of attorney to exercise your data protection rights on your behalf.
How will Qualtrics verify requests to exercise data protection rights?
Qualtrics will take reasonable steps to ensure that it verifies your identity to a reasonable degree of certainty before it will process the data protection right you want to exercise. When feasible, Qualtrics will match Personal Data provided by you in submitting a request to exercise your rights with information already maintained by Qualtrics. This could include matching two or more data points that are already maintained by us.
In accordance with the verification process set forth in the California Consumer Privacy Act (“CCPA”), Qualtrics will require a more stringent verification process for deletion requests, or for Personal Data that is considered sensitive or valuable, to minimize the harm that might be posed to you by unauthorized access or deletion of your Personal Data. If Qualtrics must request additional information from you outside of information that is already maintained by Qualtrics, Qualtrics will only use it for the purposes of verifying your identity so you can exercise your data protection rights, or for security and fraud-prevention purposes.
Qualtrics will decline to process requests that are manifestly unfounded, excessive, fraudulent, or are not otherwise required by local law.
If you take the view that Qualtrics is not processing your Personal Data in accordance with the requirements in this Privacy Statement or under applicable EEA data protection laws, you can at any time lodge a complaint with the data protection authority of the EEA country where you live.