Candidate Privacy Policy
	Jimmy's Cookies, LLC (“Company”, “we”, or “us”) values the trust you place in us when you give us
	access to your personal data. We respect the privacy rights of individuals and are committed to
	handling personal information responsibly and in accordance with applicable laws.
	The Company is a “data controller” of your personal data (for the purpose of the General Data
	Protection Regulation (“GDPR”) and is responsible for the lawfulness of what we do with your
	personal data. These Privacy Policy provisions will apply to our processing of your personal
	information where you apply to a job opening posted directly by us. Where you apply to a job
	opening for our Company through the application process of another source, such as a job board,
	that source may collect and retain your personal information as part of the application process.
	Any use of your personal information by another source shall be in accordance with that source’s
	own Privacy Policy.
	We use Applicant Tracking Software, branded as PrismHR Hiring, an online applicant tracking
	tool, as a “data processor” to process personal information on our behalf. Applicant Tracking
	Software is only entitled to process your personal data in accordance with our instructions.
Data Protection Principles
Your data will be:
	- Used lawfully, fairly and in a transparent way.
- 
		Collected only for valid purposes that we have clearly explained to you and not used in any way
		that is incompatible with those purposes.
	
- Relevant to the purposes we have told you about and limited only to those purposes.
- Accurate and kept up to date.
- Kept only as long as necessary for the purposes we have told you about.
- Kept securely.
Security Technology and Practices
	We always transmit and store personal information securely. This prevents potential hackers from
	“tapping” a data conversation. The data security standards we have in place include auditing,
	logging, backups, and safe-guarding data. Our servers are housed in datacenters that are ISO27001
	certified, the highest and most current standard for managing systems and data securely. All
	datacenter facilities are protected by professional security staff utilizing video surveillance,
	intrusion detection systems and other electronic means. Authorized staff must pass two-factor
	authentication a minimum of two times to access data center floors. We are SOC 2 compliant and
	audited annually by a third party CPA firm.
	No method of transmission over the Internet, or method of electronic storage, is 100% secure,
	however. Therefore, we cannot guarantee its absolute security. If you have any questions about
	security on our website, you can contact us at
	support@applicant-tracking.com.
Data Retention
Your personal data will be deleted upon receipt of a written request by you to us.
What information do we collect as part of the application process?
	We may collect and process some or all of the following types of information from you when you
	apply for one of our positions:
	- Name and other personal information such as gender, date and place of birth;
- Contact information, such as address, telephone number, and e-mail address;
- 
		Employment history (including current and/or previous employers, job titles, or positions) and
		references;
	
- 
		Other academic, professional, training and salary-related information, such as academic degrees
		and professional qualifications;
	
- 
		Your CV/résumé (which may include details of any memberships or interests constituting Sensitive
		Personal Information (as that term is defined herein));
	
- 
		National identifiers such as nationality/ies, national IDs/passport, social security/ insurance
		numbers, immigration information, and visa status;
	
- 
		Information relating to previous applications you have made to our Company and/or any previous
		employment history with our Company;
	
- A record of your progress through any hiring process we may conduct;
- If you contact us, we may keep a record of that correspondence;
- Your video interview if one was performed; and
- 
		Any other information you voluntarily provide throughout the process, including information
		provided during an interview or as part of an assessment.
	
Sensitive Personal Information
	- 
		As a general rule, during the recruitment process, we try not to collect or process any
		“Sensitive Personal Information” unless authorized by law or where necessary to comply with
		applicable laws. Sensitive Personal Information includes the following: information that reveals
		your racial or ethnic origin, religious, political, or philosophical beliefs, or trade union
		membership; genetic data; biometric data for the purposes of unique identification; or
		information concerning your health, sex life, or sexual orientation.
	
- 
		However, in some circumstances, we may need to collect, or request on a voluntary disclosure
		basis, some Sensitive Personal Information for legitimate recruiting-related purposes. For
		example, information about your racial/ethnic origin, gender and disabilities may be collected
		for the purposes of equal opportunities monitoring, to comply with anti-discrimination laws and
		for government reporting obligations. Any reports prepared for this purpose would not contain
		personal information, i.e., the information would be aggregated and anonymized. Furthermore,
		information about your physical or mental condition may be collected in order to consider
		accommodations we need to make for the recruitment process and/or subsequent job role.
	
- 
		You may provide, on a voluntary basis, other Sensitive Personal Information during the
		recruiting process.
	
	Information we may collect from other sources (in each case where permissible and in
	accordance with applicable law):
	- References provided by referees;
- 
		Other background information provided or confirmed by academic institutions and training or
		certification providers;
	
- Criminal records data obtained through criminal records checks;
- 
		Information provided by background checking agencies and other external database holders (for
		example credit reference agencies and professional / other sanctions registries);
	
- Information provided by recruiting or executive search agencies; and
- 
		Information collected from publicly available sources, including any social media platforms you
		use or other information available online.
	
	If you fail to provide personal data when requested, which is necessary for us to consider your
	application (such as evidence of qualifications or work history), we may not be able to process
	your application further. For example, if we require references for this role and you fail to
	provide us with relevant details, we will not be able to take your application further.
What other information do we collect?
Social Media Widgets
	- 
		Our website includes Social Media Features, such as the Facebook and Twitter buttons or
		interactive mini-programs that run on our site. These Features may collect your IP address,
		which page you are visiting on our site, and may set a cookie to enable the Feature to function
		properly. Social Media Features and Widgets are either hosted by a third party or hosted
		directly on our site. Your interactions with these Features are governed by the privacy policy
		of the company providing it.
	
Purposes for processing personal information
Application Information
	- 
		We collect this personal information to be used primarily for recruiting purposes – in
		particular, to determine your qualifications for employment and to make a hiring decision. This
		includes assessing your skills, qualifications and background for a particular role, verifying
		your information, carrying out reference and / or background checks (where applicable) and
		generally managing the hiring process and communicating with you about it.
	
- 
		If you are accepted for a role at our Company, the information collected during the recruiting
		process will be processed in accordance with applicable law, including any Employee Privacy
		Notice, a copy of which will be provided when you are on-boarded as an employee if applicable.
	
- 
		If you are not successful, we may still keep your application to allow us to consider you for
		other suitable openings with our Company in the future.
	
Automated Decision Making
	We may use Applicant Tracking Software’s technology in order to automatically sort, select, rate,
	or filter candidates using criteria specified by us. However, any decision made with respect to
	hiring a candidate for one of our positions will be made by our staff.
Disclosures of your personal information and transfers abroad
	We take care to allow access to personal information only to those who require such access to
	perform their tasks and duties, and to third parties who have a legitimate purpose for accessing
	it. Whenever we permit a third party to access personal information, we will implement appropriate
	measures to ensure the information is used in a manner consistent with this Notice and that the
	security and confidentiality of the information is maintained.
Transfers Within Our Company
	- 
		Your personal information may be shared with other members of our Company around the world in
		order to administer our recruitment processes and store data.
	
Transfers to Third Party Service Providers
	- 
		In accordance with applicable law, certain personal information may be made available to third
		parties who provide services relating to the recruiting process, including (a) recruiting or
		executive search agencies involved in your recruiting; (b) background checking or other
		screening providers and relevant local criminal records checking agencies; (c) data storage,
		shared services and recruiting platform providers, IT developers and support providers and
		providers of hosting services; and (d) third parties who provide support and advice including in
		relation to legal, financial / audit, management consultancy, insurance, health and safety,
		security and intel and whistleblowing / reporting issues.
	
- 
		Your personal information may also be disclosed to third parties of other lawful grounds,
		including: (a) where you have provided your consent; (b) to comply with our legal obligations,
		including where necessary to abide by law, regulation or contract, or to respond to a court
		order, administrative or judicial process, including, but not limited to, a subpoena, government
		audit or search warrant; (c) in response to lawful requests by public authorities (including for
		tax, immigration, health and safety, national security or law enforcement purposes); (d) as
		necessary to establish, exercise or defend against potential, threatened or actual legal claims;
		(e) where necessary to protect your vital interests or those of another person; and/or (f) in
		connection with the sale, assignment or other transfer of all or part of our business.
	
Transfers Abroad
	- 
		Your personal information may be processed by third parties for the reasons explained in this
		Notice, third party vendors, who may be based in countries other than your country of residence.
		These countries may have data protection laws that are different, and potentially less
		protective, than the laws of your own country. However, our Company will implement measures with
		any recipients of your personal information to ensure it remains protected in accordance with
		this Notice and applicable data protection laws.
	
Legal basis for processing your personal information (EEA applicants only)
	Under European data protection law, our legal basis for collecting and processing your personal
	information will depend on the information concerned and the context in which we collect it.
	However, we will normally collect personal information from you only where: (a) the processing is
	in our legitimate interests (as summarized above) (and not overridden by your data protection
	interests or fundamental rights and freedoms); (b) we need the information to comply with
	applicable immigration and/or employment laws and regulations; (c) we need the information to take
	steps prior to entering an employment contract with you, where you are considered for employment;
	(d) you have made the data public; (e) we have your consent to do so; and (f) we need to protect
	the rights and interests of our Company, our employees, applicants and others, as required and
	permitted by applicable law.
	Where we rely on your consent to collect and process your personal information, you have the right
	to withdraw or decline your consent at any time. Please note that withdrawing your consent will
	not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it
	affect processing of your personal information conducted in reliance on lawful processing grounds
	other than consent.
Your rights in connection with personal data
Under certain circumstances, by law you have the right to:
	- 
		Request access to your personal data (commonly known as a “data subject access request”).
		This enables you to receive a copy of the personal data we hold about you and to check that it
		is being lawfully processed.
	
- 
		Request correction of the personal data that we hold about you. This enables you to have
		any incomplete or inaccurate data we hold about you corrected.
	
- 
		Request erasure of your personal data. This enables you to ask us to delete or remove
		personal data where there is no good reason for us continuing to process it. You also have the
		right to ask us to delete or remove your personal data where you have exercised your right to
		object to processing (see below).
	
- 
		Object to processing of your personal data where we are relying on a legitimate interest
		(or those of a third party) and there is something about your particular situation which makes
		you want to object to processing on this ground. You also have the right to object where we are
		processing your personal data for direct marketing purposes.
	
- 
		Object to decisions being taken by automated means which produce legal effects concerning
		you or similarly significantly affecting you.
	
- 
		Request the restriction of processing of your personal data. This enables you to ask us
		to suspend the processing of personal data about you, for example if you want us to establish
		its accuracy or the reason for processing it.
	
- Request the transfer of your personal data to another party.
	If you would like to exercise any of those rights, please contact us using our Contact information
	below, allow us to collect enough information to identify you, and provide us with the information
	to which your request relates.
Links to 3rd party sites
	Our site includes links to other websites whose privacy practices may differ from those of our
	Company. If you submit personal information to any of those sites, your information is governed by
	their privacy policies. We encourage you to carefully read the privacy policy of any website you
	visit.
Who to contact
	Please address any questions or requests relating to this Notice to
	support@applicant-tracking.com.
	You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO),
	the UK supervisory authority for data protection issues.