Last updated: July 18, 2018
WHO WE ARE
Lightbend data controllers are Lightbend, Inc., Lightbend SARL, Lightbend AB and Lightbend Canada ULC.
WHAT PERSONAL DATA WE COLLECT
To the extent permitted by applicable law, Lightbend will collect the following types of personal data from or about applicants:
General personal data
- Personal details - personal (contact) details such as your name and first name(s), address, email address, telephone number or other contact information, degree/title, date of birth and gender.
- Recruitment or selection data - any personal data contained in your CV, resumes and application form, references, record of interview or interview notes, and selection and verification records, previous (job) experience and references, professional certifications, special skills including (driver) licenses, language skills, memberships of committees or other bodies and education history.
- Any other personal data which you choose to disclose to Lightbend during the course of your application process.
Special categories of personal data
In general, in connection with the recruitment process, no special categories of personal data are processed by Lightbend, unless you voluntarily provided us with such data as part of your application procedure (via your CV, letter of motivation or during the job interview). Depending on the job you apply for, we may deem it necessary to start a background check on you where authorized by applicable laws.
PURPOSES AND LEGAL BASES FOR WHICH WE USE PERSONAL DATA
We collect and use this personal data for your application process with us. More specifically, we use your data for the following purposes and on the following legal bases:
General personal data
- Necessary for the performance of a contract - for the performance and administration of the application process, the processing is necessary for security- and access control and our application procedure, e.g. checking references. Moreover, we process your personal data to handle requests, complaints or questions from you.
- Legitimate interest - we may use the aforementioned personal data for security, development and management of our business operations and the screening procedure. In addition, we use your personal data to make strategic decision we deem necessary. We do so where legitimate interests pursued by Lightbend is not overridden by the interests or fundamental rights and freedoms of our applicants.
- Necessary for compliance with legal obligations - for complying with applicable laws and regulations, compliance with requests from governmental agencies or judicial services and other employment laws and regulations applicable to us and to exercise and defend (potential) legal claims.
WHO WE SHARE YOUR PERSONAL DATA WITH
We may share personal data of our applicants:
- Authorized employees of data controller, but on a strict need-to-know bases only and employees who are involved in the application process.
- Service Providers. We may engage third party vendors, agents, service providers, and affiliated entities to provide services to us on our behalf, such as support for IT services. In providing their services, they may access, receive, maintain or otherwise process personal data on our behalf. Consistent with applicable legal requirements, we take commercially reasonable steps to require third parties to adequately safeguard your personal data and only process it in accordance with our instructions.
- Third parties in case of legal requirement. We may also disclose your personal data if we believe we are required to do so by law, or that doing so is reasonably necessary to comply with legal processes (e.g. tax authorities), when we believe necessary or appropriate to disclose personal data to law enforcement authorities, such as to investigate actual or suspected fraud or violations of law, breaches of security, or breaches of this Policy, to respond to any claims against us and, to protect the rights, property, or personal safety of Lightbend, our customers, or the public.
We will take reasonable steps to ensure that your personal data are properly secured using appropriate technical, physical, and organizational measures, so that they are protected against unauthorised or unlawful use, alteration, unauthorised access or disclosure, accidental or wrongful destruction, and loss.
We take steps to limit access to your personal data to those persons who need to have access to it for one of the purposes listed in this Policy. Furthermore, we contractually ensure that any third party processing your personal data equally provide for confidentiality and integrity of your data in a secure way.
We retain your personal data for as long as required to satisfy the purpose for which they were collected and used, unless a longer period is necessary for our legal obligations or to defend a legal claim. We retain your personal data for a maximum of 12 months, so we can contact you for any future vacancies. In case you want us to delete your personal data sooner or if you have any other questions, please contact firstname.lastname@example.org.
Your Personal Data may be transferred to -and maintained on- computers located outside of your state, province, country or governmental jurisdiction where the data protection laws may differ those from your jurisdiction. If you are located outside the USA, please note that the information you provide (as described above under "What Personal Data we Collect") will be transferred to the USA, where the level of data protection may not be equivalent to the level of protection applicable at your location.
Where we are legally required to do so, transfers of personal data to parties outside the EU/EEA and Switzerland shall be made pursuant to the European Commission-approved Standard Contractual Clauses or other legally acceptable mechanisms that ensure that there is always an adequate level of protection with regard to your personal data.
Where applicable, you are entitled to receive a copy of the relevant contract showing that appropriate safeguards have been taken to protect your personal data during such transfer.
We will take steps in accordance with applicable legislation to keep your personal data accurate, complete and up-to-date. You are entitled to have any inadequate, incomplete or incorrect personal data corrected (that is, rectified). You also have the right to request access to your personal data and to obtain a copy of it as well as additional information about the processing and to request us to erase the personal data we hold about you. In cases where we rely on your consent for using your personal data, you can withdraw such consent at any time by sending an email to: email@example.com.
The following rights apply in addition to the above to European and Swiss residents:
- Right to restriction: you have the right to restrict the processing of your personal data, for example in case we no longer need your personal data in view of the initial purposes but they are required by us for the establishment, exercise of defence of legal claims.
- Right to object: you have the right to object to our processing of your personal data which is based on our legitimate interests. We will no longer process your personal data upon your request, unless we have compelling legitimate grounds for the continuation of the processing which override your interests, rights and freedoms, or for the establishment, exercise or defence of legal claims.
- Right to data portability: under circumstances, you have the right to have your personal data transmitted to another data controller in a structured, commonly used and machine-readable format.
- Right to obtain a copy of personal data safeguards used for transfers outside your location: you can ask to obtain a copy of, or reference to, the safeguards under which your personal data is transferred outside of the European Union and Switzerland. We may redact data transfer agreements to protect commercial terms.
- Right to lodge a complaint: in case you have a question or complaint about how we process your personal data, you can send an email to firstname.lastname@example.org. It is also a possibility to lodge a complaint with the competent supervisory data protection authorities or courts.
- If you reside in France, you also have the right to issue directives relating to your digital legacy.
For further information regarding your rights, or to exercise any of your rights, please contact us at email@example.com or see section 'How you can contact us' for more details. We may ask you for additional information to confirm your identity and for security purposes, before disclosing the personal data requested to you. We reserve the right to charge a fee where permitted by law, for instance if your request is manifestly unfounded or excessive.
Subject to legal and other permissible considerations, we will make every reasonable effort to honour your request promptly or inform you if we require further information in order to fulfil your request.
We may not always be able to fully address your request, for example if it would impact the duty of confidentiality we owe to others, or if we are legally entitled to deal with the request in a different way.
HOW YOU CAN CONTACT US
If you have any questions or concerns regarding our use of your personal data, or to exercise any of your rights, please contact firstname.lastname@example.org.
CHANGES TO THIS POLICY
Lightbend will inform you of any changes to the description of personal data or the purposes for which personal data are held or used. This Policy was last updated on July 18, 2018.