1. Scope

Like most businesses, we hold and process a wide range of information, some of which relates to individuals who are applying to work for us. This notice explains the type of information we process, why we are processing it and how that processing may affect you.  

The notice focuses on individuals who are applying to work for us and the data we process as part of that process. We have a separate Workplace Privacy Notice that applies to our current and former employees.

This notice is set out in this document (the Core Notice) and the Supplementary Information in the Annex 1 to this document. We have also provided local information, which makes clear any differences in your particular jurisdiction. This can be found in Annex 2.

In the Supplementary Information, we explain what we mean by “personal data”, “processing”, “special personal data” and other terms used in the notice.  
In brief, this notice explains:

  1. what personal data we hold and why we process it;
  2. the legal grounds which allow us to process your personal data;
  3. where the data comes from, who gets to see it and how long we keep it;
  4. how to access your personal data and other rights;
  5. how to contact us.

2. Personal data—what we hold and why we process it

We process data for the purposes of our business including recruitment, management, administrative, employment and legal purposes.  The Supplementary Information provides more specific information on these purposes, on the type of data that may be processed and on the grounds on which we process data. 

See Legal grounds for processing personal data and Further information on the data we process and our purposes.

3. Where the data comes from and who gets to see it

Some of the personal data that we process about you comes from you.  For example, you tell us your contact details and work history.  If you are joining us, you may provide your banking details.  

Other personal data may come from third parties such as recruiters acting on your behalf or from your references.  

Your personal data will be seen internally by managers, HR and, in some circumstances (if you join us) colleagues.  We will where necessary and as set out in this privacy notice also pass your data outside the organisation, for example to people you are dealing with and payroll agencies.  

Further information on this is provided in the Supplementary Information.  See Where the data comes from and Who gets to see your data

4. How long do we keep your personal data?

We do not keep your personal data for any specific period but will not keep it for longer than is necessary for our purposes.  In general, if you become employed by us we will keep your personal data for the duration of your employment and for a period afterwards. If you are unsuccessful in gaining employment with us, we will likely keep your personal data for a short period after informing you that you were unsuccessful.  

See Retaining your personal data—more information in the Supplementary Information. 

5. Transfers of personal data outside the EEA, UK, and Switzerland

We will where necessary and as set out in this privacy notice transfer your personal data outside the EEA or UK to members of our group and processors in other jurisdictions in which we are established.  

Further information on these transfers and the measures taken to safeguard your data are set out in the Supplementary Information under Transfers of personal data outside the EEA, UK, and Switzerland—more information.

6. Your data rights

You have a right to make a subject access request to receive information about the data that we process about you. Further information on this and on other rights is in the Supplementary Information under Access to your personal data and other rights. We also explain how to make a complaint about our processing of your data.

7. Contact details 

In processing your personal data, both the SingleStore entity you are applying to work for and SingleStore, Inc. will act as a data controller. We can be contacted at: 

SingleStore, Inc.
534 Fourth Street
San Francisco, California 94107

Email: DPO@singlestore.com 

Further contact details are set out in Annex 2 - Information Relevant to your Jurisdiction.  

8. Status of this notice

This notice does not form part of any contract of employment you might enter into and does not create contractual rights or obligations. It may be amended by us at any time. Nothing in this notice is intended to create an employment relationship between SingleStore and any non-employee.


Annex 1: Supplementary informationannex-1

1. What do we mean by “personal data” and “processing”?

“Personal data” is information relating to you (or from which you may be identified) which is processed by automatic means or which is (or is intended to be) part of a structured manual filing system. It includes not only facts about you, but also intentions and opinions about you.

Data “processed automatically” includes information held on, or relating to use of, a computer, laptop, mobile phone or similar device. It covers data derived from equipment such as access passes within a building, data on use of vehicles and sound and image data such as CCTV or photographs.

"Processing" means doing anything with the data. For example, it includes collecting it, holding it, disclosing it and deleting it.

Personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, health, sexual orientation, sex life, trade union membership and genetic and biometric data are subject to special protection and considered by data protection laws to be “special category data”.

References in this notice to employment, work (and similar expressions) include any arrangement we may have under which an individual provides us with work or services, or applies for such work or services. By way of example, when we mention an “employment contract”, that includes a contract under which you provide us with services; when we refer to ending your potential employment, that includes terminating a contract for services. We use the word “you” to refer to anyone within the scope of the notice.

2. What are the grounds for processing?

Under data protection law, there are various grounds on which we can rely when processing your personal data. In some contexts more than one ground applies. We have summarised these grounds as Contract, Legal obligation, Legitimate Interests and Consent and outline what those terms mean in the following table.

Term

Ground for processing

Explanation

Contract

Processing necessary for performance of a contract with you or to take steps at your request to enter a contract

This covers carrying out our contractual duties and exercising our contractual rights.

Legal obligation

Processing necessary to comply with our legal obligations

Ensuring we perform our legal and regulatory obligations. For example, providing a safe place of work and avoiding unlawful discrimination.

Legitimate Interests

Processing necessary for our or a third party’s legitimate interests

We or a third party have legitimate interests in carrying on, managing and administering our respective businesses effectively and properly and in connection with those interests processing your data.

Your data will not be processed on this basis if our or a third party’s interests are overridden by your own interests, rights and freedoms.

Consent

You have given specific consent to processing your data

In general processing of your data in connection with employment is not conditional on your consent. But there may be occasions where we do specific things such as provide a reference and rely on your consent to our doing so.

3. Processing Special personal data

If we process special personal data about you (for example (but without limitation), storing your health records to assist us in ensuring that we provide you with a healthy and safe work workplace or processing personal data relating to diversity monitoring), as well as ensuring that one of the grounds for processing mentioned above applies, we will make sure that one or more of the grounds for processing special personal data applies. In outline, these include:

  • Processing being necessary for the purposes of your or our obligations and rights in relation to employment in so far as it is authorised by law or collective agreement;

  • Processing relating to data about you that you have made public (e.g. if you tell colleagues that you are ill);

  • Processing being necessary for the purpose of establishing, making or defending legal claims;

  • Processing being necessary for provision of health care or treatment, medical diagnosis, and assessment of your working capacity;

  • Processing for equality and diversity purposes to the extent permitted by law.

4. Further information on the data we process and our purposes

The Core Notice outlines the purposes for which we process your personal data. More specific information on these, examples of the data and the grounds on which we process data are in the table below.

The examples in the table cannot, of course, be exhaustive. For example, although the table does not mention data relating to criminal offences, if we were to find out that someone applying to work for us was suspected of committing a criminal offence, we might process that information if relevant for our purposes. If necessary we will also require criminal background checks for certain roles – for example those working in financial roles or with minors.

Purpose

Examples of personal data that may be processed

Grounds for processing

Recruitment

Standard data related to your identity (e.g. your name, address, email address, ID information and documents, telephone numbers, place of birth, nationality, contact details, professional experience and education (including university degrees, academic records, professional licenses, memberships and certifications, awards and achievements, and current and previous employment details), financial information (including current salary information) language skills, and any other personal data that you present us with as part of your application related to the fulfilment of the role.

Information concerning your application and our assessment of it, your references, any checks we may make to verify information provided or background checks and any information connected with your right to work.

If necessary, we will also process information concerning your health, any disability and in connection with any adjustments to working arrangements.

Contract

Legal obligation

Legitimate interest: carry out informed recruitment decisions

Administering our recruitment process

Evaluating your experience and qualifications against the requirements of the position you are applying for.

Administering our online careers portal.

Communicating with you in respect of any offer of employment we choose to make and providing you with information about our onboarding process.

Contract

Legitimate interests: to keep accurate recruitment records

Entering into a contract with you (if you are made an offer by us)

Information on your terms of employment from time to time including your hours and working patterns, your pay and benefits, such as your participation in pension arrangements, life and medical insurance; and any bonus or share schemes.

Contract

Contacting you or others on your behalf

Your address and phone number, emergency contact information and information on your next of kin.

Contract

Legal obligation

Legitimate interest: the ability to contact you, or others on your behalf in an emergency

Financial planning and budgeting

Information such as your proposed salary and (if applicable) envisaged bonus levels.

Legitimate interests: keeping up to date financial budgets

Physical and system security

CCTV images upon attendance for interview at our premises.

Legal obligation

Legitimate interest: the ability to keep our locations secure, provide a safe environment for our personnel

Monitoring of diversity and equal opportunities

Information on your nationality, racial and ethnic origin, gender, sexual orientation, religion, disability and age as part of diversity monitoring initiatives. Such data will aggregated and used for equality of opportunity monitoring purposes. Please note we may share aggregated and anonymized diversity statistics with regulators if formally required / requested.

Legitimate interest: to ensure that we have an equal and diverse workforce

Article 9(2) GDPR/UK GDPR condition: processing is necessary for reasons of substantial public interest

Disputes and legal proceedings

Any information relevant or potentially relevant to a dispute or legal proceeding affecting us.

Legitimate interest: the ability to respond to and defend against legal claims

Please note that if you accept an offer from us the business will process further information as part of the employment relationship. We will provide you with our full Workplace Privacy Notice as part of the on-boarding process.

5. Where the data comes from

When you apply to work for us the initial data about you that we process is likely to come from you: for example, contact details, bank details and information on your immigration status and whether you can lawfully work. Where necessary and in accordance with this privacy notice, we will require references and information to carry out background checks. If you have concerns about this in a particular context, you should speak to your recruiter or our HR department.

Please note we may also receive data from third party recruiters, agents and similar organisations as a part of the recruitment process.

Who gets to see your data?

6. Internal use

Where necessary and as set out in this privacy notice, your personal data will be disclosed to relevant proposed managers, HR and administrators for the purposes of your application as mentioned in this document. We will also disclose this to other members of our group where necessary for decision making regarding your application—this will depend on the type of role you are applying for.

7. External use

We will only disclose your personal data outside the group if disclosure is consistent with a ground for processing on which we rely and doing so is lawful and fair to you.

We will disclose your data if it is necessary for our legitimate interests as an organisation or the interests of a third party (but we will not do this if these interests are over-ridden by your interests and rights in particular to privacy). Where necessary, we will also disclose your personal data if you consent, where we are required to do so by law and in connection with criminal or regulatory investigations.

Specific circumstances in which your personal data may be disclosed include:

  • Disclosure to organisations that process data on our behalf such as our payroll service, insurers and other benefit providers, our bank and organisations that host our IT systems and data. This would normally occur if you accept an offer from us and would be carried out as part of the on-boarding process;

  • To third party recruitment consultants and similar businesses (including online recruitment portals) as a part of the recruitment process;

8. Retaining your personal data—more information

Although there is no specific period for which we will keep your personal data, we will not keep it for longer than is necessary for our purposes. In general if you are successful in becoming employed by us, we will keep your personal data for the duration of your employment and for a period afterwards. If you are unsuccessful in gaining employment with us, we will likely keep your personal data for a short period after informing you that you were unsuccessful. In considering how long to keep your data, we will take into account its relevance to our business and your potential employment either as a record or in the event of a legal claim.

If your data is only useful for a short period (for example, CCTV footage data) we will delete it.

9. Transfers of personal data outside the EEA, UK, or Switzerland— more information

In connection with our business and for employment, administrative, management and legal purposes, we will where necessary and as set out in this privacy notice transfer your personal data outside the EEA, UK, or Switzerland to members of our group and data processors in other jurisdictions in which we are established. We will ensure that any transfer is lawful and that there are appropriate security arrangements.

In relation to intra-group transfers, the members of the SingleStore group of companies have entered into an agreement ensuring appropriate and suitable safeguards with SingleStore controllers/processors outside the EEA, UK, and Switzerland. These are in standard terms approved by the European Commission or UK government.

10. Access to your personal data and other rights

We try to be as open as we reasonably can about personal data that we process. If you would like specific information, just ask us.

You also have a legal right to make a “subject access request”. If you exercise this right and we hold personal data about you, we are required to provide you with information on it, including:

  • Giving you a description and copy of the personal data

  • Telling you why we are processing it

If you make a subject access request and there is any question about who you are, we may require you to provide information from which we can satisfy ourselves as to your identity.

As well as your subject access right, you may have a legal right to have your personal data rectified or erased, to object to its processing or to have its processing restricted. If you have provided us with data about yourself (for example your address or bank details), you have the right to be given the data in machine readable format for transmitting to another data controller. This only applies if the ground for processing is Consent or Contract.

If we have relied on consent as a ground for processing, you may withdraw consent at any time – though if you do so that will not affect the lawfulness of what we have done before you withdraw consent.

11. Complaints

If you have complaints relating to our processing of your personal data, you should raise these with your HR contact in the first instance or with our General Counsel. You may also raise complaints with your statutory regulator.


Annex 2 – Information relevant to your jurisdictionannex-2

Ireland

If you are applying in Ireland, the following additional information applies.

The statutory regulator is the Data Protection Commissioner.

Irish Data Protection Commission - Homepage | Data Protection Commission

Data controllerContact

SingleStore Ireland Ltd

First Floor, Block One, Quayside Business Park, Dundalk, Louth, Ireland A91 DP8R

Portugal

If you are applying in Portugal, the following additional information applies.

The statutory regulator is Comissão Nacional de Protecção de Dados (CNPD).

Comissão Nacional de Protecção de Dados - CNPD

Data controllerContact

SingleStore Portugal, Unipessoal LDA

Avenida Antonio Augusto de Aguiar N 88 2 Andar, Lisboa Portugal 1050-018

United Kingdom

If you are applying in the United Kingdom, the following additional information applies.

The statutory regulator is the ICO.

Information Commissioner's Office (ICO)

Data controllerContact

SingleStore UK, Ltd

100, New Bridge Street, London, England EC4v 6JA

Please note that this Recruitment Privacy Notice (including the information detailed below), along with other related policies and/or protocols, shall form our policy for processing special data and criminal convictions data as required by the UK Data Protection Act 2018 (Schedule 1 Part IV).

Description of special data processed:

  • nationality, racial and ethnic origin, gender, sexual orientation, religion, disability age, and data concerning health. We also process criminal convictions data as part of the hiring process for certain roles.

Schedule 1 conditions for processing:

  • processing is necessary for reasons of substantial public interest relating to equality of opportunity or treatment (Schedule 1 Part II section 8(1) UK Data Protection Act 2018);

  • processing is necessary for the purposes of performing or exercising obligations or rights which are imposed or conferred by law on the controller in connection with employment (Schedule 1 Part I section 1 UK Data Protection Act 2018). 

Procedures for ensuring compliance with the principles:

  • Accountability principle: 

    • We maintain appropriate documentation of our processing activities, as set out in our Article 30 record of processing; 

    • We have appropriate data protection policies in place, such as our Document Retention Policy; 

    • We carry out data protection impact assessments (DPIA) for uses of personal data that are likely to result in high risk to individuals’ interests.

  • Principle (a): lawfulness, fairness and transparency:

    • We identify an appropriate lawful basis for processing and a further Schedule 1 condition for processing special data, as set out in this Recruitment Privacy Notice;

    • We make appropriate privacy information available with respect to the special data, as set out in this Recruitment Privacy Notice;

    • We are open and honest when we collect the special data and we ensure we do not deceive or mislead people about its use, by making this Recruitment Privacy Notice available. 

  • Principle (b): purpose limitation

    • We have clearly identified our purposes for processing the special data, as set out in this Recruitment Privacy Notice;

    • We have included appropriate details of these purposes in our privacy information for individuals, as set out in this Recruitment Privacy Notice;

    • If we plan to use personal data for a new purpose (other than a legal obligation or function set out in law), we either check that this is compatible with our original purpose or where we have another lawful basis, be transparent about this new processing or get specific consent for the new purpose

  • Principle (c): data minimisation

    • We are satisfied that we only collect special personal data we actually need for our specified purposes;

    • We are satisfied that we have sufficient special data to properly fulfil those purposes;

    • We periodically review this particular special data, and delete anything we don’t need.

  • Principle (d): accuracy

    • We have appropriate processes in place to check the accuracy of the special data we collect, and we record the source of that data;

    • We have a process in place to identify when we need to keep the special data updated to properly fulfil our purpose, and we update it as necessary.  

  • Principle (e): storage limitation

    • We carefully consider how long we keep the special data and we can justify this amount of time;

    • We regularly review our information and erase or anonymise this special data when we no longer need it;

    • We have clearly identified any special data that we need to keep for public interest archiving, scientific or historical research, or statistical purposes.

  • Principle (f): integrity and confidentiality (security)

    • We have analysed the risks presented by our processing and used this to assess the appropriate level of security we need for this data;

    • We have an Information Security Policy regarding this special data and we take steps to make sure the policy is implemented. The Information Security Policy is regularly reviewed by our infosec team; 

    • We have put other technical measures or controls in place because of the circumstances and the type of special data we are processing.