F5 Recruiting Privacy Notice
Effective Date: 5 March 2020
F5 Networks, Inc. has prepared this F5 Recruiting Privacy Notice (“Notice”) to be provided to F5 job applicants and other individuals whose personal data we process for recruiting purposes (collectively, “Candidates”). The purpose of this Notice is to give you information about the sorts of personal data we may collect, process, and use for these purposes—and the circumstances in which we may use it.
F5 needs to process certain personal data in order to evaluate your candidacy and, if you are to be hired, prepare for your employment with F5, such as making arrangements to pay you and provide you with benefits. There are also statutory requirements and other contractual requirements with which we must comply regarding your job application and any hiring process. If we are unable to carry out the processing activities that we describe in this Notice, we may not be able to evaluate your candidacy or hire you. Of course, we hope it would never come to that, and we would attempt to discuss it with you first if it seemed like a real possibility, but this is information we are obliged to provide to you as part of this Notice.
Under the EU General Data Protection Regulation (“GDPR”) and similar laws, to the extent they apply, F5 is a "controller" of this data, which means that F5 will be directly responsible for the processing of your personal data. When we say "F5," "we," or "us" in this document, we mean the F5 Group company to which you are applying for a job, or which is recruiting you. In addition, you will see several references to the “F5 Group,” which includes all other F5 entities globally.
This Notice does not guarantee that you will be hired and, if you are hired, this document will not be not part of your contract of employment. We may update this Notice from time to time, for example if we implement new systems or processes that involve the use of personal data in a way not described in this Notice.
1. What categories of personal data does F5 collect about me?
F5 will collect, process, and use the following categories of personal data (which we collectively refer to as “Candidate Data”):
- Identification data, which includes your name, citizenship, photo, passport data, immigration status, information about dependents, date and place of birth, social security number, signature, as well as other government-issued identification information.
- Contact details, such as your home address, telephone number, and email address.
- Career and education information, such as position, business title, employee type, management level, time type (full- or part-time and percentage), work location, division, department, position level, manager (name and ID), support roles, start and end date, job history (including position history, title history, effective dates, and past pay groups), CV or resume, qualification testing results, education history, skills, certifications, background check results (to the extent permissible by the applicable local laws), worker history (including log-files of changes in human resources databases), reason for leaving, and other information from interviews with you, your references, or other third parties.
- Organizational data, including IDs for IT systems, company details, and cost center allocations.
- Other data you provide to us that is relevant to the potential employment relationship, including information gathered about you through interviews with you.
- Other data from third-party sources that is relevant to the potential employment relationship, such as, but not limited to third party development test providers, and including information from other F5 Group companies, publicly available sources, and non-publicly available sources, as described in more detail below in Section 4.
2. What “Sensitive Candidate Data” does F5 collect and process?
In addition to the collection, processing, and use of the Candidate Data, and depending on how far your candidacy proceeds, and which countries you and F5 are in, F5 may collect, process, and use the following special categories of personal data about you, which we describe as "Sensitive Candidate Data":
- Health and medical data, to the extent these can be shared with F5 in accordance with the applicable laws, such as information on disability for purposes of accommodations in the interview process and the workplace and compliance with legal obligations.
- Criminal records data, if F5 has conducted or received the results of criminal records background checks in relation to you, where relevant and appropriate to your desired role and to the extent such checks are authorized pursuant to applicable local laws.
- Trade union membership, where required to address labor laws.
- Legally protected classification information, such as the optional collection of information about ethnicity by F5 entities in the United States for jobs there, in connection with their legal obligation to request such information on a voluntary basis to monitor compliance with equal opportunity legislation.
3. Why does F5 need to collect and process my Candidate Data and Sensitive Candidate Data?
We collect and use Candidate Data and Sensitive Candidate Data for a variety of reasons related to your candidacy (the “Processing Purposes”). We’ve compiled a list of these reasons along with examples of some of the Candidate Data used for each of these Processing Purposes:
- Evaluating and responding to your employment application, including reviewing your education and job history, facilitating interviews, checking references and conducting background checks, and notifying you of relevant additional vacancies with us that may interest you. This involves the processing of identification data, contact details, information about your job record and, where appropriate and permitted by law, other personal history, including other information about you that you provide to us or that we collect from third-party sources.
- Setting up your employment and compensation, including to secure travel or employment visas, and establish payroll and other compensation and benefits. This involves the processing of identification data; contact details; information about your job record, salary, benefits, and equity compensation; and organizational data.
- Setting up your access to IT systems and support to enable you and others to perform work if hired, to enable our business to operate, to enable us to identify and resolve issues in our IT systems, and to keep our systems secure. This involves processing identification information.
- Complying with applicable laws and employment-related and pre-employment-related requirements along with the administration of those requirements, such as income tax, social security deductions, and employment and immigration laws. This involves the processing of identification data, contact details, information about your job record, organizational data, and, where appropriate and permitted by law, other personal history, including other information about you that you provide to us or that we collect from third-party sources.
- Monitoring and ensuring compliance with applicable policies, procedures, and laws, including conducting internal investigations. This involves the processing of identification data; contact details; information about your job record; background check; salary, benefits, and equity compensation; organizational data, and, where appropriate and permitted by law, other personal history, including other information about you that you provide to us or that we collect from third-party sources.
- Communicating with you, F5 employees, and third parties. This involves the processing of identification data, contact details, information about your job record, organizational data, and, where appropriate and permitted by law, other personal history, including other information about you that you provide to us or that we collect from third-party sources.
- Responding to and complying with requests and legal demands from regulators or other authorities in or outside of your home country. This involves the processing of identification data; contact details; information about your job record; salary, benefits, and equity compensation; and organizational data, and, where appropriate and permitted by law, other personal history, including other information about you that you provide to us or that we collect from third-party sources.
- Complying with corporate financial responsibilities, including audit requirements (both internal and external) and cost/budgeting analysis and control. This involves the processing of identification data; contact details; information about your job record; salary, benefits, and equity compensation; and organizational data.
4. How do we collect this information?
In most cases, F5 collects personal data directly from you. For example, we typically collect Candidate Data and Sensitive Candidate Data from you:
- During the recruitment process, such as in interviews.
- In preparation for the start of employment. (Note that F5 Group companies use different privacy policies for the personal data they hold regarding individuals who have become employees.)
At times, F5 may also receive personal data about you from third-party sources, including:
- Other F5 Group companies.
- Recruitment consultants, external recruiters, and other referral sources.
- Background check agencies, if you participate in a background check process in compliance with local law.
- Other Service Providers (as defined in Section 6 below) that assist us with recruiting efforts, such as a travel agency.
- Former employers.
- Other references you provide.
- Publicly available sources, such as your professional LinkedIn profile, your professional profile on your current employer’s website, speaker bios on the websites of professional conferences where you have spoken, articles you have published, and press releases or other company announcements.
5. Why does F5 need to collect, process, and use my Candidate Data and Sensitive Candidate Data?
Both the Candidate Data and Sensitive Candidate Data are needed by F5 to carry out a variety of activities that are linked to your employment application and potential employment, F5's compliance with obligations as a result of evaluating your candidacy and potentially employing you, and F5’s operations as a business.
Where applicable, certain data protection laws outside of the United States require us to explain to you the legal bases for our collection, processing, and use of your Candidate Data and Sensitive Candidate Data. We have a number of these, so to make sure you have the full picture we have listed them all below:
For Candidate Data, our legal bases are:
- Taking steps at your request prior to entering into a contract of employment or other contract with you.
- Compliance with legal obligations, in particular in the area of labor and employment law, social security and social protection law, data protection law, tax law, and corporate compliance laws.
- Legitimate interest of F5 and F5 affiliates.
- Your consent, where it is appropriate and allowed or required by local data protection law.
For Sensitive Candidate Data, our legal bases are:
- Explicit consent, as allowed or required by local data protection law.
- Carrying out the obligations and exercising the specific rights of F5 or you in the field of employment, social security, and social protection law as permitted by local data protection law and/or a qualifying collective agreement.
- Establishing, exercising, or defending legal claims or whenever courts are acting in their judicial capacity.
- For substantial public interest as permitted by local data protection law.
- For assessment of your potential working capacity as permitted by local data protection law.
We appreciate that this is a lot of information, and we want to be as clear with you as possible over what it all means. Where we reference “legitimate interests of F5 or third parties,” this can include:
- Implementation and operation of a group-wide matrix structure and group-wide information sharing.
- Human resources management.
- Workplace safety.
- Prevention of fraud, misuse of company IT systems, or money laundering.
- Physical security, IT, and network security.
- Addressing certain domestic or foreign legal requirements.
- Internal investigations.
- Dispute resolution.
- Mergers and acquisitions.
6. Who might F5 share my personal data?
As previously noted, we are part of the global F5 Group and several entities in this group are involved in the Processing Purposes. To ensure that the Processing Purposes can be completed, your information may be shared with any of the entities within the F5 Group. Where we do share data in this way, however, it is our policy to limit the categories of individuals who have access to that personal data.
F5 may transfer personal data to third parties, including to entities within and outside of the F5 Group, which may be based in any jurisdiction where F5 Group entities are located, for the Processing Purposes as follows:
- Within the F5 Group. Because the relevant F5 employer is part of a wider group with global headquarters in the United States, all of which partially share management, human resources, legal, compliance, finance, and audit responsibility, F5 may transfer the Candidate Data and Sensitive Candidate Data to, or otherwise allow access to, such data by F5 Networks, Inc. and other entities within the F5 Group, which may use, transfer, and process the data for the Processing Purposes and otherwise pursuant to this Candidate Notice.
- Communication with third parties. As necessary in connection with business operations, work contact details, communication contact details, and other personal data may be transferred to existing or potential business partners, suppliers, government officials, or other third parties as appropriate for the particular business operation.
- Regulators, authorities, and other third parties. As necessary for the Processing Purposes described above, personal data may be transferred to regulators, courts, and other authorities (e.g., tax and law enforcement authorities), independent external advisors (e.g., auditors and legal advisors), directors within the F5 Group, insurance carriers, benefits providers, internal compliance, and investigation teams (including external advisors appointed to conduct internal investigations).
- Acquiring entities. If the F5 business for which you have applied (or another F5 Group member processing your personal data) is sold or transferred in whole or in part (or such a sale or transfer is being contemplated), your personal data may be transferred to the new employer or potential new employer as part of the transfer itself or as part of an initial review for such transfer (i.e., due diligence), subject to any rights provided by applicable law, including jurisdictions where the new employer or potential new employer are located.
- Service providers. As necessary for the Processing Purposes described above, personal data may be shared with one or more third parties, whether affiliated or unaffiliated, to process personal data under appropriate instructions ("Service Providers"). For example, the Service Providers may carry out instructions related to recruiting administration, IT system support, training, compliance, and other activities relevant to the Processing Purposes, and will be subject to appropriate contractual obligations.
We are a global company with headquarters in the United States, and the F5 affiliates and third parties with whom we share Candidate Data and Sensitive Candidate Data as described in this Privacy Notice are located in the United States and elsewhere in the world, including countries where privacy laws may not provide as much protection as your country. F5 complies with legal requirements for protecting the movement of data across borders, including through the use of European Commission-approved Standard Contractual Clauses or by relying on the third party’s participation in the EU-U.S. or Swiss-U.S. Privacy Shield Frameworks. You may request a copy of the Standard Contractual Clauses by contacting us as described below.
7. How long will F5 keep my personal data?
It is our policy not to keep personal data for longer than is necessary for the Processing Purposes. Where personal data is kept beyond the time that we normally would need to keep it, that period will be determined based on the applicable local law.
8. What rights do I have with respect to my personal data?
Under certain data protection laws such as the GDPR, candidates have a number of special rights in relation to their Candidate Data and Sensitive Candidate Data. These can differ by country and are typically subject to important exceptions, but, where they apply, they can be summarized in broad terms as follows:
(i) Right of access.
This is the right to confirm with us whether your personal data is processed, and if it is, to request access to that personal data including the categories of personal data processed, the purpose of the processing, the recipients or categories of recipients, and other information about the processing. We do have to consider the interests of others though, and in some cases permitted by law we may charge a fee.
(ii) Right to rectification.
This is the right to rectify inaccurate or incomplete personal data concerning you.
(iii) Right to erasure.
This is the right to ask us to erase certain personal data concerning you.
(iv) Right to restriction of processing.
This is the right to request that we restrict processing of your personal data.
(v) Right to data portability.
This is the right to receive certain personal data concerning you, which you have provided to us, in a structured, commonly used, and machine-readable format and you may have the right to have the data transmitted to another entity.
(vi) Right to object.
This the right to object, on grounds relating to your situation, at any time to the processing of your personal data, including profiling, by us and we can be required to no longer process your personal data.
(vii) Right to withdraw consent.
Where we process your personal data on the basis of your consent, this is the right to withdraw that consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal. Where we are required to have your consent to engage in the processing, your withdrawal of consent may affect our ability to maintain some or all of our relationship with you, such as our ability to provide certain benefits. We would be happy to discuss in advance the impact of your withdrawal of a consent for any particular processing of your personal data.
(viii) Right to lodge a complaint with a supervisory authority.
You also have the right to lodge a complaint with the competent data protection supervisory authority, which depends on the country in which you are located. If you are located in the EEA, you can see a list of competent data protection authorities here.
To exercise any of these rights, please contact us as stated in the How to Contact Us section below.
9. How Information is Secured
F5 uses security measures to protect personal data against loss, misuse, and unauthorized or accidental access, disclosure, alteration and destruction. These include policies and technical, physical, and organizational measures to help secure and protect personal data. However, no security is perfect, and we do not promise that any information will always remain secure.
10. How to Contact Us
If you have concerns or questions regarding this Notice or if you would like to exercise rights you may have as a data subject, please use section 13.How to contact us in F5 Privacy Notice or:
F5 Networks Limited
Attn: Privacy Office
Chertsey Gate West
43-47 London Street Chertsey
SURREY KT16 8AP
F5 Networks, Inc.
Attn: Privacy Office
801 5th Ave, Seattle, WA 98104
You can also contact our Data Protection Officer:
Dr. Felix Wittern
Am Sandtorkai 68
Candidates for jobs in India can contact our Grievance Officer:
Skyview Bldg 20
8TH Floor, Unit 801-804
SY NO 83/1
PLOT NO 22 23 24 31 32 33