F5 Job Applicant Privacy Notice for Jobs in the European Economic Area
Effective Date: 23 May 2018
F5 Networks, Inc. has prepared this F5 Job Applicant Privacy Notice (“Notice”) to be provided to F5 job applicants seeking a position in the European Economic Area ("EEA"). In connection with your application for employment, we have to process your personal data. In legal terms, F5 is a "controller" of this data, which means that F5 will be directly responsible for the processing of your personal data. The purpose of this Notice is to give you information about the sorts of personal data we may collect, process, and use— and the circumstances in which we may use it.
F5 needs to process certain personal data in order to evaluate your employment application and, if you are to be hired, prepare for your employment with F5, such as making arrangements to pay you and provide you with benefits. There are also statutory requirements and other contractual requirements with which we must comply regarding your job application and any hiring process. If we are unable to carry out the processing activities that we describe in this Notice, we may not be able to evaluate your candidacy or hire you. Of course, we hope it would never come to that, and we would attempt to discuss it with you first if it seemed like a real possibility, but this is information we are obliged to provide to you as part of this Notice.
When we say "F5," "we," or "us" in this document, we mean the F5 Group company to which you are applying for a job and which processes your data as the data controller. In addition, you will see several references to the “F5 Group,” which includes all other F5 entities globally. As with many other F5 policies, this Notice does not guarantee that you will be hired and, if you are hired, this document will not be not part of your contract of employment. We may update this Notice from time to time, for example if we implement new systems or processes that involve the use of personal data in a way not described in this Notice.
1. What categories of personal data does F5 collect about me?
F5 will collect, process, and use the following categories of personal data (which we collectively refer to as “Applicant Data”):
- Identification data, which includes your name, citizenship, photo, passport data, date and place of birth, social security number, birth number, signature, health insurance, governmental retirement plan information, and tax reference information, as well as other government-issued identification information.
- Contact details, such as your home address, telephone number, and email address.
- Information about your job record and potential job at F5, such as position, business title, employee type, management level, time type (full- or part-time and percentage), work location, division, department, position level, manager (name and ID), support roles, start and end date, job history (including position history, title history, effective dates, and past pay groups), CV or resume, qualification testing results, education history, skills, certifications, background check results (to the extent permissible by the applicable local laws), worker history (including log-files of changes in human resources databases), reason for leaving, and other information from interviews with you, your references, or other third parties.
- Organizational data, including IDs for IT systems, company details, and cost center allocations.
- Other data relevant to the potential employment relationship, including information gathered about you through interviews with you and your references, former employers, and others.
2. What “Sensitive Applicant Data” does F5 collect and process?
In addition to the collection, processing, and use of the Applicant Data, F5 collects, processes, and uses the following special categories of personal data about you, which we describe as "Sensitive Applicant Data":
- Health and medical data, to the extent these can be shared with F5 in accordance with the applicable laws, such as information on disability for purposes of accommodations in the work place and compliance with legal obligations.
- Criminal records data, if F5 has conducted or received the results of criminal records background checks in relation to you, where relevant and appropriate to your desired role and to the extent such checks are authorized pursuant to applicable local laws.
- Trade union membership where required to address labor laws.
3. Why does F5 need to collect and process my Applicant Data and Sensitive Applicant Data?
We collect and use Applicant Data for a variety of reasons related to your candidacy (the “Processing Purposes”). We’ve compiled a list of these reasons along with examples of some of the Applicant Data used for each of these Processing Purposes:
- Evaluating and responding to your employment application, including reviewing your education and job history, facilitating interviews, checking references and conducting background checks, and notifying you of relevant additional vacancies with us that may interest you. This involves the processing of identification data, contact details, and information about your job record and, where appropriate and permitted by law, other personal history.
- Setting up your employment and compensation, including to secure travel or employment visas, and establish payroll and other compensation and benefits. This involves the processing of identification data; contact details; information about your job record, salary, benefits, and equity compensation; and organizational data.
- Setting up your access to IT systems and support to enable you and others to perform work if hired, to enable our business to operate, to enable us to identify and resolve issues in our IT systems, and to keep our systems secure. This involves processing identification information.
- Complying with applicable laws and employment-related and pre-employment-related requirements along with the administration of those requirements, such as income tax, social security deductions, and employment and immigration laws. This involves the processing of identification data, contact details, information about your job record, and organizational data.
- Monitoring and ensuring compliance with applicable policies, procedures, and laws, including conducting internal investigations. This involves the processing of identification data; contact details; information about your job record; background check; salary, benefits, and equity compensation; and organizational data.
- Communicating with you, F5 employees, and third parties. This involves the processing of identification data, contact details, information about your job record, and organizational data.
- Responding to and complying with requests and legal demands from regulators or other authorities in or outside of your home country. This involves the processing of identification data; contact details; information about your job record; salary, benefits, and equity compensation; and organizational data.
- Complying with corporate financial responsibilities, including audit requirements (both internal and external) and cost/budgeting analysis and control. This involves the processing of identification data; contact details; information about your job record; salary, benefits, and equity compensation; and organizational data.
4. How do we collect this information?
In most cases, F5 collects personal data directly from you. At times, F5 may also receive personal data from other members of the F5 Group, publicly available sources, a background check provider (where applicable and permitted by local law as described above), or other service providers involved in the Processing Purposes. For example, we typically collect Applicant Data and Sensitive Applicant Data:
- During the recruitment process.
- At the start of employment.
In addition, we may receive personal information about you from non-publicly available sources, including:
- Recruitment consultants
- Background check agencies
- Former employers
5. Why does F5 need to collect, process, and use my Applicant Data and Sensitive Applicant Data?
Both the Applicant Data and Sensitive Applicant Data are needed by F5 to carry out a variety of activities that are linked to your employment application and potential employment, F5's compliance with obligations as a result of evaluating your candidacy and potentially employing you, and F5’s operations as a business.
We are required to explain to you the legal bases for our collection, processing, and use of your Applicant Data and Sensitive Applicant Data. We have a number of these, so to make sure you have the full picture we have listed them all below:
For Applicant Data, our legal bases are:
- Taking steps at your request prior to entering into a contract of employment or other contract with you.
- Compliance with legal obligations, in particular in the area of labor and employment law, social security and social protection law, data protection law, tax law, and corporate compliance laws.
- Legitimate interest of F5 and F5 affiliates.
- Your consent, where it is appropriate and allowed by local data protection law.
For Sensitive Applicant Data, our legal bases are:
- Explicit consent as allowed by local data protection law.
- Carrying out the obligations and exercising the specific rights of F5 or you in the field of employment, social security, and social protection law as permitted by local data protection law and/or a qualifying collective agreement.
- Establishing, exercising, or defending legal claims or whenever courts are acting in their judicial capacity.
- For substantial public interest as permitted by local data protection law.
- For assessment of your potential working capacity as permitted by local data protection law.
We appreciate that this is a lot of information, and we want to be as clear with you as possible over what it all means. Where we reference “legitimate interests of F5 or third parties,” this can include:
- Implementation and operation of a group-wide matrix structure and group-wide information sharing.
- Human resources management.
- Workplace safety.
- Prevention of fraud, misuse of company IT systems, or money laundering.
- Physical security, IT, and network security.
- Addressing certain domestic or foreign legal requirements.
- Internal investigations.
- Dispute resolution.
- Mergers and acquisitions.
6. Who might F5 share my personal data with?
As previously noted, we are part of the global F5 Group and several entities in this group are involved in the Processing Purposes. To ensure that the Processing Purposes can be completed, your information may be shared with any of the entities within the F5 Group. Where we do share data in this way, however, it is our policy to limit the categories of individuals who have access to that personal data.
F5 may transfer personal data to third parties, including to entities within and outside of the F5 Group which may be based in any jurisdiction where F5 Group entities are located, for the Processing Purposes as follows:
- Within the F5 Group. Because the relevant F5 employer is part of a wider group with global headquarters in the United States, all of which partially share management, human resources, legal, compliance, finance, and audit responsibility, F5 may transfer the Applicant Data and Sensitive Applicant Data to, or otherwise allow access to, such data by F5 Networks, Inc. and other entities within the F5 Group, which may use, transfer, and process the data for the Processing Purposes and otherwise pursuant to this F5 Applicant Privacy Notice.
- Communication with third parties. As necessary in connection with business operations, work contact details, communication contact details, and other personal data may be transferred to existing or potential business partners, suppliers, government officials, or other third parties as appropriate for the particular business operation.
- Regulators, authorities, and other third parties. As necessary for the Processing Purposes described above, personal data may be transferred to regulators, courts, and other authorities (e.g., tax and law enforcement authorities), independent external advisors (e.g., auditors and legal advisors), directors within the F5 Group, insurance carriers, benefits providers, internal compliance, and investigation teams (including external advisors appointed to conduct internal investigations).
- Acquiring entities.If the F5 business for which you have applied (or another F5 Group member processing your personal data) is sold or transferred in whole or in part (or such a sale or transfer is being contemplated), your personal data may be transferred to the new employer or potential new employer as part of the transfer itself or as part of an initial review for such transfer (i.e. due diligence), subject to any rights provided by applicable law, including jurisdictions where the new employer or potential new employer are located.
- Service providers. As necessary for the Processing Purposes described above, personal data may be shared with one or more third parties, whether affiliated or unaffiliated, to process personal data under appropriate instructions ("Service Providers"). For example, the Service Providers may carry out instructions related to recruiting administration, IT system support, training, compliance, and other activities relevant to the Processing Purposes, and will be subject to appropriate contractual obligations.
We are a global company with headquarters in the United States, and the F5 affiliates and third parties with whom we share Applicant Data and Sensitive Applicant Data as described in this Privacy Notice are located in the United States and elsewhere in the world, including countries where privacy laws may not provide as much protection as your country. F5 complies with legal requirements for protecting the movement of data across borders, including through the use of European Commission-approved Standard Contractual Clauses or by relying on the third party’s participation in the EU-U.S. or Swiss-U.S. Privacy Shield Frameworks. You may request a copy of the Standard Contractual Clauses by contacting us as described below.
7. How long will F5 keep my personal data?
It is our policy not to keep personal data for longer than is necessary for the Processing Purposes. Where personal data is kept beyond the time that we normally would need to keep it, that period will be determined based on the applicable local law.
8. What rights do I have with respect to my personal data?
You have a number of rights in relation to your Applicant Data and Sensitive Applicant Data. These can differ by country and are typically subject to important exceptions, but, where they apply, they can be summarized in broad terms as follows:
(i) Right of access.
You may have the right to confirm with us whether your personal data is processed, and if it is, to request access to that personal data including the categories of personal data processed, the purpose of the processing, the recipients or categories of recipients, and other information about the processing. We do have to consider the interests of others though, so this is not an absolute right, and in some cases permitted by law we may charge a fee.
(ii) Right to rectification.
In limited circumstances, you may have the right to rectify inaccurate or incomplete personal data concerning you.
(iii) Right to erasure.
You may have the right to ask us to erase certain personal data concerning you.
(iv) Right to restriction of processing.
In limited circumstances, you may have the right to request that we restrict processing of your personal data.
(v) Right to data portability.
In limited circumstances, you may have the right to receive certain personal data concerning you, which you have provided to us, in a structured, commonly used, and machine-readable format and you may have the right to have the data transmitted to another entity.
(vi) Right to object.
You may have the right to object, on grounds relating to your situation, at any time to the processing of your personal data, including profiling, by us and we can be required to no longer process your personal data.
(vii) Right to withdraw consent.
In the very limited cases in which we may process your personal data on the basis of your consent, you have the right to withdraw that consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.
(viii) Right to lodge a complaint with a supervisory authority.
You also have the right to lodge a complaint with the competent data protection supervisory authority, which depends on the country in which you are located.
To exercise any of these rights, please contact us as stated in the How to Contact Us section below.
9. How to Contact Us
If you have concerns or questions regarding this Notice or if you would like to exercise your rights as a data subject, please contact us at firstname.lastname@example.org or:
EU headquarters/representative: F5 Networks Limited
Attn: Privacy Office Chertsey Gate West 43-47 London Street Chertsey
SURREY KT16 8AP
F5 Networks, Inc. Attn: Privacy Office
401 Elliott Avenue West Seattle, Washington 98119 United States