Stonebranch Candidate Privacy Policy
Last updated: 05 February, 2025
I. GENERAL INFORMATION
We are committed to protecting your privacy and your personal data. Transparency and data protection is vital for our business, and through our candidate application and recruitment process we will collect, process, and store personal information about you. We will process your data for the following purposes:
- application management;
- assessment and pre-employment screening;
Legal basis for processing is legitimate interest of Stonebranch as set out in Art. 6(1)(f) GDPR. This processing of personal data has its legal basis in Art. 6(1)(b) GDPR and Art. 88 GDPR.
This document explains why we collect your personal information, what information we collect and how it is processed.
II. WHO WE ARE
Stonebranch, Inc. (Headquarters) | United States of America | 4550 North Point Parkway, Suite 400 | Alpharetta, GA, 30022, USA /Phone: +1 678 366 7887 | Our data protection officer contact: dpo@stonebranch.com - General inquiry form: Contact Us
III. WHY WE COLLECT YOUR PERSONAL INFORMATION?
To manage your application, we will process necessary personal information about you. The purposes are to process your data required to progress your application or required by law or any regulatory requirements.
Purposes in detail as categories of personal data collected:
| Purpose | Examples of Personal Information Collected | Sources of Personal Information |
|---|---|---|
| Application Management | CV, Name (first and last), alias, address, email address, telephone number, business contact information, unique personal identifier, IP address. | Directly from you. From recruitment service providers. From publicly available information. |
| Application form | Name surname, phone number, email address, employment history, academic and professional qualifications, age, and work experience. | Directly from you. |
| Sensitive personal data | Sensitive Personal Information: racial or ethnic origin; citizenship or immigration status; religious beliefs; union membership, data concerning a person’s sex life or sexual orientation. To the extent we collect sensitive personal information about candidates, we do not use it to infer characteristics about the individual. | Directly from you. From recruitment and background screening service providers. From publicly available information. |
The below chart details the categories of personal information we may collect from job candidates (classification of personal data in accordance to CCPA - California Consumer Privacy Act)
| Category of Personal Information Collected | Examples of Personal Information Collected | Sources of Personal Information |
|---|---|---|
| Identifiers | Name (first and last), alias, address, email address, telephone number, business contact information, unique personal identifier, IP address, Social Security number, driver’s license number, passport number, or other similar identifiers. | Directly from you. From recruitment service providers. From publicly available information. |
| California Customer Records employment and personal information | Name, signature, Social Security number, physical characteristics or description, photograph, address, telephone number, passport number, driver’s license or state identification card number, education, current employment, employment history | Directly from you. From recruitment and background screening service providers. From publicly available information. |
| Protected classification characteristics | Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status | Directly from you. |
| Commercial information | Not collected. | N/A |
| Biometric information | Not collected. | N/A |
| Internet or other electronic network activity information | Such as browsing history, search history, information on your interaction with our website. | Indirectly from your use of the website. |
| Geolocation data | Such as time and physical location related to use of an internet website, application, or device. | Indirectly from your use of the website. |
| Sensory data | Audio, electronic, visual, thermal, olfactory, or similar information. | Call monitoring or recording and video surveillance on premises. |
| Professional or work-related information. | Employer or other company affiliation, your business title, your business contact information. Information regarding employment history. | Directly from you or your references. From recruitment and background screening service providers.. From publicly available information. |
| Education information that is not publicly available | Educational background, including transcripts. | Directly from you or your references. From recruitment and background screening service providers. |
| Inferences drawn from other personal information | Inferences we might make based on your apparent characteristics, behavior and attitudes, intelligence, abilities and aptitudes. | Created by us during evaluation for employment. |
| Sensitive Personal Information | An account log-in in combination with any required password; Social Security number, driver’s license number, or passport number; racial or ethnic origin; citizenship or immigration status; religious beliefs; union membership. To the extent we collect sensitive personal information about candidates, we do not use it to infer characteristics about the individual. | Directly from you. From recruitment and background screening service providers. From publicly available information. |
IV. WHO DO WE SHARE YOUR PERSONAL INFORMATION WITH?
Your data will usually be presented to Stonebranch by (a) a recruitment agency; or by you contacting us because of a recruitment campaign and sharing application form through the website or/and uploading your CV to our website or recruitments web sites. Under both scenarios, data will be stored, processed, and managed by Stonebranch in a capacity as Controller deciding the purposes and means of the processing.
The recruitment process will involve:
- Assessing and processing your application,
- Assessing your suitability (skills and strengths for the role)
- Activities needed to complete the onboarding and screening process of a successful application.
To enable these processes, your personal information may be shared internally but limited to what is required by each individual to perform their role in the recruitment process.
Your personal information may be shared internally at Stonebranch with the following people:
- Those employees who will manage and lead your role (Management);
- Employees at Stonebranch with responsibility for tasks in the recruitment process (HR Department);
- Employees at Stonebranch with compliance/security responsibility for investigating issues of compliance regulations, policies, and contractual requirements (Compliance Department);
We may also need to share your information with certain external third parties, but this will happen only with your prior notice and consent.
We do not sell or share candidate personal information for cross-context behavioral advertising.
V. DATA PROCESSORS
To perform employment tasks, we ask for help from outsourced companies. These act as data processors on behalf of Stonebranch. The data will be indirectly available to third companies engaged by Stonebranch or with whom Stonebranch cooperates in the provision of platform administration, maintenance services, application services which help us to manage the information received in the system more effectively. We maintain an up-to-date list of the names and locations of all processors with whom we have concluded Data Processing Agreements (DPAs). This list is below:
| 1. Processor: BambooHR | 2. Processor: Fathom AI Notetaker |
|---|---|
| Types of data accessed: CV (name, surname, photograph, marital status, number of children, nationality/citizenship, education, work history/job data, previous employers, positions, dates, driving license type, personal/professional website, hobbies/personal interests) application form (name, surname, phone number, email address, employment history, academic and professional qualifications, age, and work experience, salary expectations, visa status, completion of required military service). The types of data accessed will vary based on global location and any applicable local, state, or federal/national laws. | Types of data accessed: name, email address, and other data disclosed during recorded meetings. |
| Purpose: To provide hiring and onboarding system functionality. | Purpose: Third party service provider providing meeting recordings, transcripts, and summaries. |
| Data Location: United States of America | Data Location: United States of America |
VI. HOW DO WE PROTECT YOUR INFORMATION?
Our systems are protected to ensure unauthorized or unlawful processing of personal information, accidental loss or destruction of, or damage to personal information does not occur. Our staff is trained to ensure they are compliant with GDPR and Data Protection laws. We undergo privacy assessment to our processors in order to assure of the security, compliance, and reliability of outsourced data processing activities.
VII. YOUR RIGHTS
Under the General Data Protection Regulation (GDPR), you have several rights concerning your personal data. You have the right to request from us access to and rectification or erasure of your data, the right to restrict processing, object to processing, and the right to data portability. Depending on your jurisdiction of residence, you may have other privacy rights (see the Section called “California Residents: Your Privacy Rights” in the Stonebranch Privacy Notice for more information).
VIII. DATA PROTECTION AUTHORITY
You also have the right to lodge a complaint with your local data protection authority or Stonebranch Lead Authority.
IX. CONTACTS:
Should you believe that any personal data we hold on you is incorrect or incomplete, you have the ability to request to see this information, rectify it or have it deleted. Please contact us through Data Subject Access Request Form.
In the event that you wish to file a complaint about how we have handled your personal data, please contact the DPO Resources at Stonebranch dpo@stonebranch.com or in writing at:
Stonebranch GmbH |Europa-Allee 54 |60327 Frankfurt am Main |Germany
Our Privacy Team will then investigate your complaint and work with you to resolve the matter.
If you still feel your personal data has not been handled appropriately according to the law, you can contact Federal Commissioner for Data Protection and Freedom of Information (BfDI) in Germany (Stonebranch Lead Authority) and file a complaint with them.
X. DATA RETENTION
Your personal data will be stored after the recruitment process as follows:
- for up to 3 years, if you have been unsuccessful in the recruitment process and you have consented to be included in a pool of candidates or a list for future vacancies; (You can withdraw your consent anytime and ask deletion of your personal data). Such withdrawal of consent does not affect the lawfulness of any use based on your consent prior to its withdrawal;
- for the duration of your employment contract, if you are successful in the recruitment process and any mandatory time period after if required by law.
Your personal data will be deleted upon expiry of the storage period/mandatory time period required by law.
XI. CHANGES TO THIS NOTICE
We reserve the right to make changes to this notice at any time. Any changes to this notice will be posted on this page thus make sure to read this notice before submitting your personal information. Substantial changes will be highlighted on the site or may be emailed to you.