Appfire Recruitment Privacy Notice

Home

Revised: January the 23th, 2024

Appfire Technologies, LLC and its Affiliates (“Appfire”, “we”, “us”, “our”) is a global software group of companies that help developers and teams solve modern challenges with digital solutions. Appfire employs and engages workers worldwide and undertakes special care to protect the privacy of individuals who are applying to work for us.

If you are applying to work for us, please read this Recruitment Privacy Notice (“Privacy Notice”) as it contains important information on how we process your personal information as part of our recruitment processes.

This Privacy Notice constitutes also a commitment of Appfire Technologies, LLC and its U.S. Affiliates listed in Annex 1 hereto, with regard to the adherence to the rules of the EU-U.S. Data Privacy Framework Principles, the UK Extension to the EU-U.S. Data Privacy Framework Principles and the Swiss - U.S. Data Privacy Framework Principles of Notice, Choice, Accountability for Onward Transfer, Security, Data Integrity and Purpose Limitation, as well as Access, Recourse, Enforcement and Liability. Please, see section I. “Data Privacy Framework” below, to find more information on our participation in the EU-U.S. Data Privacy Framework, including our adherence to the Swiss-U.S. Data Privacy Framework Principles and the UK Extension to the EU-U.S. Data Privacy Framework.

I. Data Privacy Framework.

We operate globally, with our headquarters located in the U.S. Therefore, in order to protect personal data we receive from the EU/EEA, the UK and the Switzerland, Appfire Technologies, LLC and its U.S. Affiliates listed in the Annex 1 hereto, have certified to the U.S. Department of Commerce that they adhere to the EU-U.S. Data Privacy Framework Principles (“EU-U.S. DPF Principles”) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF.

Appfire Technologies, LLC and its U.S. Affiliates listed in the Annex 1 hereto, have certified to the U.S. Department of Commerce that they adhere to the Swiss-U.S. Data Privacy Framework Principles (“Swiss-U.S. DPF Principles”) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF.

This Privacy Notice constitutes a commitment of Appfire Technologies, LLC and its U.S. Affiliates listed in the Annex 1 hereto, with regard to the adherence to the rules of the EU-U.S. DPF Principles, the UK Extension to the EU-U.S. DPF and the Swiss - U.S. DPF Principles of Notice, Choice, Accountability for Onward Transfer, Security, Data Integrity and Purpose Limitation, as well as Access, Recourse, Enforcement and Liability (collectively, the “Principles”).

To learn more about the Data Privacy Framework (“DPF”) program, please visit the Data Privacy Framework website. In order to view our certification, please visit the Data Privacy Framework List. In order to read the full text of the Principles, please see: (i) EU-U.S. DPF, (ii) Swiss - U.S. DPF, (iii) the UK Extension to the EU-U.S. DPF.

Please, see also “Data Privacy Framework - additional information”.

If there is any conflict between the terms of this Privacy Notice and the Principles, the Principles shall govern.

II. Information concerning personal data that we may collect about you and why we may use it.

During our recruitment processes, we process information about individuals who apply for any job position at Appfire (received in any form, including online applications, applications received via email, by hard copy or in person applications). The purpose of processing of such personal information, in general, is to assess applicants’ skills, qualifications and suitability for any position they may apply at Appfire. For purposes of this Privacy Notice, we refer to this information as “personal information” or “personal data” (each as defined under applicable law and the Principles).

For your better understanding of this Privacy Notice, the terms “processing of personal data” or “processing of Personal Information” shall mean any operation or set of operations which is performed upon personal data, whether or not by automated means, such as collection, recording, organization, storage, adaptation or alteration, retrieval, consultation, use, disclosure or dissemination, and erasure or destruction.

Below we list the main categories of personal information we may collect about you and use for our recruitment purposes.

Standard data related to your identity - such as: your name, date of birth, contact information which you share with us (e.g.: your email address, telephone number, etc.).
Information concerning your education & professional experience - information about your education, completed courses, obtained certifications, etc.
Information on the history of your employment - information about your current/ previous employment and roles.
Background Check Information - such as: history of your employment, qualifications, and previous remuneration, as well as other checks (subject to local law). We collect the aforementioned information to be able to verify information you provided us with and to evaluate your suitability for a role, information used in connection with your right to work, and other information necessary for your role.
Any other information you may voluntarily provide us with in your job application, such as information on your image (picture), hobbies, interests, etc. - if you provide such information with us, we will use that information only if it is in line with the needs of the recruitment process and always only if we have a legal ground to use that information.
Information concerning your application and our assessment of it.
Information on your references.
Information on your right to work.

Should you have any concerns related to using of your personal information, please reach out to the Group Privacy Officer at: privacy@appfire.com

III. Retaining your personal information - how long we keep information about you.

We keep your personal data always for the period necessary to achieve the purposes for the performance of which we collected your personal information, unless a longer retention period is required by applicable law. To be more specific, in case you are successful in becoming employed by us, we will keep your personal data for the duration of your employment and for a specific period afterwards, according to the applicable law and a separate notice which we share with our employees.

If you are unsuccessful in becoming employed by Appfire, we will keep your data only for the period necessary to conduct the recruitment process for a role for which you have applied, unless you give us your consent to keep your data for purposes of our future recruitment processes - in such case, your personal data will be kept up to 12 months. Please, note, that if you give us your consent to keep your data for our future recruitment processes, you can withdraw the consent anytime by simply informing us on your request by contacting us at privacy@appfire.com - if you do so, we will delete your data and stop processing them prior to that 12-month period. To withdraw your consent for data processing, you can also use this form.

IV. Recipients of your personal information.

Appfire is a global organization, having its companies all over the world. Therefore, for purposes related to our business operations, we may share your personal information with other companies belonging to our Appfire’s family of companies, as well as Appfire’s personnel for purposes set forth in this Privacy Notice (i.e., relevant managers, HR, applicable decision makers regarding your application).

We will only disclose your personal data outside the group if disclosure is consistent with a ground for processing on which we rely and doing so is lawful and fair to you. As permitted by law, we may share your personal data with our third-party vendors, rendering particular services to our account or doing business with us, such as, for example, vendors that host our IT systems and data, third party recruitment consultants (and/ or third party recruitment portals that we may use for our recruitment processes), and similar businesses as a part of the recruitment process.

We may share your personal data with public authorities, as required by applicable law and only to the extent they are authorized to collect information concerning yourself. For example, we may share your personal information to the legitimate Data Protection Authority as a result of a claim you decided to lodge against us - in order to provide the authority with required information concerning processing of your personal data.

We may disclose your personal data in response to lawful requests by public and government authorities, including to meet national security or law enforcement requirements.

We may share your personal information for reasons not described herein. We will always let you know before we do this.

V. How we protect your privacy.

In order to protect your privacy, we have implemented reasonable security measures (both, technical and organizational) that help us protect your personal information, in particular, from accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, including, inter alia as appropriate:

encryption of personal data and/or their pseudonymization,
ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services,
ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident,
a process for regularly testing, assessing, and evaluating the effectiveness of technical and organizational measures for ensuring the security of the processing.

VI. Sources of information about you.

When you apply for a position at Appfire, it is likely that you provide us with your personal data on your own (e.g., by sending an application as a response to our job posting). However, please note that - depending on the recruitment process, we may also receive your personal data from third party recruiters, agents or similar organizations that are either separate data controllers or our processors (i.e., that support us in conducting the recruitment process and act on our behalf). By doing background checks, we may also receive your personal information from your former employers, social media platforms, etc.

VII. Respecting your privacy. Your rights and choices.

You may have certain rights regarding your personal data, which may include:

the right to request access to and/or a copy of the personal data we keep about you,
the right to object to or restrict our processing of your personal data,
the right to request that your personal data be erased from further use,
the right to correct, amend, or update personal data you have given us,
the right to a data portability, which allows you to request that we share your personal data with other data controllers,
the right to to be subject to automated decision making process, i.e. a decision made solely by automated processing, and
If we have relied on consent as a ground for the processing of your personal data, you have the right to withdraw your consent anytime - withdrawal of your consent will not affect the lawfulness of the processing carried out based on the consent prior to its withdrawal.

In order to execute your rights listed above, please contact: privacy@appfire.com or use this form.

VIII. Data Privacy Framework - additional information.

Complaints and dispute resolution

You have the right to lodge a complaint with regard to the processing of your personal data by Appfire Technologies, LLC and/or its U.S. Affiliates. Should you need to lodge a complaint, please contact us at:

Appfire Technologies, LLC

1500 District Avenue, Burlington, MA 01803

Attn.: Group Privacy Officer

or contact our Group Privacy Officer directly at:

Małgorzata Duszynska: malgorzata.duszynska@appfire.com

Appfire Technologies, LLC (including its U.S. Affiliates) is committed to respond to your complaints within 45 days of receiving a complaint. If you have not received a timely or satisfactory response to your question or complaint, you can raise the issue with the Information Commissioner’s Office (“ICO”) in the UK or with the appropriate local Data Protection Authority in the EU regarding your personal data, or with respect to any personal data transferred from Switzerland to the U.S., the Swiss Federal Data Protection and Information Commissioner’s authority would substitute for the ICO or any EU Data Protection Authority, and we agree to cooperate with such Swiss Commissioner in this context.

Right to invoke binding arbitration

You have the right, under certain conditions, to invoke binding arbitration for complaints regarding Data Privacy Framework compliance not resolved by the above mechanism. For additional information, please refer to the Annex I of the Data Privacy Framework.

Supervisory authority

Appfire Technologies, LLC together with its U.S. Affiliates are subjected to the investigatory and enforcement powers of the Federal Trade Commission that has jurisdiction to hear any claims against them regarding possible unfair or deceptive practices and violations of laws or regulations governing privacy.

Liability in terms of onward transfers

Whenever personal data is received by Appfire Technologies, LLC and/or any of its U.S. Affiliates, in reliance on the Data Privacy Framework, and is further transferred by this/ these entity(-ies) to a third party acting as an agent on its/their behalf (processor), Appfire Technologies, LLC (or, its U.S. Affiliates, whichever is applicable to the case) shall remain liable under the Data Privacy Framework Principles if the data recipient processes such personal information in a manner inconsistent with the Principles, unless it proves that it is not responsible for the event giving rise to the damage.

Enforcement and liability

Appfire commits to periodically reviewing and verifying the accuracy of this Privacy Notice and our compliance with the Principles, and remedying issues identified. All our workers that have access to personal data covered by this Privacy Notice in the U.S. are responsible for conducting themselves in accordance with this Privacy Notice. Failure of an Appfire employee to comply with this Privacy Notice may result in disciplinary action up to and including termination.

We assure our compliance with the Principles by utilizing the self-assessment approach, as specified in the Principles. The assessment is conducted on an annual basis to ensure that all our privacy practices are in line with the Data Privacy Framework Principles to which we have adhered to.

IX. Changes to this Privacy Notice.

We may change this Privacy Notice from time to time in order to accommodate new technologies, industry practices, regulatory requirements or for other reasonable purposes. The current version of this Privacy Notice is always available on our websites, as well as is always attached to our job postings.

X. Supplementary information for job candidates from the European Economic Area, UK and Switzerland.

If you are the citizen of a country belonging to the European Economic Area (“EEA”), the United Kingdom (“UK”) or Switzerland, please read carefully the below supplementary information relating to your privacy at Appfire (“Supplement to the Recruitment Privacy Notice for job candidates located outside of the United States”).

Supplement to the Recruitment Privacy Notice for job candidates located outside the United States

This information is addressed to you, if you are located outside the United States, including, in particular, the European Economic Area (EEA), United Kingdom (UK) and Switzerland.

Controller of your personal data.

The controller of your personal data, shall be the entity to which you are addressing your job application (i.e., the entity which is your potential employer). Please, see the below table to find more information regarding the controller of your personal data, as well as contact details to the competent Data Protection Authority, located in your country of residence.

Your Data Controller	Contact details	Competent Data Protection Authority
Big Picture sp. z o.o.	Łopuszańska 95 Str., 02-457 Warsaw, Poland	President of the Office for the Protection of Personal Data (UODO), https://uodo.gov.pl
Spartez Software Systems sp. z o.o.	Bernarda Chrzanowskiego 11 Str., 80-278 Gdańsk, Poland	President of the Office for the Protection of Personal Data (UODO), https://uodo.gov.pl
Appfire Switzerland AG	Aargauerstrasse 180, 8048 Zürich, Switzerland	The Federal Data Protection and Information Commissioner (FDPIC), https://www.edoeb.admin.ch/edoeb/en/home.html
Snapbytes Limited	3rd Floor 1 Ashley Road, Altrincham, Cheshire, United Kingdom, WA14 2DT	The Information Commissioner's Office (ICO), https://ico.org.uk
Appfire Bulgaria Ltd.	Filip Kutev Str. fl. 5 1407 Promishlena zona Hladilnika Sofia Bulgaria	The Personal Data Protection Commission (Комисия за защита на личните данни), https://www.cpdp.bg
Appfire Spain S.L.	Calle Lopez de Haro d Diego, 45 1ª, 48011, Bilbao, Vizcaya	The Spanish Data Protection Office (Agencia Española de Protección de Datos), https://www.aepd.es/es
7pace GmbH	Elisabethstr. 22, 80796 München, Germany	Germany does not have one central supervisory authority for data protection law but authorities in each of the sixteen German federal states (Länder) that are competent for the public and the private sector in the respective state. A list with the contact details and websites of most of the supervisory authorities in Germany is available here: https://www.datenschutzkonferenz-online.de/datenschutzaufsichtsbehoerden.html
Qotilabs S.A.S	43 Che Du Cabaret, 78620 L'Etang-la-ville, France	The French Data Protection Authority (Commission Nationale de l’Informatique et des Libertes - CNIL), https://www.cnil.fr

The purposes for which we collect and process your personal data, examples of personal data that may be collected, as well as legal grounds that apply to such processing.

Depending on the applicable data protection law, there are various grounds on which we can rely when processing your personal data. In some cases, more than one ground may apply. Please, see below table to find out more on the grounds that apply to the processing of your personal data.

Purpose of data processing	Examples of personal data that may be collected	Legal grounds for data processing
Recruitment	Information concerning your identity (name, surname, date of birth, etc.), contact information you share with us (e.g., email address, telephone number, correspondence address, etc.), information concerning your application and our assessment of it, your references, any checks we may make to verify information you provided us with, other background checks, and any information connected with your right to work. Where necessary and justified, we may also process information concerning your health, any disability and in connection with any adjustments to working arrangements.	Processing of your personal data is based on your consent Processing of your personal data is necessary for a compliance with legal obligation to which we are subject to Processing of your personal data is necessary for purposes of the legitimate interests pursued by us Performance of obligations and rights in relation to employment
Entering into a contract with us (if you are offered by us)	Information on your terms of employment, your pay and benefits, such as participation in life and medical insurance, any bonuses and share schemes, etc.	Processing of your personal data is necessary to take steps prior to entering into a contract
Financial planning and budgeting	Information such as your proposed salary and (if applicable) envisaged bonus levels.	Processing of your personal data is necessary for purposes of the legitimate interests pursued by us
Physical and system security	CCTV images upon attendance for an interview (i.e. upon your attendance for an interview at any Appfire’s premises).	Processing of your personal data is necessary for a compliance with legal obligation to which we are subject to Processing of your personal data is necessary for purposes of the legitimate interests pursued by us
Providing information to third parties in connection with transactions that we carry out	Information on any offer made to you and your proposed contract and other employment data that may be required by a party of a transaction, such as a head-hunting agency, supporting us in the recruitment process.	Processing of your personal data is necessary for purposes of the legitimate interests pursued by us
Monitoring of diversity and equal opportunities	We will use information about your race or national or ethnic origin, religious, philosophical or moral beliefs, or your sexual life or sexual orientation, to ensure meaningful equal opportunity monitoring and reporting.	Performance of obligations and rights in relation to employment

Your rights related to the processing of your personal data

You may have certain rights regarding your personal data, which may include:

the right to request access to and/or a copy of the personal data we keep about you,
the right to object to or restrict our processing of your personal data,
the right to request that your personal data be erased from further use,
the right to correct, amend, or update personal data you have given us,
the right to a data portability, which allows you to request that we share your personal data with other data controllers,
the right to to be subject to automated decision making process, i.e. a decision made solely by automated processing, and
If we have relied on consent as a ground for the processing of your personal data, you have the right to withdraw your consent anytime - withdrawal of your consent will not affect the lawfulness of the processing carried out based on the consent prior to its withdrawal.

In order to execute your rights listed above, please contact: privacy@appfire.com or use this form.

Automated decision-making.

You will not be subject to decisions that will have a significant impact on you based solely on automated decision-making.

International data transfers.

Appfire is a global organization, operating worldwide. Therefore, in connection with our business and for employment, administrative, operations, management and legal purposes, we may - where necessary, transfer your personal data outside of your country of residence. Such a transfer will always be carried out in accordance with applicable law, including the Principles. The transfers may concern transfers between our affiliated companies and to our third-party service providers, including those located in the U.S. and other jurisdictions in which we may be established. We will always make sure that any transfer is lawful, including putting in place legal safeguards and ensuring that there are appropriate confidentiality and security arrangements in place.

Annex 1

List of Appfire’s U.S. entities adhering to the EU-U.S. Data Privacy Framework Principles, the UK Extension to the EU-U.S. Data Privacy Framework Principles and the Swiss - U.S. Data Privacy Framework Principles of Notice, Choice, Accountability for Onward Transfer, Security, Data Integrity and Purpose Limitation, as well as Access, Recourse, Enforcement and Liability (“DPF Principles”)

Appfire Technologies, LLC and its Affiliates, i.e.:

Appfire International Holdings, LLC

Appfire Intermediate, LLC

Appfire Parent, LLC

Appfire Management Holdings, LLC

Artemis Software, LLC

Appfire Canada Holdings, LLC

Mohami, LLC

- and any other U.S. subsidiary or affiliate of Appfire Technologies, LLC.

This Annex 1 can be updated from time to time in order to always reflect the current list of our U.S. Affiliates adhering to the DPF Principles.