The Company collects and processes personal information of job applicants in connection with its recruitment and hiring activities by certain affiliates (collectively referred to herein as the “Company” or “Ribbon”).  Ribbon is committed to protecting the privacy and security of personal information of all individuals including job applicants.  The Company does not sell, share or otherwise disclose job applicant information to third parties for monetary consideration or for purposes not in line with the Company’s recruiting and hiring activities or otherwise permitted under applicable law.

Job applicants with disabilities may access this notice in an alternative format by contacting legal.privacy@rbbn.com.

Accountabilities

The Company processes job applicant personal data in accordance with applicable data protection laws including, but not limited to, the EU General Data Protection Regulation (EU Regulation 2016/679)(the “EU GDPR”), the UK General Data Protection Regulation as implemented under the UK Data Protection Act 2018 (“collectively the “UK GDPR”) and applicable US, Israeli, Indian and Canadian law.  

References within this policy to simply the “GDPR” should be interpreted to mean the EU GDPR or the UK GDPR insofar as either is applicable.

(a) European Union and Switzerland

This notice contains information required to be provided to job applicants under GDPR Articles 13 and 14 and details Ribbon’s EU and Swiss affiliates’ data controller accountabilities with respect to their processing of job applicant data for recruiting and hiring purposes.  Ribbon’s EU and Swiss affiliates and their respective Data Protection Officers are detailed below:

Country

Entity

Contact

Ireland

Ribbon Communications International Limited

EU Data Protection Officer

The Multis Building
Parkmore West Business Park
Parkmore, Co. Galway H91 X7Y3, Ireland

legal.privacy@rbbn.com

Germany

Ribbon Communications Germany GmbH

Germany Data Protection Officer

Hendrik Muschal
fellaws Muschal Brachmann PartG mbB
Meinekestraße 27
10719 Berlin

www.fellaws.de

(b) United Kingdom

This notice contains information required to be provided to job applicants under UK GDPR Articles 13 and 14 and details the Ribbon’s UK affiliates’ data controller accountabilities with respect to the above processing.  Information regarding Ribbon’s UK affiliates and their Data Protection Officer is set out below:

Country Entity Contact

United Kingdom

Ribbon Communications UK Limited

UK Data Protection Officer

Bray House
4 Maidenhead Office Park
Maidenhead
Berkshire SL6 3QH

legal.privacy@rbbn.com

 

(c) California

The Company collects and uses and processes personal information that is subject to the California Consumer Privacy Act (“CCPA”) as amended by the California Privacy Rights Act (“CPRA”).  This notice contains information required by the CCPA.

(d) Canada

This notice contains information required under certain provincial privacy laws.  Information regarding Ribbon’s Canadian affiliate and such affiliate’s Privacy Officer is as follows:

 

Country

Entity

Contact

Canada

Ribbon Communications Canada ULC

Ribbon Legal Department
6500 Chase Oaks Blvd.
Suite 100
Plano, TX 75023
United States

legal.privacy@rbbn.com

(e) India

This notice contains information required under India’s Digital Personal Data Protection Act (DPDPA).  Ribbon is established in India and can be contacted as follows:

 

Country

Entity

Contact

India

Ribbon Communication Pvt. Ltd.

Ribbon Legal Department

c/o Data Protection

2nd Floor, Delta Block, Embassy Tech Square, Kadubeesanahalli Village, Outer Ring Road, Varthur Hobli, Bangalore – 560103 India

 

legal.privacy@rbbn.com

 

India

ECI Telecom India Private Limited

Ribbon Legal Department

c/o Data Protection

7th Floor, North Side,

Empire Plaza I, Lal Bahadur Shastri Marg,

Vikhroli West, Mumbai – 400 083

 

legal.privacy@rbbn.com

 

India

GENBAND Telecommunications Private Limited

Ribbon Legal Department

c/o Data Protection

2nd Floor, Delta Block, Embassy Tech Square, Kadubeesanahalli Village, Outer Ring Road, Varthur Hobli, Bangalore – 560103 India

 

legal.privacy@rbbn.com

 

Categories of Job Applicant Information Collected and Purposes

The Company collects and processes personal information of job applicants in order to fulfill the Company’s legitimate interest in recruiting and hiring into Ribbon’s affiliates the most qualified applicants and to comply with applicable laws.

The following categories of job applicant personal information are collected and processed by Ribbon’s affiliates for their recruiting and hiring  purposes:

Category

Description

Retention

Source of Collection

Categories

 

Communications Enablers

Email address (business and personal), mailing address (business and personal), telephone number (business and personal), social media handles

See Retention Section

Job Applicant

Professional or employment-related information.

Identifiers such as a real name, alias, postal address, unique personal identifier, online identifier, internet protocol address, email address, account name, social security number, driver’s license number, passport number, or other similar identifiers.

 

Employment History, Performance & Background Checks

Work eligibility information, CV/resume, education records, military service history (if relevant to the potential employment relationship), performance history,  professional designations, training records, references, outcomes from background checks (subject to applicable law)

See Retention Section

Job Applicant

Company Generated

Service Providers

 

Professional or employment-related information

Education information

Employment history

Characteristics of protected classifications under California or federal law and financial information.

Inferences drawn from any of the information identified in the CCPA to create a profile about a consumer reflecting the consumer’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes

Government Issued Identifiers

Driver’s license number, passport number, social security number

See Retention Section

Job Applicant

Driver’s license, social security number, passport number

Personal Identifiers

Images, name, languages spoken, national origin, gender, group associations

See Retention Section

Job Applicant

Audio, electronic, visual, thermal, olfactory, or similar information

Characteristics of protected classifications under California or federal law

 

Equal Employment & Diversity

(US Only)

 

Voluntary self-disclosure information regarding minority, veteran and disability status

See Retention Section

Job Applicant

Characteristics of protected classifications under California or federal law

Professional or employment-related information

 

Networking & Communications Data

Voicemail recordings, video recordings, email, identification tokens & credentials

See Retention Section

Certain corporate
network access data will be retained for up to 18-24 months for security audit trail purposes.

 

Job Applicant

Company Generated

 

Internet or other electronic network activity information, including, but not limited to, browsing history, search history, and information regarding a consumer’s interaction with an internet website, application, or advertisement

Contents of a consumer’s email, and text messages processed within the scope of Corporate Services infrastructure.

Inferences drawn from any of the information identified in this subdivision to create a profile about a consumer reflecting the Corporate Consumer’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes

 

Facilities Access Records

Access history, CCTV video (at select facilities ingress/egress points)

90 Days

Company Generated

Audio, electronic, visual, thermal, olfactory, or similar information

The Company may collect recruitment-related personal information from service providers and other third parties such as recruiters, background check companies, government authorities, former employers and references provided by the job applicant. The Company may also collect personal information from publicly accessible sources such as public social media profiles.

Retention

The Company and any applicable third party processors will retain job applicant personal information for (1) the period of time that it is necessary to process the job applicant’s personal information for the purposes for which it was collected and processed, (2) the period required under applicable record retention laws or regulations, (3) the applicable statute of limitations for labor and employment claims or (4) the necessary period of time to establish, exercise, or defend legal claims.

Recipients and Disclosures

(a) Intra-Company and Service Providers

Job applicant personal information may be disclosed within and among Ribbon’s affiliates and with certain service providers in support of the legitimate purposes described in this notice.  Service providers are engaged within the following service categories:

Business Travel Services
Recruiting Services
Recruiting Platform Services
Learning and Development Platforms
Survey Platforms
Background Check Services
Legal Services
Corporate Communications Platform Services
Corporate Systems Hosting and Backup Services
Corporate Network Security Services
Corporate Services Helpdesk Platform Providers

(b) Third Party Disclosures

The Company may disclose information that individually identifies job applicants and/or their devices to third parties in certain circumstances, such as:

  • to comply with valid legal process including subpoenas, court orders or search warrants, to defend or respond to legal actions, and as otherwise authorized by law, or in response to lawful requests by public authorities, including to meet national security or law enforcement requirements;
  • to protect the vital interests of the job applicant or another person;
  • for other purposes with the affected job applicant’s consent.

If the Company enters into a merger, acquisition or sale of all or a portion of its assets, stock, or business, job applicant information may be transferred as part of or in connection with the transaction as per local law and/or non-disclosure agreement.

To the extent that such  third parties are located outside of the job applicant’s country of residence, the Company has implemented appropriate safeguards for the transfer of such personal information.

Security and Integrity of Personal Information

The Company employs reasonable and appropriate information security procedures and practices to protect the confidentiality and availability of job applicant personal information.  These safeguards take into account the state of the art, the cost of implementation and the nature, scope, context and purposes of processing as well as the risks to individuals posed by any unauthorized disclosure of the information.  The Company conveys safeguard obligations to service providers who process job applicant personal information on behalf of the Company.
The Company employs reasonable means to keep personal information accurate, complete, and current, as needed for the purposes for which it was collected.

Privacy Rights of Job Applicants

The Company supports job applicant data protection rights as provided for by applicable data protection laws.  These may include individual rights of access, rectification, erasure, restriction or objection to processing, and portability.  This section contains supplemental information for job applicants in certain jurisdictions.  If the Company is relying on the job applicant’s consent to process personal information, the job applicant has the right to withdraw their consent at any time.

(a) Recruiting Portals

If a job applicant has created a user profile on a Company recruiting portal (eg: Careers at Ribbon Portal), they may access, examine, revise or delete the personal information in their user profile by logging into their account.  In general, recruiting portals will only require minimal personal information that is necessary for the purposes identified in this notice.  The Company employs reasonable means to keep job applicant personal information accurate, complete, and current.

(b) EU and UK Data Subject Rights

Job applicants having rights governed by EU or UK data protection law may exercise the following rights as data subjects

Right

GDPR Article

Summary

Access

15

Right to request access to and obtain a copy of their personal data.  In certain service contexts, individuals are provided with credentialized access to much of their own personal information that the Company collects and maintains through various service portals (please see Recruiting Portals above).  This enables individuals to access, review, export, and in many instances enter or certify their personal information.

Rectification

16

Right to request rectification (or correction) of personal data that is inaccurate.  In certain service contexts, individuals are provided with credentialized access to much of their own personal information that the Company collects and maintains through various service portals (please see Recruiting Portals above).  This enables individuals to access, review, export, and in many instances enter or certify their personal information.

Erasure (“Right to be Forgotten”)

 

17

Right to request erasure (or deletion) of personal data that is no longer necessary to fulfil the purposes for which it was collected or does not need to be retained by the Company for other legitimate purposes.  The Company will review and act upon requests by individuals for the erasure of personal data to the extent required under applicable law.  Generally, individuals have the right to have their personal information erased when it is no longer necessary for the purposes for which it was collected or otherwise processed or the legal basis on which the data processing was based (e.g. consent) no longer applies.

Restriction of Processing

18

 

Right to require the Company to restrict the processing of job applicant’s personal data under certain circumstances.  The Company will review and act upon requests to restrict processing of personal data of individuals to the extent required under applicable law.

Portability

20

If applicable, the right to request their personal data be ported (transferred) to another controller.  Under certain conditions individuals have the right to receive their personal data which they have provided to the Company in a structured, commonly used and machine-readable format. Individuals also have the right to transmit such data to another controller.

Objection to Processing

21

Right to object to the processing of job applicant personal data.  The Company will review and act upon requests by individuals to object to the processing of personal data to the extent required under applicable law.  Generally, an individual has the right to object to the processing of his or her personal data, and the Company should no longer process the data where it is unable to demonstrate compelling legitimate grounds for the processing.

If the Company is relying on the job applicant’s consent to process their personal data, they have the right to withdraw their consent at any time.
In addition to the rights shown above, job applicants have the right under GDPR Article 77 to lodge a complaint with a supervisory authority, in particular in the UK or EU Member State of his or her habitual residence, place of work or place of the alleged infringement if the data subject considers that the processing of personal data relating to him or her infringes this regulation.

(c) California Privacy Rights

Job applicants having rights governed by the CCPA may exercise the following rights as data subjects.

Right

CCPA Section

Summary

Access

1798.110

Right to request access to and obtain a copy of job applicant personal information, including:

 

  1. The categories of personal information the Company has collected about that job applicant.
  2. The categories of sources from which the personal information is collected.
  3. The business or commercial purpose for collecting, selling, or sharing personal information.
  4. The categories of third parties to whom the Company discloses personal information.
  5. The specific pieces of personal information the Company has collected about that job applicant.

Deletion

 

1798.105

Right to request deletion of job applicant personal information that is no longer necessary to fulfil the purposes for which it was collected or does not need to be retained by the Company for other legitimate purposes.

Correction

1798.106

Right to request correction of job applicant personal information that is inaccurate taking into account the nature of the personal information and the purposes of the processing of the personal information.

Limit Use and Disclosure of Sensitive Information

1798.121

Right of job applicant to direct the Company  to limit its use and disclosure of the job applicant’s sensitive personal information to those uses(s) which are necessary for the purposes described in this notice, and as authorized by applicable regulations adopted pursuant to the CCPA.

Portability

1798.130(a)

(3)(B)(iii)

Right of job applicant to request provision of specific pieces of personal information obtained from the job applicant in a format that is easily understandable to the average job applicant, and to the extent technically feasible, in a structured, commonly used, machine-readable format that may also be transmitted to another entity at the job applicant’s request without hindrance. “Specific pieces of information” do not include data generated to help ensure security and integrity or as prescribed by regulation.

If the Company is relying on a job applicant’s consent to process his/her personal information, the job applicant has the right to withdraw their consent at any time.

Job applicants wishing to exercise their rights under the CCPA may do so by clicking this link or by telephone at 1- 866-750-5040.  Certain California Privacy Rights may be self-serviceable via Recruiting Portals as described above. The Company will not retaliate or discriminate against a job applicant because s/he exercised a California Privacy Right.

(d) Requests

If a job applicant wishes to exercise a data protection right as provided for by applicable data protection law, they may do so by clicking here.
The ability of an individual to access, update or delete his or her personal information is not unlimited.  An individual’s ability to access personal information may be limited, for example, where (a) the burden or expense of providing access would be unreasonable or disproportionate to the risks to the individual’s privacy, (b) the information should not be disclosed or deleted due to legal reasons; or (c) providing access would compromise the privacy of another person.

Company’s Privacy Policy

To access Ribbon’s Privacy Policy, please visit https://ribboncommunications.com/company/company-policies/policies/privacy-policy

Questions or Concerns

If you have any questions or concerns regarding this privacy notice or the Company’s privacy policy or the collection of your personal information, please contact legal.privacy@rbbn.com.

Revision of Notice

The Company reserves the right to change this notice at the Company’s discretion subject to business or legal requirements. To the extent required by law or business needs, the Company will notify job applicants of any changes to this policy by email.

Recent Revisions

2

Version

Date

Change Summary

1

December 2019

Initial version.

2

November 2020

Update policy scope to reflect recent Ribbon ECI merger

3

December 2022

Update notice (i) to cover certain California CCPA/CPRA obligations and, (ii) added additional information regarding global accountabilities

4

November 2023

Additional transparency for India applicants and applicability of India Digital Personal Data Protection Act (DPDPA). Update references to CPRA in favour of the CCPA.

Effective Date

December 1, 2023