The Company collects and processes personal information of job applicants in connection with its recruitment and hiring activities by certain affiliates (collectively referred to herein as the “Company” or “Ribbon”). Ribbon is committed to protecting the privacy and security of personal information of all individuals including job applicants. The Company does not sell, share or otherwise disclose job applicant information to third parties for monetary consideration or for purposes not in line with the Company’s recruiting and hiring activities or otherwise permitted under applicable law.
Job applicants with disabilities may access this notice in an alternative format by contacting legal.privacy@rbbn.com.
Accountabilities
The Company processes job applicant personal data in accordance with applicable data protection laws including, but not limited to, the EU General Data Protection Regulation (EU Regulation 2016/679)(the “EU GDPR”), the UK General Data Protection Regulation as implemented under the UK Data Protection Act 2018 (“collectively the “UK GDPR”) and applicable US, Israeli, Indian and Canadian law.
References within this policy to simply the “GDPR” should be interpreted to mean the EU GDPR or the UK GDPR insofar as either is applicable.
(a) European Union and Switzerland
This notice contains information required to be provided to job applicants under GDPR Articles 13 and 14 and details Ribbon’s EU and Swiss affiliates’ data controller accountabilities with respect to their processing of job applicant data for recruiting and hiring purposes. Ribbon’s EU and Swiss affiliates and their respective Data Protection Officers are detailed below:
|
Country |
Entity |
Contact |
|
Ireland |
Ribbon Communications International Limited |
EU Data Protection Officer The Multis Building |
|
Germany |
Ribbon Communications Germany GmbH |
Germany Data Protection Officer Hendrik Muschal |
(b) United Kingdom
This notice contains information required to be provided to job applicants under UK GDPR Articles 13 and 14 and details the Ribbon’s UK affiliates’ data controller accountabilities with respect to the above processing. Information regarding Ribbon’s UK affiliates and their Data Protection Officer is set out below:
| Country | Entity | Contact |
|
United Kingdom |
Ribbon Communications UK Limited |
UK Data Protection Officer Bray House |
|
United Kingdom |
ECI Telecom (UK) Ltd. |
(c) California
The Company collects and uses and processes personal information that is subject to the California Consumer Privacy Act (“CCPA”) and the California Privacy Rights Act (“CPRA”). This notice contains information required by the CCPA and CPRA.
(d) Canada
This notice contains information required under certain provincial privacy laws. Information regarding Ribbon’s Canadian affiliate and such affiliate’s Privacy Officer is as follows:
|
Country |
Entity |
Contact |
|
Canada |
Ribbon Communications Canada ULC |
Ribbon Legal Department |
Categories of Job Applicant Information Collected and Purposes
The Company collects and processes personal information of job applicants in order to fulfill the Company’s legitimate interest in recruiting and hiring into Ribbon’s affiliates the most qualified applicants and to comply with applicable laws.
The following categories of job applicant personal information are collected and processed by Ribbon’s affiliates for their recruiting and hiring purposes:
|
Category |
Description |
Retention |
Source of Collection |
CPRA Categories
|
|
Communications Enablers |
Email address (business and personal), mailing address (business and personal), telephone number (business and personal), social media handles |
See Retention Section |
Job Applicant |
Professional or employment-related information. Identifiers such as a real name, alias, postal address, unique personal identifier, online identifier, internet protocol address, email address, account name, social security number, driver’s license number, passport number, or other similar identifiers.
|
|
Employment History, Performance & Background Checks |
Work eligibility information, CV/resume, education records, military service history (if relevant to the potential employment relationship), performance history, professional designations, training records, references, outcomes from background checks (subject to applicable law) |
See Retention Section |
Job Applicant Company Generated Service Providers
|
Professional or employment-related information Education information Employment history Characteristics of protected classifications under California or federal law and financial information. Inferences drawn from any of the information identified in the CPRA to create a profile about a consumer reflecting the consumer’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes |
|
Government Issued Identifiers |
Driver’s license number, passport number, social security number |
See Retention Section |
Job Applicant |
Driver’s license, social security number, passport number |
|
Personal Identifiers |
Images, name, languages spoken, national origin, gender, group associations |
See Retention Section |
Job Applicant |
Audio, electronic, visual, thermal, olfactory, or similar information Characteristics of protected classifications under California or federal law
|
|
Equal Employment & Diversity (US Only)
|
Voluntary self-disclosure information regarding minority, veteran and disability status |
See Retention Section |
Job Applicant |
Characteristics of protected classifications under California or federal law Professional or employment-related information
|
|
Networking & Communications Data |
Voicemail recordings, video recordings, email, identification tokens & credentials |
See Retention Section Certain corporate
|
Job Applicant Company Generated
|
Internet or other electronic network activity information, including, but not limited to, browsing history, search history, and information regarding a consumer’s interaction with an internet website, application, or advertisement Contents of a consumer’s email, and text messages processed within the scope of Corporate Services infrastructure. Inferences drawn from any of the information identified in this subdivision to create a profile about a consumer reflecting the Corporate Consumer’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes
|
|
Facilities Access Records |
Access history, CCTV video (at select facilities ingress/egress points) |
90 Days |
Company Generated |
Audio, electronic, visual, thermal, olfactory, or similar information |
The Company may collect recruitment-related personal information from service providers and other third parties such as recruiters, background check companies, government authorities, former employers and references provided by the job applicant. The Company may also collect personal information from publicly accessible sources such as public social media profiles.
Retention
The Company and any applicable third party processors will retain job applicant personal information for (1) the period of time that it is necessary to process the job applicant’s personal information for the purposes for which it was collected and processed, (2) the period required under applicable record retention laws or regulations, (3) the applicable statute of limitations for labor and employment claims or (4) the necessary period of time to establish, exercise, or defend legal claims.
Recipients and Disclosures
(a) Intra-Company and Service Providers
Job applicant personal information may be disclosed within and among Ribbon’s affiliates and with certain service providers in support of the legitimate purposes described in this notice. Service providers are engaged within the following service categories:
Business Travel Services
Recruiting Services
Recruiting Platform Services
Learning and Development Platforms
Survey Platforms
Background Check Services
Legal Services
Corporate Communications Platform Services
Corporate Systems Hosting and Backup Services
Corporate Network Security Services
Corporate Services Helpdesk Platform Providers
(b) Third Party Disclosures
The Company may disclose information that individually identifies job applicants and/or their devices to third parties in certain circumstances, such as:
- to comply with valid legal process including subpoenas, court orders or search warrants, to defend or respond to legal actions, and as otherwise authorized by law, or in response to lawful requests by public authorities, including to meet national security or law enforcement requirements;
- to protect the vital interests of the job applicant or another person;
- for other purposes with the affected job applicant’s consent.
If the Company enters into a merger, acquisition or sale of all or a portion of its assets, stock, or business, job applicant information may be transferred as part of or in connection with the transaction as per local law and/or non-disclosure agreement.
To the extent that such third parties are located outside of the job applicant’s country of residence, the Company has implemented appropriate safeguards for the transfer of such personal information.
Security and Integrity of Personal Information
The Company employs reasonable and appropriate information security procedures and practices to protect the confidentiality and availability of job applicant personal information. These safeguards take into account the state of the art, the cost of implementation and the nature, scope, context and purposes of processing as well as the risks to individuals posed by any unauthorized disclosure of the information. The Company conveys safeguard obligations to service providers who process job applicant personal information on behalf of the Company.
The Company employs reasonable means to keep personal information accurate, complete, and current, as needed for the purposes for which it was collected.
Privacy Rights of Job Applicants
The Company supports job applicant data protection rights as provided for by applicable data protection laws. These may include individual rights of access, rectification, erasure, restriction or objection to processing, and portability. This section contains supplemental information for job applicants in certain jurisdictions. If the Company is relying on the job applicant’s consent to process personal information, the job applicant has the right to withdraw their consent at any time.
(a) Recruiting Portals
If a job applicant has created a user profile on a Company recruiting portal (eg: Careers at Ribbon Portal), they may access, examine, revise or delete the personal information in their user profile by logging into their account. In general, recruiting portals will only require minimal personal information that is necessary for the purposes identified in this notice. The Company employs reasonable means to keep job applicant personal information accurate, complete, and current.
(b) EU and UK Data Subject Rights
Job applicants having rights governed by EU or UK data protection law may exercise the following rights as data subjects
|
Right |
GDPR Article |
Summary |
|
Access |
15 |
Right to request access to and obtain a copy of their personal data. In certain service contexts, individuals are provided with credentialized access to much of their own personal information that the Company collects and maintains through various service portals (please see Recruiting Portals above). This enables individuals to access, review, export, and in many instances enter or certify their personal information. |
|
Rectification |
16 |
Right to request rectification (or correction) of personal data that is inaccurate. In certain service contexts, individuals are provided with credentialized access to much of their own personal information that the Company collects and maintains through various service portals (please see Recruiting Portals above). This enables individuals to access, review, export, and in many instances enter or certify their personal information. |
|
Erasure (“Right to be Forgotten”)
|
17 |
Right to request erasure (or deletion) of personal data that is no longer necessary to fulfil the purposes for which it was collected or does not need to be retained by the Company for other legitimate purposes. The Company will review and act upon requests by individuals for the erasure of personal data to the extent required under applicable law. Generally, individuals have the right to have their personal information erased when it is no longer necessary for the purposes for which it was collected or otherwise processed or the legal basis on which the data processing was based (e.g. consent) no longer applies. |
|
Restriction of Processing |
18
|
Right to require the Company to restrict the processing of job applicant’s personal data under certain circumstances. The Company will review and act upon requests to restrict processing of personal data of individuals to the extent required under applicable law. |
|
Portability |
20 |
If applicable, the right to request their personal data be ported (transferred) to another controller. Under certain conditions individuals have the right to receive their personal data which they have provided to the Company in a structured, commonly used and machine-readable format. Individuals also have the right to transmit such data to another controller. |
|
Objection to Processing |
21 |
Right to object to the processing of job applicant personal data. The Company will review and act upon requests by individuals to object to the processing of personal data to the extent required under applicable law. Generally, an individual has the right to object to the processing of his or her personal data, and the Company should no longer process the data where it is unable to demonstrate compelling legitimate grounds for the processing. |
If the Company is relying on the job applicant’s consent to process their personal data, they have the right to withdraw their consent at any time.
In addition to the rights shown above, job applicants have the right under GDPR Article 77 to lodge a complaint with a supervisory authority, in particular in the UK or EU Member State of his or her habitual residence, place of work or place of the alleged infringement if the data subject considers that the processing of personal data relating to him or her infringes this regulation.
(c) California Privacy Rights
This notice contains information required by the CCPA and CPRA. Job applicants wishing to exercise their rights under the CCPA or CPRA may do so by clicking this link or by telephone at 1- 866-750-5040.
|
Right |
CPRA Section |
Summary |
|
Access |
1798.110 |
Right to request access to and obtain a copy of job applicant personal information, including:
|
|
Deletion
|
1798.105 |
Right to request deletion of job applicant personal information that is no longer necessary to fulfil the purposes for which it was collected or does not need to be retained by the Company for other legitimate purposes. |
|
Correction |
1798.106 |
Right to request correction of job applicant personal information that is inaccurate taking into account the nature of the personal information and the purposes of the processing of the personal information. |
|
Limit Use and Disclosure of Sensitive Information |
1798.121 |
Right of job applicant to direct the Company to limit its use and disclosure of the job applicant’s sensitive personal information to those uses(s) which are necessary for the purposes described in this notice, and as authorized by applicable regulations adopted pursuant to the CPRA. |
|
Portability |
1798.130(a) (3)(B)(iii) |
Right of job applicant to request provision of specific pieces of personal information obtained from the job applicant in a format that is easily understandable to the average job applicant, and to the extent technically feasible, in a structured, commonly used, machine-readable format that may also be transmitted to another entity at the job applicant’s request without hindrance. “Specific pieces of information” do not include data generated to help ensure security and integrity or as prescribed by regulation. |
If the Company is relying on a job applicant’s consent to process his/her personal information, the job applicant has the right to withdraw their consent at any time.
The Company will not retaliate or discriminate against a job applicant because s/he exercised a California Privacy Right.
Job applicants wishing to exercise their rights under the CCPA or CPRA may do so by clicking this link or by telephone at 1- 866-750-5040. Certain California Privacy Rights may be self-serviceable via Recruiting Portals as described above.
(d) Requests
If a job applicant wishes to exercise a data protection right as provided for by applicable data protection law, they may do so by clicking here.
The ability of an individual to access, update or delete his or her personal information is not unlimited. An individual’s ability to access personal information may be limited, for example, where (a) the burden or expense of providing access would be unreasonable or disproportionate to the risks to the individual’s privacy, (b) the information should not be disclosed or deleted due to legal reasons; or (c) providing access would compromise the privacy of another person.
Company’s Privacy Policy
To access Ribbon’s Privacy Policy, please visit https://ribboncommunications.com/company/company-policies/policies/privacy-policy
Questions or Concerns
If you have any questions or concerns regarding this privacy notice or the Company’s privacy policy or the collection of your personal information, please contact legal.privacy@rbbn.com.
Revision of Notice
The Company reserves the right to change this notice at the Company’s discretion subject to business or legal requirements. To the extent required by law or business needs, the Company will notify job applicants of any changes to this policy by email.
Recent Revisions
|
Version |
Date |
Change Summary |
|
1 |
December 2019 |
Initial version. |
|
2 |
November 2020 |
Update policy scope to reflect recent Ribbon ECI merger |
|
3 |
December 2022 |
Update notice (i) to cover certain California CCPA/CPRA obligations and, (ii) added additional information regarding global accountabilities |
Effective Date
January 1, 2023
