As part of any recruitment process, Sonatype, Inc. and its affiliates (“Sonatype” or “we”) collect and process personal data relating to our job candidates. Sonatype is committed to being transparent about how it collects and uses that data and meeting its data protection obligations. This Candidate Privacy Notice describes how we will collect and make use of your data in the course of the recruitment process. It also describes your data protection rights, including a right to object to some of the processing which we carry out. More information about your rights, and how to exercise them, is set out in the section called “What are my rights related to the data?”
As your prospective employer, Sonatype collects a range of information about you. This includes:
Sonatype may collect this information in a variety of ways. For example, data might be contained in application forms, CVs or resumes, obtained from your passport or other identity documents, or collected through interviews or other forms of assessment.
We may also collect personal data about you from third parties, such as references supplied by former employers. We will seek information from third parties only once a job offer to you has been made and will inform you that we are doing so. Data will be stored in a range of different places, including on your application record, in HR management systems, our third party recruiting service providers such as Lever, HireBridge and on other IT systems (including email).
Sonatype processes personal data from our job applicants to manage the recruitment process, assess and confirm a candidate's suitability for employment and make employment decisions. We may also need to process data from our candidates to ensure that we are complying with our legal obligations and, if necessary, respond to and defend against legal claims.
Sonatype has a legitimate interest in processing personal data during the recruitment process and for keeping records of the process. With your consent and solely for legal compliance purposes, Sonatype may process special categories of data, such as information about ethnic origin, sexual orientation or religion or belief. We may also collect information about whether or not applicants are disabled to make reasonable adjustments for candidates who have a disability. We process such information to carry out our obligations and exercise specific rights in relation to employment. Providing this information to Sonatype is completely voluntary.
During the recruitment process, your information may be shared internally among members of the HR and recruitment team, interviewers involved in the recruitment process, managers in the business area with a vacancy and IT staff if access to the data is necessary for the performance of their roles. Except as set forth herein, we will not share your data with third parties, unless your application for employment is successful and we make you an offer of employment. We will then share your data with former employers to obtain references for you and employment background check providers to obtain necessary background checks. If your application for employment is successful, personal data gathered during the recruitment process will be transferred to your Human Resources file (electronic and paper based) and retained during your employment.
If you are a candidate outside the United States, during the recruitment process, your personal data may be transferred to the United States as our headquarters is located at 8161 Maple Lawn Blvd., Suite 250, Fulton, MD 20759. To learn more about our commitment to protecting your data during international transfers, please see the Section EU-U.S. Privacy Shield and Swiss-U.S. Privacy Shield of our Privacy Policy at https://www.sonatype.com/privacy-policy.
We also disclose your personal information to our private equity sponsor, Vista Equity Partners, and its affiliates, including Vista Consulting Group (collectively, “Vista”), for administration, research, database development, workforce analytics and business operation purposes, in line with the terms of this Notice. Vista processes and shares your personal information with its affiliates, including other Vista portfolio companies, on the basis of its legitimate interests in managing, administering and improving its business and overseeing the recruitment process and, if applicable, your employment relationship with Sonatype. If you have consented to us doing so, we also share your personal information with other Vista portfolio companies for the purpose of being considered for other job opportunities in the pooling system, both inside and outside the EEA. Please find a full list of all Vista portfolio companies at: https://www.vistaequitypartners.com/companies/ and Vista’s privacy policy at https://www.vistaequitypartners.com/privacy/. Where this requires us to transfer your personal information outside of the EEA, please refer to EU-U.S. Privacy Shield and Swiss-U.S. Privacy Shield Section of our Privacy Policy for further details on cross-border transfers. In connection with the recruitment process for a position in the UK or EEA, we transfer your personal data outside of the UK or EEA to Hirebridge, LLC and Criteria Corp., which provide applicant tracking services. Hirebridge, LLC and Criteria Corp. both comply with the EU-U.S. Privacy Shield Framework and ensure that your personal information is adequately protected whilst outside of the EEA.
Your personal data will also be shared with companies providing services under contract to the Sonatype, such as recruitment services, training providers, background checks, assessment tests, help desk providers, and IT hosting and/or IT maintenance providers. Note, in the event you are required to take an aptitude test as part of the recruitment process, such aptitude test is only one part of the application process, but is not solely determinative of your outcome or success. Personal data will also be shared with government authorities and/or law enforcement officials if required for the purposes above, if mandated by law or if required for the legal protection of our legitimate interests in compliance with applicable laws.
the extent permissible by applicable local law, in the event that Sonatype is sold or integrated with another business, your details may be disclosed to our advisers and any prospective purchaser's adviser, and will be passed to the new owners of the business.
We take the security of your data seriously. We have internal policies and controls in place to ensure that your data is not lost, accidentally destroyed, misused or disclosed, and is not accessed except by our employees in the proper performance of their duties
We will retain your personal data only for as long as we need it for recruitment processes, but the exact time may vary depending on the applicable provision of law or if you object to certain processing activities involving your data.
If your application for employment is unsuccessful, we will hold your data on file for six (6) months after the end of the relevant recruitment process for compliance purposes and for future employment opportunities. At the end of that period, we will ask for your consent to retain your information for an additional period of time for future employment opportunities. If you do not provide consent or once you withdraw your consent, your data is deleted and/or permanently anonymized to remove all identifying features. If your application for employment is successful, personal data gathered during the recruitment process will be transferred to your Human Resources file (electronic and paper based) and retained during your employment. The periods for which your employment data will be held will be provided to you in a new privacy notice applicable to employees
As a data subject, you have a number of rights. You can:
These rights do not exist in all circumstances and may be limited, for example if fulfilling your request would reveal personal data about another person, where they would infringe the rights of a third party (including our rights) or if you ask us to delete information which we are required by law to keep or have compelling legitimate interests in keeping. Relevant exemptions are included in applicable, including both the GDPR and in the Data Protection Act 2018. We will inform you of relevant exemptions we rely upon when responding to any request you make.
If you would like to exercise any of these rights or if you have any questions or concerns regarding your personal data, please contact privacy@sonatype.com or write to us at:
Privacy Matters
Sonatype, Inc.
8161 Maple Lawn Blvd, Suite 250
Fulton, MD 20759
If you believe that Sonatype has not complied with your data protection rights and you are an EU resident, you can also file a complaint with the supervisory authority where you live, work or where you believe a breach may have occurred. This is likely to be the Information Commissioner’s Office in the United Kingdom at https://ico.org.uk/concerns/
You are under no statutory or contractual obligation to provide data to Sonatype during the recruitment process. However, if you do not provide the information, we may not be able to process your application properly or at all.
The data controller for your information is Sonatype, Inc. (US). However, in the event you apply for a position located outside of the United States, your personal data may be shared with one or more of our international subsidiaries: Sonatype UK Limited (UK), Sonatype Colombia S.A.S. (Colombia), Sonatype Singapore Pte. Ltd. (Singapore), Ontario 1668244, Inc. (Canada), and Sonatype Australia Pty Ltd (Australia).
We may update this Candidate Privacy Notice to reflect changes to our information practices. To the extent we continue to hold your personal data, if we make any material changes we will notify you by email (sent to the e-mail address specified in your account) or by means of a notice on this Site prior to the change becoming effective. We encourage you to periodically review this page for the latest information on our privacy practices.
