Recruitment Privacy

Find information on our Recruitment Privacy Policy and data collection. This policy was last updated on 13 October 2023.

The basics

The basics

Who we are

As a potential employee or contractor of the Egress Software Technologies group, you may be applying for a role with any of our group companies in the UK, United States, Europe, Australia or Canada, whether in response to an open vacancy or on a speculative basis. Whatever the situation, we recognise the importance of your privacy.

Egress Software Technologies Limited is a company based in the United Kingdom and is the parent company within our group (which means that it owns the other companies). We use the words we, us, and our to refer to our business in this document. You can find out more about us and our group at

What is ‘personal data’ or ‘personal information’

It is difficult to provide a single definition which applies wherever you are located as the definitions used around the world differ, sometimes quite subtly.  Generally, it means something akin to information that “relates to an identified or identifiable natural person”.  As well as personal data/personal information, you may hear other phrases such as sensitive data, NPI (non-public personal information) and PHI (protected health information) and so on.  These are specific kinds of personal data that may have additional obligations in relation to how they are stored, shared and otherwise processed.     

In this document we refer to personal data.

Who holds your information

We store and process your personal data as set out further down in this policy.  You can contact us at or through our webform to exercise your rights.

How long we hold your information for

We will keep information that you provide to us for 12 months (unless you have a current job application in process with us).

If you are successful in your application, when you become an employee or contractor of our group, your personal data will be held in accordance with our Employment Privacy Policy and internal data retention policy (details of which will be made available to you at the appropriate time).

If you wish us to keep you up-to-date with possible future vacancies, we will keep your contact information for 12 months.

Selling information

We do not sell or rent your personal data to third-parties.  This is a concept that is referred to in a number of State laws in the United States (including California, Colorado, Connecticut, Utah, Virginia and Nevada).  Note that ‘sale’ does not include situations where we disclose personal data at your direction, or when it is otherwise permitted by law.

Security measures

We put a lot of effort into keeping your personal data secure and confidential. It is very important to us. We have technical and organisational measures and tools in place to appropriately protect it. These help prevent accidental, unauthorised, or unlawful access, use, loss, destruction or damage to it. We use administrative (e.g. training our employees on privacy and information security), technical (e.g. pseudonymization or encryption techniques, and the use of firewalls), and physical (e.g. locks and video surveillance at our office premises) measures.

Access to your personal data is limited to employees, contractors and third-parties that we have carefully checked.  They only have access where they have a business need to do so.  They will only process personal data on our instructions and are subject to duties of confidentiality.

Still, no system can be guaranteed to be 100% secure. If you have questions about the security of your personal data, or if you have reason to believe that the personal data that we hold about you is no longer secure, please contact us right away.

The rights you have in your personal data

You can find out about the rights you may have in the personal data that we hold about you here.  On that page, you will also find the contact details of our Data Protection Officer.

Doing your part

It is important you make sure the personal data that we hold about you is accurate, up-to-date and relevant. Tell us promptly if there are any changes by emailing

If you provide information about others

If you provide information and personal details about others (such as a referee), you confirm that they are happy for you to do so and for us to contact them at the appropriate stage of your application.

How your personal data is collected

How your personal data is collected

From you when you

  • direct, speculative approach
  • application through our website

From other parties such as

  • existing employee or contractor referrals
  • head-hunters
  • recruitment agency making a speculative approach or responding to open vacancies on our website
  • recruitment agencies responding to an approach by an existing employee or contractor
  • third party recruitment platforms, such as LinkedIn
  • references provided by third-parties that we approach (e.g. previous employers or individuals)
  • verification of claims made (e.g. qualifications) with third-parties (e.g. relevant industry bodies, training or educational establishments)
  • security clearance bodies

From cookies

You can find out more about the cookies on we use on our website in our Cookie Policy.  Some web browsers may transmit “do-not-track” signals to the websites and online services you communicate with. Whilst there is no industry standard that governs what, if anything, we should do if we receive such a signal, our website will not set cookies if your browser is set to ‘do-not-track’.

IP addresses

When you visit our website we record your IP addressThis may be kept in log files or matched against public or proprietary databases to provide us with information about your visit. It may identify the organisation to whom the IP address is registered (and in some cases enable us to identify you).

How we use your personal data

How we use your personal data

We use the data that we collect for a few reasons, examples of which are given below.

Acknowledging your application

  • contacting you directly, or via a third-party to acknowledge receipt and consideration of your application

Reviewing your application

  • reviewing and assessing your suitability for a role with us
  • if you have applied through a third-party this may involve us liaising with them to discuss the merits of your application

Communicating with you, an agency or other third-party involved in your application or recruitment

  • communication of progress, stages, requirements and outcomes
  • arranging interviews/travel arrangements

Interviewing you

  • during this process we will refer to, and rely on, information that we have received or obtained in relation to your application

Pre-employment checks

  • given the nature of our business, we are required to carry out certain checks with third-parties in relation to you prior to you joining our business. In some situations this may require you to instruct the third-party and to provide the result to us
  • to give you an idea of the nature of these checks, they include criminal record searches, pre-employment credit checks, education and previous employment checks
  • where we ask you to provide such a search we will not share the results with other potential employers and will abide by the relevant body’s code of practice in respect of handling the information

Keeping you informed of future roles

  • if you have asked us to do so, we may keep you informed about future roles that become available that we consider relevant to your experience. We may also notify third parties (such as recruitment agencies) of vacancies and they may then contact you in relation to them

Allocation of recruitment bonus awards

  • to ensure we obtain and retain the best possible talent, your contacts that you mention, or that provide us with your name may receive a financial incentive if you join us.

Enforcing our rights

  • we may need to process certain information (including personal data) to exercise or enforce our rights under this and any other relevant policies

Responding to and actioning your requests

  • processing may be required to respond to your requests for information (e.g. if you make a data subject access or data portability request) or to action a request you make (e.g. correction, deletion, erasure or restriction)

NOTEGroup companies: If you apply for a role within a group company located outside of the territory that you are currently resident in, it may be necessary for us to share your personal data with employees and contractors of that group company (and other third-parties working on its behalf as set out in this policy). These individuals may be located outside the country you are resident in.

How we process and share personal data lawfully

How we process and share personal data lawfully

This table shows the main basis we rely on to process personal data. Sometimes there may be a secondary basis for the same type of processing. If we share personal data, we only do so after careful consideration of whether it is necessary and lawful to do so.  We will only share information where we have a contract with the receiving party which requires them to keep the information just as secure as if we store it, or where we are legally required to make the disclosure.


Lawful Basis

Description / examples

Employees and contractors of other companies within our group

Legitimate Interest

We share your personal data with those most relevant to the role that you have applied for, or are seeking, to enable them to be involved in the potential recruitment process.  This may involve the transfer of your personal data to other territories and outside the country you are resident or located in.

Third-party recruitment agencies and head-hunters

Legitimate Interest

If you apply through a recruitment agency or head-hunter, we may share details of your application, its merits and success or failure with them (together with opinions such as our reasoning for any decisions taken).

Third-parties providing references or verification

Legitimate Interest

If you provide us with information about a referee, or have made claims in respect of certain qualifications, we may disclose the existence and nature of your application (and its status) to those third-parties in order to obtain a reference or validate your qualification.

Third-parties involved in interviewing or analysis

Legitimate Interest

Sometimes we may use third-parties in our interview process, where this is the case for the role or application you have made, you will be made aware of it prior to the interview and we may share details of your application with that third-party for the purpose of the interview.

Third-parties delivering systems

Legitimate Interest

We store information about applicants on our third-party SaaS platform currently provided by Recruitive Limited. More information about it  is available here or otherwise on request from us.

Law enforcement disclosures

Legitimate Interest

We may disclose information in order to comply with state, federal, national, EU or Member State law to which we are subject, including to meet national security and law enforcement requirements. You can find out more on our approach here.

Transfer of our rights

Legitimate Interest

We may transfer our obligations, rights and permissions in your information to any organisation to which we may transfer our business or assets (including if we, or a relevant part of us or our assets, are proposed to be purchased or acquired by a third-party).

Other important things to know

Other important things to know

Data Privacy Framework

We participate in the EU-U.S. and Swiss-U.S. Data Privacy Frameworks (DPF) and have self-certified to the U.S. Department of Commerce our adherence to the Principles for all personal information received from countries in the European Economic Area, Switzerland, and the United Kingdom in reliance on the DPF. To learn more about the DPF, visit the website at Program Overview ( If there is any conflict between the terms in this Privacy Policy and the DPF Principles, the Principles shall apply where it enables stronger protections.

Under the Data Privacy Framework, we are responsible for the processing of personal information we receive and subsequently transfer to a third party acting for or on our behalf. We are liable for ensuring that the third parties we engage support our DPF commitments. The U.S. Federal Trade Commission has regulatory enforcement authority over our processing of personal information received or transferred pursuant to Data Privacy Framework. We commit to cooperate and comply with the advice of the regulatory authorities to whom you may raise a concern about our processing of personal information about you pursuant to Data Privacy Framework, including to the panel established by the EU authorities and the Swiss FDPIC. This is provided at no cost to you.

If you do not feel that we have resolved your complaint or concern satisfactorily you can contact our U.S. based third-party dispute provider (free or charge) at https:// Under certain conditions, more fully described on the Data Privacy Framework website, you may invoke binding arbitration when other dispute resolution procedures have been exhausted.


If you have a complaint relating to our services you can raise it by emailing us or by calling +1-800-732-0746 (if you are in North America) or +44 (0) 20 3973 1333 (for anywhere else).   Please note calls may be recorded and/or monitored for quality assurance and compliance purposes. Call recordings are stored in the United Kingdom.  If your complaint relates specifically to the processing of your personal information, please email us here

You may also have the right to make a complaint at any time to a Supervisory Authority (such as the Information Commissioner's Office (ICO) in the UK).  We would, however, appreciate the chance to deal with your concerns before you approach a regulator so please contact us in the first instance.

You can find our detailed Complaints Policy at

About us

We are Egress Software Technologies Limited, for and on behalf of ourself and our group of companies.  You can find out more details about us at and you can contact us at Egress Software Technologies Limited (a foreign company registered on the Dutch Chamber of Commerce) further identified in the section above is our EU representative.

Changes to this policy

We can change this policy from time to time. You should check the website periodically to make sure that you have read our most recent policy.


This Policy , its subject matter and formation are governed by English law. We both agree that the courts of England and Wales will have exclusive jurisdiction.