Home
Legal
Recruitment privacy

Recruitment Privacy

Download PDF

Effective from 1 April 2025, the KnowBe4 Website Privacy Notice applies.

The basics
How your personal data is collected
How we use your personal data
How we process and share personal data lawfully
Other important things to know

The basics

Who we are

As a potential employee or contractor of the Egress Software Technologies group, you may be applying for a role with any of our group companies in the UK, United States, Europe, Australia or Canada, whether in response to an open vacancy or on a speculative basis. Whatever the situation, we recognise the importance of your privacy.

Egress Software Technologies Limited is a company based in the United Kingdom and is the parent company within our group (which means that it owns the other companies). We use the words we, us, and our to refer to our business in this document. You can find out more about us and our group at www.egress.com/about.

What is ‘personal data’ or ‘personal information’

It is difficult to provide a single definition which applies wherever you are located as the definitions used around the world differ, sometimes quite subtly. Generally, it means something akin to information that “relates to an identified or identifiable natural person”. As well as personal data/personal information, you may hear other phrases such as sensitive data, NPI (non-public personal information) and PHI (protected health information) and so on. These are specific kinds of personal data that may have additional obligations in relation to how they are stored, shared and otherwise processed.

In this document we refer to personal data.

Who holds your information

We store and process your personal data as set out further down in this policy. You can contact us at privacy@knowbe4.com or through our webform to exercise your rights.

How long we hold your information for

We will keep information that you provide to us for 12 months (unless you have a current job application in process with us).

If you are successful in your application, when you become an employee or contractor of our group, your personal data will be held in accordance with our Employment Privacy Policy and internal data retention policy (details of which will be made available to you at the appropriate time).

If you wish us to keep you up-to-date with possible future vacancies, we will keep your contact information for 12 months.

Selling information

We do not sell or rent your personal data to third-parties. This is a concept that is referred to in a number of State laws in the United States (including California, Colorado, Connecticut, Utah, Virginia and Nevada). Note that ‘sale’ does not include situations where we disclose personal data at your direction, or when it is otherwise permitted by law.

Security measures

We put a lot of effort into keeping your personal data secure and confidential. It is very important to us. We have technical and organisational measures and tools in place to appropriately protect it. These help prevent accidental, unauthorised, or unlawful access, use, loss, destruction or damage to it. We use administrative (e.g. training our employees on privacy and information security), technical (e.g. pseudonymization or encryption techniques, and the use of firewalls), and physical (e.g. locks and video surveillance at our office premises) measures.

Access to your personal data is limited to employees, contractors and third-parties that we have carefully checked. They only have access where they have a business need to do so. They will only process personal data on our instructions and are subject to duties of confidentiality.

Still, no system can be guaranteed to be 100% secure. If you have questions about the security of your personal data, or if you have reason to believe that the personal data that we hold about you is no longer secure, please contact us right away.

The rights you have in your personal data

You can find out about the rights you may have in the personal data that we hold about you here. On that page, you will also find the contact details of our Data Protection Officer.

Doing your part

It is important you make sure the personal data that we hold about you is accurate, up-to-date and relevant. Tell us promptly if there are any changes by emailing careers@egress.com.

If you provide information about others

If you provide information and personal details about others (such as a referee), you confirm that they are happy for you to do so and for us to contact them at the appropriate stage of your application.

How your personal data is collected

From you when you

direct, speculative approach
application through our website

From other parties such as

existing employee or contractor referrals
head-hunters
recruitment agency making a speculative approach or responding to open vacancies on our website
recruitment agencies responding to an approach by an existing employee or contractor
third party recruitment platforms, such as LinkedIn
references provided by third-parties that we approach (e.g. previous employers or individuals)
verification of claims made (e.g. qualifications) with third-parties (e.g. relevant industry bodies, training or educational establishments)
security clearance bodies

From cookies

You can find out more about the cookies on we use on our website in our Cookie Policy. Some web browsers may transmit “do-not-track” signals to the websites and online services you communicate with. Whilst there is no industry standard that governs what, if anything, we should do if we receive such a signal, our website will not set cookies if your browser is set to ‘do-not-track’.

IP addresses

When you visit our website we record your IP address. This may be kept in log files or matched against public or proprietary databases to provide us with information about your visit. It may identify the organisation to whom the IP address is registered (and in some cases enable us to identify you).

How we use your personal data

We use the data that we collect for a few reasons, examples of which are given below.

Acknowledging your application

contacting you directly, or via a third-party to acknowledge receipt and consideration of your application

Reviewing your application

reviewing and assessing your suitability for a role with us
if you have applied through a third-party this may involve us liaising with them to discuss the merits of your application

Communicating with you, an agency or other third-party involved in your application or recruitment

communication of progress, stages, requirements and outcomes
arranging interviews/travel arrangements

Interviewing you

during this process we will refer to, and rely on, information that we have received or obtained in relation to your application

Pre-employment checks

given the nature of our business, we are required to carry out certain checks with third-parties in relation to you prior to you joining our business. In some situations this may require you to instruct the third-party and to provide the result to us
to give you an idea of the nature of these checks, they include criminal record searches, pre-employment credit checks, education and previous employment checks
where we ask you to provide such a search we will not share the results with other potential employers and will abide by the relevant body’s code of practice in respect of handling the information

Keeping you informed of future roles

if you have asked us to do so, we may keep you informed about future roles that become available that we consider relevant to your experience. We may also notify third parties (such as recruitment agencies) of vacancies and they may then contact you in relation to them

Allocation of recruitment bonus awards

to ensure we obtain and retain the best possible talent, your contacts that you mention, or that provide us with your name may receive a financial incentive if you join us.

Enforcing our rights

we may need to process certain information (including personal data) to exercise or enforce our rights under this and any other relevant policies

Responding to and actioning your requests

processing may be required to respond to your requests for information (e.g. if you make a data subject access or data portability request) or to action a request you make (e.g. correction, deletion, erasure or restriction)

NOTE: Group companies: If you apply for a role within a group company located outside of the territory that you are currently resident in, it may be necessary for us to share your personal data with employees and contractors of that group company (and other third-parties working on its behalf as set out in this policy). These individuals may be located outside the country you are resident in.

How we process and share personal data lawfully

This table shows the main basis we rely on to process personal data. Sometimes there may be a secondary basis for the same type of processing. If we share personal data, we only do so after careful consideration of whether it is necessary and lawful to do so. We will only share information where we have a contract with the receiving party which requires them to keep the information just as secure as if we store it, or where we are legally required to make the disclosure.

Action	Lawful Basis	Description / examples
Employees and contractors of other companies within our group	Legitimate Interest	We share your personal data with those most relevant to the role that you have applied for, or are seeking, to enable them to be involved in the potential recruitment process. This may involve the transfer of your personal data to other territories and outside the country you are resident or located in.
Third-party recruitment agencies and head-hunters	Legitimate Interest	If you apply through a recruitment agency or head-hunter, we may share details of your application, its merits and success or failure with them (together with opinions such as our reasoning for any decisions taken).
Third-parties providing references or verification	Legitimate Interest	If you provide us with information about a referee, or have made claims in respect of certain qualifications, we may disclose the existence and nature of your application (and its status) to those third-parties in order to obtain a reference or validate your qualification.
Third-parties involved in interviewing or analysis	Legitimate Interest	Sometimes we may use third-parties in our interview process, where this is the case for the role or application you have made, you will be made aware of it prior to the interview and we may share details of your application with that third-party for the purpose of the interview.
Third-parties delivering systems	Legitimate Interest	We store information about applicants on our third-party SaaS platform currently provided by Recruitive Limited. More information about it is available here https://www.recruitive.com/privacy-policy/ or otherwise on request from us.
Law enforcement disclosures	Legitimate Interest	We may disclose information in order to comply with state, federal, national, EU or Member State law to which we are subject, including to meet national security and law enforcement requirements. You can find out more on our approach here.
Transfer of our rights	Legitimate Interest	We may transfer our obligations, rights and permissions in your information to any organisation to which we may transfer our business or assets (including if we, or a relevant part of us or our assets, are proposed to be purchased or acquired by a third-party).

Other important things to know

Data Privacy Framework

Egress having been acquired by KnowBe4, now relies on the KnowBe4 Data Privacy Framework certification for data transfers. We continue to adhere to the principles of the DPF. Further information can be found at https://www.knowbe4.com/website-privacy-notice under the heading "More Important Information".

Complaints

If you have a complaint relating to our services you can raise it by emailing us or by calling +1-800-732-0746 (if you are in North America) or +44 (0) 20 3973 1333 (for anywhere else). Please note calls may be recorded and/or monitored for quality assurance and compliance purposes. Call recordings are stored in the United Kingdom. If your complaint relates specifically to the processing of your personal information, please email us here.

You may also have the right to make a complaint at any time to a Supervisory Authority (such as the Information Commissioner's Office (ICO) in the UK). We would, however, appreciate the chance to deal with your concerns before you approach a regulator so please contact us in the first instance.

You can find our detailed Complaints Policy at www.egress.com/legal.

About us

We are Egress Software Technologies Limited, for and on behalf of ourself and our group of companies. You can find out more details about us at www.egress.com/about and you can contact us at info@egress.com. Egress Software Technologies Limited (a foreign company registered on the Dutch Chamber of Commerce) further identified in the section above is our EU representative.

Changes to this policy

We can change this policy from time to time. You should check the website periodically to make sure that you have read our most recent policy.

Law

This Policy , its subject matter and formation are governed by English law. We both agree that the courts of England and Wales will have exclusive jurisdiction.