Job Applicant Privacy Policy

22 February, 2021

Personal Data File and Controller

This Job Applicant Privacy Policy (referred to as "Privacy Policy") informs why and how we process personal data about job Applicants applying to Aiven’s open positions. (referred to as "Applicant" and jointly "Applicants" or ‘’you’’).

Aiven Ltd as Data Controller

Aiven Ltd, Business ID: 2795743-5, as the data controller (referred to as "Aiven", "we" or "us") is responsible for ensuring that personal data is processed in compliance with this Privacy Policy and applicable data protection laws.

You may contact us in privacy related matters by email at privacy@aiven.io

Where do we collect the personal data from and what personal data we process?

We collect personal data predominantly directly from the Applicants through our website’s application form. Furthermore, we may collect the personal data the Applicant tells us during job interviews, or when the Applicant contacts us by telephone, email or some other means. We may also collect personal data from third parties, for example, to ensure the chosen Applicant’s right to work in the relevant state. 

Applicant data

The following personal data is processed in connection with the recruitment process:

  • Identity and contact information of the Applicants (e.g. full name, email address, address, telephone number);

  • Employment and education data, (e.g. previous title, previous employer office location and department, references, licenses, certificates, education information); 

  • Additional personal information the Applicant may provide to us, (e.g. photos and videos, work samples, hobbies and any other personal information provided to us during interviews or other interaction with the Applicant).

  • Data collected from third parties, (e.g. working permit confirmations or personal data included in written or oral communication with Applicant’s references). 

Technical data

We collect some technical data automatically through the use of our website or services, which may be associated with Applicants (e.g. IP-address). See more information regarding the processing of personal data on our website here.

Special categories of personal data

We do not process special categories of personal data about our Applicants. 

For what purpose do we process personal data?

We process Applicants’ personal data for the following purposes:

Organizing and managing the recruitment process

We process personal data for the purposes of storing, reviewing and managing job  applications as part of our recruitment processes. Furthermore, we process personal data to communicate with, and to carry out the evaluation, selection and appointment of the Applicant. We may also carry out background and reference checks, and for some positions, ensure that the Applicant has the appropriate working permits. 

Informing and offering our new open positions

We process personal data to inform the non-selected Applicants about our new similar open positions as the Applicant applied for, and to offer the similar positions directly to the Applicant.  

To fulfill our legal obligations and rights. 

We process personal data to comply with legal requirements under applicable laws (e.g. tax and accounting obligations) and with court orders and requests by competent regulatory and governmental authorities. We may also process personal data to establish, exercise or defend legal claims in court and administrative proceedings. 

Automated decision-making: 

We do not process personal data for automated decision-making.

What is our legal basis to process personal data? 

Our legitimate interest

We process personal data to the extent this is necessary to fulfill our legitimate interests, which include our interests to:

  • To effectively manage and carry out the recruitment process;

  • To evaluate the Applicants in an equal and effective manner;  

  • To inform about and offer the Applicants our new open positions;

  • To protect our legal rights, including by handling complaints and exercising or defending legal claims;

Legal obligations

We process personal data to comply with legal requirements under applicable laws (e.g. tax and accounting obligations) and with court orders and requests by competent regulatory and governmental authorities.

To whom we share your data?

We share the Applicant’s personal data to third parties as follows:

  • to our relevant subsidiaries to the extent necessary to carry out the recruitment processes for open positions located at our subsidiaries;

  • to our third party service providers, including but not limited to, data storage, data management and recruitment service providers; 

  • as required or permitted to comply with legal obligations, requests by competent authorities and courts and related legal proceedings;

  • as required to establish, exercise or defend against legal claims; and

  • to prospective sellers or buyers if we are involved in a merger, acquisition, or sale of all or a portion of our assets.

All of our subsidiaries and third party service providers are required to take appropriate security measures to protect your data and they may only process personal data for the purposes mentioned in this Privacy Policy. 

Do we Transfer personal data outside the EU/EEA?

We store personal data on servers located in the European Union ("EU") provided by Google and Amazon Web Services. 

We transfer personal data to our subsidiaries and third party service providers overseas, which may involve the transfer of personal data to countries outside the European Economic Area ("EEA") which level of information protection may be lower than that offered within the EEA.

To the extent personal data is transferred to a country outside of the EU/EEA, we will use the required established mechanisms that allow the transfer to our subsidiaries and service providers in those countries, such as the Standard Contractual Clauses approved by the European Commission.

How long will we retain personal data?

We will only retain personal data for as long as necessary to fulfill the purposes defined in this Privacy Policy.  The main retention periods are as follows:

  • We retain the data for informing the non-selected Applicants about our new open positions, and for safeguarding our legitimate interest to establish, execute or defend a legal claim, for a maximum period of three years.  

Please note, that in case you are selected as our new employee, we will process your personal data thereafter under a separate employee privacy policy. 

What rights do you have?

You have the following rights:

  • The right to request access to personal data about yourself;

  • The right to request rectification, restriction or erasure of personal data. However, certain information is strictly necessary in order to fulfil the purposes defined in this Privacy Policy and may also be required by law. Thus, it may not be possible to remove such personal data.

  • The right to object processing, that is based on legitimate interest;

  • If processing of personal data is based on consent, you have the right to withdraw consent at any time. The withdrawal will not affect the lawfulness of the processing carried out before the withdrawal; and

  • The right to data portability, meaning the right to receive the personal data in a structured, commonly used machine-readable format and transmit the personal data to another data controller, to the extent required by applicable law. This applies for personal data processed based on contract or the Applicant's consent.

Should you wish to exercise your above mentioned rights, please send a request to us at privacy@aiven.io.

If you consider the way we are processing your personal data is conducted in an unlawful way or violates this Privacy Policy, you have a right to file a complaint to your national data protection authority in the EU/EEA. You may also file a complaint to the data protection authority in any other EU country where you live, work, or where you consider the alleged violation has occurred.

What security measures have we taken?

We have carried out reasonable technical and organizational measures to secure the personal data processed against unauthorized access, against accidental or unlawful destruction, manipulation, disclosure and transfer and against other unlawful processing. For instance, any physical data is stored in locked facilities and access to automatically processed data is limited by user rights and passwords within our organization.

Please be aware that, although we endeavour to provide reasonable security measures for personal data, no security system can prevent all potential security breaches.

Updates to this Privacy Policy

We may update this Privacy Policy from time to time. If we make any updates to this Privacy Policy, we will always publish the updated version on this page. 

Let‘s connect

Aiven for Apache Kafka, Aiven for Apache Kafka Connect, Aiven for Apache Kafka MirrorMaker 2, Aiven for M3, Aiven for M3 Aggregator, Aiven for Apache Cassandra, Aiven for OpenSearch, Aiven for PostgreSQL, Aiven for MySQL, Aiven for Redis, Aiven for InfluxDB, Aiven for Grafana are trademarks and property of their respective owners. All product and service names used in this website are for identification purposes only and do not imply endorsement.