Our Global Candidate Privacy Notice

Proofpoint, Inc. understands the importance of safeguarding your privacy and we take this responsibility very seriously. This Global Data Privacy Notice for Employees, External Staff and Candidates ("Notice") is designed to help you understand how Proofpoint and any of its affiliated companies collects and uses the personal data we collect.

Overview and Application

This Notice covers all employment candidates of Proofpoint and its affiliated companies (collectively, "Proofpoint"). Additionally, we have region- or country-specific addendums that may provide additional information located here https://www.proofpoint.com/us/legal/country-specific-addendums.

Personal Data We Collect and How We Use It

We collect, use, and store (collectively "process") different types of personal data about you in the operation of our business. If you are an employee, we process personal data about you (and your dependents, beneficiaries and other individuals associated with your employment) primarily for managing our employment relationship with you and managing your interactions with workplace facilities/information systems. If you are a former employee, we process personal data about you primarily for legal compliance. If you are external staff, the type of personal data we process is limited to what we need to manage your engagement with Proofpoint and access to Proofpoint facilities and information systems. If you are a candidate, the type of personal data we process is generally limited to what we need to engage with you about Proofpoint career opportunities, consideration of your application for employment to specific roles at Proofpoint, including candidate screening, interview scheduling and management, lawful background screening, and to on-board you at Proofpoint if you receive and accept an offer of employment with us.

The personal data we process can include, but is not limited to, the following (some or all may apply to you):

• Identification data
• Contact information
• Demographic data
• National identifiers
• Data regarding responses to screening questions
• Background check information
• Previous employment information
• Data pertaining to work preferences and abilities
• Resume data
• Information on certain health conditions (only where required by law)
• Job interview notes
• Assessment results
• Employment details
• Financial information
• Travel-related records
• Expense data
• Cookies data
• Workplace, device, usage and content data which includes personal data collected from third parties or public sources as needed to support the employment relationship or to engage with you concerning job opportunities at Proofpoint

Collecting and using your data enables Proofpoint to administer the recruiting process, including setting up an electronic job applicant HR file, managing your application, conducting assessments, organizing interviews, processing interview feedback; on-boarding; and conducting background checks and screening.  Your data may also be used to notify you about other Proofpoint job opportunities. We may process your personal data to meet recordkeeping and internal and external reporting responsibilities. Your data may also be used in investigations or as required in legal proceedings.

Where does Proofpoint obtain your personal data

Much of the personal data we process is obtained from you, but we also obtain personal data about you in the course of the application process (for example, during interviews or via job assessments). Other data types may be obtained from third parties, including, for example, from recruitment agencies.

How and Why Proofpoint Shares Personal Data

Proofpoint will only share your personal data with those who have a legitimate business need for it.

In addition, we use third parties who provide services, including HR services providers, insurance organizations, external advisors, work agencies and employee benefits providers.  In providing such services, your personal data may be processed by the service provider on Proofpoint’s behalf for the purposes of providing the required service to Proofpoint.

Whenever we permit a third party to access your personal data, we will ensure the personal data is used in a manner consistent with this Notice (and any applicable internal data handling guidelines consistent with the sensitivity and classification of the personal data).

Workplace Security and Monitoring

Proofpoint monitors its IT and communications systems by a highly restricted number of people within its operations team. The primary purpose of this monitoring is Proofpoint’s legitimate interests in protecting its employees, customers, and business partners for security, safety, support, data loss, the protection of confidential information and company assets, the investigation of wrongful acts or potential violations of Proofpoint policies and for other legitimate business purposes as permitted under applicable law.

Additionally, any types of information transmitted to, through or from, received or printed from, or created, stored or recorded on our IT and communications systems and assets (included via the use of personal devices accessing corporate IT systems), are presumed to be business-related and may be monitored or accessed by us in accordance with applicable law and subject to Proofpoint’s own policies on access to and uses of such data.

Security of Personal Data

Proofpoint is committed to protecting the security of your personal data. We use a variety of security technologies and procedures to help protect your personal data from unauthorized access, use, or disclosure. We maintain physical, electronic, and procedural safeguards to protect the confidentiality of your personal data in addition to our access control policy.

Storage & Processing of Personal Data and International Transfer

Proofpoint operates globally and therefore personal data may need to be transferred to countries outside of where the personal data was originally collected. For example, because we are headquartered in the United States, personal data collected in other countries is routinely transferred to the United States for processing.

If your application for employment is successful and you commence employment with Proofpoint, your personal data may be transferred and processed in a manner consistent with this Notice.

If your application for employment is not successful, and depending on local laws, we will generally keep your personal data beyond the end of the application process for the purposes of (i) contacting you for future job vacancies, (ii) to meet recordkeeping requirements, and (iii) for potential use in legal proceedings.

Your Data Rights

Depending on the laws of the country/region where you reside, you may have certain rights regarding your personal data. For general questions and queries on privacy and the applicable privacy rights in your country/region, please contact us as outlined under “Contacting Us” below. For country-specific notices, please see the addenda available here: https://www.proofpoint.com/us/legal/country-specific-addendums.

Contacting Us

If you have any enquires or complaints about how we use your personal data, please contact us at:

Proofpoint, Inc.
Attn: Data Privacy Officer
925 W. Maude Ave.
Sunnyvale, CA 94085

Email: privacy@proofpoint.com

Changes to this Notice

We may modify this Notice from time to time to reflect changes to our information practices, so please check back frequently. When we do, we will revise the "last updated" date at the top of the Notice. Unless stated otherwise, our current Notice applies to all information that we have about you.  We stand behind the promises we make, however, and intend not to materially change our policies and practices to make them less protective of candidate personal data collected in the past.