Proofpoint, Inc. understands the importance of safeguarding your privacy and we take this responsibility very seriously. This Global Data Privacy Notice for Employees, External Staff and Candidates ("Notice") is designed to help you understand how Proofpoint and any of its affiliated companies collects and uses the personal data we collect.
Overview and Application
This Notice covers all employment candidates of Proofpoint and its affiliated companies (collectively, "Proofpoint"). Additionally, we have region- or country-specific addendums that may provide additional information located here https://www.proofpoint.com/us/legal/country-specific-addendums.
Personal Data We Collect and How We Use It
We collect, use, and store (collectively "process") different types of personal data about you in the operation of our business. If you are an employee, we process personal data about you (and your dependents, beneficiaries and other individuals associated with your employment) primarily for managing our employment relationship with you and managing your interactions with workplace facilities/information systems. If you are a former employee, we process personal data about you primarily for legal compliance. If you are external staff, the type of personal data we process is limited to what we need to manage your engagement with Proofpoint and access to Proofpoint facilities and information systems. If you are a candidate, the type of personal data we process is generally limited to what we need to engage with you about Proofpoint career opportunities, consideration of your application for employment to specific roles at Proofpoint, including candidate screening, interview scheduling and management, lawful background screening, and to on-board you at Proofpoint if you receive and accept an offer of employment with us.
The personal data we process can include, but is not limited to, the following (some or all may apply to you):
- Identification data
- Contact information
- Demographic data
- National identifiers
- Data regarding responses to screening questions
- Background check information
- Previous employment information
- Data pertaining to work preferences and abilities
- Resume data
- Information on certain health conditions (only where required by law)
- Job interview notes
- Assessment results
- Employment details
- Financial information
- Travel-related records
- Expense data
- Cookies data
- Workplace, device, usage and content data which includes personal data collected from third parties or public sources as needed to support the employment relationship or to engage with you concerning job opportunities at Proofpoint
Collecting and using your data enables Proofpoint to administer the recruiting process, including setting up an electronic job applicant HR file, managing your application, conducting assessments, organizing interviews, processing interview feedback; on-boarding; and conducting background checks and screening. Your data may also be used to notify you about other Proofpoint job opportunities. We may process your personal data to meet recordkeeping and internal and external reporting responsibilities. Your data may also be used in investigations or as required in legal proceedings.
Where does Proofpoint obtain your personal data
Much of the personal data we process is obtained from you, but we also obtain personal data about you in the course of the application process (for example, during interviews or via job assessments). Other data types may be obtained from third parties, including, for example, from recruitment agencies.
How and Why Proofpoint Shares Personal Data
Proofpoint will only share your personal data with those who have a legitimate business need for it.
In addition, we use third parties who provide services, including HR services providers, insurance organizations, external advisors, work agencies and employee benefits providers. In providing such services, your personal data may be processed by the service provider on Proofpoint’s behalf for the purposes of providing the required service to Proofpoint.
Whenever we permit a third party to access your personal data, we will ensure the personal data is used in a manner consistent with this Notice (and any applicable internal data handling guidelines consistent with the sensitivity and classification of the personal data).
Workplace Security and Monitoring
Proofpoint monitors its IT and communications systems by a highly restricted number of people within its operations team. The primary purpose of this monitoring is Proofpoint’s legitimate interests in protecting its employees, customers, and business partners for security, safety, support, data loss, the protection of confidential information and company assets, the investigation of wrongful acts or potential violations of Proofpoint policies and for other legitimate business purposes as permitted under applicable law.
Additionally, any types of information transmitted to, through or from, received or printed from, or created, stored or recorded on our IT and communications systems and assets (included via the use of personal devices accessing corporate IT systems), are presumed to be business-related and may be monitored or accessed by us in accordance with applicable law and subject to Proofpoint’s own policies on access to and uses of such data.
Security of Personal Data
Proofpoint is committed to protecting the security of your personal data. We use a variety of security technologies and procedures to help protect your personal data from unauthorized access, use, or disclosure. We maintain physical, electronic, and procedural safeguards to protect the confidentiality of your personal data in addition to our access control policy.
Storage & Processing of Personal Data and International Transfer
Proofpoint operates globally and therefore personal data may need to be transferred to countries outside of where the personal data was originally collected. For example, because we are headquartered in the United States, personal data collected in other countries is routinely transferred to the United States for processing.
If your application for employment is successful and you commence employment with Proofpoint, your personal data may be transferred and processed in a manner consistent with this Notice.
If your application for employment is not successful, and depending on local laws, we will generally keep your personal data beyond the end of the application process for the purposes of (i) contacting you for future job vacancies, (ii) to meet recordkeeping requirements, and (iii) for potential use in legal proceedings.
Your Data Rights
Depending on the laws of the country/region where you reside, you may have certain rights regarding your personal data. For general questions and queries on privacy and the applicable privacy rights in your country/region, please contact us as outlined under “Contacting Us” below. For country-specific notices, please see the addenda available here: https://www.proofpoint.com/us/legal/country-specific-addendums.
Data Privacy Framework
Proofpoint complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. Proofpoint has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) under the UK Extension to the EU-U.S. DPF. Proofpoint has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland under the Swiss-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov.
Proofpoint is responsible for the processing of personal data it receives, under the EU-U.S. DPF, DPF, the UK Extension to the EU-U.S. DPF, and Swiss-U.S. DPF, and subsequently transfers to a third party acting as an agent on its behalf. Proofpoint complies with the EU-U.S. DPF Principles and the Swiss-U.S. DPF Principles DPF Principles for all onward transfers of personal data from the EU, UK, and Switzerland, including the onward transfer liability provisions.
The Federal Trade Commission [AND/OR U.S. Department of Transportation] has [each has] jurisdiction over Proofpoint’s compliance with the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF. In certain situations, Proofpoint may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
In compliance with the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF, Proofpoint commits to cooperate and comply with the advice of the panel established by the EU data protection authorities (DPAs), the UK Information Commissioner’s Office (ICO) and the Gibraltar Regulatory Authority (GRA), and the Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to unresolved complaints concerning our handling of human resources data received in reliance on the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF in the context of the employment relationship.
For complaints regarding EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF compliance not resolved by any of the other DPF mechanisms, you have the possibility, under certain conditions, to invoke binding arbitration. Further information can be found on the official DPF website: https://www.dataprivacyframework.gov/s/article/ANNEX-I-introduction-dpf?tabset-35584=2.
Contacting Us
If you have any enquires or complaints about how we use your personal data, please contact us at:
Proofpoint, Inc.
Attn: Data Privacy Officer
925 W. Maude Ave.
Sunnyvale, CA 94085
Email: privacy@proofpoint.com
Changes to this Notice
We may modify this Notice from time to time to reflect changes to our information practices, so please check back frequently. When we do, we will revise the "last updated" date at the top of the Notice. Unless stated otherwise, our current Notice applies to all information that we have about you. We stand behind the promises we make, however, and intend not to materially change our policies and practices to make them less protective of candidate personal data collected in the past.
© 2024. All rights reserved. The content on this site is intended for informational purposes only.
Last updated October 02, 2024.