ZSCALER APPLICANT PRIVACY POLICY

Last Updated: January 2023

Introduction

We value our Applicants and their privacy regarding the information they share with us. This Applicant Privacy Policy informs each individual who applies to work with Zscaler, Inc. (“Applicant”, “you”, or “your”) how Zscaler, Inc. and its affiliates (collectively “Zscaler”, “we”, “our”, or “us”) collects and processes Personal Data (as defined below) when considering you for employment.

This Applicant Privacy Policy describes the Personal Data we collect, what we do with it, how long we store it for, whom we share it with, how we secure it, and what rights and obligations you as an Applicant have.

The Data Controller for your personal information is Zscaler, Inc., which maintains our third-party job site, Greenhouse, for the Zscaler group companies. In addition, the Zscaler entity with which you apply for a position is a joint controller for Applicant Personal Data. This Applicant Privacy Policy applies to both Zscaler entities, and Data Subjects may exercise their rights with respect to their Personal Data by contacting Zscaler Inc. as set forth herein.

Personal Data That We Collect and Process About You

We collect and use the following data (hereinafter referred to as “Personal Data”) about you to the extent permitted under applicable law:

• contact information (such as name, address, email address, and phone number);

• education certificates;

• experience information (such as education, skills, work experience and/or CVs, photograph, references, employee records, and appraisals);

• demographic information (such as age, date of birth, gender);

• citizenship and work authorization status;

• psychometric and ability test results;

• interview records; and

• data from public profiles, including social media profiles.

To the extent permitted under applicable law, we may also collect and process Personal Data that is viewed as sensitive Personal Data by some jurisdictions. This sensitive Personal Data may include:

• physical or mental health data;

• racial or ethnic origin;

• the commission or alleged commission by you of any offense; and

• any proceedings for any offense committed or alleged to have been committed by you, the disposal of those proceedings, or the sentence of any court in those proceedings.

We will collect and process any sensitive Personal Data in accordance with applicable data protection laws. 

If we ask you to provide any other Personal Data not described above, then we will provide you a clear notice of the Personal Data being collected and the reasons why at the time we collect it.

Retention of Your Personal Data

We will retain your Personal Data for as long as necessary for the purposes for which the Personal Data was collected and used by us, as stated in this Applicant Privacy Policy, and otherwise no more than two years from when the last position you have applied for has been closed (unless you are hired by us).  

If your application for employment is unsuccessful, we may retain your Personal Data for consideration for further job opportunities. We will retain your Personal Data for no more than two years from when the last position you have applied for has closed, or until you request your Personal Data is deleted, we. Please refer to the Your Rights section below for more information on how to delete your Personal Data. Please note that in certain cases, legal or regulatory obligations may require us to retain specific records for a different period of time.

If you accept employment with Zscaler, your Personal Data will be held on the basis set out in our Employee Privacy Notice, which is provided to all employees. This will generally be for the duration of your employment relationship with Zscaler, plus any applicable statutory retention periods.

Access to and Transfer of Your Personal Data

We take steps to limit access to your Personal Data to those persons who need to have access to it for one of the purposes listed in this Applicant Privacy Policy. We may share your Personal Data on a need-to-know basis with certain Zscaler employees based on their function within Zscaler (both in the country where you apply and in other countries in which we have operations, including countries outside the European Economic Area ("EEA")), as well as vendors and suppliers we use to process data on our behalf; successors in title of our business in case of a corporate transaction; and competent regulatory authorities, enforcement authorities, and other governmental agencies. We ensure that any third party processing your Personal Data equally provides for confidentiality and integrity of your Personal Data in a secure way. This will include transfers of your Personal Data both in the country where you apply and to other countries in which we have operations.

Zscaler takes all reasonably necessary steps to ensure that your Personal Data is shared and treated securely and in accordance with this Applicant Privacy Policy and applicable legislation. This means that we entered into legally necessary contracts with recipients of your Personal Data, including Standard Contractual Clauses as approved by the European Commission or equivalent means with parties outside the EEA that do not provide for an adequate level of protection. You are entitled to receive a copy of any documentation showing the suitable safeguards that have been taken. To request a copy, reach out to [email protected].

Security

We will take reasonable steps to ensure that your Personal Data is properly secured, using appropriate technical, physical, and organizational measures to protect it against unauthorized or unlawful use, alteration, unauthorized access or disclosure, accidental or wrongful destruction, and loss.

Your Rights

Subject to the conditions set forth in the applicable law, you have the following rights with regard to our processing of your Personal Data:

Right to access, correct, and delete your Personal Data - Zscaler will take steps to maintain correct Personal Data. You also have a responsibility to communicate changes in personal circumstances (e.g., change of address) to Zscaler so that we can ensure that your Personal Data is up to date.  

You have the right to request access to any of your Personal Data that Zscaler may hold, and to request correction of any inaccurate Personal Data relating to you. You furthermore have the right to request deletion of any irrelevant Personal Data we hold about you.

Right to withdraw consent - In the event your Personal Data is processed on the basis of your consent, you have the right to withdraw consent at any time by sending an email to [email protected] specifying your request, without affecting the lawfulness of processing based on consent before its withdrawal.

Data portability - To the extent that we use your Personal Data for the performance of the employment contract and that Personal Data is processed by automatic means, you have the right to receive all such Personal Data that you have provided to Zscaler in a structured, commonly used, and machine-readable format. You further have the right to require us to transmit it to another data controller where this is technically feasible.

Right to restrict Personal Data use - You have the right to restrict our use of your Personal Data where (i) you contest the accuracy of the Personal Data; (ii) the use is unlawful but you do not want us to erase the Personal Data; or (iii) we no longer need the Personal Data for the relevant purposes but you require it for the establishment, exercise, or defense of legal claims.

Right to object - To the extent that we rely on our legitimate interests to use your Personal Data, you have the right to object to such use, and we must stop such processing unless we can either demonstrate compelling legitimate grounds for the use that override your interests, rights, and freedoms, such as where we need to process the Personal Data for the establishment, exercise, or defense of legal claims.

Lodge a complaint - You also have the right to lodge a complaint with a supervisory authority in your country of residence if you believe that the collection and use of your Personal Data infringes this Applicant Privacy Policy or applicable law.

For further information regarding your rights, or to exercise any of your rights, please contact [email protected]. We reserve the right to request proof of identity from requesters, as well as to refuse to comply with excessive or manifestly unfounded requests. 

Please note that we may need to retain certain Personal Data for recordkeeping purposes and/or to complete any transactions that you began prior to requesting a change or deletion.

Contact Us

To learn more about Zscaler’s approach to Privacy, please visit https://www.zscaler.com/privacy/overview.

If you have any questions or concerns regarding our use of your Personal Data, or to exercise any of your rights, please contact Zscaler’s Senior Manager of EMEA People and Culture or Zscaler's Data Protection Officer at [email protected].