Issued: 1st March 2024
1. Introduction
Gainsight, Inc. (together with our subsidiaries, “Gainsight”, “we” or “us”) has issued this Global Data Privacy Notice to describe how we handle personal information that we hold about our job applicants (collectively referred to as “you”).
We respect the privacy rights of individuals and are committed to handling personal information responsibly and in accordance with applicable law. This Notice sets out the personal information that we collect and process about you, the purposes of the processing and the rights that you have in connection with it.
If you are in any doubt regarding the applicable standards, or have any comments or questions about this Notice, please contact us at the contact details in Section 10 below.
2. Types of personal information we collect
In the course of your making an application for employment we may process personal information about you and your dependents, beneficiaries and other individuals whose personal information has been provided to us.
The types of personal information we may process include, but are not limited to:
- Identification data – such as your name, gender and date of birth.
- Contact details – such as home and business address and telephone/email addresses.
- Background information – such as academic/professional qualifications, education, CV/résumé, and criminal records data (for vetting purposes, where permissible and in accordance with applicable law).
- National (or other governmental) identifiers – such as national ID/passport/driver’s license, immigration/visa status, social security numbers (US only).
Sensitive personal information includes any information that reveals your racial or ethnic origin, religious, political or philosophical beliefs, genetic data, biometric data for the purposes of unique identification, trade union membership, or information about your health/sex life (“Sensitive Personal Information”). As a general rule, we try not to collect or process any Sensitive Personal Information about you, unless authorized by law or where necessary to comply with applicable laws.
However, in some circumstances, we may need to collect, or request on a voluntary disclosure basis, some Sensitive Personal Information for legitimate employment-related purposes: for example, information about your racial/ethnic origin, gender and disabilities for the purposes of equal opportunities monitoring (on the basis that it is in the public interest and in accordance with applicable law), to comply with anti-discrimination laws and for government reporting obligations; or information about your physical or mental condition to provide work-related accommodations, health and insurance benefits to you and your dependents, or to manage absences from work.
3. Sources of personal information
Usually you will have provided the information we hold about you but there may be situations where we collect personal information or Sensitive Personal Information from other sources. For example, we may collect the following:
- Certain background and other information from recruitment agencies, academic institutions, background checking agencies and other third parties during your recruitment.
- Information from publicly available sources (e.g. news sources and/or from social media platforms) in connection with any investigation or formal procedure concerning the same (for instance, for the investigation of an allegation that a staff member has breached our rules on social media use or conduct generally).
4. Purposes for processing personal information
(i) Recruitment purposes
If you are applying for a role at Gainsight, then we collect and use this personal information primarily for recruitment purposes – in particular, to determine your qualifications for employment and to reach a hiring decision. This includes assessing your skills, qualifications and background for a particular role, verifying your information, carrying our reference checks or background checks (where applicable) and to generally manage the hiring process and communicate with you about it.
If you are accepted for a role at Gainsight, the information collected during the recruitment process will form part of your ongoing staff member record.
If you are not successful, we may still keep your application to allow us to consider you for other suitable openings at Gainsight in the future.
(ii) Law-related purposes
We also may use your personal information where we consider it necessary for complying with laws and regulations, including collecting and disclosing applicant personal information as required by law (e.g. for anti-discrimination and other employment laws), under judicial authorization, to protect your vital interests (or those of another person), or to exercise or defend Gainsight’s legal rights.
5. Who we share your personal information with
We take care to allow access to personal information only to those who require such access to perform their tasks and duties, and to third parties who have a legitimate purpose for accessing it. Whenever we permit a third party to access personal information, we will implement appropriate measures to ensure the information is used in a manner consistent with this Notice and that the security and confidentiality of the information is maintained.
(i) Transfers to other group companies
As mentioned above, we will share your personal information with other members of the Gainsight family of companies around the world in order to administer human resources, staff member compensation and benefits at an international level on the HR System, as well as for other legitimate business purposes such as IT services/security, tax and accounting, and general business management.
(ii) Transfers to third party service providers
In addition, we make certain personal information available to third parties who provide services to us. We do so on a “need to know basis” and in accordance with applicable data privacy law.
For example, some of this information will be made available to:
- third parties who provide services in relation to the recruitment and application process, staff training and/or qualifications and staff surveys and performance and compensation reviews, e.g. Workday, Snowflake and Knoetic; and
- auditors, advisors, legal representatives and similar agents in connection with the advisory services they provide to us for legitimate business purposes and under a contractual prohibition of using the personal information for any other purpose.
(iii) Transfers to other third parties
We may also disclose personal information to third parties on other lawful grounds, including:
- To comply with our legal obligations, including where necessary to abide by applicable law, regulation or contract, or to respond to a court order, administrative or judicial process, including, but not limited to, a subpoena, government audit or search warrant;
- In response to lawful requests by public authorities (including for tax, immigration, health and safety, national security or law enforcement purposes);
- As necessary to establish, exercise or defend against potential, threatened or actual litigation;
- Where necessary to protect the vital interests of another person;
- In connection with the sale, assignment or other transfer of all or part of our business; or
- With your consent.
6. Legal basis for processing personal information (EEA and UK staff only)
If you are a job applicant in the European Economic Area (“EEA”) or the United Kingdom (“UK”), our legal bases for collecting and using the personal information described above will depend on the personal information concerned and the specific context in which we collect it. Some of the bases we rely on are set out above.
However, we will normally collect personal information from you only where:
- it is in our legitimate interests (as summarised above in Section 4) (which are not overridden by your rights, particularly taking into consideration the safeguards that we put in place, for example, those outlined in Section 4 above);
- we need the personal information to perform a contract with you (i.e., to administer an employment or work relationship with us);
- to comply with applicable immigration and/or employment laws and regulations;
- where we have your consent to do so. Where we have requested your consent to process your personal data, you have the right to withdraw your consent at any time; and/or
- to protect your vital interests or those of another person.
When we collect Sensitive Personal Information we normally so only where:
- in circumstances where you have made the data public;
- to comply with applicable immigration and/or employment laws and regulations;
- for the assessment of your working capacity;
- to protect your vital interests or those of another person;
- to establish, exercise or defend legal claims; and/or
- for reasons of substantial public interest in accordance with relevant law.
If you have questions about or need further information concerning the legal basis on which we collect and use your personal information, please contact us using the contact details provided at Section 10 below.
Where we request personal information and Sensitive Personal Information from you, you can choose not to provide it to us. However, unless otherwise indicated, the information we request from you is required in order to enter into our contract of employment with you or in order to comply with our legal obligations. Failure to provide it prevents us from effectively administering our contractual relationship with you (including any related employment benefits) and/or complying, which may mean we are unable to continue your employment.
7. Transfer of personal information abroad
As we operate at a global level, we may need to transfer personal information to countries other than the ones in which the information was originally collected and in particular our staff members data is hosted in the United States. When we export your personal information to a different country, we will take steps to ensure that such data exports comply with applicable laws. For example, if we transfer personal information from the EEA or UK to a country outside it, such as the United States, we will implement an appropriate data export solution such as entering into standard contractual clauses with the data importer, or taking other measures to provide an adequate level of data protection under applicable European Union or UK law.
The standard contractual clauses we rely on can be provided on request.
8. Data retention periods
Personal information will be stored in accordance with applicable laws and kept as long as needed to carry out the purposes described in this Notice or as otherwise required by applicable law. Generally this means your personal information will be retained until the end or your employment, employment application, or work relationship with us plus a reasonable period of time thereafter to respond to employment or work-related inquiries or to deal with any legal matters (e.g. judicial or disciplinary actions), document the proper termination of your employment or work relationship (e.g. to tax authorities), or to provide you with ongoing pensions or other benefits.
9. Your data privacy rights
You may exercise the rights available to you under applicable data protection laws as follows:
- If you wish to access, correct, update or request deletion of your personal information, you can do so at any time by contacting us using the contact details provided at Section 10 below.
- In addition, you can object to processing of your personal information, ask us to restrict processing of your personal information or request portability of your personal information. Again, you can exercise these rights by contacting us using the contact details provided at Section 10 below.
- If we have collected and process your personal information with your consent, then you can withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your personal information conducted in reliance on lawful processing grounds other than consent.
- You have the right to complain to a data protection authority about our collection and use of your personal information. For more information, please contact your local data protection authority.
- We respond to all requests we receive from individuals wishing to exercise their data protection rights in accordance with applicable data protection laws.
10. Contact details
Please address any questions or requests relating to this Notice to privacy@gainsight.com or alternatively, you can raise any concerns with your line manager, local Teammate Success teammate or our Data Protection Officer (DPO).
Our DPO can be reached at privacy@gainsight.com.