InterSystems Candidate Privacy Statement

InterSystems Corporation (“InterSystems,” “we,” “us,” or “our”) respects your privacy as a job applicant or candidate (“you”) for a position within our global organization. This Candidate Privacy Statement (“Statement”) describes how we collect, use, retain, disclose, and secure your personal information during the recruitment process.

This Statement applies globally and incorporates specific provisions based on regional, national, and state laws. By submitting your application, you consent to the collection and use of your personal information as outlined in this Statement. For general privacy practices unrelated to recruitment, refer to the InterSystems Privacy Statement.

We Collect Your Personal Information Through:

• Direct Submission: Information you provide when applying online, submitting a resume, or participating in interviews.
• Third Parties: Data from recruitment agencies, background check providers, and references.
• Automatic Collection: Data from cookies and analytics when accessing our careers website. Please review the InterSystems Corporation Website Cookies page.

Examples of Personal Information Collected:

• Identifiers: Name, email address, phone number.
• Employment Data: Resume/CV, work history, references, certifications.
• Educational Data: Academic qualifications, certifications, skills.
• Sensitive Personal Information (where permitted): Race/ethnicity, disability status, gender, criminal records.
• Technological Data: IP address, device information, and usage analytics.

What Your Personal Information Is Used For:

• Recruitment Processes:
  
  • Managing your application.
  • Evaluating your suitability for a role.
  • Communicating interview updates.
  • Conducting background checks (where legally permissible).
• Compliance: Fulfilling legal and regulatory obligations.
• Talent Pools: Retaining your information for consideration for future opportunities (with your consent).

De-identified or aggregated data may be used for recruitment analytics and improving processes.

How Your Personal Information May Be Shared:

• Internally: With authorized personnel like HR teams, hiring managers, and IT staff.
• Externally: Service providers (e.g., recruitment agencies, background check vendors), and public authorities to comply with legal obligations.
• In Business Transactions: During mergers, acquisitions, or reorganizations.

International Data Transfers

We process your personal information in the United States and other countries worldwide. While privacy laws differ across regions, we are dedicated to implementing strong safeguards to protect your personal information and uphold your rights, regardless of where your data is handled.

• Transfers to countries with an adequacy decision: If we transfer your data to a country recognized as having adequate data protection laws (as determined by authorities like the European Commission), we rely on that recognition. For example, we adhere to the privacy principles established by the EU-US Data Privacy Framework (DPF), the UK Extension to the EU-US DPF, and the Swiss-US DPF for transferring personal information to the United States.

• Transfers to other countries: If your personal information is transferred to a country without an adequacy decision, we rely on internationally recognized safeguards, such as the European Commission’s Standard Contractual Clauses (SCCs) Clauses ( SCCs Controller-to-Controller and SCCs Processor-to-Processor) and/or the UK Information Commissioner’s Office International Data Transfer Agreement (IDTA Controller-to-Controller).

  If necessary, we implement additional contractual, technical, and organizational measures to ensure that personal information transferred is subject to an essentially equivalent level of protection.

• Your protection across borders: No matter where your data is transferred, we ensure it is handled with the same high standards of privacy that align with your home country’s applicable laws.

For more information about how your personal information is managed in specific regions, please refer to Section 10. Additional Region-Specific Disclosures.

We retain your personal information only for as long as necessary to fulfill the purposes for which it was collected, comply with legal obligations, or as permitted by your consent. Retention periods are determined based on applicable laws, statutory obligations, and our internal data retention policies.

Data Categories Retained

• Personal Information: Full name and contact details.
• Recruitment Data: Applications, resumes, references, performance assessments.
• Metrics: Interview notes, test scores, recruitment statistics.

Extended Retention with Consent

If you consent to retaining your information for future opportunities, we will keep it for the duration specified in the consent agreement or until you withdraw your consent.

Once your consent expires or is withdrawn, we will either delete or de-identify your information, as required by applicable legal and business obligations. If immediate deletion or de-identification is not feasible (e.g., due to backups), we will implement safeguards to restrict access and prevent active use of the data until it can be fully removed.

You may specific legal rights regarding the personal information we process about you. These rights vary depending on the laws in your location, but may include:

• Access, Correction, or Deletion: The right to access your personal information, correct inaccuracies, or request its deletion, under certain conditions.
• Objection: The right to object to the processing of your personal information, where applicable.
• Restriction: The right to request limitations on processing of your personal information under certain conditions.
• Portability: The right to receive your personal information in a structured, commonly used, and machine-readable format when processing is based on consent or a personal contract.
• Withdrawal of Consent: The right to withdraw your consent at any time, where your personal information is processed based on consent.
• Complaints: The right to lodge a complaint with a data protection supervisory authority. You may contact the authority in your place of residence, work, or the location of the data controller’s registered office. Details of the relevant supervisory authority can be found in the “Contacting Your Regional Data Protection Authority” section of the Exercising Your Rights page.

InterSystems will not discriminate against you for exercising these rights. If you submit a request, we will clarify:

• How your rights apply or differ based on your location and the legal basis for processing.
• Any overriding processing needs InterSystems may have and why they apply.
• How the rights of others may affect your request.

Additionally, InterSystems does not use automated decision-making that produces legal or similarly significant effects during recruitment activities covered by this Statement.

Our careers website uses cookies to enhance functionality and analyze usage. For more information, refer to our Cookie Policy.

We implement robust technical, organizational, and administrative measures to protect your data against unauthorized access, alteration, or misuse. Access to candidate data is restricted to authorized personnel only.

Australia
We may transfer or disclose your personal information to recipients in other countries.

Your personal information may be stored on IT systems located in Australia and the APAC region, as well as the United States, and the European Union.

If you wish to file a complaint about our compliance with Australian privacy laws, please contact us using the details provided above under “Your Privacy Rights” above. We will investigate and respond within a reasonable timeframe.

Brazil
When processing sensitive personal information, as defined under Brazil’s General Data Protection Law (LGPD), we ensure a lawful basis applies, such as fulfilling contractual obligations or exercising our rights.

In Brazil, you have the right to:

• Confirm whether we process your data.
• Correct inaccurate, incomplete, or outdated information.
• Under certain circumstances, object to processing, request anonymization, blocking deletion or exportation of your data.
• Obtain information about entities with which we share your data.
  

China
Under the Personal Information Protection Law (PIPL) of China, we may process your personal information only for legitimate purposes. If we transfer your personal data outside China, we comply with PIPL’s cross-border transfer rules and ensure adequate protections are in place.

France
For individuals in France, you may:

• Object to data processing on legitimate grounds unless required for legal obligations.
• Provide instructions for handling your data after your death.

Hong Kong
We adhere to Hong Kong’s Personal Data (Privacy) Ordinance (PDPO), guided by its six core Data Protection Principles (DPPs).

Israel
You are not legally obligated to provide the personal information described under section 2 above.

We may transfer your personal information outside of Israel for processing. By submitting your information, you provide your express consent to such transfers, where required by local law.

Kingdom of Saudi Arabia (KSA)
We process personal information in compliance with Saudi Arabia’s Personal Data Protection Law (PDPL).

Transfers of personal information outside Saudi Arabia are conducted only where necessary and in compliance with PDPL’s cross-border transfer requirements, including explicit consent or adequate safeguards.

South Africa
Your personal information will be processed in compliance with the Protection of Personal Information Act (POPIA). You have rights to access, correct, and delete your data, as well as to object to its processing.

United Arab Emirate (UAE)
We process your personal information in compliance with the UAE Personal Data Protection Law (PDPL). For international data transfers, we ensure safeguards are in place or obtain your consent, as required.

United States
If you are a California resident, please note the following:

• No “Sale” or “Sharing” of Personal Information: InterSystems does not “sell” personal information to third parties or “share” it for targeted advertising purposes, as defined under California Privacy Rights Act (CCPA). Personal information collected during recruitment, employment, personnel management, or related processes is handled strictly for legitimate purposes.
• Use of Sensitive Personal Information: We use your Sensitive Personal Information, if at all, solely to operate our business, support recruitment-related activities, or comply with applicable laws. Since we do not use this information beyond these purposes, we do not offer a right to limit its use.
• Submitting Requests: You may submit requests regarding your personal information as described in the Your Data Protection Rights section of our Privacy Statement. You may also authorize an agent to act on your behalf, provided we receive proof of authorization and can verify your identity and/or the agent’s authority.
• Verification Process: To ensure security and prevent fraud, we may request information to confirm your identity or your agent’s authority. Verification does not require creating an account and is limited to the information already in our records.

Data Protection Officer: Ken Mortensen
Email: Compliance@InterSystems.com
Phone: +1 (617) 621-0600
Post: 1 Congress St., Suite 3200, Boston, MA 02114 USA

InterSystems may update or revise this Statement periodically at its discretion. We recommend reviewing it occasionally to stay informed about our latest privacy practices.

The most recent update to this Statement was on November 20, 2024.