Last modified: May 2018
Palantir Technologies Inc. and our subsidiaries worldwide (“Palantir” or “we”) are committed to complying with data protection legislation, including the data protection regime introduced by the General Data Protection Regulation (EU Regulation 2016/679) (the “GDPR”). This Notice of Privacy and Processing of Candidate Personal Data (the “Candidate Privacy Notice”) describes the “personal data” (as defined in the GDPR) that we collect about our Candidates (the “Candidate Data”) when they apply for a job at Palantir, what we do with that information, and what rights apply to candidates who are covered by the GDPR (the “Candidate(s)”).
Palantir is the so-called “Data Controller,” which decides why and how Candidate Data is collected and processed when Candidates apply for a job at Palantir.
For prospective, current, and former Candidates, at the start of the application process, we typically collect:
If a Candidate is selected for an interview and requests an accommodation during the interview process, we may also collect health related data as provided by the Candidate (including data about any disabilities) in connection with the accommodation request.
If a Candidate advances in the application process, we will usually collect additional information about the Candidate during the interview process, such as:
Information submitted as part of the application process, which includes any assessments and interviews, must be true, accurate, complete, and not misleading. Any false or misleading statements or omissions made by Candidates during the application process may be sufficient cause to justify the rejection of a Candidate’s application or, if the Candidate has already become an employee, the immediate termination of employment, in accordance with applicable law.
If a Candidate successfully completes the interview process and accepts an offer of employment from Palantir, then, prior to the start of their employment, we will collect additional Candidate Data (e.g., data to verify work eligibility, data regarding alleged or proven criminal offenses, to the extent permitted by applicable law). Additional information about this process will be provided to individuals who receive and accept an offer of employment from Palantir.
In some cases, the personal data we collect from Candidates is needed to meet our legal or regulatory obligations. If so, we will indicate that the provision of this information is mandatory.
Additionally, as part of the recruitment and application process, Palantir may also collect Candidate Data indirectly from third parties, such as:
We process Candidate Data in order to:
We are not allowed to process Candidate Data if we do not have a valid legal basis. Therefore, we will only process Candidate Data if:
Examples of the “legitimate interests” referred to above are:
To the extent that we process any special categories of personal data relating to Candidates, we will do so because:
All Palantir personnel accessing Candidate Data must comply with our internal rules and processes in relation to the processing of that data, to protect it and ensure its confidentiality. Palantir Personnel are also required to follow the technical and organizational security measures put in place to protect Candidate Data.
We have also implemented technical and organizational measures to protect Candidate Data against unauthorized, accidental, or unlawful destruction, loss, alteration, misuse, disclosure, or access and against all other unlawful forms of processing. These security measures have been implemented taking into account the state of the art of the technology, their cost of implementation, the risks presented by the processing, and the nature of the Candidate Data, with particular care for sensitive personal data.
We make Candidate Data available to appropriate Palantir personnel to complete the purposes indicated in section 3 above.
We usually also transfer relevant Candidate Data to third parties outside Palantir to complete the purposes listed in section 3 above, including:
The Candidate Data transferred within or outside Palantir as set out in sections 6.1 and 6.2 above, is in some cases also processed in a country outside the EEA, which covers the EU member states, Iceland, Liechtenstein and Norway. A list of the countries in which Palantir operates (inside and outside the EEA) can be found at: https://www.palantir.com/contact/. Non-EEA countries may not offer the same level of personal data protection as EEA countries.
If Candidate Data is transferred outside the EEA, we will put in place suitable safeguards to ensure that such transfer is carried out in compliance with applicable data protection laws and regulations. To ensure this level of protection for Candidate Data, Palantir may use a data transfer agreement with the third-party recipient based on standard contractual clauses approved by the European Commission or ensure that the transfer is to a jurisdiction that is the subject of an adequacy decision by the European Commission or to the US under the EU-US Privacy Shield framework. Where Palantir transfers Candidate Data to other group companies, we rely on the standard contractual clauses approved by the European Commission. Candidates may request additional information about the relevant safeguards by exercising their rights as set out below.
When applying for a job at Palantir, Candidates are asked whether they would like to be contacted about future job opportunities with Palantir, for up to three (3) years. This is voluntary, and Candidates are not required to agree to this. Further, a Candidate’s response to this question will not impact Palantir’s consideration of the Candidate for the position to which he/she is currently applying.
If a Candidate voluntarily indicates that Palantir may contact him/her about future job opportunities, then Palantir will retain the Candidate Data in order to contact the Candidate about potentially suitable job opportunities for up to three (3) years. The Candidate may revoke his/her consent at any time.
If a Candidate does not indicate that Palantir may contact him/her about future job opportunities, or if a Candidate revokes his/her consent, then Palantir will retain the Candidate Data for only as long as necessary to fulfill the purpose for which it was collected or to comply with applicable legal, regulatory or internal policy requirements. In general, although there may be limited exceptions, Palantir will keep Candidate Data for unsuccessful Candidates who do not request to be contacted for future job opportunities for 6 months to 1 year, following communication of the decision that the Candidate’s most recent application is unsuccessful. The exact length of time will vary by jurisdiction and individual circumstances. If Candidates wish to have their personal data, including contact information, removed from our databases, they can inform their Recruiter and/or make a request as described in section 8 below, which we will review as set out therein.
Data relating to successful Candidates who accept employment with Palantir, is dealt with by the employee privacy notice that will be provided upon joining Palantir.
Candidates have a number of rights in respect of Candidate Data. Details of those rights can be found in Palantir’s Privacy and Security Statement here: https://www.palantir.com/privacy-and-security/
To exercise the above rights, Candidates may send an email to email@example.com.
If a Candidate makes the above request and is not satisfied with Palantir’s response, he or she has the right to make a complaint to the data protection authority in the jurisdiction where the Candidate lives or works, or in the place where the Candidate thinks an issue in relation to his or her personal data has arisen.
This Candidate Privacy Notice was last updated in May 2018. It may be subject to amendments. Any future changes or additions to the processing of Candidate Data as described in this Candidate Privacy Notice will be communicated to Candidates through an appropriate channel.
To communicate with our Data Protection Officer, please email firstname.lastname@example.org.