Last modified: September 2020
Palantir Technologies Inc. and our subsidiaries worldwide (“Palantir” or “we”) are committed to complying with data protection legislation, including the data protection regime introduced by the General Data Protection Regulation (EU Regulation 2016/679) (the “GDPR”) and California’s new Consumer Privacy Act (“CCPA”). This Notice of Privacy and Processing of Candidate Personal Data (the “Candidate Privacy Notice”) describes the “personal data” (i.e. information about an identified or identifiable individual or which is otherwise protected by applicable law) that we collect about our candidates (the “Candidate Data”) when they apply for a role or work at Palantir (whether as an employee, worker or contractor), what we do with that information, how and why your personal data will be used, namely for the purposes of the recruitment exercise, how long it will be retained for, and what rights apply to candidates who are covered by the GDPR (the “Candidate(s)”). We continue to update this Candidate Privacy Notice as similar rights become available for Candidates under the CCPA.
Palantir is the so-called “Data Controller,” which decides why and how Candidate Data is collected, held and processed when Candidates apply for a role or work at Palantir.
For prospective, current, and former Candidates, at the start of the application process, we typically collect:
In some cases, usually where Candidates volunteer it, the personal data that we process will also include special categories of data and/or information about protected legal categories, such as diversity-related information (including data about racial, national and ethnic origin, religious, political, philosophical or moral beliefs, age, trade-union membership, sexual orientation and veteran status) and health related data (including data about any disabilities). We may also collect socio-economic data relating to a Candidate, where Candidates volunteer it.
If a Candidate is selected for an interview and requests an accommodation during the interview process, we may also collect health related data as provided by the Candidate (including data about any disabilities) in connection with an accommodation request.
If a Candidate advances in the application process, we will usually collect additional information about the Candidate during the interview process, such as:
Candidates will not be subject to decisions that will have a significant impact on them based solely on automated decision-making.
Information submitted as part of the application process, which includes any CVs/resumes, assessments and interviews, must be true, accurate, complete, and not misleading. Any false or misleading statements or omissions made by Candidates during the application process may be sufficient cause to justify the rejection of a Candidate’s application or, if the Candidate has already become an employee, worker or contractor the immediate termination of the arrangement, in accordance with applicable law.
If a Candidate successfully completes the interview process and accepts an offer of employment or contract with Palantir, then prior to the start of their employment we may collect additional Candidate Data (e.g. data to verify work eligibility, data regarding alleged or proven criminal offenses, to the extent permitted by applicable law). Additional information about this process will be provided to individuals who receive and accept an offer of employment or contract with Palantir.
In some cases, the personal data we collect from Candidates is needed to meet our legal or regulatory obligations. If so, we will indicate that the provision of this information is mandatory.
Additionally, as part of the recruitment and application process, Palantir may also collect Candidate Data indirectly from third parties, such as:
We process Candidate Data in order to:
If you do not provide information when requested, which is necessary for us to consider your application (such as evidence of qualifications or work history), we will not be able to process your application successfully. For example, if we require a credit check or references for the role or work and you fail to provide us with the relevant details, we will not be able to take your application further.
In certain jurisdictions, we are not allowed to process Candidate Data if we do not have a valid legal basis. Therefore, where required by applicable law, we will only process Candidate Data if:
Examples of the “legitimate interests” referred to above are:
To the extent that we process any special categories of personal data relating to Candidates, we will do so because:
All Palantir personnel accessing Candidate Data must comply with our internal rules and processes in relation to the processing of that data, to protect it and ensure its confidentiality. Palantir personnel are also required to follow the technical and organizational security measures put in place to protect Candidate Data, and we limit access to your personal data to those employees, agent, contractors and other third parties who have a business need-to-know. They will only process your personal information on our instructions, and they are subject to a duty of confidentiality.
We take your security seriously and take reasonable steps to protect and secure your personal information. We have implemented adequate technical and organizational measures to protect Candidate Data against unauthorized, accidental, or unlawful destruction, loss, alteration, misuse, disclosure, or access and against all other unlawful forms of processing. These security measures have been implemented taking into account the state of the art of the technology, their cost of implementation, the risks presented by the processing, and the nature of the Candidate Data, with particular care for sensitive personal data.
We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.
We make Candidate Data available to appropriate Palantir personnel to complete the purposes indicated in section 3 above. For example, if you are referred to us by Palantir personnel, we will inform the applicable Palantir personnel who made the referral to inform them whether your application has been successful or not.
We usually also transfer relevant Candidate Data to the following third parties outside Palantir to complete the purposes listed in section 3 above, including:
All our third-party service providers and other entities in the group are required to take appropriate security measures to protect your personal data in line with our policies. We do not allow our third-party service providers to use your personal data for their own purposes. We only permit them to process your personal data for specified purposes and in accordance with our instructions.
The Candidate Data transferred within or outside Palantir as set out in sections 6.1 and 6.2 above, is in some cases also processed in a country outside the EEA, which covers the EU member states, Iceland, Liechtenstein and Norway. A list of the countries in which Palantir operates (inside and outside the EEA) can be found at: https://www.palantir.com/contact/. Non-EEA countries may not offer the same level of personal data protection as EEA countries.
If Candidate Data is transferred outside the EEA, we will put in place suitable safeguards (such as encrypting communication) to ensure that such transfer is carried out in compliance with applicable data protection laws and regulations. To ensure this level of protection for Candidate Data, Palantir may use a data transfer agreement with the third-party recipient based on standard contractual clauses approved by the European Commission or ensure that the transfer is to a jurisdiction that is the subject of an adequacy decision by the European Commission or to the US under the EU-US Privacy Shield framework. Where Palantir transfers Candidate Data to other group companies, we rely on the standard contractual clauses approved by the European Commission. Candidates may request additional information about the relevant safeguards by exercising their rights as set out below.
When applying for a role or work at Palantir, Candidates are asked whether they would like to be contacted about future job opportunities with Palantir, for up to three (3) years. This is voluntary, and Candidates are not required to agree to this. Further, a Candidate’s response to this question will not impact Palantir’s consideration of the Candidate for the position to which he/she is currently applying.
If a Candidate voluntarily indicates that Palantir may contact him/her about future job opportunities, then Palantir will generally retain the Candidate Data in order for the recruitment team to contact the Candidate about potentially suitable job opportunities for up to three (3) years, unless applicable law requires or permits different retention periods. Where Candidate consent is required, the Candidate may revoke his/her consent at any time by informing their recruiter and/or making a request as described in section 8 below.
If a Candidate does not indicate that Palantir may contact him/her about future job opportunities, or if a Candidate revokes his/her consent, then Palantir will retain the Candidate Data for only as long as necessary to fulfill the purpose for which it was collected or to comply with applicable legal, regulatory or internal policy requirements. In general, although there may be limited exceptions, Palantir will keep Candidate Data for the duration of the recruitment process and for unsuccessful Candidates who do not request to be contacted for future job opportunities for 6 months to 1 year, following communication of the decision that the Candidate’s most recent application is unsuccessful. The exact length of time will vary by jurisdiction and individual circumstances. We retain your personal data for that period so that we can show, in the event of a legal claim, that we have conducted the recruitment exercise in a fair and transparent way. Please contact email@example.com should you wish to receive more detailed information in this respect. Following this period, we will securely destroy your personal data in accordance with applicable laws and regulations. If Candidates wish to have their personal data, including contact information, removed from our databases, they can inform their recruiter and/or make a request as described in section 8 below, which we will review as set out therein.
Data relating to successful Candidates who accept employment with Palantir, is dealt with by the Employee Privacy and Security Statement that will be provided upon joining Palantir.
Depending on local legal requirements, Candidates may have a number of rights in respect of Candidate Data including rights to access, correction, erasure, object to processing, request the restriction of processing and/or request a transfer of data to a third party. Details of those rights can be found in Palantir’s Privacy and Security Statement here: https://www.palantir.com/privacy-and-security/. Please note that we are currently not able to honor the CCPA rights in respect to Candidates Data, but we continue to update this Candidate Privacy Notice as these rights become available for Candidates under the CCPA.
To exercise the above rights, eligible Candidates may send an email to firstname.lastname@example.org.
We will honor such requests, withdrawal or objection as required under applicable data protection rules but these rights are not absolute: they do not always apply and exemptions may be engaged. In response to a request, we may ask you to verify your identity and/or provide information that helps us to better understand your request. If we do not comply with your request, we will explain why.
If an eligible Candidate makes the above request and is not satisfied with Palantir’s response, he or she has the right to make a complaint to the data protection authority in the jurisdiction where the Candidate lives or works, or in the place where the Candidate thinks an issue in relation to his or her personal data has arisen. For the candidates based in the European Union, the contact details of each Data Protection Authority can be found at the following website: http://ec.europa.eu/justice/data-protection/article-29/structure/data-protection-authorities/index_en.htm.
This Candidate Privacy Notice was last updated in September 2020. It may be subject to amendments and modification from time to time. Any future changes or additions to the processing of Candidate Data as described in this Candidate Privacy Notice will be communicated to Candidates through an appropriate channel.
To communicate with our Data Protection Officer, please email email@example.com. If you have a disability and would like to receive this Candidate Privacy Notice in an alternate format, please email firstname.lastname@example.org.