Employment & Recruiting Privacy Notice

At Incorta, we provide analytics and data warehousing solutions to businesses across various industries. Our services enable businesses to streamline their data analytics processes, make informed decisions, and achieve their business objectives. 

 To deliver our services, we hire talented and dedicated employees who have the skills and expertise necessary to develop and support our software and platform. Our employees are essential to our success, and we are committed to protecting their privacy and personal information.

Collection of Personal Information 

We collect personal information directly from job applicants and employees, and from third-party sources such as references, background check providers, and recruiting agencies. The personal information we collect may include: 

  • Name, address, and contact information. 
  • Resume or CV 
  • Education and employment history 
  • Professional licenses and certifications 
  • References 
  • Background check results 
  • Immigration status and work authorization 
  • Diversity information (e.g., race, gender, ethnicity, disability status) for reporting purposes only 
  • Any other information necessary for employment or recruitment purposes 

Use of Personal Information  

We use personal information for the following purposes: 

  • Employment and recruitment: We use personal information to evaluate job applications, conduct interviews and assessments, verify qualifications, and make employment and hiring decisions. 
  • Background checks: We may use personal information to conduct pre-employment background checks, including criminal history checks, drug tests, and other screening checks as required by law or for certain job positions. 
  • Compliance: We may use personal information to comply with legal or regulatory requirements, such as immigration and tax laws, and to respond to legal claims or inquiries. 
  • Communications: We may use personal information to communicate with job applicants and employees about employment-related matters, such as job offers, benefits, and performance evaluations. 
  • Other purposes: We may use personal information for any other purposes compatible with the above purposes or as required or permitted by law. 

Disclosure of Personal Information 

We may disclose personal information to the following parties: 

  • Service providers: We may share personal information with third-party service providers who perform services on our behalf, such as background check providers, recruiting agencies, and payroll and benefits providers. 
  • Business partners: We may share personal information with our business partners to facilitate employment and recruitment activities, such as job fairs and networking events. 
  • Legal or regulatory authorities: We may disclose personal information to comply with legal or regulatory requirements, such as court orders or government investigations. 
  • Successors or assigns: We may transfer personal information to a successor entity or acquirer in the event of a merger, acquisition, or other corporate reorganization. 
  • Other parties: We may disclose personal information to any other parties with the consent of the job applicant or employee or as otherwise required or permitted by law. 

Tools and Services 

We use the following tools and services to process personal information: 

Tools/Vendors
Purpose of Processing
LeverWe use Lever’s recruiting software to manage job applications and facilitate communication with job applicants.
Empowerment Retirement ServicesWe use Empower Retirement Services as our 401k plan administrator.
ADP HCMWe use ADP Human Capital Management to manage payroll, benefits, and other employment-related processes.
CIGNAWe use CIGNA as our health plan provider.
Culture Amp We use Culture Amp’s employee engagement and performance management software to measure employee satisfaction and identify areas for improvement.
AliantWe use Aliant as our 401k provider/broker.
EurofastFor purposes of handling payroll & taxation calculations.
AICFor purposes of managing and distributing medical & life insurance program.
WTWOur third-party provider for Salary Surveys and benchmarks.
Creative Business KSA PEO (Professional Employer Organization).

Cloud Security of Personal Information 

We maintain appropriate technical and organizational measures to protect personal information against unauthorized or unlawful processing, accidental loss, destruction, or damage. We have implemented the following security technical measures to protect personal information:  

  • Access controls: We limit access to personal information to only those employees, agents, and service providers who have a need to know and are subject to confidentiality obligations. We also use access controls such as passwords, multi-factor authentication, and role-based permissions to further restrict access. 
  • Encryption: We encrypt personal information in transit and at rest using industry-standard encryption algorithms. 
  • Network security: We use firewalls and intrusion detection and prevention systems to protect against unauthorized access to our networks and systems. 
  • Monitoring: We monitor our systems and networks for security incidents and respond appropriately to mitigate any such incidents. 
  • Training: We provide regular training to our employees and contractors on information security and privacy best practices. 

Physical Security of Personal Information

Physical security measures are an essential component of our commitment to protecting the confidentiality, integrity, and availability of our customers’ information. We have implemented the following measures to ensure the physical security of our facilities and equipment: 

  • Physical Access controls: Our facilities are equipped with access control systems that restrict entry to authorized personnel only. Visitors must sign in and be escorted by an authorized employee. 
  • Video surveillance: Our facilities are equipped with video surveillance systems that monitor all areas of the facility, including entrances, exits, and server rooms. 
  • Environmental controls: We have implemented environmental controls such as fire suppression systems, temperature controls, and humidity controls to ensure that our equipment is kept in optimal operating condition. 
  • Data center security: We use third-party data centers that provide additional physical security measures, including 24/7 security guards, biometric access controls, and secure cages for our servers. 
  • Equipment disposal: We have established procedures for the secure disposal of equipment that is no longer in use, including the use of data wiping tools and secure disposal services. 

We regularly review and update our physical security measures to ensure that they remain effective and compliant with applicable laws and regulations. If you have any questions or concerns about our physical security measures, please contact us at security@incorta.com  

Retention of Personal Information  

We retain personal information for as long as necessary to fulfill the purposes for which it was collected, as well as to comply with legal or regulatory requirements. We have established retention periods for several types of personal information and regularly review and update our retention policies to ensure that we do not retain personal information for longer than necessary. 

International Transfers 

We may transfer personal information to countries outside the European Economic Area (EEA) and other countries that have not been determined by the European Commission to provide adequate levels of protection for personal information. In such cases, we respond appropriately to ensure that the personal information is adequately protected, such as: 

  • Standard contractual clauses: We use the European Commission’s standard contractual clauses for data transfers to third countries, which include contractual obligations on the recipient to protect personal information in accordance with EU data protection laws. 
  • Privacy Shield: For transfers to the United States, we may rely on the Privacy Shield framework, which is a self-certification program that requires participating organizations to meet certain privacy and security standards. 
  • Other safeguards: We may use other safeguards recognized by relevant data protection authorities, such as binding corporate rules or certification mechanisms. 

Data Protection Officer 

PRIVAON acts as our Data Protection Officer (DPO) representative in the EU. You can contact the DPO by email at dpo@incorta.com or by mail at: 

PRIVAON Oy 

Attn: Incorta Data Protection Officer 

Email: DPO@incorta.com 

Itämerenkatu 5 

00180 Helsinki, Finland 

Global Data Rights 

  • The right to access, update or delete the information we have on you. Whenever possible, you can access, update or request deletion of your Personal Data directly within your account settings section. If you cannot perform these actions yourself, please contact us to assist you. 
  • The right of rectification. You have the right to have your information rectified if that information is inaccurate or incomplete. 
  • The right to object. You have the right to object to our processing of your Personal Data.  
  • The right of restriction of processing. In certain cases, you have the right to request that we restrict the processing of your personal information. In this case we will limit our processing of your personal data to only storing it.  
  • The right to data portability. You have the right to be provided with a copy of the information we have on you in a structured, machine-readable, and commonly used format. 
  • The right to withdraw consent. You also have the right to withdraw your consent at any time, where Incorta relies on your consent to process your personal information. Note, however, that removing your consent will not undermine the processing of personal data carried out before the consent was withdrawn. 
  • The right to request a human review. You have the right to request human intervention and review of the decision impacting you in a significant way, and which was made by automated means. Currently there is no automated decision making involved in the processing of your personal data.

California Privacy Rights 

California residents have certain privacy rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA). For more information about these rights and how to exercise them, please see our California Privacy provisions in us Global Privacy Policy. 

Indian Privacy Laws 

We comply with the Indian Personal Data Protection Bill (PDPB), which is currently in the process of being enacted. We will update our privacy practices and policies to ensure compliance with the PDPB once it becomes law. 

Australia and New Zealand Privacy Laws 

We comply with the Australian Privacy Act 1988 and the New Zealand Privacy Act 2020, which regulate the handling of personal information in Australia and New Zealand, respectively. We protect personal information according to the principles set out in these laws. 

Saudi Arabia Privacy Laws 

We comply with the Saudi Arabian Data Protection Regulations, which were issued by the Saudi Data and Artificial Intelligence Authority in July 2021. We protect personal information according to the principles set out in these regulations.  

China Privacy Laws 

We comply with the Chinese Cybersecurity Law and the Chinese Personal Information Protection Law, which regulate the processing of personal information in China. We protect personal information according to the principles set out in these laws. 

Marketing 

To ensure that our customers have full control over their personal information, we have implemented an opt-in policy for the collection and use of their data. This means we will only collect and use your data for the specific purposes you have agreed to. 

When you sign up for our services, we will provide you with clear and concise information about the data that we collect and the purposes for which we will use it. We will ask for your explicit consent to collect and use your data for these purposes and will provide you with the option to opt out at any time.  

If you choose to opt out of any data collection or use, we will respect your decision and will not collect or use your data for that purpose. You can change your preferences or withdraw your consent at any time by contacting us at privacy@incorta.com  

Please note that if you choose to opt out of certain data collection or use, this may affect our ability to provide you with certain services or features. We will always strive to provide you with the best possible service while respecting your privacy preferences. If you have any questions or concerns about our opt-in policy, please contact us at privacy@incorta.com or check out our global privacy policy for more information. 

You can further opt-out in our opt-out center here. 

Cookies and Similar Technologies 

We use cookies and similar technologies on our website and online recruitment portals to enhance user experience and track usage information. For more information about our use of cookies and similar technologies, please see us Cookie Notice. 

Links to Third-Party Websites 

Our website and online recruitment portals may contain links to third-party websites or applications that are not under our control. We are not responsible for the privacy practices or content of such third-party websites or applications. We encourage you to review the privacy policies of those third parties before providing any personal information. 

Children’s Privacy 

Our website and online recruitment portals are not directed at children under the age of 18. We do not knowingly collect personal information from children under the age of 18. If you are a parent or legal guardian and believe that your child has provided us with personal information, please contact us at privacy@incorta.com. 

Changes to this Privacy Notice 

We may update this Employment & Recruitment Privacy Notice from time to time to reflect changes in our privacy practices or legal obligations. We will notify job applicants and employees of any material changes to this notice by email or other means of communication.  

Contact Us  

If you have any questions, comments, or concerns about this Employment & Recruitment Privacy Notice, or if you would like to exercise your privacy rights, please contact us at privacy@incorta.com or submit a DSAR (Data Subject Access Rights) access request by clicking on this form or by mail at: 

Incorta, Inc. 

Attn: Data/Privacy Officer 

Email: Privacy@incorta.com 

20813 Stevens Creek Blvd. 

Suite 220 

Cupertino, CA 95014 

USA