Candidate Privacy Notice

Effective: January 1, 2023

This Notice applies to information that relates to you as an identifiable individual (often referred to as “personal information” or “personal data”) that Loom receives or collects when you apply for a job or other role with us and the rights you have in connection with that information. The term “Candidate” is used in this Notice to refer to anyone who applies for a job role, who applies for the relevant talent pool, who is considered for a role or for a relevant talent pool or who otherwise seeks to work with or for us (whether on a permanent or non-permanent basis).

Information We Collect

We will collect and process personal information from you through the application and recruitment process. Such information may include, but is not limited to:

• Identifiers and contact information. This includes your name, date of birth, email address, postal address, phone number, and other similar contact data.
• Professional and Employment-Related information. This includes information contained in your CV/resume, past employment history (e.g. previous employers, job titles, or positions), and, where applicable and allowed by applicable law, information associated with professional networking sites (e.g. LinkedIn profile).
• Education Information. This includes your educational history, academic degrees, professional qualifications, certifications, and skills.
• National Identifiers and Work Eligibility Information. This includes your national identification number, social security number, insurance numbers, nationality, citizenship status, visa status, and immigration information.
• Personal Characteristics. This includes data for diversity monitoring, where the collection of such data is allowed by law (e.g. gender, ethnicity, sexual orientation, veteran status, disability status, and any requests for accommodation in the application or interview process).
• Internet or other Electronic Network Activity Information. This includes information about you using cookies and other similar technologies when you use the recruitment system and browse our website (see our Privacy Policy and Cookie Policy for further information).
• Inferences drawn from the above categories.
• Sensitive personal information. We may collect sensitive categories of personal information, which may include government identification numbers, social security numbers, contents of communications, racial or ethnic origin, or health or medical information. We process sensitive personal information for permitted business purposes and in accordance with applicable law.

Information we may collect from other sources

We may also collect publicly available information about you from third parties who have a legal right to share such data with us, for example, your contact details or education or work experience information.

When you share contact details or other personal information of your references with Loom for your additional review, please keep in mind that you have a personal responsibility to obtain consent from them.

How We Use Your Information

We use your personal information for the following purposes:

• To communicate with you throughout the recruitment process
• To assess your suitability for employment with Loom (e.g., evaluate your knowledge, qualifications, and background for particular position)
• To verify the information you provided in order to conduct a background and/or reference check
• To create an offer package and make necessary arrangements for future employment
• To stay in touch and consider you for suitable possible future opportunities
• To conduct reporting and analysis of recruitment metrics
• To maintain and improve our hiring process

If you are not successful, we may still keep your application to allow us to consider you for other suitable openings within Loom in the future. Loom will not process your personal information for performing automated decision-making.

How We Share Your Information

Loom relies upon third-party vendors to manage your recruiting process. The following types of vendors might be involved:

• Third parties engaged in the recruitment process
• Third parties engaged in interviewing and testing of candidates
• Third parties engaged in the background-check process

Prior to using a third-party vendor, Loom executes a due diligence program and evaluates the vendor’s security and privacy posture.

We may also disclose your information to other third parties in the following circumstances:

• When we need to respond to a court order or judicial processes, such as a subpoena or search warrant
• When we need to stay compliant with our legal obligations
• When we need to defend against potential, threatened, or actual litigation
• When we are legally obliged to share a candidate’s information with law enforcement
• When we have to detect, prevent, or address fraud

In the last 12 months, we have disclosed the following categories of personal information for a business purpose to our service providers that support our recruitment website and services:Identifiers/contact information, professional or employment-related information, education information, personal characteristics, and inferences based on these categories.

We do not “sell” or “share” (as defined under California law) the personal information of Candidates.

How We Protect Your Information

To protect the security of your personal information, we use reasonable technical and organizational security measures (e.g. access controls, firewalls, network intrusion detection, etc). Learn more about our security and compliance efforts on our Security page.

Data Retention

In case you are not hired, Loom will retain your information for the duration of the application process plus 24 months after confirmation that your application was unsuccessful to allow us to record the reasons for our decision in relation to your application. However, we may store your data for extended periods if a longer retention period is required by applicable law or you provide your consent to maintain your data for future recruitment at Loom. We will retain information about you securely, and it will not be circulated outside of our systems or accessed by anyone not involved in the recruitment process and only on a need-to-know basis. If you do not wish us to retain your information for consideration for other roles, please get in touch with talent@loom.com. However, please keep in mind that Loom may store some information about you if required by law, or if we need to protect ourselves from legal claims.

Loom will store your Personal Data when you are hired for the terms of your employment and for as long as permitted or required by law after that to comply with our legal obligations or resolve disputes.

What is Loom’s legal basis for processing your data?

Where applicable law requires personal data to be processed according to a legal basis (for example, in the European Union), we process your personal data for the purposes described above based on the following legal bases:

• Our legitimate interests. For example, to conduct our recruitment processes efficiently and fairly or to manage applicants effectively. When we process personal data to meet our legitimate interests, we put in place robust safeguards to ensure that your privacy or other fundamentals rights and freedoms are not overridden by our legitimate interest to comply with our legal obligations.
• As needed to comply with legal obligations.
• As needed to comply with our contractual obligations.
• With your consent. You have the right to withdraw your consent at any time.

Data Transfers

If you are applying for a position with us from outside the United States (“U.S.”), the personal data that we collect about you in the recruitment process will be transferred to, and stored on, our servers, located in the U.S., and on servers maintained by our recruitment service providers in the U.S.. Authorized employees at Loom locations in the U.S. and at locations outside the U.S. may have access to your personal data as part of the recruitment process. These employees may use and disclose your personal data only for recruitment purposes, and must handle that information in accordance with this Privacy Policy and applicable data protection laws and guidance. The data protection laws where these companies are located may be less stringent than the laws of your home country.

Your Rights

When it comes to your personal information, you have the right to (subject to certain exemptions by law):

• Right to Know: You have the right to know what personal information that we have collected about you, including the categories of personal information, the categories of sources from which the personal information is collected, the business or commercial purpose for collecting, selling, or sharing personal information, the categories of third parties to whom the business discloses personal information, and the specific pieces of personal information the business has collected about you.
• Right to Delete: You have the right to request that we delete certain personal information that we have collected from or about you. Note that there are some reasons we will not be able to fully address your request (e.g., to detect and protect against fraudulent and illegal activity, to exercise our rights, for our internal purposes, or to comply with a legal obligation).
• Right to Correct: You may have the right to rectify the personal information that we hold about you by providing evidence that the information is not accurate.

Please contact us with any questions about how to exercise your rights by emailing hr@loom.com.

How can you contact Loom with any additional questions?

Please do not hesitate to contact us via privacy@loom.com if you have any additional questions.

Updates to this Privacy Notice

If we update this Notice, we will take appropriate measures to inform you, consistent with the significance of the changes we make, and in accordance with applicable law. We’ll publish any future changes to this Notice here and specify the date of last revision.