Nutanix Job Applicant Privacy Notice
This is an archived version of our Nutanix Job Applicant Privacy Notice dated July 27, 2023. View the current version.
1. To whom does this Notice apply?
Your privacy is important to us. This Notice only applies to the personal information of job applicants, potential candidates for employment, and those who participate in our recruiting programs and events. The purpose of this Job Applicant Privacy Notice (“Notice”) is to inform you about how Nutanix, Inc. and our affiliates and subsidiaries who engage with you during the recruitment process (collectively, “Nutanix”, “we,” “our,” or “us”) handle or process the personal information regarding our job applicants or candidates (collectively, “you”), the type of information we process, why we are processing it, how that processing may affect you and your privacy rights with respect to such information.
If you are a job applicant located in the European Economic Area (“EEA”) or the UK, the Nutanix entity which would be employing you is the controller of your personal information. As data controller, that Nutanix entity is responsible for ensuring that the processing of your personal information complies with applicable data protection law. You can identify your controller and its contact details via the Nutanix entity name provided in the offer letter or by checking the local Nutanix entity in the country corresponding to the job location in the “Contacting Nutanix” section below.
By submitting your application to us, you acknowledge and agree that:
- You have read and understood this Notice and acknowledge the collection, processing, use and disclosure of your personal information as set out in this Notice.
- You are not required to provide any requested information to us, but failure to do so may result in not being able to continue your candidacy for a job with us.
- The information you give us is true and correct to the best of your knowledge and belief, and you have not knowingly omitted any related unfavourable information. Providing any inaccurate or misleading information may make you ineligible for employment.
- This Notice applies to the personal information you provide to Nutanix as an applicant for employment but should not be construed as an offer of employment and does not form part of any contract of employment offered to candidates hired by Nutanix. If you are offered employment at Nutanix, you will be provided with a separate privacy notice addressed to employees.
Please note that this Notice does not apply to (i) personal information about our employees, contractors or customers or to other personal information that Nutanix collects for other purposes, which is subject to separate privacy policies, or (ii) any third-party websites and applications that you may use, including any which we link in our websites, which are governed by the applicable terms and policies of the third party.
If you are unable to access this Notice due to a disability or any physical or mental impairment, please contact us using the contact details provided under the "Contacting Nutanix" section and we will arrange to supply you with the information you need in an alternative format that you can access.
3. What do we mean by "personal information" and "processing"?
"Personal information" is information relating to you (or from which you may be identified) which is processed by automatic means or which is (or is intended to be) part of a structured manual filing system. It includes not only facts about you, but also intentions and opinions about you. Data "processed automatically" includes information held on, or relating to use of, a computer, laptop, mobile phone or similar device.
"Processing" means doing anything with your personal information. For example, it includes collecting it, holding it, disclosing it and deleting it.
Personal information revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, health, sexual orientation, sex life, trade union membership and genetic and biometric data are subject to special protection and considered by many countries, including the EEA and UK, to be "sensitive personal information." It may also include information about an individual's criminal offences or convictions, and any other information deemed sensitive under applicable data protection laws. This may also be referred to as "special category data."
4. What personal information do we collect and how do we use it?
Subject to applicable law, we process your personal information for the purposes of recruiting job applicants and candidates to fulfil available job positions. Most of the personal information that we process about you comes directly from you. Other personal information about you comes from references and third-party companies such as recruitment agencies. Your personal information will be seen internally by managers, administrators, and HR.
Personal information we collect from you
Subject to applicable law, we collect the following categories of personal information from you through the application and recruitment process:
- Identifiers and contact information. This includes your name, phone number, email address, mailing address, photograph, work and personal references including their contact information, date of birth, signature, beneficiary and emergency contact information, and other similar contact data.
- National identifiers and work eligibility information. This includes your national identification number, social security number, social insurance number, government identification number (e.g., CPF, RG, CNH), country, region, and city of birth, nationality, citizenship status, visa status, residency and work permit status, and immigration information.
- Demographic information. This includes your age, income, marital/civil partnership status, gender, and military service.
- Education information. This includes your educational history, degrees and diplomas, qualifications, certifications, training, and skills.
- Employment history, social media and background check verification. This includes information includes information you provide in connection with the application and recruitment process such as your resume, Curriculum Vitae, work history, professional background, and where permitted by applicable law, information associated with social media platforms (e.g. social media handle) or professional networking sites (e.g. LinkedIn). This also includes information collected through reference checks, criminal and financial background checks (where applicable) and information from publicly available sources, including credit history, criminal records, and other information revealed during background checks.
- Financial information and employment preferences. This includes your current and/or desired salary (if provided) and other information relating to desired compensation and benefits packages, job preferences, and willingness to relocate.
- Audio, electronic, visual, and similar information. This includes information transmitted in connection with interviews, online or phone-screenings, emails, photographs, videos or phone conversations, or voice recordings you may have if applicable. This also includes video monitoring (e.g. closed-circuit television or “CCTV”) of our facilities and badge scanning for security purposes, subject to applicable law. Our use of CCTV is used primarily to monitor entry/exit points, lobbies, and other areas containing valuable or highly sensitive assets, such as server and equipment rooms.
- Sensitive Personal Information. This includes information related to racial and ethnic origin, religious beliefs, trade union membership, sex/gender, gender identity and expression, military or veteran status, information regarding criminal offenses or convictions, and health and medical information, including disability status or an accommodations request, and may be processed where we have obtained your consent or the collection of such data is allowed by applicable law.
- Travel information. Where applicable, this includes information provided for any travel to and from interviews, and may include dates and length of travel, hotel name and location, flight arrangements, or other similar travel information.
- Other Information. Any other information you create or provide to us in connection with your application for employment or during the recruitment process, or from a prior application, including any content you provide via webform, during an interview, or as part of other forms of assessment during the recruitment process.
- Inferences. We may infer information about you regarding any of the information provided above regarding your preferences, characteristics, predispositions, intelligence, abilities, and aptitudes.
Personal information we collect automatically
We automatically collect certain device and usage information when you use or interact with our websites or communicate with us electronically. This information includes details about your devices, applications and networks, including internet protocol (IP) address and cookie identifiers.
- Internet or other electronic network activity and analytics. When using or accessing Nutanix websites or applications, we process information relating to your communications and use of our sites, systems, and applications, including device information; usernames and passwords; system log data like IP address, browser type, and language, access times, and referring website addresses; information collected through cookies or web beacons; usage and page navigation data, such as time spent on our sites, systems or applications, features used, and actions taken; contents, header, metadata, delivery and access information for emails, chat tools, documents, and other communications, data, and files transmitted through our site, systems, or applications.
- Geolocation data. We process approximate location data based on your IP address when you visit our site.
Some of our online recruiting activities conducted on social media sites are hosted by third parties, including the social media sites. When you access sites operated by these third parties, they may place their own cookies or other tracking technologies on your device.
Personal information provided by third parties
Subject to applicable law, we collect personal information about you from third parties, including the following:
- Background check providers: If you receive an offer from us, depending on the role, we may then conduct a background check and additional information (as permitted and in the manner permitted by applicable law) on criminal history. Background screening will only be done where permitted by law applicable to the location where the position is located and to the extent necessary and proportionate to the role that you are being offered. A background check will only involve criminal background data to the extent permitted in your specific jurisdiction.
- Professional recruitment firms: We may also collect personal information about you from professional recruiting firms.
- References or other third parties: We may collect personal information about you from your references and other third parties, including former employers, educational institutions or schools, or the person that refers you to Nutanix (as applicable).
We may combine the personal information we receive from various sources with personal information we collect from you and use it as described in this Notice.
We may also use your personal information in an aggregated and/or de-identified form for Nutanix's analytics purposes, including to improve our recruitment and hiring process and augment our ability to attract successful candidates.
How we use your personal information
In general, and subject to applicable law, we may use your personal information for the following purposes:
- Recruitment, selection, evaluation and appointment (temporary or permanent) for the job you have applied for and for subsequent or future job opportunities. This includes processing your job application and tracking it through the recruitment process, and matching or evaluating your skills and interest to applicable job requirements.
- Arranging interview travel and processing expense reimbursement, if applicable.
- General HR administration and management (in case you become a Nutanix employee).
- Carrying out satisfaction surveys, managing and improving the recruitment process, including our processes and technology.
- Understanding your preferences to improve your recruitment and application process.
- Application analysis such as verification of your employment reference(s) that you have provided, background checks and related assessments.
- Compliance with corporate governance and legal requirements (for example, to monitor diversity, health and safety, and anti-discrimination requirements), including monitoring access and use of our websites, systems and applications.
- Conducting internal analyses of candidates who apply to improve our recruitment process, including our diversity and equal employment opportunities efforts.
- Managing our relationship with you, including facilitating meetings or interviews, communicating with you regarding your application and future opportunities (unless you have told us that you do not want us to keep your information for such purposes), and providing you with requested information; analyzing trends in our recruitment process for recruitment and development using de-identified and aggregated data which does not identify you.
- Managing, monitoring, and protecting the physical and cybersecurity of Nutanix premises, devices, systems, and infrastructure from unauthorized access, use, and other intrusions.
5. Legal basis for processing
What are the legal bases for processing?
Under data protection law, there are various legal bases on which we can rely when processing your personal information. In some contexts, more than one applies. We outline what those terms mean below:
Legal Basis for Processing
Processing necessary for performance of a contract with you or to take steps at your request to enter a contract
This covers carrying out our contractual duties and exercising our contractual rights.
Processing necessary to comply with our legal obligations
Ensuring we perform our legal and regulatory obligations. For example, providing a safe place of work and avoiding unlawful discrimination.
Processing necessary for our or a third party's legitimate interests
We or a third party have legitimate interests in carrying on, managing and administering our respective businesses effectively and properly and in connection with those interests processing your data.
Your personal information will not be processed on this basis if Nutanix's or a third party's interests are overridden by your own interests, rights and freedoms.
You have given specific consent to processing your data
In general, processing of your data in connection with employment will not be conditional on your consent. But there may be occasions where we do specific things such as provide a reference, seek to monitor diversity or obtain medical reports and rely on your consent to our doing so.
Processing sensitive personal information
There may also be situations where we collect information that are considered by the data protection laws applicable to your country to be sensitive personal information. If we process sensitive personal information about you, as well as ensuring that one of the grounds for processing mentioned above applies, we will make sure that one or more of the grounds for processing sensitive personal information applies. These include:
- Where you have provided your explicit consent;
- Where the processing is necessary for the purposes of your or our obligations and rights in relation to employment in so far as it is authorised by law or collective agreement;
- Where the processing relates to data about you that you have made public;
- Where the processing is necessary for the purpose of establishing, making, or defending legal claims.
We may request certain sensitive personal information such as information about your racial/ethnic origin, gender and disabilities which may be required to comply with anti-discrimination laws and government reporting obligations depending on the country you live in.
Further information on our legal basis for processing
Examples of the personal information, purposes and legal bases on which we process your personal information are in the table below. The examples in the table are not exhaustive.
Examples of personal information that we process
Legal basis for processing
Contacting you or others on your behalf
Monitoring of diversity and equal opportunities
Carrying out satisfaction surveys, managing and improving the recruitment process, including our processes and technology
Disputes and legal proceedings
If you have any questions about or need further information concerning the legal basis on which we collect and use your personal information, contact us at firstname.lastname@example.org.
6. How do we share your personal information
Your personal information may be disclosed to managers, HR and administrators for employment, administrative and management purposes as mentioned in this Notice.
In addition, we share your personal information with third parties who provide services on our behalf, including hosting the career portal, assisting with our recruitment efforts, and assessing job applications, or with other entities in our group as part of our regular reporting activities.
We do not sell or otherwise disclose or share any of your personal information for monetary or other consideration to any third parties, but we may disclose relevant information with our service providers to fulfil our business purposes, act on your behalf, comply with our legal obligations, or for other purposes described in this Notice.
Subject to applicable law, including consent (as required), we disclose your personal information in the following circumstances (where applicable):
- Internally within Nutanix. Your personal information may be disclosed to personnel involved in the recruiting and hiring processes and Human Resources for recruitment or other legitimate business purposes.
- Other Nutanix affiliates and subsidiaries. Your personal information may be shared for the purposes described above with other affiliates of Nutanix.
- Third party service providers. We may also share your personal information on a “need to know” basis with third parties who provide services to us such as recruitment and talent acquisition agencies, consultants, background check services (where permitted by applicable law), professional advisors and attorneys, technology providers, and employment history checks. Nutanix will seek to ensure that any personal information disclosed to these providers is only used in connection with the services these parties provide for Nutanix and that your personal information is treated by them in a confidential manner. Additionally, Nutanix has contracts with our service providers that provide measures for safeguarding and the proper use of your personal information, consistent with this Notice and in accordance with applicable law.
- Your employer/previous employers, organizations, or references. Nutanix may be required to share your personal information when we contact your previous or current employer, personal or other references provided, or other organizations to verify your employment history, education, or your references.
- Other third parties. Nutanix may also disclose your personal information to other third parties, including, without limitation, public or government authorities as necessary to comply with our legal obligations or to respond to a lawful government request, court order, administrative or judicial process (such as a subpoena or search warrant), as necessary to establish, exercise or defend our legal rights, property, ourselves or others; to enforce our agreements, terms and policies; to operate and maintain the security of Nutanix facilities, websites, systems, and applications, including protecting against any attack; as necessary to protect your vital interests or where there are threats to the health or physical safety of any person (for example, we may need to share your personal information with third parties in the event of an emergency), or in order to protect the legal rights of others.
- Corporate Transactions. Your personal information may be disclosed to relevant third parties in the event of, or as part of the due diligence for, any reorganization, sale, merger, consolidation, joint venture, assignment, transfer, or other disposition of all or part of our business, assets, or stock (including in connection with any bankruptcy or similar proceeding). If a corporate transaction occurs, we will provide notification of any changes to the control of your information, as well as choices you may have.
- To others with your consent. We may share your personal information where you have asked us to do so or where we have otherwise obtained your consent.
7. International transfers
Subject to applicable law, we may transfer your personal information outside of your jurisdiction, including to the U.S. and other countries where Nutanix has affiliates for further processing. Certain jurisdictions may not be considered to provide the same level of data protection as your home country.
Where Nutanix transfers personal information from the EEA/ UK to another country outside of the EEA/ UK, we will do so under a valid data transfer mechanism under applicable privacy law, such as via the EU Standard Contractual Clauses (and UK Addendum to the EU Standard Contractual Clauses) to protect your data. Additionally, Nutanix has data processing agreements in place with our service providers which incorporate valid data transfer mechanisms and provide technical, organizational, and contractual measures for the protection of your data.
8. How long do we keep your personal information?
We retain your personal information as necessary to fulfil the purpose for which it was processed and as necessary to comply with any retention or statutory limitations. The length of time depends on the initial purpose for which we collect and use the personal information, the applicable laws relevant for that information, and the standards set forth in our records retention or data handling standards or policies.
For example, if you apply for and are offered a position at Nutanix and accept it, we retain your personal information in your personnel file for the duration of employment plus any statutory period. If you apply for a job at Nutanix and your application is unsuccessful (or you withdraw from the process or decline our offer), Nutanix will retain your information for a certain time period after your application based on your country or state of residency (for instance, 4 years for California and 6 months for certain EU countries), unless you authorize us to retain your information for a longer time period for consideration for other future potential job opportunities. Additionally, we may retain information where there is a legal reason to do so, including complying with applicable law or as necessary to defend a legal claim. In the event that we are prevented from deleting or anonymizing your personal information due to any technical limitation, we will continue to safeguard your personal information and limit access and use of it.
Under certain circumstances we may aggregate and/or anonymize your personal information so that it can no longer identify you. We reserve the right to use such anonymous and de-identified data for any legitimate business purpose without further notice to you or your consent.
We maintain appropriate physical, technical, and organizational security measures which are designed to secure your personal information against accidental loss, unauthorized access, use, alteration, or disclosure. We also limit access to your personal information to those of our employees, agents, contractors, and service providers that have a legitimate need for such access. Additionally, Nutanix takes technical measures such as applying encryption in transit and at rest, conducting vulnerability assessments on our software and tools, monitoring the compliance of our service providers with data protection and security obligations, and ensuring that we have agreements in place with third parties which include data protection measures. Nevertheless, such measures cannot prevent all loss, misuse, or alteration of personal information.
10. Your choices
You have the ability to change or limit the collection, use, storage, or other processing of your personal information by utilizing any of the following options:
- Your Application. You may access and review your job application at any time. If any personal information is inaccurate or incomplete, you can make changes by emailing your Talent Advisor or email@example.com. If you are not offered or do not accept the position for which you have applied, with your authorization, we will keep your information on file in case any other suitable opportunities come up. If you do not wish to have this information retained, please contact us via the Nutanix Privacy Rights Portal or by emailing firstname.lastname@example.org.
- Recruiting Messages. You can opt out of emails we send you regarding available positions or general Nutanix updates by clicking on the unsubscribe link in the email message.
- Complaints or Questions. If you have any complaints or questions about your privacy and our collection, use, storage, or other processing of your personal information during the recruitment process, please contact us via the Nutanix Privacy Rights Portal or by emailing email@example.com.
11. Your rights
Depending on where you are located, you may have additional rights under the applicable privacy laws of your state or country. For example, the California Consumer Privacy Act (“CCPA”), other US state laws, and the EU and UK General Data Protection Regulations all provide individuals with additional rights to their personal information, as described in more detail below.
If you are located in the EEA or UK, you have the following rights:
- right to access, correct, update or request deletion of your personal information;
- right to object to or restrict the processing of your personal information or request the portability of your personal information;
- right not to be subject to automated decision making;
- if any of your personal information is collected on the basis of consent, you can withdraw your consent at any time – though withdrawal will not affect the lawfulness of what we have done before you withdraw consent; and
- you have the right to complain to a data protection authority about our collection and use of your personal information. For more information, please contact your local data protection authority (see contact details below).
Nutanix does not make any automated decisions in relation to your application without human involvement.
If you are a resident of California, you have the following rights:
- Right of access -You have a right to access a copy of the personal information we hold about you. This right may be limited depending on the volume and nature of the request, specific exceptions under the law, or the type of data available.
- Right to know – You have the right to know the personal information we store about you, including details of why we are processing it. This includes:
- Specific pieces or categories of personal information we have collected;
- Categories of the sources from which the personal information was collected;
- Categories of personal information that we disclosed for a business purpose;
- Categories of third parties to whom the personal information was disclosed for business purposes; and
- The business purpose for collecting the personal information.
- Right to rectification – You have the right to ask us to update or correct any of your personal information that is inaccurate, incomplete, or outdated.
- Right to deletion – You have the right to ask us to delete personal information about you. Please note that Nutanix may be prevented from deleting any or all of your personal information where certain exceptions may apply. For example, we may be required to retain information that is necessary to provide employment or contractor services, detect security problems, or to comply with law.
- Right to limit processing of sensitive personal information – You may ask us to limit the processing of sensitive personal information we process about you.
- Right to non-discrimination – Under the CCPA and other similar laws, you have a right not to be subject to discrimination if you exercise your privacy rights.
We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.
If you are located in a different jurisdiction, you may have other rights in relation to your personal information. For more information, please contact us at firstname.lastname@example.org.
If you wish to exercise your rights, please contact us via the Nutanix Privacy Rights Portal or by emailing email@example.com. Please note that if you make a request, we will require you to provide certain information for identity verification purposes. If we are unable to verify your identity, we may have to deny the request. You may authorize an agent to make a request to us on your behalf, and we will verify the identity of your agent or authorized legal representative by either seeking confirmation from you or documents that establish the agent’s authorization to act on your behalf.
You may have the right to appeal our decisions made with respect to your request. To appeal our decision on your request, you may contact us through one of the contact methods described under the section titled “Contacting Nutanix” below. Please enclose a copy of, or otherwise specifically reference, our decision on your request, so that we may adequately address your appeal. We will respond to your appeal in accordance with applicable law.
If you are unsatisfied with our response to your request or any complaint, or you feel that your privacy rights have been infringed, you have the right to contact your local data protection authority at any time.
- Contact details for the data protection regulators in the EEA are available here.
- In the UK, the data protection regulator is the Information Commissioner's Office. For contact details see here.
The local data protection regulator in California is the California Privacy Protection Agency. For contact details see here.
12. Changes to this Notice
We may change this Notice from time to time. If we make any changes, we will post an amended version and change the "Last Updated" date above. We encourage you to check back on this Notice periodically so that you are aware of the most recent version of it.
13. Contacting Nutanix
If you have any questions or concerns about this Notice, or the collection of your personal information, please contact us by any of the following methods:
Nutanix Privacy Office
Nutanix Data Protection Officer
Nutanix Netherlands B.V.
Nutanix France SAS
Nutanix Germany GmbH
Mainframe2 doo Niš
Nutanix Spain S.L.
For other entity addresses, please inquire at firstname.lastname@example.org.