Candidate Privacy Notice

Last Updated: 1 Dec 2025

  1. Purpose of This Notice: ControlUp Technologies Ltd. (“ControlUp”, “we”, “us”, or “our”) is committed to protecting the privacy, confidentiality, and security of personal data relating to individuals applying for employment with ControlUp (“Candidates”).

This Candidate Privacy Notice explains how we collect, use, store, share, transfer, and protect personal data during the recruitment and hiring process, in compliance with:

  • GDPR and UK-GDPR
  • Israeli Privacy Protection Regulations (Databases), 1981
  • S. state privacy laws where applicable
  • ISO/IEC 27701 (Privacy Information Management System)
  • ISO/IEC 27001 (Information Security Management System)

ControlUp acts as the Data Controller for candidate personal data.

  1. Personal Data We Collect: We collect and process personal data necessary for evaluating job applications, conducting interviews, and managing recruitment workflows. This includes the following categories:
Identification and Contact Information   • Name, email address, phone number
• Location, country of residence
• Social or professional profiles (e.g., LinkedIn) when provided
Application & Professional Information • CV/resume, work experience, education
• Skills, certifications, portfolios, assessments
• Interview notes and feedback
Compliance & Verification Information • Right-to-work/immigration documentation (only where legally required)
• Background checks (only were permitted and after notice/consent)
IT and Security Information • IP address, device metadata • System access logs, activity logs, and application usage data
Sensitive Data   We do not intentionally collect sensitive data unless:
• Required by law (e.g., disability accommodations)
• Voluntarily provided by the candidate
 
  1. Purposes of Processing: We process personal data for the following purposes:
Recruitment & Hiring Operations   1) Evaluating candidate qualifications and suitability
2) Scheduling and conducting interviews
3) Collecting feedback from interviewers
4) Managing recruitment workflows through Lever and internal systems
Compliance with Legal Obligations 1) Verifying right-to-work documentation
2) Record-keeping obligations under applicable law
Legitimate Interests 1) Talent acquisition and workforce planning
2) Improving recruitment processes
3) Maintaining a secure IT environment
4) Preventing fraud and ensuring system integrity
Consent (Only Where Explicitly Required) Used only for optional processing, such as joining a talent pool.
Special Category Processing Only where it’s 1) required by employment law necessary for health/safety or accommodations. 2) Explicitly consented (if voluntary)
– Where we rely on legitimate interests, ControlUp ensures those interests do not override the rights and freedoms of candidates.
 
  1. Data Retention: Candidate personal data is retained only for as long as necessary to fulfill recruitment-related purposes or comply with legal obligations.

Typical retention periods:

  • General application data: 12–24 months
  • Interview notes and assessments: up to 24 months
  • Talent pool data: only with explicit opt-in consent

After retention periods expire, data is securely deleted.

  1. Data Sharing and International Transfers: We may share candidate personal data with:
  • Internal HR, Talent Acquisition, and hiring managers
  • External service providers such as applicant tracking systems (Lever), background check vendors, or assessment tools
  • Legal or regulatory authorities if required

International Transfers: Where data is transferred outside the EEA/UK/Israel, ControlUp ensures lawful transfer mechanisms including:

  • Standard Contractual Clauses (SCCs)
  • UK IDTA
  • Adequacy decisions
  • Additional technical and organizational safeguards

We do not sell candidate personal data.

  1. Candidate Rights: Candidates have the following rights, subject to legal limitations:
  • Access to their personal data
  • Correction of inaccurate or incomplete data
  • Erasure (“right to be forgotten”)
  • Restriction of processing
  • Objection to processing
  • Data portability
  • Withdrawal of consent (where processing is based on consent)

Requests may be submitted to: privacy@controlup.com

  1. Automated Decision-Making: ControlUp does not make hiring decisions based solely on automated processing.
  1. Contact Information: For questions or to exercise privacy rights:

E-Mail: privacy@controlup.com