Subscribe to the Salt blog to learn about the latest developments in API Security

Job Candidate Privacy Notice

Last updated: June 2024

This Job Candidate Privacy Notice (“Notice”) describes what personal data we — Salt Security, Inc. and our affiliates (“Salt”, “we”, “our” or “us”) — collect and process on our job candidates and applicants (“Candidates”, “you” or “your”) as part of our application and recruitment process, why we collect it and how we use it. It also describes how candidates may exercise their rights to such data held with us.

We strongly urge you to read this Notice and make sure that you fully understand and agree to it. If you do not agree to this Notice, please avoid providing us with your data.

You are not legally required to provide us with any personal data, but without it we may not be able to process your application.

1. What data do we collect and how do we collect it?

Throughout the application and recruitment process, you may provide us (or we may otherwise have access to) personal data about you, such as your identifying data, contact details, resume/CV, work-related data, recommendations, social media activity, etc. We may collect this data directly from you, as you provide it voluntarily through your application and candidacy review process, or from other sources such as recruitment agencies, background check services (as applicable and subject to applicable law), or your references.

In some regions, we may also require you to submit sensitive data such as ethnicity, gender, and whether you have a disability, to ensure our compliance with our legal obligations under applicable law. We may also collect sensitive data about your prior criminal convictions and offences as part of our background checks for specific roles if permitted or required by law. To the extent legally required, we will obtain your explicit consent prior to any such collection and use.

For the purposes of the California Consumer Privacy Act (“CCPA”), in the last 12 months, we have collected the above-mentioned types of personal information about Job Candidates, which pertain to the following categories: identifiers; customer record information; characteristics of protected classifications; professional or employment-related information; geolocation data; audio, electronic, visual, or similar information; education information; and inferences from personal information collected. We may also require you to submit sensitive personal information (as outlined above).

2. For what purposes do we use your data?

We will use and process your personal data as part of the employment application process at Salt for the following business purposes:

Lawful Basis for Processing
To assess your skills and qualifications, and overall to verify, consider and process your application and candidacy for any of our positions, and to communicate with you regarding such processes
Pre-Contractual Measures
To contact you about other suitable roles within Salt in the future
– Legitimate Interests
– Consent (where applicable)
To maintain our internal records of recruitment and employment applications
– Legal Obligations
– Legitimate Interests
To create your employee personnel file, if hired
To comply with applicable legislation and industry codes
To manage risk and enhance our security and anti-fraud measures
Legitimate Interests
To create aggregated statistical or inferred data regarding our Candidates
To further develop and improve our recruitment processes
To protect the rights and interests of Salt and its affiliates

If you reside in a territory governed by privacy laws under which “consent” is the only or most appropriate legal basis for the processing of personal data as described herein, your continued interaction with our application process means that you have had the opportunity to read this Notice and that you accept this Notice, and will be deemed as your consent to the processing of your personal data for all purposes detailed in this Notice, unless applicable law requires a different form of consent. If you wish to revoke such consent, please contact us at  

3. Where do we store your data?

Your personal data will be maintained, processed and stored by Salt and our Service Providers (as defined in Section 6 below) in relevant Salt offices worldwide including Israel and the United States, in the applied position’s location(s), and other jurisdictions,as necessary for the proper processing of your candidacy.

While privacy laws may vary between jurisdictions, Salt, its affiliates and Service Providers processing personal data on our behalf, are each committed to protecting personal data in accordance with this Notice, customary industry standards, and such appropriate lawful mechanisms and contractual terms requiring adequate data protection, regardless of any lesser legal requirements that may apply in the jurisdiction to which such data is transferred.

To the extent we transfer candidates’ personal data originating in the European Economic Area (EEA), or the UK to countries that have not been recognized as offering an adequate level of data protection based on the adequacy decisions published by the European Commission (and associated) or the UK, as relevant, we rely on appropriate contractual undertakings and data transfer mechanisms as established under applicable law, such as the standard contractual clauses adopted by the EU (EU standard) and the UK (UK standard). You can obtain a copy by contacting us as indicated in Section 11 below. For data transfers to countries that been recognized to be providing an adequate level of data protection, we rely on such adequacy findings regarding the level of data protection offered by the recipient country.

4. How long may we keep your data for?

We may retain Candidates’ data even after the applied position has been filled or closed. This is done so we can reconsider Candidates for other positions and opportunities at Salt (subject to their specific consent, where required by law); so we may use their personal data as reference for future applications submitted by them; in case the Candidate is hired, for additional employment and business purposes related to their work; and as reasonably necessary to comply with our legal obligations, to resolve disputes, prevent fraud and abuse, enforce our agreements or otherwise protect our legitimate interests.

5. How do we secure your data?

Salt has implemented physical, procedural and electronic security measures designed to protect the personal data of our Candidates consistent with applicable privacy and data security laws and regulations, including requiring service providers to use appropriate measures to protect the confidentiality and security of personal data. Please be aware that regardless of the measures we take and the efforts we make, we cannot and do not guarantee the absolute protection and security of any personal data stored with us.

6. Who will have access to your data?

Salt will disclose your personal data to several selected third-party service providers, whose services and solutions complement, facilitate and enhance the processing of your application and our recruitment process. These include any recruitment firms or individuals that have referred you to us (or vice versa), candidate evaluation centers, applicant tracking systems, recruitment software providers, background checks providers, data storage and cybersecurity services, web analytics, and our business, legal, compliance and financial advisors (collectively, "ServiceProviders"). Such Service Providers may receive or otherwise have limited access to our Candidates’ personal data, depending on each of their particular roles and purposes in facilitating and enhancing our recruitment process, and may only use it for such purposes.

Additionally, we may disclose or otherwise allow access to any Candidates’ personal data pursuant to a legal request, such as a subpoena, search warrant or court order, or in compliance with applicable laws, with or without notice to you, if we have a good faith belief that we are legally required to do so, or that disclosure is appropriate in connection with efforts to investigate, prevent, or take action regarding actual or suspected illegal activity, fraud or other wrongdoing. We may also disclose your personal data to others, with or without notice to you, if we believe in good faith that this will help protect the rights, property or personal safety of Salt, any of our customers or employees, or any member of the general public, including yourself or other applicants.

In addition, we may disclose personal data internally within our family of companies, for the purposes described above. Finally, should Salt undergo any change in control, including by means of merger, acquisition or purchase of all or part of its assets, your personal data may be disclosed to the parties involved in such event.

For the purposes of the CCPA, in the past 12 months, we may have disclosed to the above-mentioned parties, the following categories of personal information relating to our Candidates: identifiers; customer record information; characteristics of protected classifications; professional or employment-related information; geolocation data; audio, electronic, visual or similar information; education information; inferences from personal information collected; and sensitive personal information. We do so for the purposes described in Section 2 above.

We do not sell or share your personal information for the intents and purposes of the CCPA. We do not use or disclose sensitive personal information outside of the purposes allowed by the CCPA.

7. Which cookies and tracking technologies do we use?

If you apply to one of our positions via our website (or that of a Service Provider) please note the use of certain monitoring and tracking technologies, such as “cookies” or similar technologies. These technologies are used to maintain, provide and improve our processes and operations on an ongoing basis, and in order to provide a better experience to our website visitors and Candidates. For example, these technologies enable us to better secure our website and services and detect abnormal behaviors, to identify technical issues, and to monitor and improve the overall performance of our services and processes. To learn more about our cookies practices, please visit our website Privacy Policy.

8. How can you exercise your rights?

If you wish to exercise your privacy rights under applicable law (including the EU or UK General Data Protection Regulation (GDPR), the CCPA or other US state privacy laws), you may do so by contacting us via and we will respond within a reasonable timeframe and in accordance with applicable law.

Such rights may include — each to the extent available to you under the laws that apply to you — the right to know/request access (to specific pieces of personal data collected, categories of data collected, and sources from whom it was collected, as well as the purposes of collecting it and categories of third parties to whom we have disclosed it); the right to request rectification or erasure of your personal data held with us; to port it or to restrict its processing; to object to any processing of your data which is based on our legitimate interests or to withdraw your consent to any processing of your data on the basis of such consent (each as detailed in Section2 above); or the right to equal treatment (e.g., freedom against discrimination if you exercise these rights). If you area GDPR-protected individual, you also have the right to lodge a complaint with the relevant supervisory authority in the EEA or UK, as applicable.

You may designate an authorized agent, in writing or through a power of attorney, to request to exercise your privacy rights on your behalf. The authorized agent may submit a request to exercise these rights by emailing us. In such cases, we may request further information to verify such power of attorney and authorization.

Please note that such rights are not absolute. There are instances where applicable law or regulatory requirements allow or require us to refuse to provide some or all of the personal data that we hold about you. In the event that we cannot accommodate your request, we will inform you of the reasons why, subject to any legal or regulatory restrictions.

Please note that we may require additional information, including certain personal data, in order to authenticate and process your request. Such additional information may be then retained by us for legal purposes (e.g., as proof of the identity of the person submitting the request), in accordance with Section 2 above.

9. Who is responsible for your data?

Certain data protection laws and regulations, such as the EU and UK GDPR, the CCPA and other US state privacy laws, typically distinguish between two main roles for parties processing personal data: the “Data Controller” (or under the CCPA, “business”), who determines the purposes and means for processing; and the “Data Processor” (or under the CCPA, “serviceprovider”), who processes the data on behalf of the Data Controller.

Salt’s local affiliate relevant to the role for which you apply is typically the Data Controller of your personal data, and with respect to which, assumes the responsibilities of a Data Controller — solely to the extent applicable under the law and as set forth in this Notice. In such instances, our Service Providers processing such data will assume the role of Data Processors.

10. Will this Notice be updated?

We may update this Notice to reflect changes in our privacy practices. If we make any changes that we deem as "material", we will update this page prior to the change becoming effective.

11. What if you have any questions?

If you have any comments or questions regarding this Notice, if you have any concerns regarding your privacy, or if you wish to make a complaint about how your personal data is being processed by Salt, you can contact us at