Your privacy is important to us. The purpose of this document is to explain how Medable Inc. and its affiliates collect, use, store, or otherwise process personal information about job applicants and/or candidates. It also outlines with whom we share your information and your privacy rights.
Please note that Medable does not utilize automated employment decision tools in the recruitment or hiring process.
This Privacy Notice (“Notice”) does not cover your use of Medable’s products or services as a consumer.
We recommend that you read this Notice in its entirety to ensure you are fully informed.
1.0 Changes to this privacy notice
Medable, Inc. (“Medable” or “We”) may modify this Privacy Statement from time to time. The date of any revisions will be displayed at the top of this Privacy Statement.
2.0 Changes to this privacy notice
Subject to applicable law, we process your personal information for the purposes of recruiting job applicants and/or candidates.
Personal Information We Collect from You. Subject to applicable law, we may collect the following categories of personal information from you through the application and recruitment process:
- Identifiers and contact information. This includes your name, date of birth, email address, mailing address, phone number, photograph, work and personal references and contact details, beneficiary and emergency contact details, and other similar contact data.
- National identifiers and work eligibility information. This includes your national identification number, social security number, social insurance number, government identification number (e.g., CPF, RG, CNH), country, region, and city of birth, nationality, citizenship status, visa status, residency and work permit status, and immigration information.
- Demographic information. This includes your age, income,military service, and, where allowed by applicable law, marital/civil partnership status, and gender.
- Employment history and background check information. This includes your resume, curriculum vitae, work history, professional background and, where applicable and allowed by applicable law, information associated with social media platforms (e.g., social media handle) or professional networking sites (e.g., LinkedIn profile) credit history, criminal records, and other information revealed during background screenings.
- Educational information. This includes your educational history, academic degrees, and qualifications, certifications, and skills.
- Sensitive personal information. This includes information requiring special handling related to racial and ethnic origin, marital/civil partnership status, gender, and health and medical information, including disability status, where we have obtained your consent or the collection of such data is allowed by applicable law.
- Other Information. Any other information you voluntarily submit to us in connection with your application for employment (e.g., compensation history), including that which you provide via webform, during an interview, or as part of other forms of assessment.
3.0 How Medable uses personal information
In general, and subject to applicable law, we may use your personal information for operational purposes to:
- Process your job application for employment.
- Manage your relationship with us (e.g., facilitating meetings, communicating with you, providing you with requested information).
- Track an application through the recruitment process.
- Contact (including by email) you or others on your behalf about suitable job opportunities as they may arise.
- Conduct background checks with your authorization.
- Evaluate you in the recruitment and hiring process, including to assess your eligibility for available positions at Medable.
- Evaluate you for current and future job opportunities, including matching your skills and interest to applicable job requirements.
- Conduct internal analyses to understand the job applicants and/or candidates who apply and to improve our recruitment process, including our diversity and equal employment opportunities efforts.
- Comply with legal obligations (e.g., health and safety, anti-discrimination laws).
- Analyze job applicants and/or candidate life cycle trends, including generating reports in an aggregated and de-identified or anonymized format.
4.0 How Medable shares personal information with others
Subject to applicable law, including consent (as required), we may share personal information in the following circumstances (where applicable):
- Internally. Your personal information may be disclosed to personnel involved in the recruiting and hiring processes, Human Resources, or third party administrators for recruitment or other legitimate business purposes.
- Service Providers. We may share your personal information with service providers in connection with the provision of services including, but not limited to, the following: recruitment, talent acquisition and administration, technology services, background checks, where allowed by applicable law, and employment history checks. We have contracts with our service providers that address the safeguarding and proper use of your personal information.
- Public or Government Authorities. We may share your personal information to comply with our legal obligations, regulations, or contracts, or to respond to a court order, administrative, or judicial process, such as a subpoena, government audit, or search warrant where we are legally compelled to do so. We also may share your information when there are threats to the physical safety of any person, violations of Medable policies or other agreements, or to protect the legal rights of third parties, including our employees, users, or the public.
- Corporate Transactions. Your personal information may be disclosed or transferred to relevant third parties in the event of, or as part of the due diligence for, any proposed or actual reorganization, sale, merger, consolidation, joint venture, assignment, transfer, or other disposition of all or part of our business, assets, or stock (including in connection with any bankruptcy or similar proceeding).
- Consent. We may share your personal information in other ways if you have asked us to do so or have given consent.
5.0 How Medable secures personal information
Medable implements physical, administrative, and technical safeguards designed to protect your personal information from accidental or unlawful destruction, loss, alteration, and unauthorized disclosure or access. We contractually require that our suppliers implement similar measures designed to protect personal information from accidental or unlawful destruction, loss, alteration, and unauthorized disclosure or access. No online service can ever be 100% secure, and as a result we do not guarantee the security of any personal information you provide.
6.0 Retention of personal information
Medable retains your personal data for as long as reasonably necessary or as permitted in accordance with the purpose(s) outlined in this Privacy Statement.
The criteria used to determine our retention periods include the length of time we have an ongoing relationship with you, contractual requirements, or whether there is a legal obligation to which we are subject.
The Medable websites, and some services and advertisements on the sites, may contain “cookies.” A cookie is a piece of data that is sent to your browser, which will store the cookie on your computer if your browser is enabled to accept cookies.
Most internet browsers will allow you to erase cookies from your computer hard drive, block acceptance of cookies, or receive a warning before a cookie is stored. You should refer to your browser instructions or “Help” screen to learn more about how to manage cookies. Please note, however, that if you block cookies, some portions of the Site and services may not function properly.
We do collect general, aggregated, demographic, and non-Personal Data using cookies and automated means (this includes technical information about your session with our website, such as your browser version and IP address, as well as information about your use of our website, such as how you navigate it and how long you spend viewing it). We will not seek to identify you through cookies or other means without your consent. This type of anonymous, aggregated profiling and session data may also include information that you have provided to us through surveys, polls, etc., but will not be tied to any Personal Data, without your consent.
You can manage your preferences in relation to Cookies and Automated Tracking on the Medable site by clicking on the shield icon on the bottom left of this webpage.
8.0 Exercising your privacy rights
Subject to applicable laws, you may have certain rights related to your personal information as described in more detail below. To exercise any of these rights, please contact us here. You can access the personal information we store about you, including details of why we are processing it.
- You have a right to correct personal information about you that is inaccurate, incomplete, or outdated.
- In certain situations, you can ask that we erase your personal information, object to or restrict the use of your personal information, or obtain a copy of your personal information.
- Where we rely on your consent to process your personal information, you have the right to withdraw consent at any time. This will not affect the lawfulness of processing prior to the withdrawal of your consent. At any time, you can request that we stop using your personal information for recruiting purposes.
- If you are unsatisfied with our response, you have a right to raise questions or complaints with your local data protection authority at any time.
9.0 Special notice to California residents - Your California Privacy Rights
The California Consumer Privacy Act (the “CCPA”) provides California residents the right, once a year, to receive information about third parties with whom Medable has shared information about you for its marketing purposes during the previous calendar year, and a description of the categories of personal information shared. To make such a request, please submit here. Medable will respond to you within thirty days of receiving such a request.
9.1 Medable does not sell consumer data for monetary or other valuable consideration.
If you are a California Resident, you may have additional rights under the California Consumer Privacy Act (the “CCPA”). These include:
- The right to request that Medable disclose certain information to you about our collection and use of your personal information over the past 12 months.
- The right to know the categories of personal information that we collect, and the categories of sources from which we obtained that information.
- The right to know our business or commercial purpose for collecting or selling personal information.
- The right to know the categories of third parties with whom we share personal information.
- The right to object to the sale of personal data.
- The right to access your own personal information collected by Medable (also called a data portability request).
- The right to equal service and price, even for consumers who exercise their privacy rights.
10. Special notice to UK and EU residents
Residents of the EU and UK may be entitled to additional privacy rights consistent with the General Data Protection Regulation (GDPR). These include:
- The right of access.
- The right to data portability.
- The right to rectification.
- The right to erasure.
- The right to object or restrict processing.
Please submit here with any questions or concerns regarding the processing of your personal data.
If Medable’s processing of your personal data is covered by UK or EU law, you can also lodge a complaint with the corresponding data protection supervisory authority in your country of residence. You can find the relevant EU supervisory authority name and contact details under http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm and the UK supervisory authority contact details under https://ico.org.uk/global/contact-us/.
10.1 International transfers, processing and storage of personal information.
Your Personal Data may be collected, transferred to, and stored by us in the United States and by our affiliates and third parties that are based in other countries. This means that your Personal Data may be processed outside your jurisdiction, and in countries that are not subject to an adequacy decision by the European Commission or your local legislature or regulator, and that may not provide for the same level of data protection as your jurisdiction, such as the EEA. We ensure that the recipient of your Personal Data offers an adequate level of protection and security, for instance by entering into the appropriate data processing agreements and, if required, standard contractual clauses or an alternative mechanism for the transfer of data as approved by the European Commission (Art. 46 GDPR) or another applicable regulator. Where required by applicable law, we will only share, transfer, or store your Personal Data outside of your jurisdiction with your prior consent.
10.2 Exercising personal data access, portability, and deletion rights.
To exercise the access, data portability, and deletion rights described above, please submit a verifiable consumer request to us here (Or connect via one of the alternative methods listed in the “CONTACT US” section below).
To fulfill your request, please:
- Provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative.
- Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.
We cannot complete your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you. Making a verifiable consumer request does not require you to create an account with us. We will only use personal information provided in a request to verify the requestor's identity and/or authority to make the request. We may refuse to act on requests that are insufficiently substantiated, unfounded, or excessive.
11. Contact Us
Medable’s Corporate Headquarters
Medable Privacy Team
525 University Avenue
Palo Alto, CA 94301
Medable’s Article 27 Representative for the European Union
Lionheart Squared (Europe) Ltd.2
Upper Pembroke Street 28-32
Dublin, D02 EK84
Republic of Ireland
Medable’s Article 27 Representative for the United Kingdom
Lionheart Squared Limited
Attn: Data Privacy
17 Glasshouse Studios
Fryern Court Road
Hampshire, SP6 1QX