Privacy Notice – Applicants

What is the Purpose of This Document?

EPAM Systems Inc. (“EPAM”) is committed to protecting the privacy and security of your personal information.

This privacy notice describes how we collect and use personal information about you during and after your application process, in accordance with the General Data Protection Regulation 2016 (“GDPR”).

This privacy notice applies to all applicants based in the European Economic Area and Switzerland. We may update this privacy notice at any time. Where we can, we will notify applicants of substantial changes to the privacy notice. This privacy notice is also available in Czech, Hungarian and Polish.

This privacy notice should be read in conjunction with the general privacy notice for general use of our corporate websites.

EPAM is a "data controller". This means that we are responsible for deciding how we hold and use personal information about you. We have set out below the full details of the relevant EPAM entity based on the country of the role you are applying for and the entity which decides how we process your personal information and is the data controller for data protection purposes.

We are required under data protection legislation to notify you of the information contained in this privacy notice.

This privacy notice does not imply in any way any contract of employment or contract for services or any other relationship between you and EPAM.

It is important that you read this privacy notice so that you are aware of how and why we use your personal data.

The Kind of Information We Hold About You

Personal data, or personal information, means any information, by itself or combined with other information, about an individual from which a person can be identified. It does not include data where the identity has been removed (anonymous data).

There are "special categories" of more sensitive personal data which require a higher level of protection. We do not routinely collect, store or use any special categories of personal data as part of our recruitment activities.

We may collect, store, and use the following categories of personal information about you:

Personal contact details such as name, title, addresses, telephone numbers, and personal email addresses;
Date of birth;
Your CV, professional social media profile if used as part of an application such as LinkedIn, cover letter, application forms and other information regarding your employment history such as dates of employment, job titles, job descriptions, skills, reason for leaving, previous salary and benefits information, any photographs of you contained in your CV, areas of interests, notice periods/availability for employment;
Your salary expectations and details of any offers made by us to you and your responses;
Interview history, questions, notes and technical assessment results;
Your feedback on EPAM’s recruitment process;
How we obtained your data – from an application by you, through an agency or from a third party website that you had used to seek employment;
CCTV footage from attendance at any EPAM sites where we control the CCTV systems and any recordings of online video meetings.

If you use your online candidate profile using epam.com we will also collect, store, and use the additional following categories of personal information about you, such as:

Your username and data required for log-in;
Your log in frequency and activity;
What software, devices or hardware you use to access your profile;
Your profile preferences and other forms you may complete in the online profile;
Any privacy or communication channel and frequency preferences.

How is Your Personal Data Collected?

We mainly collect personal information about applicants from:

Directly from you, such as using our website epam.com/apply, email applications or at a recruitment fair;
From recruitment agencies that you are registered with and have agreed for them to provide us with your application information;
From current EPAM employees or contractors, with your prior permission, as part of our internal referral program;
From third party websites and job boards that you have used to seek employment such as LinkedIn, Xing, Jobs.bg, Pracuj, Profession.hu;
From third party websites that help us obtain your contact details only from publicly available sources (if we do not already have it)

How We Will Use Information About You?

We only use your personal information for the following purposes and legal bases:

Purpose	Personal Data used	Legal basis
Allow you to register, set up and maintain an online profile	Your personal contact details; Your username and data required for log-in; Your profile preferences and other forms you may complete in the online profile; Any privacy or communication channel and frequency preferences	It is necessary for entering into or performing a contract with you It is necessary for EPAM’s legitimate interests in tracking recruitment and managing its external talent pool which are not overridden by your interests or your fundamental rights and freedoms which require protection of personal data
Considering you for and contacting you about the role you applied for or other potential suitable roles on an individual basis	Your personal contact details; Your CV, professional social media profile if used as part of an application and other information regarding your employment history; Your salary expectations and details of any offers made by us to you and your responses; Interview history, questions, notes and technical assessment results; Any recordings of online video meetings; How we obtained your data – from an application by you, through an agency or from a third party website that you had used to seek employment	It is necessary for EPAM’s legitimate interests in tracking recruitment and managing its external talent pool which are not overridden by your interests or your fundamental rights and freedoms which require protection of personal data Your consent for EPAM to retain your data, only if you expressly agree, as set out below
Contacting you about roles as part of a recruitment campaign (if you have opted in)	Your personal contact details; Any privacy or communication channel and frequency preferences	Your consent for EPAM to contact you with information about jobs as part of our recruitment campaigns, if you have opted in
Updating you on any changes to our privacy notice, security updates, changes to our website or online profile area	Your personal contact details	It is necessary for compliance with legal obligations, such as in the areas of data protection law and corporate compliance laws
Making a decision about your recruitment or appointment at EPAM	Your CV, professional social media profile if used as part of an application and other information regarding your employment history; Your salary expectations and details of any offers made by us to you and your responses; Interview history, questions, notes and technical assessment results; Any recordings of online video meetings	It is necessary for entering into or performing a contract with you
Determining any terms on which you work for us	Your CV, professional social media profile if used as part of an application and other information regarding your employment history; Your salary expectations and details of any offers made by us to you and your responses; Interview history, questions, notes and technical assessment results; Any recordings of online video meetings	It is necessary for entering into or performing a contract with you
Internal reporting and understanding how we can improve our internal recruitment processes and website	Your feedback on EPAM’s recruitment process; Your log in frequency and activity; What software, devices or hardware you use to access your profile; Your profile preferences and other forms you may complete in the online profile; Any privacy or communication channel and frequency preference	It is necessary for EPAM’s legitimate interests in tracking recruitment and managing its external talent pool which are not overridden by your interests or your fundamental rights and freedoms which require protection of personal data
Physical security of our people, visitors and property	CCTV footage from attendance at any EPAM sites where we control the CCTV systems	It is necessary for EPAM’s legitimate interest in protecting the physical security of its people, visitors and property which is not overridden by your interests or your fundamental rights and freedoms which require protection of personal data

Data Sharing

Where you are represented by a recruitment agency, we will share information about your recruitment activity (such as interview feedback, any offers etc) so they can discuss this with you.

Given the nature of EPAM’s business, from time to time our clients would like to receive summary CVs of applicants like you, as well as our existing employees. We aim to first provide anonymised summary CVs but this is not always possible. We will do our best to inform you of any such disclosure in advance.

In order to understand how we can improve our internal recruitment processes, we may use a third party survey provider to (i) send you an invitation to a survey and or (ii) collect your responses. Typically, we only share your name and email address. Only team leaders and recruitment managers in EPAM’s appropriate Talent Acquisition teams will have access to replies from applicants under their remit. Your replies will not affect the progress or outcome of any recruitment process with EPAM.

We may also use third party communication providers to help us manage communications around our recruitment and information campaigns. Typically, we will only share your name and email address.

We may also need to use third party service providers, for example, to help host our websites or servers. We contractual terms in place to protect your personal data.

We will share your data with other companies within the EPAM group only for the purposes set out above. As EPAM is a global company with a presence in over 25 countries, we transfer the personal information we collect about you to our group companies only the following countries outside the European Economic Area in order to be able to consider you for other roles at EPAM or with our clients and to administer our recruitment teams and systems:

USA
Armenia
Australia
Belarus
Canada
Hong Kong
India
Khazakstan
Mexico
People’s Republic of China
Russian Federation
Singapore
Switzerland
Ukraine

Other than Switzerland and Canada, there is not an adequacy decision by the European Commission in respect of the above countries. This means that the countries (except for Switzerland and Canada) to which we transfer your data are not deemed to provide an adequate level of protection for your personal information.

However, to ensure that your personal information does receive an adequate level of protection we have put in place an intragroup data transfer agreement to ensure that your personal information is treated in a way that is consistent with and which respects the EU laws on data protection. If you require further information about this protective measure, you can request it from privacy@epam.com.

We may need to disclose all or any part of your personal information if required to do so by law, or pursuant to a request from a governmental or regulatory entity/body or if we believe in good faith that such disclosure is necessary to (1) comply with legal or regulatory requirements or for the purposes of compliance with legal process; (2) prevent crime; (3) prevent any terrorist activity or threat to national security; (4) protect the safety or wellbeing of users of our staff or any other person.

Data Security

We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal information to those employees, contractors and third parties who have a business need to know. They will only process your personal information on our instructions and they are subject to a duty of confidentiality. Details of these measures may be obtained from privacy@epam.com.

We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.

Data Retention

How long we will keep your information for?

We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

After an unsuccessful application, we will aim to keep some or all of your personal data to the extent we need to for a period of 6 months after the last activity to consider you for any other job openings across the EPAM Group and for legal/record keeping purposes.

EPAM has asked you to consent to us storing your personal data after that initial period. Where you have given us your consent, we apply the following retention guidelines to your personal data:

After 6 months of no activity, we will minimise your personal data but at a minimum will retain your CV and information contained in it.
Within two years of no activity, we will aim to contact you to understand whether there are any roles at EPAM which may be suitable for you. We may also contact you at any point up to this period, if we consider we have a potential suitable position for you and if you have opted in to receive any information generally about our recruitment campaigns.
If we do not hear from you, we will either delete your profile or archive your profile and create a dummy profile with only one data field (such as your email address) to help link any future applications.

You may withdraw your consent to EPAM retaining your personal data beyond the initial 6 months period after an unsuccessful application.

If you do not consent to the retention of your data as set out here or you withdraw your consent, after 6 months of no activity or unsuccessful application, EPAM will take reasonable steps to either delete your profile or archive your profile and create a dummy profile with only one data field (such as your email address) to help link any future applications. This will not affect your ability to receive information on our recruitment campaigns.

In some circumstances, we may anonymise your personal information so that it can no longer be associated with you, in which case we may use such information without further notice to you.

Recruitment Campaigns

You can opt into receive information about our recruitment campaigns from EPAM.

You may unsubscribe from these emails at any time by a) unsubscribing using our website, b) logging into your online profile, if you have one, or b) by following the unsubscribe link on any recruitment campaign email from us.

We will take reasonable steps to unsubscribe you from these emails, but it may take up to 72 hours to take effect.

Your Rights In Connection With Your Personal Data

Under certain circumstances, by law you have the right to:

Request access to your personal information (commonly known as a "data subject access request"). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.
Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
Request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below).
Object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes such as our recruitment campaigns or “hot jobs” emails.
Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it.
Request the transfer of your personal information to another party.

If you want to review, verify, correct or request erasure of your personal information, object to the processing of your personal data, or request that we transfer a copy of your personal information to another party, please contact privacy@epam.com in writing.

No fee usually required

You will not have to pay a fee to access your personal information (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.

What we may need from you

We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal information is not disclosed to any person who has no right to receive it.

Questions, Requests and Complaints

CONTACT DETAILS

For countries other than Germany, all queries and requests for should be sent initially:

By post:

Legal Team (Privacy)
EPAM Systems Ltd,
114-117 Middlesex Street,
London E1 7HY

Email: privacy@epam.com

GERMANY ONLY – DATA PROTECTION OFFICER

We have appointed a data protection officer (DPO) to oversee compliance with this privacy notice. If you have any questions about this privacy notice or how we handle your personal information, please contact the DPO:

Yuriy Goliyad
Head of Global Operations
41 University Drive
Suite 202
Newtown
PA 18940
USA

Email: privacy@epam.com

EPAM SYSTEMS IN YOUR LOCATION - DETAILS OF THE DATA CONTROLLER:

Country	EPAM entity and address
Belgium	EPAM Systems Netherlands BV (Belgium Branch) Peagsuslaan 5 B-1831 Machelen KBO/BCE Belgian Central Database of Enterprises number: 0673.663.812
Czech Republic	EPAM Systems (Czech Republic) sro, Hvězdova 1716/2b 140 00 Prague 4 Czech Republic ID No.: 03142108
Germany	EPAM Systems GmbH Franklinstrasse 56 60486 Frankfurt am Main Germany HRB 76658
Ireland	EPAM Systems (Ireland) Limited First Floor 10/11 Exchange Place IFSC Dublin 1 Ireland Company number: 547284
Italy	EPAM Systems Netherlands BV (Italy branch) Viale Monza 347 Milan 20126 Italy Tax code PSTRRT61C18H264R
Hungary	EPAM Systems Development Kft 1082 Futó u. 47-53 Budapest Hungary Court reg. number: Cg.01-09-692031) Tax number: 12548051-2-44
The Netherlands	EPAM Systems Netherlands BV (1118 CN) Schiphol The Base B Evert van de Beekstraat 104 The Netherlands Company number: 58048375
Poland	EPAM Systems (Poland) sp. z.o.o 114 Opolska Street 31-323 Krakow Poland National Court Register kept by the District Court for Kraków-Śródmieście in Kraków under KRS no.0000390124
Spain	EPAM Systems Spain SL Area Campus Ed 2 2° Carretera Alcobendas a Fuencarral km 3.8 28108 Alcobendas Madrid Spain B86257383, Registered at the Registro Mercantil de Madrid
Sweden	EPAM Systems Nordic AB Kungsbron 1 111 22 Stockholm Sweden Company registration: 556751-9482
Switzerland	EPAM Systems (Switzerland) GmbH Boulevard Lilenthal 2 8152 Glattpark Opfikon Switzerland UID: CHE‑114.898.319 CH-ID: CH02040402407 EHRA-ID: 946547
United Kingdom	EPAM Systems Ltd 40 Bank Street Level 29 London United Kingdom Company registration number: 04832183

COMPLAINTS TO SUPERVISORY AUTHORITY

You have the right to make a complaint at any time to the supervisory authority for data protection issues in your home country. A current list of the supervisory authorities in EU can be accessed here.

1 May 2018

Successfully submitted

Oops, something went wrong. Please try again.

I consent to EPAM retaining my personal data as set out in the retention section of the Privacy Notice

I would like to receive information about EPAM and future recruitment campaigns by email

Cancel

CONTACT DETAILS

For countries other than Germany, all queries and requests for should be sent initially:

By post:

Legal Team (Privacy)
EPAM Systems Ltd,
114-117 Middlesex Street,
London E1 7HY

Email: privacy@epam.com

Germany Only:

Yuriy Goliyad
Head of Global Operations
41 University Drive
Suite 202
Newtown
PA 18940
USA

Email: privacy@epam.com