Privacy

Candidates privacy notice

Terms of services
    Last Revised: September 10, 2025

    1. Scope of this notice

    This Candidates Privacy Notice (“Notice”) describes how Frontegg Ltd., and its affiliates companies and subsidiaries (collectively “Frontegg”, “we” or “us”) collects and processes your Personal Data (as defined below) when you apply for a position at Frontegg (whether for an employee, worker or contractor position, and collectively “Candidates”, “you” or “your”) upon submission of your application, throughout the recruitment process, and thereafter.

    This Notice applies to Candidates in the territory in which we offer job opportunities and is subject to applicable data protection laws that applies to Frontegg when processing your Personal Data.

    This Notice provides you with information about the Personal Data we collect, how your Personal Data will be used, how long we will retain it, with whom we share it, our cross-border data transfer practices, and your rights regarding your Personal Data we process. This Notice further includes or incorporates specific information required under applicable data protection laws for residents of certain jurisdictions, among others, if you are a located in the EEA or UK – this Notice further details our lawful basis for processing Personal Data, as well as additional information we are required to disclose to you under the EU and the UK General Data Protection Regulations (“GDPR”). If you are a California resident – please see Section 10 of this Notice – “Additional Information for California Residents” for information required to be disclosed under the California Privacy Rights Act 2018 as amended by the California Privacy Rights Act (“CCPA”) including your rights under the CCPA.

    Please note that, the information provided in this Notice is an integral part of Frontegg Privacy Policy governing the use of Frontegg’s website (in the event your application is submitted from the website), and supplements the information provided therein. In addition, if following the recruitment process you are engaged with Frontegg, your Personal Data collected through the course of the recruitment process will be subject to our internal privacy policies, as provided to our employees and staff members.

    YOU ACKNOWLEDGE THAT YOU ARE NOT UNDER ANY STATUTORY OBLIGATION TO PROVIDE FRONTEGG WITH PERSONAL DATA AND ANY PERSONAL DATA YOU PROVIDE WHEN YOU SUBMIT THE APPLICATION AND THROUGHOUT THE RECRUITMENT PROCESS IS PROVIDED AT YOUR FREE WILL AND CONSENT (WHERE YOUR CONSENT IS REQUIRED UNDER APPLICABLE DATA PROTECTION LAWS). Without derogating from the above, you should be advised that we must collect or receive some Personal Data to examine your application (initially or in later stages), and if you will not provide us with the required Personal Data, we will not be able to fulfill certain purposes, for example, we will not be able to examine your application if we are not provided with the information needed to decide whether you qualify for a certain position, decide if you are legally entitled to work in certain territories, etc., all as described under Section 3 of this Notice – “Categories Of Personal Data We Collect, Purpose For Collection And Use & Lawful Basis” which details the purposes for which we need and use each type of Personal Data collected.

    It is important that you read this Notice, together with any other notices that might be provided on specific occasions when we are collecting Personal Data about you, so that you are aware of how and why we are collecting and using such Personal Data.

    For any questions or concerns you might have regarding our collection or use of your Personal Data please contact us as set forth in the Data Controller Information & Contact Information paragraph below.

    2. Data controller information & contact information

    In accordance with applicable data protection laws, Frontegg acts as the “data controller” (or the “business” under the CCPA) with respect to the Personal Data collected from Candidates. This means that Frontegg, together with the relevant entity within its company group, determines the purposes and means of processing your Personal Data (as described in this Notice) and is responsible for facilitating the exercise of your data protection rights.

    For any question, inquiry or concern you might have regarding this Notice or our processing of your Personal Data, you may contact us as follows:

    By Email: privacy@frontegg.com
    By Mail: Frontegg Ltd., Jabotinsky St. 7, Ramat Gan, Israel

    3. Personal data we collect, purpose for collection and use & lawful basis

    For the purpose of this Notice, the term “Personal Data” refers to information that can identify an individual, either directly or through reasonable effort (which can be further defined under data protection laws as “personal information”, “personally identifying information”, etc.). Personal Data may further include types of information defined under applicable data protection laws as “Sensitive Data” which may include, depending on the applicable law, information such as governmental identification number or certificate, professional qualifications, financial information, personality assessments, and health related information, etc. (and can be further defined under applicable data protection law as “highly sensitive information”, “special categories of personal data”, “sensitive personal information”, etc.).

    Frontegg collects, stores, and processes various types and categories of Personal Data about Candidates, which may include Sensitive Data. The table below provides an overview of the categories of Personal Data collected and processed by Frontegg, the purposes for which each category is used, and, where applicable, the lawful basis for processing (such as under the GDPR).

    Please note that the specific categories or types of Personal Data collected may vary depending on the position you apply for and the requirements of applicable data protection laws

    Frontegg will not process your Personal Data to perform automated decision-making.

    CATEGORIES AND TYPES OF
    PERSONAL DATA    		 PURPOSE FOR COLLECTION AND USE LAWFUL BASIS
    (under the GDPR, where applicable)
    • Personal Identification Details: your full name and identifying information such as your photo, government- issued identification number, copies of identification documents (for example, a national ID, passport, or Social Security Number), and your date of birth.
    • Contact Details: such as your telephone number, email address, and residence address.
    • Professional Background, Academic Credentials, and Certifications: information about your prior employers and job titles, periods of employment, job duties, accomplishments, educational institutions attended, academic degrees or certificates earned, and areas of study, fields of study, etc.
    • Relevant Skills and Expertise: details regarding your applicable skills, competencies, language abilities, and any other qualifications pertinent to the role for which you are applying.
    • Assessment results: information we gather from tests, interviews, or assessments conducted by us during your recruitment process, to evaluate your suitability for the position you apply to.
    • Background check information (to the extent applicable): information obtained through background checks, solely where required or as permitted under applicable laws, such as verification of your previous or current employment and education.
    • Eligibility to work: information related to your legal right to work in the relevant country or territory where the position is offered, such as citizenship or visa status.
    • Our communication with you and internal records: such as our correspondence with you, and records or recording of phone calls, interviews or other interactions between you and us during the recruitment process.
    • Any additional information provided by you voluntarily: such as information included in your application or resume (CV), or any supporting documents you submit.
    • Application Review and Assessment: to assess your qualifications, experience, skills, etc., to determine your eligibility for the role you have applied for, to facilitate our decision-making process, as well as, subject to applicable laws, identify potential suitability to other open positions offered by Frontegg.
    • Recruitment Communication: to facilitate our correspondence with you during the recruitment process, including scheduling interviews, providing updates, etc.
    • Information Verification and Reference Checks: we may need to verify the accuracy of the information you provided, for example regarding your employment history, education, and professional references. To the extent permitted or required by applicable law, we may conduct background checks to verify certain information.
    • Legal and Regulatory Compliance:to ensure we comply with relevant labor laws, regulations, and industry standards.
    • Work Authorization Confirmation: to confirm your legal right to work in the country or territory where the position is offered, and ensure we comply with immigration requirements, if applicable
    • Decision-making: to facilitate the decision- making process, and ultimately select the most suitable individual for the position.
    • Record Maintenance: to maintain records of the recruitment process, including evaluations, assessments, and decisions, which may be used for future reference or to address potential disputes or legal claims.
    • Human Resources Administration: to carry out HR-related tasks, procedures, and responsibilities associated with the recruitment process.
    • Recruitment Process Improvement: to monitor and analyze the effectiveness of our hiring practices and procedures, and to enhance and optimize our recruitment strategies.
    		 Our lawful basis is subject to and depends on the purpose for which we collect, use, and retain Personal Data, as set forth below:

    • Legitimate interest:
      We process Personal Data as necessary to support our evaluation, selection, and decision- making processes. In practice, this means we primarily use the categories of Personal Data described in this Notice to assess your suitability for a particular role and to determine which Candidate best meets our requirements and criteria.
      Additionally, we may retain certain Personal Data even if we do not proceed with your application, for purposes such as maintaining records, fulfilling our legal and regulatory obligations, reviewing and improving our recruitment practices, and managing or defending against potential or actual legal claims or disputes.
    • Consent:
      Where required by applicable data protection laws, we will seek your consent before processing your Personal Data – for example, when conducting specific background checks or when retaining your information for consideration in future employment opportunities at Frontegg. You may withdraw your consent at any time.
    • Sensitive Data: we collect certain information that, depending on the applicable data protection law, might be considered as Sensitive Data. Such information will be collected by us solely where required under applicable law or where we have a specific necessity to obtain it for the recruitment process, and solely in the event you provided such information voluntarily e or otherwise where we obtain your consent.
      This information may include Personal Data about the privacy of a Candidate’s family life or personality, personality assessments (conducted by a professional entity we engage with to evaluate significant personality characteristics) ethnicity, national origin, disability and medical or health condition, veteran or military status, or other protected characteristics, and certain data that might be gathered as part of background checks (such as criminal records). and ensuring Frontegg diversity and inclusion as required and permitted under applicable laws.
    • Monitoring equal opportunity: Frontegg is committed to applying equal opportunity in our workplace and we may ask for information on the ethnic origin, gender, and disability of a Candidate for the purpose of monitoring equal opportunity and ensuring Frontegg diversity and inclusion as required and permitted under applicable laws.
    • Legal Compliance and Security Standards: to the extent required or permitted under applicable laws, we may conduct background checks that may include criminal record information.
    • Record Maintenance: to maintain a record of the recruitment process, which may be used for internal and external reporting responsibilities (e.g., legal and regulatory requirements), as well as future reference or to address potential disputes or legal claims.
    • Human Resources Administration: we process Personal Data as needed to carry out HR-related functions, procedures, and responsibilities associated with the recruitment process.
    		 Our lawful basis is subject to and depends on the purpose for which we collect, use, and retain Sensitive Data, as set forth below:

    • Consent:
      Sensitive Data will be initially collected subject to obtaining your consent. You may withdraw your consent at any time.
    • Legitimate interest:
      We may further retain certain types of Sensitive Data, under our legitimate interest, for record keeping, compliance with applicable laws, evaluating our recruiting processes (for example, for diversity and to ensure our process is not discriminating or bias), and where applicable, to address potential, threatened or actual disputes or legal claims.

    4. How do we collect personal data?

    Personal Data about Candidates is collected, as follows:

    • Personal Data that you directly provide – this includes information you voluntarily provide as part of your application, CVs, etc.; and
    • Personal Data provided by third parties – this includes information we obtain from employment agencies, recruitment or professional networking platforms, background check services (as applicable and subject to applicable law), or your references former employers, etc.

    5. Who may have access to your personal data

    Frontegg discloses your Personal Data internally with personnel involved in the recruiting and hiring processes (i.e., human resources, managers, and our company group) or externally with our third-party contractors, consultants and service providers that help us with our recruitment process operation, administration and performance, and where needed to comply with our legal obligations or to exercise and defend our rights. We implement measures to ensure your Personal Data will be accessed on a “need to know” basis and in accordance with our instructions.

    The table below outlines the categories of such third-parties we share Personal Data with and purpose of sharing.

    Category Of Recipient Purpose of Sharing & Category of Personal Data Shared
    Frontegg Company Group We may share Personal Data within our company group to enable us to manage our recruitment procedures as a global group at the organizational level, and for human resources management.

    This will include information shared with third party involve in a corporate event such as a merger, acquisition or purchase of all or part of our assets.

    The categories of Personal Data that will be shared can include any of the types of Personal Data detailed under this Notice, as needed to fulfill such purposes.
    Our Contractors and Service Providers We disclose Personal Data to our trusted agents, contractors, vendors, and service providers so that they can perform requested services and functions on our behalf. These third parties may include, recruiting services, technology services (e.g., SaaS recruitment management providers and hosting providers), background checks service providers, legal counsels, etc. We contractually obligate these third parties to use your Personal Data only to provide us with requested services and not for any other purpose.

    The categories of Personal Data that will be shared can include any of the types of Personal Data detailed under this Notice, as needed to fulfill such purposes.
    Third Parties You Have Requested Us to Share Your Personal Data With We will share your Personal Data if your direct or request us to share it. In such event, the provision of your Personal Data will be subject solely to such third parties’ policies and practices.

    The categories of Personal Data that will be shared will be as requested by you.
    Governmental Agencies, Authorized Third Parties, or Disclosure due to a Legal Process In the event of legal and law enforcement requirement, we may disclose certain Personal Data, such as in response to an order, a verified requests relating to criminal investigations or alleged illegal activity. We may further disclose Personal Data in the event of any activity that may expose us, you, or other third party to legal liability, as well as to defend against potential, threatened, or actual claims, demands or litigation process.

    The categories of Personal Data that will be shared can include any of the types of Personal Data detailed under this Notice, as needed to fulfill such purposes however solely to the extent necessary to comply with such purpose.

    6. Data security

    We take great care in implementing and maintaining the security of your Personal Data. We employ industry standard procedures and policies to ensure the confidentiality of Personal Data and prevent unauthorized disclosure or use of any such. In addition, we limit access to your Personal Data to those employees, agents, contractors and other third parties who have the “need to know”. They will only process your Personal Data on our instructions. We have implemented technical, physical and administrative security measures to protect the Personal Data we collect and store, including procedures to detect and manage suspected or actual security breach.

    Although we take reasonable steps to safeguard information, to the maximum extent permitted under applicable laws, we cannot be responsible for the acts of those who gain unauthorized access or abuse our systems and network, and will not always be able to prevent such access.

    Please contact us at: privacy@frontegg.com if you feel that your privacy was not dealt with properly, or if you become aware of a third party’s attempt to gain unauthorized access to any of your Personal Data. We will make a reasonable effort to notify you and the appropriate authorities (if required by applicable law) in the event that we discover a security incident related to your Personal Data.

    7. Retention of personal data

    We retain Personal Data we collect as long as it remains necessary for the purposes set forth above, all in accordance with applicable laws.

    The criteria according to which we determine the retention periods are as follows:

    • The type of Personal Data and the purpose of the collection: we take into consideration for how long we need to retain the Personal Data in order to achieve the purposes for which it was collected, as well as the sensitivity of the Personal Data and the potential risk of harm from unauthorized use or disclosure.
    • The stage of the recruitment process: we take into consideration the stage in which we have decided regarding your application since it may further affect the potential of legal claims and disputes.
    • Our legal obligations: the period for which we will retain your Personal Data further depends on the laws of the applicable territory, as under certain laws, we may be required to retain Personal Data (for minimum retention periods). In addition, we may retain certain types of Personal Data in the event we are required to do so subject to a legal request or a court order.
    • Dispute, claims, and legal proceedings: we may retain certain types of Personal Data where we find it reasonably required to defend against a threatened, potential or actual legal claim or litigation process. The periods of retention are determined mainly according to statutory limitation periods or until a dispute is resolved. In addition, we will maintain the records related to exercising your rights for as long as needed to demonstrate compliance, usually also in accordance with statutory limitation periods.
    • Your reasonable expectations or consent: depending on the applicable data protection laws, we may retain Personal Data for as long we consider it to be applicable to examine your potential suitability to future job position. This is based also on what we believe to be a reasonable expectation of Candidates, or otherwise, if required, based on the Candidate’s consent. If you would like to opt-out from Frontegg’s policy of retaining your information for the purposes of considering you for other job offers, or otherwise, where applicable, withdraw consent, please contact us at: privacy@frontegg.com.

    In addition to the above, we may retain limited Personal Data as a reference for any future applications submitted. If you are hired, we will store your Personal Data collected through the recruitment process in accordance with our practices and policies related to our employees and staff members’ Personal Data.

    Please note that except as required by applicable law, we will not be obligated to retain your Personal Data for any particular period, and we may delete it for any reason and at any time, without providing you with prior notice if our intention to do so.

    8. International transfers

    Due to our global operation, your Personal Data may need to be processed or accessed in countries other than your jurisdiction, including, for example, when shared or accessed by our service providers or other affiliates. This may include transfer of Personal Data to or from the State of Israel, the US, UK and the EEA.

    Panaya only transfers Personal Data to another country, including within its company group, in accordance with applicable data protection laws. We take appropriate measures to ensure that your Personal Data receives an adequate level of protection, including by using contractual obligations or other data transfer mechanisms that were per-approved by applicable data protection authorities to ensure your Personal Data is protected. Where your consent is required under applicable data protection laws for the transfer of your Personal Data, by submitting your application you are deemed to have consented to the transfer of your Personal Data, as described herein

    9. Your rights regarding your personal data & how you can exercise them

    We acknowledge that different people have different privacy concerns and preferences. Our goal is to be clear about what Personal Data we collect so that you can make meaningful choices about how it is used. We allow you to exercise certain choices, rights, and controls in connection with your information. Depending on your jurisdiction and the applicable data protection laws that apply to you, these rights may include one or more of the following principal rights:

    • The right to know what Personal Data we collect about you, the purpose of collection and how we use it, with whom we share your Personal Data, and additional information such as the categories of sources from which the Personal Data is collected and for how long we retain Personal Data – as provided under this Notice;
    • The right to access and inspect your Personal Data. This right entitles you to review or receive a copy of certain Personal Data we hold about you;
    • The right to correct inaccuracies in your Personal Data. This right entitles you to have any incomplete, inaccurate or not updated Personal Data we hold about you corrected (or otherwise request its deletion);
    • The right to request deletion of your Personal Data. This right entitles you to request us to delete Personal Data (subject to applicable data protection laws, which permits or requires the retention of certain Personal Data);
    • The right to request to restrict processing of your Personal Data. This right entitles you to request us to limit the purposes for which your Personal Data is processed (subject to certain conditions under data protection laws);
    • The right to object to processing of Personal Data. This right entitles you to object to processing of your Personal Data (subject to certain conditions under data protection laws);
    • Data Portability – this right entitles you to receive the Personal Data you have provided, in a structured, commonly used and machine- readable format and transmit it to another controller;
    • The right to withdraw consent, where we are processing Personal Data based on your consent;
    • The right to appeal or lodge a complaint. In the event that we do not fulfill your request, we will inform you without undue delay as required under applicable data protection laws and you may have the right to appeal such decision. For EU/UK Candidates, you have the right to lodge a complaint with the applicable Data Protection Authority in the EU or the Information Commissioner in the UK.

    If you wish to exercise your rights, directly or through an agent, please contact us at: privacy@frontegg.com.

    We sometimes need to request specific information from you to help us confirm your identity and ensure the requested rights apply to you. This is another appropriate security measure to ensure that Personal Data is not disclosed to any person who has no right to receive it. Information provided in connection with such request will be processed only for the purpose of processing and responding to your request, and it may be shared with our legal and administrative teams.

    10. Additional information for california residents

    The below provides further information and disclosures required under the CCPA with regards to our data collection and privacy practices of Candidates’ “personal information”, in Frontegg’s capacity as the “business”. This section is an integral part of this Notice and supplements the information provided under the Notice

    10.3 Categories of Personal Information Collected

    This Notice provides comprehensive information regarding the Personal Data we collect and process.

    In the table below we further provide details regarding the categories of “personal information” collected as defined and listed under the CCPA (and that we have collected in the previous 12 months).

    Please note that under the CCPA, personal information does not include: publicly available information that is lawfully made available from government records, that a consumer has otherwise made available to the public; de-identified or aggregated consumer information; information excluded from the CCPA’s scope, such as: Health or medical information covered by the Health Insurance Portability and Accountability Act of 1996 and the California Confidentiality of Medical Information Act or clinical trial data; personal information covered by certain sector-specific privacy laws, including the Fair Credit Reporting Act, the Gramm-Leach-Bliley Act or California Financial Information Privacy Act and the Driver’s Privacy Protection Act of 1994.

    Category Example Collected
    A. Identifiers. A real name, alias, postal address, unique personal identifier, Social Security number, driver’s license number, passport number, or other similar identifiers. Yes – as described under Section 3 of this Notice – “Categories Of Personal Data We Collect, Purpose For Collection And Use & Lawful Basis” and for example, name and address.
    B. Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)). A name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver’s license or state identification card number, education, employment, employment history, medical information. Some personal information included in this category may overlap with other categories. Yes – as described under Section 3 of this Notice – “Categories Of Personal Data We Collect, Purpose For Collection And Use & Lawful Basis” and for example, name, address, telephone number, employment history.
    C. Protected classification characteristics under California or federal law. Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, sexual orientation, veteran or military status. Yes – as described under Section 3 of this Notice – “Categories Of Personal Data We Collect, Purpose For Collection And Use & Lawful Basis” and for example, citizenship, gender and disabilities.
    D. Commercial information. Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies. No
    E. Biometric information. Genetic, physiological, behavioral, and biological characteristics or activity patterns used to extract a template or other identifier or identifying information. No
    F. Internet or other similar network activity. Browsing history, search history, information on a consumer’s interaction with a website, application, or advertisement. No
    G. Geolocation data. Physical location, approximate location derived from IP address or movements. No
    H. Sensory data. Audio, electronic, visual, thermal, olfactory, or similar information. Yes – as described under Section 3 of this Notice – “Categories Of Personal Data We Collect, Purpose For Collection And Use & Lawful Basis” and for example, video or call interviews recorded with your approval.
    I. Professional or employment-related information. Current or past job history or performance evaluations. Yes – as described under Section 3 of this Notice – “Categories Of Personal Data We Collect, Purpose For Collection And Use & Lawful Basis” and for example, previous job positions.
    L. Sensitive personal information. Government-issued identifying numbers, financial account details, genetic data, precise geolocation, race or ethnicity, religious or philosophical beliefs, union membership, mail, email, text messages, biometric data, health data, and sexual orientation or sex life. Yes – as described under Section 3 of this Notice – “Categories Of Personal Data We Collect, Purpose For Collection And Use & Lawful Basis” and for example, government- issued identifying numbers if needed.

    10.2 Categories of Sources of Personal Information & Use of Personal Information

    The source from which we obtain personal information is mainly from you (i.e., you directly provide it to us), or third parties (for example a previous employer you have provided as reference) – and as further described under Section 4 of this Notice – “How Do We Collect Personal Data?”. The purpose for which we collect personal information is mainly to manage the recruitment process and asses your application for decisions making, as well as, to comply with applicable laws and defend our rights – as described under Section 3 of this Notice – “Categories Of Personal Data We Collect, Purpose For Collection And Use & Lawful Basis”. We will not collect additional categories of personal information or use the personal information we collected for materially different, unrelated, or incompatible purposes without providing notice and where required, obtain your consent.

    10.3 Disclosures of Personal Information for a “Business Purpose”

    We may disclose your personal information for a business purpose, and mainly with relevant third parties who support our recruiting processes or to comply with legal obligations and exercise and defend our rights. The categories of such third-party recipients with whom we share personal information are as described under Section 5 of this Notice – “Who May Have Access To Your Personal Data” and includes: Frontegg company group, to allow us to manage our recruitment process as a business at the organizational level; Service providers and contractors, to perform certain services and functions requested on our behalf, for example, service providers and vendors related to recruitment, talent acquisition and administration, technology services, background checks, where allowed by applicable law, etc.

    The categories of personal information we disclose, include any of the categories detailed under the table above (A, B, C, H, I and L) – as needed to fulfill the purposes. When we disclose personal information for a business purpose, we enter a contract that describes the purpose and requires the recipient to keep that personal information confidential and not use it for any purpose except performing the contract.

    10.4 Sale or Share of Personal Information

    We do not “sell” your personal information to any third party nor “share” it, as defined under the CCPA, meaning, we do not disclose or share your personal information in exchange for monetary or some other form of consideration.

    10.5 Data Retention

    The retention periods are determined according to the criteria explained under Section 7 of this Notice – “Retention of Personal Data”, and mainly for as long as it necessary in order to achieve the purpose for which it was initially collected; to comply with our regulatory obligations and to resolve a claim or a dispute with you.

    10.6 Your Rights Under the CCPA

    Please see Section 9 of this Notice – “Your Rights Regarding Your Personal Data & How Can You Exercise Them” which details your principal rights as for your personal information, including under the CCPA and how you may exercise them. In addition to those rights, under the CCPA you further have the right to: limit the use or disclosure of your “sensitive personal information” and not to be discriminated against for exercising your rights.

    You can designate an authorized agent to submit requests to exercise rights on your behalf. However, we will require written proof of the agent’s permission to do so or to verify your identity directly.

    11. Notice amendments

    We may update this Notice to reflect changes in our privacy practices. If we make any changes that we deem as “material”, we will update this page prior to the change becoming e ective. We recommend you review this Notice periodically to ensure that you understand ourff privacy practices and to check for any amendments.