Recruitment Privacy Policy

This Recruitment Privacy Policy describes GitLab Inc. and its affiliates (GitLab) practices for collecting, storing, and processing your personal data as part of the recruitment process.

This Recruitment Privacy Policy describes GitLab Inc. and its affiliates (“GitLab”) practices for collecting, storing, and processing your personal data as part of the recruitment process.

What Personal Data Does GitLab Collect About You?

Information You Provide Directly

We may collect the following personal data from you when you apply for a position:

  • Contact Information such as name, email address, physical address, telephone number;
  • Employment Background Information such as resume/CV, employment history, academic and professional qualifications;
  • Work eligibility and citizenship information;
  • Demographic Information such as racial or ethnic origin for government reported statistics when permitted by law or with your consent.

Information We Collect from Other Parties

We may collect personal data from other parties as part of the recruitment process. For example:

  • Information provided from agencies performing background checks or right to work verifications;
  • Information from public sources and social media sites;
  • Information from recruitment agencies that you have asked to support you in finding a job;
  • Information provided by GitLab team members who have referred you for a job.

How does GitLab Use Your Personal Data?

We may collect and use your personal data for the following purposes:

  • To communicate with you about your job application and potential future job opportunities;
  • To administer, support, and manage the job application process;
  • Where necessary to comply with applicable legal or regulatory requirements;
  • To evaluate and report the demographic makeup of our company where allowed by law; and
  • For other purposes as described to you at the time we collect your personal data.

When Does GitLab Share Your Data and Who are the Recipients?

As part of the recruitment process, GitLab may disclose your personal data in the following circumstances:

  • Internally with GitLab team members, contractors, and vendors who require the information to administer and manage the recruitment process;
  • To third-party service providers which process personal data on our behalf to provide certain services, such as background checks;
  • To third-parties with whom you instruct GitLab to share your personal data;
  • We may share your personal data if we believe it is reasonably necessary to comply with valid legal process (e.g., subpoenas, warrants) or protect the rights, property, or safety, of GitLab, our employees, or users;
  • If GitLab is acquired or transferred (including in connection with a bankruptcy or similar proceedings), we may share your personal data with the acquiring or receiving entity.

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, we collect and process your personal data on the following legal bases set out by applicable law:

Consent: We may ask you for your consent to process your personal data. You can withdraw your consent at any time, which will not affect the lawfulness of the processing before your consent was withdrawn.

Legitimate Interest: We process certain personal data for our legitimate interests. These legitimate interests include, for example, administering the recruitment process and managing applicants effectively.

Performance of a Contract: We process personal data to perform steps that are necessary prior to entering an employment contract with you, where you are considered for employment.

Compliance with Legal Obligations: In some cases, we may have a legal obligation to process your personal data, such as to meet our legal requirements or in response to a court or regulatory order. We also may need to process your personal data to protect vital interests, or to exercise, establish, or defend legal claims.

International Data Transfer

Your personal data may be processed in the United States, the country where you have applied for a job, or any other country where GitLab or its subcontractors have team members or operations.

GitLab may transfer, store, or process your personal data in a country outside your jurisdiction, including countries outside the European Economic Area (“EEA”), Switzerland, and the United Kingdom. If we transfer personal data from the EEA, Switzerland, or United Kingdom to a country outside it, such as the United States, we will enter into EU standard contractual clauses with the data importer, or take other measures to provide an adequate level of data protection.

Security

Access to your personal data is controlled and GitLab maintains a comprehensive information security program using administrative, physical, and technical safeguards.

Data Retention

Your personal data will be retained until the end of the employment application process plus a reasonable period thereafter. If your job application is successful and you accept a position, the personal data collected during the recruitment process will be added to your human resources file and retained for the duration of your employment.

Your Rights and Choices

You may access, correct, or delete your personal data at any time. You may also withdraw your consent, or object to the processing of your personal data when based on our legitimate interests. To submit a deletion request, please complete this form. To submit an access request, please complete this form. To correct your personal data, withdraw your consent or object to the processing of your personal data please contact us as recruiting@gitlab.com.

Due to a high volume of Candidates, GitLab uses automated decision-making to filter Candidates based on responses to our application questions. When certain criteria is met regarding visa sponsorship, work permits, hiring country, and other employment restrictions, our software will reject your application. This is because GitLab cannot legally hire or sponsor workers in a number of jurisdictions, or in certain cases other legal requirements are in place that prevent hiring. We will continually update which responses will result in a rejection of your application as our legal requirements change. Once rejected, your application will not move forward in our recruitment process.

Our use of automated decision-making enables us to enter into an employment contract with the selected Candidate by providing a manageable list of possible candidates. If you object to our use of automated decision-making for the reasons stated above, please contact us at recruitingops@gitlab.com to request a separate review of your application by one of our trained recruitment specialists. After this separate review, we will contact you with an explanation of our decision.

Policy Changes

GitLab may change this Privacy Policy from time to time. If we decide to make a significant change to this Privacy Policy, we will post a notice of the update on this site. We encourage you to periodically review this page for the latest information.

Contact Information

If you have questions or concerns about the way we are handling your data, please email us with the subject line “Privacy Concern” at DPO@gitlab.com.

The controller of your personal data is the GitLab affiliate who is hiring.

Policy Updates

This policy was last updated on 2023-03-14.

Last modified August 16, 2024: Replace aliases with redirects (af33af46)