When you apply for a job with us, are a sourced or referred applicant, or you are asked to provide feedback as a referee about a job applicant, we appreciate that you trust us with your personal data that we collect and handle.
Here we provide an overview of what personal data we collect from you and why, our handling practices, and your rights and choices.
This policy applies to Afterpay Australia Pty Ltd ACN 169 342 947, Afterpay NZ Limited (Company number: 6340314), Afterpay US , Inc., Afterpay US Services, LLC, Afterpay Canada Limited, Clearpay Finance Limited (company number 05198026), AfterPay Information Technology Service (Shanghai) Co. Ltd, Clearpay S.A.U (Company number A85827335), Clearpay Technology, S.L (Company number B87919999), and their affiliates and related companies (together, ‘we’, ‘us’ or ‘our’). Each Clearpay entity named acts as a Data Controller in accordance with the General Data Protection Regulation (GDPR), and U.K. GDPR / 2018 Data Protection Act 2018 as applicable.
The entity you are interacting with as indicated above is collecting the personal data and will process it, but may share it with other entities as set forth in this Policy.
What is personal data?
Personal data is any information that reasonably identifies you and is about you as described in our applicable privacy laws. Some examples of personal data are your Curriculum Vitae, references, name, home address, and date of birth. Personal data excludes anonymised or aggregated data.
Personal data we collect and why
If you are applying for a job with us, we may ask for your personal data directly from you to determine your suitability for the job, and in order to enter into an employment agreement with you. We may also collect personal data about you from third parties where you have authorised us to do so, and from publicly available sources, such as your LinkedIn profile. We may collect personal data about you from a third party, such as from an Afterpay or Clearpay employee or a recruitment agency that has referred you for a job application.
If you are applying for a job and are unable or refuse to provide the requested personal data for our recruitment purposes, we may not be able to progress with your application or offer you employment.
We may collect your personal data for the purposes and uses outlined in the table below and where otherwise lawful to do so.
Contact details. For example, your name, personal email address, phone number, residential address, location
Professional or employment related information including education, work experience, skills, compensation and benefits, desired salary, willingness to relocate, job preferences, notice period, other information relating to compensation and benefits, and resume/Curriculum Vitae
To enter into a contract with you
We will use your personal and contact details and your professional or employment related information to identify you and process your job application, and enter into an employment agreement with you should your application be successful and we make you an offer of employment.
We will use your contact details to get in touch with you, and discuss your application with you.
With your consent
We may, with your consent, retain and use your personal data to inform you about and consider you for other roles that may be appropriate for you.
If you are a referee and are asked to provide a reference, to identify you and record your reference in relation to an applicant.
Other professional or employment related information publicly available information including from links you have provided in your job application, such as LinkedIn or GitHub, and additional information provided by you to support your application
Opinions about you (or from you), including from our recruiting partners and vendors who you agree to undertake assessments with, from an individual who refers you for a role, from references you have provided, and our staff who assess your application
Our legitimate interests
To review your application, determine suitability including assessing skills, qualifications and interests, and take any further necessary steps required to enter into an employment agreement with you. We may also use personal data to analyse and improve our application and recruitment process.
Information contained in background checks including reference checks and police checks
As required by law or for our legitimate interests
We will ask you if we can conduct a criminal record check.
We may process data relating to criminal convictions and offences in order to comply with our obligations under anti-money laundering and counter terrorist financing regulations. We may also conduct a criminal record check for our legitimate interests to determine your suitability for a role with us.
Demographic information provided in the voluntary diversity survey eg your age, gender, ethnicity
With your consent
If you choose to complete the voluntary demographic questions on the application form, we will only use your responses in an aggregated and anonymised way (that is, without identifying you personally) for the purposes of diversity analysis, tracking and reporting (internal and external) in accordance with applicable laws.
Disability, health, and other sensitive or special categories of personal data
With your consent
We will obtain with your consent any personal data classified as special or sensitive, such as if you elect to tell us about a health condition.
With your consent and in accordance with applicable laws
We welcome applications from people with disabilities and will endeavor to offer reasonable adjustments through the recruitment process to ensure equal participation for people with disabilities. If you choose to disclose disability, health or other sensitive personal data to us on your application form or during the recruitment process, we will use this information only to provide reasonable adjustments in the recruitment process and in order to comply with applicable labour inclusion laws.
How your personal data is used and shared
We may use and share your personal data with the following categories of recipients where lawful to do so, including for purposes outlined in “Personal data we collect and why”. We do not sell your personal data.
We may share your personal data with:
- Afterpay entities, affiliates and related companies (company group), and with suppliers and service providers for the provision, maintenance, and improvement of our processes, including for the purposes of reviewing your application and determining suitability, to conduct assessments, perform background checks, and to enter into an employment contract with you. We may also use and share personal data to support recruitment administration and to improve our recruitment processes.
- An individual who acts as your reference check, to let them know you have applied for a job with us, and to request a reference.
- Companies that we plan to merge with or be acquired by or who may invest in us.
- Where required or permitted by or under law, including to government, law enforcement, and regulatory authorities, and where required under lawful search warrants, subpoenas, or court/tribunal orders. When we disclose your personal data to comply with a legal obligation or process, we will take reasonable steps to ensure that we only disclose the minimum personal data necessary for the specific purpose and circumstances.
Cross border transfers
We may collect or transfer personal data across borders in a secure and lawful manner, within and externally to our company group, including for purposes described in this Policy and as otherwise required or permitted by law.
We take necessary steps to require entities that deal with your personal data, by written agreement, to comply with a similar standard of compliance with applicable privacy requirements and to have appropriate safeguards. Where required, cross-border transfer mechanisms under the GDPR for transfers of personal data outside the European Economic Area and UK GDPR for transfers outside of the UK. For example, transferring personal data to a European Commission approved third country holding an adequacy decision or binding third parties to provide appropriate and enforceable safeguards through standard contractual clauses, or where there is availability of an effective legal remedy to individual rights.
To facilitate our global operations we may share personal data within Afterpay and our affiliates and related companies, including those based in Australia, United States, United Kingdom, Canada, China, Singapore and New Zealand. We are bound by an Intercompany Personal Data Transfer Agreement that contains Standard Contractual Clauses.
How we keep your personal data safe
As part of our commitment to protecting the security of any data we process, we have implemented appropriate physical, technical, and organisational security measures designed to secure your personal data against accidental loss and unauthorised access, use, alteration, or disclosure. We are an ISO 27001 compliant company, and require our third parties to meet appropriate privacy and security standards when handling data on our behalf.
How we retain your personal data
We will retain your personal data only for as long as necessary to fulfill the purposes we collected it for. This includes where required under law, our legitimate interests, or for the establishment, exercise or defence of legal claims, and for reasons explained in “Personal data we collect and why” and “How your personal data is used and shared”. We will otherwise delete personal data where we no longer have a lawful basis.
When you provide your personal data to us to apply for a job application, and you are unsuccessful, we will retain it for up to one year from the date we notify you about the outcome of your application, unless we have another lawful basis to do so.
Your rights and choices
We respect your rights and choices you make about your personal data. Your rights and choices are where applicable to you based on your location and which entity you are dealing with, and subject to limitations as required or permitted by law. They are set out below.
Where you have asked us to exercise a right or choice, we will review and advise you of the steps we have taken to respond within a reasonable and lawful timeframe, and explain our process and reasons.
We may not always be able to fulfill your request if we have a legitimate basis to refuse it. We will tell you why. For example, if you seek to erase your personal data in a way that would mean we are not able to comply with our obligations under law.
Withdraw your consent
You have the right to withdraw your consent where we have relied on it. If you withdraw your consent, we may not be able to provide you with certain Services. It will not affect our lawful basis for processing by consent before your withdrawal.
You have the right to enquire further about the personal data we hold about you and how we process it, including across borders.
You have the right to request access to your personal data.
You have the right to ask us to correct your personal data, including where you believe it is not accurate, complete, up to date, or relevant.
Make an enquiry or complaint
You have a right to make an enquiry or complaint, including to lodge a complaint with your local privacy authority.
You have the right to ask us to erase your personal data, and where personal data is made public, to inform other controllers of your personal data where you have a lawful erasure right.
You have the right to ask us to restrict processing of your personal data.
Object to processing
You have the right to object to us processing your personal data.
You have the right to ask us to access or transfer on your behalf personal data we hold about you to a third party.
If you have a query or concern regarding the way we collect and handle your personal data, or would like to exercise your rights and choices, please reach out to our privacy specialists at [email protected] or [email protected] or by mail to GPO Box 2269, Melbourne, VIC 3001, Australia.
If you are located in the UK or Europe and would like to speak to your local Data Protection Officer, please ask or address your email to the “Data Protection Officer” and send your request to the following:
Clearpay Finance Limited
22 Long Acre, London, UK, WC2E 9LY
Paseo de la Castellana 95 - 11 floor - Torre Europa - 28.046, Madrid
Rue Réaumur 124 - 75002 Paris, France
Via Pietro Paleocapa, 7 - 20121 Milano,
Clearpay Technology, S.L
Paseo de la Castellana 95 - 11 floor - Torre Europa - 28.046, Madrid
Changes to this Policy
Policy last updated: 30 September 2021