Imprivata Applicant Privacy Notice

Imprivata Applicant Privacy Notice

Effective Date: March 20, 2024

Last updated: December 30, 2025

Thank you for your interest in working with Imprivata. This Applicant Privacy Notice describes how Imprivata, Inc., and/or its affiliates and subsidiaries, including Ground Control, Inc., FairWarning, LLC, SecureLink, Inc., and Verosint, Inc. (hereinafter "We", "Imprivata", or “Imprivata Group”) will processes your personal data to consider your employment application and your rights under applicable privacy laws.

The protection of your personal data is important to us.

Data Controller

The Imprivata Group company to which you submit your application via the application management system is responsible for processing your data.

Data Protection Officer

To contact our Data Protection Officer, please send an email to privacycommittee@imprivata.com.

Categories of Processed Data

The categories of personal data processed as part of the application process include:

  • General personal data (e.g. personal identifiers such as name, birthday, and postal address)
  • Documents (e.g., references, certificates, resumes, which may include professional or employment-related information)
  • Education and training details (e.g., data about school education, university, professional qualifications, and skills)
  • Communication data (e.g., other identifiers such as email address and (mobile) phone number)
  • Log data recorded while using recruiting and other applicant-related IT systems (e.g., electronic identifiers and internet activity information such as IP address, other online identifiers, and website interactions)
  • Compensation information that you voluntarily provide, and which may depend on your region and applicable laws and regulations
  • Social media information, such as if you provide us a link to or other access to a social media account, we may collect or access any information you permit to be shared through or from your social media account and other information depending on the social media platform
  • Background check information (e.g., criminal record, credit history, where permitted by law)

Required data will be explicitly marked as such during the application process. We kindly ask you to provide us with sensitive or special categories of personal data (such as health data or religious information) only if they are exceptionally relevant to the application process. In such cases, we will process this data together with your other applicant data. Do not provide any other sensitive or special categories of data that are not specifically requested as part of the application process.

You are responsible for the personal data you provide or make available to us. All personal information you provide, particularly in connection with our recruiting activities, must be truthful, accurate and not misleading in any way. You may not provide information that is obscene, defamatory, infringing, malicious, or that violates any law. If you provide personal data of a third party (such as for references), you are responsible for providing any notices and obtaining any consents necessary for us to collect and use such personal information as described in this Privacy Notice.

The processing of personal data during the applicant management process is for the purposes of preparing for an employment relationship with a company in the Imprivata Group, including the following:

  • Communicating with candidates and responding to questions about job opportunities
  • Assessing your candidature and application, and if you are selected, to process your onboarding and enter into an applicable form of employee or work relationship with you
  • Verifying the information we receive and, to the extent permitted or required by applicable law, conducting background or other checks, including from your references, if applicable
  • Performing accounting and other internal functions such as internal reporting and generating statistics to identify needs and opportunities in our recruiting processes
  • Preparing for and engaging in internal and external audits and similar assurance-providing processes and procedures
  • Preparing for, engaging in, completing, or following up on mergers, acquisitions, or similar corporate transactions
  • Preparing for, and engaging in, dispute resolution proceedings, including alternative dispute resolution, mediation or administrative or court proceedings
  • Complying with and enforcing applicable legal requirements, industry standards and Imprivata policies and terms
  • If you are not selected for employment, for purposes of creating and maintaining a Talent Pool, as described below
  • Detecting, preventing, and responding to fraud or other potentially illegal activities, including in connection with the use of our applicant applications and systems or our physical premises
  • Securing, monitoring, and protecting our corporate assets, such as our networks, systems, devices, and physical premises
  • Operating, evaluating, and improving our applicant applications and systems, our application and recruitment process, including to analyze our candidate base, hiring practices or trends, to identify qualifications or skills shortages, and to match candidates and potential opportunities

The main legal basis for this purpose is the legal requirement to take steps at your request (the data subject) prior to entering into an employment contract.

We process your personal data in accordance with the requirements of the respectively applicable national and international laws, such as:

  • EU General Data Protection Regulation (“GDPR”) adopted by the European Parliament and the Council of the European Union on April 27, 2016 – in cases where it is applicable;
  • German Federal Data Protection Act;
  • UK Data Protection Act 2018 and UK GDPR;
  • The California Consumer Privacy Act of 2018 as amended by the California Privacy Rights Act of 2020 (“CPRA“) and other US state laws providing similar rights, as applicable; or
  • any other applicable national laws and regulations.

Other legal bases are your explicit consent to the processing of personal data (“Consent”, e.g. if we would like to keep you as a candidate in our talent pool as described below) or legitimate interests pursued by Imprivata (for example, through application process evaluations, background checks verifying the legitimacy of the information provided by applicants, and analytical reporting, after careful consideration against your interest in the protection of your personal data in accordance with the relevant legal provisions).

Whenever special categories of personal data are processed with the respective data protection law and regulations requirements (e.g. health data, religion, or union membership), this processing is carried out in accordance with the relevant national and international data protection laws. Furthermore, it may be necessary to process your health data to assess your ability to work in accordance with national and international data protection law or for reasons of accommodation evaluation.

Collection and Sources of Personal Data

Your personal data will generally be collected directly from you as part of the recruitment process. We reserve the right to verify the integrity and accuracy of the personal information provided. We may be required by international law to conduct compliance and background checks as part of the application process. We may use third party service providers for this purpose.

In certain circumstances, your information may also be collected from:

  • Third parties: For example, we may collect or receive information from recruitment agencies or references.
  • Publicly available information: For example, we may check your profile on professional social networking sites such as LinkedIn, if you provide us with the link to your profile, or we may receive your information from recruiting providers.
  • Imprivata personnel
  • Other Imprivata Group companies

During the application process, we may ask you for your consent to forward your application documents to other vacancies that match your profile.

Please see our Cookie Policy for details regarding how we use cookies and other similar technologies on our websites to automatically collect information from your browser or device.

Talent Pool

If you have consented to becoming part of our Talent Pool, we may use the data you provided in order to, for example, inform you about interesting job opportunities. This may be done by email or telephone. You may withdraw your consent at any time with future effect by contacting privacycommittee@imprivata.com.

Transfer and Disclosure of Personal Data

Within the respective Imprivata Group company to which you have applied, only those persons involved in the application process (e.g. line managers, employees and agents of the recruiting and HR departments) have access to your personal data for the purposes mentioned above. Other Imprivata Group companies may also be data controllers of your personal data. Your data may be transferred to the relevant persons worldwide within the Imprivata Group.

If you are hired, your data will be transferred from our application management system to our HR management systems. During this process, your information may be transferred to another company within the Imprivata Group, where it will be processed as employee information subject to the Imprivata Employee Privacy Notice. We may share your personal information with other companies within the Imprivata Group for the purpose of contract fulfillment and for our legitimate interest in organizing our internal operations.

We may disclose your personal data to other data controllers only if this is necessary for the application, if the third party or we have a legitimate interest in the disclosure, or if you have given your consent.

In addition, we use service providers to, among other things, fulfill our contractual and legal obligations. Where these service providers process personal data on our behalf, we have entered into the required data protection agreements with them. All service providers are required to maintain confidentiality and comply with applicable law. Third-party service providers may include but are not limited to background check companies (as indicated above), travel providers, and conferencing system providers. You may be asked to provide your personal data directly to these third parties in certain cases, and in such cases, the third party’s respective privacy terms will govern your provision of personal data to them in accordance with the section titled “Third-Party Sites” below. Service providers may also be other companies within the Imprivata Group.

We may also disclose your data to legal counsel, auditors, and external consultants to operate our business; to courts or other parties involved in actual or threatened litigation and to government authorities in accordance with applicable law; other third parties in connection with investigating or responding to actual or potential fraud or violations of rights; and to third parties in connection with corporate transactions such as if Imprivata buys, merges, or partners with other companies.

International Transfers

Your personal data may be stored and processed in any country where Imprivata has facilities or in which Imprivata engages service providers. By using our websites or disclosing information to Imprivata, you consent to the transfer of information to countries outside of your country of residence, which could have different data protection rules than those of your country or the country in which you were located when you initially provided the information. Where required, Imprivata puts in place a solution to ensure that personal data transferred outside of the EEA is subject to adequate protection in compliance with applicable laws.

Imprivata complies with the EU-U.S. Data Privacy Framework, the Swiss-U.S. Data Privacy Framework, and the UK Extension to the EU-U.S. Data Privacy Framework (collectively, the “Data Privacy Framework”). Imprivata is committed to subjecting all personal data received from European Union (EU) member countries, the United Kingdom, and Switzerland, respectively, in reliance on each Data Privacy Framework, to the Data Privacy Framework’s applicable Principles. To learn more about the Data Privacy Frameworks, and to view Imprivata's certification, visit the U.S. Department of Commerce’s Data Privacy Framework website: https://www.dataprivacyframework.gov/. Click here to access Imprivata’s Data Privacy Framework Policy.

Imprivata is responsible for the processing of personal data it receives, under the Data Privacy Framework, and subsequently transfers to a third party acting as an agent on its behalf. Imprivata complies with the Data Privacy Framework Principles for all onward transfers of personal data from the EU, the United Kingdom, and Switzerland, including the onward transfer liability provisions.

With respect to personal data received or transferred pursuant to the Data Privacy Framework, Imprivata is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission.

Data Retention and Data Storage Protection

In general, we store your data for as long as necessary for the purposes for which it was collected or processed, or for as long as we have a legitimate interest in storing the data. In all other cases, we will delete or aggregate your personal data, or if this is not possible due to practical or legal requirements, then Imprivata will securely store your Personal Data, except for data that we are required to retain, in order to comply with legal obligations. The length of time for which we retain information depends on the purposes for which we collected and used it, requirements of applicable laws, the amount, nature, and sensitivity of the information, the potential risk of harm from unauthorized use or disclosure of the information, the resolution of any pending or threatened disputes, and enforcement of our agreements.

Upon completion of the application process (e.g., rejection by us or withdrawal by you), we will generally delete your personal data within 1 year of the application date.

We maintain physical, technical, and administrative safeguards that are designed to protect personal data against accidental, unlawful or unauthorized access, destruction, loss, alteration, disclosure or use. Unfortunately, the transmission of information via the internet is not completely secure. Although we use measures to protect your personal data, we cannot guarantee the security of your personal data. Any transmission of personal data is at your own risk. We are not responsible for circumvention of any privacy settings or security measures.

Your Rights

According to data protection laws applicable to you, you may have the right to access, the right to rectification/correction, the right to erasure/deletion, the right to restriction of data processing, the right to data portability/access, and the right not to be discriminated or retaliated against for exercising your above rights.

Furthermore, you have the right to lodge a complaint with a data protection supervisory authority if you believe that the processing of your personal data is not lawful.

If the processing is based on your consent, you have the right to withdraw your consent to the use of your personal data at any time. Please note that revocation only has a future effect. Please also note that we may need to retain certain information for a period of time in order to comply with legal requirements.

In accordance with the CPRA and other similar laws, as applicable, you have a right to know:

  • The categories of personal data we have collected about you;
  • The categories of sources from which the personal data was collected;
  • The categories of personal data about you we disclosed for a business purpose, sold, or shared, and the categories of third parties to whom the personal data was so disclosed, sold or shared, by category or categories of personal data for each category of third parties or persons to whom the personal data was disclosed, sold, or shared;
  • The categories of third parties to whom the personal data was disclosed for a business purpose, sold, or shared;
  • The business or commercial purpose for collecting, selling, or sharing the personal data; and
  • The specific pieces of personal data we have collected about you.

We do not “sell” or “share” data as these terms are specifically defined in certain US state data privacy laws such as the CPRA.

For more information on the personal data we collect, including the sources from which we receive such data, please review the “Categories of Processed Data” and “Collection of Personal Data” sections above. We collect and use these categories of personal data for the business purposes described in the “Purposes of Processing and Legal Basis” section above.

We use and partner with different types of entities to assist with our recruiting operations. Please review the “Transfer and Disclosure of Personal Data” section above for more detail about these disclosures.

How to Exercise Your Rights

If you have an account with us, you may exercise some of your rights by accessing your account or you may contact privacycommittee@imprivata.com. Imprivata will need to verify your identity in order to process any requests and will need your name, email address, and phone number to do so. Imprivata responds to requests within 30 days or other applicable period permitted by law. If a request requires additional time to be processed, Imprivata will notify you in writing. Certain exceptions apply in the law. If your request is denied, Imprivata will provide you with the reasons for such a denial.

If we are unable to verify your identity, we may deny your request. You can designate an authorized agent to submit requests on your behalf. However, we will require written proof of the agent’s permission to do so and verify your identity directly. We may not be able to provide all of the information requested or fulfill your request due to certain exceptions enumerated under applicable law. In such a case, you will inform you of the reasons we cannot fulfill all or parts of your request.

Right to object

Insofar as the processing of your personal data is carried out for the protection of legitimate interests, you have the right to object to the processing of this data at any time for reasons arising from your particular situation. We will then no longer process this personal data unless we can demonstrate compelling legitimate grounds for the processing. These must outweigh your interests, rights, and freedoms, or the processing must serve the assertion, exercise, or defense of legal claims.

If you have any questions about your individual rights, please feel free to contact us at any time: privacycommittee@imprivata.com.

Disclosures Required by Certain US States

In accordance with the CPRA and other similar laws, we may be required to provide specific notices regarding data processing. More details regarding our personal data processing are contained throughout this Privacy Notice, such as our sources of personal data and your rights regarding the personal data we collect about you. Please see below for the categories of personal data we may have collected through your application process and the categories of recipients to whom we disclosed personal data in the 12 months preceding the date this Privacy Notice was last updated. The below categories of personal data have been or may be disclosed to third parties in accordance with the Section titled “Will Imprivata disclose any of the information it receives?”

  • Identifiers, such as contact data and electronic IDs
  • Characteristics of protected classifications under California or federal law
  • Internet and electronic network activity information, such as described above in the section titled Cookies
  • Audio and visual information, such as phone or video call recordings
  • Professional information, such as job title and role
  • Inferences drawn the above to understand your preferences

Third-Party Sites

Imprivata may permit you to link to other websites on the Internet (“Third-Party Sites”), and other websites may contain links to our websites. These Third-Party Sites are not under Imprivata's control, and such links do not constitute an endorsement by Imprivata of those Third-Party Sites or the services offered through them. The privacy and security practices of Third-Party Sites are not covered by this Privacy Notice and may differ from those of Imprivata. Imprivata encourages you to read the privacy statement of any Third-Party Sites because Imprivata is not responsible for Third-Party Sites' content, policies, or privacy or security practices.

Changes to This Privacy Notice

Imprivata will review this Privacy Notice annually and may amend where necessary. Use of information Imprivata currently collects is subject to the Privacy Notice in effect at the time such information is used. If Imprivata makes material changes to this Privacy Notice, Imprivata will notify you by posting the revised notice on its website or sending you an email, so you are always aware of what information Imprivata collects, how Imprivata uses it, and under what circumstances if any, it is disclosed.

Questions or Concerns

Your privacy is important to us. If you have any questions, concerns, or would like to submit a complaint regarding data privacy, please email privacycommittee@imprivata.com. You may also visit https://imprivatadsr.ethicspoint.com for more details and to submit a Data Subject Request.

Individuals and the data protection supervisory authorities in the EU may also contact our EU representative according to Art. 27 GDPR:
Imprivata GmbH, Hans-Böckler-Str. 12, 40764 Langenfeld, Germany
eurepresentative@imprivata.com