1. What does this notice cover?
This notice describes how Samsara Networks Inc. and its affiliates ("Samsara", "we", "us" or "our") use your “personal data” as defined in the General Data Protection Regulation (EU Regulation 2016/679) (“GDPR”) in connection with your application for internship and/or employment with us. It also describes your data protection rights and how to exercise them.
We also may provide you with additional information when we collect personal data, where we feel it would be helpful to provide relevant and timely information.
2. What personal data are we likely to collect?
Personal identification and communication information: your name, home address, phone number; email address; date of birth, gender, immigration status, and information about your entitlement to work;
Application-related information: curriculum vitae (CV), cover letter, employment history, education history, qualifications and skills, reference contact information, position preferences, willingness to relocate, desired salary, interests and aspirations, and background screening information if relevant;
Sensitive information: information about your health and disabilities where we need to make any reasonable adjustments, where you have volunteered such information to us, where otherwise required for equal opportunities monitoring (which may include information about your ethnic origin, sexual orientation, health and religion or belief); and
Financial information: banking information in order to enable our third-party payment processor to reimburse you for expenses incurred in the application process.
We collect most of this information from you directly. E.g., data is collected through our application portal and/or CVs; from correspondence with you; or through interviews, meetings or other assessments. We may also collect some information about you from other people (e.g., recruiters, referrals), your referees or organizations (e.g., from LinkedIn), and where applicable, we may also collect data from our third-party background screening provider (during the pre-employment/internship screening process).
3. Why do we collect, use and store this personal data?
We collect, use and store your personal data for the reasons set out below.
Where necessary for Samsara to take steps prior to potentially entering into an employment/internship contract with you:
To make informed decisions on recruitment and assess your suitability for the role;
To communicating with you about your application, to respond to your inquiries and to schedule interviews; and/or
To reimburse you for any agreed expenses incurred in the application process where applicable.
Where necessary for Samsara's legitimate interests, as listed below, and where our interests are not overridden by your data protection rights. For example:
To improve our internship and/or recruitment process and activities;
To verify the details you have supplied and, where applicable, conduct pre-employment/internship background checks;
To protect our legitimate business interests and legal rights, including, use in connection with legal claims, compliance, regulatory, auditing, investigative and disciplinary purposes (including disclosure of such information in connection with legal process or litigation) and other ethics and compliance reporting requirements; and/or
To analyze and monitor the diversity of the workforce in accordance with applicable laws. This includes, e.g., compliance with equal opportunity employment laws.
Where necessary to comply with a legal obligation. For example:
To assess your fitness and propriety in connection with your engagement in a controlled function, where applicable; and/or
To comply with legal, regulatory and other requirements under applicable laws.
Where you have given consent. For example:
To contact you about future career opportunities at Samsara.
4. Verification and background checks
For certain positions, it will be necessary for us to verify the details you have supplied (e.g., in relation to your identity, employment history, academic qualification and professional credentials) and to conduct pre-employment/internship background checks (e.g., in relation to previous criminal convictions or financial standing). The level of checks will depend on your role, in particular whether you will occupy a regulated role, and will be conducted at as late a stage as is practicable in the recruitment process and often only after you have been selected for the position. If your application is successful, we will provide further information about the checks involved and will obtain any necessary consents or acknowledgements prior to completing such checks.
5. How do we share your personal data?
Personal data will primarily be “processed” (used in this document as defined under the GDPR) by employees in our People, Talent, IT, Finance, and Facilities teams across our group of companies. If you are applying for a position from outside of the USA, this may therefore include sharing your personal data with our affiliates in the USA and in other jurisdictions.
Your personal data will also be shared with companies providing services, such as technology services including hosting, maintenance, administration and analysis, as well as other agencies, under contract to Samsara as part of the recruitment process. For general recruitment services, we use a third-party candidate tracking system. We may also share your personal data with other third-party service providers (e.g., providers of background checks). Your personal data will also be shared with government authorities and/or law enforcement officials if mandated by law or if required for the protection of our legitimate interests in compliance with applicable laws. In the event that a Samsara business is sold or integrated with another business, your details may be disclosed to our advisers and any prospective purchaser's adviser and will be passed to the new owners of the business.
In the event that your personal data is otherwise transferred outside of the UK or the EEA to an organization (including one of our affiliates) in a country which is not subject to an adequacy decision by the European Commission or considered adequate as determined by applicable data protection laws, we will take steps to ensure your personal information is adequately protected e.g., by way European Commission approved Standard Contractual Clauses, or by relying on such other data transfer mechanisms as available under applicable data protection laws.
We decided to self-certify under the Privacy Shield Framework but we also have entered into European Commission approved Standard Contractual Clauses to provide adequate protection for such transfer in the event the Privacy Shield Framework is invalidated as a transfer mechanism. You may request additional information in respect of such transfer mechanism by exercising your rights as set out below. Otherwise, please note that the Privacy Shield framework was developed specifically to establish a way for companies to comply with data protection requirements when transferring personal data from the European Union to the United States.
Samsara and the Privacy Shield Framework
Regarding the collection, use, and retention of personal data transferred from the European Union, the United Kingdom, and Switzerland to the United States, Samsara complies with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework as set by the U.S. Department of Commerce. Samsara has certified to the Department of Commerce that it adheres to the Privacy Shield Principles. If there is any conflict between the terms in this privacy notice and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification, please visit www.privacyshield.gov.
All personal data that is subject to this privacy notice and is received from individuals who are resident in the European Union, European Economic Area (EEA), the United Kingdom, and Switzerland is covered by Samsara’s participation in the Privacy Shield unless governed by another adequate transfer mechanism as detailed herein. Samsara will comply with the Privacy Shield Principles in respect of such personal data.
Samsara is accountable for personal data received under the Privacy Shield and subsequently transferred to a third party as described in the Privacy Shield Principles located at https://www.privacyshield.gov/EU-US-Framework. Pursuant to the Privacy Shield, Samsara remains liable for the transfer of personal data to third parties acting as our agents unless we can prove we were not a party to the events giving rise to the damages.
Samsara commits to resolve complaints about your privacy and our collection or use of your personal data as per the EU-U.S. and Swiss-U.S. Privacy Shield Principles. European Union, United Kingdom or Swiss individuals with inquiries or complaints regarding this privacy notice should first contact us using the contact information below.
Samsara has further committed to cooperate with the panel established by the EU data protection authorities (DPAs) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to unresolved Privacy Shield complaints concerning human resources data transferred from the EU and Switzerland in the context of the employment relationship/internship.
As further explained in the Privacy Shield Principles, a binding arbitration option is also available to you in order to address residual complaints not resolved by any other means. Samsara is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission.
6. Your choices and rights (EEA candidates only)
You may have the right to ask Samsara for a copy of your personal data; to correct, delete or restrict processing of your personal data; and to obtain the personal data you provide in a structured, machine readable format. In addition, you can object to the processing of your personal data in some circumstances (in particular, where we don’t have to process the data to meet a contractual or other legal requirement). Where we have asked for your consent, you may withdraw consent at any time. If you ask to withdraw your consent to Samsara processing your data, this will not affect any processing which has already taken place at that time.
These rights may be limited according to applicable data protection laws, e.g., if fulfilling your request would reveal personal data about another person, or if you ask us to delete information which we are required by law or have compelling legitimate interests to keep. If you have unresolved concerns, you have the right to complain to a data protection authority. In the UK, this will be the UK Information Commissioner. The contact details of each data protection authority can be found at the following website: http://ec.europa.eu/justice/data-protection/article-29/structure/data-protection-authorities/index_en.htm. You can also raise any concerns by contacting our Data Protection Officer at email@example.com.
7. How long do we retain your personal data for?
If you are successful: we will retain your personal data only for as long as we need it for Samsara's legitimate interest in accordance with applicable law, for the purposes of the recruitment and/or internship process and, once this process is finished, for an appropriate period so as to be able to deal with any legal claims linked to the application process. After this period, we will take steps to delete your personal data or hold it in a form that no longer identifies you. If you become a Samsara employee, relevant personal information you provide will become a part of your employee file and may be used later for the management of the employment relationship.
If you are not successful: we will retain your personal data for 12 months following notice of an unsuccessful application with us.
8. Updates to this privacy notice
We reserve the right to update this privacy notice at any time, and we will provide you with a new privacy notice when we make any substantial updates. We may also notify you in other ways from time to time about the processing of your personal information.
9. Contact us
The “data controller” (as defined under the GDPR) for your personal data will be Samsara Networks Inc. If you have any questions regarding our privacy practices or would like to review or update your personal data, you may email us at firstname.lastname@example.org. You can also contact us by writing to us at the following address:
Samsara Networks Inc. Attention: Legal Department – Privacy Issues 1990 Alameda Street, 5th Floor, San Francisco, CA 94103 USA
Samsara Networks Limited (UK Representative) Floor 4 1 Alie Street London E1 8DE United Kingdom
Samsara Deutschland GmbH (EU GDPR Representative) Maximiliansplatz 22 c/o Bird & Bird LLP 80333 München Germany