Recruitment Privacy Notice

This Job Candidate Privacy Notice (“Notice”) describes what personal data we, Digma Software Solutions Ltd. and our affiliates (“Digma”, “we”, “our” or “us”), collect and process on our job candidates and applicants (“Candidates”, “you” or “your”) with respect to our application and recruitment process, why we collect it and how we use it. It also describes how candidates may exercise their rights to such data held with us.

We strongly urge you to read this Notice and make sure that you fully understand and agree to the terms contained in it. If you do not agree to this Notice, please avoid providing us with your data. 

You are not legally required to provide us with any personal data, but without it we may not be able to process your application.

  1. What data do we collect, how do we collect it, and how do we use it? 

Throughout the application and recruitment process, you may provide us (or we may otherwise have access to) personal data about you, such as your identifying data, contact details, resume/CV, work-related data, social media activity, etc. We may collect this data directly from you, as you provide it voluntarily through your application and candidacy review process, or from other sources such as recruitment agencies, background check services (as applicable and subject to applicable law), or your references. 

We may use such data to assess our Candidates’ skills and qualifications, and overall to verify, consider and process your application and candidacy for any of our positions, and to communicate with you regarding such processes. We may also use it to manage risk and enhance our security and anti-fraud measures, and to create aggregated statistical or inferred data regarding our Candidates, for further development and improvement of our recruitment processes. 

In addition, we may use it to act as permitted by, and to comply with, any legal or regulatory requirements. Should we wish to conduct any additional activities that may require the use of your data, we will request your specific consent in advance.

In some regions, we may also require you to submit sensitive data relating to your ethnicity, gender, and whether you have a disability, to ensure our compliance with our legal obligations under applicable law. We may also collect sensitive data about your prior criminal convictions and offences as part of our background checks for specific roles if permitted or required by law. To the extent legally required, we will obtain your explicit consent prior to any such collection and use.

For the purposes of the California Consumer Privacy Act (“CCPA”), in the last 12 months, we have collected the above-mentioned types of personal information, which pertain to the following categories: Identifiers; Professional or Employment-Related Information; Audio, Electronic or Similar Information; and Inferences from Personal Information Collected. We may also require you to submit Sensitive Personal Information (as outlined above). We do not sell nor share your personal information for the intents and purposes of the CCPA.

  1. For what purposes do we use your data?

We will use and process your personal data as part of the employment application process at Digma for the following purposes and in reliance on the lawful bases detailed below:

PurposeLawful Basis for Processing
To evaluate your suitability for a role at Digma, and progress your applicationLegitimate Interests
To retain your personal data in order to contact you about other suitable roles within Digma in the futureLegitimate Interests Consent 
To maintain our internal records of recruitment and employment applicationsLegal Obligations Legitimate Interests 
To create your employee personnel file, if hiredLegal ObligationsLegitimate Interests 
To comply with applicable legislation and industry codesLegal ObligationLegitimate Interests 
To manage risk and enhance our security and anti-fraud measuresLegal Obligation Legitimate Interests 
To further develop and improve our recruitment processesLegitimate Interests
To protect the rights and interests of Digma and its affiliatesLegitimate Interests

If you reside in a territory governed by privacy laws under which “consent” is the only or most appropriate legal basis for the processing of personal data as described herein, your acceptance of this Notice will be deemed as your consent to the processing of your personal data for all purposes detailed in this Notice. If you wish to revoke such consent, you may do so at any time by contacting us at

  1. Where do we store your data?

Your personal data will be maintained, processed and stored by Digma and our Service Providers (as defined in Section 6 below) in relevant Digma offices worldwide including the United States (US) and Israel in the applied position’s location(s), and other jurisdictions, as necessary for the proper handling of your candidacy. 

While privacy laws may vary between jurisdictions, Digma, its affiliates and Service Providers processing personal data on our behalf are each committed to protect personal data in accordance with this Notice, customary industry standards, and such appropriate lawful mechanisms and contractual terms requiring adequate data protection, regardless of any lesser legal requirements that may apply in the jurisdiction to which such data is transferred.

To the extent we transfer Candidates’ personal data originating in the European Economic Area (EEA), United Kingdom, or Switzerland to countries that have not been recognized as offering an adequate level of data protection by the relevant competent authority, we rely on appropriate contractual undertakings and data transfer mechanism as established under applicable law, such as the standard contractual clauses adopted by the EU (available here) and the UK (available here). If we transfer Candidates’ personal data originating from the EEA to Israel or the UK, and if we transfer such data originating from the UK to Israel or the EEA, we rely on the respective adequacy findings of the EU and the UK regarding the level of data protection offered by Israel, the UK, and the EEA.

  1. How long may we keep your data for? 

We may retain Candidates’ data even after the applied position has been filled or closed. This is done so we can reconsider Candidates for other positions and opportunities at Digma; so we may use their personal data as reference for future applications submitted by them; in case the Candidate is hired, for additional employment and business purposes related to their work; and as reasonably necessary to comply with our legal obligations, to resolve disputes, prevent fraud and abuse, enforce our agreements or otherwise protect our legitimate interests.

  1. How do we secure your data?

Digma has implemented physical, procedural and electronic security measures designed to protect the personal data of our Candidates. These measures provide sound industry standard security, confirmed also by Digma’s SOC2 Certification. Please be aware that regardless of the measures we take and the efforts we make, we cannot and do not guarantee the absolute protection and security of any personal data stored with us. 

  1. Who will have access to your data?

Digma will disclose your personal data to several selected third-party service providers, whose services and solutions complement, facilitate and enhance our own. These include any recruitment firms that have referred you to us (or vice versa), candidate evaluation centers, applicant tracking systems, recruitment software providers, background checks providers, data storage and cybersecurity services, web analytics, and our business, legal, compliance and financial advisors (collectively, “Service Providers“). Such Service Providers may receive or otherwise have limited access to our Candidates’ personal data, depending on each of their particular roles and purposes in facilitating and enhancing our recruitment process, and may only use it for such purposes.

Additionally, we may disclose or otherwise allow access to any Candidates’ personal data pursuant to a legal request, such as a subpoena, search warrant or court order, or in compliance with applicable laws, with or without notice to you, if we believe in good faith that we are legally required to do so, or that disclosure is appropriate in connection with efforts to investigate, prevent, or take action regarding actual or suspected illegal activity, fraud or other wrongdoing. We may also share your personal data with others, with or without notice to you, if we believe in good faith that this will help protect the rights, property or personal safety of Digma, any of our customers or employees, or any member of the general public.

In addition, we may disclose personal data internally within our family of companies, for the purposes described above. Should Digma undergo any change in control, including by means of merger, acquisition or purchase of all or part of its assets, your personal data may be disclosed to the parties involved in such event.

For the avoidance of doubt, we may disclose your personal data in additional circumstances, pursuant to your explicit approval, if we are legally obligated to do so, or if we have successfully rendered such data non-personal and anonymous. We may disclose or otherwise use non-personal data in our sole discretion and without the need for further approval.

For the purposes of the CCPA, in the past 12 months, we may have disclosed to the above-mentioned third parties, the following categories of personal information: Identifiers; Professional or Employment-Related Information; Audio, Electronic or Similar Information; Sensitive Personal Information; and Inferences from Personal Information Collected. We do not use or disclose sensitive personal information outside of the purposes allowed by the CCPA.

  1. How can you exercise your rights?

If you wish to exercise your privacy rights under any applicable law, including the right to know/request access to your personal data, categories of personal data collected, categories of sources from whom the personal data was collected, purpose of collecting personal data, categories of third parties with whom we have shared personal data; to correct it, to delete it or to port it; or to restrict or object to its processing, or the right to equal services and prices (e.g., freedom from discrimination) (each to the extent available to you under the laws which apply to you), you may do so by contacting us at, and we will respond within a reasonable timeframe and in accordance with applicable laws. 

You may designate an authorized agent, in writing or through a power of attorney, to request to exercise your privacy rights on your behalf. The authorized agent may submit a request to exercise these rights by emailing us.

Please note that we may require additional information, including certain personal data, in order to authenticate and process your request. We may then retain such additional information for legal purposes (e.g., as proof of the identity of the person submitting the request), in accordance with Section 2 above. 

Additionally, you have a right to lodge a complaint with a competent data protection authority, such as the supervisory authority in the EU Member State of your habitual residence, place of work or of the alleged GDPR infringement, the UK’s Information Commissioner’s Office, or your State’s Attorney General (as applicable).

  1. Will this Notice be updated?

We may update this Notice to reflect changes in our privacy practices. If we make any changes that we deem as “material”, we will update this page prior to the change becoming effective. 

  1. What if you have any questions?

If you have any comments or questions regarding our data practices or your privacy, or if you have any concerns regarding your personal data held with us, or if you wish to make a complaint about how your personal data is being processed by Digma, you can contact,

Last updated: October 2023.