Automate schema migrations using DizzleORM and GitHub Actions - Manage thousands of tenants with this workflow

Candidate Data Privacy Policy

Last Updated: 4 April 2024

We at Neon are committed to protecting the privacy and security of your personal information. This Candidate Data Privacy Policy (the “Privacy Policy”, the “Policy”) explains how Neon Inc. (“we,” “us”) collects and handles your personal data and what privacy rights you have.

The term “you,” “Candidate” in this Policy refers to anyone who applies for a job role or open position at Neon or uses our careers websites, including our career page.

It is important that you read all this Policy carefully. Please note that this Policy does not create or form part of any employment contract or otherwise.

Take note that:

  • for those Candidates in the EEA and the UK, the “Additional GDPR Disclosures” are annexed to this Policy; and
  • for those Candidates who are residents of California, the “Additional CCPA Disclosures” are annexed to this Policy.

1. What Personal Data we collect

When you apply for a position at Neon, we collect and process information that may include, but is not limited to:

  • Identifiers such as name, surname, date, and place of birth;
  • Contact information such as an address, email address, and telephone number;
  • CV/resume which typically includes past employment history (previous employers, job titles, and contact information for references), qualifications, education;
  • Links to your professional profile at LinkedIn and optional links to your professional pages;
  • Citizenship or immigration information, such as tax residency, nationality, IDs/passport, social security/insurance numbers, visa status;
  • Data for diversity monitoring, such as veteran status, gender, race, ethnicity, and disabilities;
  • Any other information you voluntarily disclose throughout the recruiting process, such as contact information of references, compensation history, and personal situation.

You are under no statutory or contractual obligation to provide data during the recruitment process. However, suppose you do not provide sufficient information necessary for us to assess your application (such as proof of qualifications or work experience). In that case, we may not be able to process your application properly or at all.

We rely on you to transmit complete, current, and accurate information about yourself. Please update your personal information if changes arise or contact us at jobs@neon.tech to correct your information accordingly.

2. Sensitive data processing

We do not generally collect special or sensitive personal data about you during the recruitment process unless you provide it to us voluntarily. That is information about your race or ethnicity, political opinion, religious or philosophical belief, trade union membership; genetic data; biometric data for unique identification; or information on your health, sex life, or sexual orientation.

However, under certain circumstances, we are required or permitted by law to process sensitive personal information. For example, Neon may collect data about your racial/ethnic origin, gender, and disabilities to ensure compliance with anti-discrimination laws or conduct equal opportunities monitoring. Likewise, information about your physical or mental condition may be collected to consider special equipment you might need for a subsequent job role.

3. What sources we use to get personal data about you

We may collect personal data about you from the following sources to the extent permitted by law:

  • Third-Party Sources and Public Information. Employment screening agencies, background check agencies, talent acquisition agencies, recruiters, service providers, referees you named, former employers and/or schools and educational institutions, publicly available information on websites or social media, applicant tracking systems, and others where they are legally allowed to share your personal information with us.
  • Individuals Who Refer You. Other individuals may give us your personal information when recommending you as a candidate for a specific position or our business generally.
  • Combining Personal Information from Different Sources. We may combine the personal information we receive from other sources with personal information we collect from you and use it as described in this Policy.

We collect your personal data during various stages of the recruiting process (application, testing, interviews) because it is necessary for our hiring decisions. We collect and use your personal data for reasons related to your application and always follow applicable data protection laws. We outline the main legal grounds and purposes of your data processing in Annex 1. Scroll down to see details.

5. Personal information sharing

Neon may have to share your data with third parties, including third-party service providers and our affiliated entities. Because we operate as a global business, we may transfer, store, or process your personal data in a country different from where you reside. We require all recipients to respect the security of your data and to treat it per the law. We may disclose your personal information to the following parties or in the following circumstances (where applicable):

  • Internally. Neon’s personnel involved in the recruiting and hiring processes (for instance, hiring managers, HR coordinators, in-house lawyers).
  • Service Providers. Applicant tracking systems and recruiting software providers, job boards, online testing, and recruitment analytics vendors, recruiting agencies, professional employment organizations, background check companies, talent acquisition and administration providers, data hosting providers, and other organization that process data on our behalf to help manage our recruitment process.
  • Professional Advisors. Lawyers, tax and immigration consultants, financial / audit, management consultants, insurance, health and safety, and security advisors in the course of professional services they provide us.
  • Public or Government Authorities. National and/or international regulatory or enforcement bodies, courts, government departments, and other statutory or public bodies or any other legitimate recipient of communications, when required to do so by law, regulation, court order, or legal process (like a subpoena).
  • Business Transactions. Investors, governmental agencies, professional advisors, and other interested third parties during a corporate transaction like a merger, financing series, or sale of our assets, or as part of the due diligence for such contemplated transactions. If a corporate transaction occurs, we will notify you of any changes to control of your personal information and choices you may have.
  • Consent. We may share your personal information in other ways if you have asked us to do so or have given consent.

Some of the above circumstances for processing will overlap. There may be several circumstances that justify our use of your personal information.

6. Automated decision-making

We do not make any automated decisions concerning your application without human involvement. Our hiring decision will be made considering a combination of factors such as your education, job experience, qualifications, and cultural fit.

We may use pre-employment automated tests, cognitive, numerical reasoning, and behavioral tests to measure your suitability for a specific position. The test results are never used as the sole determining factor in the recruitment process.

7. How we protect your personal information

We take your security seriously and take reasonable steps to protect and secure your personal information. We have implemented adequate technical and organizational measures to protect your data against unauthorized, accidental, or unlawful destruction, loss, alteration, misuse, disclosure, access, and other unlawful forms of processing.

We limit access to your personal data on a genuine business need-to-know basis. Neon personnel accessing your data acts under our internal data protection rules and processes. Third parties will only process your personal information in an authorized manner following our instructions and subject to a confidentiality duty.

Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted through any online means. Therefore, any transmission remains at your own risk.

8. Your Rights

Depending on your location, you have certain rights concerning your personal information. Those rights may include:

  • Request access to your personal data – you have the right to request a copy of the personal data we hold about you and verify if we are lawfully processing it.
  • Request correction of your personal data – you have the right to request correction of any incomplete or inaccurate data we hold about you.
  • Request erasure of your personal data – you have the right to request us to delete or remove personal data where there is no good reason for us to continue its processing. You are also entitled to ask us to delete or remove your personal data where you have exercised your right to object to processing (see below).
  • Object to processing of your personal data – you have the right to object to the processing of your personal information where we are relying on a legitimate interest (or those of a third party), and you have some reasons or circumstances that make you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes.
  • Request the restriction of processing of your personal data – you have the right to ask us to suspend the processing of personal information about you, for example, if you want us to establish its accuracy or the reason for processing it. Request the transfer of your personal data to another party.
  • Lodge a complaint. You may file a complaint with a supervisory authority in your country of residence if you believe the collection and use of your personal data infringe this Notice or applicable law.

If you would like to exercise any of your rights, or if you would like more information about these rights or the rights which may apply in your country, please send a request to privacy@neon.tech.

We may need to request specific information from you to confirm your identity and ensure your right to access the information (or to exercise any of your other rights).

You will not be expected to pay a fee to obtain your personal data unless we consider that your access request is unfounded or excessive. In these circumstances, we may charge you a reasonable fee or refuse to comply with your request. We may charge a reasonable fee if you request another copy of the information already provided to us.

We are unlikely to rely on consent as a ground for the processing. However, if we do, you may withdraw consent at any time — though if you do so, that will not affect the lawfulness of what we have done before you withdraw consent. For this purpose, please notify us at privacy@neon.tech.

Once we receive your consent withdrawal, we will no longer process your information for the purpose you originally agreed to unless storing your data is required by law.

10. How long we retain your personal information

In general, we might keep personal data about you as long as it is necessary for the purpose for which we collected it.

Where you are a successful candidate, personal data provided by you or obtained by Neon throughout the job recruitment process will be retained by us for as long as you are an employee of Neon (plus a reasonable period after your employment ends) to facilitate your employment.

Where you are an unsuccessful candidate, Neon will retain your personal data for a period of 12 months after we have communicated to you our hiring decision. We would like to keep your personal data collected during the recruitment process for an additional retention period of 365 days following the expiration of the initial 12 months provided you prior consent to the extension.

We will retain your personal data to consider you for any suitable alternative role that arises during this period. We further retain your personal data for that period to demonstrate that we have not discriminated against candidates on prohibited grounds in the event of a legal claim and that we have conducted the recruitment process fairly and transparently.

After this period, we will securely delete or anonymize your personal data when it is no longer necessary for the aforementioned purposes. If you prefer us to delete your personal data, feel free to send your request at privacy@neon.tech.

We will review your request at the earliest convenience and delete your data unless we are not required by law to keep it for a longer period. If deletion is impossible, we will securely store your personal data and isolate it from any further processing until deletion is permitted.

11. How to contact us

If you have any questions, requests, or complaints regarding the use or disclosure of your personal data or if you would like to review, delete or update information about you, please contact us by email: privacy@neon.tech.

12. Your complaints

We are committed to working with you to resolve any data protection concerns fairly. However, suppose you believe that we have not been able to resolve the issue. In that case, you have the right to make a complaint to the data protection authority in the country where you reside. A list of contact details for the EU data protection authorities is available here.

13. Updates to this Privacy Policy

This Privacy Policy may be subject to updates and modifications from time to time. We will post any changes to this Policy on this page. Each version of this Policy is identified at the top of the page by its version date.

If you have any questions about this Policy, feel free to contact us at privacy@neon.tech.

Additional GDPR Disclosure

Under the General Data Protection Regulation (EU Regulation 2016/679) (the “GDPR”), if you are a Candidate in the UK or the European Economic Area (EEA), we are required to provide you with additional information about our processing of your personal information. These disclosures should be read in conjunction with the Policy.

Controller of your personal information

If you are a Candidate located in the UK or EEA, the Neon entity to which you are applying is the controller of your personal information. Neon Inc., California, the USA, will be a data controller when you are applying for an open position on our career page. As a data controller, Neon Inc. is responsible for ensuring that your personal information processing complies with applicable EU data protection law.

Our legal basis for collecting and using your personal information will depend on the information concerned. However, for this Policy, we will process your personal information, as summarized in Annex 1 below. The examples in Annex 1 cannot, of course, be exhaustive.

Data transfers outside of the EEA

The countries outside of the European Economic Area (EEA) may have data protection laws that are different and some potentially less protective than your own country’s laws. Neon has and will continue to implement measures with any recipients of your personal data to ensure it remains protected under this Privacy Policy and the applicable data protection laws.

To ensure this level of protection for your personal data, Neon concludes Standard Contractual Clauses approved by the European Commission with the third-party recipient, unless they are based in countries with an adequacy decision under Art. 45 GDPR.

In the event of a legal obligation, we reserve the right under Article 6 (1) c) GDPR to disclose information about you if we are required to surrender it to competent authorities or law. More information on the topic is available here

Additional CCPA Disclosures

Under the California Consumer Privacy Act (“CCPA”), if you are a resident of California, we are required to provide you with additional information about how we collect, use, and disclose personal information. These disclosures should be read in conjunction with the Privacy Policy.

For purposes of this Notice, the term “Personal Information” has the meaning given in the California Consumer Privacy Act of 2018 (the “CCPA”) but excludes information exempted from the CCPA’s scope. Please note that the terms of personal information and personal data are interchangeable for the purposes of this Policy.

The categories and sources of the Personal Information we collect are described above in Section 2 of this Policy.

The purposes for which we use Personal Information are described in Annex 1 of this Policy.

The categories of third parties with whom we share personal information are described in Section 5 of this Policy.

The specific pieces of personal information we have collected about you might be requested at jobs@neon.tech.

Please note that we do not sell your personal information to third parties.

California privacy rights

You have the right not to be discriminated against by us because you exercised any of your rights under the CCPA.

However, your rights under California law may differ from the rights described in Section 8 “Your Rights” of the Notice to the extent they apply to Personal Information. We reserve the right to deny requests to exercise such rights as permitted by California law.

Annex 1

Under data protection laws, there are various grounds on which we can rely when processing your personal data. In some contexts, more than one ground applies. Three of those grounds can be summarised as Legal Obligation, Legitimate Interests, and Consent. We outline what those terms mean in the below table:

A. Neon Legitimate Interests

Legal Basis. We may need to process your personal data for our or a third party’s legitimate interests if your interests and fundamental rights don’t override those interests. For example, our interests to hire qualified and appropriate people, find the right candidate for future vacancies, and secure, defend, and develop our business.

Purposes. We collect and use personal information primarily for recruiting purposes — to make a hiring decision, including:

  • Consider your application for a role you applied for;
  • Assess your skills, qualifications, and suitability for the applied role;
  • Manage the recruitment process, including setting up and conducting interviews and testing, communicate with you;
  • Perform reference and/or background checks where applicable;
  • Carry out relevant benchmarking as to the salary and other benefits you may be entitled;
  • Keep our recruiting-related records and improve our recruitment processes;
  • Conduct statistical analyses of applications;
  • Assess your suitability for future opportunities at Neon and provide you with relevant information.

Legal Basis. We may need to process your personal data to comply with our legal obligations when required to do so by law, regulation, or court order or in response to a request for assistance by the police or other law enforcement agency or where we consider disclosure is necessary or required by law, to exercise, establish, or defend our legal rights, or to protect your vital interests or those of any other person.

Purposes:

  • Comply with all applicable employment, equality and health and safety law;
  • Comply with all applicable immigration and tax law;
  • Confirm your right to work or otherwise contract Neon; and
  • Comply with any other applicable laws or regulatory requirements;
  • Protect the legal rights of third parties, including our employees, users, or the public.

Legal Basis. In certain narrow circumstances, we may process your personal data with your voluntarily and freely given and explicit consent.

Purposes. When we rely on consent, we’ll ask you in advance for your affirmative permission to use your data for the specific purpose identified. You may withdraw your consent any time by, as stated in this Policy.

Contact Information

If you have any questions or comments about this Candidate Privacy Policy, the ways in which we collect and use your Personal Data or your choices and rights regarding such collection and use, please do not hesitate to contact us. Furthermore, if you are interested in exercising any rights above (regardless of your geographical location), please contact us here:

  • privacy@neon.tech
  • Mailing Address: FAO: Data Protection Officer, Neon Inc, 2128 Sand Hill Road, Menlo Park, California, 94025

If you are located in the European Union, you may use the following information to contact our European Union- and UK-Based Member Representative:

  • EU: Busra Demir – busra@neon.tech
  • UK: Mike Jerome – mike@neon.tech