Privacy Policy

Last updated: November 2025

This Privacy Notice for Job Applicants (“Applicant Notice”) informs you how we process your personal information when you apply to work with us.

What information we collect and use

We may collect or use the following personal information:

Contact details such as name, address, telephone number or personal email address
Information contained in or with a resume or CV such as education, employment history, qualifications, and skills
Work eligibility information such as country of residence, visa and immigration status, and citizenship
Demographic information, such as your date of birth, gender, marital and family status, race, ethnicity, national origin, disability (e.g., in connection with accommodation requests), and veteran status
National identifiers, such as national identification number, driver license, or other government issued identification card information;
Audio, electronic, visual or similar information, such as your picture, video (such as during a video conference call), CCTV images (where permitted by law) and physical access records related to our physical premises
Reference information, such as name and contact details of your references
Compensation information that you voluntarily provide, and which may depend on your region and applicable laws and regulations
Social media handles, website URLs, online portfolio, or other related information, which may include any personal information available in such online content
Background check information, to the extent necessary to proceed with your onboarding and subject to applicable law
Emergency contact information for you and others you elect to provide
Any other personal information, including sensitive personal information, which you may voluntarily provide

You are responsible for the personal information you provide or make available to Immuta and all personal information you provide must be truthful, accurate and not misleading in any way. You may not provide information that is obscene, defamatory, infringing, malicious, or that violates any law.

You should provide only the minimum amount and types of personal information as part of your application. Do not provide any sensitive or special categories of personal information unless requested.

Purposes of processing information

We use personal information for the following purposes:

Communicate with candidates and respond to questions about job opportunities with Immuta
Assess your candidature and application, and if you are selected, to process your onboarding and enter into an applicable form of employee or work relationship with you
Verify the information we receive and, to the extent permitted or required by applicable law, conduct background or other checks, including from your references, if applicable
Perform accounting and other internal functions such as internal reporting and generating statistics to identify needs and opportunities in our recruiting processes
Prepare for and engage in internal and external audits and similar assurance-providing processes and procedures
Prepare for, engage in, complete, or follow up on mergers, acquisitions, or similar corporate transactions
Prepare for, and engage in, dispute resolution proceedings, including alternative dispute resolution, mediation or administrative or court proceedings
Comply with and enforce applicable legal requirements, industry standards and Immuta policies and terms
If you are not selected for employment, and if you provide consent (if applicable), retain your information as set forth below in the Section “How long we keep personal information”
to consider you for future opportunities and send you communications regarding such roles and other updates regarding our hiring activities
detect, prevent, and respond to fraud or other potentially illegal activities, including in connection with the use of our applicant applications and systems or our physical premises
secure, monitor, and protect our corporate assets, such as our networks, systems, devices, and physical premises
operate, evaluate, and improve our applicant applications and systems, our application and recruitment process, including to analyze our candidate base, hiring practices or trends, to identify qualifications or skills shortages, and to match candidates and potential opportunities

Where we get personal information

We collect or receive your information from the following sources:

From affiliates
From you directly
From Immuta personnel
References(external or internal)
Recruitment agencies
Public sources, such as social media platforms

Who we disclose information to

We disclose personal information as follows:

Affiliates to run our recruitment and personnel management operations.
Legal counsel to assess our practices and respond to access requests
External consultants and auditors to adapt our practices and perform audits
Data processors or service providers for the following reasons:

To record and manage candidate data
To communicate with candidates
To perform accounting, and other internal functions such as internal reporting
To conduct and complete background checks

To comply with law, enforce our rights, and protect Immuta or other such as to: (a) comply legal process (e.g., a subpoena or court order); (b) enforce this Applicant Notice, or other contracts with you, including investigation of potential violations thereof; (c ) respond to claims that any content violates the rights of third parties such as rights of privacy or intellectual property; and/or (d) protect the rights, property or personal safety of Immuta, its agents and affiliates, its users and/or the public. This includes exchanging information with other companies and organizations for fraud prevention and similar purposes.
In connection with corporate transactions as we develop our business. For example, we may buy, merge, or partner with other companies and in such transactions (including in contemplation of such transactions), candidate information may be among the transferred assets. If such transfer is subject to additional mandatory restrictions under applicable laws, we will comply with such restrictions.
When you instruct us to do so or with your consent.

How long we keep information

We keep personal information for as long as it is required in order to fulfill the relevant purposes described in this Applicant Notice and as may be required by law (including for labor and employment law purposes), or as otherwise communicated to you. The period for which we retain personal information is based on factors such as the type of information collected (i.e., its sensitivity), the intended purposes or use, legal requirements, the potential risk of harm from unauthorized use or disclosure of the information, the resolution of any pending or threatened disputes, and enforcement of our agreements. If we de-identify your personal information (so that it can no longer be associated with you and thus is no longer considered personal information under the applicable laws), we may retain this information for longer periods. If you agreed that we may retain your information to contact you regarding future opportunities with us, we will retain your information for up to three years.

How we secure personal data

We maintain physical, technical, and administrative safeguards designed to protect personal information against accidental, unlawful, or unauthorized access, destruction, loss, alteration, disclosure, or use. Our security procedures mean that we may request proof of identity before we disclose personal information to you. Unfortunately, the transmission of information via the internet is not completely secure. Although we use measures to protect your personal information, we cannot guarantee the security of your personal information transmitted to our Services. Any transmission of personal information is at your own risk. We are not responsible for circumvention of any privacy settings or security measures.

Location of personal information

Personal information is hosted in the United States and other regions, such as the United Kingdom. Whenever we transfer personal information subject to international transfer restrictions, we ensure that the information is transferred in accordance with this Applicant Notice and as permitted by applicable data protection laws.

Your data protection rights

Under applicable data protection or privacy law, you have rights regarding your personal information.

These rights may include:

Right of access – You have the right to ask us for copies of your personal data.

Right to rectification or correction – You have the right to ask us to rectify or correct personal data you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.

Right to erasure – You have the right to ask us to erase your personal data in certain circumstances.

Right to restriction of processing – You have the right to ask us to restrict the processing of your personal data in certain circumstances.

Right to object to processing – You have the right to object to the processing of your personal data in certain circumstances.

Right to data portability – You have the right to ask that we transfer the personal data you gave us to another organisation, or to you, in certain circumstances.

If you wish to exercise any of these rights, please click here to fill in a form or send an email at [email protected].

Please see the section “Additional information for certain jurisdictions” below for more detail, including additional information applicable to certain jurisdictions.

Children’s Privacy

Our website is directed to businesses and is not directed to children. In connection with the website, we do not knowingly solicit or collect personal data from children under the age of 16. If we learn that we have collected personal data from a child under age 16 without parental consent, we will either seek parental consent or promptly delete that information. If you believe that a child under age 16 may have provided us with personal data without parental consent, please contact us as specified in the How To Contact Us section of this Applicant Notice.

Updates

We may update this Applicant Notice from time to time and without prior notice to you to reflect changes in our personal data practices. We will indicate at the bottom of this Applicant Notice when it was most recently updated.

How to Contact Us

You can update your preferences, submit a request or ask us questions about this Applicant Notice or our practices by emailing us at [email protected] or writing to us at:

Immuta, Inc.
Attn: Mike Scott
886 N. High Street, 3rd Floor
Columbus, OH
43215, USA
United States of America

Individuals in certain jurisdictions can also file an inquiry with their local supervisory authority.

Additional information for certain jurisdictions

Please see below for additional information applicable to individuals who are located or reside in certain jurisdictions such as the EEA, United Kingdom, and California.

California, US

The below information supplements the Applicant Notice and applies solely to personal information collected about California consumers.

This information contains certain terms that have the meaning given to them in the California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act of 2020, and its implementing regulations (collectively, the “CCPA”).

Notice of Collection and Use of Personal Information

We may collect (and may have collected during the 12-month period prior to the Last Updated date of this Applicant Notice) the following categories of personal information about you:

Identifiers such as real name, email address, and job title
Inferences: inferences drawn from any of the information identified above to create a profile about you reflecting your skills.
Professional and employment related information
Visual information such as photos and images
Characteristics of protected classifications under California or federal law

We may use (and may have used during the 12-month period prior to the Last Updated date of this Applicant Notice) your personal information for the purposes described above in the sections titled “What information we collect and use” and “Purposes of processing information.”

To the extent we process deidentified information, we will maintain and use the information in deidentified form and will not attempt to reidentify the information unless permitted by applicable law.

Sources of Personal Information

During the 12-month period prior to the Last Updated date of this Applicant Notice, we may have obtained personal information about you from the categories of sources identified above in the section titled “Where we get personal information.”

Sale or Sharing of Personal Information

We do not “sell” or “share” your personal information as defined by the CCPA.

Disclosure of Personal Information

During the 12-month period prior to the Last Updated date of this Applicant Notice, we may have disclosed the following categories of personal information about you for a business purpose to the following categories of third parties:

Category of Personal Information	Categories of Third Parties
Identifiers	Our affiliates Vendors who provide services on our behalf, as set forth above
Inferences	Our affiliates Vendors who provide services on our behalf, as set forth above
Professional and employment related information	Our affiliates Vendors who provide services on our behalf, as set forth above
Visual information such as photos and images	Our affiliates Vendors who provide services on our behalf, as set forth above
Characteristics of protected classifications under California or federal law	Our affiliates Vendors who provide services on our behalf, as set forth above

In addition to the categories of third parties identified above, during the 12-month period prior to the Last Updated date of this Applicant Notice, we may have disclosed personal information about you to government entities and third parties in connection with corporate transactions, such as mergers, acquisitions, or divestitures.

Your California Privacy Rights

As a resident of California, you have certain rights under the CCPA, namely:

Right to Access/ Know – You have the right to request any or all the following information relating to your personal information that we have collected and disclosed in the last 12 months, upon verification of your identity:

The specific pieces of personal information we have collected about you.
The categories of personal information we have collected about you.
The categories of sources of personal information.
The categories of personal information that we have disclosed to third parties for a business purpose, and the categories of recipients to whom this information was disclosed.
The categories of personal information we have “sold” or “shared” about you (if any), and the categories of third parties to whom the information was sold or shared; and,
The business or commercial purposes for collecting the personal information.

We do not “sell” or “share” personal information as those terms are defined in the CCPA.
Right to request correction – You have the right to request that we correct the personal information we maintain about you, if that information is inaccurate.
Right to request deletion – You have the right to request the deletion of personal information that we have collected from you, subject to certain exceptions.
The Right to Opt Out of Selling or Sharing – We do not “sell” or “share” personal information as defined in the CCPA..

The Right to Non-Discrimination and Non-Retaliation – You have the right not to receive discriminatory or retaliatory treatment for exercising these rights.
The Right to Limit use of Sensitive Personal Information – You have the right to limit our use of your sensitive personal information (as defined in the CCPA).
“Shine the Light” – California residents that have an established business relationship with us have rights to know how their information is disclosed to third parties for their direct marketing purposes under California’s “Shine the Light” law (Civ. Code §1798.83).

Exercising your rights

If you wish to exercise your California privacy rights, please click here to fill in the form.

You may also contact us at [email protected]. Please specify in your email which right(s) you are seeking to exercise. Please note that these rights are not absolute and we may decline to fulfill all or part of your request as permitted or required by the CCPA or other applicable laws.

To submit a request as an authorized agent on behalf of a consumer, please submit a signed authorization form from the consumer.

Verifying Requests. To help protect your privacy and maintain security, we will take steps to verify your identity before granting you access to your personal information or complying with your deletion or correction request. If you have an account with us, we may verify your identity by requiring you to sign in to your account. If you do not have an account with us and you request access to, correction of or deletion of your personal information, we may require you to verify your email address or phone number in our records and/or provide any of the following information:

Contact information (such as name, email, phone number, and address); and
An indication of your prior contact with Immuta (such as prior contact with customer service, or other contact).

In addition, if you ask us to provide you with specific pieces of personal information, we may require you to sign a declaration under penalty of perjury that you are the consumer whose personal information is the subject of the request.

To the extent permitted by applicable law, we may charge a reasonable fee to comply with your request.

European Economic Area (EEA) and the United Kingdom (UK)

Identity of the controller

Immuta, Inc., with offices at 886 N. High Street, 3rd Floor, Columbus, OH 43215, USA, is responsible for the processing of your personal data as described in this Applicant Notice.

Legal bases

We process your personal data on one or more of the following legal bases:

Legal Basis	Purpose Description
As necessary to enter into a contract or to perform our contractual obligations	Communicate with you regarding your inquiries and applications Assess your candidature and application Verify the information received and conduct background or other checks
With your consent	Where required by applicable law, such as to retain and use your information to consider and contact you for future opportunities
Our legitimate interests	Perform and refine our business operations, including workforce management and hiring practices Perform accounting and other internal functions Prepare for and engage in internal and external audits and similar assurance-providing processes and procedures Processing in relation to mergers, acquisitions, or similar corporate transactions Dispute resolution purposes Complying with industry standards and Immuta policies and terms Detect and respond to suspected or actual fraud Monitor and secure our systems and facilities Operate and improve our recruiting processes and systems
Legal obligation	Comply with and enforce applicable legal requirements,

Your Rights

Subject to applicable law, you have the right to:

ask whether we hold personal data about you and request copies of such personal data and information about how it is processed.
request that inaccurate, incomplete or outdated personal data is corrected or completed.
request the deletion of personal data in certain circumstances.
request to restrict the processing of your personal data in certain circumstances.
object to the processing of personal data on grounds relating to your particular situation.
request that we provide a copy of your personal data to you in a structured, commonly used and machine readable format in certain circumstances.

When you consent to our processing your personal data for a specified purpose, you may withdraw your consent at any time, and we will stop any further processing of your data for that purpose.

If you wish to exercise any of these rights, please click here to fill in a form or send an email at [email protected].

You can also lodge a complaint with the data protection authority in your country.

You can contact our Data Protection Officer (DPO) at [email protected]. Individuals and the data protection supervisory authorities in the EU may also contact our EU representative according to Art. 27 GDPR:

bpc GmbH, Attn: Immuta, Inc., Einigkeitstrasse 9, 45133 Essen, Germany; email: [email protected]
www.b-p-c.eu

International transfers

We transfer personal data from the EEA and the UK to the United States by entering into the European Commission’s Standard Contractual Clauses and the UK Transfer Addendum (if appropriate) or on the basis of a derogation when the transfer is necessary for the conclusion or performance of a contract, for the implementation of pre-contractual measures taken at your request, or upon your explicit consent. To obtain a copy of the safeguards we have put in place, please contact us as indicated above.

Alternatively, we ensure that the data recipient is located in a country that has been the subject of an adequacy decision.

Do the best work of your career.

We’re tackling the most pressing challenges in data management and data security, and we need experts in engineering, security, ethics, and law. Along our journey, there’s one thing we’ll never compromise on: our culture.

Join the team

Platform Services

Metadata Registry

Data Discovery & Classification

Policy Entitlement Engine

Unified Audit

Data Domains

Apps

Data Marketplace

Data Access Governance

Ecosystem Partners

Technology Partners

Get Started

Take a tour of Access Governance

Take a tour of Data Marketplace

Schedule a live demo

Find a consulting partner

Data problems we solve

Unify data access control

Publish & find data products

Create & enforce policy

Monitor & audit data usage

Speed business innovation

Roles we empower

Data Product Owner

Data Consumer

Data Steward

Data Governor

Data IT

Industries we transform

Financial Services

Health & Life Sciences

Public Sector

Beyond Discovery: Intelligent Data Provisioning Arrives in Catalogs

Get in the know

Blog

Resource Center

Data Fundamentals

Get a deeper look

Demo Hub

How-To Guides

Schedule a Live Demo

Get connected

Events & Webinars

Sign Up for Our Newsletter

Get support

Documentation

Customer Support

Get inspired

About us

Company

Partners

News

Connect with us

Careers

Upcoming Events

Contact Us

Customer Spotlight