Candidate Privacy Policy

1. Information collection

• “Personal data” is any information that relates to an identifiable natural person. Your name, address, contact details, and CV are all examples of your personal data, if they identify you. We refer to personal data as “personal information” in this policy.
  
  The term “process” means any activity relating to personal data, including, by way of example, collection, storage, use, consultation and transmission.
  
  The Company is a "controller" of your personal data. This is a legal term – it means that we make decisions about how and why we process your personal data and, because of this, we are responsible for making sure it is used in accordance with data protection laws.
• We collect many different types of personal information about you for lots of reasons. We cannot administer our relationship with you as a job candidate without your personal data. We process the following personal information about you:
  • Contact details:
    Legal name, nickname(s) or other names used, address, phone number, email address
  • Personal details:
    Birth date, driving license details, gender, marital status, and to the extent you share these with us as part of the application process, lifestyle and social circumstances.
  • Employment application details:
    Job application details, CV or resume and professional profile, education history, employment history, LinkedIn profile, previous qualifications or certificates, experience and skills, application form, interview feedback and notes, drug and alcohol test result where relevant, background checks results (including where relevant criminal record check results), psychometric test results where relevant, preferences relating to job location, salary and compensation, and working hours, conflicts of interest (including where related to family networks)
  • Right to work information:
    Country of birth, passport details, nationality, right to work, residency and/or other visa information
  • Financial Information:
    National Insurance number and/or other governmental identification numbers, bank account details (to the extent necessary for expenses reimbursement during the application process), P45/HRMC form, travel advance form details
  • Reference Information:
    Nature of your relationship with the referee, reference survey feedback
  • Travel and expenses information:
    Visa, passport and insurance details, flight and accommodation booking information, travel itinerary information
  • Security, location and access information:
    Information (including image and biometric data) captured or recorded by electronic card access systems, CCTV and other security control systems.
  Source of personal information: You provide the majority of personal information directly when you apply for a job with us, collected either directly by using the self-service application function via job boards or CoStar Careers website. We also receive personal information from CoStar employees where they have referred you for a job and from recruitment agencies. As part of your job application process, we will supplement this with other information such as (for example) interview feedback. We may receive some of this personal information from third parties, such as recruitment agencies, your former employer and your university. Other sources may include job boards, corporate websites, online CV libraries, your business card. We may also collect this personal information from publicly available sources, such as LinkedIn or any relevant social media sites.
• Special categories of personal data (including information relating to criminal offences): Some of the personal information that we collect about you or which you provide to us may be considered special categories of personal data. "Special categories of personal data" include information about your physical and mental health, sexual orientation, racial or ethnic origin, political opinions, religious or philosophical belief, trade union membership, and biometric data. (For example, drug test results, ethnicity will all be special categories of data.) To the extent criminal offence checking is undertaken for your role (for example, Disclosure Barring Service checks in the UK), we will process information about criminal offences.
  
  The table at Shcedule 2 sets out the different purposes for which we process your special category personal data and the relevant lawful basis on which we rely for that processing. For some processing activities, we consider that more than one lawful basis may be relevant – depending on the circumstances.

3. Disclosure to third parties

Inside the CoStar group

• We are part of the CoStar group of companies. Therefore, we may need to share your personal data with other companies in the CoStar group, which will include the entities which operate the following brands listed at https://www.costargroup.com/about-us/brands. We will share your personal information for our general business and workforce management and planning purposes for authorisations/approvals with relevant decision makers, parental reporting and where systems and services are provided on a shared basis. Where relevant and appropriate, we will share your personal data with other companies in the CoStar group for similar roles.
• Access rights between members of the CoStar group are limited and granted only on a need to know basis, depending on job functions and roles.
• Where any CoStar group companies process your personal data on our behalf (as our processor), we will make sure that they have appropriate security standards in place to make sure your personal data is protected and we will enter into a written contract imposing appropriate security standards on them.
  Outside the CoStar group
• We will share your personal information with the following categories of third parties:
  • in order to comply with a legal or regulatory obligation, to enforce a contract or to protect the rights, property or safety of our employees, customers or others: legal and regulatory authorities, auditors, lawyers and other outside professional advisors.
  • companies that provide products and services to us, such as:
    • payroll;
    • insurance companies, including those providing travel insurance;
    • human resources services, such as Workday and organisations which conduct required pre-employment checks;
    • recruitment agencies;
    • parties you have nominated to provide an employment reference for you;
    • travel agencies and transport providers;
    • information technology systems suppliers and support, including email archiving, telecommunication suppliers, back-up and disaster recovery and cyber security services; psychometric testing providers and other outsourcing providers, such as off-site storage providers and cloud services providers.
• We will also disclose your personal information to third parties:
  • where it is in our legitimate interests to do so to run, grow and develop our business, such as:
    • if we sell or buy any business or assets, we may disclose your personal information to the prospective seller or buyer of such business or assets;
    • if CoStar or substantially all of its assets are acquired by a third party, in which case personal information held by us will be one of the transferred assets;
  • if we are under a duty to disclose or share your personal information in order to comply with any legal obligation, any lawful request from government or law enforcement officials and as may be required to meet national security or law enforcement requirements or prevent illegal activity;
  • to enforce our contract with you, to respond to any claims, to protect our rights or the rights of a third party, to protect the safety of any person or to prevent any illegal activity; or
  • to protect the rights, property or safety of the Company and the other CoStar Group companies, our employees, customers, suppliers or other persons.
  Restrictions on use of personal information by recipients
• Any third parties with whom we share your personal information are limited (by law and by contract) in their ability to use your personal information for the specific purposes identified by us. We use our best efforts to ensure that any third parties with whom we share your personal information are subject to privacy and security obligations consistent with this privacy policy and applicable laws.
• Save as expressly detailed above, we will never share, sell or rent any of your personal information to any third party without notifying you and/or obtaining your consent. Where you have given your consent for us to use your information in a particular way, but later change your mind, you should contact us in writing and we will stop doing so.

4. Transferring personal information

• If any of our processing activities require your personal information to be transferred outside the UK or the European Economic Area, we will only make that transfer if:
  • the country to which the personal data is to be transferred ensures an adequate level of protection for personal data;
  • we have put in place appropriate safeguards to protect your personal data, such as an appropriate contract with the recipient.
  • the transfer is necessary for one of the reasons specified in data protection legislation, such as the performance of a contract between us and you; or
  • you explicitly consent to the transfer.

5. Retention of personal information

• We collect and maintain personal information on prospective employees, prospective interns and employee and intern applicants for legitimate corporate business purposes, such as processing payroll, collecting CVs/resumes to fill vacant positions.
• We keep your personal information for no longer than we believe is necessary for the purposes for which the personal information is used or otherwise processed. The length of time we retain personal information depends on the purposes for which we collect and use it and / or as required to comply with applicable laws.

6. Your rights

• You have certain rights in relation to your personal information and these are set out in Schedule 3. If you would like further information in relation to these rights or would like to exercise any one of them, please contact your local human resources or recruitment contact.
• We will consider all such requests and provide our response within a reasonable period (and in any event any time period required by law). Please note that certain personal information may be exempt from such requests in certain circumstances.
• If an exemption applies, we will tell you this when responding to your request. We may request you provide us with information necessary to confirm your identity before responding to any request you make.
• If you have any questions or concerns about our use of your personal information, or about the operation of the rights set out above, please contact your human resources or recruitment contact.

7. Security

• We will take specific steps (as required by applicable data protection laws) to protect your personal data from unlawful or unauthorised processing and accidental loss, destruction or damage.

8. Third party websites

• You may, from time to time, during your application process period access links to or other websites operated by third parties (e.g. training providers, industry news sources and bulletins). Please note that this privacy policy only applies to the personal information that we (or third parties on our behalf or on behalf of CoStar Group’s group companies) collect from or about you and we cannot be responsible for personal information collected and stored by third parties. Third party websites have their own terms and conditions and privacy policies, and you should read these carefully before you submit any personal information to these websites. We do not endorse or otherwise accept any responsibility or liability for the content of such third party websites or third party terms and conditions or policies.

9. Changes to our privacy policy

• This privacy policy does not form a contract of employment, any part of any employee's contract of employment or contract with an intern and we may amend it from time to time at our discretion. Any changes we make to our privacy policy in the future will be posted on this page and, where appropriate, notified to you by email. Please check back frequently to see any updates or changes to our privacy policy.

10. Further questions or making a complaint

• If you have any queries or complaints about our collection, use or storage of your personal information, or if you wish to exercise any of your rights in relation to your personal information, please contact your local human resources representative or the Company Data Protection Officer at CoStarPrivacy1@costar.com. We will investigate and attempt to resolve any such complaint or dispute regarding the use or disclosure of your personal information.
• You may also make a complaint to your local data protection authority in the country where we are based or where we monitor your behaviour. If you are unsure which data protection authority to contact, please contact your local human resources representative who will advise you. You can also find a list of contact details for all EU supervisory authorities at https://edpb.europa.eu/about-edpb/about-edpb/members_en. The supervisory authority in the UK is the ICO, which can be contacted at https://ico.org.uk/ or by telephone on 0303 123 1113. Alternatively, you may seek a remedy through local courts if you believe your rights have been breached.