Effective Date: August 7, 2018

This notice describes what personal data we (Tufin Software Technologies Ltd. and our affiliates, “Tufin”) collect and process on our job candidates and applicants (“Candidates”) with respect to our application and recruitment process, why we collect it and how we use it. It also describes how Candidates may exercise their rights to such data held with us.

We strongly urge you to read this notice and make sure that you fully understand and agree to it. If you do not agree to this notice, please avoid providing us with your data.

You are not legally required to provide us with any personal data, but without it we may not be able to process your application.

What data do we collect, how do we collect it, and how do we use it?

Throughout the application and recruitment process, you may provide us (or we may otherwise have access to) personal data about you, such as your identifying data, contact details, CV, work-related data, social media activity, etc. We may collect this data directly from you, as you provide it voluntarily through your application and candidacy review process, or from other sources such as your references or our service providers.

We may use such data only in order to assess our Candidates’ skills, qualifications and overall to verify, consider and process their application and candidacy for any of our positions, and to communicate with them regarding such processes. We may also use it to manage risk and enhance our security and anti-fraud measures, and to create aggregated statistical or inferred data regarding our Candidates, for further development and improvement of our and our partners’ recruitment processes.

In addition, we may use it to act as permitted by, and to comply with, any legal or regulatory requirements, and to conduct any additional activities that may require the use of your data, for which we will request your specific consent in advance.

Where do we store our Candidates’ data?

Data regarding our Candidates will be maintained, processed and stored by Tufin and our authorized affiliates and service providers in the United States of America, in Israel, in the applied position's location(s), and as necessary, on our internal systems and in secured cloud storage provided by our Third Party Services.

Tufin Software Technologies Ltd. is based in Israel, and has offices in the US, the EU and other locations. Israel is considered by the European Commission to be offering an adequate level of protection for the personal data of EU Member State residents. Tufin's US subsidiary has self-certified with the EU-US Privacy Shield Framework, also with respect to the appropriate transfer and protection of HR data from the EU and Switzerland to the US, and will cooperate with the applicable EU and Swiss data protection authorities with regard to human resources data transferred from the EU and Switzerland in the context of the employment relationship. To learn more, please see our Privacy Shield Notice.

While data protection laws in certain jurisdictions may be different than the laws of your residence or location, please know that Tufin, its affiliates and Third Party Services that store or process your personal data on Tufin's behalf are each committed to keep it protected and secured, in accordance with this notice and industry standards, regardless of any lesser legal requirements that may apply in their jurisdiction.

For how long may we keep your data?

We may retain your data even after the applied position has been filled or closed. This is done so we could re-consider Candidates for other positions and opportunities at Tufin; so we could use their personal data as reference for future applications submitted by them; in case the Candidate is hired, for additional employment and business purposes related to their work; and as reasonably necessary to comply with our legal obligations, to resolve disputes, prevent fraud and abuse, enforce our agreements or otherwise protect our legitimate interests.

How will we secure your data?

Tufin has implemented security measures designed to protect the personal data of our Candidates, including physical, procedural and electronic measures. We also regularly seek new ways and tools for further enhancing the security of our Services and the integrity of the personal data that we hold. Please note however, that regardless of the measures we take and the efforts we make, we cannot and do not guarantee the absolute protection and security of any personal data stored with us.

Who will have access to your data?

Tufin will share your personal data with a number of selected service providers, whose services and solutions complement, facilitate and enhance our own. These include any recruitment firms that have referred you to us (or vice versa), candidate evaluation centers, background checks providers, recruitment software providers, data and cyber security services, web analytics, and our business, legal, compliance and financial advisors (collectively, "Third Party Services"). Such Third Party Services may receive or otherwise have limited access to our Candidates’ personal data, depending on each of their particular roles and purposes in facilitating and enhancing our recruitment process, and may only use it for such purposes. Tufin remains responsible and liable for any personal data processing done by Third Party Services on its behalf, except for events outside of its reasonable control.

Additionally, we may disclose or otherwise allow access to any Candidates’ personal data pursuant to a legal request, such as a subpoena, search warrant or court order, or in compliance with applicable laws, with or without notice to you, if we have a good faith belief that we are legally required to do so, or that disclosure is appropriate in connection with efforts to investigate, prevent, or take action regarding actual or suspected illegal activity, fraud or other wrongdoing. We may also share your personal data with others, with or without notice to you, if we believe in good faith that this will help protect the rights, property or personal safety of Tufin, any of our customers or employees, or any member of the general public.

Finally, we may share personal data internally within our family of companies, for the purposes described above. In addition, should Tufin or any of its affiliates undergo any change in control, including by means of merger, acquisition or purchase of substantially all of its assets, your personal data may be shared with the parties involved in such event.

Which tracking technologies do we use?

Tufin uses certain monitoring and tracking technologies, such as cookies and other downloaded data files, including ones offered by Third Party Services. These technologies are used in order to maintain, provide and improve our processes and operations on an ongoing basis, and in order to provide a better experience to our website visitors and Candidates. For example, these technologies enable us to better secure our website and services and detect abnormal behaviors, to identify technical issues, and to monitor and improve the overall performance of our services and processes. In order to delete or block any cookies, please refer to the "Help" area on your internet browser for further instructions, or look for optional third party add-ons offering cookie management assistance. For example, you can instruct your browser, by changing its options, to stop accepting cookies or to prompt you before accepting a cookie from the website you visit.

Please note that we do not change our practices in response to a "Do Not Track" signal in the HTTP header from a browser or mobile application.

How can you access your data or request to delete it?

If you wish to exercise your right to request access to your data, to correct it, to delete it or to port it, or to object to its processing, please send us an e-mail to privacy@Tufin.com, and we will respond within a reasonable timeframe and in accordance with applicable laws.

Please note that we may require additional information, including certain personal data, in order to authenticate and process your request.

Will this notice be updated?

We may update this notice to reflect changes in our privacy practices. If we make any changes that we deem as "material", we will notify you (via this page or any of the communication means you provided us with) prior to the change becoming effective. We encourage you to periodically review this page for the latest data on our privacy practices.

What if you have questions?

If you have any questions regarding this notice, our data practices or the security of our services or job application processes, please feel free to contact us at privacy@Tufin.com, or at Tufin Software Technologies Ltd., TOHA Tower, Tel Aviv, 6789205 Israel. Tufin's Data Protection Officer can be contacted at dpo@tufin.com

Tufin has designated Tufin Software Germany GmbH as its representative in the European Union for data protection matters, pursuant to Article 27 of the GDPR, and only on matters related to the processing of personal data. To make such an inquiry, please contact privacy@tufin.com. If you are a GDPR-protected individual, you also have the right to lodge a complaint with a supervisory authority.