FAQ: Indeed’s Approach to Privacy
Please be advised that this FAQ is for your convenience only. It is not an exhaustive explanation or legal advice, and does not supplement or replace the applicable Terms of Service, which constitute a legally binding agreement between you and Indeed. We advise to read applicable terms in full.
- How does Indeed view privacy?
- How does Indeed process user data?
- How does Indeed share user data with its affiliates?
- What is the GDPR?
- What is Indeed doing to comply with GDPR?
- What is the CCPA?
- What is Indeed doing to comply with the CCPA?
- Does Indeed transfer data in any way that may be a "sale" under the CCPA?
- What is the LGPD?
- What is Indeed doing to comply with the LGPD?
- How does Indeed manage transfers of personal data from Europe?
- How does the recent court judgment on EU-US Privacy Shield affect Indeed?
- What information does Indeed transfer to third parties?
- What information is shared with third parties when the Indeed App is installed?
- How do individuals make a personal data access request?
- How do individuals make a personal data deletion request?
- How can individuals avail of the other rights provided under GDPR?
- How do I unsubscribe from any marketing messages from Indeed?
- How long does Indeed retain personal data?
- What security measures are adopted by Indeed?
- Does the GDPR impact my current use of Indeed Resume?
- Does Indeed comply with international privacy rules?
- Where is Indeed's main establishment for GDPR purposes?
- What has Indeed done from a privacy perspective to prepare for Brexit?
How does Indeed view privacy?
Indeed values each of its users’ privacy. We’ve invested significant resources into building a global privacy framework that bakes privacy-by-design into our product development lifecycle and affords all of our users the same rights to access and delete their personal data.
How does Indeed process user data?
How does Indeed share user data with its affiliates?
- help the job search and recruitment process by connecting more job seekers with more job listings and employers;
- improve our services to you; and
- facilitate better security for users.
What is the GDPR?
On May 25, 2018, the European Union (EU) introduced the General Data Protection Regulation (GDPR) . The GDPR established a comprehensive framework for protecting individual’s personal data by defining individual rights and the obligations for businesses around transparency, security and accountability in all processing of personal data.
What is Indeed doing to comply with GDPR?
The GDPR introduced stronger rights and protections for individuals, and created new obligations for businesses in terms of how they process individuals’ personal data. We are excited about doing what is best for our users, and have introduced changes in accordance with the GDPR and its principles.
Indeed also employs applicable privacy principles, and has introduced certain changes to support additional user rights and satisfy all of our obligations. Some examples of those changes are set out below.
- We will continue to increase transparency and communication with our users to provide you with as clear an understanding as possible about how your personal data is processed.
- We will facilitate the rights of individuals introduced by GDPR, including the rights of individuals to access and/or delete their personal data upon request.
- Those rights are available to all of Indeed's users on a global basis.
- We will remain dedicated to the approach of “privacy by design and default” through the consistent application of the privacy principles in the GDPR, and the adoption of a privacy-friendly approach in how we build and operate our products and services.
What is the CCPA?
On January 1, 2020, the California legislature introduced the California Consumer Privacy Act (CCPA). The CCPA is a first-of-its-kind privacy framework in the United States (US), delivering a new standard of transparency for businesses collecting California residents’ personal data. Among other things, the CCPA offers California residents new consumer rights around accessing and deleting their personal data collected by businesses, and redefines how businesses must account for certain transfers of California residents’ personal data.
What is Indeed doing to comply with the CCPA?
Indeed has taken a number of measures to satisfy this new law, and other laws, by building on Indeed’s existing privacy framework. A few examples include:
- launching a new Privacy Center, helping users further understand the relationships between Indeed and its affiliated entities and brands;
- expanding Indeed’s consumer rights request infrastructure with a new request form and toll-free telephone number for submitting requests, and enhanced data mapping; and
- integrating new links on Indeed’s Site to reflect the CCPA’s approach to defining and regulating the “sale” of users’ data.
Does Indeed transfer data in any way that may be a “sale” under the CCPA?
Please see our explanation here.
What is the LGPD?
The LGPD (Lei Geral de Proteção de Dados, “LGPD”) is a Brazilian privacy law that is designed to regulate the processing of personal information by providing a framework for businesses to follow. The law is applicable to data that is collected or processed within Brazil or the data in question is processed for the purpose of offering goods or services to individuals in Brazil.
What is Indeed doing to comply with the LGPD?
Indeed takes a global approach to protect the privacy of our users and the rights they are afforded by laws such as the LGPD. Indeed and its associated sites provide an accessible way for our users to avail of the rights they are afforded by the LGPD, including the rights to access and delete personal information. Indeed has also taken measures to comply with the other requirements of the LGPD such as appointing a DPO (Data Protection Officer), ensuring proper transparency, and more.
How does Indeed manage transfers of personal data from Europe?
Indeed helps people get jobs using a system designed and developed in the United States. So helping people get the jobs they want inevitably involves the transfer of our users’ personal data from the EU and Switzerland to the US and to other countries. Indeed uses various mandated legal mechanisms to ensure that adequate protections are applied to such personal data when it is transferred outside the EU.
Where necessary, Indeed relies on the use of data transfer and processing agreements that employ both the European Commission's standard contractual clauses and the protections provided for under Chapter V (and Article 28, where appropriate) of the GDPR. This incorporates EU data protection requirements to ensure adequate protection of such personal data transfers.
How does the recent court judgment on EU-US Privacy Shield affect Indeed?
Indeed takes the privacy of our users very seriously. This includes ensuring there are adequate protections in place with respect to transfers of our European users' personal data to the United States, which was the focus of the recent court judgment.
In order to do this Indeed has employed the overlapping protections of both the European Commission's standard contractual clauses, and the EU-US and Swiss-US Privacy Shield frameworks, to govern such transfers. In the wake of the court judgment those transfers continue to be subject to European Commission standard contractual clauses, which the court confirmed remain a valid transfer method.
What information does Indeed transfer to third parties?
We do this for a number of reasons, for example: to improve our services to you; to maintain quality and protect users; to facilitate payments (where applicable); to permit user log-in through third party accounts; or to understand and optimize our users’ customer journey.
What information is shared with third parties when the Indeed App is installed?
In order to provide you with certain services and support ad attribution, limited user data may be shared with certain service providers when you install, download or use the Indeed App. This may include your IP address or other unique identifier, and event data related to the installation of the Indeed App.
This may be done for a variety of purposes, including facilitating user log-in through third party accounts. It may also assist Indeed to understand and optimize our users’ complete customer journey by helping us: (i) understand how users arrive to Indeed; (ii) better measure the performance of our ads; and (iii) understand where a user has accessed Indeed through different devices.
How do individuals make a personal data access request?
How do individuals make a personal data deletion request?
How can individuals avail of the other rights provided under GDPR?
How do I unsubscribe from any marketing messages from Indeed?
If you wish to opt out of a particular marketing email from Indeed, you may do so by clicking “unsubscribe from this email” (or an equivalent action) where applicable. Please note that this will only opt you out of that particular marketing message.
If you wish to adjust all your job alerts, you can click on “manage my subscriptions” (or an equivalent action) to adjust your subscriptions. You can also access and adjust your subscriptions (for job alerts, recommended jobs, and other notifications) from your account dashboard, or contact Indeed Customer Support to do so.
In addition, you may opt out of all marketing messages or withdraw your consent from any consent-based processing by sending an email to privacy-dept @ indeed.com (remove spaces when sending email). In your message, please detail which activities from which you wish to opt out or withdraw your consent. We will comply with your request as soon as reasonably practicable, and in accordance with applicable laws.
Finally, please note that we may still send other messages to you, such as administrative messages.
How long does Indeed retain personal data?
What security measures are adopted by Indeed?
Indeed seeks to use reasonable security measures to help protect against unauthorized access, disclosure, and destruction and accidental loss of Personal Data under Indeed’s control, although no method of transmission over the Internet, or method of electronic storage, is 100% secure. The practices Indeed follows vary depending on the nature of the data, the context of the processing, and the risks involved, as well as available technology.
With respect to data transfers, Indeed relies on the use of data transfer and processing agreements that employ both the European Commission's standard contractual clauses and the protections provided for under Chapter V (and Article 28, where appropriate) of the GDPR. Indeed Inc. is also certified under EU-US Privacy Shield, and adheres to applicable Privacy Shield principles, including those relating to security.
For more information on some of the steps we take and advice on steps you can take to help keep your information safe during your job seeking journey, please visit our Security page.
Does the GDPR impact my current use of Indeed Resume?
Resumes set to ‘public’ will continue to be available in their current capacity as outlined in our terms. Indeed has made necessary changes, as detailed above, to ensure lawful processing in compliance with GDPR and the rights of our users.
Does Indeed comply with international privacy rules?
Where is Indeed's main establishment for GDPR purposes?
What has Indeed done from a privacy perspective to prepare for Brexit?
Indeed has taken measures to ensure the personal data of its users continues to be protected. For example, Indeed has introduced data transfer and processing agreements where appropriate to protect personal data transfers to the United Kingdom in the event of that jurisdiction departing from the European data protection regime.