Please be advised that this FAQ is for your convenience only. It is not an exhaustive explanation or legal advice, and does not supplement or replace the applicable Terms of Service, which constitute a legally binding agreement between you and Indeed. We advise to read applicable terms in full.

 

How does Indeed view privacy?

Indeed values each of its users’ privacy.  We’ve invested significant resources into building a global privacy framework that bakes privacy-by-design into our product development lifecycle and affords all of our users the same rights to access and delete their personal data.

We very much value the trust jobseekers place in us to help them find great jobs, and employers place in us to help them find great candidates. Our Privacy Policy and Privacy Center help us maintain this trust by giving all of our users a comprehensive look into the types of information we collect and how we use and disclose this information to deliver our products and services globally.

How does Indeed process user data?

Indeed’s Privacy Policy (for example section 4, Purposes, Uses and Disclosures of Information,) details the ways in which Indeed processes personal data and the purposes of such processing. This includes but is not limited to using data to improve Indeed products, determine user preferences, help detect fraudulent activity, and for certain marketing purposes.

How does Indeed share user data with its affiliates?

As detailed in our Privacy Policy, Indeed shares certain user data with its affiliates to:

  • help the job search and recruitment process by connecting more job seekers with more job listings and employers;
  • improve our services to you; and
  • facilitate better security for users.

The HR Tech Privacy Center helps to further educate our users on Indeed’s core privacy values and certain data sharing practices between the Indeed-affiliated companies and brands.  

What is the GDPR?

On May 25, 2018, the European Union (EU) introduced the General Data Protection Regulation (GDPR) .  The GDPR established a comprehensive framework for protecting individual’s personal data by defining individual rights and the obligations for businesses around transparency, security and accountability in all processing of personal data.

What is Indeed doing to comply with GDPR?

The GDPR introduced stronger rights and protections for individuals, and created new obligations for businesses in terms of how they process individuals’ personal data. We are excited about doing what is best for our users, and have introduced changes in accordance with the GDPR and its principles.

Indeed’s Privacy Policy, which is easily accessible by all users, clearly informs users of the personal data collected by Indeed, and the different processing activities that take place.

Indeed also employs applicable privacy principles, and has introduced certain changes to support additional user rights and satisfy all of our obligations. Some examples of those changes are set out below.

  • We will continue to increase transparency and communication with our users to provide you with as clear an understanding as possible about how your personal data is processed.
  • We will facilitate the rights of individuals introduced by GDPR, including the rights of individuals to access and/or delete their personal data upon request.
  • Those rights are available to all of Indeed's users on a global basis.
  • We will remain dedicated to the approach of “privacy by design and default” through the consistent application of the privacy principles in the GDPR, and the adoption of a privacy-friendly approach in how we build and operate our products and services.

What is the CCPA?

On January 1, 2020, the California legislature introduced the California Consumer Privacy Act (CCPA).  The CCPA is a first-of-its-kind privacy framework in the United States (US), delivering a new standard of transparency for businesses collecting California residents’ personal data.  Among other things, the CCPA offers California residents new consumer rights around accessing and deleting their personal data collected by businesses, and redefines how businesses must account for certain transfers of California residents’ personal data.

What is Indeed doing to comply with the CCPA?

Indeed has taken a number of measures to satisfy this new law, and other laws, by building on Indeed’s existing privacy framework. A few examples include:

  • furthering the transparency of Indeed’s comprehensive Privacy Policy with a new summary, concisely listing the types of data that Indeed collects and how it uses and discloses this data; 
  • launching a new Privacy Center, helping users further understand the relationships between Indeed and its affiliated entities and brands; 
  • expanding Indeed’s consumer rights request infrastructure with a new request form and toll-free telephone number for submitting requests, and enhanced data mapping; and
  • integrating new links on Indeed’s Site to reflect the CCPA’s approach to defining and regulating the “sale” of users’ data.

Section 13 of Indeed’s Privacy Policy provides more information for California residents.

Does Indeed transfer data in any way that may be a “sale” under the CCPA?

Please see our explanation here.

How does Indeed manage EU personal data transfers?

Indeed helps people get jobs using a system designed and developed in the United States. So helping people get the jobs they want inevitably involves the transfer of our users’ personal data from the EU and Switzerland to the US and to other countries. Indeed uses various mandated legal mechanisms to ensure that adequate protections are applied to such personal data when it is transferred outside the EU.  

For example, Indeed Ireland transfers certain personal data from the EU and Switzerland to Indeed, Inc. in the U.S.. Indeed, Inc. complies with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework regarding the collection, use, and retention of personal information transferred from the European Union member countries and Switzerland to the United States. Indeed Inc. has certified that it adheres to the Privacy Shield Principles of Notice, Choice, Accountability for Onward Transfer, Security, Data Integrity, and Purpose Limitation, Access, Recourse, Enforcement and Liability. To learn more about the Indeed Inc.’s compliance with the Privacy Shield Framework please consult section 11 of our Privacy Policy. To find out more about the Privacy Shield Framework please click here, and to view our certification please click here.

Furthermore, Indeed Ireland’s transfers made according to the Privacy Shield Framework are performed based on agreements that also incorporate the protections provided for under Chapter V (and Article 28, where appropriate) of the GDPR. This incorporates EU data protection requirements to ensure adequate protection of such personal data transfers.

What information does Indeed transfer to third parties?

Indeed may use third parties to perform services in connection with our operations, to improve the Site and our services, products, and features, to protect our users and better understand their needs, and to optimize the services and users’ experiences. These service providers may have access to Personal Data in the course of providing these services, which may involve transfers of such Personal Data to other countries. Such transfers are only made for the purposes set forth in sections 4, 5 and 9 of this Privacy Policy, to the extent applicable and necessary. Those companies are also required to treat such Personal Data in accordance with this Privacy Policy, and in accordance with all applicable laws with respect to such transfers and any processing performed by those third parties on such Personal Data.

We do this for a number of reasons, for example: to improve our services to you; to maintain quality and protect users; to facilitate payments (where applicable); to permit user log-in through third party accounts; or to understand and optimize our users’ customer journey.

What information is shared with third parties when the Indeed App is installed?

In order to provide you with certain services and support ad attribution, limited user data may be shared with certain service providers when you install, download or use the Indeed App. This may include your IP address or other unique identifier, and event data related to the installation of the Indeed App.

This may be done for a variety of purposes, including facilitating user log-in through third party accounts. It may also assist Indeed to understand and optimize our users’ complete customer journey by helping us: (i) understand how users arrive to Indeed; (ii) better measure the performance of our ads; and (iii) understand where a user has accessed Indeed through different devices.

When you download or install an Indeed App, you acknowledge and accept that your Personal Data may be transferred to these service providers. You also agree to Indeed's Cookie Policy, Privacy Policy and Terms of Service, and are informed that you may avail of your rights at any time, as detailed in section 10 of this Privacy Policy, including the right to object to the legitimate interest use of your personal data for marketing purposes.

Examples of the types of technologies that may support this behavior include pixels, javascript snippets, or cookies.

How do individuals make a personal data access request?

Indeed users are able to access most of their Personal Data held by Indeed on the Site.  If you have any queries or complaints we encourage you to contact us here.  Alternatively, you may make a formal request to access your Personal Data held by Indeed. This process is detailed in Section 10.4 of our Privacy Policy.

How do individuals make a personal data deletion request?

Indeed users are able to edit and update most of their Personal Data held by Indeed on the Site, and if you have any queries or complaints we encourage you to contact us here. Alternatively, if you do not wish to do this, you may make a formal request to delete your Personal Data held by Indeed. This process is detailed in Section 10.5 of our Privacy Policy.

How can individuals avail of the other rights provided under GDPR?

Indeed users may request to exercise their right to rectify their personal data, or their rights to restrict or object to the processing of their personal data. If you have such a request then we encourage you to contact us here, or as detailed in Section 10.1 and 10.2 of our Privacy Policy.

How do I unsubscribe from any marketing messages from Indeed?

If you wish to opt out of a particular marketing email from Indeed, you may do so by clicking “unsubscribe from this email” (or an equivalent action) where applicable. Please note that this will only opt you out of that particular marketing message. 

If you wish to adjust all your job alerts, you can click on “manage my subscriptions” (or an equivalent action) to adjust your subscriptions. You can also access and adjust your subscriptions (for job alerts, recommended jobs, and other notifications) from your account dashboard, or contact Indeed Customer Support to do so. 

In addition, you may opt out of all marketing messages or withdraw your consent from any consent-based processing by sending an email to privacy-dept @ indeed.com (remove spaces when sending email). In your message, please detail which activities from which you wish to opt out or withdraw your consent. We will comply with your request as soon as reasonably practicable, and in accordance with applicable laws.

Finally, please note that we may still send other messages to you, such as administrative messages.

How long does Indeed retain personal data?

Indeed retains personal data to the extent necessary in relation to the purposes for which the data are collected or processed, which are communicated in our Privacy Policy, or where necessary for compliance with a legal obligation. For example, records detailing a business transaction and/or business relationship are retained as allowed by applicable laws. Where the personal data we store no longer needs to be stored for the reasons outlined above, Indeed deletes such personal data, subject to applicable legal requirements.

What security measures are adopted by Indeed?

Indeed seeks to use reasonable security measures to help protect against unauthorized access, disclosure, and destruction and accidental loss of Personal Data under Indeed’s control, although no method of transmission over the Internet, or method of electronic storage, is 100% secure.  The practices Indeed follows vary depending on the nature of the data, the context of the processing, and the risks involved, as well as available technology.   

With respect to data transfers, Indeed Inc. is certified under EU-US Privacy Shield, and adheres to applicable Privacy Shield principles. It also adheres to GDPR requirements concerning transfers of personal data to Indeed affiliates and to third parties.

For more information on some of the steps we take and advice on steps you can take to help keep your information safe during your job seeking journey, please visit our Security page.

Does the GDPR impact my current use of Indeed Resume?

Resumes set to ‘public’ will continue to be available in their current capacity as outlined in our terms. Indeed has made necessary changes, as detailed above, to ensure lawful processing in compliance with GDPR and the rights of our users.

Does Indeed comply with international privacy rules? 

Indeed takes the privacy of its users very seriously, investing significant resources as part of our efforts to protect your personal data. This includes closely monitoring developments in international privacy rules, and endeavouring to adhere to those rules. We very much value the trust that our jobseekers place in us to help them find jobs, and our employers place in us to help them find great candidates. Our Privacy Policy describes how we work to maintain that trust and protect our users’ information.

Where is Indeed's main establishment for GDPR purposes? 

As provided for in Indeed's Privacy Policy, European personal data of our jobseekers and employers is provided to Indeed Ireland Operations Limited (“Indeed Ireland”). Indeed's main establishment for the purposes of the GDPR is Ireland and our lead supervisory authority is the Irish Data Protection Commission.

What has Indeed done from a privacy perspective to prepare for Brexit? 

Indeed has taken measures to ensure the personal data of its users continues to be protected. For example, Indeed has introduced data transfer and processing agreements where appropriate to protect personal data transfers to the United Kingdom in the event of that jurisdiction departing from the European data protection regime.