global-candidate-privacy-notice.pdf

 https://www.crowdstrike.com/content/dam/crowdstrike/www/en-us/wp/2024/06/global-candidate-privacy-notice.pdf

Based on the provided "Global Candidate Privacy Notice," here are some potential red flags to consider:

• Collection of Extensive Personal Information: CrowdStrike collects a wide range of personal information, including identification information, experience information, background check information, medical information, and information required to initiate employment. While this is common for hiring processes, the breadth of data collected may be concerning to some, especially the inclusion of potentially sensitive information like Social Security or national insurance numbers, and medical information.

• Collection of Information from Multiple Sources: Personal information is not only collected directly from candidates but also from other sources such as recruiting agencies, educational institutions, background-checking agencies, assessment platforms, referees, and publicly available sources. This raises the possibility that information may be collected without the candidate's direct knowledge or control.

• Background Checks: CrowdStrike conducts background checks, and in some cases, criminal record checks. This process is not always transparent. The document states that candidates will be notified if a criminal record check is carried out, but it doesn't clearly specify the extent of these checks or the countries or locations where these may be more extensive. It also states that employment may be conditional upon the results of this check.

• Medical Information Collection: The notice mentions the collection of "medical information, such as health information, including disability status". This type of information is highly sensitive. It is collected to the extent permitted by law, but some may be concerned about the potential for misuse or discriminatory practices.

• International Data Transfers: The document notes that personal data may be transferred outside the candidate's home jurisdiction, including to the United States. The notice states that data will only be transferred in accordance with applicable data protection laws and when there is adequate protection in place. However, the document also notes that other countries may have different data protection laws. This could raise concerns about the level of protection afforded to the data once it is transferred.

• Data Retention: The document states that personal information will be retained for as long as needed to fulfill the purpose for which it was collected and for a reasonable period thereafter. The lack of a specific retention period may be a concern to some. Also, CrowdStrike may retain de-identified data indefinitely.

• Changes to the Privacy Notice: CrowdStrike may update the notice at any time to reflect changes in their practices. This means that candidates must periodically review the notice for changes. This could be a red flag for individuals who prefer a more static and predictable privacy policy.

• Third-Party Sharing: Personal Information is shared with CrowdStrike affiliates, regulators, authorities, and third-party service providers. The notice lacks specific details about these third parties and their data handling practices.

• Self-Identification Requests: The notice mentions that for some locations, CrowdStrike may request that candidates self-identify with certain characteristics such as gender or race/ethnicity. Although the notice also states that choosing not to disclose such information will not result in adverse treatment and the information will be kept confidential, the request itself may be a red flag for some individuals.

• Legal Basis for Processing: The legal basis for processing personal information is described in general terms as necessary for contractual obligations, consent, or legitimate interests. The lack of specificity may cause concern and may not offer the transparency some individuals seek.

It is important to note that many of the practices described in this notice are common in the recruitment process. However, the extent of the data collection and the lack of specific details about some of the practices may raise concerns for some individuals.