Job Applicant Privacy Notice
Last updated: March 2024
CSG Systems International Inc. and its affiliates (“CSG”) care about the privacy of our job applicants (“You” or “Your”) during the recruitment and application process. CSG is committed to processing Your individually identifiable information (“personal information”) in accordance with fair information practices and applicable data protection and privacy laws.
2. THE PERSONAL INFORMATION WE PROCESS AND OUR PURPOSES
3. SOURCES OF PERSONAL INFORMATION
4. RECIPIENTS OF PERSONAL INFORMATION
5. TRANSFERS OF YOUR PERSONAL INFORMATION
1. SCOPE
This notice (“Notice”) explains how CSG collects, uses, and processes the personal information of job applicants. This Notice may also be supplemented by other statements, as needed, to comply with local requirements in the country where You live. Please read the annex relevant to the country in which you are applying for a role for, where relevant, specific information as it relates to your country.
2. THE PERSONAL INFORMATION WE PROCESS AND OUR PURPOSES
CSG will process Your personal information to process Your job application and to fulfil out recruitment practices. More specific information about our purposes, examples of the data processed and the grounds on which CSG process the data are in the table below. The examples in the table cannot, of course, be exhaustive.
| Purpose | Examples of personal information that may be processed | Grounds for processing |
|---|---|---|
| Management and administration of Your application | Information concerning Your application, which includes your personal details, education, and qualification details. We also process our assessment of Your application, the fact of Your application and our record of it, Your references, any checks CSG may make to verify information provided or background checks, any information connected with your right to work and your password used to login to our job application portal. If relevant, we may also process information concerning your health, any disability and in connection with any adjustments to working arrangements. | Legitimate interests Legal obligation |
| Compliance with legal and other requirements that CSG is subject to such as recordkeeping and reporting obligations; conducting audits; administration of the CSG compliance hotline; compliance with law enforcement and similar requests in accordance with applicable law; pursuing legal rights and remedies; defending litigation and managing any internal complaints or claims; and complying with internal policies and procedures | Information concerning Your application, which includes your personal details, education, and qualification details. We also process our assessment of Your application, the fact of Your application and our record of it, Your references, any checks CSG may make to verify information provided or background checks, any information connected with your right to work and your password used to login to our job application portal. If relevant, we may also process information concerning your health, any disability and in connection with any adjustments to working arrangements. | Legitimate interests Legal obligations |
| Contacting you or others on your behalf | Your contact details including Your address and phone number, emergency contact information and information on your next of kin. | Legitimate interests |
| Monitoring of diversity and equal opportunities | To the extent required or permitted by local law, information on your, gender. | Legitimate interests |
If You are accepted for a job at CSG, You will be asked to provide additional information at the time, which will be processed in accordance with our applicable Employee Privacy Notice
2.1 Grounds for Processing
As identified in the table above, under EU and UK data protection laws, there are various grounds on which we can rely when processing your personal information. Similar grounds may apply outside the EU or UK. In some contexts more than one ground applies. Two of those grounds can be summarized as Legal Obligation and Legitimate Interests. We outline what those terms mean below:
| Term | Grounds for Processing | Explanation |
|---|---|---|
| Legal obligation | Processing necessary to comply with our legal obligations | Ensuring we perform our legal and regulatory obligations. For example, providing a safe place of work and avoiding unlawful discrimination. |
| Legitimate Interests | Processing necessary for our or a third party’s legitimate interests | We or a third party have legitimate interests in carrying on, managing and administering our respective businesses effectively and properly and in connection with those interests processing your data. Your data will not be processed on this basis if our or a third party’s interests are overridden by your own interests, rights and freedoms. |
There may also be situations where CSG collects information that reveals information about Your health, which is considered by EU and/or UK data protection law as “sensitive personal information” (or similar protected status under other applicable data protection laws). For example, You may need to provide us with information about Your physical or mental condition so that we can provide work-related accommodations or to assess Your fitness for a particular position.
If we process sensitive personal information about you, as well as ensuring that one of the grounds for processing mentioned above applies, we will make sure that one of the grounds for processing sensitive personal information applies: (i) where you have provided your explicit consent; (ii) where the processing is necessary for the purposes of your or our obligations and rights in relation to employment in so far as it is authorized by law or collective agreement; (iii) where the processing relates to data about you that you have made public; or (iv) where the processing is necessary for the purpose of establishing, making or defending legal claims. .
The provision of personal information as described in this Notice is partly a statutory requirement and partly a requirement necessary in order to carry out the potential employment relationship with You. In general, You are required to provide the personal information, except in limited instances when we indicate that the provision of certain information is voluntary. Not providing personal information may prevent CSG from carrying out the potential employment relationship with You.
3. SOURCES OF PERSONAL INFORMATION
Usually, You will have provided the information we hold about You via the application process but there may be situations where we collect personal information from other sources, such as recruitment agencies or other job websites, references supplied by former employers and background check reports. We will seek this information only after the job offer has been made and we will inform You that we are seeking this information from other sources.
4. RECIPIENTS OF PERSONAL INFORMATION
CSG takes care to allow access to personal information only to those who require such access to perform their tasks and duties, and to third parties who have a legitimate purpose for accessing it. Whenever CSG permits a third party to access personal information, we will implement appropriate measures to ensure the information is used in a manner consistent with this Notice and that the confidentiality and integrity of the information is maintained.
We may disclose your personal information to other third parties for our legitimate interests as an organization or the interests of a third party (but we will not do this if these interests are over-ridden by your interests and rights in particular to privacy). We may also disclose your personal information if you consent, where we are legally required to disclose and in connection with criminal or regulatory investigations.
Specific examples include the following:
- We share Your personal information with other members of the CSG group around the world for the purposes described above, in particular to manage and administer the job application process.
- We make certain personal information available to third parties who provide services to us. We do so on a “need to know basis” and in accordance with applicable data protection law. For example:
- job application administration, e.g., Workday;
- recruitment or executive search administration, e.g., TekSystems;
- background check administration, e.g., Sterling; and
- third parties who provide, support and maintain our IT and communications infrastructure (including for data storage purposes) and/or provide business continuity services, e.g., Microsoft;
- We make certain personal information available to existing or potential business partners, suppliers, independent external advisors (such as auditors),
- banks, insurance carriers, and other third parties to operate the business.
We may disclose personal information in connection with the sale, assignment or other transfer of all or part of our business.
4. DATA RETENTION PERIODS
Personal information will be stored only as long as is necessary to carry out the purposes described in this Notice. When CSG no longer needs to use Your personal information, we will remove it from our systems and records and/or take steps to properly render it unintelligible so that You can no longer be identified from it.
If You are accepted for a job at CSG, the information collected during the recruitment process will form part of Your ongoing employment record.
If You are not successful, You can choose for us to keep Your information on file for any future job openings. In such cases, we will retain Your application information for one year. You can opt out of this at any time by contacting [email protected].
5. TRANSFERS OF YOUR PERSONAL INFORMATION
CSG is a global group of companies headquartered in the United States. As CSG operates at a global level, we may need to transfer personal information to other countries outside of Your home country, in particular to our parent company, in the United States, for management purposes. Transfers may also need to be made to other countries where we operate in order to communicate with Your potential manager or other staff members regarding Your potential employment relationship with CSG.
When we export Your personal information to a different country, we will take necessary steps to ensure that such data exports comply with applicable laws and legislation. For example, for transfers of personal information from the European Economic Area (“EEA”) or the United Kingdom (“UK”) to other affiliates within the CSG group of companies located outside of the EEA or the UK, we have an intra-group agreement which includes appropriate safeguards.
Where applicable, when we transfer Your personal information to third parties outside of the EEA or the UK, we ensure that such transfers to countries not providing an adequate level of data protection are based on appropriate safeguards such as Standard Contractual Clauses approved by the European Commission together with binding and enforceable commitments of the recipient. CSG has also certified its compliance with the EU-U.S. Data Privacy Framework, the UK Extension to the EU-US Data Privacy Framework, and the Swiss-US Data Privacy Framework (as applicable). Please refer to the section below for further detail.
You can request a copy of the appropriate safeguards by contacting us as set out in the Questions and Comments section below.
5.1 DATA PRIVACY FRAMEWORK
CSG Systems International Inc., CSG Systems, Inc., and Intec Billing, Inc., (collectively, “CSG US”) have certified their compliance with the EU-U.S. Data Privacy Framework, the UK Extension to the EU-US Data Privacy Framework, and the Swiss-US Data Privacy Framework (as applicable) as set forth by the U.S. Department of Commerce with respect to personal information concerning individuals from the EEA, Switzerland and UK. Please see our Data Privacy Framework Notice to learn more.
This Privacy Notice includes details of third parties CSG US shares your personal information with under Recipients of Personal Information. You can find out more about your rights under the Your Data Protection Rights section below.
For further information which is not contained in this Privacy Notice, please contact us using the details under Questions and Answers below.
6. YOUR DATA PROTECTION RIGHTS
Depending on where you are located and the types of personal information at issue, you may have certain data protection rights provided under applicable laws (Data Subject Rights), which you may exercise by making a request to CSG. For example, under local applicable laws, including those in the EEA/UK, Brazil, South Africa, and/or certain states in the United States (e.g., California) you may have the rights listed below.
- Right to rectification. You have the right to request that we correct or supplement any inaccurate or incomplete personal information we process about you.
- Right to erasure/deletion (i.e., right to be forgotten). You have the right to request that we delete your personal information or as applicable anonymize your personal information.
- Right of access. You have the right to know whether your personal information is being processed, and, where that is the case, to request access to, including a copy of, the personal information undergoing processing.
- Right to data portability. You have the right to request that we provide the personal information which you provided to us in a structured, commonly used, and machine-readable format; and you have the right to transmit such personal information to another entity.
- Right to withdraw your consent. We are unlikely to rely on consent as a ground for processing. However, if we do, You can withdraw Your consent at any time. Withdrawing Your consent will not affect the lawfulness of any processing we conducted prior to Your withdrawal, nor will it affect processing of Your personal information conducted in reliance on lawful processing grounds other than consent.
- Right to restriction of processing. You have the right to request that we restrict the processing of your personal information.
- Right to object. You have the right to object to our processing of your personal information.
- Right to prohibit the sale or share of personal information. We do not sell or “share,” in this context means the disclosure of your personal information for purposes of cross contextual advertising, your personal information in the context of your employment.
- The right to request further information. You have the right to request more information about the public and private entities with which we have shared personal information and information about the possibility of withholding consent and the consequences of such decision.
- The right to opt out of the use of automated decision making technology. You have the right to opt out and, if applicable, request a review of automated decisions that affect your interests. We do not use automated decision making in a manner that would trigger this right.
- The right to opt out of the use of sensitive personal information: You have the right to opt out of certain uses and disclosures of sensitive personal information. However, we do not use or disclose sensitive personal information for purposes other than those which cannot be limited under California law.
- The right to anonymization. You have the right to request that we anonymize unnecessary or excessive personal information.
You may learn more about these rights or exercise these rights by going to the CSG Data Rights Request Portal or by contacting us as set out in the Questions and Comments section below. Please note that these rights might be limited under the national data protection law in your home country.
You have the right to complain to a data protection authority about our collection and use of your personal information. For more information, please contact your local data protection authority (as set out in the relevant annex).
If you choose to assert any of these rights under applicable laws, we will respond within the time period prescribed by applicable law. Please note that many of the above rights are subject to exceptions and limitations. If we are not able to provide the requested information or make the change you requested, then you will be provided with the reasons for such decisions. Under local law, you may be entitled to lodge a complaint with your local data protection authority.
Your rights and our responses will vary based on your state or country of residency. Please note that you may be located in a jurisdiction where we are not obligated, or are unable, to fulfill a request. In such a case, your request may not be fulfilled.
We do not discriminate against individuals who exercise any of their rights described in this Notice.
7. UPDATES TO THIS NOTICE
This Notice may be updated periodically to reflect any necessary changes in our privacy practices. Where such changes will materially affect Your privacy rights, we will inform You through the job application portal and indicate at the top of the Notice when it was most recently updated. We encourage You to check back on this Notice periodically so that You are aware of the most recent version of it.
8. QUESTIONS AND COMMENTS
You can address any questions or comments relating to this Notice and our privacy practices to [email protected]. You have a right to lodge any complaints with the appropriate data protection supervisory authority although we ask that You raise Your objections directly with CSG in the first instance.
ANNEX A – EEA/UK
CSG EMPLOYERS AND CONTRACTING ENTITIES IN EEU/UK
The list of CSG employers and contracting entities in the EEA/UK are located here . The entity to which you apply will be the data controller of your personal information.
If you are applying to one of our entities in the EEA/UK, the following additional information will apply:
QUESTIONS AND COMMENTS
Contact details for the data protection regulators in the EEA are available here. In the United Kingdom, the data protection regulator is the Information Commissioner’s Office. For contact details see here.
ANNEX B – BRAZIL
CSG EMPLOYERS AND CONTRACTING ENTITIES IN BRAZIL
Intec Telecom Systems do Brasil Ltda – São Paulo – SP
R. Dr. Rafael de Barros
209 – 6º andar – Paraíso
São Paulo – SP
04003-041
Brazil
Intec Telecom Systems do Brasil Ltda – Londrina – PR
Av. Higienópolis, 1601, 2º andar
Londrina – PR
86015-010
Brasil
If you live in Brazil, the following additional information and amendments to the Notice will apply:
GROUNDS FOR PROCESSING
In addition to the grounds for processing stated in the Notice, the following additional ground shall apply to you:
| Term | Legal basis for processing | Explanation |
|---|---|---|
| Regular exercise of rights in judicial, administrative or arbitration procedures | Processing is necessary for judicial, administrative or arbitration proceeding that CSG is a part of. | Sometimes we need personal data of our job applicants in the context of lawsuits (more specifically judicial, administrative or arbitration proceedings) |
QUESTIONS AND COMMENTS
The local data protection regulator is the Brazilian Data Protection Authority (ANPD).
ANNEX C – CALIFORNIA
CSG EMPLOYERS AND CONTRACTING ENTITIES FOR JOB APPLICANTS IN CALIFORNIA
CSG Systems, Inc.
169 Inverness Dr W
Suite 300
Englewood, CO 80112
TELEPHONE: 1-800-274-0111
If you live in California, the following additional information and amendments to the Notice will apply:
YOUR DATA PROTECTION RIGHTS
The California Consumer Privacy Act of 2018 and as further amended by the California Privacy Rights Act of 2020 (collectively the “CCPA”) provides CSG California job applicants with specific rights regarding their candidate information.
When the CCPA applies, California residents generally have the right to request access, portability, correction, and deletion of their personal information. Additionally, and if applicable, California residents can limit the use of their sensitive personal information and the selling or sharing of personal information. These rights are explained in more detail above.
Exercising Access, Data Portability, Deletion and Correction Rights
You may exercise your CCPA rights by going to the CSG Data Rights Request Portal or by contacting us as set out in this annex.
Only you, or a person registered with the California Secretary of State that you authorize to act on your behalf, may make a verifiable consumer request related to your personal information. You may also make a verifiable consumer request on behalf of your minor child.
You may only make a verifiable consumer request for access or data portability twice within a 12-month period. The verifiable consumer request must:
- Provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information, or verify your authorized representative.
- Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.
Our verification process may also include a request for additional information to confirm your identity or your authorized agent’s identity (such as your name, email address, and date of birth) or to obtain proof that you have given your authorized agent permission to act on your behalf. If our verification process is successful, then we will respond to your request within the time and in the manner required by applicable law. If we cannot validate the identity of you and/or your authorized agent or obtain proof that you have given your authorized agent permission to act on your behalf, then we will attempt to contact you to inform you.
We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you. We will only use personal information provided in a verifiable consumer request to verify the requestor’s identity or authority to make the request.
Response Timing and Format:
We endeavor to respond to a verifiable consumer request within the period set out by the CCPA. If we require more time we will inform you of the reason and extension period in writing. We will deliver our written response by mail or electronically, at your option.
We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.
Authorized Agents
If you designate an authorized agent to submit requests to exercise certain privacy rights on your behalf, then we will require verification that you provided the authorized agent permission to make a request on your behalf. You must provide us with a copy of the signed permission you have given to the authorized agent to submit the request on your behalf and verify your own identity directly with us. If you are an authorized agent submitting a request on behalf of an individual, you must attach a copy of the following information to the request:
- A completed Authorized Agent Designation Form indicating that you have authorization to act on the individual’s behalf.
- If you are a business, proof that you are registered with the applicable government entity, to conduct business in your jurisdiction, including the Secretary of State of California.
QUESTIONS AND COMMENTS
The local data protection regulatory is the California Privacy Protection Agency.
ANNEX D – SOUTH AFRICA
CSG EMPLOYERS AND CONTRACTING ENTITIES IN SOUTH AFRICA
Intec Telecom Systems South Africa Proprietary Limited t/a CSG
Great Westerford
First Floor
Rondebosch
Western Cape
7700
CSG SA Services Proprietary Limited
Great Westerford
First Floor
Rondebosch
Western Cape
7700
If you live in South Africa, the following additional information and amendments to the Notice will apply:
GROUNDS FOR PROCESSING
CSG in South Africa may need to retain certain diversity and equal opportunities information pursuant to the Employment Equity Act or for the certifications prepared pursuant to the Board-Based Black Economic Empowerment Act, therefore CSG employers and contracting entities may rely on a legal obligation when processing diversity and equal opportunities data.
QUESTIONS AND COMMENTS
The local data protection regulator is the South African Information Regulator.