RECRUITMENT CANDIDATE PRIVACY NOTICE

1. Introduction

This notice explains how we collect, use, disclose, and store your personal data when you apply for a job opportunity at Paystack (“Paystack”, “Company”, “we”, “us” or “our”).

2. Who we are

Paystack (“Paystack”, “Company”, “we”, “us” or “our”) offers an online payment platform that allows Merchants to collect payments for desired goods and services from customers both online and at physical retail locations.

3. Our goal

Paystack commits to providing equal employment opportunities to all individuals and promoting a diverse and inclusive workplace. We protect your privacy and ensure your personal data is handled securely and in accordance with applicable laws at every stage of the recruitment process.

4. The data we collect

As a candidate, we primarily collect your contact information, including your name, residential address, email address, phone number(s), educational background, employment history, skills, qualifications, LinkedIn account and photo headshot (if you share it with us), curriculum vitae, and cover letter, directly from you. In some instances, we collect video recordings of interviews conducted by recruiters; you will be notified before any recording is made. We may also collect sensitive information, such as health-related details or information about disabilities, where relevant to the recruitment process and permitted by law. We will collect information about you through third parties in the following instances: we will collect information about you from your referee(s); from our employees who have recommended you for a role as a “referred candidate” with your permission; from publicly available sources (e.g. professional networking sites) to assess your suitability for a role.

In instances where you are not a candidate, we may also receive information about you (name, email address, and company title) from a candidate who lists you as their reference (i.e., you are a “reference/referee”).

5. How we collect your data

During your application for a role at Paystack, we will collect your data through your curriculum vitae, cover letter, applicant tracking system, recruitment software, online forms, and any other official channels.

We will also collect your personal data when you sign up to “Connect” to receive job vacancy updates and to be properly matched with available positions.

We also work with third-party recruitment agencies to conduct the initial stages of candidate selection. In some instances, we will leverage AI transcription for recorded interviews led by outsourced recruiters. However, you will be made aware of this prior to recording and transcription. This helps us ensure that the assessment reflects the candidate’s own skills and knowledge, prevents unfair advantage, and protects the integrity of our hiring process. Therefore, we use automated tools to streamline initial application screening, ensuring a fair and efficient process for all candidates.

6. Why do we collect your data?

Legitimate interest

To determine your suitability for the role;
To ensure fair and merit-based evaluation for all applicants to preserve the credibility of our hiring decisions;
To communicate with you regarding your application;
To analyse and improve our recruitment processes, candidate experience, and diversity initiatives;
To establish, exercise, or defend legal claims;
For internal audit, compliance with internal policies, and risk management;
To ensure the security of our IT systems, prevent fraud, and protect against cybersecurity threats related to the application process;
For identity checks, right-to-work verification, reference checks, criminal record checks; and
To communicate and interact with you throughout the recruitment process.

Consent

To consider you for future employment opportunities during the retention period.

Legal obligation

To comply with legal obligations (e.g. anti-discrimination laws).

7. With whom do we share your data?

We share your data internally with relevant employees involved in the recruitment process. We also share your personal data with third-party service providers to facilitate the recruitment exercise, including:

Team Tailor, a third-party service provider that manages our recruitment and hiring processes, in addition to serving as an external communication tool to contact future and prospective candidates who have opted to be considered for future roles;
Third-party recruiters, who conduct initial interviews to assess candidate suitability in the early stages of the hiring process; and
Zoom, a video conferencing tool to schedule virtual interviews.

Paystack uses contracts, Data Processing Agreements and Service Level Agreements that require third parties to implement adequate technical and organisational methods of safeguarding your personal data, in accordance with applicable law.

8. International data transfer

When we transfer your personal data outside of the country where it was collected, we ensure appropriate safeguards are in place. These safeguards include reliance on any of the transfer mechanisms approved by relevant data protection authorities. If you would like to learn more about the transfer mechanism we are using, or where your data is stored, please contact us at dpo@paystack.com.

9. Is the data secure?

Paystack protects your information using robust technical and organisational controls to ensure data integrity and confidentiality. We employ physical, technical, and administrative security measures, including encryption, firewalls, and access controls, for both digital and physical data. Only employees who require access for their job responsibilities are permitted to view personal data, and are contractually prohibited from data misuse. In the event of a personal data breach, Paystack has established clear procedures in place to address the issue. We commit to notifying affected individuals and relevant authorities without undue delay, and no later than 72 hours after becoming aware of the breach, detailing its nature, likely consequences, and mitigation measures.

10. How long do we store your data?

We maintain applicant records throughout the application process and for up to two years, in line with our data retention policy. This allows us to match your competencies with future openings should your initial application be unsuccessful. For candidates who join our 'Connect' network, your data is similarly held for two years to consider you for future roles. For video interviews, we retain this data for up to one year for candidates we believe could fit alternate roles. If you choose not to provide certain requested personal data, it may impact your eligibility for specific roles or our ability to fully assess your application. Notwithstanding the above, you can request the deletion of your data at any time during the two-year retention period, and we will delete it.

11. Your data protection rights

You have the right to access your data and request that we correct or delete it. You can object to processing, restrict processing, withdraw consent, object to automated decision-making, as well as every other right guaranteed under applicable data protection legislation. If you wish to exercise any of these rights, you can reach out to our Data Protection Officer at dpo@paystack.com. If you have any dispute regarding the processing of your data, you can submit a complaint to the Supervisory Authority in your respective jurisdiction.

12. Changes to the privacy notice

We may need to update, modify or amend our Privacy Notice as our technology evolves and as required by law. If we materially change how we use or share personal data previously collected from you through our Services, we will provide notice or obtain consent regarding such changes as may be required by law. The Privacy Notice will take effect on the date specified herein.

13. Contact Paystack’s Data Protection Officer (DPO)

If you have any questions relating to this Privacy Notice or would like to find out more about exercising your data protection rights, please reach out to our DPO via email at dpo@paystack.com.