Stitch Fix UK Ltd. - Recruiting Privacy Notice
Stitch Fix UK Ltd. (11270211) (“Stitch Fix”, “we”, “us”, or “our”) is committed to respecting the privacy of individuals, including its candidates for employment.
For the purposes of applicable data protection law (in particular, the General Data Protection Regulation (EU) 2016/679 (the “GDPR”)), Stitch Fix is the ‘data controller’ of your personal data.
We will obtain your personal data because you have submitted an application for a position with Stitch Fix (either directly or through a recruiter). This personal data includes, but is not limited to your names, resume/CV, application cover letters, employment history, education, qualifications and skills, references, candidate assessments (incl. interview notes), personal and work contact information, board memberships, and outside business affiliations. We will hold, use and process that personal data in accordance with the terms of this Notice.
Please do not include any sensitive personal data as part of your application, e.g., information relating to your racial or ethnic origin, political opinions, religious beliefs, trade union membership, health status, sexuality, or information regarding criminal convictions. If we do require any of this information in connection with your application, we will inform you separately and obtain any necessary consent from you.
USE OF YOUR PERSONAL DATA
We will process your personal data for the following purposes:
- As required to enter into and perform the employment contract with you.
- As required to operate our business and to pursue our legitimate interests to: make informed decisions on recruitment and ensure your suitability for the role or to keep you in mind for future roles; answer your questions; improve our recruitment; manage our IT systems; and to conduct group administration.
- In order to comply with applicable laws and the protection of our legitimate interests and legal rights including but not limited to, use in connection with legal claims, compliance, regulatory, investigative and disciplinary purposes. This includes verifying that you have the right to work in the country in which you are applying for a job with Stitch Fix.
We may also ask for your consent to carry out certain verification and staff background checks where we require this in connection with your role. Where we do process data based on consent, your consent can be withdrawn at any time.
If it is mandatory for you to provide data for these purposes, we will make this clear at the time the data is collected and will also explain what will happen if you do not provide the data.
DISCLOSURE OF YOUR PERSONAL DATA
Your personal data will be disclosed to:
- subsidiaries and/or affiliate companies for internal management purposes, and group-wide analytics (which are located in the United States);
- third parties that perform services on our behalf such as professional advisors and software providers (which are located in the United States and United Kingdom) such as Greenhouse, the recruiting information systems provider that we use, and IT consultants carrying out management of our IT systems (which are located in the United States and United Kingdom); and affiliates that perform services on our behalf such as providing back-end (IT and other) support services;
- in the event that we are sold or integrated with another business, to our advisers and any prospective purchaser and their advisers; and
- government authorities and/ or regulatory or law enforcement officials if mandated by law or if required for the legal protection of our legitimate interests in compliance with applicable laws.
TRANSFER OF YOUR PERSONAL DATA
We will store and process your personal data in countries outside the European Economic Area (the “EEA”), including the United States, which may not offer the same privacy protection as that provided within the EEA.
Where this is the case, personal data is adequately protected by EU Commission-approved standard contractual clauses (which have been implemented pursuant to Article 46 (2) of the GDPR). If you would like to obtain a copy of them, please contact us using the contact details provided below.
HOW LONG WE KEEP YOUR PERSONAL DATA
If you have emailed Stitch Fix, those emails, and any attachments to those emails, will be retained for a maximum of seven (7) years, unless otherwise required by law to retain them.
You can request that we stop holding your personal data at any time by contacting us (see the Contact Information section below).
Where applicable, you have certain rights under applicable data protection law including the right to ask us for a copy of or update the personal data held about you as well as obtain supporting explanatory materials. You can ask us to make any necessary changes to your data to ensure that it is accurate and up to date or ask us to restrict it or transfer it to other organisations or delete it at your request in certain circumstances. You also have rights to object to some processing and where we have asked for your consent to process your data, to withdraw your consent. Where we process your data because we have a legitimate interest in doing so, you also have the right to object to this. These rights are limited in some situations – for example, where we can demonstrate that we have a legal requirement to process your personal data.
CHANGES TO THIS PRIVACY NOTICE
Any changes we make to our Recruiting Privacy Notice will be posted on this page. Please check back frequently to see any updates or changes. If we change the Notice in a material way, we will notify you of this.
If you wish to exercise any of your legal rights, write to us at firstname.lastname@example.org or Stitch Fix UK Ltd, 125 Wood Street, London, EC2V 7AW. We hope that we can satisfy queries you may have about the way we process your data but if you have any unresolved concerns, you may contact the Information Commissioner’s Office in the UK at https://ico.org.uk/concerns/or telephone: 0303 123 1113.
Last Updated: 1 October 2018