Carestream is committed to respecting the privacy of the individuals with whom we work. Carestream has a Global Privacy Policy that protects all the personal information that is entrusted to us, no matter how or where it is collected, used or stored. We also comply with applicable privacy and security laws.
This Privacy Statement is designed to provide you with an overview of our practices regarding the personal information we collect, use, store and, when necessary, transfer, in connection with our recruiting and hiring functions It also provides information about how to access your information and exercise other privacy rights that you may have.
This Privacy Statement is being provided by Carestream for itself and its affiliates. You can contact us at:
Carestream Health, Inc.
Privacy Office/Legal Department
1565 Jefferson Road
Rochester, NY 14623
privacy@carestream.com
By applying for a position with Carestream, you consent to our processing your personal information as described herein.
1. Sources of Personal Information
In many cases, we collect personal information directly from you. We may also obtain information about you from third parties, such as recruiters, background screening companies, and platforms, such as LinkedIn. We may collect information about you automatically when you apply for a job online.
When we collect information from you about other individuals, such as people you list as references, we rely on you to obtain consent from them for the disclosures to us where required by law and to provide them with information about their rights and our privacy practices.
2. General Purposes for Collecting, Using and Disclosing Personal Information
We only collect, use and disclose personal information when we have a legal basis for the processing. We process your personal information as needed to evaluate your job application and for other customary human resources purpose. We generally collect, use, and disclose personal information from job applicant for the following purposes:
3. Specific Categories of Personal Information
This chart describes the categories of Personal Information that we collect from candidates in connection with our recruiting functions.
Contact Information |
||
Representative Data Elements |
You name, previous names and preferred names |
|
Sources |
We collect this information from you and from recruiters. We may also obtain your information from publicly available sources, such as LinkedIn. We may use a service provider to update or standardize mailing addresses. |
|
Primary Purposes for Collecting |
We use contact information to communicate with you by mail, email, telephone or text, such as to schedule interviews or provide status of your application. |
|
Categories of Recipients |
We disclose contact information to our affiliates, service providers, contractors and others, such as couriers and telecommunications providers. |
|
Candidate Information |
||
Representative Data Elements |
Biographical data, resume or CV |
|
Sources |
We collect this type of information from you and from publicly available sources, such as LinkedIn, background screening companies, former employers and third parties that verify your credentials. We may receive information from individuals that provide you with professional references. |
|
Primary Purposes for Collecting |
We use this information to help us understand you and your skills, to determine if you would be a good fit for the job that you applied for or other job opportunities that we may have. |
|
Categories of Recipients |
We disclose employee information to our affiliates, service providers, contractors and others, such as travel agencies, if we schedule interviews. |
|
Application Information |
||
Representative Data Elements |
Position applied for, with date of application and related data |
|
Sources |
We collect this type of information from you and from others, such as recruiters or professional references. We may collect this information automatically, such as if you apply for a job online. |
|
Primary Purposes for Collecting |
We use transaction information to manage our recruiting activities, to assess your qualifications for the job and for internal business purposes, such as assess overall response to our job postings. |
|
Categories of Recipients |
We disclose transaction information to our affiliates, service providers, contractors and others, such as recruiters. |
|
Online & Technical Information
|
||
Representative Data Elements |
IP address |
|
Sources |
We collect these data elements automatically when you interact with us online. |
|
Primary Purposes for Collecting |
We use the online and technical information for system administration, technology and asset management, information security and cybersecurity purposes. |
|
Categories of Recipients |
We disclose this information to our affiliates, service providers, contractors and others, such as IT and security consultants. |
|
Where permitted by law, we may collect inferred or derived information, such as a “success score” or “potential score”. We create inferred and derived data elements by analyzing information from your resume. These scores can help us predict which candidates will be successful in our company.
We may also collect certain sensitive data elements, such as your race or ethnicity, gender and disabilities for the purposes of equal opportunity program monitoring, to comply with anti-discrimination laws and for government reporting obligations.
If you interview with us, we may collect additional data as needed to facilitate the interview. For example, we collect audio-visual information if we conduct interviews using video-conferencing tools. We may collect financial information if needed to reimburse you for expenses, or health information if you need an accommodation. In each case, we only use and disclose the information for the purpose for which it was collected and our Everyday Business Purposes.
If we make you an offer of employment, we will also collect information needed for background screening and legal compliance, including your government-issued identification number as needed for background screening (verification and/or vetting) and to document your eligibility to work. In this case, we will handle your information in accordance with our Human Resources Privacy Statement
4. Sensitive Personal Information
We collect, use and disclose sensitive personal information as needed for the purposes listed above. We do not use or disclose sensitive personal information about our workers other than as necessary for our human resources and compliance functions and for other legally authorized purposes. We do not process any sensitive personal information for the purpose of inferring characteristics about you.
5. Collection of Personal Information by Third Parties
In most cases, we only allow third parties to control the collection of personal information when those third parties are acting as a service provider or a contractor to us. These companies only retain, use and disclose your personal information in accordance with our contracts and applicable laws. However, we may receive personal information from third parties that we hire to identify candidates for us. These recruiters may collect personal information from you directly or from platforms where you have posted your biographic data such as job boards, professional organization or platforms such as LinkedIn.
6. Disclosures to Service Providers, Contractors and Other Entities
We do not sell personal information pertaining to our candidates or share it with third parties for cross-contextual behavioral targeting. We may disclose your personal information to the categories of recipients listed above in the following circumstances:
Your personal information is share d within Carestream (among our affiliates) as needed to achieve the purposes set forth above. Our affiliates are all bound by our Global Privacy Policy.
We may disclose your personal information with our data processors, service providers and contractors. These companies may only use the data only as permitted by our contracts with them.
We may also disclosure your personal information as permitted by law, including (I) with your consent, such as to screening companies, (II) as reasonably needed to protect your vital interests, such as in the event of a medical emergency or natural disaster, (III) to our auditors and advisors, such as in connection with any internal investigations or for legal matters, and (IV) to a n acquiring organization if we are involved in a sale or a transfer of some or all of our business. We disclose personal information when required by law, including to law enforcement agencies and courts in the countries where we operate.
7. Your Privacy Choices
Carestream respects your rights to access, correct and request erasure or restriction of your personal data as required by law. Depending on your country or state or residence, these rights may include:
The right to be informed about our collection, use and disclosure of your personal information.
The right to know if we maintain your personal information, and if we do, to access that information (subject to the rights of others) and to request that we provide your information in a portable format.
The right to ask us to correct your information if it is incomplete or incorrect.
The right to object to our processing of your personal information, and if we are processing your personal information based on your consent, to withdraw your consent at any time.
The right to ask that we delete your personal information.
California residents also have the rights to opt-out of the sale of their personal information or sharing of their personal information for cross-contextual behavior advertising, and the secondary use and disclosure of sensitive personal information. Carestream does not sell or share your personal information, and we do not use or disclose your sensitive personal information other than for the purposes described above.
To exercise your rights, please visit Your Privacy Choices. You can also contact the Carestream Privacy Office at privacy@carestream.com .Current Carestream employees may also contact their human resources manager.
Please understand that these rights are subject to some limitations. For example, we may require documentation to support certain corrections to your information, and we generally cannot restrict or delete personal information in those situations where our retention is required for our internal business purposes or to comply with law.
We will not retaliate against you if you exercise your privacy rights.
8. Automated Decision-Making and Profiling
We do not use profiling techniques or make automated employment decisions that may significantly affect you, unless (1) the decision is necessary as part of a contract that we have with you, (2) we have your explicit consent, or (3) we are required by law to use the technology . However, where permitted by law, we my use automated tools to reject job applications where the information you provide indicates that you do not meet the minimum qualifications for the job, such as having the right level of experience. We may also automatically reject applicants if the position is filed before your application has been considered.
9. Financial Incentives
Carestream does not offer financial incentives for the collection or sale of personal information from job applicants.
10. Information Security
We have implemented an information security program that is reasonably designed to protect the confidentiality and security of all the personal information that is entrusted to us. Our security safeguards protect a gainst unauthorized access, improper use, alteration, destruction or accidental loss. Our service providers and data processors are contractually required to implement appropriate security controls.
We have also implemented procedures to deal with any actual or suspected data security breach and will notify you and the applicable authority about a breach as required by law.
11. Data Retention
We generally retain job applicant data for 2 years from the data of your application. This retention period allows us to analyze the response to our job posting over time. We may also identify other opportunities within Carestream that might be of interest to you. You can request that we delete your personal information by exercising Your Privacy Choices . If we do not have a legal basis for retaining your information, we will delete it.
Please note that if you are hired by us, your application data will become part of your human resources file, and subject to our Human Resources Privacy Notice.
12. International Transfers
Carestream is headquartered in the United States. Your personal data may be transferred to, stored at or processed in a location outside the country or state of your employment which may not have equivalent privacy or data protection laws. However, regardless of where your personal data is transferred, we will protect it in accordance with our policies and applicable law. Where required, we use approved Standard Contractual Clauses and other approved data transfer mechanisms to assure that personal data is adequately protected. Please contact our Privacy Office at privacy@carestream.com if you would like more information about cross-border transfers or to obtain a copy of any applicable Standard Contractual Clauses.
13. Questions or Complaints
You may contact your local human resources manager or the Carestream Data Protection Officer if you have any questions or complaints. If you believe that we have processed your Personal Information in violation of applicable law, you may file a complaint with the Carestream Privacy Office via email to privacy@carestream.com.
Depending on your country of residence, you may also file a complaint with a data protection regulator, or with a supervisory authority.
14. How to Contact the Privacy Office
We welcome questions and concerns! You can always reach the Carestream Privacy Office via email to privacy@carestream.com.