Job Candidates Privacy Notice

SummaryThis Job Candidates Privacy Notice explains how Nebius Group N.V. and its affiliates collect, use, store, and protect personal data during the recruitment process. It details the types of data collected, the legal basis for processing, data sharing practices, retention periods, and candidates’ rights under applicable privacy lawsPurposeThe purpose of this Notice is to inform job candidates about how the Company collects, uses, and protects their personal data during the recruitment process. It outlines the rights candidates have under applicable privacy laws and the measures the Company takes to secure this information.ApplicabilityThis Job Candidates Privacy Notice (“Notice”) describes how all (participated) Companies, Affiliates, Subsidiaries of Nebius Group N.V., (“the Company”, “the Group”, “we”, “our” or “us”) - with its legal seat in The Netherlands, at the Schiphol Boulevard 165, 1118 BG Schiphol, treat the personal data of its candidates (“you” or “yours”, “Candidates”).

1. Data controller

Nebius Group N.V., jointly with the Affiliate, Company, or Subsidiary you are submitting your job candidature to, is the Data Controller of your personal data, Our Service Providers processing such personal data will assume the role of Data Processors. Moreover this Notice explains:

How we utilise, store, secure that personal data; and
How to access and update said personal data

We strongly urge you to read this Notice and make sure that you fully understand it. If you accept an offer of employment with the Group, you should refer to the Employees Privacy Policy for information about how we process employees personal data, which will be provided to you during your onboarding process.

2. Personal data collection and usage

Throughout the application and recruitment process, you may provide us (or we may otherwise have access to) personal data about you, like, for example:

name;
date of birth;
contact details, such as address, email address and telephone number;
photograph if provided by you;
marital status, only when strictly necessary;
CV;
education details;
employment history and locations of previous employment;
referee details;
your signature, including in electronic form;
immigration status (whether you need a work permit);
nationality/citizenship/place of birth;
a copy of your passport/identity card, if required under applicable law;
social security number (or equivalent in your country) and any other tax-related information;
extra information that you choose to share with us;
any additional information required by local legislation; and
information provided by the recruiting agency if you are presented by such an agency

It remains your responsibility to obtain consent from your referees before providing their personal information to us. We collect this personal data about you to allow the recruitment process to run smoothly on the grounds of our legitimate interest and in order to comply to the legal obligations applicable to us and - when we find a match, to being able to formalise the administrative aspects leading to a contractual employment relation with you. Depending on the relevant circumstances and applicable local laws and requirements, we may collect some or all of the information listed. We may use such personal data to assess skills and qualifications, and overall to verify, consider and process your application and eligibility for any of our positions, and to communicate with you regarding such processes. We may also use it, (upon full anonymisation), to create aggregated statistical or inferred data regarding our Candidates, for further development and improvement of our recruitment processes. It should be noted that Nebius, being an entity established within the EU, is subject to Article 3.1 of the General Data Protection Regulation (GDPR). Nevertheless, this is an international policy and it is important to note that in some jurisdictions, we might be restricted from processing some of the data outlined before. In such cases, the restricted personal data is not going to be processed in those jurisdictions. In some regions, outside the European Union and the European Economic Area, (EU/EEA), we may also require you to submit special data relating to your ethnicity, gender, and whether you have a disability, to ensure our compliance with our legal obligations under applicable law, to the extent this is legally required and/or allowed, we will obtain your explicit consent prior to any such collection and use. You will never be subject to decisions that will have a significant impact on you, based solely on automated decision-making.

3. Processing purpose and retention of your data

Under GDPR, being the leading legislation for the Group, we will use and process your personal data as part of the employment application process at the Company, for the following purposes and in reliance on the legal grounds tailed below:

Purpose	Lawful Basis for Processing
To evaluate your suitability for a role at the Company and progress your application	Contractual grounds (to evaluate the possibility and suitability for entering an employment contract with us)
To retain your personal data in order to contact you about other suitable roles within the Company in the future	Legitimate Interests Consent (to retain resumes’ for further 12 months in the EU/EEA)
To maintain our internal records of recruitment and employment applications	Legal Obligations (e.g., retention requirements) Legitimate Interests (to maintain a record for future use)
To create your employee personnel file, if you are hired	Contractual grounds (to fulfill our obligations as an employer) Legal Obligations Legitimate Interests (to facilitate HR functions)
To comply with applicable legislation and industry codes	Legal Obligation
To manage risk and enhance our security and anti-fraud measures	Legal Obligation Legitimate Interests
To further develop and improve our recruitment processes	Legitimate Interests
To protect the rights and interests of the Company and its affiliates	Legitimate Interests

If you reside in a territory governed by privacy laws under which “consent” is the only or the most appropriate legal basis for the processing of personal data as described herein, your acceptance of this Notice will be deemed as your consent to the processing of your personal data for all purposes detailed in this Notice. If you wish to revoke such consent, you may do so at any time by contacting us at privacy@nebius.com. Your personal data will be retained until the role you apply for is succesfully fulfilled and the appropriate candidate has been identified, and - if you are applying to a role in the EU/EEA, for a maximum of four weeks after said moment. Before this deadline, we will provide you with the possibility to opt in for the retention of your personal data for a further period of 24 months in order to be considered for other (similar) roles opening during this time.

4. How we store your data

The Company operates globally, which means your personal data may be processed outside the country or region where it was originally collected. In some countries you might enjoy a lower level of data protection than you do in your country of residence. While privacy laws may vary between jurisdictions, the Company, its affiliates and Service Providers processing personal data on our behalf, are all committed to protect personal data in accordance with this Notice, and the appropriate lawful mechanisms and contractual terms requiring adequate data protection, regardless of any lesser legal requirements that may apply in the jurisdiction to which such data is transferred.

5. Data transfers

To the extent we transfer your personal data as a resident of the EU and the European Economic Area (EEA), UK, or Switzerland, to countries that have not been recognised as offering an adequate level of data protection by the European Commission, we rely on appropriate contractual undertakings and data transfer mechanisms as established under applicable law, such as the most recent version of the standard contractual clauses (SCCs), adopted by the EU (available here: Standard Contractual Clauses (SCC)).

6. Data security measures

The Company has implemented solid physical, procedural and electronic security measures designed to protect the personal data of our Candidates. These measures provide sound industry standard security. Please be aware that regardless of the measures we take and the efforts we make, we cannot and do not guarantee the absolute protection and security of any personal data stored with us. We will share your personal with our group companies, (including those in our overseas offices) and subsidiaries, in relation to the above stated purposes. Where appropriate and in accordance with local laws and requirements, we may share certain of your personal data, in various ways and for various reasons, with the specific categories of people:

third parties, in order to comply with our legal obligations, for example in relation to immigration requirements;
third parties who we have retained to provide services such as reference or background checks, to the extent that these checks are appropriate and in accordance with local laws; and
if the Group or the specific entity you are applying to merges with or is acquired by another business or company in the future, we may share your personal data with the(prospective) new owners of the business or company.

Also, we will share data with a few selected third-party service providers, whose services and products complement, facilitate and support our own and our activities. These include any recruitment firms that have referred you to us (or vice versa), candidate evaluation centers, recruitment software providers and recruiters, background checks providers, (when this is justified by the role and in the limit and conditions under applicable law), data storage and cybersecurity services, and - when applicable- our business, legal, compliance and financial advisors (collectively, “Service Providers”). Such Service Providers actually receive limited access to our Candidates’ personal data, depending on each of their particular roles and purposes in facilitating and enhancing our recruitment process, and may only use it for such purposes. Additionally, we may disclose or otherwise allow access to any Candidates’ personal data pursuant to a legal request, or in compliance with applicable laws, with or without notice to you, if we believe in good faith that we are legally required to do so, or that disclosure is appropriate in connection with efforts to investigate, prevent, or take action regarding actual or suspected illegal activity.

8. Your rights

You enjoy a set of specific rights under the GDPR, these rights include:

the right to request access to the personal data we hold about you, its rectification, amendment or erasure,
the right to have the processing restricted;
the right to receive your personal data in a structured, commonly used and machine readable format and to transmit those data to another controller in a easy manner,
you also have the right to object at any time to any processing of your data which is based on our legitimate interests, or to withdraw at any time your consent to any processing of your data on the basis of such consent, (each as detailed in Section 5 above)

You may exercise these rights by contacting us privacy@nebius.com, and we will revert to you within one month. Please note that we may require additional information, including certain personal data, in order to verify and process your request. Such additional information may then be retained by us for legal purposes, (e.g., as proof of the identity of the person submitting the request), in accordance with Section 2 above. Additionally, you have a right to lodge a complaint with your competent data protection authority, such as the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) in The Netherlands, the supervisory authority in the EU Member State of your habitual residence, place of work or of the alleged GDPR infringement, the UK’s Information Commissioner’s Office, or your data protection authority, (as applicable to the jurisdiction specific to your case).

9. Specific privacy requirements for U.S. residents

Certain U.S. privacy laws, like the CCPA (California Consumer Privacy Act), require specific disclosures for California residents. This policy is meant to support you in understanding how the Company processes your personal data: in the paragraphs above we provided the following disclosures: I- the categories of personal data we collect and the sources of this information; II- how we use this personal data; III- when we disclose this personal data and how we store this data. The Company will never sell your personal data and does not “share’ this data under the definition of the CCPA. A few State laws also provide the right to request information on how we collect, utilise and disclose your personal data. In certain cases you also have the right to access and amend your personal data, request deletion and not to be subject to any discrimination for exercising these rights. If you have any question or concern related to how we process your personal data under CCPA or would like to exercise your rights, please contact: privacy@nebius.com. California residents have the right to designate an authorized agent to make a request on their behalf. If you would like an authorized agent to do so, you should either (a) directly confirm with us that you provided the authorized agent permission to submit the request, (b) or provide the authorized agent with your power of attorney in accordance with the law of the jurisdiction in which you are located, or (c) submit the request in accordance with applicable legislation.

10. Notice updates and changes

We may update this Notice to reflect changes in our privacy practices. If we make any changes that we deem as “material”, we will update this page prior to the change becoming effective. Please consult this page regularly not to miss any important update.

11. Contact information for questions and concerns

If you have any comments or questions regarding our data practices or your privacy, or if you have any concern or request regarding the personal data held with us, or if you wish to submit a complaint about how your personal data is being processed by the Company, you can contact our Group Data Protection Officer and/or our Privacy Office at privacy@nebius.com.

Publication date: April 1, 2025
Effective date: April 1, 2025 Previous version of the document: https://docs.nebius.com/legal/archive/hr-privacy-policy-20241015

Nebius AI Cloud legal documents

​Job Candidates Privacy Notice

​1. Data controller

​2. Personal data collection and usage

​3. Processing purpose and retention of your data

​4. How we store your data

​5. Data transfers

​6. Data security measures

​7. Data sharing and third party access

​8. Your rights

​9. Specific privacy requirements for U.S. residents

​10. Notice updates and changes

​11. Contact information for questions and concerns