EPIC GAMES CANDIDATE PRIVACY NOTICE
Effective Date: May 15, 2020
Last Modified: May 26, 2022
Epic Games, Inc. and our subsidiaries operate and support our services from different locations around the world. In this Notice, when we say “Epic” or “Epic Games” or “we”, we are referring to the relevant hiring Epic entity you are being considered for a role with. That entity is a “controller” in respect of your personal data for purposes of data protection laws and is primarily responsible for how your personal data is held, used and disclosed. When we say “personal data'' (or use similar terms, such as “personal information”), we mean information that can be used to uniquely identify you as an individual. We also collect, use, and share non-personal data that does not directly identify you as an individual.
Please note that we don’t collect all of the kinds of information detailed in this Notice from every candidate. The specific information we collect about you typically depends on the exact nature of our relationship with you, including where you are in the recruitment process, the role for which you’re being considered, and the applicable laws in your region. This Notice does not replace any national data protection laws and any such applicable laws will be followed and take precedence over this Notice where they provide for stricter standards on privacy and data protection.
Information We Collect & How We Collect
This Notice applies to information that you share with us directly, such as by submitting an application, or that we may otherwise lawfully produce or receive from third parties, such as recruitment agencies, background check providers, your references or networking websites.
While the exact kinds of personal information we collect often depend on the nature of our relationship with you, some of the most common examples include:
- Personal details such as your name, addresses, date of birth, sex, marital status, veteran status (where applicable), citizenship, government identifier (for example, National Insurance or social security number), professional memberships (where permitted by law), photographs, telephone numbers, and personal email addresses.
- Recruitment information, including copies of your passport, employment history, education, language abilities, qualifications, references, and other information included in a CV/resume or cover letter or as part of the application process.
- Immigration and/or right to work information.
- Any information you provide us during an interview and/or any test results undertaken in your interview.
- Security video images or other information included in facilities access records. For example, if you interview in one of our offices with security cameras, you may appear in video footage.
We collect information from and about any references you provide. It is your responsibility to obtain any required consent from your references prior to sharing their information with Epic. Where required by applicable law, we will also ask for your consent prior to contacting a reference that you have listed.
We may also collect the following types of more sensitive personal information:
- Information about your race or ethnicity and sexual orientation when provided voluntarily to support our commitment to equality of opportunity and treatment within the workplace.
- Information about your health, including any medical conditions if necessary to provide appropriate adjustments during the recruitment process.
- Information about criminal convictions and offenses when relevant to the role for which you have applied. Such information is however not registered or stored by us, except to the extent required or permitted by applicable law.
Epic does not require sensitive personal information regarding religion, health, sexual orientation, trade union, or political affiliation in connection with your application. Where collection of such data is permitted under applicable law and to the extent you choose to provide us with that kind of information, you expressly authorize Epic to handle such information in accordance with this Notice.
Under the California Consumer Privacy Act of 2018 (“CCPA”), the categories of information we hold about you are described as:
- Identifiers (such as your name and email address).
- Demographic information (like age, race, and gender identity).
- Audio, electronic, visual, or similar information (like photographs or voice messages).
- Geolocation information (such as your physical address).
- Employment-related information (such as job history and performance evaluations).
- Education information (such as information within your resume or background search).
- Other “personal information” as defined under California law (like your Social Security number or financial account information).
- Inferences drawn from any of these categories.
Note that some of these categories are also described as ‘sensitive personal information’ under California Law, and Epic’s use of that sensitive personal information is included below under 'How We Use Sensitive Personal Data’.
How We Use Your Information
When you applied for the role, you provided consent to Epic processing your information for the purposes of the recruitment exercise. We use information that is necessary to assess your skills, qualifications, and suitability for the role, to take steps to enter into and perform a contract with you, and to communicate with you about the application process and status of your application.
We use information based on our legitimate interest in recruiting candidates and record keeping of the recruiting process. This includes assessing and confirming candidates’ suitability for employment, and assisting with travel and immigration matters. In some cases, we may need to process information from candidates to defend against legal claims. Security video footage is used for our legitimate interest in security.
We use some information to comply with legal obligations. For example, our United Kingdom (“UK”) operations are required to check successful candidates’ eligibility to work in the UK.
Unless otherwise specified under this Notice or during the application process, personal data that we request from you is necessary for the purposes of processing your application. If you fail to provide certain information when requested, we may not be able to review your application and/or offer you a position.
How We Use Sensitive Personal Data
We will use your sensitive personal data in the following ways:
- We will use information about your disability status to consider whether we need to provide appropriate adjustments during the recruitment process, for example whether adjustments need to be made during a test or interview.
- We will use information about your race or national or ethnic origin, or your sexual life or sexual orientation, to ensure meaningful equal opportunity monitoring and reporting as part of our steps to keep under review our commitment to equality of opportunity and treatment within the workplace.
- When considering a candidate for specific roles that involve access to confidential or other sensitive information, where there are specific professional obligations and/or where a candidate will have contact with children or vulnerable adults, where permitted by law or with your consent, we use information about criminal convictions and offenses to carry out our obligations and exercise specific rights in relation to employment. In addition, where we process other sensitive information concerning criminal convictions, it is where it is necessary to carry out obligations and rights in relation to employment or for the establishment, exercise, or defense of legal claims.
How We Retain Information
To the extent required or permitted by applicable law, we generally retain candidate information for as long as necessary for our recruiting efforts and operations, including resolving disputes, conducting audits, establishing legal defenses, pursuing our legitimate business purposes, and to comply with applicable law, after which your information will be securely destroyed. If your application is successful, information collected as part of the recruitment process will be transferred to a personnel file.
In some circumstances we may anonymise or de-identify your information so that it no longer directly identifies you as an individual, in which case we may use such information without further notice to you. Epic will retain and securely destroy your personal information in accordance with this Notice, and applicable laws and regulations.
How We Share Information
Epic is a global company and so for the purposes of recruitment, your information may be shared with Epic Games, Inc. and within the Epic family of companies, which means your information could be transferred to or stored in the US or other locations outside of the European Economic Area (the “EEA”), UK, and/or your country of residence. Specifically, your information is likely to be shared with Epic entities in the US. Your information will only be disclosed to necessary members of our HR team, the relevant team managers and anyone involved in the recruitment process in order that we can make recruiting decisions.
We may use service providers to support our recruiting efforts, such as recruiting agencies, software providers, and background or reference check agencies. These service providers may be located outside your country of residence or the country where the position is located.
We may also share your information with third parties for the purposes of processing your application, such as in connection with a relocation, to coordinate travel, or to help you with immigration or other matters related to your application.
We may also share information about you if doing so is required or permitted by applicable law, including (i) to comply with law enforcement or national security requests and legal process, such as a court order or subpoena; (ii) to protect your, our or others’ rights, property, or safety; (iii) to enforce our policies and contracts; (iv) to collect amounts owed to us; or (v) when disclosure is necessary or appropriate to prevent financial loss or in connection with an investigation or prosecution of suspected or actual illegal activity.
As permitted by law and/or contract, we may also share information in the event of a possible merger, acquisition, financing due diligence, reorganization, bankruptcy, receivership, sale or restructuring of our business, or transition of service to another entity.
When your personal data is used or stored in a jurisdiction other than where you are residing, it may be subject to the law of that foreign jurisdiction, including any law permitting or requiring disclosure of the information to the government, government agencies, courts, and law enforcement in that jurisdiction. Information we transfer from the EEA or UK is subject to appropriate safeguards under applicable law, including Standard Contractual Clauses approved by the EU Commission or Information Commissioner’s Office (“ICO”) for that purpose.
If you are in the EEA or UK and would like to know more about the safeguards we put in place when transferring your personal data outside the EEA or the UK, please contact us at email@example.com
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used, or accessed in an unauthorized way, altered, or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors, and other third parties who have a business need-to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality. We have put in place procedures to deal with any suspected security breach and will notify you and any applicable regulator of a suspected security breach where we are legally required to do so.
Cookies and Tracking Technologies
Without a common industry standard for interpreting Do Not Track (DNT) signals, our recruiting site does not currently respond to browser DNT signals.
Depending on where you reside, you may have the right to:
- Request access to your personal data (commonly known as a “data subject access request”), or to know more about the categories and specific pieces of information we collect, use, and disclose.
- Request correction of the personal data that we hold about you. It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your application process.
- Request the erasure/deletion of your personal data, where there is no good reason for us continuing to process it.
- You also have the right to ask us to stop processing personal data where we are relying on a legitimate interest and there is something about your situation which makes you want to object to processing on this ground. Alternatively, in the limited circumstances where you may have provided your consent to the collection, processing and transfer of your personal data for a specific purpose, you have the right to withdraw your consent for that specific processing at any time.
- Request the restriction of processing of your personal data. This may include restricting the processing of certain information, or restricting processing for certain purposes (for example, the right to opt out of sale of personal data, if any). We do not, and have not in the past 12 months, sold candidate personal data or shared it for cross-contextual advertising purposes.
- Request to transfer your personal data to another party.
If you are applying for a role in China or South Korea and would like more details about members of the Epic Group and third party service providers, please reach out to firstname.lastname@example.org.
You may request further information or make these requests by contacting us as described in “Who to Contact” below. Note that we may ask you for additional information to help us verify who you are before completing your request. We will not discriminate against you for exercising any of your rights.
Automated Decision Making
You will not be subject to decisions that will have a legal or similarly significant impact upon you based solely on automated decision making.
Who to Contact
If you have any questions about this Notice, you (or your authorized agent) may email us at email@example.com. If you are in the EEA or UK, you can also contact our Data Protection Officer at firstname.lastname@example.org.
You may also raise complaints with a supervisory authority in your jurisdiction. The name and contact details of the Data Protection Authorities in the European Union can be found at: https://edpb.europa.eu/about-edpb/about-edpb/members_en. In the UK, the ICO is the relevant supervisory authority and their contact details can be found at https://ico.org.uk.
Updates to this Notice
We may update this Notice from time to time as necessary. When we make changes, we will change the “last modified” date above. We encourage you to check back periodically for the most recent version. If there are any material changes to this Notice, we will notify you as required by applicable law.