This information notice explains how we process your personal data when you engage with us during recruitment process and subsequent activities. 

Data Controller 

Piano Software Inc. Philadelphia, US and affiliated companies belonging to Piano group (collectively, “Piano”, “we”, “us”, “our”, or “we”) 

privacy@piano.io 

Mail: Attn: Piano Software Group DPO 
Štefánikova 14 
Bratislava, 811 05 
Slovakia (EU) 

Purpose and Legal Basis of Processing 

Piano processes personal data for the purpose of managing and administering the recruitment process, assessing the suitability of candidates, making hiring decisions, and performing all actions necessary to enter into an employment contract with the selected candidate. 

The processing is carried out on the following legal bases: 

• Article 6(1)(b) GDPR – processing necessary to take steps at the request of the data subject prior to entering into an employment contract; 

• Article 6(1)(c) GDPR – compliance with legal obligations arising from employment and labour law; 

• Article 6(1)(f) GDPR – the legitimate interest of Piano to conduct an effective, fair, and lawful recruitment procedure; 

• Article 9(2)(b) GDPR – processing of special categories of data where required to carry out the obligations and exercise specific rights of the controller or the data subject in the field of employment law. 

What Personal Data We Process 

Piano may process the following categories of data: 

1. Identification and contact details; 

2. Curriculum vitae, education, qualifications, and professional experience; 

3. Application documents, interview notes, and assessment results; 

4. Reference information provided by referees; 

5. Background verification results where legally permissible; 

6. Any other information voluntarily provided by the candidate during the recruitment process. 

Personal data may be obtained directly from the candidate or recruitment agencies/online recruitment platforms. In some cases we may obtain data from referees indicated by the candidate or publicly accessible professional profiles, where relevant to the position applied for. 

Recipients of the Personal Data 

Personal data may be disclosed to Piano personnel responsible for recruitment and HR management or third-party service providers supporting the recruitment and assessment process. We might be obliged to provide personal data to public authorities or regulatory bodies, where required by applicable law. 

All recipients are required to process personal data in accordance with GDPR and maintain appropriate safeguards. 

International Data Transfers 

Where personal data is transferred to recipients outside the European Economic Area, such transfers are conducted in accordance with GDPR requirements, ensuring adequate levels of data protection through appropriate safeguards, including adequacy decisions or Standard Contractual Clauses. 

How Long We Keep Your Data 

1. Successful Candidates: 

The personal data of selected candidates will be retained and incorporated into the employment file in accordance with the company’s employee data retention policy and applicable labor laws relevant for each jurisdiction. 

2. Unsuccessful Candidates: 

The personal data of unsuccessful candidates will be retained for a period of 24 months following the conclusion of the recruitment process for the purpose of documenting the proper conduct of the recruitment procedure and defending potential legal claims. Thereafter, the data will be securely deleted or anonymized, unless the candidate provides explicit consent for retention in a talent pool for future recruitment opportunities. 

 Your Rights as Data Subject 

Candidates have the following rights under the GDPR: 

• Right of access to personal data; 

• Right to rectification of inaccurate or incomplete data; 

• Right to erasure (“right to be forgotten”); 

• Right to restriction of processing; 

• Right to object to processing; 

• Right to data portability; 

• Right to withdraw consent at any time (where consent is the legal basis of processing). 

Requirement to Provide Personal Data 

The provision of personal data is necessary for the assessment of the candidate’s suitability and the execution of the recruitment process. Failure to provide such data may prevent Piano from evaluating the application or proceeding with the recruitment process. 

For any questions or concerns regarding this notice or the processing of personal data, please contact: privacy@piano.io