What We Collect & Where It Comes From
Personal information is defined as information that identifies, relates to, describes, is reasonably capable of being associated with, or could be reasonably linked, directly or indirectly, with you or (where applicable) your household. We collect personal information about you from different sources and in various ways during the application process, including information you provide directly, information collected automatically, information from third-party sources, and data we infer or generate:
|Personal Information Categories and Examples|
|Contact information and identifiers, such as first and last name, online identifiers, account and usernames, aliases, IP address, email addresses, home and postal addresses, telephone numbers, signatures, and other information described below.|
|Demographic data, such as age, date of birth, gender, marital status, spouse and dependents, military service, characteristics of protected classifications under applicable law, and other information described below.|
|Work permit status and mobility information, such as immigration, residency, and related information, remote work status, and relocation information.|
|Professional and background information, such as resumes/CVs, references, recommendations, academic and education background and qualifications, work skills and experience, professional certifications and registrations, language capabilities, training courses attended, work and salary history, information provided for and results of background checks (including background checks), health screenings or certifications, and driving and vehicle licensing and history, and inferences from other data we collect for purposes other than creating a profile, including using automated means to generate information about your likely preferences or other characteristics (“inferences”).|
|Benefits information, such as information for determining benefits and cost estimation, (which may require information about gender, age, birthdate, marital status, and information about your spouse and dependents).|
|Travel information, such as loyalty programs numbers, dates and length of travel, hotel names and locations, and travel routes (including departures, stops, and destination points).|
|Audio, electronic, visual, thermal, olfactory, or similar information, including facial images and voice information, such as photos, videos, CCTV, voice recordings, and sensor data.|
|Personal vehicle information, such as license plate number, color, year, make, and model.|
|Geolocation and location data, such as approximate location based on an IP address or device identifier, office location, conference room booking locations, travel location information described above, and company vehicle movements.|
|Internet or other electronic network activity, including analytics or monitoring data as related to your communications and access to and use of company devices, systems, wi-fi, internet service, internal and external websites, equipment, applications, databases, network resources, and infrastructure (“Company Systems”); personal devices used to connect to Company Systems; usernames and passwords; system log data such as IP address, browser type, and language, device information, access times, and referring website addresses; information collected through web beacons, like cookie IDs; information collected through mobile apps, like mobile device IDs; usage data, such as time spent on Company Systems, features used, and actions taken in Company Systems, including page views, links clicked, and documents downloaded; content and other metadata relating to voice calls, voicemail, emails, chats, messaging, documents, and other communications, data, and files stored or transmitted through Company Systems.|
|Other information necessary for legitimate human resources, business, security, or safety-related purposes.|
Sensitive Personal Information
We may also collect certain “sensitive” or “special categories” of personal information, including:
- Government issued identifiers, such as social security information, driver’s license, state identification card, or passport number;
- Racial or ethnic origin, religious or philosophical beliefs, or union membership;
- Genetic data;
- Biometric information (where used for purpose of uniquely identifying an individual);
- Health information; and
- Information relating to sex life or sexual orientation.
Third Party Sources
We also may receive personal information from our third-party partners, including:
- Service providers (e.g., expense reimbursement services, recruiters);
- Insurance and benefits providers;
- Travel partners (e.g., travel agents and portals and rideshare companies);
- Background check services; and
- Online sources, including social networks and recruiting sites (e.g., LinkedIn).
How We Use Personal Information
We use the personal information to support the recruitment and hiring process, including:
|Purposes of Use||Categories of Personal Information|
|Recruitment and hiring decisions||Contact information and identifiers; professional and background information; benefits information; geolocation and location information; internet or other electronic network activity; sensitive personal information; and other information|
|Interview travel and expense reimbursement processing||Contact information and identifiers; travel information; internet or other electronic network activity; sensitive personal information; and other information|
|Benefits eligibility determination||Contact information and identifiers; benefits information; geolocation and location information; internet or other electronic network activity; sensitive personal information; and other information|
|Diversity, equity, and inclusion programs||Contact information and identifiers; demographic data; internet or other electronic network activity; sensitive personal information; and other information|
|Legal and policy compliance||Contact information and identifiers; demographic data; work permit status and mobility information; professional and background information; benefits information; travel information; audio, electronic, visual, thermal, olfactory, or similar information; personal vehicle information; geolocation and location information; internet or other electronic network activity; sensitive personal information; and other information|
|Managing, monitoring, protecting, and improving Company Systems, assets, and resources, including managing and protecting unauthorized access and use||Contact information and identifiers; travel information; audio, electronic, visual, thermal, olfactory, or similar information; personal vehicle information; geolocation and location information; internet or other electronic network activity; sensitive personal information; and other information|
|Managing, monitoring, protecting, and improving facilities and café services||Contact information and identifiers; employment and performance information; travel information; audio, electronic, visual, thermal, olfactory, or similar information; personal vehicle information; geolocation and location information; internet or other electronic network activity; sensitive personal information; and other information|
|Managing and improving workplace efficiency and effectiveness||Contact information and identifiers; demographic data; work permit status and mobility information; professional and background information; benefits information; travel information; audio, electronic, visual, thermal, olfactory, or similar information; personal vehicle information; geolocation and location information; internet or other electronic network activity; sensitive personal information; and other information|
|Communications and collaboration||Contact information and identifiers; demographic data; work permit status and mobility information; professional and background information; benefits information; travel information; audio, electronic, visual, thermal, olfactory, or similar information; personal vehicle information; geolocation and location information; internet or other electronic network activity; sensitive personal information; and other information|
|Personalization to understand your preferences to enhance your recruitment experience||Contact information and identifiers; travel information; internet or other electronic network activity; and other information|
|Delivery of information, goods, and services||Contact information and identifiers; sensitive personal information; and other information|
|Research and improvement of Company Systems, processes, products, services, and technology|
How We Share Personal Information
We sometimes disclose personal information, including sensitive personal information, if necessary and as required by law.
|Category of Recipient &|
Purpose for Disclosure
|Categories of Personal Information|
|Vendors or agents working on our behalf, including companies we’ve hired to provide recruiting; background check services; payroll, benefits, and administrative services; detect fraudulent, deceptive, or illegal activity; measure and analyze the use of Company Systems, network, and devices, and protect and secure our systems and services|
|Law enforcement and those legally required, including to comply with applicable law or respond to valid legal process; to operate and maintain the security of Company Systems; to protect the rights or property or ourselves or others; and to act in urgent circumstances, such as protecting the health or personal safety of an individual|
How Long We Keep Personal Information
We keep personal information as appropriate to assess your candidacy, for the employment and post-employment relationship, to fulfill the purposes described in this policy, comply with our legal obligations, resolve disputes, and enforce our agreements. Actual retention periods can vary significantly based on your expectations and consent, the sensitivity of the data, the availability of automated controls, and our legal or contractual obligations.
Transferring Personal Information
Personal information we collect may be stored and processed in your country or region, or in any other country where we or our affiliates, subsidiaries, or service providers process data. Currently, we primarily use data centers in the United States. These locations were chosen to operate efficiently and improve our performance.
We take steps to protect your information as described in this policy wherever the data are located, some of which have not been determined by the European Commission to have an adequate level of data protection. When we do so, we use legal mechanisms, including contracts, to help ensure your rights and protections. To learn more about the European Commission’s decisions on the adequacy of personal data protections, please visit: https://ec.europa.eu/commission/presscorner/detail/en/ip_22_7631.
If you are a resident of California, Virginia, Utah, Colorado, or Connecticut, you have certain rights and choices you should know about:
Notice at Collection: You have a right to receive notice of our practices before or when we collect your personal information, including the categories of information and sensitive personal information collected, the purposes for which such information is collected or used, whether such information is sold or shared, and how long such information is retained. You can find those details in this policy under the headers above.
Right to Know: You have a right to see the personal information we have collected about you. You may request your personal information by contacting us at firstname.lastname@example.org.You also have a right to request additional information about our collection, use, disclosure, selling or sharing of such information. You can find those details in this policy under the headers above.
Rights to Request Correction or Deletion: You also have rights to request that we correct inaccurate information about you or delete your personal information. You can update your personal information by emailing email@example.com, and delete your data at any time by contacting us at firstname.lastname@example.org. Please note that there may be legal reasons for us to keep your data, such as for regulatory compliance.
Right to Opt-Out/Right to Limit Use and Disclosure of Sensitive Personal Information: You have a right to opt-out from the “sale” or “sharing” of your personal information and limit the disclosure of your sensitive personal information. However, Noom does not sell or share candidate personal information, or use sensitive personal information for anything other than to support your application as described above.
Right Against Discrimination: We will never discriminate against you for exercising these rights.
You may designate, in writing or through a power of attorney, an authorized agent to exercise these rights on your behalf. Before accepting such a request from an agent, we will require the agent to provide proof you have authorized them to act on your behalf, and we may need you to verify your identity directly with us.
EEA, UK, and Switzerland Residents
If the processing of your information is subject to the European Economic Area (EEA), United Kingdom (UK), or Swiss data protection law, you have certain rights with respect to that data:
- You can request access to, and rectification or erasure of, your information by contacting us at email@example.com;
- If any automated processing of your information is based on your consent or a contract with you, you have a right to transfer or receive a copy of the personal data in a usable and portable format;
- If the processing of your information is based on your consent, you can withdraw consent at any time for future processing;
- You can object to, or obtain a restriction of, the processing of your information under certain circumstances; and
- For residents of France, you can send us specific instructions regarding the use of your data after your death.
To make such requests, please contact us at firstname.lastname@example.org. When we are processing data on behalf of another party that is the “data controller,” you should direct your request to that party. You also have the right to lodge a complaint with a supervisory authority, but we encourage you to first contact us with any questions or concerns.
We rely on different lawful bases for collecting and processing your information. For example, with your consent or as necessary to provide the services you use, operate our business, meet our contractual and legal obligations, protect the security of our systems and our customers, or fulfill other legitimate interests.
If you have any questions about our data processing activities, please contact us at email@example.com.
If you think that we haven’t complied with data protection laws, you have a right to lodge a complaint with the Data Protection Commission in Ireland or with your local supervisory authority.
We may change this policy from time to time and if we do, we’ll post any changes on this page. If you continue to use Noom after those changes are in effect, you agree to the new policy. If the changes are significant, we may provide more prominent notice or obtain your consent to the changes.
The best way to get in touch with us is by emailing firstname.lastname@example.org or at
Attention: Privacy Officer
450 W. 33rd. St., 11th Floor
New York, NY 10001.
Updated June 30, 2023.