EU and UK Candidate Privacy Notice
Last updated: June 30, 2026
What is the purpose of this Notice?
Airship is committed to protecting the privacy and security of your Personal Information as a data controller. You are being provided this Notice because you are applying for work with us. This Notice provides you with certain information required under applicable data protection law, including the EU General Data Protection Regulations 2016/679 and the UK’s data protection legislation including the Data Protection Act 2018 (as amended by the Data (Use and Access) Act 2025) (UK GDPR) as applicable (‘GDPR’). This Privacy Notice applies to job applicants only. This Privacy Notice applies to job applicants located in the United Kingdom and the European Union only.
When referring to “Personal Information” in this Notice, we mean information that personally identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, (e.g. your name, email address, device information, IP Address) to an individual or could be reasonably linked to such information. This notice does not form part of any contract of employment or other contract to provide services.
Data Protection principles
We will comply with data protection law and principles, which means that your Personal Information will be:
- Processed lawfully, fairly, and transparently: we ensure that your data is handled in a manner that is legal, fair and clear to you
- Collected for a specified, legitimate purposes: Data is gathered only for clearly defined and valid reasons, which we have communicated to you, and will not be used in ways that are incompatible with those purposes.
- Relevant and limited: We collect only the data necessary for the purpose we`ve outlined, ensuring it is pertinent and not excessive.
- Accurate and up-to-date: We strive to maintain the accuracy of your data and update it as necessary.
- Retained only as necessary: Your data is kept only for as long as needed to fulfill the purposes we have communicated.
- Secured appropriately: We implement robust security measures to protect your data from unauthorised access or disclosure.
The kind of information we hold about you
In connection with your application for work with us, we will collect, store, and use the following categories of Personal Information about you:
- Information from your curriculum vitae and covering letter
- Details from the application form and your resume or CV, including:
- Name
- Current job title and company (if applicable)
- Telephone number
- Personal email address
- Website, Portfolio, or GitHub link (if applicable)
- LinkedIn Profile
- Education and training
- Information provided during the background verification process
- Information provided during interviews
- Information generated by AI-assisted recruitment tools used as part of the application process, including:
- Applicant fraud detection scores and verification outcomes
- Resume screening scores and candidate evaluation results
- Information collected or derived by AI tools from publicly available sources, including social media profile authenticity and consistency signals
- Technical data processed by AI tools, such as IP address, device information, browser data, and VPN or proxy indicators.
We may also collect, store and use sensitive Personal Information, about your health, including any medical condition, health and sickness records, that you may have provided to us voluntarily.
How is your Personal Information collected?
We collect Personal Information about candidates from the following sources:
- You, the candidate: Information provided directly through applications, interviews, and other communications.
- Recruitment agencies: Data provided by agencies you have engaged with.
- Background check providers and credit reference agencies: Information obtained during background and, if applicable to your role, credit checks.
- Named referees: Data collected during reference conversations with individuals you have identified.
- Publicly accessible sources: LinkedIn, Github, Gitlab, Behance, and other professional directories and websites if you share such sources with us to showcase your work during the candidacy process.
- Internal records: We may review prior applicants for some roles within Airship to determine eligibility for current openings.
- AI-assisted recruitment and identity verification service providers: We use third-party AI-powered tools to assist with applicant fraud detection and resume screening. These tools may collect or derive information about you from your application materials, publicly available sources (such as professional networking sites and company databases), and technical data associated with your application (such as IP address and device information). All outputs from these tools are advisory only and are reviewed by Airship’s People Operations team before any hiring or fraud determination is made.
How we will use the information about you
We will process your Personal Information for the following purposes and legal bases:
- To assess your qualifications for the role (legitimate interests: ensuring qualified hires).
- To conduct background checks (legal obligation: compliance with applicable laws).
- To communicate with you during the recruitment process (contract necessity: pre-contractual steps).
- To evaluate your suitability for the role and to determine whether to proceed with offering you a contract of employment.
- To detect and prevent applicant fraud, including identity verification, detection of synthetic or fabricated applications, and validation of information provided in your application (legitimate interests: protecting the integrity of Airship’s hiring process and preventing fraud).
- To evaluate and rank your application against job-specific criteria using AI-assisted resume screening tools (legitimate interests: ensuring effective and consistent candidate evaluation). Where required by applicable law, we will obtain your consent before processing your Personal Information through AI-assisted tools or provide you with the opportunity to request an alternative review process.
Processing your Personal Information is in Airship`s legitimate interests to ensure we hire the most qualified candidates. We balance this interest against your rights by limiting data collection to what is necessary and implementing robust security measures. Where we use AI-assisted tools in the recruitment process, we have conducted a balancing test to ensure that our legitimate interests in effective recruitment and fraud prevention are not overridden by your fundamental rights and freedoms. We have also completed a Data Protection Impact Assessment for AI-assisted recruitment processing.
We also need to process your Personal Information to decide whether to enter into a contract of employment with you.
How we use sensitive Personal Information
We only process information about your disability status where you disclose such status to Airship during the recruitment process and to comply with our obligations under employment law in order to provide appropriate adjustments during the recruitment process (e.g. for interviews). This processing is based on your explicit consent or our legal obligations under applicable laws.
Sensitive personal information is stored securely and accessed only by authorised personnel. We implement robust security measures, including encryption and access controls, to protect this data. Sensitive data is not shared with third parties unless required by law or with your explicit consent.
Information about criminal convictions
We may process information about your criminal convictions history if required by applicable local laws in order to vet your candidacy or to satisfy compliance requirements under company policies, or customer contracts. This processing is conducted under the legal basis of compliance with legal obligations.
Automated decision-making and Artificial Intelligence
We use artificial intelligence tools and automated decision-making systems in various employment processes, including:
- Recruitment and hiring processes, including application and resume review, screening, candidate assessment, and interview notes;
- Interview scheduling and candidate communications
- Applicant fraud detection: AI-powered tools analyse application data, publicly available information, and technical signals (such as IP address, device information, and social media profile authenticity) to identify potentially fraudulent, synthetic, or deceptive applications. These tools produce a fraud risk score and verification outcome for each application.
- AI-assisted resume screening: AI-powered tools evaluate your application materials against job-specific criteria defined by Airship’s recruiting team, producing a score that indicates how closely your qualifications match the requirements of the role. Before evaluation, your resume is anonymised (personally identifying information is removed) to reduce the risk of demographic bias.
All AI tools used in our recruitment process serve as decision-support tools only. AI outputs serve as one input among several that inform human decision-makers, who retain full authority over recruitment decisions affecting you. Airship’s People Operations team reviews all AI-generated scores and recommendations before making any hiring or fraud determination. No applicant is rejected solely on the basis of an AI-generated output. People Operations personnel have documented authority to override, disregard, or modify AI outputs, and all override decisions are recorded.
Under the EU AI Act (Regulation (EU) 2024/1689), the AI tools used by Airship in recruitment are classified as high-risk AI systems. Airship deploys these tools in compliance with applicable deployer obligations, including maintaining human oversight by trained personnel, monitoring system operation, and retaining system-generated logs as required by law.
Your Rights Regarding Automated Decision-Making
1. For EU-Based Candidates:
Under the General Data Protection Regulation (GDPR), you will not be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. You have the right to:
- Request human review of any automated recruitment decision that significantly affects you
- Request an alternative selection process if you prefer not to be evaluated by AI-assisted tools; your request will not adversely affect your candidacy
- Under Article 86 of the EU AI Act, request a clear and meaningful explanation of the role that a high-risk AI system played in any decision-making procedure that affects you
- Object to profiling in accordance with GDPR Article 21. To exercise any of these rights, please contact privacy@airship.com.
2. For UK-Based Candidates:
Under the UK General Data Protection Regulation as amended by the Data (Use and Access) Act 2025, where a decision that produces a legal effect or a similarly significant effect on you is based solely on automated processing without meaningful human involvement, you have the right to:
- receive information about the decision, including meaningful information about the logic involved;
- make representations about the decision;
- obtain human intervention in respect of the decision; and
- contest the decision.
You may also request an alternative selection process if you prefer not to be evaluated by AI-assisted tools; your request will not adversely affect your candidacy. Where a solely automated decision involves special categories of personal data (such as data concerning health or racial or ethnic origin), Airship will only make such a decision where permitted by law or with your explicit consent. To exercise any of these rights, please contact privacy@airship.com.
Fairness and Bias Monitoring
Airship is committed to using AI tools in a manner that does not discriminate against applicants or employees based on protected characteristics. We take proactive measures to evaluate our AI systems for potential bias, including:
- Reviewing vendor documentation and bias audit results before deploying AI tools
- Periodically assessing AI system outputs for potential disparate impact
- Maintaining human oversight of AI-assisted recruitment decisions
- Responding to identified concerns by adjusting or discontinuing AI tools as appropriate
If you believe an AI-assisted employment decision has adversely affected you based on a protected characteristic, please contact privacy@airship.com .
Cross-Border Data Transfers
To facilitate our global operations, we may transfer, store and access your Personal Information in countries where Airship operates – specifically the United States, Canada, France, Germany, the United Kingdom, Singapore, or India. These countries may have data protection laws that differ from those in your jurisdiction.
In the event of data transfers outside of the European Economic Area, the United Kingdom, Switzerland, or Singapore among Airship affiliates, and with our service providers and data processors, we ensure that appropriate safeguards are in place to protect your data, including:
1. Standard Contractual Clauses (SCCs):
- We rely on SCCs approved by the European Commission to ensure your Personal Information is protected when transferred to countries without an adequacy decision.
2. EU-US Data Privacy Framework (“EU-U.S. DPF”), UK Extension to the EU-U.S. DPF, and Swiss-US Data Privacy Framework (“Swiss-U.S. DPF”):
- For transfers to the United States, we rely on the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF. Airship has certified its compliance with these frameworks, ensuring that your data is processed in accordance with GDPR and UK GDPR standards.
3. Adequacy Decisions:
- Where applicable, we rely on adequacy decisions issued by the European Commission or UK authorities for certain countries deemed to provide adequate level of data protection.
4. Explicit Consent:
- In cases where no other transfer mechanism is available, we will seek your explicit consent before transferring your Personal Information.
5. Organizational and Technical Safeguards:
- We implement robust security measures, such as encryption and access controls, to protect your Personal Information during transfer and storage.
We regularly review our data transfer mechanisms, including Standard Contractual Clauses and adherence to the Data Privacy Framework, to ensure ongoing compliance with applicable laws. In addition, we implement robust technical and organizational safeguards to protect your Personal Information during cross-border transfers, including encryption, access controls, and regular security audits.
We ensure the recipient of your Personal Information has in place adequate levels of protection for your Personal Information. Airship complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as administered by the U.S. Department of Commerce. We have certified our adherence to the respective DPF Principles for processing Personal Information received from the European Union, the United Kingdom (and Gibraltar), and Switzerland. In the event of a conflict between this privacy notice and the DPF Principles, the DPF Principles will govern. For more information about the Data Privacy Framework and to view our certification, visit https://www.dataprivacyframework.gov/.
In compliance with the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF, Airship commits to resolve complaints related to our collection and use of your Personal Information under DPF Principles. Individuals in the EU, UK, or Switzerland with inquiries or complaints regarding our handling of Personal Information received under these frameworks should first contact Airship at: privacy@airship.com.
If your complaint is not resolved to your satisfaction, Airship will refer unresolved complaints to JAMS, a U.S.-based alternative dispute resolution provider. If you do not receive timely acknowledgment of your complaint, or if we fail to address it adequately you can file a complaint with JAMS at https://www.jamsadr.com/DPF-Dispute-Resolution. JAMS provides its services at no cost to you. Under certain conditions, you may invoke binding arbitration for unresolved complaints , as described in Annex I of the DPF, available at https://www.dataprivacyframework.gov/s/article/ANNEX-I-introduction-dpf?tabset-35584=2,
Airship also commits to cooperate with and comply with the advice of the EU Data Protection Authorities (DPAs), the UK Information Commissioner’s Office (ICO), and the Swiss Federal Data Protection and Information Commissioner (FDPIC) for unresolved complaints concerning our handling of human resources data received in reliance on the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF in the context of the employment relationship.
Airship remains responsible for the processing of Personal Information received under the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF and subsequently transferred to a third party acting on our behalf. We ensure that such third parties process Personal Information in compliance with the DPF Principles. Airship will be held liable if a third party processes Personal Information in a manner inconsistent with these DPF Principles unless we can demonstrate that we are not responsible for the event giving rise to the damage.
The Federal Trade Commission (FTC) has jurisdiction over Airship’s compliance with the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF. In certain situations, Airship may be required to disclose Personal Information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements. Such disclosures will be made in accordance with the Airship’s Policy on Response to Public Authority Requests for Personal Data.
Data sharing
Why might you share my Personal Information with third parties?
We will only disclose your Personal Information to third parties where required by law or to our employees, contractors, designated agents, or third-party service providers who require such information to assist us with administering the candidacy relationship with you, including third-party service providers who provide services to us or on our behalf.
We require all our third-party service providers, by written contract, to implement appropriate security measures to protect your Personal Information consistent with our policies and any data security obligations applicable to us as your employer. We require our third-party service providers to process your Personal Information solely for the purposes we specify and in accordance with our documented instructions. They are contractually prohibited from using your Personal Information for their own purposes and must implement appropriate security measures to protect your data, consistent with our policies and applicable legal obligations.
We may disclose the Personal Information we collect or that you provide, as outlined in this privacy notice to the following recipients:
- affiliates, subsidiaries, and other Airship Group companies;
- service providers, which are companies we use to support our business and who are bound by legal obligations to keep your personal information confidential. The categories of service providers that we share information with are:
- Professional services consultants, such as firms that perform managed services, analytics, assist with improving our business, provide legal services, or supply project-based resources and assistance.
- Recruitment vendors that assist with the candidate application and search process including assessing candidate qualifications, conducting candidate assessments, and providing the platform through which candidates submit their candidacy.
- Applicant Tracking System providers that provide the candidacy portal for receiving requests related to your candidacy.
- AI-assisted recruitment and identity verification providers that process candidate data to assist with applicant fraud detection, identity verification, and AI-assisted resume screening. These providers process your data on Airship’s behalf and in accordance with our data processing agreements. AI outputs from these providers are advisory only and are reviewed by Airship’s People Operations team before any hiring or fraud determination is made. These providers are contractually prohibited from using your Personal Information to train their general AI models without Airship’s prior written consent.
- Analytics services, including entities that analyze traffic to and on our website and assist with identifying and communicating with potential customers.
- Security vendors, such as entities that assist with security incident verification and response, service notifications, and fraud prevention.
- IT vendors, such as entities that assist with people operations; website design, hosting and maintenance; data and software storage; email services; telecommunications services; and network operations systems.
Where Airship is legally obligated, we will disclose your Personal Information to regulators, courts, the police or tax authorities, or in connection with litigation or other legal or regulatory matters. In some cases, it may not be feasible or permissible under the law to notify you in advance about the details of such disclosures. Airship will use reasonable efforts to disclose the minimum Personal Information necessary to fulfil this legal obligation.
Your Personal Information may be transferred as part of a business asset in connection with a proposed or actual merger, acquisition or sale (including any transfers made as part of an insolvency or bankruptcy proceeding) involving all or part of our business or as part of a corporate reorganization, stock sale or other change in control.
Airship will use all reasonable efforts to ensure that any third-party services providers set forth above protect your Personal Information with appropriate security measures. These providers are contractually bound to process your data solely in accordance with our instructions and for the purposes specified by Airship. They are strictly prohibited from using your data for their own purposes.
Airship does not sell your Personal Information to any third parties under any circumstances.
Data security
We have implemented robust security measures to prevent your Personal Information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. Access to your Personal iInformation is restricted to employees, agents, contractors and other third parties who have a legitimate business need-to-know. These individuals will only process your Personal Information on our instructions and they are subject to a duty of confidentiality.
We have established detailed procedures to address any suspected data security breach. In the event of a suspected breach, we will promptly notify you and any applicable regulatory authorities as required by law, including providing information about the nature of the breach, the likely consequences, and the measures taken to address it.
Data retention
How long will you use my information for?
Except as otherwise permitted or required by applicable law or regulation, we will only retain your Personal Information for as long as necessary to fulfill the purposes we collected it for, as required to satisfy any legal, accounting, or reporting obligations, or as necessary to resolve disputes. When determining the appropriate retention period for Personal Information, we take into account the following factors:
- Applicable legal and regulatory requirements
- The nature, amount, and sensitivity of the Personal Information
- The potential risk of harm from unauthorized use or disclosure
- The purposes for which we process your Personal Information and whether those purposes can be achieved through alternative means
Our corporate data retention policy outlines the specific retention periods applicable to different categories of Personal Information.
Rights of access, correction, erasure, and restriction
Your rights in connection with Personal Information
Under certain circumstances, based on applicable laws in the jurisdiction where you reside, you may have the right to:
- Access to your Personal Information (commonly known as a “data subject access request”). This enables you to receive a copy of the Personal Information we hold about you and to check that we are lawfully processing it.
- Correction of the Personal Information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
- Erasure of your Personal Information. This enables you to ask us to delete or remove Personal Information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your Personal Information where you have exercised your right to object to processing (see below).
- Objection to processing of your Personal Information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your Personal Information for direct marketing purposes.
- Restriction of Processing. You can request that we suspend the processing of your Personal Information, for example, if you want us to verify its accuracy or the reason for processing it.
- Data Portability: You can request the transfer of your Personal Information to another party in a structured, commonly used, and machine-readable format.
If you wish to exercise any of these rights, please contact us at privacy@airship.com.
We may request specific information from you to help us confirm your identity and your right to access, and to provide you with the Personal Information that we hold about you or make your requested changes. In some cases, Applicable law may allow or require us to refuse your request, such as when providing access would violate the rights of others or if the data has been anonymized or deleted in line with our data retention policies. If we cannot fulfill your request, we will inform you of the reasons why, subject to any legal or regulatory restrictions.
Right to withdraw consent
If you have provided your consent for the collection, processing, or transfer of your Personal Information, you have the legal right to withdraw your consent under certain circumstances. To withdraw your consent, please contact us at privacy@airship.com.
Once we receive notification of your withdrawal of consent, we will stop processing your Personal Information for the purpose(s) you originally agreed to, unless we have another lawful basis to continue processing it under applicable law.
Right to lodge a complaint
- For UK-Based Candidates: You have the right to lodge a complaint with the Information Commissioner’s Office (ICO), the UK’s supervisory authority for data protection issues. Under the Data Protection Act 2018 (as amended by the Data (Use and Access) Act 2025), you also have the right to raise a data protection complaint directly with Airship if you believe we have handled your personal data in a way that does not comply with UK data protection law. To raise a complaint, please contact us at privacy@airship.com. Airship will acknowledge your complaint within 30 days of receipt, take appropriate steps to investigate without undue delay, keep you informed of the progress of our investigation, and notify you of the outcome.
- For EU-Based Candidates: If you believe the processing of your Personal Information violates the General Data Protection Regulation (GDPR), you have the right to lodge a complaint with a supervisory authority in the EU. This may be the authority in the member state of your residence, place of work, or where the alleged infringement occurred. The supervisory authority will inform you of the progress and outcome of your complaint, including the possibility of a judicial remedy under Article 78 of the GDPR.
If you have any questions, concerns, or requests after reviewing this Notice, please contact us at privacy@airship.com. We will address your concerns and work to resolve any privacy issues in a timely manner.
If you are an EU, Swiss, or UK citizen and believe Airship is not complying with this Notice, you may also contact the national data protection authority for your EU Member State, Switzerland, or the United Kingdom.
EU Representative:
Airship France S.A.S has been appointed as Airship’s representative in the EU for data protection matters, pursuant to Article 27 of the EU GDPR. To make an inquiry on matters related to the processing of Personal Information under the EU GDPR, please contact Airship France S.A.S at:
Airship France S.A.S
33 rue La Fayette
75009
Paris, France
UK Representative:
Urban Airship UK Ltd. has been appointed as Airship’s representative in the UK for data protection matters, pursuant to Article 27 of the UK GDPR. To make an inquiry on matters related to the processing of Personal Information under the UK GDPR, please contact Urban Airship UK, Ltd. at:
Urban Airship UK Ltd.
WeWork
c/o Urban Airship UK
1 St Katharine’s Way
London E1W 1UN, United Kingdom
AirshipLegalUK@airship.com
Data Protection Officer
We have appointed a data protection officer (DPO) to oversee compliance with this privacy notice. If you have any questions about this privacy notice or how we handle your Personal Information, please contact the DPO.
Data Protection Officer details:
Name: Neil Gariepy
Title: VP Infrastructure & Security, DPO
Email: privacy@airship.com.
Changes to this privacy notice:
We reserve the right to update this privacy notice at any time, and we will post a new privacy notice when we make any substantial updates.
If you have any questions about this privacy notice, please contact privacy@airship.com