Personnel, Applicant, and Candidate Privacy Policy
Last Updated: September 25, 2024
At Scale, our mission is to accelerate the development of artificial intelligence (“AI”) applications. We have a talented workforce (“you”) that helps us accomplish this mission.
Here we describe our privacy practices for our global workforce. You will learn about the personal information we collect, how we use it, how you can access and control it, and the measures we take to keep it safe.
1. Scope and Applicability
This Privacy Policy applies to employees, independent contractors, consultants, and other individuals (collectively, "personnel") who currently work or previously have worked for Scale AI, Inc. or an affiliate (“Scale” or “we”) except as excluded by the next paragraph below. This policy also covers individuals who applied to work for Scale (“applicants”) or who were recruited by us (“candidates”).
This policy does not cover individuals who sign up, apply, or are recruited to complete tasks or related services for AI applications as independent contractors of Smart Ecosystem, Inc. and/or its subsidiaries. For those privacy practices, please see the Remotasks Privacy Policy, Outlier Privacy Policy, or other privacy policy associated with the tasks and services.
2. Personal Information We Collect
We collect different kinds of information depending on whether you currently work or formerly worked for us, or applied or were recruited for a job. We may collect information directly from you, automatically from our computer systems, devices and premises, or from third party sources, such as when you authorize us to check your background as permitted under applicable law. The provision of certain personal information is mandatory and may be required under applicable law or in accordance with a contractual requirement. The collection of any such mandatory information will be made clear at the time of its collection.
We collect the following categories of information:
Category |
Examples |
Identification Information |
Name and identifiers; government identification numbers such as passport number, social security number, drivers license number, state identification number; citizenship or work permit status; other details in and copies of identity documents; audio and visual information such as your image and voice. |
Contact Information |
Mailing address; personal and work email address; personal and work phone number; emergency and other contact details. |
Background, Application, or Recruitment Information |
Resume and cover letter; education history, academic degrees, certifications, skills, awards, and professional qualifications; references provided during the application process; information from or needed to complete background checks (if permitted under applicable law); security clearance information; other information you provide to us in support of the application or recruitment process. |
Personnel Records |
Job title; office location; contract, start date, termination date; sick time, vacation time, other leave including parental leave; working days and hours; training history; current or past performance evaluations; disciplinary processes and grievance procedures; workplace illness and injury information; other documents relevant to establishing, maintaining, or terminating personnel. |
Compensation or Benefits Information |
Banking details; tax information such as tax registration number and withholdings; salary, bonuses, stock and equity grants, and benefits; expenses and company allowances; information about your dependents, spouse, or partner; other information necessary for the administration of payroll, health insurance, or benefits. |
Communications or Survey Information |
Content of communications when you communicate with us; answers to survey questions; date and time of the communication or survey completion and IP address. |
Demographic or Sensitive Information |
Demographic information including gender; age or date of birth; marital status; veteran status; race, ethnicity and national origin; sexual orientation; religious or philosophical beliefs; trade union membership; and health information including information about any disabilities. |
Security or Access Data |
Information obtained through electronic means such as building access data and other security records; and video surveillance in public and common areas in or near our offices. |
IT Data |
Information required to provide access to company IT systems and networks (including information collected through those systems) such as IP addresses, access files and login information; inferred location based on IP address; device identifiers and information; application and website data, and other information about activities you engage in on Company property, equipment, accounts, systems and network. |
3. How and Why We Use Personal Information
We use the personal information we collect to carry out and support our human resources activities and business operations and for other purposes described below or at the time we collect the information.
Purpose |
Categories of Personal Information |
Why We Do This |
Legal Bases, if you are in the EEA, UK or Switzerland. See Section 4 below. |
Acquiring talent |
Identification Information; Contact Information; Background, Application, or Recruitment Information; Communications or Survey Information; Demographic or Sensitive Information |
To recruit and hire job applicants and determine suitability and eligibility for the role. This could include verifications of right to work in specific jurisdictions and background checks. |
Legitimate interests Legal obligations |
Administering your contract |
Identification Information; Contact Information; Background, Application, or Recruitment Information; Personnel Records; Compensation or Benefits Information; Communications or Survey Information |
To administer your employment or service contract with us, including entering into it, performing it and changing it. |
Contractual necessity Legitimate interests Legal obligations |
Supporting and managing your work and performance and any health concerns |
Identification Information; Contact Information; Personnel Records; Communications or Survey Information; Demographic or Sensitive Information (specifically health data); IT Data |
To develop and retain talent; monitor, evaluate, and manage personnel performance; facilitate personnel mobility and manage international assignments; manage attendance and leaves of absence; and manage the personnel separation process. |
Contractual necessity Legitimate interests Legal obligations |
Contacting you |
Identification Information; Contact Information; Communications or Survey Information; IT Data |
To communicate with you and respond to your questions. |
Contractual necessity Legitimate interests |
Administering compensation and benefits |
Identification Information; Contact Information; Personnel Records; Compensation or Benefits Information; Communications or Survey Information; Demographic or Sensitive Information (specifically health data) |
To administer compensation, benefits, expenses, and leaves of absence. |
Contractual necessity Legitimate interests Legal obligations |
Managing information technology and security |
Security or Access Data; IT Data |
To maintain the security of our computing resources, assets and premises, and provide you with access to them; to manage our general operations and assets; to provide services to you as necessary for your role; to protect your personal safety. |
Legitimate interests |
Monitoring and investigating compliance with law, regulations, policies, codes of practice and rules |
Identification Information; Contact Information; Background, Application, or Recruitment Information; Personnel Records; Communications or Survey Information; Security or Access Data; IT Data |
To ensure you comply with our policies and rules and monitor our systems to check compliance. |
Legitimate interests |
Managing emergencies |
Identification Information; Contact Information |
To help us establish emergency contacts for you and respond to and manage emergencies, crises, and business continuity. |
Legitimate interests Vital interests |
Monitoring of diversity and equal opportunities |
Identification Information; Demographic or Sensitive Information (to the extent required or permitted by local law) |
To help us understand the diversity of our workforce and to support core business diversity, equity, and inclusion initiatives. |
Legitimate interests Consent (where required by applicable laws) |
Legal Requirements and Proceedings |
Identification Information; Contact Information; Background, Application, or Recruitment Information; Personnel Records; Communications or Survey Information; Demographic or Sensitive Information |
To comply with laws and regulations (e.g. labor and employment laws, health and safety, tax, anti-discrimination laws) or to exercise or defend our legal rights. |
Legal obligations Legitimate interests |
Running day-to-day business operations |
Identification Information; Contact Information; Personnel Records; Compensation or Benefits Information; Communications or Survey Information; Security or Access Data; IT Data |
For purposes that are reasonably required for day-to-day operations at Scale, such as managing our relationship with our personnel, accounting, financial reporting, business analytics, employee surveys, operational and strategic business planning, mergers and acquisitions, real estate management, and business travel. |
Legitimate interests |
4. Legal Bases for Processing Personal Information – EEA, UK, and Switzerland only
If you are based in the EEA, the UK or Switzerland, we rely on several legal bases to process personal information:
-
Contractual Necessity. We use your personal information to manage the employment relationship with you, to ensure that we pay you your benefits, and to comply with our contractual obligations with you.
-
Legal obligations. We process personal information, including sensitive personal information, when legal and regulatory obligations require us to. For example, we may be required by law to keep certain data about your leave, including medical leave, or to report benefits information to tax authorities.
-
Legitimate Interests. We may process your information where we have a legitimate interest in internal management, effective personnel administration, maintaining and improving efficiencies and processes in the workplace, maintaining the safety and security of personnel and others, complying with contractual obligations, enforcing policies, and defending our interests in legal proceedings.
-
Vital interests. We may process information in order to protect the vital interests of personnel, particularly sharing information in the event of an accident or emergency.
-
Consent. We may seek your consent to process your personal information in specific circumstances, such as to provide a reference, seek to monitor diversity, or obtain medical reports.
5. Personal Information Sharing and Disclosure
We do not share your personal information except as follows:
-
With Personnel and Affiliates. We share your information with Scale personnel, within the scope of their job responsibilities and in accordance with law, for the human resources and business purposes described in this Privacy Policy. We may share personal information with our affiliates in order to administer human resources, staff compensation and benefits at an international level on our HR platform, as well as for other legitimate business purposes such as IT services and security, tax and accounting, and general business management.
-
Service Providers. Scale uses certain trusted third-party service providers who provide services to us or on our behalf, or otherwise support our relationship with you, such as (but not limited to) our recruitment platform provider, HR platform provider, payroll providers and benefits or leave administration providers. These third parties may have access to your personal information to perform services on our behalf but only as is reasonably necessary for the purpose that Scale has engaged them for and in compliance with this Privacy Policy.
-
Business Transferees. We may share information in connection with a merger, acquisition, reorganization, or sale of assets, or in the event of bankruptcy.
-
Authorities and Others. We may disclose your information to third parties if we determine such disclosure is reasonably necessary to: (a) comply with applicable law, regulation, legal process, or government request, (b) protect any person from death or serious bodily injury, (c) prevent fraud, abuse, or a security issue of Scale, and (d) to protect Scale’s or its licensors’ rights, property, safety, or interest.
-
Consent. We may also disclose or share your personal information where you have given us your consent to do so.
6. Security
Scale is concerned with safeguarding your personal information. Scale employs appropriate and reasonable physical, technological, and organizational security measures to protect the personal information that we collect and process about you. The measures are designed to provide a level of security appropriate to the risk of processing. In addition, we limit access to personal information to those employees, agents, contractors, and other third parties who have a legitimate business need for such access.
7. International Transfers
Scale is headquartered in the United States, with employees located globally. Our third-party service providers and partners operate worldwide. This means that, in connection with our business and for employment, administrative and management and legal purposes, information that we collect about you may be transferred to, stored, and processed by us, our affiliates, and other third parties in countries outside the country in which you are resident. These countries may have data protection and privacy regulations that may not offer the same level of protection as the laws in your country.
We will ensure that any transfer is lawful and that there are appropriate security arrangements in place.
For transfers of personal information from the EEA, the UK, and Switzerland to third countries (i.e., countries which do not benefit from an "adequacy decision" from the European Commissioner, or similar decision in the UK and Switzerland) we will transfer personal information according to the requirements of applicable data protection legislation by putting in place appropriate safeguards, including by entering into Standard Contractual Clauses approved by the European Commission (and equivalent clauses in the UK and Switzerland).
For details of these safeguards, please contact us as provided in Section 12.
8. Data Retention
We will retain your personal information only for as long as is necessary for the purposes set out in Section 3. How and Why We Use Personal Information. In general, we will keep your personal information for the duration of our relationship and for a period afterwards. In considering how long to keep your personal information, we will take into account its relevance to our business and your employment either as a record or in the event of a legal claim. We will retain and use your personal information to the extent necessary to comply with our legal obligations (for example, if we are required to retain your data to comply with applicable laws), resolve disputes, and enforce our legal agreements and policies.
9. Your Privacy Rights and Choices – EEA, UK, and Switzerland only
If you are based in the EEA, the UK, or Switzerland, you may have the following rights with regard to the personal information we control about you, subject to applicable law.
-
You can access, correct, amend, and delete your personal information by contacting us at privacy@scale.com.
-
You can object to the processing of your personal information, ask us to restrict the processing of your personal information, or request the portability of your personal information. You can exercise these rights by contacting us at privacy@scale.com.
-
If we have collected and processed your personal information with your consent, then you can withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal. You can withdraw your consent by contacting us at privacy@scale.com.
-
You have the right to complain to a data protection authority about our collection and use of your personal information. For more information, please contact your local data protection authority. If you are based in the EEA, the contact details for data protection authorities are available here and if you are based in the UK, the contact details are available here.
We may request specific information from you to help us confirm your identity and process your request.
10. U.S. State Law Requirements
Some U.S. state privacy laws, such as the California Consumer Privacy Act (“CCPA”), require specific disclosures for state residents.
This Privacy Policy is designed to help you understand how Scale handles your personal information. In the sections above, we explain: (1) the categories of information Scale collects and the sources of that information; (2) how Scale uses information; (3) when Scale may disclose information; and (4) how Scale retains information. Scale does not sell your personal information. Scale also does not “share” your personal information as that term is defined in the CCPA.
State laws like the CCPA also provide the right to request information about how Scale collects, uses, and discloses your information. And they may give you the right to access and correct your information, and to request that Scale delete that information. Finally, the CCPA provides the right to not be discriminated against for exercising these privacy rights.
If you have questions or concerns related to your rights under CCPA, or would like to exercise your rights, you (or your authorized agent) can contact us at privacy@scale.com. We may request certain information from you to verify your identity in order to respond to your request
The CCPA also requires a description of the personal information we collect using the following categories:
-
Identifiers, such as your name, postal address, email address, phone number, passport number, social security number, driver's license number, company name and role, employee ID, and other unique identifiers including online identifiers (e.g. IP address);
-
Personal information categories listed in California Civil Code § 1798.80(e), such as your name, signature, postal address, phone number, passport number, driver’s license or state identification card number;
-
Protected classification characteristics under California or federal law, such as your age, race, gender, national origin, citizenship, religion, marital status, sexual orientation, or disability;
-
Commercial information, such as website engagement;
-
Internet or network information, such as browsing and search history, website and advertisement interactions;
-
Geolocation data, such as city, state, and country based on IP address;
-
Audio, electronic, visual, and similar information;
-
Professional or employment-related information, such as information about your role;
-
Non-public education information, such as your education grades and transcripts;
-
Inference data, such as information about your preferences; and
-
Sensitive personal information, as defined by the CCPA, such as your racial or ethnic origin, sexual orientation, religious or philosophical beliefs, trade union membership, social security, driver’s license, state identification card or passport number, citizenship or immigration status, account log-in information, content of communications (but only if Scale is the intended recipient of the communication) and health information (including information about any disabilities).
We collect this information for the business and commercial purposes described in Section 3 of this Privacy Policy. The categories of third parties to whom we disclose the information for a business purpose are described in Section 5.
11. Data Privacy Framework Notice
Scale complies with the EU-U.S. Data Privacy Framework (“EU-U.S. DPF”) and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (“Swiss-U.S. DPF”) as set forth by the U.S. Department of Commerce. Scale has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (“EU-U.S. DPF Principles”) with regard to the processing of personal data received from the European Union and the United Kingdom in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF. Scale has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (“Swiss-U.S. DPF Principles”) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this Privacy Policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/.
Scale’s commitments under the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF are subject to the regulatory enforcement powers of the U.S. Federal Trade Commission. If there is any conflict between this Privacy Policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern.
Scale may employ third party service provider companies and individuals to help Scale carry out and support our human resources activities and business operations. Scale maintain contracts with service providers that restrict their access, use, and disclosure of personal data in compliance with our EU-U.S. DPF and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF obligations, including the onward transfer principle, and we may be liable if they fail to meet those obligations and we are responsible for the event giving rise to damage.
12. Disputes.
JAMS is the US-based independent organization responsible for reviewing and resolving complaints about our Data Privacy Framework compliance - free of charge to you. Please first submit any such complaints directly to us via privacy@scale.com. If you aren’t satisfied with our response, please contact JAMS at www.jamsadr.com/eu-us-data-privacy-framework. In the event your concern isn’t addressed by JAMS, you may be entitled to binding arbitration granted under the Data Privacy Framework Program and its principles to resolve complaints as described here.
In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, Scale commits to cooperate and comply respectively with the advice of the panel established by the EU data protection authorities (“DPAs”) and the UK Information Commissioner’s Office (“ICO”) and the Swiss Federal Data Protection and Information Commissioner (“FDPIC”) with regard to unresolved complaints concerning our handling of human resources data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF in the context of the employment relationship.
13. Changes to this Policy
Scale may change this Privacy Policy from time to time. Each version of this policy is identified by its date.
14. Contacting Us
The Scale entity that employs you, along with Scale AI, Inc., act as the controllers of your personal information.
If you have questions about this Privacy Policy, please contact us at privacy@scale.com.
You may contact our EEA Representative at scale@lionheartsquared.eu.
You may contact our UK Representative at scale@lionheartsquared.co.uk.
We are committed to ensuring this Privacy Policy is accessible to individuals with disabilities. If you wish to access this Privacy Policy in an alternative format, please contact us as described above.