Applicant Privacy Statement
Effective Date: September 20, 2024
During the recruiting process ICF International, Inc. and its affiliates, subsidiaries, trusted business partners or alliances, agents, subcontractors, third-party vendors or newly acquired companies (collectively, “ICF,” "we", "us" and "our") collect, store and process personal data relating to job applicants. ICF is a privacy-conscious organization and strongly committed to respecting, protecting and processing personal data responsibly in compliance with applicable data protection laws and this Privacy Statement.
This privacy statement describes how personal data is processed for all applicants and candidates who apply for employment at ICF and its affiliated companies. If your application is successful and you accept a position with ICF, we may use your applicant data to continue to process background checks. You will be provided with a privacy statement applicable to ICF employees which will include more information on any such continued use and will describe how ICF processes your data as an employee. Your use of ICF’s website is governed by ICF’s website privacy statement.
All personal data you submit with your application to ICF is collected by ICF in the United States and also in the jurisdiction where the job you are applying for is located. The company you apply to will be the primary “controller” of your personal data.
1. How do we collect your personal data?
ICF may collect this information in a variety of ways.
Directly from you: For example, data might be contained in application forms, CVs or resumes, obtained from your passport or other identity documents, or collected through interviews or other forms of assessment. For additional details, please visit our privacy statement.
If you provide information about your family or any other third party to us (for example emergency contacts or referees) then, before providing us with such information, you must inform the relevant individuals and provide a copy of this privacy statement to them.
From third parties: We also may collect personal data about you from third parties, such as recruitment agencies, job boards, publicly available sources such as LinkedIn, third party platforms that you use to apply for a position or submit your CV/resume. These third parties may be acting as an independent controller/PI handler of your personal data and therefore we advise you to read their respective privacy notice and/or data protection policy for information on how they process your data.
We may also collect personal data from other sources in order to verify the information you have provided as a part of your application (such as your education and references supplied by former employers) or to conduct background checks and screenings, where permitted or required by applicable law. We will seek information from background checks and the references you supplied only once a job offer to you has been made and will inform you that we are doing so.
2. What information do we collect?
ICF may collect and enrich a range of information about you in connection with your employment application as part of the recruiting and hiring process, as permitted under applicable laws. This includes:
- Identity and contact information, such as your name, Social Security Number, tax ID, or other similar identifiers, location/address and contact details, including email address and telephone number;
- Personal characteristics, such as age, gender/gender identity, race, ethnicity, disability status, and other demographic data;
- Audio, voice, electronic, visual, or similar information, such as photographs or videos;
- Details of your qualifications, skills, experience, education, employment history, tax information, background check information, information provided by you in your application, resume, and cover letter;
- Information about your current level of remuneration, including benefit entitlements;
- Information about your entitlement to work in the jurisdiction of the position for which you are applying; and
- Other publicly available data found on professional social links, e.g. contact information and work experience.
California Consumer Privacy Act Disclosure – If you are a resident of California, please see below a summary of the categories of personal data collected about you, as applicable and as such categories are stated within the CCPA:
Categories of Personal Data | Examples |
Identifiers | Name, IP address, unique personal identifiers, social security number, usernames |
Categories of personal data under Cal. Civ. Code 1798.80(e) | Name, address, social security number, phone number, employment history, passport number, physical characteristics or description |
Characteristics of protected classifications under California or federal law | Gender, marital status, race, physical disability, medical condition, sex, age |
Sensitive personal information | Social security number, passport, personal account information, including mail, email and text messages regarding these accounts, race, health information, sexual orientation information, biometric information |
Commercial information, e.g. records of personal property, products/services obtained or considered, or other consuming histories or tendencies. | Only to the extent gathered as part of “Internet or other electronic network activity information” |
Internet or other electronic network activity information | Interactions with our websites, apps, devices or other digital properties |
Geolocation data | Precise location of a device |
Audio, electronic, visual, thermal, olfactory, or similar information | Photographs, videos, audio recordings, social media information |
Professional/employment-related information | Resume, CV, aptitude tests, employment history, references |
Education information | Education history, degrees obtained, actual or anticipated graduation dates |
Inferences drawn from the categories of personal data above | Aptitudes, interests, productiveness |
3. Why does ICF process personal data?
Where required by applicable data protection laws, we will only process your personal data where we have a lawful basis to do so (including, where appropriate, where we have obtained your consent). Please see Appendix for details of the lawful basis relied on for different processing activities and different jurisdictions (specifically the U.K., Member States of the European Economic Area).
4. Who has access to personal data?
Your personal data and sensitive information or special categories of personal data may be shared internally to ICF Group companies or with our service providers for the purposes related to the recruitment process. This includes members of the HR and recruitment team, interviewers involved in the recruitment process, managers in the business area with a vacancy, and IT staff if access to the data is necessary for the performance of their roles.
ICF may also share your information (including the categories identified in the table above) with our third party service providers or vendors in the performance of their services to us and limited to the purposes below:
- Background/credit check providers, where required under applicable laws. Purpose for disclosure: to allow our providers to carry out and provide us with the results of, background/credit checks.
- IT service providers and Workday portal.
- Purpose for disclosure: to support, maintain and host our information systems, including the software and hardware infrastructure required to operate, be accessible online and to keep a backup of your personal data.
- Legal and other professional advisors (e.g., auditors, consultants). Purpose for disclosure: to provide us with advice in relation to our business, including our legal, financial and other obligations and claims.
We will not share your data with third parties that are not service providers, vendors, or affiliates, unless your application for employment is successful and we make you an offer of employment. We will then share your data with former employers to obtain references for you, employment background check providers to obtain necessary background checks.
ICF does not sell our applicants’ personal information.
5. International transfers of personal data
ICF corporate group is a global group of companies, and accordingly we may transfer your personal data to, or access it in, jurisdictions (including in the United States and other jurisdictions where we, our affiliates and service providers have operations) that do not include equivalent levels of data protection as the country you are based in.
Where we transfer personal data outside of the country you are based in, we will take organizational, contractual and technical measures to safeguard your personal data as required by applicable data protection laws. Where required by applicable local laws, we will obtain separate consent.
6. How does ICF protect data?
We take the security of your data seriously. We have internal policies and controls in place to ensure that your data is not lost, accidentally destroyed, misused or disclosed, and is not accessed except by our employees in the proper performance of their duties.
7. For how long does ICF keep data?
We keep your personal data (including any sensitive personal data) for as long as is necessary for the purposes it was collected for including for any legal, accounting, or reporting requirements, where legally required.
If your application for employment is unsuccessful, ICF will hold your data on file for up to 12 (twelve) months (for EEA and UK citizens) or 7 (seven) years (for non-EEA citizens) after the end of the relevant recruitment process for consideration for future employment opportunities.
At the end of that period, or once you withdraw your consent, your data is deleted or destroyed. You will be asked when you submit your CV whether you give us consent to hold your details for the full 12 months in order to be considered for other positions or not.
If your application for employment is successful, personal data gathered during the recruitment process will be transferred to your Human Resources file (electronic and paper based) and retained during your employment. The periods for which your data will be held will be provided to you in a new privacy statement.
8. Your rights
Residents of certain jurisdictions have additional rights as a data subject. Depending on where you reside or are a citizen, you have one or more of the following rights with respect to your personal data:
- access and obtain a copy of your personal information on request;
- require us to change incorrect or incomplete personal information;
- require us to delete or stop processing your personal information;
- limit the use of your sensitive personal information;
- the right to opt out of the sale of your personal information or automated decision making;
- object to the processing of your personal information where ICF is relying on its legitimate interests as the legal ground for processing;
- withdraw your consent, where the processing of your data is based on consent, and
- to not be retaliated against for exercising any of these rights.
If you would like to exercise any of these rights, please contact us via the Data Subject Request Form or via the methods identified below and specify your request.
We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal information is not disclosed to any person who has no right to receive it.9. What if you do not provide personal data?
You are under no statutory or contractual obligation to provide data to ICF during the recruitment process. However, if you do not provide the information, we may not be able to process your application properly or at all.
10. Privacy questions and how to contact us
Please click Contact Us or use one of the contact methods below if you:
- have questions about this Applicant Privacy Statement or how we process or protect your personal data,
- have questions regarding exercising your personal data rights,
- like a copy of the full version of our data protection policy,
- wish to make a complaint about our use of your personal data,
- have questions or concerns about this Applicant Privacy Statement, our Sites, or email marketing practices.
You will be unable to receive status updates on your application through these contact methods. To review your application status, please refer to the candidate portal on ICF’s career site or any communications you have had with ICF’s Talent Acquisition team.
Data Protection Officer: Geraldine Henbest
E-mail: dataprotection@icf.com
Phone (Toll free): 1.800.661.2164
Mail:
Residents of the U.S. and Canada | Residents of the EEA, UK, and Switzerland |
ATTN: Data Protection Officer ICF 1902 Reston Metro Plaza Reston, VA 20190 |
ATTN: Data Protection Officer ICF Riverscape 10 Queen Street Place London England EC4R 1BE |
Raising a complaint
- We encourage you to contact us first at dataprotection@icf.com with a view to letting us help in resolving any queries or questions.
- If you believe that ICF has not complied with your data protection rights, you have the right to complain to the applicable data protection authority in your jurisdiction (e.g., in the country where you work or live).
Updates to this policy
Our business changes constantly, and our Applicant Privacy Statement will change also. You should check this statement frequently to see recent changes. Unless stated otherwise, our current statement applies to all information that we have about you.
APPENDIX: Additional GDPR Disclosure
Under the General Data Protection Regulation (EU Regulation 2016/679) (the "GDPR"), if you are a candidate or applicant in the UK or the European Economic Area (EEA), we are required to provide you with additional information about our processing of your personal information. These disclosures should be read in conjunction with the Global Applicant Privacy Statement.
Controller of your personal data
If you are a candidate or applicant located in the UK or EEA, the ICF entity to which you are applying is the data controller of your personal information. ICF Inc. will be a data controller when you are applying for an open position on ICF page at careers.icf.com. As a data controller, ICF Inc. is responsible for ensuring that your personal information processing complies with applicable EU/UK data protection law.
Legal Bases for Processing
Under data protection laws, there are various legal grounds on which we rely when processing your personal data. In some contexts, more than one legal ground applies. The legal grounds and the purposes for processing of processing of personal data are summarised below:- Contractual Obligations / Pre-Contractual Steps: when we need to process your personal data to take steps at your request prior to offering you employment, to bring successful candidates into ICF; communicating with you about your application.
- EEA/UK Legal Obligations to which ICF is subject: when we need to process your personal data to verify your identity, eligibility for employment or comply with employment, equality and health and safety laws; comply with other legal or regulatory obligations such as a relevant background check, law enforcement requests, or where we consider disclosure is necessary or required by law, to exercise, establish, or defend our legal rights, or to protect your vital interests or those of third parties, including our employees, users or the public.
- Legitimate Interests pursued by ICF when processing is necessary to set up and conduct interviews and tests; conduct evaluations and assessments; verify your academic, work and other qualifications; verify references; evaluating and selecting candidates for further consideration; hire qualified and appropriate persons; to hire qualified and appropriate persons; to issue an employment offer; to deal with queries or complaints; asserting or managing any kind of claims that we may bring or that may be raised against us; and to consider unsuccessful candidates for future vacancies.
- Consent: In certain narrow circumstances, we may process your personal data with your voluntarily and freely given and explicit consent.
Transferring personal data outside of the EEA/UK
On some occasions, for example, when we or one of our service providers have employees or operate equipment in other countries, we will transfer your personal data to jurisdictions outside the EEA/ UK which may not be recognized by the European Commission and/or the U.K. (or other relevant regulatory body) as providing an adequate level of data protection. For all such transfers, we take steps to ensure that appropriate safeguards are in place and your privacy rights continue to be protected. For example, such safeguards include the EU Standard Contractual Clauses based on the European Commission’s model clauses (available here) and the U.K. Addendum thereto(available here). If you would like to see a copy of any relevant provisions, please contact us (see the “Questions and queries” section below).