“Yotpo is a fundamental part of our recommended tech stack.”
Laura Doonin, Commercial Director
Last updated: December 30, 2025
This Job Candidate Privacy Notice (“Notice”) describes what personal data we, Yotpo Ltd. and our affiliates (“Yotpo”, “we”, “our” or “us”), collect and process on our job candidates and applicants (“Candidates”, or “you”) with respect to our application and recruitment process, why we collect it and how we use it. It also describes how candidates may exercise their rights in relation to such data held with us.
We strongly urge you to read this Notice and make sure that you fully understand and agree to it. If you do not agree to this Notice, please avoid providing us with your data.
You are not legally required to provide us with any personal data, and may do so (or avoid doing so) at your own free will. However, without it we may not be able to process your application.
Throughout the application and recruitment process, you may provide us (or we may otherwise have access to) personal data about you, such as your identifying data, contact details, resume/CV, work-related data, social media activity, etc. We may collect this data directly from you, as you provide it voluntarily through your application and candidacy review process, or from other sources such as recruitment agencies, background check services (as applicable and subject to applicable law), publicly available information, or your references.
We may use such data to assess our Candidates’ skills, qualifications and overall suitability to verify, consider and process their application and candidacy for any of our positions, and to communicate with them regarding such processes. We may also use it to manage risk and enhance our security and anti-fraud measures, and to create aggregated statistical or inferred data regarding our Candidates, for further development and improvement of our recruitment processes.
In addition, we may use it to act as permitted by, and to comply with, any legal or regulatory requirements. Should we wish to conduct any additional activities that may require the use of your data, we will request your specific consent in advance.
In some regions, we may also require you to submit sensitive data relating to your ethnicity, gender, military or veteran status, and whether you have a disability, to ensure our compliance with our legal obligations under applicable law, or otherwise to better analyze and improve our hiring practices. We may also collect sensitive data about your prior criminal convictions and offences as part of our background checks for specific roles if permitted or required by law. To the extent legally required, we will obtain your explicit consent prior to any such collection and use.
For the purposes of the California Consumer Privacy Act (“CCPA”), in the last 12 months, we have collected the above-mentioned types of personal information about our Candidates, which pertain to the following categories of personal information: Identifiers, Professional or Employment-Related Information, Audio, Electronic or Similar Information, Characteristics of Protected Classifications under California or US Federal Law, Sensitive Personal Information, and Inferences from Personal Information Collected.
We will use and process your personal data as part of the employment application process at Yotpo for the following purposes and in reliance on the lawful bases detailed below:
| Purpose | Lawful Basis for Processing |
| To evaluate your suitability for a role at Yotpo, and progress your application |
|
| To contact you about other suitable roles within Yotpo in the future |
|
| To maintain our internal records of recruitment and employment applications |
|
| To create your employee personnel file, if hired | |
| To comply with applicable legislation and industry codes | |
| To manage risk and enhance our security and anti-fraud measures |
|
| To further develop and improve our recruitment processes | |
| To protect the rights and interests of Yotpo and its affiliates |
If you reside in a territory governed by privacy laws under which “consent” is the only or most appropriate legal basis for the processing of personal data as described herein, your acceptance of this Notice will be deemed as your consent to the processing of your personal data for all purposes detailed in this Notice. If you wish to revoke such consent, you may do so at any time by contacting us at privacy@yotpo.com.
We will never sell our candidates’ personal data (nor “share” such data, as such term is defined in the CCPA), regardless of their place of residence. We also do not use or disclose any of your data that qualifies as Sensitive Personal Information under the CCPA outside of the purposes allowed by the CCPA.
Your personal data will be maintained, processed and stored by Yotpo and our Service Providers (as defined in Section 6 below) in Yotpo’s different offices worldwide including Israel, the US, Australia, Bulgaria and the UK in the applied position’s location(s), and other jurisdictions, as necessary for the proper handling of your candidacy.
While privacy laws may vary between jurisdictions, Yotpo, its affiliates and the Service Providers processing personal data on our behalf, are each committed to protect personal data in accordance with this Notice, customary industry standards, and such appropriate lawful mechanisms and contractual terms requiring adequate data protection, regardless of any lesser legal requirements that may apply in the jurisdiction to which such data is transferred.
To the extent we transfer Candidates’ personal data originating in the European Economic Area (EEA), UK, or Switzerland to countries that have not been recognized as offering an adequate level of data protection by the relevant competent authority, we rely on appropriate contractual undertakings and data transfer mechanisms as established under applicable law, such as the standard contractual clauses adopted by the EU (available here) and the UK (available here). If we transfer Candidates’ personal data originating from the EEA to Israel or the UK, and if we transfer such data originating from the UK to Israel or the EEA, we rely on the respective adequacy findings of the EU and the UK regarding the level of data protection offered by Israel, the UK, and the EEA.
Yotpo Inc. complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce and will be further liable in cases of onward transfers of your personal data to third parties (including our Service Providers)
Yotpo Inc. has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF, and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF.
Yotpo Inc. has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF.
If there is any conflict between the terms in this notice and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern for personal data transferred under the DPF. To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/.
We may retain Candidates’ data even after the applied position has been filled or closed. This is done so we may reconsider Candidates for other positions and opportunities at Yotpo; so we may use their personal data as reference for future applications submitted by them; where the Candidate is hired, for additional employment and business purposes related to their work; and as reasonably necessary to comply with our legal obligations, to resolve disputes, prevent fraud and abuse, enforce our agreements or otherwise protect our legitimate interests.
Yotpo has implemented security measures designed to protect the personal data of our candidates, including physical, procedural and electronic measures. These measures provide industry-standard security. We also regularly seek new ways and tools for further enhancing the security of our system and the integrity of the personal data that we hold. Please be aware that regardless of the measures we take and the efforts we make, we cannot and do not guarantee the absolute protection and security of any personal data stored with us.
Yotpo will share your personal data with several selected Service Providers, whose services and solutions complement, facilitate and enhance our own. These include any recruitment firms that have referred you to us (or vice versa), candidate evaluation centers, recruitment software providers, background checks providers, data and cybersecurity services, web analytics, and our business, legal, compliance and financial advisors (collectively, “Service Providers“). Such Service Providers may receive or otherwise have limited access to our Candidates’ personal data, depending on each of their particular roles and purposes in facilitating and enhancing our recruitment process, and may only use it for such purposes.
Additionally, we may disclose or otherwise allow access to any Candidates’ personal data pursuant to a legal request, such as a subpoena, search warrant or court order, or in compliance with applicable laws, with or without notice to you, if we have a good faith belief that we are legally required to do so, or that disclosure is appropriate in connection with efforts to investigate, prevent, or take action regarding actual or suspected illegal activity, fraud or other wrongdoing. We may also share your personal data with others, with or without notice to you, if we believe in good faith that this will help protect the rights, property or personal safety of Yotpo, any of our customers or employees, or any member of the general public.
Finally, we may share personal data internally within our group of companies, for the purposes described above. In addition, should Yotpo undergo any change in control, including by means of merger, acquisition or purchase of all or part of its assets, your personal data may be shared with the parties involved in such event.
For the purposes of the CCPA, in the past 12 months, we may have disclosed to the above-mentioned third parties, our Candidates’ Identifiers, Professional or Employment-Related Information, Audio, Electronic or Similar Information, Characteristics of Protected Classifications, Sensitive Personal Information, and Inferences from Personal Information Collected.
Yotpo uses certain monitoring and tracking technologies, such as “cookies” and other downloaded data files, including ones offered by our Service Providers. These technologies are used to maintain, provide and improve our processes and operations on an ongoing basis, and in order to provide a better experience to our website visitors and Candidates.
For example, these technologies enable us to better secure our website and services and detect abnormal behaviors, to identify technical issues, and to monitor and improve the overall performance of our services and processes.
To learn more about our cookies practices, please visit our Cookie Policy.
If you wish to exercise your rights under applicable law, you may do so by contacting us at privacy@yotpo.com. Such rights may include – each to the extent available to you under the laws that apply to you – the right to know or request access to specific pieces of personal data collected, categories of data collected, and sources from whom it was collected, as well as the purposes of collecting it and categories of third parties to whom we have disclosed it; the right to request rectification or erasure of your personal data held with Yotpo; the right to port your personal data or to restrict its processing; the right to object at any time to any processing of your data which is based on our legitimate interests, or to withdraw your consent to any processing of your personal data which is based on such consent (as detailed in Section 2 above).
You may designate an authorized agent, in writing or through a power of attorney, to request to exercise your privacy rights on your behalf. The authorized agent may submit a request to exercise these rights by emailing us.
Please note that we may require additional information, including certain personal data, in order to authenticate and process your request. Such additional information may then be then retained by us for legal purposes (e.g., as proof of the identity of the person submitting the request), in accordance with Section 2 above. We may redact from the data which we will make available to you, any personal data related to others.
Please also note that such rights are not absolute. There are instances where applicable law or regulatory requirements allow or require us to refuse to provide some or all of the personal data that we hold about you. In the event that we cannot accommodate your request, we will inform you of the reasons why, subject to any legal or regulatory restrictions.
In compliance with the EU-U.S. DPF and the UK Extension of the EU-U.S. DPF and the Swiss-U.S. DPF Principles, Yotpo Inc. commits to resolve complaints about our collection or use of your personal data. EEA, UK and Swiss individuals with inquiries or complaints regarding our Data Privacy Framework compliance should submit inquiries to privacy@yotpo.com. If you do not receive timely acknowledgment of your DPF Principles-related complaint from us, or if we have not addressed your DPF Principles-related complaint to your satisfaction, Yotpo Inc. further commits to cooperate and comply respectively with the advice of the panel established by the EU data protection authorities (DPAs) and the UK Information Commissioner’s Office (ICO) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to unresolved complaints concerning our handling of human resources data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF in the context of the employment relationship.
Please note that under certain conditions (as described under the DPF Principles Yotpo Inc. adheres to) you can invoke a binding arbitration by delivering a notice to Yotpo Inc. via privacy@yotpo.com. Please also note that Yotpo Inc. is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC).
Additionally, you have a right to lodge a complaint with a competent data protection authority, such as the supervisory authority in the EU Member State of your habitual residence, place of work, or of the alleged GDPR infringement, the UK’s Information Commissioner’s Office, or your State’s Attorney General (as relevant).
Certain data protection laws and regulations, such as the EU and UK GDPR or California’s CCPA, typically distinguish between two main roles for parties processing personal data: the “Data Controller” (or under the CCPA, the “Business”), who determines the purposes and means for processing; and the “Data Processor” (or under the CCPA, the “Service Provider”), who processes the data on behalf of the Data Controller.
Yotpo’s local affiliate relevant to the role for which you apply is typically the Data Controller of its Candidates’ personal data, and with respect to which, assumes the responsibilities of a Data Controller (solely to the extent applicable under the law), and as set forth in this Notice. In such instances, our Service Providers processing such data will assume the role of Data Processors.
For the purposes of Israel’s Protection of Privacy Law, Yotpo Ltd. serves as the “Database Controller” for personal data processed in connection with this Job Candidate Privacy Notice that originates from Israel, and can be contacted at privacy@yotpo.com.
EU Representative: SMSBump Ltd., a Yotpo company situated in Bulgaria, has been designated as Yotpo’s representative in the European Union for data protection matters pursuant to Article 27 of the GDPR. SMSBump may be contacted on matters related to the processing of personal data of individuals in the EU. To make such an inquiry, please send an email to privacy@yotpo.com.
UK Representative: Yotpo UK Limited has been designated as Yotpo’s representative in the United Kingdom for data protection matters pursuant to Article 27 of the UK GDPR. Yotpo UK may be contacted only on matters related to the processing of personal data of individuals in the UK. To make such an inquiry, please send an email to privacy@yotpo.com.
We may update this notice to reflect changes in our privacy practices. If we make any changes that we deem as “material”, we will update this page prior to the change becoming effective.
If you have any comments or questions regarding our data practices or your privacy, or if you have any concerns regarding your personal data held with us, or if you wish to make a complaint about how your personal data is being processed by Yotpo, you can contact our Data Protection Officer at privacy@yotpo.com.
Last updated: 30 December 2025
“Yotpo is a fundamental part of our recommended tech stack.”
Laura Doonin, Commercial Director
Join a free demo, personalized to fit your needs