Lead the AI era of GRC at Elevate 2026 — Join us April 22–24 in Atlanta Register nowarrow_forward
Diligent Logo
Request a demo
menu
menu
Lead the AI era of GRC at Elevate 2026 — Join us April 22–24 in Atlanta Register now
arrow_forward
Partner
Company
Support
Login
language
Diligent Logo
Products
arrow_drop_down
Solutions
arrow_drop_down
Resources
arrow_drop_down
Diligent AI
Request a demo
Governance
Risk
Compliance
Audit
Diligent Boards
Automate meeting prep, secure sensitive data and give directors the clarity to make the best decisions.
BoardEffect
Secure, flexible board management software for nonprofits and higher education.
Entities
Manage subsidiaries with a centralized corporate record that's always up to date.
Community
Increase transparency, streamline governance and empower your school board or local government.
Diligent Market Intelligence
On-demand access to exclusive shareholder activism, executive compensation and ESG data.
FEATURED
Diligent One Platform
Diligent One Platform
Centralize and unify all your board management and GRC activities
Role
Use Cases
Company Type
Industries
General Counsel
Safeguard your organization with centralized oversight of governance, risk and compliance.
Corporate Secretary
Run governance flawlessly with AI tools that eliminate busywork and ensure audit-readiness.
Executive Assistant
Streamline board prep, communications and approvals with AI workflows for seamless meetings.
C-Suite
Accelerate decisions and inspire confidence with AI-powered reporting and real-time risk intelligence.
Directors & Trustees
Prepare faster, mitigate risk and make smarter decisions with purpose-built board tools.
Risk Manager
See enterprise risk in real time, act decisively, and deliver AI-powered insights.
Information Security
Unify IT risk, compliance and cyber oversight in one secure platform.
Compliance Officer
Turn regulatory obligations into clear, actionable metrics — proving compliance and ROI.
Internal Auditor
Connect audit management, analytics and monitoring in a secure, AI-powered hub.
FEATURED
Diligent One Platform
Diligent One Platform
Centralize and unify all your board management and GRC activities
Content Library
Case Studies
Virtual Summits
Events
Resources Hub
Discover all of Diligent's insights in one place. Stay ahead of trends with expert perspectives, exclusive research and information you won't find anywhere else.
MEDIA TYPE
BlogGuidesVideosPodcastsWebinarsResearch & Reports
BY TOPIC
GovernanceRisk & AuditComplianceAI & CyberPublic SectorDiligent Institute
FEATURED
Diligent named a Leader in 2025 Gartner® Magic Quadrant™ for GRC
Diligent named a Leader in 2025 Gartner® Magic Quadrant™ for GRC

In this article

  • Intro
  • 1. Who is responsible for your personal information?
  • 2. Scope of this notice
  • 3. What personal information we collect
  • 4. How we collect your personal information
  • 5. How and why we use your personal information
  • 6. How we use AI in recruitment
  • 7. Sharing your personal information
  • 8. International data transfers
  • 9. How long we keep your personal information
  • 10. How we protect your personal information

Last updated: 30 March 2026

This Candidate Privacy Notice explains how Diligent Corporation and its group companies (“Diligent”, “we”, “us”, or “our”) collect, use, disclose and protect personal information about job applicants and candidates during our recruitment process.

Please read this notice carefully so you understand how and why we use your personal information and the rights you have under applicable data protection laws (“Data Protection Laws”).

For certain countries or regions, this notice should be read together with our Employee and Contractor Privacy Notice, which also applies to your application for employment and, where applicable, your employment or engagement with us.


1. Who is responsible for your personal information?

Diligent is the data controller of your personal information. Diligent operates globally through a number of entities, including (for example) Diligent Corporation, Diligent Boardbooks Limited, Diligent Canada Inc., Diligent Governance Ireland Limited and other group companies listed on our data controllers page. A full and current list of Diligent data controllers and their contact details is available here: https://www.diligent.com/diligent-data-controllers.

You can contact us about this notice at:

    Recruitment queries: recruiting@diligent.com

  1. Data Protection Officer / privacy queries: privacy@diligent.com

2. Scope of this notice

This notice applies to personal information we collect and process about you when you:

  • Apply for a role with us (directly or via a third party such as a recruiter or job board)
  • Join a talent community or candidate pool
  • Participate in interviews, assessments or other stages of our recruitment process
  • Communicate with us about potential roles (including speculative applications)

It does not apply to your use of our products and services as a customer, which is covered by our main Diligent Privacy Policy available on our website at https://www.diligent.com/legal/privacy

If you subsequently become an employee or contractor, our Employee and Contractor Privacy Notice (and any local privacy notices) will apply in addition to this notice.


3. What personal information we collect

Identifiers

  • Personal details/identifiers (e.g., name, title, preferred pronouns, date of birth where required, Social Security number or other government identification number).
  • Contact details (e.g., phone number, email address, postal address or mobile number, country of residence/citizenship).

Biometric information

  • Photographs.

Internet or other similar network activity

  • Information regarding your interaction with our careers site, applicant tracking system or recruitment tools (e.g., IP address, device identifiers, log data, cookies and similar tracking technologies).
  • Visitor badge data in relation to office attendance

Sensory data

  • Audio, electronic, visual, or similar information, including CCTV footage where you attend our offices, video interview recordings, and other audiovisual materials you provide (e.g., pre-recorded interview responses or voice notes).
  • Education information (e.g., educational history, qualifications, certifications, skills).
  • Application information (e.g., CV/resume, cover letter, work history, professional memberships, languages, salary expectations, notice period).
  • Recruitment process data (e.g., interview notes and recordings where applicable, assessment results, communications and correspondence with us, scheduling information, feedback from interviewers and recruiters).
  • Citizenship or immigration information.
  • Background check information from employment screening agencies, consumer reporting agencies, or publicly available registers (as allowed by law), including identity verification, right-to-work checks, criminal record checks, credit checks and other screening results, references and performance information obtained from former employers, as permitted by local law.

Sensitive Personal Information

  • Information about race, ethnic origin, age, gender identity, religion or sexual orientation for diversity monitoring purposes, where you choose to provide it.
  • Health or disability information to provide any reasonable accommodation or adjustment required during the recruitment process.
  • Criminal background check information for vetting purposes and suitability assessment (in accordance with applicable local laws).

We only collect special categories of personal data (such as health information or certain diversity data) where this is lawful, appropriate, and strictly necessary, and we will do so with appropriate safeguards and, where required, your explicit consent.


4. How we collect your personal information

We collect personal information about you from a variety of sources:

  • Directly from you – when you submit an application, attend an interview, complete an assessment, email or otherwise communicate with us.
  • From third parties – such as recruitment agencies, background screening providers, professional networking platforms, referees you nominate, and job boards, all in accordance with applicable law.
  • From people you know at Diligent – you may be referred to a role at Diligent by someone you know when they think you may be a suitable candidate. If you do not wish us to keep your details for this purpose, you can ask us to delete this information at any time (see Your rights below).
  • From public sources and AI‑assisted sourcing – for some roles, we may use AI‑assisted tools to help our recruiters identify potential candidates from publicly available professional information, such as profiles on professional networking sites or your own professional website. We use this information only to assess whether you might be a fit for roles at Diligent and to contact you about opportunities. If you do not wish us to keep your details for this purpose, you can ask us to stop contacting you and to delete this information at any time (see Your rights below). Note that Diligent does not use artificial intelligence technologies to make any automated decisions about you. By automated decisions, we mean decisions with little or no human involvement that have a legal or significant effect on you (e.g., to get hired).
  • Automatically – through cookies and similar technologies when you visit our careers website or applicant tracking system, as described in our Cookie Policy at https://www.diligent.com/legal/cookie-policy.

5. How and why we use your personal information

In certain jurisdictions, we must have a legal basis to process your personal information. In such jurisdictions we use your personal information only where we have a lawful basis to do so. The main purposes and legal bases for processing your personal information are:

5.1 To manage our recruitment process

We process your personal information to:

  • Receive, review and manage job applications • Evaluate your skills, qualifications and suitability for available roles
  • Schedule and conduct interviews and assessments
  • Communicate with you about your application and recruitment status
  • Make hiring decisions and prepare and issue offers of employment or engagement

Legal bases: - Taking steps at your request prior to entering into a contract (employment or engagement) - Our legitimate interests in recruiting and hiring qualified candidates - Compliance with legal obligations (for example, right‑to‑work checks and equal opportunities requirements)

5.2 To manage our talent pipeline

We may retain your profile in our talent pool and consider you for other current or future roles, including where:

  • You apply for one role but may be suitable for another
  • You consent to us keeping your details on file for future opportunities

Legal bases: - Our legitimate interests in building and managing a talent pipeline - Your consent to the processing for the purpose of evaluating your suitability for available roles

You can ask us at any time not to consider you for other roles or to delete your profile (see Section 11 – Your rights).

5.3 To improve and secure our recruitment processes

We use candidate data to:

  • Analyze and improve our recruitment channels, tools and processes
  • Monitor the effectiveness and fairness of our hiring practices
  • Maintain the security and integrity of our systems and premises

Legal bases: - Our legitimate interests in operating efficient, secure and fair recruitment processes - Compliance with legal obligations (for example, equal opportunities monitoring where required by law)

5.4 Diversity initiatives

Where permitted by law and usually on an optional basis, we may collect limited diversity‑related information to:

  • Monitor and advance our diversity at Diligent
  • Meet reporting obligations to regulators or other authorities, where applicable

Legal bases: - Your explicit consent (where required under local law) - Substantial public interest (where permitted under local law) - Our legitimate interests in promoting diversity, with appropriate safeguards

We may process your personal information to:

  • Comply with employment, social security, tax, anti‑discrimination, immigration and other legal obligations
  • Respond to lawful requests from public and governmental authorities
  • Establish, exercise or defend legal claims

Legal bases: - Compliance with legal obligations - Our legitimate interests in protecting our legal rights and interests - In limited cases, protection of your or another person’s vital interests (for example, in a medical emergency)


6. How we use AI in recruitment

We use AI‑enabled tools to support aspects of our recruitment process. For example, these tools help us to:

  • Record and transcribe interviews so our teams can focus on the conversation rather than note‑taking
  • Generate and reference AI‑assisted notes and highlights from interviews • Surface candidates who appear to match the skills and experience for a role
  • Assist with scheduling and answering common candidate questions

These tools assist our recruiters and hiring managers and do not make final hiring decisions. Diligent does not use artificial intelligence technologies to make any automated decisions about you. By automated decisions, we mean decisions with little or no human involvement that have a legal or significant effect on you (e.g., to get hired). AI generated scores, rankings or summaries, are always reviewed and evaluated by trained members of our Talent Acquisition or hiring teams.

We do not use AI in our recruitment process to:

  • Perform emotion recognition or analyze facial expressions
  • Carry out “social scoring” or similar profiling
  • Infer your race, ethnic origin, political views, religious beliefs, health status or sexual orientation from your data

Examples of AI-enabled tools we may use

We may use the following categories of tools in our recruitment process (our specific vendors and configurations may change over time):

  • Applicant tracking and workflow tools – to manage applications, track stages in the process and support candidate matching and workflow automation.
  • Interview intelligence tools – to record and transcribe live interviews and generate AI‑assisted notes and highlights for our teams. These tools do not, by themselves, make hiring decisions.
  • AIassisted sourcing tools – to surface potential candidates from public professional profiles for recruiter review.
  • AI assistants for scheduling and FAQs – to help coordinate interviews and answer common questions, clearly identified as an AI assistant in all interactions.

In all cases, AI outputs (such as summaries, rankings or suggested matches) are reviewed by our members of our Talent Acquisition or hiring teams before any decision is made about your application Where AI is used as part of your assessment, we will tell you about this in the relevant candidate communication, such as the invitation email for the stage, as well as your opt-out choices.


7. Sharing your personal information

We may share your personal information with:

  • Other Diligent group companies – for example, where a hiring manager, HR or leadership team member is based in another country or where you may be considered for roles in other Diligent group entities.
  • Service providers and business partners – such as applicant tracking system providers, background screening providers, assessment providers, recruitment agencies, IT and security service providers, and professional advisors. These parties act as processors or independent controllers, as appropriate, and are bound by contractual obligations to protect your data in line with Data Protection Laws.
  • Public and governmental authorities – where required to comply with law or respond to lawful requests (for example, immigration authorities, tax authorities, law enforcement or regulators).
  • Corporate transactions – in connection with any merger, acquisition, reorganization, sale of assets or similar corporate transaction involving Diligent, in accordance with applicable law.

We do not “sell” or “share” candidate personal information, as those terms are defined under applicable data protection laws.


8. International data transfers

Your personal information may be transferred to, stored, and processed in a country other than the one in which it was provided, within Diligent (especially because our HR support functions are primarily located in the US) or externally. When we do so, we transfer the information in compliance with applicable data protection laws.

Where the transfer is to a country that is not regarded as ensuring an adequate level of protection for personal information under European Union law, we have put in place appropriate safeguards in accordance with applicable legal requirements to ensure that your data is adequately protected. For more information on the appropriate safeguards in place or if you wish to see a copy of the relevant mechanism that we use to transfer your personal information, please contact us at privacy@diligent.com.

Diligent Corporation (“Diligent”) complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. Diligent has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union and the United Kingdom in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF. Diligent has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF Program) and to view our certification, visit the US Department of Commerce’s Data Privacy Framework List: https://www.dataprivacyframework.gov/.

In the context of an onward transfer, Diligent is responsible for the processing of personal data it receives, under each Data Privacy Framework, and subsequently transfers to a third party acting as an agent on its behalf. To the extent provided by the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, Diligent remains liable under each respective Data Privacy Framework if Diligent’s agent processes personal data in a manner inconsistent with such Data Privacy Framework, unless Diligent proves that it is not responsible for the matter giving rise to the damage.

With respect to personal data received or transferred under the Data Privacy Frameworks, Diligent is subject to the regulatory enforcement powers of the US Federal Trade Commission. In certain situations, Diligent may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

In compliance with the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, Diligent commits to cooperate and comply with the advice of the panel established by the EU data protection authorities (DPAs), the UK Information Commissioner’s Office (ICO) and the Swiss Federal Data Protection and Information Commissioner (FDPIC), respectively, with regard to unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF, the UK Extension to the

EU-U.S. DPF and the Swiss-U.S. DPF. Under certain conditions, described in more detail on the Data Privacy Framework website here, you may be entitled to invoke binding arbitration when other dispute resolution procedures have been exhausted.


9. How long we keep your personal information

We keep your personal information only for as long as necessary to fulfil the purposes described in this notice and to comply with our legal obligations. The exact period can vary depending on the role, the country, and applicable law.

We will retain your personal information for as long as is reasonably necessary to:

  • Administer and document the recruitment process for the role(s) you have applied for
  • Demonstrate that our processes are fair, non‑discriminatory and compliant with applicable laws
  • Respond to queries, complaints or legal claims relating to the recruitment process
  • Meet applicable legal, regulatory, tax, accounting and record‑keeping requirements

The length of time we keep your information will depend on factors such as:

  • The amount, nature and sensitivity of the personal information
  • The purposes for which we process it and whether we can achieve those purposes by other means
  • Applicable legal, regulatory or supervisory authority guidance in your country

When we no longer need your personal information, we will securely delete or anonymise it in line with our data retention policies. If there is any information that we are unable, for technical reasons, to delete entirely from our systems, we will put in place appropriate measures to prevent any further processing or use of the data.


10. How we protect your personal information

We implement appropriate technical and organizational measures to protect your personal information against unauthorized access, loss, misuse, alteration or destruction, in line with our Global Security Policy and related standards. These measures include, for example:

  • Access controls and role‑based permissions
  • Encryption and secure transmission where appropriate
  • Security monitoring, incident response and regular testing
  • Employee and contractor training on security and privacy obligations

We limit access to your personal information to those employees, agents, contractors and other third parties who have a business need to know.