CarGurus Global Privacy Notice for Employment Candidates

Date
January 26, 2025


Introduction 
Thank you for considering a job at CarGurus! 

This privacy notice (“Notice”) applies to the processing of Personal Information collected in connection with career opportunities and the hiring process at CarGurus, Inc., its brands, and affiliates (collectively, “CarGurus,” “we,” or “our”). This Notice, together with other notices provided at the time of data collection, explain what Personal Information we collect about you, how we use this Personal Information, and your rights regarding this Personal Information. California, Canada, UK, and EU candidates should also refer to the Additional Information sections of this Notice.

The data controller for the processing of your Personal Information is the CarGurus entity in the country from which you would work if you were offered a job at CarGurus. If you are unsure which country or entity this would be, please write to us using the instructions in the Contact Us section below.


For information about cookies and other tracking technologies on the CarGurus Career Site, please visit the Career Site Cookie Settings.

For information about data practices related to CarGurus’ products, please visit the CarGurus.com Privacy Policy.


Personal information
In the application and hiring process, we collect Personal Information from you directly, from your referees and other third parties (such as former employers or background check agencies), and through publicly-accessible sources (such as LinkedIn). 

When we say Personal Information in this Notice, we mean information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with you. 

Examples of Personal Information that we collect or use, to the extent permitted by local law, include the following: 
  • Name and Contact Information, such as your home address, phone number, and email address. 
  • National Identifiers, such as your national ID/passport, citizenship status, residency and visa or work permit information, social security number or other taxpayer/government identification number. 
  • Education and Background Information, such as information about your employment and education history, degrees, certifications, or licenses, information related to any legal disputes or disputes that may arise, collected from you, referees, and other third parties (such as background check companies), during the application process. This includes any other information you make publicly available generally (such as on social media) or that you provide to us (such as information included in your resume, cover letter, or in this career portal).
  • Professional or Employment Information, such as information about your desired salary, willingness to relocate, other job preferences, interview details, and outcomes of any recruiting exercises you complete. We may also receive information such as your education and work experience, and whether you are subject to any prior employer obligations, from third-party data providers who have the rights to provide us with your information. These partners collect your information from publicly available sources, or through third parties they work with.
  • Demographic data or other characteristics of protected classifications, if you disclose such information, such as your date of birth and gender as well as more sensitive personal information (also known as special category data), including information relating to racial and ethnic origin, religious, political or philosophical beliefs, trade union membership, parental status, military status, or information about your health, disabilities, sexual orientation, gender identity, and transgender status. Where the processing of this personal information is not required by law, we will seek your consent to process your data and, in the consent mechanism, we will explain the purposes for which we will use your data. This will be voluntary, and you may decide whether or not to give consent.

How we use your personal information
We use the Personal Information described above in the context of your candidacy for employment at CarGurus. Our business purposes for collecting this information include the following: 

To consider you for, and assess your suitability for, employment opportunities with CarGurus. 
For example:
  • To receive, consider, and reply to your application;
  • To verify the information you or others provide, and to check your references;
  • To assess your suitability for the opportunity you applied for, and in certain cases, for other opportunities at CarGurus;
  • To facilitate the interview/recruiting process;
  • To prepare an offer letter, if your application is successful;
  • To determine your eligibility to work in the jurisdiction to which you are applying;
  • If you were referred, to inform the referrer of the status and final outcome of your application; and
  • Where we have identified you as a potential candidate from information that we've collected from public sources, in order to suggest suitable opportunities for you at CarGurus.
 
To stay in touch and engage with you. In considering you for opportunities at CarGurus we may consider you for current and future opportunities. We may contact you from time to time, for example, to invite you to events we organize or sponsor, send you alerts or recommendations about opportunities at CarGurus, or ask you for updates. You can opt-out of these communications at any time.
 
To maintain and improve our recruiting processes, for internal planning and management reporting, and to comply with laws and regulations, for example:
  • To manage and improve our careers portal and our recruiting processes, for instance, to make the application process easier and more efficient;
  • To prepare and perform management reporting and to perform analysis related to recruiting metrics, such as length of the recruiting process;
  • To defend your or our interests in actual or threatened legal proceedings, or regulatory, administrative, or legislative inquiries or investigations;
  • To maintain the safety, integrity, and security of CarGurus, its employees, and others as required or permitted by law, including but not limited to conducting background and security checks;
  • To protect the health and safety of employees and others in our facilities to the extent permitted by applicable law (e.g., to monitor the spread of infectious diseases in the workplace (where appropriate); and
  • To create and submit reports as required by applicable law or regulation.

If you accept a conditional offer from us, we process your information for background verification (to the extent permitted by applicable laws). We'll provide further information regarding this processing upon the start of the background verification process.

Automated decision-making
Automated decision-making takes place when an electronic system uses personal information to make a decision without human intervention. We do not envisage that any decisions will be taken about you using automated means, however we will notify you in writing if this position changes.

How we disclose your personal information
We will, from time to time, send some of your personal data to certain recipients as detailed below:
  • Other group companies: We may transfer your personal data to other CarGurus group companies for the legitimate interests of CarGurus, to the extent to which they need access to your data because they are involved in the recruitment processes in which you participate and to facilitate group HR management and group wide human resources planning and administration (including adequate staffing and in connection with management of the CarGurus group structure); 
  • Transfers to service providers: We may transfer your data to service providers assisting us in the development, performance and management of our recruitment process; and
  • Transfers to third parties: CarGurus may transfer your personal data to other third parties in order to comply with our legal obligations and/or for the legitimate interests pursued by CarGurus.
  • We may also transfer or submit your personal data to a buyer / investor or potential buyer / investor in connection with a sale or other transfer of all or part of our shares, assets or business.  The purpose of such processing is to allow for the sale or transfer and the legal basis for doing so is our legitimate interest in being able to manage our business by conducting such a sale or transfer.
 
How long we retain your personal information
We’ll retain your Personal Information (as set out in the preceding sections), for as long as is required in order to comply with our legal obligations, to resolve disputes and to enforce our contractual agreements, or as necessary for our legitimate interests, such as to consider you for other current and future employment opportunities at CarGurus. 

If you’re successful in your application for a position at CarGurus, we retain the Personal Information you provide during the application process, and information about your application process, as part of your employee records. 

If you no longer want us to use your information 
Making an application to us is entirely voluntary on your part, so by making an application you are expressly agreeing that we can use your information in order to decide whether to contact you, discuss employment possibilities with you, and/or offer you employment. If you do make an application but subsequently decide, before we make any decision, that you do not want us to use your information, you can let us know and we will stop using it (we may retain a copy in our files as described in this Notice).  However, this means you will no longer be eligible for employment.

Data security
We are committed to protecting the privacy and security of your Personal Information. We have put in place appropriate security measures to protect your personal data, including measures preventing your personal data from being accidentally lost, used or accessed in an unauthorized way, altered or disclosed.  In addition, we limit access to your personal information to only those employees, agents and contractors who are authorized to access your data.

Notice regarding lie detector tests
It is unlawful in Massachusetts to require or administer a lie detector test as a condition of employment or continued employment. An employer who violates this law shall be subject to criminal penalties and civil liability.

Changes to this notice
We may change this Notice from time to time, as required. If we make any material changes to the Notice, we’ll prominently post the changes on this page and take any other steps required by applicable law. Please refer to the date at the top of this Notice for the last-updated version. 

Contact us
If you have any questions or concerns about this Notice and the practices described herein, or wish to avail yourself of your data privacy rights, please contact privacy@cargurus.com.