Who this notice applies to
This Candidate Privacy Notice explains how relevant Bybit entities process personal data about individuals who apply for roles with Bybit, are considered for employment, participate in recruitment processes, attend interviews or assessments, or otherwise share information with us in connection with potential employment, engagement, internship, or contractor opportunities.
This notice does not form part of any employment contract, contractor agreement, internship agreement, or offer of employment.
Who is the controller of your personal data
The controller of your personal data will be the Bybit legal entity that would enter into the employment agreement, contractor agreement, internship agreement, or similar engagement agreement with you if your application is successful.
As this may depend on the role, location, employing entity, and internal hiring structure, the exact Bybit controller entity will be provided to you after submission of your application and before, or at the latest when, we proceed further with your recruitment process.
For European Economic Area-based roles, the controller will be one of the following entities:
Personal data we collect
We may collect and process the following categories of personal data during the recruitment process.
Application and contact details
- First name, last name, preferred first name
- Email address and phone number
- Resume / CV and cover letter
- Information included in your application, attachments, correspondence, or interview responses
Recruitment eligibility and application questions
- Whether you are legally authorised to work in the country where the role is based
- Your current location, including city and country
- Whether you are open to relocation for the role
- Your earliest available start date
- Your current employment status
- Your highest level of education
- Confirmation that the information provided in your application is complete and accurate
Additional verification or offer-related information
At later stages of the recruitment process, we may invite you to provide additional information relevant to verifying information you have provided, confirming previous employment, preparing or finalising a potential offer, or completing related recruitment administration.
We will only request information that is relevant and proportionate. You should not provide information that is not requested or not relevant. Where documents are requested, you may redact information that is not relevant to the specific purpose. Where we rely on your consent, you may refuse to provide the information or withdraw your consent at any time.
Information from other sources
Where permitted by applicable law, we may receive personal data about you from recruitment agencies, employee referral sources, professional networking platforms, publicly available professional profiles, background verification providers, former employers, referees, or other sources relevant to your application.
Why we process your personal data and the legal bases
We process your personal data only where we have a lawful basis to do so under applicable data protection law.
Pre-contractual steps
Processing necessary to take steps at your request before entering into an employment, contractor, or internship agreement — including reviewing your application, assessing suitability, arranging interviews, and preparing an offer.
Legitimate interests
Processing necessary for Bybit's legitimate interests — including identifying and evaluating candidates, managing recruitment efficiently, maintaining accurate records, ensuring fair decision-making, and preventing fraud or misrepresentation.
Legal obligations
Processing necessary to comply with legal obligations — including employment law, immigration and right-to-work checks, equality requirements, audit, record-keeping, and responses to lawful requests from courts or regulators.
Consent
Where we ask for your agreement to a specific processing activity — such as retaining your application data for future opportunities, or providing additional verification information at a later stage. You may withdraw consent at any time without affecting the lawfulness of prior processing.
What happens if you do not provide personal data
Certain personal data is necessary for us to consider and manage your application — including your name, contact details, resume, eligibility information, and information relevant to your suitability for the role. If you do not provide this information, we may be unable to consider your application.
Providing additional verification or offer-related information is generally optional and requested only at later stages. Where we rely on consent, you may refuse or withdraw at any time. However, where information is necessary to complete a specific verification or pre-contractual step, we may be unable to complete that step without it.
Who we share your personal data with
We may share your personal data, where necessary and proportionate, with:
- Bybit group companies involved in recruitment, HR, legal, finance, compliance, or hiring decisions
- Hiring managers, interviewers, HR personnel, recruiters, and relevant internal stakeholders
- Recruitment agencies, search firms, and referral partners
- Applicant tracking system providers, recruitment software providers, interview scheduling tools, assessment platforms, and other IT service providers
- Background check providers, where checks are legally permitted and relevant to the role
- Professional advisers including legal advisers, auditors, and tax advisers
- Public authorities, courts, regulators, law enforcement bodies, or other recipients where required or permitted by law
- Potential buyers, investors, or advisers in connection with a business transaction, restructuring, or due diligence process, subject to appropriate safeguards
Where service providers process personal data on our behalf, we require them to process data only in accordance with our instructions and to apply appropriate confidentiality, security, and data protection safeguards.
International transfers
Bybit operates internationally. Your personal data may be transferred to, accessed from, or stored in countries outside the European Economic Area, including countries that may not provide the same level of data protection as your country of residence.
Where we transfer personal data outside the EEA, we will implement appropriate safeguards as required by GDPR — such as European Commission Standard Contractual Clauses, adequacy decisions where applicable, transfer risk assessments, and supplementary technical, organisational, or contractual safeguards where required.
How long we keep your personal data
We retain personal data only for as long as necessary for the purposes for which it was collected.
| Scenario | Retention period | Basis |
|---|---|---|
| Active application in progress | Duration of recruitment process | Art. 6(1)(b) — pre-contractual |
| Application rejected or closed — no talent pool consent | As determined by applicable legal requirements and necessary to manage your application, subject to any legally required retention periods or retention needed for legal claims | Art. 6(1)(f) — legitimate interest |
| Application rejected or closed — talent pool consent given | Up to 2 years after application closed or rejected, unless consent is withdrawn earlier | Art. 6(1)(a) — consent |
| Verification / offer-related documents | No longer than the applicable retention period above, unless a longer period is required by law or needed for legal claims | Art. 6(1)(b) / Art. 6(1)(c) |
Security
We use appropriate technical and organisational measures designed to protect your personal data against unauthorised access, loss, misuse, alteration, disclosure, or destruction.
Automated decision-making and profiling
We do not make recruitment decisions based solely on automated processing that produces legal effects concerning you or similarly significantly affects you. Final recruitment decisions always involve human review.
We may use recruitment systems to support application management, workflow, scheduling, search, or candidate administration — but these tools assist rather than replace human judgement in recruitment decisions.
Your data protection rights
Subject to applicable law and any limitations under GDPR, you may have the following rights:
To exercise any of these rights, or for privacy-related questions, contact the Data Protection Office of the relevant controller identified in your job application or recruitment form.
Accuracy of your information
You are responsible for ensuring that the information you provide during the recruitment process is accurate, complete, and up to date. Please notify us if your personal data changes during the recruitment process.
Third-party personal data
If you provide personal data about another person — such as a referee, former manager, or other third party — you should ensure that you are permitted to share that information with us and, where appropriate, provide that person with a copy of this notice or inform them how to access it.
Updates to this notice
We may update this Candidate Privacy Notice from time to time. The updated version will apply from the date it is made available to you, unless otherwise stated.