Avature Global Privacy Statement

Effective Date: February 20, 2024

Maximus commitment to privacy

Thank you for visiting the Maximus Careers Center website.  Maximus operates this site for recruiting, recruitment management, and talent management activities. 

Maximus, Inc., including our subsidiaries defined below (hereafter “Maximus”) respects your privacy and we have developed the following statement to demonstrate our commitment to you. This privacy statement applies to personal information we collect about you in connection with your application for employment or interest in potential employment opportunities at Maximus and personal information we collect for talent management activities. This statement describes the types of information collected, how that information is used, and the choices users have about collection and use of this information. This privacy statement does not govern privacy practices associated with offline activities, websites other than this Site, or products and services not available or enabled via this Site, except as expressly set forth in this Privacy Statement

We collect, use, and are responsible for certain personal information about you. When we do so, we are subject to various laws in the United States, including the California Consumer Privacy Act of 2018 (CCPA) as amended by the California Privacy Rights Act of 2020 (CPRA); the United Kingdom General Data Protection Regulation (UK GDPR); the Canada Personal Information Protection and Electronic Documents Act (PIPEDA);  the Alberta Personal Information Protection Act (Alberta PIPA); the British Columbia Personal Information Protection Act (BC PIPA); and the Quebec Act Respecting the Protection of Personal Information in the Private Sector (Quebec  Private Sector Act) (hereinafter “Data Protection Laws”). We are responsible as the “controller” of that personal information for the purposes of those data protection laws.

We, us, our

Maximus, Inc. (US)

Maximus UK Services Limited (UK)

BZ Bodies, Ltd. (UK)

Connect Assist, Ltd. (UK)

Maximus Canada Services (Canada)

Personal data / Personal Information

Any information relating to an identified or identifiable individual

Special category personal data / Sensitive personal information

Personal data revealing personal identification numbers (e.g., social security, driver’s license, state ID); racial or ethnic origin, political opinions, religious beliefs, philosophical beliefs, or trade union membership; genetic data; biometric data (when processed to uniquely identify an individual); data concerning health, sex life, or sexual orientation; or precise geolocation

Data subject

The individual who the personal data relates to

Controller

Maximus: the natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data

Data Processor

A natural or legal person, public authority, agency or other body which processes personal data on behalf of the Maximus (the controller)

Service Provider

A natural or legal person or for-profit legal entity that processes information on behalf of Maximus (the controller)

We may collect the following personal information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular individual, consumer or household. The list is not exhaustive:

Categories of Personal Information Specific Types of Personal Information Collected
Identifiers (e.g., a real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, social security number, driver’s license number, passport number, or other similar identifiers) Name, Address, Email Address, Telephone Number, Social Security number, Internet Protocol (IP) address
Information that identifies, relates to, describes, or is capable of being associated with, a particular individual, including, but not limited to, his or her name, signature, social security number, physical characteristics or description, address, telephone number, passport number, driver’s license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information. Name, Address, Email Address, Telephone Number, Education History, Employment History, Citizenship. This information may overlap with other categories
Internet or other electronic network activity information (e.g., browsing history, search history, and information regarding a consumer’s interaction with an Internet Website, application, or advertisement) Internet Protocol (IP) address
Geolocation data IP address of internet-connected devices to the real-world geographic location
Professional or employment-related information Employment History, including employer name, address, contact information, and dates of employment
Education information Education History, including institution name, address, dates of attendance, and graduation date

This personal information is required to provide talent acquisition services to you. If you do not provide the personal information we ask for, it may delay or prevent us from considering your application for employment.

We collect most of the personal information directly from you when you submit an application for employment. We may also collect information:

  • From publicly accessible sources (e.g., LinkedIn, Facebook, Indeed);
  • Directly from a third party (e.g., SeekOut); and
  • From cookies on our website

We collect most of the personal information directly from you when you submit an application for employment. We may also collect information:

  • From publicly accessible sources (e.g., LinkedIn, Facebook, Indeed);
  • Directly from a third party (e.g., SeekOut); and
  • From cookies on our website

We routinely share personal information with:

  • Our affiliates, including companies within the Maximus Inc. group;
  • Service providers and processors we use to help deliver our talent acquisition and employment services to you.

We only allow our service providers and processors to handle your personal information if we are satisfied that they take appropriate measures to protect your personal information. We also impose contractual obligations on service providers/processors to ensure they can only use your personal information to provide services to us and to you.

We may disclose and exchange information with law enforcement agencies and regulatory bodies to comply with our legal and regulatory obligations.

We may also need to share some personal information with other parties, such as potential buyers of some or all of our business or during a re-structuring. We will typically anonymize information, but this may not always be possible. The recipient of the information will be bound by confidentiality obligations.

Maximus may also disclose personal information to federal or state law enforcement authorities to enforce our rights against unauthorized access or attempted unauthorized access to Maximus information technology assets.

Maximus may disclose personal information to our agents, affiliates, and subcontractors so they can perform certain functions relating to talent acquisition.

Maximus does not share your personal information with unaffiliated third parties. We may use your information to improve the Site’s content, navigation, and efficiency. To make our Site better for you, we may use and share with others aggregated or anonymous (not personally identifiable) information that we collect from usage data, surveys, or statistical information we gather about our users.

The above does not apply to special categories of personal information, which we will only process with your explicit consent.

We do not sell personal information.

We do not sell sensitive personal information.

In the preceding 12 months, we have disclosed for a business purpose to one or more service providers or processors the following categories of personal information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household:

  • Identifiers
  • Information that identifies, relates to, describes, or is capable of being associated with, a particular individual
  • Internet or other electronic network activity information
  • Geolocation data
  • Professional or employment-related information
  • Education information

We do not disclose personal information to a third party for business reasons.

We may use your personal information to send you updates (by email, text message telephone, or mail) about employment opportunities with Maximus. We will always treat your personal information with the utmost respect and never sell or share it with other organizations for marketing purposes. You have the right to opt out of receiving communications at any time by:

  • Contacting us at the contact information provided below;
  • Using the “unsubscribe” link in emails; or 
  • Typing “STOP” in texts

We may ask you to confirm or update your contact information if you instruct us to provide further information regarding talent acquisition in the future, or if there are changes in the law, regulation, or the structure of our business.

All information is stored in data centers located in the United States. Information is also accessed and held in the country of collection and at Maximus global office locations in Canada, the United States, and the United Kingdom.

To deliver services to you, it is sometimes necessary for us to share your personal information outside of the country of collection. Information may be transferred to the country of Maximus offices located in:

  • Canada
  • United States
  • United Kingdom

These transfers are subject to special rules under Canada, and UK data protection law. We ensure the transfer complies with data protection laws and all personal information will be secure.

If you would like further information, please contact us (see “How to contact us” below).

Right to Access

You have the right to ask us for copies of your personal information.

Right to Rectification

You have the right to ask us to rectify personal information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.

Right to Erasure

You have the right to ask us to erase your personal information in certain circumstances.

Right to Restriction of Processing

You have the right to object to the processing of your personal information in certain circumstances.

Right to Data Portability

You have the right to receive the personal information you provided to us, in a structured, commonly used, and machine-readable format and/or transmit that data to a third party in certain situations.

For further information on each of those rights, including the circumstances in which they apply, see the guidance from the UK Information Commissioner's Office (ICO) on individual rights under the General Data Protection Regulation.

We hope that the Maximus Data Protection Officer (DPO) can resolve any query or concern you raise about our use of your information. Please see the How to exercise your rights' section for contact details.

You can also file a complaint with the Information Commissioner’s Office if you are unhappy with how we have used your data. The ICO may be contacted at:

Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Helpline number: 0303 123 1113

Right to Know

You have the right to know what personal information is being collected about you and for what purpose. You have the right to know what personal information is being “sold” or “shared” for what purpose and the categories of recipients of your personal information. You have the right to access your personal information.

Please note that you may only make a CCPA-related data access or data portability disclosure request twice within a 12-month period.

Right to Correct

You have the right to have your personal information rectified, corrected, or updated.

Right to Deletion

Subject to certain exceptions, you have the right to delete your personal information from our records and to direct any service providers to delete your personal information from their records.

Data Portability

You have the right to request that we respond to an access request in a readily useable format that allows you to transmit the information to another entity.

Please note that you may only make a CCPA-related data access or data portability disclosure request twice within a 12-month period.

Protection Against Discrimination

You have the right to not be discriminated against by us because you exercised any of your rights under the CCPA/CPRA.

Right to Access

You have the right to ask us for copies of your personal information.

Right to Rectification

You have the right to ask us to rectify personal information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.

Under Quebec (Quebec Private Sector Act, you also have the right to data portability. You have the right to receive the personal information you provided to us, in a structured, commonly used, and machine-readable format and/or transmit that data to a third party in certain situations.

If you would like to exercise any of your rights as described in this Privacy Policy, please:

If you choose to contact us directly, you will need to provide us with:

  • Enough information to identify you, such as:
    • Full name
    • Email address
    • Mailing address
    • Reason you provided the information to Maximus
  • Proof of your identity and address
  • A description of what right you want to exercise and the information to which your request relates.

We are not obligated to make a data access or data portability disclosure if we cannot verify that the person making the request is the person about whom we collected information, or if someone is authorized to act on such person’s behalf. Any personal information we collect from you to verify your identity in connection with your request will be used solely for the purposes of verification.

For individuals located in Canada, and the United States, Maximus keeps the information we collect through this Site and through data collected from a third-party for the purposes of talent acquisition for a period of five (5) years from the date of your last interaction with us. For individuals located in the United Kingdom, we keep the information we collect through this Site and through data collected from a third-party for the purposes of talent acquisition for a period of one (1) year from the date of your last interaction with us. In the event of a change in systems, we may retain information for one (1) additional year.

For individuals located in Canada, the United Kingdom, and the United States, Maximus keeps employee data for a period of ten (10) years after employee termination. We will not retain your personal information for longer than necessary for the purposes set out in this policy.

When it is no longer necessary to retain your personal information, we will delete or anonymize it.

We maintain record retention policies and procedures based on applicable law and business needs that determine how long we retain records, including those containing personal information. To learn more about the rules for keeping your information or to opt-out of the data collection, please contact us at the contact information below.

When you visit the Site, our web server automatically collects your Internet Protocol (IP) address.

Like most websites, we use "cookies," "web beacons," and similar devices. They help you use the Site more efficiently. They also track your activities. A cookie is a small bit of data that a web server sends to your browser. Only the server that gave it to you can read it. It is your ID card for the Site. It lets Maximus record your activities and preferences. It cannot be used as code or send viruses. A web beacon is a small transparent GIF image. It is embedded in an HTML page or email. It tracks when the page or email was viewed.

If you do not want your browser to accept cookies, you can change the cookie option in your browser settings. Some Site features or services may not work or be accessible without cookies. For more information, please read the Cookie Policy.

"Do Not Track" is a preference you can set in your web browser. It tells websites you visit that you do not want them to collect information about you. The Site does not respond to "Do Not Track" or such signals.

Maximus is strongly committed to protecting personal information collected through this Site. We protect against unauthorized access, use, or disclosure. Maximus limits employees’ access to personal information collected through this Site. Only those employees who need to access the Site to perform their official duties can access it. All employees follow rules for disclosing personal information.

Maximus uses technical security measures and procedures to protect the personal information we collect through the Site. We protect it from getting lost, misused, changed, or destroyed. We have Information Security and Privacy policies to protect data. We give our employees regular training on information security and privacy. Because the Internet is open and unsecured, Maximus cannot be responsible for the security of personal information sent over the Internet. We have a formal incident response plan in case of a data breach.

To protect your communications through the Site, we authenticate, monitor, audit, and encrypt activity. You can tell if a site is secure by looking at the location (URL) field. The content comes from a secure server if the URL starts with https:// instead of http://. This means unauthorized persons cannot read or decipher your personally identifiable information. This is part of our commitment to protect your information. Despite our efforts, no security measures are completely secure. By using this system, you consent to monitoring and auditing.

Maximus is strongly committed to protecting personal information collected through this Site. We protect against unauthorized access, use, or disclosure. Maximus limits employees’ access to personal information collected through this Site. Only those employees who need to access the Site to perform their official duties can access it. All employees follow rules for disclosing personal information.

Maximus uses technical security measures and procedures to protect the personal information we collect through the Site. We protect it from getting lost, misused, changed, or destroyed. We have Information Security and Privacy policies to protect data. We give our employees regular training on information security and privacy. Because the Internet is open and unsecured, Maximus cannot be responsible for the security of personal information sent over the Internet. We have a formal incident response plan in case of a data breach.

To protect your communications through the Site, we authenticate, monitor, audit, and encrypt activity. You can tell if a site is secure by looking at the location (URL) field. The content comes from a secure server if the URL starts with https:// instead of http://. This means unauthorized persons cannot read or decipher your personally identifiable information. This is part of our commitment to protect your information. Despite our efforts, no security measures are completely secure. By using this system, you consent to monitoring and auditing.

We do not collect, and we do not sell information regarding children 16 and under.

This privacy notice was published on February 20, 2024.

We may change this privacy notice from time to time. When we do, we change the "Last updated" date at the top of the privacy statement. Check the Site for our latest privacy statement. When you use the Site after we change the “Last updated” date, it means you accept the changes.

Please contact us and/or our Data Protection Officer by mail, email, or telephone if you have any questions about this privacy policy or the information we hold about you.

Our contact details are shown below:

Canada contact details
Data Protection Officer
Email: privacy@maximuscanada.ca
Address: 716 Yates Street, Victoria, BC V8W 1L4

United Kingdom contact details
Data Protection Officer
Email: dataprotection@maximusuk.co.uk
Post: Data Protection Officer/Team, Maximus, Floor 6, Russell Square House, Russell Square, London WC1B 5EH

United States contact details
Phone: 1-833-953-3696
Email: privacy@maximus.com