GitLab is committed to serving our customers and employing individuals with personal standards consistent with that of our values. This Code is designed to deter wrongdoing and to promote:
Our Code applies to all directors, officers, employees, and contractors of GitLab and its affiliates and subsidiaries. Agents and vendors of GitLab are also expected to read, understand, and abide by this Code.
This Code should help guide your conduct in the course of our business. Many of the principles described in this Code are general in nature, and the Code does not cover every situation that may arise. Use common sense and good judgment in applying this Code. If you have any questions about applying the Code, please seek guidance. Not all information regarding the conduct of our business is found in this Code. Please review the applicable policies and procedures in specific areas as they apply as found in our Team Handbook.
To maintain the highest standards of integrity, we must dedicate ourselves to complying with this Code, company policies and procedures, and applicable laws and regulations. Violations of this Code not only damage our company’s standing in the communities we serve–they may also be illegal. Team members involved in violating this Code will likely face negative consequences. GitLab will take the appropriate disciplinary action in response to each case, up to and including termination. In addition, team members involved may be subject to government fines or criminal or civil liability.
If you think this Code or any GitLab policy is being violated, or if you have an ethics question, you have several reporting options:
All reports (formal or informal) made to a GitLab supervisor, manager or executive should be promptly escalated to People Operations and the Legal team. GitLab will then review the report promptly and thoroughly to determine if an investigation is warranted.
Investigation Process If Legal has determined it appropriate, GitLab will promptly initiate an appropriate investigation into all possible violations of law and GitLab policy. The Senior Director of Legal Affairs will engage the HR Business Partner assigned to the business department to investigate the report(s), unless the complaint is against a member of the People Operations team, in which case the investigation will be conducted by the Legal team. If the report is made against a member of the executive team or if there are multiple complainants regarding the same individual and/or issue, outside counsel will be retained by Legal to conduct the investigation. If the complaint is made against a member of the Legal team, the Chief Culture Officer will lead the investigation.
GitLab expects all employees and contractors to cooperate in investigations fully and candidly.
Investigation Timeline GitLab will make all reasonable efforts to initiate an investigation into the allegation(s) and conclude the investigation in a timely fashion. Depending on the type of investigation the steps and timeline for each investigation will vary.
Investigation Findings The investigation findings will be reported back to the Senior Director of Legal Affairs. Based on the investigation findings, Legal will make a determination as to whether the allegation(s) were founded, unfounded or inconclusive. This determination will be documented in writing and made part of the investigation report. The determinations are as follows: * Violation Found. Where a violation of GitLab policies, workplace rules or law is found to have occurred, Legal will review the findings and make a recommendation for corrective action to the Chief Culture Officer and the executive leader of the accused's reporting line. Together the CCO, the business unit and Legal will determine the proper corrective action. If the accused is a member of the executive team then Legal will confer with the CEO, and where necessary, the Board of Directors. Once a corrective action has been determined, the accused will be notified of the finding and of the specific corrective actions to be taken. The accused employee's manager will also be notified if appropriate. No details about the nature or extent of disciplinary or corrective actions will be disclosed to the complainant(s) or witness(es) unless there is as compelling reason to do so (e.g., personal safety) * No Violation Found. In this situation, the complainant (if known) and the accused should be notified that GitLab investigated the allegation(s) and found that the evidence did not support the claim. * Inconclusive investigation. In some cases, the evidence may not conclusively indicate whether the allegation(s) was founded or unfounded. If such a situation occurs, the complainant (if known) and the accused will be notified that a thorough investigation has been conducted, but GitLab has been unable to establish the truth or falsity of the allegation(s). GitLab will take appropriate steps to ensure that the persons involved understand the requirements of GitLab's policies and applicable law, and that GitLab will monitor the situation to ensure compliance in the future.
How to Contact GitLab's 24-hour hotline:
GitLab has engaged Lighthouse Services to provide an anonymous ethics and compliance hotline for all team members. The purpose of the service is to insure that any team member wishing to submit a report anonymously can do so without the fear of retribution.
Reports may cover but are not limited to the following topics: Ethical violations, Wrongful Discharge, Unsafe Working Conditions, Internal Controls, Quality of Service, Vandalism and Sabotage, Sexual Harassment, Theft, Discrimination, Conduct Violations, Alcohol and Substance Abuse, Threats, Fraud, Bribery and Kickbacks, Conflict of Interest, Improper Conduct, Theft and Embezzlement, Violation of Company Policy, Violation of the Law, Misuse of Company Property, Falsification of Contract, Reports or Records.
Please note that the information provided by you may be the basis of an internal and/or external investigation into the issue you are reporting and your anonymity will be protected to the extent possible by law by Lighthouse. However, your identity may become known during the course of the investigation because of the information you have provided. Reports are submitted by Lighthouse to a company designee for investigation according to our company policies.
Lighthouse Services toll free number and other methods of reporting are available 24 hours a day, 7 days a week for use by team members.
Any employee or contractor who reports a violation will be treated with dignity and respect and will not be subjected to any form of discipline or retaliation for reporting in good faith. Retaliation against anyone who provides information or otherwise assists in an investigation or proceeding will be treated as a violation of this Code.
Having a diverse workforce–made up of team members who bring a wide variety of skills, abilities, experiences and perspectives–is essential to our success. We are committed to the principles of equal opportunity, inclusion, and respect. All employment-related decisions must be based on company needs, job requirements, and individual qualifications. Always take full advantage of what our team members have to offer; listen and be inclusive.
Report suspected discrimination right away and never retaliate against anyone who raises a good faith belief that unlawful discrimination has occurred. Employees and contractors should refer to the GitLab Anti-Harassment Policy for more information.
Every employee or contractor has a right to a work environment free from harassment, regardless of whether the harasser is a co-worker, supervisor, manager, customer, vendor, or visitor. Please refer to the GitLab Anti-Harassment Policy for more information. As is the case with any violation of the Code, you have a responsibility to report any harassing behavior or condition regardless of if you are directly involved or just a witness.
Our company is committed to following all applicable wage and hour laws and regulations. To help ensure that all work performed for GitLab is compensated correctly, team members compensated on the basis of hours worked must report and record time accurately. For more information on compensation, please refer to our Compensation Principles.
GitLab strives to maintain a workplace that is free from illegal use, possession, sale, or distribution of alcohol or controlled substances. Legal or illegal substances shall not be used in a manner that impairs a person’s performance of assigned tasks. This will help to maintain the efficient and effective operation of the business, and to ensure customers receive the proper service. GitLab team members must also adhere the local laws of where they reside and where they travel to, including the GitLab Summit.
GitLab respects the confidentiality of the personal information of employees and contractors. This includes employee and contractor medical and personnel records. All team members records are kept in BambooHR. Team members have self service access to their profile. Where available, documents and information are shared with the team member within the platform. If the team member would like to view their entire profile from the admin view, please schedule a call with People Operations to walk through a screen share or request screenshots to be sent to your personal email address. Access to personal information is only authorized when there is a legitimate and lawful reason, and access is only granted to appropriate personnel. Requests for confidential employee or contractor information from anyone outside our company under any circumstances must be approved in accordance with applicable laws. It is important to remember, however, that employees and contractors should have no expectation of privacy with regard to normal course workplace communication or any personal property used for GitLab business.
If there is no requirement within someone's job description to be public-facing, then team members can opt-out of any public exposure. Team members can opt-out of being added to the team page or what content about them is shown on the team page and can use either only their initials or an alias if desired. Since GitLab publishes much of our content, including video calls and meetings, the only way to ensure no unwanted exposure from these videos is to have video turned off and initials or an alias added to the Zoom profile name whenever a call is being recorded. Zoom shows whether a call is being recorded at the top right of the video screen, and team members are always encouraged to ask if a video will be shared or not. For any GitLab livestreams through YouTube, a team member can watch and comment through YouTube instead of through the internal video call. Any questions can be sent directly to our People Ops and Legal teams.
In carrying out GitLab’s business, team members often learn confidential or proprietary information about our company, its customers, prospective customers, or other third parties. Team members must maintain the confidentiality of all information entrusted to them, except when disclosure is authorized or legally mandated.
Confidential or proprietary information includes:
GitLab’s confidentiality provisions can be found in the employee and contractor templates, but these may vary from what you agreed to at the time of your contract. For specific information about your obligations regarding confidentiality, please reference your contract.
All employees and contractors must protect our company assets, such as equipment, inventory, supplies, cash, and information. Treat company assets with the same care you would if they were your own. No employee or contractor may commit theft, fraud or embezzlement, or misuse company property.
The Gitlab Internal Acceptable Use Policy specifies requirements related to the use of GitLab computing resources and data assets by GitLab team members so as to protect our customers, team members, contractors, company, and other partners from harm caused by both deliberate and inadvertent misuse. Our intention in publishing this policy is not to impose restrictions but outline information security guidelines intended to protect GitLab assets.
Our company uses global electronic communications and resources as routine parts of our business activities. It is essential that electronic resources used to perform company business are protected to ensure that these resources are accessible for business purposes and operated in a cost-effective manner, that our company’s reputation is protected, and that we minimize the potential for legal risk.
In addition to following the Social Media Guidelines, when utilizing social media think about the effect of statements that you make. Keep in mind that these transmissions are permanent and easily transferable, and can affect our company’s reputation and relationships with team members and customers. When using social media tools like blogs, Facebook, Twitter or wikis, ensure that you do not make comments on behalf of GitLab without proper authorization. Also, you must not disclose our company’s confidential or proprietary information about our business, our suppliers, or our customers.
We take the protection of privacy for our customer’s, consumer’s, and other third parties that have entrusted us with information very seriously. Customer or third party information includes any information about a specific customer/third party, including such things as name, address, phone numbers, financial information, etc.
If you do not have a business reason to access this information, you should not do so. If you do, you must also take steps to protect the information against unauthorized use or release in line with our Security Best Practices.
Our intellectual property is among our most valuable assets. Intellectual property refers to creations of the human mind that are protected by various national laws and international treaties. Intellectual property includes copyrights, patents, trademarks, trade secrets, design rights, logos, expertise, and other intangible industrial or commercial property. We must protect and, when appropriate, enforce our intellectual property rights. We also respect the intellectual property belonging to third parties. It is our policy to not knowingly infringe upon the intellectual property rights of others.
Assignment of intellectual property is addressed in the employee and contractor templates, but these may vary from what you agreed to at the time of your contract. For specific information about your obligations regarding intellectual property rights and obligations, please reference your contract.
All directors, officers, employees, and contractors must comply with antitrust and competition laws which prohibit collusive or unfair business behavior that restricts free competition. These laws are quite complicated, and failure to adhere to these laws could result in significant penalties imposed on both GitLab and the employees and/or contractors who violated the law.
Unlawful behavior examples: enter agreements with competitors to fix prices, bid rigging, terms of sale, production output, divide markets or customers, attempts to discriminate in prices or terms of sale among our customers, otherwise restrict the freedom of our customers to compete, and refusing to deal with certain customers or competitors.
Such laws prohibit efforts and actions to restrain or limit competition between companies that otherwise would be competing for business in the marketplace. You must be particularly careful when you interact with any employees or contractors or representatives of GitLab’s competitors, especially at trade association meetings or other industry or trade events where competitors may interact. Under no circumstances should you discuss customers, prospects, pricing, or other business terms with any employees or contractors or representatives of our competitors. If you are not careful, you could find that you have violated antitrust and competition laws if you discuss or make an agreement with a competitor regarding:
Depending on business justification and effect on competition, other practices not involving competitors may also result in civil violations of the antitrust and competition laws. These practices include:
We engage in open and fair procurement activities regardless of nationality or the size of the transaction. Suppliers are selected on a competitive basis based on total value, which includes quality, suitability, performance, service, technology, and price. We strive toward establishing mutually beneficial relationships with our suppliers based on close cooperation and open communication. Terms and conditions defining our relationship with suppliers are communicated early in the supplier selection process. Any agreements to such terms and conditions, or any acceptable modifications, are reached before work begins.
It is our responsibility to accurately represent GitLab and our products in our marketing, advertising, and sales materials. Deliberately misleading messages, omissions of important facts or false claims about our products, individuals, competitors or their products, services, or employees or contractors are inconsistent with our values. Sometimes it is necessary to make comparisons between our products and our competitors. When we do, we will make factual and accurate statements that can be easily verified or reasonably relied upon.
Gathering information about our competitors, often called competitive intelligence, is a legitimate business practice. Doing so helps us stay competitive in the marketplace; however, we must never use any illegal or unethical means to get information about other companies.
Legitimate sources of competitive information include:
When working with consultants, vendors, and other partners, ensure that they understand and follow GitLab policy on gathering competitive information.
Money laundering is a global problem with far-reaching and serious consequences. Money laundering is defined as the process of converting illegal proceeds so that funds are made to appear legitimate, and it is not limited to cash transactions.
Complex commercial transactions may hide financing for criminal activity such as terrorism, illegal narcotics trade, bribery, and fraud. Involvement in such activities undermines our integrity, damages our reputation and can expose GitLab and individuals to severe sanctions.
Our company forbids knowingly engaging in transactions that facilitate money laundering or result in unlawful diversion. Anti-money laundering laws require transparency of payments and the identity of all parties to transactions. We are committed to full compliance with anti-money laundering laws throughout the world and will conduct business only with reputable customers involved in legitimate business activities and transactions.
We believe in doing business with third parties that embrace and demonstrate high principles of ethical business behavior. We rely on suppliers, contractors, and consultants to help us accomplish our goals. They are part of the GitLab team and should be treated according to our values. To create an environment where our suppliers and consultants have an incentive to work with GitLab, they must be confident that they will be treated in an ethical manner. We offer fair opportunities for prospective third parties to compete for our business. The manner in which we select our suppliers and the character of the suppliers we select reflect on the way we conduct business.
Globally, many countries have laws that prohibit bribery, kickbacks, and other improper payments. No GitLab employee, contractor, officer, agent, or vendor acting on our behalf may offer or provide bribes or other improper benefits in order to obtain business or an unfair advantage. You must avoid participating in commercial bribery and kickbacks, or even the appearance of it, in all of our business dealings. Even in locations where such activity may not, technically speaking, be illegal, it is absolutely prohibited by our company policy.
Modest gifts, favors, and entertainment are often used to strengthen business relationships. However, no gift, favor, or entertainment should be accepted or given if it obligates, or appears to obligate, the recipient, or if it might be perceived as an attempt to influence fair judgment.
In general, unless you have supervisory approval you should not provide any gift or entertainment to customers, suppliers, or others that you would not be able to accept from a customer, supplier, or other applicable parties.
All directors, executives, and anyone else in the company participating in vendor selection, must disclose all gifts and entertainment valuing over US$250 for the six months prior to the vendor selection and during the term of the services and for a period of twelve months after services have been completed. The disclosure shall be made to the Legal department, and shall include the value of the gift or entertainment, the individual or company providing the gift, favor, or entertainment, and the date on which it was received. If you have any questions relating to this section, feel free to contact the Legal department.
We comply with all import and export laws and regulations in countries in which we operate. These laws restrict transfers, exports, and sales of products or technical data to certain prescribed countries and persons as well as re-export of certain such items from one location to another.
If you are involved in importing and exporting goods and data, you are responsible for knowing and following these laws. We do not cooperate with foreign boycotts that are not approved by the respective government. If you receive a request related to any boycott, contact the Legal department and do not respond to the request.
Certain laws prohibit transactions with persons or entities that have violated export-related laws or are believed to pose a threat to national security. Additionally, doing business with certain countries may result in imposed economic sanctions. We must perform due diligence before any transaction that has an international element to determine whether such parties are on a restricted list.
We must ensure all statements and representation to government procurement officials are accurate and truthful, including costs and other financial data. If your assignment directly involves the government or if you are responsible for someone working with the government on behalf of GitLab, be alert to the special rules and regulations applicable to our government customers. Additional steps should be taken to understand and comply with these requirements.
Any conduct that could appear improper should be avoided when dealing with government officials and employees or contractors. Payments, gifts, or other favors given to a government official or employee are strictly prohibited as it may appear to be a means of influence or a bribe. Failure to avoid these activities may expose the government agency, the government employee, our company, and you to substantial fines and penalties.
Accurate and reliable records are crucial to our business. Records will be maintained accurately to:
GitLab records include:
There is never a reason to make false or misleading entries. Undisclosed or unrecorded funds, payments, or receipts are inconsistent with our business practices and are prohibited.
Our records are our corporate memory, providing evidence of actions and decisions and containing data and information critical to the continuity of our business.
Records consist of all forms of information created or received by GitLab, whether originals or copies, regardless of media. Examples of company records include:
We are responsible for properly labeling and carefully handling confidential, sensitive, and proprietary information and securing it when not in use. We do not destroy official company documents or records before the retention time expires, but do destroy documents when they no longer have useful business purpose.
We have an obligation to make sound business decisions in the best interests of GitLab without the influence of personal interests or gain. Our company requires you to avoid any conflict, or even the appearance of a conflict, between your personal interests and the interests of our company.
A conflict exists when your interests, duties, obligations or activities, or those of a family member are, or may be, in conflict or incompatible with the interests of GitLab. Conflicts of interest expose our personal judgment and that of our company to increased scrutiny and criticism and can undermine our credibility and the trust that others place in us.
Should any business or personal conflict of interest arise, or even appear to arise, you should disclose it immediately to leadership for review. In some instances, disclosure may not be sufficient and we may require that the conduct be stopped or that actions taken be reversed where possible. As it is impossible to describe every potential conflict, we rely on you to exercise sound judgment, to seek advice when appropriate, and to adhere to the highest standards of integrity.
GitLab employees and contractors are not authorized to speak with the media, investors, and analysts on behalf of our company unless authorized by our Marketing department. Unless authorized, do not give the impression that you are speaking on behalf of GitLab in any communication that may become public. This includes posts to online forums, social media sites, blogs, chat rooms, and bulletin boards. This policy also applies to comments to journalists about specific matters that relate to our businesses, as well as letters to the editor and endorsements of products or services.
We pride ourselves on being a company that operates with integrity, makes good choices, and does the right thing in every aspect of our business. We will continually challenge ourselves to define what being a responsible company means to us, and work to translate our definition into behavior and improvements at GitLab. We seek to align our social and environmental efforts with our business goals and continue to develop both qualitative and quantitative metrics to assess our progress.
You may support the political process through personal contributions or by volunteering your personal time to the candidates or organizations of your choice. These activities, however, must not be conducted on company time or involve the use of any company resources. You may not make or commit to political contributions on behalf of GitLab.
We support community development throughout the world. GitLab employees or contractors may contribute to these efforts, or may choose to contribute to organizations of their own choice. However, as with political activities, you may not use company resources to personally support charitable or other non-profit institutions not specifically sanctioned or supported by our company. You should consult the Legal department if you have questions about permissible use of company resources.
We are committed to upholding fundamental human rights and believe that all human beings around the world should be treated with dignity, fairness, and respect. Our company will only engage suppliers and direct contractors who demonstrate a serious commitment to the health and safety of their workers, and operate in compliance with human rights laws. GitLab does not use or condone the use of slave labor or human trafficking, denounces any degrading treatment of individuals or unsafe working condition, and supports our products being free of conflict minerals.
Team members will review and sign the Code of Business Conduct & Ethics Acknowledgment Form during onboarding as well as annually during the Global Compensation Annual Review cycle.
All of the policies listed below are important for GitLabbers to read and understand as they deal with people benefits, procedures, and requirements of the company. If you have any questions around the internal policies, please reach out to People Operations.
In keeping with our values of freedom, efficiency, transparency, kindness, and boring solutions, we have crafted the following protocol around sick leave for all GitLabbers.
Details for specific groups of GitLabbers
If you have been injured at work, please contact People Operations to determine what your benefits are.
GitLab is committed to protecting the position rights of team members absent on military leave. No team member or prospective team member will be subjected to any form of discrimination on the basis of membership in or obligation to perform service for any of the uniformed services of their country of residency. If any team member believes that he or she has been subjected to discrimination in violation of this policy, immediately contact People Operations for assistance. For any questions about how to initiate a military leave, please contact People Operations.
GitLab is committed to a policy of employment and advancement based on qualifications and merit and does not discriminate in favor of or in opposition to the employment of significant others or relatives. Due to the potential for perceived or actual conflicts, such as favoritism or personal conflicts from outside the work environment, which can be carried into the daily working relationship, GitLab will hire or consider other employment actions concerning significant others and/or relatives of persons currently employed or contracted only if: a) candidates for employment will not be working directly for or supervising a significant other or relative, b) candidates for employment will not occupy a position in which they may be privy to confidential, highly sensitive information that the significant other or relative should not have access to, and c) candidates for employment will not occupy a position in the same line of authority in which employees can initiate or participate in decisions involving a direct benefit to the significant other or relative. Such decisions include hiring, retention, transfer, promotion, wages, and leave requests.
This policy applies to all current employees and candidates for employment.
If your permanent address is changing, notify People Operations of the new address before the pay cycle of the move. The best way to do this is by logging in to BambooHR and changing your address under the Personal tab. This triggers a message to the BambooHR admin to review the change and "accept" it.
If you are going to spend six months or more in one location this will be considered as a relocation and your compensation will be evaluated based on the new metro region.
GitLab supports team members who wish to continue their education and growth within their professional career. If you are a full-time GitLabber and have been employed for more than three months, you are eligible to participate in this program. To be eligible for reimbursement, courses must be a requirement of a degree or certification program and delivered through a credentialed college or university.
GitLabbers are eligible for a reimbursement of up to 4,000 USD per calendar year (January 1st - December 31st). There is no limit to the number of years a team member can participate in the program. Courses eligible for reimbursement include for credit classes resulting in a grade (not pass/fail), courses providing continuing education credits, and/or courses taken as part of a certification program. You must earn a passing grade equivalent to a “B” or obtain a successful completion certification to submit for reimbursement. The program will cover only the tuition and enrollment related fees. Additional fees related to parking, books, supplies, technology, or administrative charges are not covered as part of the program. Tuition will be validated by receipt of payment. A description of the course(s) and degree or certification program along with a final grade report or satisfactory certificate of completion are required to receive reimbursement.
To receive tuition reimbursement, GitLabbers should follow the following process:
In some countries, tuition reimbursement may be considered as taxable income. Please reach out to your tax professional for clarification.
Any questions or concerns? Please feel free to speak with anyone in People Ops.
GitLab is concerned about the safety of its employees and about maintaining appropriate controls to ensure that assets of GitLab and our customer relationships and information are protected. To reduce these risks, GitLab will obtain and review background information of covered prospective, and, as applicable, current employees.
All candidates for employment with GitLab to whom conditional offers have been made must undergo a background screen according to this policy as part of the employment screening process. All contracts will state that employment is subject to obtaining results from an approved background screen that are satisfactory to GitLab.
In the event the background check is not available at the time of hire (switching vendors or delays in processing), GitLab will run the background check as soon as possible. The same adjudication guidelines will apply to current employees as they do with prospective employees. The results will be reviewed by People Operations and Legal to determine if the results warrant any adverse action, which could include termination of employment.
We have contracted with Sterling Talent Solutions to perform these background checks, which will cover criminal history for the last 7 years and employment history for the last 5 years and/or the three most recent employers. GitLab may use the returned background check information to make decisions regarding employment; therefore, the employment of team members is contingent upon a successful completion of the background check, per language in the contract. For certain positions where the candidates financial history is relevant to the position, we may also run a check in the federal database for any financial related offenses.
Candidates/employees will receive an email to fill out the background check application following the completion of their contract. The application process includes signing a disclosure and a consent form which explains the rights of an individual undergoing a background examination. The application process is designed to take less than fifteen minutes to complete. People Operations will initiate all background screens.
To prepare for the employment verification, candidates should gather each previous employer's name and address, position title held, employment start and end dates, manager’s name and title, their phone number, and email address. Details for a Human Resources contact can be entered instead of a manager's contact details.
Occasionally, Sterling will reach out to the candidate to retrieve additional information, such as backup documentation to act as proof of previous employment or picture IDs. Proof of employment can typically be provided in various ways, such as tax returns (e.g. W2s), pay stubs, LLC documentation, official company registrations, etc.
Background checks will act as an additional mechanism of transparency and will help to build trust with our clients.
Once the background check is completed, People Operations will review the report and determine if any negative information has a direct connection with an applicant’s ability to fulfill the employee’s duties with competence and integrity. Matters that might raise a concern include but are not limited to: criminal history, recent felony convictions, theft, violent crimes, drug related crimes, and sex offenses. In addition, the report should be carefully reviewed for any omissions or inaccuracies contained in the employment application or made during the interview process.
Step 1: Disclosure and Authorization
The applicant must give the employer consent to have a third party service conduct a background check. The Disclosure and Authorization form can be presented to the applicant at the time he/she completes the employment application form. The form should grant the employer permission to conduct an initial background check (and, subject to state law, subsequent background checks if the applicant is hired) utilizing a third party service. Also, a “Summary Of Your Rights Under The Fair Credit Reporting Act” should be enclosed with the consent and disclosure form. For New York applicants, a copy of Article 23-A of the Correctional Law also should be enclosed and any other relevant state summary of rights.
The background investigation cannot be lawfully conducted without a signed Disclosure and Authorization form. Applicants can be advised that they will not be considered for employment without submitting the signed form. Equally for current team members, they can be advised that their employment may be impacted if they do not consent to the background check.
Step 2: Pre-Adverse Action: Notify the Applicant of Negative Report BEFORE Adverse Action is taken
If the consumer reporting agency reports information which may be used, in whole or in part as a basis for an adverse employment action (e.g., rescinding a conditional offer of employment), the applicant must receive notification before a final decision is made to deny employment. As a result, the employer must provide a copy of the consumer report, a pre-adverse action letter, and another copy of the FCRA notice of rights (and for New York applicants, the Article 23-A notice). The applicant shall also receive any applicable state rights as required.
If the disqualification decision is not based on a misrepresentation or omission in the employment application, it is a best practice to discuss the potentially disqualifying information with the individual prior to issuing the pre-adverse action notice. This practice supports the individual job-related nature of any disqualification decision.
Step 3: Wait for a Reasonable Period of Time to Find Out What, if Any, Explanation is Offered by the Applicant
If the applicant does not respond at all to the notification within a reasonable period of time (5 days), the employer may proceed with its decision to rescind the conditional offer. If the applicant responds, the employer should carefully consider the information submitted and then make a decision. If the explanation is reasonable under the circumstances, then it may still be possible to go forward with the new hire (e.g., a case of mistaken identity). However, if the applicant's explanation is determined to be insufficient, then the employer should proceed to the next step.
Step 4: Notify Applicant of Adverse Action
The employer must provide the applicant with written notice of the adverse action and the name, address, and telephone number of the consumer reporting agency. The Adverse Action Notice form should be sent along with the federal summary of rights and any applicable state summary of rights. The notice includes a statutorily required statement that the consumer reporting agency did not make the decision and does not know why the decision was made should be included as well as a notice of the applicant's right to obtain the report and dispute the information.
Step 5: Maintain Documentation
For all adverse decisions, document each step taken. Keep copies of all consent and disclosure forms and other documentation sent to the applicant in the event the company has to defend its decision at some later point.
All documents related to the background check process must be retained for at least five years.
GitLab will adhere to all equal employment laws. When reviewing any criminal record information that appears on a background check, the company shall factor in any known factors relating to:
Finance team members only will be required to participate in a federal check through Sterling, which searches for any tax-related or financial offenses.
US Candidates Only
US Candidates Only
Non-US Candidates Only
Internationaland select both Employment Verification (U.S. & International) and International Criminal Search, then click Add.
When a team member is absent from work for three consecutive workdays, there is no entry on the availability calendar for time off, and fails to contact his or her supervisor, they can be terminated for job abandonment unless otherwise required by law. If a manager is unable to reach an employee via email or slack within a 24 hour period they should contact their HR Business Partner. The HR Business partner will access the employees information to obtain additional contact methods and numbers. The manager and HR Business Partner will create an action plan to make all attempts to contact the employee.