Your Privacy is Our Priority

(A) Our commitment: This Policy is provided to all our global job applicants (“Applicants”). The protection of personal data of our Applicants, as well as compliance with applicable data privacy laws, is of great importance to Gen.
(B) Purpose: This Policy provides information about: (i) the categories of personal data Gen collects about Applicants; (ii) the purpose, use, and processing of the personal data collected; (iii) data sharing; (iv) security; (v) data retention; (vi) your rights regarding data; (vii) our data protection officer; (viii) changes to the notice; and (ix) contact information.

Gen may collect the following categories of personal data from Applicants, to the extent legally permitted in the relevant jurisdiction:

• Your contact information including identifiers like your name, physical address, email address, telephone number, and other contact information;
• Your date of birth, place of birth, social security number, passport number, driver’s license, or other applicable personal identifiers;
• Your professional or employment-related information like a resume, CV, cover letter, current and previous work experiences, other relevant experiences, education information, transcripts, certifications, professional licenses, or other supporting information submitted with your application;
• Information received from in-person interviews or telephone interviews;
• Information related to opportunities you are looking for, compensation expectations, benefits, willingness to relocate, or other job-related preferences;
• Information regarding how you heard about the position you are applying for;
• Information received from third parties if applicable, including information received from references, background checks, credit checks, drug tests, criminal history checks, and information from recruiters and/or other vendors;
  
• Information related to veteran status, if applicable;
  
• Information related to demographics including information obtained in the application process such as gender identification, citizenship and/or nationality information, health or medical information, and racial or ethnic origin;
  
• Publicly available information, including online information regarding your educational and professional background, that we believe to be relevant to your application;
  
• Information related to any assessment testing you may take during the application process; and
  
• Information related to right to work information including immigration visas, work permits, work authorizations, and other applicable information.

In addition, Gen may collect the following categories of personal data (the "Pre-Hire Data"), to the extent legally permitted in the relevant jurisdiction, from Applicants after they have accepted an offer of employment from Gen (but have not yet started their employment):

• Information related to demographics including disability status, veteran status or military service, city and region of birth, preferred pronoun, marital status, and sexual orientation; and
• Preferred name and emergency contact details.

Note that the Pre-Hire Data will not be used during the assessment or hiring process, as it is only collected after an offer has been extended and accepted by an Applicant.

3.  Purpose and Legal Bases for the processing of your Personal Data

Gen will use and process your personal data in the course of your employment application and the recruitment process for the purposes of:

If you are offered and accept a position with Gen, the personal data collected will become part of your employment record.

If we determine that we need to process your Personal Data for additional purposes or that we need more data than we disclosed above, where appropriate, we will request that you provide your consent to such processing.

4.  Sources of your Personal Data

The primary source of personal data in this scenario is you – you provide your personal data as part of your application for a specific position within Gen and in the various documents that supplement it.

We will also collect your personal data from other sources as we conduct our due diligence into your suitability for the position, e.g. by checking publicly available sources or relevant third parties, to the extent legally permitted in the relevant jurisdiction, such as websites, registers, credit reporting agencies, former employers or social media. We may use a third party vendor to conduct these searches for us.

5.  Can you refuse the provision of your personal data?

We need to process your personal data in order to assess your suitability for the position you applied to, to make the decision about whether or not to offer you employment and to enter into the employment relationship with you. You are not obligated to disclose to us your personal data, however, such refusal may result in the impossibility of completing your application and our evaluation of the same, meaning we will not be able to consider you for the position and potentially make you an offer of employment.

6. Recipients of personal data

There are several situations in which Gen would transfer your personal data to other parties.

• To third parties: personal data of the applicants may be transferred to our IT service providers (e.g., providers of software or cloud solutions), administrative services providers (e.g., providers of archiving or shredding of documents, maintenance of printers and other technical equipment, providers of office supplies), specialized HR or general service providers, relevant state authorities, and courts.
• Within Gen: Gen is a global, multinational business. Therefore, personal data of its applicants for employment may be transferred among the various entities belonging to the Gen corporate group. This is done, in particular, for the purposes of conducting the evaluation and selection process, maintaining active recruiting overview, and other tasks and obligations arising from labor (employment) and legal regulations or Gen's legitimate interests (such as, for example, maintaining internal administration and operations).

Where the transfer of Personal Data to third parties is concerned, we require contractual obligations between Gen, and the third party related to data transfer. In case of the transfer of the Personal Data outside of your jurisdiction, we will only do so as legally permissible and with appropriate safeguards and additional measures as required by applicable laws. Some of these countries may not provide the same or adequate level of protection to personal data as is awarded under the law within your jurisdiction. Due to the fact that Gen operates as a global business, our service providers and Gen entities may be located anywhere in the world, but most likely within the territory of the US, EU and India. In any event, we use Binding Corporate Rules and Standard Contractual Clauses adopted by the European Commission in order to ensure a high level of protection to your Personal Data will be put in place to safeguard it.

7.  Data Security

Gen has put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorized way, altered, or disclosed. Gen limits access to your personal data to those employees, agents, contractors, and other third parties on a strict need-to-know basis. Third parties are contractually limited to processing your personal data on our instructions, and they are subject to a duty of confidentiality.

8.  Data Retention

Gen will retain your personal data for as long as is necessary to evaluate your job application and prepare your contract documentation and, if relevant, any documentation or filings that need to be submitted to public authorities by applicable law. Furthermore, we will also retain your personal data so that, in the event of a legal claim, we can show the grounds for the decision on your application, and that we have conducted the selection process in a fair and transparent manner.

If you are offered and accept a position with Gen, your personal data will become part of your employment record at Gen, and subject to the terms of our Employee Privacy Policy.

9. Your Rights Regarding the Data

Consistent with applicable law of your jurisdiction, you may have the right to:

• Request access to your personal data (commonly known as a "data subject access request" in the EU). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
• Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
• Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have exercised your right to object to processing (see below).
• Object to the processing of your personal data where we are relying on a legitimate interest and there is something about your situation that makes you want to object to processing on this ground. You also have the right to object where we are processing your personal data for direct marketing purposes.
• Request the restriction of processing of your personal data. This enables you to ask us to suspend the processing of personal data about you, for example if you want us to establish its accuracy or the reason for processing it.
• Not to be subjected to a decision based solely on automated processing, including profiling (e.g. automated processing of personal data to evaluate certain aspects about you), which produces legal effects concerning you or similarly significantly affects you unless it is:
  • necessary for entering into, or performance of, a contract between us; or
  • authorized by law (e.g. for the purposes of fraud or tax evasion); or
  • you provide your explicit consent.
• Request to export your personal data in a portable format - you can request a copy of your personal data in a machine-readable format. Please note that this applies only to personal data for which processing is carried out by automated means, such as processing of payroll.
• Withdraw your consent – where the processing of your personal data is based on consent; please see the description of purposes and applicable legal bases above to see what processing operations this covers. You can withdraw your consent at any time. This will not affect the lawfulness of processing based on your consent prior to your withdrawal of consent.
• Not to be discriminated against for the exercise of your rights under the applicable data protection legislation.
• Lodge a complaint with a supervisory authority - You can contact your local data protection authority and submit a complaint if you have concerns regarding your rights under local law.

If you want to exercise any of these rights, please contact us at nll_privacy@GenDigital.com.

When you submit a request for the exercise of your Personal Data, we will respond to your request within the deadline stipulated by the law of your jurisdiction.

10. Data Protection Officer

If you are in the EU and have any questions about this Policy or how we handle your personal data, please contact us in writing at nll_privacy@GenDigital.com. Additionally, you can also contact our Data Protection Officer at dpo@GenDigital.com.

You have the right to lodge a complaint directly with the data protection authority about how personal data is processed. Please find a link here with an overview of the relevant authorities.

Gen reserves the right to revise or modify this Policy. In addition, Gen may update this Policy to reflect changes to our data practices. Any revisions or modifications will become effective upon the posting of the revised Policy.

Please contact Gen Global Privacy Office at nll_privacy@GenDigital.com.