PRIVACY NOTICE TO JOB APPLICANTS FROM CALIFORNIA, THE EUROPEAN ECONOMIC AREA AND THE UNITED KINGDOM REGARDING THE COLLECTION OF PERSONAL INFORMATION

Effective Date: April 12, 2023

Yellowbrick Data, Inc. (the “Company,” “us” or “we”) is committed to protecting the privacy and security of the personal information you provide to us. Please read this Job Applicant Privacy Notice (the “Privacy Notice”) to learn how we collect and process your personal information when you apply for a job or other role with us. As a job applicant, you have the right to know and understand the categories of personal information we collect about you, and the purposes for which we use such personal information, pursuant to the California Consumer Privacy Act of 2018 (the “CCPA”), the California Privacy Rights Act of 2023 (the “CPRA”), the General Data Protection Regulation (Regulation (EU) 2016/679) and the United Kingdom Data Protection Act 2018 (the “GDPR”), the United Kingdom General Data Protection Regulation (the “UK GDPR”). This Privacy Notice only applies to job applicants who are residents of the State of California, the European Economic Area (“EEA”) and the United Kingdom (“UK”). The Company does not sell or otherwise disclose this personal information for monetary or other consideration to any third parties.

TRANSFERRING YOUR PERSONAL INFORMATION TO OTHER COUNTRIES

The organisations with which we may share your personal information may be located in countries outside of the EEA or the UK that have not been granted an adequacy decision by the European Commission. We have put in place safeguards reasonably designed to ensure your personal information remains adequately protected when transferred, including on the terms of the European Commission standard contractual clauses.

Your personal information will be transferred to the United States. The United States has not received a finding of “adequacy” from the European Union under Article 45 of the General Data Protection Regulation (GDPR). Consequently, we rely on appropriate safeguards as set forth in GDPR Article 46 for the transfer of your personal information to the United States and, more specifically, through the Company’s group data transfer agreement.

For more information about appropriate safeguards as set forth in GDPR Article 46, please email alice.russell@yellowbrick.com

Categories of Personal Information Collected 

In each case as permitted by applicable law, we collect the following categories of personal information for the purposes described below:

• Personal identifiers, such as your name, preferred name, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, date of birth, and other similar identifiers.
• Personal Records, such as your signature, address, telephone number, education, employment or employment history. 
• Protected characteristics, such as minority, veteran and disability status, VISA status, through voluntary self-disclosure. Such information will only be collected as permitted by applicable law and will not be used to make hiring decisions.
• Internet or other similar network activity information, such as your IP address, log-in information or information regarding your interaction with a website, application or advertisement.
• Geolocation Data, such as IP addresses from which we can determine your general location.
• Sensory data, such as audio and visual information, for example if you use video interviewing as part of the application process. If you visit our facilities, your entry and exit may be monitored by CCTV.
• Professional or employment-related information, such as your work history, references, information about skills and abilities, accomplishments and awards, training and development information, performance evaluation information, and employment termination information.
• Education information, such as your education history, and other information included in your resume or cover letter.
• Inferences drawn from other personal information, such as a profile reflecting your preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities and aptitudes.
• Other: Job interview notes, responses to screening questions, assessment results, salary expectations, information available from your LinkedIn profile, and any other information you provide in connection with the recruitment process. We also collect legal and contractual information, such as information necessary to respond to law enforcement and governmental agency requests, comply with legal and contractual obligations, exercise legal and contractual rights, and initiate or respond to, or establish, exercise and defend, legal and contractual rights claims.

Sources of Personal Information

We collect personal information you voluntarily provide to us when you apply for a job or otherwise contact us in the recruitment context. If you are visiting our website or online job application, we may also automatically collect device information such as IP addresses and device identifiers.

We may also combine personal information collected from other sources with the personal information that you provide to us. For example, we may collect information from:

• Recruiters or recruiting platforms (e.g., Greenhouse)
• Prior employers (e.g., for references)
• Professional references you provide to us
• Educational institutions
• Pre-employment screening services
• Credentialing and licensing organizations
• Publicly available sources such as your social media profile (e.g., LinkedIn, Twitter and Facebook)
• Other sources as directed by you.

Use of Personal Information

We use the categories of personal information listed above for the following purposes:

• Process and manage your application: We use your personal information to process your job application, establish a job applicant profile for the recruitment process, assess your qualifications for a specific role with us, schedule and conduct interviews, communicate with you, and carry out background and reference checks (see the following bullet point for additional information). We may collect audio and visual information of job applicants through photographs used for identification purposes. With your consent, we may record video of you in connection with the application process, for example through a third party screening service. Additionally, if you are offered a position with us, we may use your personal information in the employee on-boarding process.
• Conduct reference and background checks (as permitted by applicable law):
   We use personal information we collect to conduct reference checks and to evaluate your qualifications and experience. We may also conduct background checks (as authorized by you and permitted by applicable law).
• Provide immigration support: If applicable and as permitted by applicable law, we may collect your personal information to assist with immigration support, such as applying for visas or work permits.
• Analyze and improve our recruitment process and tools: For example, we analyze trends in our applicant pool, and use personal information to understand and improve our recruitment process and tools (including improving diversity and inclusion).
• Record-keeping: We keep records of your personal information as required by law and in accordance with our record retention policies.
• Meeting legal requirements and enforcing legal terms: We collect and process your personal information for purposes of: fulfilling our legal obligations under applicable law, regulation, court order or other legal process, such as preventing, detecting and investigating security incidents and potentially illegal or prohibited activities; protecting the rights, property or safety of you, us or another party; enforcing any agreements with you; responding to claims; and resolving disputes. Additionally, we may use information about protected characteristics to analyze and monitor the diversity of our job applicants in accordance with applicable laws.

Disclosure of Personal Information

We may share your personal information as necessary for the purposes described in this Privacy Notice, including internally with our personnel involved in the hiring process. For example, we share your personal information with the following parties:

• Affiliates:  We may share your personal information with our affiliates.
• Service Providers:  We may use service providers to operate, host and facilitate our hiring and recruitment process.
• Government authorities and law enforcement:  In certain situations, we may be required to disclose Personal information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
• Business transfers:  Your personal information may be transferred to a third party if we undergo a merger, acquisition, bankruptcy or other transaction in which that third party assumes control of our business (in whole or in part).
• Professional advisors:  We may share your personal information with our professional advisors.
• Other:  We may also share your personal information with third parties in conjunction with any of the activities set forth under “Meeting legal requirements and enforcing legal terms” in the “Use of Personal Information” section above.

Job Applicants in the European Economic Area and the United Kingdom

Under the GDPR, if you are a job applicant in the UK or EEA, we are required to provide you with additional information about our processing of your personal information. Please note that the information in this section as well as the other sections of this Privacy Notice apply to you.

If you are a job applicant located in the UK or EEA, the Company is the controller of your personal information. As a data controller, the Company is responsible for ensuring that the Company’s processing of your personal information complies with the GDPR.

If you are accepted for a role at the Company, the information collected during the recruiting process will be processed in accordance with applicable law, including any Employee Privacy Notice, a copy of which will be provided when you are on-boarded as an employee if applicable.

Legal Basis for Processing your Personal Information

Our legal basis for collecting and processing your personal information for our legitimate interests (as described in “User of Personal Information” above) (and not overridden by your data protection interests or fundamental rights and freedoms) or as necessary to comply with a legal obligation that applies to us.

Rights of Access, Correction, Erasure, and Objection

It is important that the personal information we hold about you is accurate and current. Please keep us informed if your personal information changes during the recruitment process. By law, you may have the right to request access to, correct, and erase the personal information that we hold about you, or object to the processing of your personal information under certain circumstances. You may also have the right to request that we transfer your personal information to another party. If you would like to exercise any of these rights, please contact us at alice.russell@yellowbrick.com

We may request specific information from you to help us confirm your identity and your right to access, and to provide you with the personal information that we hold about you or make your requested changes. Applicable law may require us to refuse to provide you with access to some or all of the personal information that we hold about you, or we may have destroyed, erased, or anonymized your personal information in accordance with our record retention obligations and practices. If we cannot provide you with access to your personal information, we will inform you of the reasons why, subject to any legal or regulatory restrictions.

Cross-Border Data Transfers

Where permitted by applicable law, we may transfer the personal information we collect about you to the United States and other jurisdictions that may not be deemed to provide the same level of data protection as your home country for the purposes set out in this Privacy Notice. If you are located in the EU or UK, we have implemented the EU standard contractual clauses to secure the transfer of your personal information to the United States and other jurisdictions.

Data Retention

Except as otherwise permitted or required by applicable law or regulation, we will only retain your personal information for as long as necessary to fulfill the purposes we collected it for, as required to satisfy any legal, accounting, or reporting requirements, or as necessary to resolve disputes.

Under some circumstances we may anonymize your personal information so that it can no longer be associated with you. We reserve the right to use such anonymous and de-identified data for any legitimate business purpose without further notice to you or your consent.

If you are offered and accept employment with the Company, the personal information we collected during the application and recruitment process will become part of your employment record, and we may use it in connection with your employment consistent with our employee personal information policies.

If you do not become an employee, or, once you are no longer an employee of the Company, we will retain and securely destroy your personal information in accordance with our document retention policy and applicable laws and regulations. If you do not become an employee, we may still keep your application, together with other documents gathered in connection for your application, for a period of three years to allow us to consider you for other suitable openings within the Company in the future. If you would like to opt out from the Company’s policy of retaining your information for the purposes of considering you for other suitable openings, please email alice.russell@yellowbrick.com

Data Security 

We have implemented reasonably appropriate physical, technical, and organizational security measures designed to secure your personal information against accidental loss and unauthorized access, use, alteration, or disclosure. In addition, we limit access to personal information to those employees, agents, contractors, and other third parties that have a legitimate business need for such access.

Changes to This Privacy Notice

We reserve the right to update this Privacy Notice at any time, and we will provide you with a new Privacy Notice when we make any updates. If we would like to use your previously collected personal information for different purposes than those we notified you about at the time of collection, we will provide you with notice and, where required by law, seek your consent, before using your personal information for a new or unrelated purpose. We may process your personal information without your knowledge or consent only where required by applicable law or regulation.

Contact for Questions

If you have any questions or concerns regarding this Privacy Notice or the collection of your personal information, please contact: alice.russell@yellowbrick.com