Global Recruitment Privacy Notice

Last updated: 26 August 2024

1. Introduction

This privacy notice should be read together with the General Privacy Policy available here.

Personal data / personal information – all information related to you that we process. For example: first name, last name, e-mail address, telephone number, information about your education and professional experience, etc.

Processing – all activities performed in regard to your personal data. For example: collecting, retaining, or updating data, sending messages to you, deleting data.

In addition to this Global Recruitment Privacy Notice:

- if you are a California resident, please see here,

- for information specific to countries and regions where GlobalLogic operates, please see a relevant section under “VII. Local regulations” at the end of this document.

In case of any discrepancies between this Global Recruitment Privacy Notice and Section VII hereto (Local regulations), the latter shall prevail.

2. Information about GlobalLogic – the data controller

We are GlobalLogic, a Hitachi Group Company (“GlobalLogic”).

E-mail address for contact: privacy@globallogic.com

The data controller is the GlobalLogic company based in the country where the position you applied for is located – you can find company details, including post address, here. 

3. Scope of personal data we collect, the purpose and legal basis for processing that data

The scope of personal data we process depends on what information you provide in connection with your application, especially: name, surname, email, phone number, work experience and education. It includes the content of documents, information on how you submit them, your feedback on the recruitment process as well as the content of our possible further communication and conclusions from the recruitment process. Provision of all data is voluntary, but if you decide not to provide us with some of them, we might not be able to assess your application, and as a consequence you might be excluded from the recruitment process.

Our processing may also include information we collect directly or through a third party, such as a recruitment agency, e.g. if we are conducting background checks (including upon request of our clients or pursuant to a legal obligation) in order to verify your personal suitability for a certain position. Such information may include for example output of background checks, other information publicly available, internal notes further to your interview with us.

We process your personal data in line with applicable data privacy requirements including, when legally required, basing the processing on an appropriate legal basis. Such legal basis can be, for example, your consent, a legal obligation to which we are subject, or another legal basis as regulated by applicable laws.

The purposes for which we are processing your personal data are:

1. to assess your candidacy in respect of requirements for the position for which you have submitted your application, and/or for future recruitments for which a similar skill set and experience is required; this may also include a background check and the screening of relevant sanctions and restrictions lists;
2. to verify your identity;
3. to share your application with the Globallogic company that is best suited to consider your application and hire you;
4. if you meet the requirements for a position – to present you an offer of employment and to conclude a contract;
5. to demonstrate that the recruitment process is compliant with applicable laws;
6. to ensure safety of our property - we may introduce video monitoring (CCTV) in our offices, placing the cameras in places requiring special protection, including the entrances to offices and communication routes. Thus, if you visit our offices e.g. for an interview, we may process your image captured on the video recordings. The monitored areas are appropriately designated and the recordings are stored for the time necessary for operational purposes depending on local specifics (unless they constitute or may need to constitute evidence in legal proceedings, in such case we may keep them until the proceedings have been closed).

As we operate in an international environment, we may collect your residence, citizenship and nationality data for the following purposes:

1. to verify that you hold a residence permit entitling you to work in the territory in which we operate,
2. to prevent the establishment of relationships with individuals on sanction lists published by authorized national and international authorities,
3. to ensure compliance with applicable legal regulations, in particular US export control regulations (due to the fact that our technologies and deliverables, as well as certain of the products, including software source code, and technologies that we receive from our customers and suppliers, are subject to US export control regulations, as a company group with its headquarters in the United States, we must ensure that our global business operations are conducted in full conformance with the regulations).

Where legally allowed, some of the personal data provided by you, for example your name, surname contact address and feedback, may be used by us also for operational and marketing purposes, such as sending you thank you notes, seasonal greetings, satisfaction surveys, etc. or improve our recruitment process. 

We may also process your data for statistical purposes, in relation to defense against claims and to share your personal data with our group member companies listed here.

You may provide gender data to help us ensure diversity, equality, and inclusion (DEI) in our recruitment process. Analyzing this data helps us build diverse teams without discrimination, ensuring fair opportunities for all candidates. Our goal is to create an inclusive work environment where every candidate feels accepted, supported and free from any form of discrimination based on gender or any other characteristic. Furthermore, processing gender data is crucial in order to strengthen the principle of equal pay and transparency in compensation practices within our organization. 

4. Retention period

We will process your data for no more than 3 years, unless earlier you withdraw your consent or the purpose of data processing is fulfilled.

The exception to the above rule is when you are in the European Economic Area (EEA, including the EU), Switzerland, the UK, Uruguay, Peru, Colombia or Mexico and you decide to apply to a single vacancy only. In such case we will process your data for 6 months.

The above retention periods are counted from the last activity in your candidate profile: you applying to a vacancy, interview with you; presenting you with an offer and closing the recruitment process. 

If we hire you, we will continue retaining your data for the duration of the employment relationship and possibly thereafter in compliance with local laws, as described in the applicable Employee Privacy Notice.

The periods described above may be extended as appropriate in the event of any claims or court proceedings – for the duration of such proceedings and their settlement – and if the law obliges us in certain cases to process such data for a longer period of time.

5. Who has access to your personal data

GlobalLogic operates internationally and, therefore, personal data may be used in countries outside of your country, which may not have data protection regulations as stringent as those in your country. We will transfer your data to third countries only in accordance with applicable privacy laws. This includes in particular data transfers to countries in which GlobalLogic conducts business, or has a service provider, for the purposes set out in this document. 

GlobalLogic applies all required safeguards, including standard data protection clauses adopted pursuant to decisions of the European Commission or relevant data protection authorities, where needed. We may also transfer your data to a country that is deemed 'adequate' by the European Commission in relation to data protection pursuant to the GDPR. 

If you are based in Argentina, Chile, Peru, Israel or Ukraine – by taking part in our recruitment process you also consent to such data transfers. 

Access to your personal data will be given exclusively to appropriately authorized employees or associates of GlobalLogic, vendors, partners, consultant or auditors and only to the extent necessary to perform their responsibilities. Your data may be transferred, for example, to providers of hosting services or ICT services, other entities that provide to us technical or organizational assistance and support of our recruitment process, including communication with candidates (e.g. recruitment agencies) or distribution of invitations / documentation etc. (e.g. couriers). GlobalLogic may also be required – if there is a legal basis to do so – to provide certain information to public authorities, for purposes related to proceedings they are conducting.

Our staff may work directly with our clients, that is why our client may be also involved in the recruitment process. In the final stages of the recruitment process we may share your data with our clients who could potentially work with you in the future. 

6. Your rights related to processing of your personal data 

To exercise your rights please contact us at privacy@globallogic.com  or by other means as convenient for you. 

GlobalLogic respects all applicable privacy laws and your rights under the applicable legislation – in particular you can request that we delete your data or withdraw your consent for personal data processing. You can also opt-out of receiving marketing communication by using the “unsubscribe” link included in the emails we send you, or by contacting us as described below.

For more details on your rights please see below additional information for the residents of the particular countries and regions. 

Please note that we are legally obliged to confirm your identity before we can process your request, so you may be asked to provide some further information.

7. Local regulations 

ADDITIONAL INFORMATION FOR RESIDENTS OF ARGENTINA 

This section applies only to Argentine residents. GlobalLogic processes personal data in compliance with Argentine Personal Data Protection Law No. 25,326 (“PDPL”), Regulatory Decree No. 1558/2001 and the provisions and resolutions issued by the Argentine Agency of Access to Public Information (“AAAPI”).

Legal Basis for Our Processing of Your Personal Data

On top of the legal basis introduced in the main body of this notice (namely your consent or a legal obligation) we may also process your data for compliance with a scientific or professional relationship with you, provided that these are necessary for its development or fulfillment.

Data retention

You accept that GlobalLogic may retain your Personal Data for the periods mentioned in the main body of this notice and use it for other employment positions and offers than the one you applied for.

Your rights related to processing of your personal data 

You have the following rights:

1. Access to your personal data – you may ask us at any time to provide information regarding:
   • whether we are processing your personal data;
   • for what purpose;
   • what categories of data we are processing;
   • who is the recipient of your data;
   • what is the planned duration of processing (if possible), and if we are not able to say, the criteria for determining that duration;
   • if the personal data has not been given by you – all available information about the source of the data.

   You can also receive access to all of your personal data that we are processing (data copy).

2. Data rectification and update – if information about you is or has become inaccurate, incomplete or outdated, you have the right to demand that data is rectified, made complete, or updated. 
3. Consent withdrawal – you may withdraw your consent to the processing of your data at any time and it will not affect the lawfulness of processing based on consent before its withdrawal.
4. Data removal – in certain situations, the PDPL gives you the right to remove your data. You can invoke this right if we are still processing your personal data, particularly in, for instance, the following cases:
   • the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed; 
   • you withdrew consent to the processing of personal data and there is no other legal ground for continuing to process it;
   • your data is processed unlawfully;
   • the personal data have to be erased for compliance with a legal obligation.
5. Objection – you have the right to object to some operations we perform on your personal data for direct marketing purposes. Where you object to processing for direct marketing purposes, the personal data shall no longer be processed for such purposes. 
6. Complaints to the relevant public authority – the AAAPI, in its capacity as controlling authority of the PDPL, is entitled to deal with complaints placed in connection to the infringements of personal data protection rules. Of course we encourage you to first contact us at privacy@globallogic.com.

ADDITIONAL INFORMATION FOR RESIDENTS OF CHILE

This section applies only to Chilean residents whose data is processed by any GlobalLogic company. Personal data regulation is found mainly in Law No 19,628 on Privacy Protection (hereinafter, the “CLPPL”). 

Personal Data Processing

GlobalLogic group companies may treat your Personal Data only when permitted by the CLPPL or if you have provided us with a prior written authorization. You may revoke your authorization at any time in writing.

Your authorization is not needed if: (i) your Personal Data has been collected from public sources; or (ii) your Personal Data is being treated for the exclusive benefit of GlobalLogic group entities and their associates, for statistical or pricing purposes or in their general benefit.

Personal Data shall be treated only for the purposes for which it has been collected, unless it has been collected from public sources. 

Rights Under the CLPPL

You are entitled to the following rights under the CLPPL:

1. Access right – you may request GlobalLogic to provide you with information regarding:
   • Whether GlobalLogic is processing your Personal Data, which Personal Data are processing and for what purposes;
   • The sources from where GlobalLogic collected your Personal Data; and
   • Persons or entities to whom your Personal Data are being transferred.

   You may also request a copy of all of your Personal Data that GlobalLogic is processing.

2. Opposition request right - you may oppose to the use of your Personal Data for advertising, market research or opinion polls purposes.
3. Modification request right - in the event that any Personal Data collected by GlobalLogic are proven to be erroneous, inaccurate, misleading or incomplete, you are entitled to request the modification of such Personal Data. 
4. Deletion and blocking request right - you may request your Personal Data to be deleted if their storage lacks of legal grounds or if your Personal Data has expired. Moreover, you may also request the deletion or blocking of your Personal Data if such data have been voluntarily provided by you or your information is being used for commercial communications.
5. Free of charge copies – you are entitled to request a free of charge copy of your Personal Data or any modification or deletions made thereof. If new modifications or deletions are required, you may ask for an updated registry, free of charge, provided that the new modification or deletion has been requested by you six-months after your previous modification or deletion request.

To exercise any of the above mentioned rights please contact us at privacy@globallogic.com or by other means as convenient for you.

ADDITIONAL INFORMATION FOR RESIDENTS OF COLOMBIA

This section applies only to Colombian residents whose data is processed by any GlobalLogic company. Colombian Personal Data Law is found mainly in Law 1581 of 2012 and Decree 1074 of 2015 (hereinafter, the “CDPL”).

Legal Basis for our Processing of your Personal Data

GlobalLogic may process your Personal Data only when you have provided us with a prior, express, and informed authorization. You have the right to withdraw consent and to request your data to be deleted, unless there is a legal or contractual obligation to which we are subject to as a legal basis to process your data.

Your authorization is not needed if: (i) your Personal Data is public personal data; (ii) it is required for a medical emergency; and (iii) the processing is authorized by law for historical, scientific or statistical purposes.

Rights Under the CDPL

You are entitled to the following rights under the CDPL:

1. Access, update and rectify personal data. This right may be exercised, among others, against partial, inaccurate, incomplete, fractionated, or misleading data, or data processing of which  is expressly prohibited or has not been authorized. You have a right for free (i.e. without charge) access to your Personal Data, at least once (1) every month or every time there are substantial modifications to our Privacy Policy. 
2. Right to request the evidence of the authorization or consent given, except when authorization is not required for the processing. 
3. Right to be informed how we use your Personal Data. 
4. Right to revoke the consent or authorization you gave us.
5. Right to erasure.
6. Right to file complaints before the Superintendence of Industry and Commerce regarding breaches to the CDPL. Of course we encourage you to first contact us at privacy@globallogic.com.

Deadlines for responding 

• Deadlines for responding to requests

We will respond to your questions or requests (e.g., data access) within ten (10) working days. When it is not possible to provide an answer or response within such term, we will inform and explain to you the reasons for the delay and indicate the date on which the question or request will be addressed, but not later than five (5) business days following the expiration of the first term. 

• Deadlines for responding to claims 

We will address your claims (e.g., data deletion, data correction and consent withdrawal) within fifteen (15) business days. When it is not possible to provide an answer or response within such term, we will inform and explain to you the reasons for the delay and indicate the date on which the claim will be addressed, but not later than eight (8) business days following the expiration of the first term.

If the claim or the documentation is incomplete, we will ask you to provide us with the missing data within the five (5) business days after we received your claim. If you do not submit the documentation and information required within two (2) months following the date of the initial claim, we will consider that you waived the claim.

ADDITIONAL INFORMATION FOR RESIDENTS OF THE EUROPEAN ECONOMIC AREA (EEA, INCLUDING THE EUROPEAN UNION), SWITZERLAND AND THE UK

This section applies to the processing of personal data by a GlobalLogic group company that has its seat or establishment within the EEA (including the EU), Switzerland or the UK. In case of any doubts please contact us at privacy@globallogic.com.  

Joint Controllers

If you apply for a position or share data for the purpose of future openings located in several countries within the EEA, Switzerland or the UK, the GlobalLogic companies based in those countries will be processing your data as joint controllers – you can find company details here. If you apply for a position or share data for the purpose of future openings in the EEA, Switzerland or UK where a country location is not specified, GlobalLogic Poland Sp. z o.o. will be processing your data as joint controller together with the GlobalLogic company/ies that might be hiring you.

GlobalLogic companies have entered into an agreement that reflects their respective roles and relationships as joint controllers and determines their responsibilities for complying with their obligations under applicable data protection laws. A summary of the most important terms of that agreement will be made available to you upon your request.

Recruitment via third party (supplier, outsourcing/recruitment company, etc.) 

If we received your personal data from a third party that you work with or that you applied with, the name of that party will be specified in our email correspondence with you.  

The scope of data processed by GlobalLogic depends on the data you provided the third party with and includes, in particular, data identifying you, as well as information on your education, experience, professional qualifications, and conclusions from the recruitment process. 

In case you get involved in one of our projects via third party, we will also process data on your access to our buildings and systems, information about the project you are working on, your tasks and assessment of your work.

We may process some of your data (name, surname, email and the third party we got your data from) due to the contractual obligations towards that third party. 

Source of personal data 

We may also receive your personal data from our staff who may recommend you for a vacancy (“referral”).  In order to start a recruitment process, GlobalLogic will confirm if you consent to participate in it. If we do not receive confirmation within 5 business days, we will delete your data. Otherwise, we will store your personal data in line with retention periods specified in this notice. 

Who has access to your personal data?

If you were recommended as a referral, the person who recommended you may receive information on the stage of your recruitment process.

If our client is involved in your recruitment process, we will inform you each time before we transfer your data to them. If you do not agree, please object to our action immediately. Please note, however, that if you make such an objection, we will not be able to further process your application.

What is a legal basis of processing?

The legal basis for the processing of your personal data is your consent (Article 6(1)(a) GDPR/UK GDPR) and taking steps at the request of the data subject prior to entering into a contract with you (Article 6.1(b) GDPR/UK GDPR or the relevant provisions of national data protection legislation, such as § 26 (1) of the German Data Protection Act). 

In case we are processing your data for operational or marketing purposes, the legal basis for such processing is our legitimate interest (Article 6(1)(f) GDPR/UK GDPR) – maintaining our relationship and promoting GlobalLogic brand – or, where we have obtained  your explicit consent for processing your data for operational or marketing purposes, your consent (Article 6(1)(a) GDPR/UK GDPR).

Our legitimate interest (Article 6(1)(f) GDPR/UK GDPR) is also the legal basis for processing your personal data for statistical purposes, for defense against claims, for sharing your personal data with our group member companies and/or our clients involved in the recruitment process or due to contractual obligations towards third parties.

To ensure the best standards, each application is verified by our recruiter. Please note, that considering the need to handle many applications and our legitimate interest, as part of our recruitment process we use the OCR technology for more efficient introduction of applications to our system, followed by an internal search engine that allows us to find suitable applications. If you do not agree to such actions, please do not take part in our recruitment process.

The processing of your personal data for background checks and screenings of relevant sanctions and restrictions lists is based on our legal obligation (Article 6(1)c GDPR/UK GDPR) where we are legally obliged to run these checks or screenings. 

For residents of Northern Ireland, the processing of your personal data for the purposes of monitoring community background and gender background checks and providing returns to the Northern Ireland Equality Commission is based on our legal obligation (Article 6(1)c GDPR/UK GDPR) where we are legally obliged to undertake such monitoring.

In other cases, we process your personal data on basis of your consent (Article 6(1)(a) GDPR/UK GDPR) or legitimate interest (Article 6(1)(f) GDPR/UK GDPR) – ensuring the integrity, security and compliance of GlobalLogic and its group companies and business partners with their regulatory requirements (in particular due to the fact that each GlobalLogic company must comply with the requirements applicable to the capital group as a whole).

Where processing of your data is based on consent, we remind you that you can withdraw your consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal. If your data is processed on the ground of our legitimate interest, you have the right to object to such processing. 

You can find a description of your rights below.

How long do we process your personal data

As a rule, personal data will be processed:

• for the purposes of conclusion and performance of a contract – for the duration of the contract and its settlement;
• on the basis of our legitimate interest – until the objection to such processing or the fulfilment of the purpose for which the data has been processed;
• on the basis of your consent – until withdrawal of such consent or fulfilment of the purpose for which it was given;
• on the basis of legal obligation – for as long as is necessary to comply with the applicable legal obligations;

unless the law requires that we process such data for a longer period, or in case of potential claims, for such claim’s limitation period specified by law – whichever is longer. 

Your rights related to processing of your personal data 

You have the following rights:

1. Access to your personal data – you may ask us at any time to provide information regarding:
   • whether we are processing your personal data;
   • for what purpose;
   • what categories of data we are processing;
   • who is the recipient of your data;
   • what is the planned duration of processing (if possible), and if we are not able to say, the criteria for determining that duration;
   • if the personal data has not been given by you – all available information about the source of the data.

   You can also receive access to all of your personal data that we are processing (data copy).

2. Data rectification – if information about you is or has become inaccurate or incomplete, you have the right to demand that data is rectified or made complete. 
3. Consent withdrawal – you may withdraw your consent to the processing of your data at any time and it will not affect the lawfulness of processing based on consent before its withdrawal.
4. Data erasure – in certain situations, GDPR gives you the “right to be forgotten.” You can invoke this right where one of the following grounds applies:
   • the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed; 
   • you withdrew consent to the processing of personal data and there is no other legal ground for continuing to process it;
   • you object to the processing of your personal data when there are no overriding legitimate grounds for processing;
   • you object to the processing of your personal data for marketing purposes;
   • your data is processed unlawfully;
   • the personal data have to be erased for compliance with a legal obligation.
5. Restriction of processing – you can demand that we restrict our activities in principle only to storing information about you when:
   • you contest the accuracy of personal data we are processing – for a period of time that allows us to verify the accuracy of the personal data;
   • the processing of your personal data violates the law, but you prefer that processing be restricted rather than the data be erased;
   • GlobalLogic no longer needs your personal data for the purposes of processing, but you need it for the establishment, exercise or defence of legal claims;
   • you have objected to the processing of your personal data – only until such time as it is determined whether our legitimate grounds override yours.
6. Data portability – you have the right to receive your data in a structured, commonly-used and machine-readable format , and also to transmit your data to another data controller, if: 
   • the processing is based on your consent or on a contract; and
   • the processing is carried out by automated means.
7. Objection – you have the right to object to some operations we perform on your personal data on grounds related to your particular situation, particularly in the following cases: 
   • when our processing is based on our legitimate interest;
   • when we process your personal data for purposes related to scientific or historical research, or for statistical purposes.

   When despite of your objection we find that there are compelling legitimate grounds for the processing which override your interests, rights and freedoms, or basis for the establishment, exercise or defence of legal claims, we will continue to process data covered by the objection to the extent necessary. If you disagree with such an assessment of the situation, you can exercise your right to file a complaint with the relevant public authority (more information below).
   Where personal data are processed for direct marketing purposes, you have the right to object at any time to processing of your personal data for such marketing. Where you object to processing for direct marketing purposes, the personal data shall no longer be processed for such purposes. 

8. Complaints to the relevant public authority - in connection with our actions as the controller of your personal data, you are entitled to lodge a complaint to the relevant supervisory authority. You can find a list of local authorities responsible for data protection across the EU and their contact details at: https://edpb.europa.eu/about-edpb/board/members_en. The relevant public authority in the UK is the Information Commissioner’s Office https://ico.org.uk/global/contact-us/. The relevant public authority in Switzerland is the Federal Data Protection and Information Commissioner (FDPIC) https://www.edoeb.admin.ch/edoeb/en/home/the-fdpic/task.html. Of course, we encourage you to first contact us at privacy@globallogic.com. 
9. You can obtain a copy of the security measures we apply for the transfer of personal data to third countries by contacting us at privacy@globallogic.com.

ADDITIONAL INFORMATION FOR RESIDENTS OF INDIA

1. Personal Data or information as described in the overview section of this policy should be read as below:
2. Personal Information/Personal Data means any information that relates to a natural person, which, either directly or indirectly, in combination with other information available or likely to be available with a body corporate, is capable of identifying such person;
3. Sensitive Personal Data or Information includes information relating to password, financial information such as bank account, credit card etc., physical, psychological and mental health condition, sexual orientation, medical records and history, biometric information, any such details provided to body corporate for providing service or received by it for processing, stored and processed under lawful contract or otherwise. Sensitive personal data or information does not include any information freely available or accessible in public domain and/or information furnished under the Right to Information Act, 2005 or under any other prevalent law.
4. The information provider shall have the option of withdrawing/reviewing/amendment of the information provided. 
5. GlobalLogic India may collect/process sensitive personal data related to financial information such as payslips and bank statements if they are necessary for the background check purposes. In such case, where legally required GlobalLogic will obtain a consent in writing through letter, fax or email from the provider of ‘sensitive personal data or information’.
6. All data privacy matters are handled by the Grievance officer, Name and contact address: Diljeet Singh and Alok Malik grievance.privacyIndia@globallogic.com
7. GlobalLogic India Private Limited and GlobalLogic Technologies Private Limited are ISO 27001 certified.

ADDITIONAL INFORMATION FOR RESIDENTS OF ISRAEL

This section applies to residents of Israel and relates to the Israeli Privacy Protection Law 5741-1981 and the relevant regulations promulgated thereto on data transfer and data security. 

1. You have the right to review your personal information processed by us. To do so, please contact us at the following email address: privacy@globallogic.com. We are entitled to provide you with access to review your personal information at our offices. Your access may be subject to certain restrictions and we may redact certain information from the copy of the relevant files made available to you, for the protection of i) trade secrets and business information belonging to us and/or to any third party to which we have a contractual and/or statutory obligation of confidentiality, and ii) the privacy of any data subject. 
2. If, upon review of your personal information processed by us, you believe the personal information is inaccurate, incomplete, or incorrect, you may reach us at privacy@globallogic.com and request that the personal information be corrected or deleted. We reserve the right, after taking your request into consideration, to approve or deny your request in accordance with applicable laws and regulations. We will notify you of our decision, regardless of whether we choose to approve or deny it. 
3. As GlobalLogic operates worldwide, your data may be transferred outside of Israel and onward. This is done in line with applicable legal requirements, in a safe and transparent manner. By applying for any position at GlobalLogic, you consent to such data transfers.

ADDITIONAL INFORMATION FOR RESIDENTS OF JAPAN

This section applies to the personal data concerning Japanese residents processed by any GlobalLogic company. Please see here about GlobalLogic globally and in Japan. Personal data regulation is found mainly in the Act on the Protection of Personal Information (Act No. 57 of 2003, as amended, hereinafter, the “APPI”)

Your rights related to processing of your personal data

You have the right to make following requests on your personal data to GlobalLogic Japan, Ltd.:

1. Provision of the purpose of use of your personal data;
2. Disclosure of your personal data;
3. Correction, addition, or deletion of your personal data;
4. Suspension of use or erasure of your personal data; 
5. Suspension of provision of your personal data to a third party; and
6. Making any claim or complaint about the handling of your personal data.

Please contact us at the following email address: privacy@globallogic.com to make such request. Your access may be subject to certain restrictions and we may redact certain information from the copy of the relevant files made available to you, for the protection of i) trade secrets and business information belonging to us and/or to any third party to which we have a contractual and/or statutory obligation of confidentiality, and ii) the privacy of any data subject. We reserve the right, after taking your request into consideration, to approve or deny your request in accordance with applicable laws and regulations. We will notify you of our decision, regardless of whether we choose to approve or deny it.

Safeguarding Measures

We have implemented the following measures to prevent unauthorized access to the  personal data as well as the loss, falsification, compromise or other issue of the  personal data.

1. Establishment of Basic Policy - We have established a basic policy to ensure the proper handling of personal data as an organization.
2. Internal Rules for Handling Personal Data - We have established internal rules for the handling of personal data that stipulate handling methods, responsible persons, and their duties at each stage of acquisition, use, storage, provision, deletion, disposal, etc.
3. Organizational Safety Control Measures – We appoint a person responsible for the handling of personal data, clarified the responsibilities of that person, and is operating in accordance with the rules and regulations concerning the handling of personal data. We establish a system for reporting to and communicating with the responsible person when we become aware of a fact or indication of a violation of the APPI or regulations. The status of the handling of personal data is regularly inspected or audited.
4. Personnel Safety Control Measures - We provide regular information security training to our employees to ensure proper handling of data.
5. Physical Security Control Measures - We control employee access to rooms and restrict the equipment, etc. that employees may bring into areas where personal data is handled. In addition, we take measures to prevent theft of equipment and electronic media that processes personal data, as well as encryption and password protection of personal data to prevent divulgence of personal data when carried. Furthermore, when deleting personal data or disposing of equipment, electronic media, etc., we have a procedure to properly complete such process by adopting measures by which deleted data cannot be easily restored.
6. Technical Security Control Measures - We implement appropriate access control on the information systems that process personal data and authentication of employees who use such systems by user IDs and passwords. We take measures to prevent compromise of information by continuously monitoring the security of our information systems.
7. Personal Data Protection outside Japan - We may process and store your personal data outside Japan, in other countries where GlobalLogic group operates, including in the EU and in the USA. We are aware of the systems for the protection of personal data in those countries and take necessary and appropriate measures for the secure management of personal data.

Shared use of Personal Data

We will share and jointly use the personal data among GlobalLogic companies as follows:

1. The personal data will be shared with and jointly used by GlobalLogic companies.
2. The information to be shared are First name, Last name, e-mail address, telephone number and information about your professional experience, etc.
3. The scope of GlobalLogic companies jointly using the personal data is GlobalLogic Inc., its parents, subsidiaries, and affiliated entities. Please see here about GlobalLogic globally.
4. The purpose of joint use of the personal data is for management and analysis, decision making, and other business purposes as well as those purposes described in the Section “How We Use Your Personal Data; The purpose of processing” of this Privacy Policy.

When there is any change in the matters described above, we will amend this Privacy Policy and make it public without delay.

ADDITIONAL INFORMATION FOR RESIDENTS OF MEXICO

This section applies only to Mexico Residents, GlobalLogic processes personal data in accordance with the Federal Law for the Protection of Personal Data in Possession of Private Parties ("LFPDPPP"), its Regulation of the Federal Law for the Protection of Personal Data in Possession of Private Parties ("RLFPDPPP") and its Privacy Policy Guidelines, hereinafter "Mexican data protection legislation". 

Category of personal data we collect, purpose and legal basis for its treatment/processing

In addition to the personal data disclosed in this section of the Privacy Policy and the Global Notice, we may collect the following categories of personal data:

• Identification and contact information
• Financial and patrimonial data
• Employment and academic data 

Please note that we may collect the following sensitive personal data:

• Health condition (past, present and future)
• Union membership

If GlobalLogic Mexico processes such sensitive personal data, we will ensure that we obtain this consent expressly and separately in writing and in accordance with applicable law. 

Purposes for which we use your personal information 

Based on the information set out in the section "Category of personal data we collect, purpose and legal basis for its treatment/processing" we remind you that the purposes marked with a), b), c), and d) are necessary for us to continue with the process, as mentioned in the first paragraph of that section. 

We also remind you that we may use your personal data for the following secondary purposes: 

• For operational and marketing purposes, such as sending thank you notes, holiday greetings, satisfaction surveys, etc.
• To be considered in future selection processes for available positions within the GlobalLogic group.

Candidates must ensure that they have the prior consent of the third parties from whom they provide us with their data. 

In addition, GlobalLogic may ask you to show original documentation and provide a copy of it as evidence to support the information you have provided.

For secondary purposes, you may object through the mechanisms established in the section "ARCO Rights and other Rights”.

Transfers of personal data

In terms of the last paragraph of the section "Who has access to your personal data", among the transfers we may make, the following require your consent: duly authorized partners, consultants or auditors and only to the extent necessary for the fulfillment of their responsibilities. 

Please note that GlobalLogic may transfer your personal data to holding companies, subsidiaries or affiliates under common control of GlobalLogic, or to a parent company or any company in the same group as GlobalLogic.

Also, GlobalLogic may transfer your personal data in accordance with the provisions of article 37 of the LFPDPPP. 

By accepting this Privacy Policy, you consent to the data transfers that require your consent. However, you may object to them at any time through the mechanisms established in the section "ARCO Rights and other Rights”.

ARCO and other rights

You, as the owner of your personal data, can exercise your rights of Access, Rectification, Cancellation and Opposition (known as "ARCO" rights), request the limitation to the use and disclosure of your personal data, oppose to secondary purposes, oppose to transfers that require your consent, revoke the consent you have given us to process your personal data. 

To exercise your rights and know the procedures to privacy@globallogic.com

Your request must contain, at least, the following information: a) name, address or other means to communicate you the answer; b) document proving your identity or your personality as representative of the holder of the personal data; c) clear description of the personal data in respect of which you wish to exercise a right and which right you wish to exercise; d) elements or documents that facilitate the location of the data; e) in case of requesting the right of rectification you must indicate the corresponding modifications to the personal data.

We will respond to your request within 20 working days from the date of receipt of your request. In the event that it is appropriate, we will make it effective within the following 15 working days.

It will be understood that we have given you access to your personal information when we make it available to you, regardless of the medium or format, as long as it is understandable. Before giving you access to your data, you will have to prove your identity, this is for your own security.

Updates to Recruitment Privacy Policy

We reserve the right to change the Recruitment Privacy Policy at any time and for any reason. The date the Policy was last revised will be indicated by the date set forth in "Last Updated" at the beginning of this document. We encourage you to be aware of updates and changes to this Policy by checking this date when you access our Sites.

Consent

You consent to the treatment of your personal data in the terms and for the purposes, including those not necessary, set forth in this Privacy Policy; as well as the transfers that require your consent.

By providing personal data of third parties, you warrant that you have obtained authorization from the third parties from whom you have provided personal data for GlobalLogic to process such data in the manner specified herein, and that you have communicated this Privacy Policy to such third parties.

ADDITIONAL INFORMATION FOR RESIDENTS OF PERU

This section applies only to Peruvian Residents, GlobalLogic processes personal data in accordance with the Personal Data Protection Law, Law 29733 (the “PDP Law”), its Regulation, approved by Supreme Decree 003-JUS-2013 (the “PDP Regulation”) and the applicable legislation in the Republic of Peru, hereinafter "Peruvian Data Protection Legislation", as amended. 

Personal Data Processing

GlobalLogic may process your Personal Data only: (i) when permitted by the Peruvian data protection legislation; and (ii) for the purposes duly informed to and consented (if applicable) by you. Where consent is granted, you may revoke your authorization at any time.

Your consent is not required for the data processing under article 14° of the PDP Law, including, but not limited to the processing of the essential personal data for the preparation, termination and performance of a contractual relationship (in this case, the recruitment and employment process carried out by us).

Provision of all data is voluntary, but certain personal information as detailed in this document is considered essential for the recruitment process. If you decide not to provide us with this essential personal data, we might not be able to assess your application, and as a consequence you might be excluded from the recruitment process.

If we have your consent, some of the personal data provided by you, for example your name, surname contact address and feedback, may be used by us also for operational and marketing purposes, such as sending you thank you notes, seasonal greetings, satisfaction surveys, etc. or improve our recruitment process. 

As our processing may include information we collect directly or through a third party, such as a recruitment agency, e.g. if we are conducting background checks, such collection of information, directly or through a third party, will only be done if said activity is allowed by local regulations and your consent is granted where applicable (including, but not limited to, credit reports, criminal reports and/or police reports).

We will process your data for the operational and marketing purposes and cross-border data transfers only with your consent.

Recruitment via third party (supplier, outsourcing/recruitment company, etc.) 

If we received your personal data from a third party that you work with or that you applied with, the name of that party will be specified in our email correspondence with you.  

The scope of data processed by GlobalLogic depends on the data you provided the third party with and includes, in particular, data identifying you, as well as information on your education, experience, professional qualifications, and conclusions from the recruitment process. 

In case you get involved in one of our projects via a third party, we will also process data on your access to our buildings and systems, information about the project you are working on, your tasks and assessment of your work.

We may process identification data (name, surname, email and the third party we got your data from) due to the contractual obligations towards that third party. 

Source of personal data 

We may also receive your personal data from our staff who may recommend you for a vacancy (‘referral’). In order to start a recruitment process, GlobalLogic will confirm if you consent to participate on it. If we do not receive confirmation within 5 business days, we will delete your data. Otherwise, we will store your personal data in line with retention periods specified in this notice. 

Your rights related to processing of your personal data 

You have the following rights under the Peruvian data protection legislation: 

• Right to be informed;  
• Right to access your personal data;
• Right to update your personal data;
• Right to include your personal data;
• Right to correct (rectify) your personal data; 
• Right to delete your personal data;
• Right to refuse to supply your personal data; 
• Right to object the processing of your personal data;
• Right to have your personal information processed objectively;
• Right to be protected;
• Right to compensation.

If you consider that your rights have been infringed by us because of any conduct or omission, or you presume any violation of the provisions of the Peruvian data protection legislation, you may file a complaint for Administrative Protection before the National Authority for the Protection of Personal Data, of the Ministry of Justice and Human Rights (Autoridad Nacional de Datos Personales), through the the Justice and Human Rights Ministry’s desk in Calle Scipión Llona N° 350, Miraflores, Lima, Peru. Of course we encourage you to first contact us at privacy@globallogic.com, we will try our best to help you.

ADDITIONAL INFORMATION FOR RESIDENTS OF UKRAINE

This section applies only to processing of personal data collected within the territory of Ukraine, specifically by a GlobalLogic group company (as a data controller) that has its seat or establishment in Ukraine.

Source of personal data 

We may also receive your personal data from our staff who may recommend you for a vacancy (“referral”).  In order to start a recruitment process, GlobalLogic will confirm if you consent to participate in it. If we do not receive confirmation within 5 business days, we will delete your data. Otherwise, we will store your personal data in line with retention periods specified in this notice. 

Who has access to your personal data?

If you were recommended as a referral, the person who recommended you may receive information on the stage of your recruitment process.

Privacy Rights. Within described processing, you have all rights of the data subject set by Art. 8 of the Law of Ukraine "On Personal Data Protection". Among other, you have the following rights:

1. Information on your personal data – you may ask us at any time to provide information regarding:
   • whether we are processing your personal data;
   • for what purpose;
   • sources of your data collection;
   • where we are processing your personal data;
   • what categories of data we are processing;
   • who is the recipient of your data and details of transfers;
   • whether we use automatic decision making and its mechanism if yes.
2. Access to your personal data – you can receive access to all of your personal data that we are processing (data copy).
3. Data rectification – if information about you is or has become inaccurate or incomplete, you have the right to demand that data is rectified or made complete. 
4. Consent withdrawal – you may withdraw your consent to the processing of your data at any time and it will not affect the lawfulness of processing based on consent before its withdrawal.
5. Data erasure – you may request deletion of your data if they are inaccurate or are processed unlawfully or as otherwise prescribed by law.
6. Restriction of processing – you can demand that we limit our activities regarding your personal data.
7. Objection – you have the right to object to some operations we perform on your personal data for special reasons related to your personal situation. When despite your objection we find that there are compelling legitimate grounds for the processing which override your interests, rights and freedoms, or basis for the establishment, exercise or defence of legal claims, we will continue to process data covered by the objection to the extent necessary. If you disagree with such an assessment of the situation, you can exercise your right to file a complaint with the relevant public authority (more information below).
8. Complaints to the relevant public authority – in connection with our actions as the controller of your personal data, you are entitled to lodge a complaint to the relevant supervisory authority or to the court. For Ukraine the supervisory authority is the Ukrainian Parliament Commissioner for Human Rights. You may find contacts of his office at https://www.ombudsman.gov.ua/. Of course we encourage you to first contact us at privacy@globallogic.com, we will try our best to help you.

International Data Transfers. As mentioned, GlobalLogic operates internationally and, therefore, personal data may be used in countries outside of the EU/EEA, which may not have data protection regulations as stringent as those in EEA. Providing to us your data you agree on their transfer outside Ukraine and the EEA. In any case, for such international transfers we ensure use of appropriate guarantees regarding non-interference to your personal and family life.

ADDITIONAL INFORMATION FOR RESIDENTS OF URUGUAY 

This section applies only to Uruguayan Residents. GlobalLogic processes personal data in compliance with Uruguayan Personal Data Protection Law, Law No. 18.331 and its Regulatory Decree No. 414/009, Articles 37 – 40 of Law No. 19.670 and its Regulatory Decree No. 64/020.

Data retention

You accept that GlobalLogic may retain your Personal Data for the periods mentioned in the main body of this notice and use it for other employment positions and offers than the one you applied for.

Your rights related to processing of your personal data

You may request information, access, rectify, update, include, request the elimination, or dispute

personal assessments derived from an automated processing of your personal data, by contacting us

at privacy@globallogic.com.

International Data Transfers. As mentioned, GlobalLogic operates internationally and, therefore, personal data may be used in countries outside of Uruguay, which may not have data protection regulations as stringent as those in Uruguay. Providing to us your data you agree on their transfer outside Uruguay. In any case, for such international transfers we ensure use of appropriate guarantees regarding non-interference to your personal and family life.