Re: Candidate Privacy Notice

Effective as of: September 19, 2023

Neocortext Inc. (d/b/a Reface) is a “controller” in relation to personal data. This means that we are responsible for deciding how we hold and use personal information about you. You are being sent a copy of this privacy notice (the “Privacy Notice”) because you are applying for work with us (whether as an employee or independent contractor). It makes you aware of how and why your personal data will be used, namely for the purposes of the recruitment exercise, and how long it will usually be retained for. It also provides you with certain information that must be provided under applicable regulations.

By sending us your personal information as a candidate to open job applications, at Reface careers page via https://reface.breezy.hr/ (the “Site”) and/or through third-party websites, agencies or recruiters, you agree to this Privacy Notice, and you consent to allow us to process your personal data according to this Privacy Notice.

Please note that this Privacy Notice only addresses activities of Reface and/or its affiliates and does not govern the collection and use of information by its third-party agencies or recruiters on your behalf. When Reface is acting as a “processor”, use of information collected by Reface shall be limited to the purpose of receiving services for which third-party agencies or recruiters have been engaged.

Content

1.Data protection principles

2.Personal Data We Collect

3.How We Use Personal Data

4.How We Disclose Personal Data

5.Retention of Personal Data

6.Your Privacy Choices and Rights

7.Security of Your Personal Data

8.Children’s Personal Data

9.International Data Transfers

10.Third-Party Websites

11.Supervisory Authority

12.Contact Us

1. Data protection principles

We will comply with data protection law and principles, which means that your data will be:

(a) used lawfully, fairly and in a transparent way;

(b) collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes;

(d) accurate and kept up to date;

(e) kept only as long as necessary for the purposes we have told you about; and

(f) kept securely.

2. Personal Data We Collect

2.1. Information You Provide via the Site

Reface will collect personal data from you via the Site and may collect data about you from other sources. If you provide any information regarding third parties who can provide references about you, you are solely responsible for obtaining their consent for Reface to process that data.

When you are applying for a job via our Site we will collect the following information about you:

(a) full name, e-mail address, phone number and any other personal information you provide in your curriculum vitae and cover letter;

(b) photos if included on CVs or otherwise on supplementary documents submitted as part of the recruitment process;

(c) any information you provide to us during an interview; certifications and/or other documents related to the job application and/or recruitment process that you voluntary provide to us;

(d) personal information you may submit to us during the recruitment process such as information you volunteer to disclose in a recruitment interview.

We may also collect, store and use special categories of sensitive personal data, which could include information about whether or not you have a disability for which we need to make reasonable adjustments as part of the recruitment process, and/or information about criminal convictions and offences (where the nature of the opening requires this). Where it is necessary to collect that information, we will ensure that it is handled with the utmost discretion and will limit the access to the information to the personnel who require it for the purposes which it is being required and/or processed.

2.2. Information Collected Automatically

When you visit our Site, we may also collect technical data such as IP addresses or cookies when you interact with our Site. If applicable, we may employ automated systems to shortlist candidates and you will be informed about any such process.

(a) Automatic Data Collection. We may collect certain information automatically when you apply via our Site, such as your Internet protocol (IP) address, user settings, MAC address, cookie identifiers, mobile carrier, mobile advertising and other unique identifiers, browser or device information, location information (including approximate location derived from IP address), Internet service provider, and metadata about the content you provide which can provide details such as the location of where a picture was taken. We may also automatically collect information regarding your use of our Services, such as pages that you visit before, during and after using our Services, information about the links you click, the types of content you interact with, the frequency and duration of your activities, your history of using the app history, and other information about how you use our Services.

(b) Cookies, Pixel Tags/Web Beacons, and Other Technologies. We, as well as third parties that provide content, advertising, or other functionality on our Site, may use cookies, pixel tags, local storage, and other technologies (“Technologies”) to automatically collect information through your use of our Site.

i. Cookies. Cookies are small text files placed in device browsers that store preferences and facilitate and enhance your experience.

ii. Pixel Tags/Web Beacons. A pixel tag (also known as a web beacon) is a piece of code embedded in our Site that collects information about engagement on our Site. The use of a pixel tag allows us to record, for example, that a user has visited a particular web page or clicked on a particular advertisement. We may also include web beacons in e-mails to understand whether messages have been opened, acted on, or forwarded.

Our use of these Technologies fall into the following general categories:

i. Operationally Necessary. This includes Technologies that allow you access to our Site and tools that are required to identify irregular website behavior, prevent fraudulent activity and improve security or that allow you to make use of our functionality;

ii. Performance-Related. We may use Technologies to assess the performance of our Site, including as part of our analytic practices to help us understand how individuals use our Site (please see “Analytics” category below);

iii. Functionality-Related. We may use Technologies that allow us to offer you enhanced functionality when accessing or using our Services. This may include keeping track of your specified preferences, interests, or past items viewed;

iv. Advertising - or Targeting-Related. We may use first party or third-party Technologies to deliver content, including ads relevant to your interests, on our Site or on third-party websites. Please see Section 6 (Your Privacy choices and Rights) below to understand your choices regarding these Technologies;

v. Analytics. We may use Technologies and other third-party tools to process analytics information on our Site. Some of our analytics partners include Google Firebase. For more information, please visit the Google Privacy Terms web page.

2.3. Information Collected From Other Sources

We may obtain information about you from other sources, including through third-party services and organizations such as recruitment agencies and background check providers. For example, we may obtain personal data about your performance during previous employment from references, employees or other persons you worked with, or personal data from third-party websites, agencies and/or recruiters which was provided to such parties on your own. Also, we may collect publicly available information from websites and/or your social media.

3. How We Use Personal Data

3.1. We will use the personal information we collect about you to:

(a) create a database of candidates for a particular opening;

(b) assess of your skills, qualifications and suitability necessary for the open positions within Reface and/or its affiliates;

(d) communicate with you during the recruitment process for the open position or in regards to the other opportunities within Reface and/or its affiliates;

(e) confirm the information you provided in your application documents, where applicable;

(f) detect and prevent fraud or potentially illegal activities and properly address them; and

(g) comply with our legal obligations, including cooperation with governmental authorities and law enforcement agencies.

4. How We Disclose Personal Data

4.1. In our recruitment process we use Breezy HR, a web-based hiring platform. Thus, within this process Breezy HR will be processing the personal information you have shared in accordance with our instructions and its privacy policy available at https://breezy.hr/policies/privacy.

4.2. We may also transfer personal information to third parties that help us provide our services (agents, contractors, service providers, consultants). These third parties are authorized to use your personal information only as necessary to provide these services to us, e.g., background checks, educational history checks, employment history checks, hosting of the recruitment system, analysis of the recruitment data and processes. Transfers to subsequent third parties are covered by the service and data processing agreements.

4.3. We also reserve the right to disclose your personal information as required by law. This may include:

(a) when we believe that disclosure is necessary to protect our rights;

(b) to protect your safety or the safety of others;

(d) to investigate potential violations; and

(e) to respond to requests by public authorities, including to meet state security or law enforcement requirements and/or to comply with a judicial proceeding, court order, or legal process related to our Site.

5. Retention of Personal Data

5.1. Our retention policy for your personal data is determined based on the types of data processed and the potential harm that could arise from any unauthorized usage of this data.

5.2. Reface will maintain your personal information for a period of 24 months after we have communicated to you our decision about whether to hire you for the respective position. This retention period is helps us keep accurate HR and business records, adhere to relevant legal data retention requirements, exercise our rights concerning any potential legal claims, detect and prevent fraudulent activities, and to address any requests or complaints from you or other authorized entities. If you have previously applied for a position but were not successful, we may continue to use your personal data to keep you informed about future job opportunities that align with your professional background and experience. When your personal data is no longer necessary for the purposes described above, we will delete it.

5.3. If your job application is successful, your data will be integrated into the systems we use for Reface personnel management. If there are instances where we cannot delete your personal data from our systems due to technical constraints, we will employ appropriate measures, both technical and organizational, to ensure that your data is safeguarded against any unauthorized processing. Should you desire that we discontinue the use of your information for recruitment purposes, you may reach us at legal@reface.ai and/or hiring@reface.ai.

5.4. Information collected from cookies or other Technologies will be retained for a reasonable duration from the date such information was generated.

6. Your Privacy Choices and Rights

6.1. Your Privacy Choices

The privacy choices you may have about your personal information are determined by applicable law and are described below.

(a) “Do Not Track.” Do Not Track (“DNT”) is a privacy preference that users can set in certain web browsers. Please note that we do not respond to or honor DNT signals or similar mechanisms transmitted by web browsers.

(b) Cookies and Interest-Based Advertising. You may stop or restrict the placement of Technologies on your device or remove them by adjusting your preferences as your browser or device permits. However, if you adjust your preferences, our Services may not work properly. The online advertising industry provides websites from which you may opt out of receiving targeted ads from data partners and other advertising partners that participate in self-regulatory programs. You can access these and learn more about targeted advertising and consumer choice and privacy by visiting the Network Advertising Initiative, the Digital Advertising Alliance, the European Digital Advertising Alliance, and the Digital Advertising Alliance of Canada.

Please note you must separately opt out in each browser and on each device.

6.2. Your Privacy Rights

In accordance with applicable laws, you may have the right to:

(a) Request access to your personal data (commonly known as a “data subject access request”). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.

(b) Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you may provide to us from time to time.

(c) Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see section 6.2(d) below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your erasure request for specific legal reasons, which will be notified to you, if applicable, at the time of your request.

(d) Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.

(e) Request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios:

i. if you want us to establish the data’s accuracy;

ii. where our use of the data is unlawful, but you do not want us to erase it;

iii. where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or

iv. you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.

(f) Request the transfer of your personal data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.

(g) Withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to evaluate your job application. We will advise you if this is the case at the time you withdraw your consent.

6.3. How to Exercise Your Privacy Rights

If you would like to exercise any of these rights, please contact us as set forth in Section 12 (“Contact Us”) below. We will process such requests in accordance with applicable laws and provide information on actions taken on your request within one month following the receipt of your request. The general response period may be extended by 2 (two) additional months if Reface is overwhelmed by the number of user requests or the request is complicated and requires additional resources on our side. Reface will inform you of such extension within 1 (one) month following the receipt of the request specifying reasonably detailed reasons for such delay.

7. Security of Your Personal Data

7.1. We take steps to ensure that your information is treated securely and in accordance with this Privacy Notice. Unfortunately, no system is 100% secure, and we cannot ensure or warrant the security of any information you provide to us. To the fullest extent permitted by applicable law, we do not accept liability for unauthorized disclosure.

7.2. By providing personal information to us, you agree that we may communicate with you electronically regarding security, privacy, and administrative issues relating to processing of your personal data. If we learn of a security system’s breach, we may attempt to notify you electronically by posting a notice on our Site, by email or via any other appropriate notification method.

8. International Data Transfers

8.1. Please note, the Site is managed by Neocortext, Inc., a Delaware corporation, so your data may be transferred to the United States. Your data may also be accessed by third-party providers Reface engages in other regions, which may have data protection laws that are different from the laws where you live.

8.2. If you are a EU resident, it is important for you to know that the transfer of your data to the recipients in these countries is secured either by the participation of the contractors from these countries on the basis of standard contractual clauses adopted by the European Commission or another basis compliant with the EU data protection laws, including your explicit consent. By applying to our openings, you agree to such transfer and processing within the purposes set in this Privacy Notice.

8.3. In all cases we pass the information to other persons, we ensure that your information is being protected and used only within the purposes specified in this Privacy Notice. This is achieved by using only certified services and products, signing agreements on protection of personal data and non-disclosure agreements with contractors, as well as taking technical measures ensuring the information is protected when stored, used and while being transferred.

8.4. Please contact us if you want further information on the specific mechanism used by us for international transfers of your personal data.

9. Children’s Personal Data

The job positions are not directed to children under 18 (eighteen) or other age as required by local law, and thus we do not knowingly collect personal information from children. If you learn that your child has provided us with personal information without your consent, you may contact us as set forth in Section 12 (“Contact Us”) below. If we learn that we have collected a child’s personal information in violation of applicable law, we will promptly take steps to delete such information.

10. Third-Party Websites

The Site may contain links to other websites and other websites may reference or link to our Site. These third-party services are not controlled by us. We encourage our users to read the privacy policies of each website with which they interact. We do not endorse, screen or approve, and are not responsible for, the privacy practices or content of such other websites. Providing personal information to third-party websites is at your own risk.

11. Supervisory Authority

If you are located in the European Economic Area, Switzerland, or the United Kingdom, you have the right to lodge a complaint with a supervisory authority if you believe our processing of your personal information violates applicable law. The full list of authorities on the protection of personal data in each EU member state is here: https://digital-strategy.ec.europa.eu/en/library/list-personal-data-protection-competent-authorities.

12. Contact Us

We hope this Privacy Notice helped you understand how your personal information is dealt when you apply to our opening. If you have any questions about our privacy practices or this Privacy Notice, or would like to exercise your rights as detailed in this Privacy Notice, please contact us at: legal@reface.ai.

Neocortext, Inc.

651 N. Broad St. Ste. 201 Middletown, DE 19709, New Castle County, USA Delaware State, United States, registration number 7226991.