Privacy Notice – E.U. Job Applicants

This Notice of Data Collection, Processing and Transfer (the “Notice”) for General Assembly (as defined below) (the “Company”) describes:

• What Personal Data the Company collects about you;
• How the Company uses your Personal Data;
• To whom the Company discloses your Personal Data;
• Any international transfers of your Personal Data;
• How the Company safeguards your Personal Data;
• Whether the Company engages in automated decision making; and
• Your rights regarding your Personal Data. 

For purposes of this Notice, 

• “General Assembly” or “Company” means General Assembly Space, Inc., a Delaware corporation, General Assembly Space, Limited, a United Kingdom limited company, General Assembly Limited, a Hong Kong limited company, General Assembly Australia Pty Ltd., an Australian proprietary limited company, General Assembly Space Academy Pte. Ltd, a Singapore private limited company, General Assembly Space Inc., an Ontario corporation, Bitmaker Labs Inc., an Ontario corporation, General Assembly France SAS, a French corporation, General Assembly For Education LLC, a Saudi Arabian limited liability company, and any parent, subsidiary, or affiliate of any of the foregoing. 
• “Personal Data” or “Personal Information” means any information concerning an identified or identifiable individual; and 
• “Processing” means any operation with respect to Personal Data, such as collection, retrieval, access, use, disclosure, storage or disposal of Personal Data.

1.1 Personal Information Collected: The Company may collect identifiers and professional or employment-related information, when applicable, including the following:

Identifiers: legal name, nickname or alias, postal address, telephone number, e-mail address, signature, online identifier, Internet Protocol address, driver’s license number or state identification card number, and passport number.

Professional or Employment-Related Information: evaluations, membership in professional organizations, professional certifications, employment history, LinkedIn profile information, and resumes.

The Company generally may transfer sensitive Personal Data outside of the EU pursuant to a subject to a data processing agreement that complies with applicable law. 

Information provided by you to the Company relating to other people (e.g. your partner, dependents, etc.) will be processed by the Company in accordance with this Notice. You are responsible for the accuracy of such information and for ensuring that those people are aware of the nature of the information you have provided and the way in which it will be processed by the Company.

1.2 Purposes of Use. 

The Company collects Personal Information regarding characteristics of protected classifications on a purely voluntary basis, except where collection is required by law, and uses the information only in compliance with applicable laws and regulations.

The Company may collect information about race, ethnicity, age, national origin, disability, sex, and veteran status as necessary to comply with legal obligations, and for purposes of diversity analytics. The Company may also collect the following characteristics (in addition to those listed above) for its diversity and inclusion programs: (a) religion and religious observances or practices; (b) sex (including gender, pregnancy, childbirth, breastfeeding and related medical conditions, and sexual orientation); (c) disability; (d) gender identity; (e) gender expression; (f) marital status; (g) age, and (h) familial status.

The Company also uses this Personal Data for the following purposes: disability, familial status, marital status, and pregnancy, childbirth, breastfeeding, and related medical conditions as necessary to comply with applicable laws; military and veteran status as necessary to comply with leave requirements under applicable law; age incidentally to identity verification; religion and pregnancy, childbirth, breastfeeding, and related medical conditions as necessary for accommodations under applicable law; national origin as necessary to comply with immigration laws; and marital status and familial status as necessary to provide benefits and for tax purposes.

3.1 Personal Information Collected: The Company may collect commercial information related solely to an individual’s capacity as a job applicant, including: records of personal property; products or services purchased, obtained, or considered; or other purchasing or consuming histories or tendencies.

3.2 Purposes of Use: reimbursement of travel expenses related to the job interview or application process.

4.1 Personal Information Collected: The Company may collect information about applicants’ use of the Internet or other similar network activity, when connected to the Company network, including but not limited to: browsing history, search history, authentication and activity on the Company's electronic resources, and information regarding an applicants’ interaction with web sites, applications, or advertisements, and publicly available social media activity.

4.2 Purposes of Use: to monitor use of the Company's information systems and other electronic resources or information systems, to conduct internal audits, to conduct internal investigations, and to protect the safety and security of the Company’s facilities.

5.1 Personal Information Collected: The Company may collect geolocation data, including: (a) information that can be used to determine an electronic device’s physical location if the device is on the Company network; and (b) information that can be used to determine an applicant’s physical location, for example, through a radio frequency identification (RFID) chip in a security badge.

5.2 Purposes of Use: to confirm that an applicant has arrived and left Company facilities when scheduled, to manage applicant-related emergencies, to monitor the safety of the applicant, to protect the safety and security of the Company’s facilities and identify network threats.

6.1 Personal Information Collected: The Company may collect sensory or surveillance data, including: audio/visual recordings of interviews and footage from video surveillance cameras.

6.2 Purposes of Use: to protect the safety and security of the Company’s facilities and personnel through video surveillance, to evaluate the applicant’s suitability for employment, to monitor compliance with Company policies, and to provide training. 

7.1 Personal Information Collected: The Company may, directly or through a third party, collect background screening information, including results of the following types of background screening: criminal history; sex offender registration, if applicable; motor vehicle records; credit history; employment history; drug testing; and educational history.

7.2 Purposes of Use: to evaluate applicants’ qualifications for employment with the Company

The Company also may use applicants’ Personal Information to facilitate administrative functions and information technology operations and for legal reasons and corporate transactions. These functions include, but are not limited to the following:

• to manage and operate information technology and communications systems, risk management and insurance functions, budgeting, financial management and reporting, and strategic planning;
• to manage litigation involving the Company, and other legal disputes and inquiries and to meet legal and regulatory requirements; and
• to manage licenses, permits and authorizations applicable to the Company's business operations.

Due to business requirements or contractual or statutory obligations, the Company may need to disclose your Personal Data to Authorized Third Parties (defined below) for the purposes described above. The Company will provide your Personal Data to an Authorized Third Party that is a data processor only subject to a data processing agreement that complies with applicable law.

The Company generally will not disclose your Personal Data to any other third parties unless the disclosure is required by law (for example, to tax authorities), is necessary to protect your health or safety or the health or safety of third parties, is of business contact information for the purpose of developing and maintaining business relationships, and in other limited circumstances where disclosure is legally permitted or required.

“Authorized Third Parties” include third-party service providers under written contract with the Company or any of its affiliated companies and acting under the Company’s direction and instructions, such as auditors, administrative service providers, background check providers, recruiting agencies, travel agencies, and any other entity providing services to the Company.

Because the Company is part of a global multinational corporation, your Personal Data will be accessed by the affiliate entities included in the definition of “General Assembly” and “Company” above. Company affiliates will use your Personal Data for the purposes described above related to your job application with the Company; to facilitate administrative functions and information technology operations; and to manage business operations. Certain categories of your Personal Data will only be accessible to Company employees with a need to know to perform their job responsibilities (e.g. HR, IT, Legal, prospective direct managers, etc.).

Each affiliate of Company has agreed to use Standard Contractual Clauses approved by the European Commission to ensure an adequate level of protection for the transfer of your Personal Data to entities outside the EU.

The Company will transfer your Personal Data to Authorized Third Parties, located outside the EU, for the purposes described above. Before transferring your Personal Data from the EU directly to any Authorized Third Party located in the United States or elsewhere outside the EU, the Company will execute, as necessary, Standard Contractual Clauses approved by the European Commission to ensure an adequate level of protection for the transfer of your Personal Data to those entities outside the EU. 

The Company has implemented reasonable and appropriate administrative, physical, and technical safeguards for your Personal Data. For example, your Personal Data will be stored on a secure server when in electronic form and in physically secure areas when in paper form. Technical and physical controls restrict access to your Personal Data to employees of the Company with a need to know. The Company will retain your Personal Data throughout the employment relationship and as long thereafter as is permitted by applicable law and the Company’s data retention practices. For additional information about the Company’s retention of your Personal Data, contact the Human Resources team.

The Company does not make any decisions concerning your employment only by automated means.

Pursuant to applicable law, you have the right to: (a) request access to your Personal Data, unless a legal exception applies; (b) request rectification of your Personal Data; (c) request erasure of your Personal Data (“the right to be forgotten”), unless a legal exception applies; (d) withdraw your consent or object to the processing of your Personal Data; (e) request restriction of processing of your Personal Data; and (f) request data portability. 

• More on the right of access: Your right to access your Personal Data includes your right to receive a copy of all, or a portion, of your Personal Data in the Company’s possession as long as the Company providing your Personal Data would not adversely affect the rights and freedoms of others or a legal exception applies.
• More on the right to data portability: Subject to certain limitations, the right to data portability allows you to obtain from the Company, or to ask the Company to send to a third party, a copy of your Personal Data in electronic form that you provided to the Company in connection with the performance of your employment agreement or with your consent.
• More on the right to withdraw consent: If the Company requests your consent to process your Personal Data and you do consent, you may withdraw your consent. Any withdrawal shall not affect the lawfulness of processing based on consent before its withdrawal, and the Company will continue to retain the information that you provided us before you withdrew your consent for as long as allowed or required by applicable law.
• More on the right to object: You have the right to object to the processing of your Personal Data based solely on the Company’s legitimate interests. If you do object in these circumstances, the processing of your Personal Data will be stopped unless there is an overriding, compelling reason to continue the processing or the processing is necessary to establish, pursue or defend legal claims. 

How to exercise these rights: You can exercise these rights by submitting an email to hrteam@ga.co. The Company will respond to such requests in accordance with applicable data protection law. If you believe that your Personal Data has been processed in violation of applicable data protection law, you have the right to lodge a complaint with the data protection authority where you live, where you work, or where you believe the violation occurred.