Data Privacy Notices for Employees and Candidates

Europe, United Kingdom and Australia

CoreView S.r.L or Document Insights Ltd (in either case, the “Company”, “us” or “we”) is the data controller in respect of all personal data collected and processed in relation to your recruitment by and employment with the Company.

Much of the personal data we hold about you is data we receive directly from you but we may also, where permitted by law: (a) receive data about you from other sources (for example, employment agencies, customers, suppliers counterparties, regulators and – where relevant and legally permissible in your local jurisdiction, such as in the manner and cases provided for by the NCBA in Italy – background check providers who in turn receive information from public sources such as the Disclosure and Barring Service in the UK, credit record agencies, education providers and previous employers); (b) create data about you in the course of job-related activities throughout the period of you working for us (for example, your performance appraisals and opinions about your competencies); and (c) monitor you using CCTV, information obtained through electronic means such as swipe card  records, presence monitoring, information about your use of our information and communications systems and information in emails. Provision of pre-employment information is a requirement and without it we will be unable to employ you. Personal data about you that we receive from other sources may include identification and contact data (such as your name and date of birth), employment and recruitment history, education and qualifications, and potentially information which falls within the special categories of personal data discussed below in this Privacy Notice.

Most personal data is processed because it is necessary for the performance of your employment contract (including the execution of your employment contract and the fulfilment of employment obligations) or in order for us to take steps prior to entering into your employment contract. We may also process your personal data in order to comply with a legal obligation to which we are subject. Other processing may be necessary for the purposes of our (or a third party’s) legitimate interests including: (a) the operation, protection, financing and management of our business; (b) ensuring compliance with our policies, rules and investigating allegations of wrongdoing; (c) conducting litigation and taking legal and professional advice; and (d) operating our IT systems and maintaining network and information security. You may also be asked to consent to additional processing during your employment and you may decline any such request.

We generally process special categories of personal data (such as data concerning health, nationality or trade union membership) on the basis that it is necessary for the performance or exercise of obligations or rights which are imposed or conferred by law on us or you in connection with employment. We process personal data relating to criminal convictions and offences, and other special categories of personal data (such as data concerning racial or ethnic origin, religious or philosophical beliefs, political opinions, biometric data, sex life or sexual orientation) less frequently and in any event only to the extent permitted by local laws. We may use this information to, where permitted by law: (a) carry out pre-employment checks; (b) ensure your health and safety in the workplace and assess your fitness to work, provide appropriate workplace adjustments, monitor and manage sickness absence, and administer benefits including statutory maternity pay, statutory sick pay, pensions and permanent health insurance; (c) comply with employment and other laws; and (d) carry out equality monitoring where relevant and/or permissible.

We may share personal data we hold with any member of our group, which means our subsidiaries, our ultimate holding company and its subsidiaries, in accordance with applicable law. We may also share your personal data with those who process personal data on our behalf (for example we may use an ATS solution in your recruitment) and also: (a) auditors and professional advisors; (b) governmental or national public authorities; (c) the prospective seller or buyer of the business in which you work, the group or any incoming service provider; (d) counterparties, customers, shareholders and business partners; and (e) other third parties where permitted by law.

We may share your personal data with members of our group outside the EEA and in particular to the US. Where we do transfer data outside the EEA will have taken suitable safeguards with respect to the protection of your privacy and your fundamental rights and freedoms, usually by (where appropriate and in accordance with applicable law): (a) entering into standard contractual clauses or International Data Transfer Agreements; (b) providing an adequate level of protection to any personal data that is transferred; and (c) complying with reasonable instructions notified to us in advance by you with respect to the processing of your personal data. We may also use processors around the world to host our IT platforms and such vendors have appropriate safeguards in place.

We will keep your personal data in a form which permits your identification for no longer than is necessary for the purposes for which the personal data is processed including for the purposes of satisfying any legal, accounting, or reporting requirements. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements. In particular:

• In Italy, the data collected pursuant to this Privacy Notice shall be retained for a period equal to the duration of the employment relationship and for the 10 years following the termination of the employment relationship, except where retention for a later period is required for any litigation, requests by competent authorities or pursuant to applicable law, except for Data collected for the purposes of presence monitoring which will be retained for five (5) years after collection. At the end of the retention period the data will be deleted, anonymized or aggregated.
• In Spain, The Company shall store the personal data for the duration of the employment relationship, and shall keep the personal data, duly blocked, for a minimum period of five (5) years after the termination of the Employment Contract and until the legally established statute of limitations.

For candidates who have applied for a role within our business, please note that we will retain any personal data you provided as part of your application in our ATS solution for 6 months from the date on which (a) your application is rejected, or (b) you are hired (as applicable). You can request the earlier deletion of your personal data by contacting our Talent Acquisition team at ta@coreview.com.

You will not be subject to decisions that will have a significant impact on you based solely on automated decision-making (although in some circumstances we may use AI to assist with the review process).

As a data subject, in certain circumstances you have rights to rectification, access, erasure, restriction, objection and portability. Where relevant, you also have the right to withdraw your consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal. You also have the right to lodge a complaint with the competent data protection authority (“DPA”), such as the Information Commissioner (www.ico.org.uk) in the UK. For EU Member States, the contact details of your local DPA can be found here: https://edpb.europa.eu/about-edpb/board/members_en. If you have any questions, please contact Jessica Scott (jess.scott@coreview.com).

Coreview S.r.L. address: Corso Como, 15 20154 Milano (MI) Italy
Document Insights Ltd address: Celixir House, Stratford Business and Technology Park, Stratford-Upon-Avon, Warwickshire, United Kingdom, CV37 7GZ

https://www.coreview.com/

General contact details: jess.scott@coreview.com / 001 (917) 748 0845

Australia Addendum

This Australia Addendum applies to the collection, handling, use, storage and disclosure of personal information by CoreView S.r.l. (the “Company”, “us” or “we”) relating to individuals who perform work for, or provide services to, the Company in Australia, whether engaged directly or indirectly (including via an employer of record). This Addendum prevails over the main Privacy Notice in respect of Australian-regulated processing to the extent of any inconsistency.

Where individuals are engaged via an employer of record (EOR) or other third party employer, that employer will handle personal information for employment administration purposes and should provide its own privacy notice. This Addendum describes how the Company handles personal information where the Company collects and uses it for its operational purposes (for example, workforce planning, systems access, security, compliance, and day-to-day management).

The Company collects personal information only where reasonably necessary for its workforce planning and administration, legal and policy compliance, and business operations. Sensitive information (including health information and criminal history information) is collected only where it is reasonably necessary for the Company’s functions or activities and the individual has provided consent, or the collection is otherwise permitted under applicable privacy law. Where all or some of the information is not able to be collected, this may affect the Company’s ability to progress the relevant arrangement.

Personal information is used and disclosed:

• for the primary purpose for which it was collected; or
• for a related secondary purpose that an individual would reasonably expect; or
• as otherwise permitted or required by Australian law.

The Company may disclose personal information to recipients located outside Australia, including within its corporate group and to overseas service providers. These recipients are likely to be located in Italy, the United Kingdom and/or the United States..

Where the Australian Privacy Principles apply, the Company takes reasonable steps to ensure that overseas recipients handle personal information in a manner consistent with the Australian Privacy Principles, or otherwise relies on an applicable exception under the APPs.

Subject to limited exceptions under the Privacy Act, individuals may request access to personal information held about them, and request correction of inaccurate, out‑of‑date, incomplete or misleading information. Requests should be made using the contact details set out below.

Individuals may make a complaint about a breach of the Australian Privacy Principles by contacting the Company using the details below. If a complaint is not resolved to the individual’s satisfaction, they may lodge a complaint with the Office of the Australian Information Commissioner:

Website: https://www.oaic.gov.au
Phone: 1300 363 992

The Company can be reached via Jessica Scott (jess.scott@coreview.com).

United States (California)

Notice at Collection and Privacy Policy for California Job Applicants

CoreView USA Inc, (the “Company”)  takes your privacy seriously.  We want you to know how we collect, use, and disclose, your personal information.

California Notice at Collection:  The Company collects the personal information identified in Section 1 for the purposes identified in Section 3 and retains it for the period described in Section 5. We do not sell your personal information or disclose it for cross-context behavioral advertising (“sharing”).  We also do not collect or process sensitive personal information for the purpose of inferring characteristics about you.

EEO Statement
‍The Company is an equal employment opportunity employer.  Company’s policy is not to unlawfully discriminate against any applicant or employee on the basis of race, color, sex, religion, national origin, age, disability, or any other consideration made unlawful by applicable federal, state, or local laws.  Company also prohibits harassment of applicants and employees based on any protected category, characteristic or status. It is also Company’s policy to comply with all applicable state, federal and local laws respecting consideration of unemployment status in making hiring decisions.

Company complies with the ADA, the ADAAA and applicable state law and considers reasonable accommodation measures that may be necessary for qualified applicants/employees to perform the essential functions of the job. Hire may be contingent upon a post-offer medical examination, and to skill and agility tests, as appropriate for the position.

Assistance For The Disabled
Alternative formats of this Privacy Policy are available to individuals with a disability.  Please contact jess.scott@coreview.com for assistance.

This Privacy Policy explains:

• The categories of personal information we collect about you
• The categories of sources from which we collect your personal information
• The purposes for which we use your personal information
• How we may disclose your personal information
• How long we keep your personal information
• Your rights and how to exercise them
• Changes to this Privacy Policy

Scope:
This Privacy Policy applies to the personal information of California residents in their role as job applicants to Company (“Applicants”).  

“Personal information” means information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular Applicant.

“Personal information” does not include:

• Information publicly available from government records or made publicly available by you or with your permission;
• Deidentified or aggregated information;
• Information excluded from the scope of the California Consumer Privacy Act (“CCPA”), such as:
• protected health information covered by the Health Insurance Portability and Accountability Act (“HIPAA”) or the Health Information Technology for Economic and Clinical Health Act (“HITECH”) or medical information covered by California Confidentiality of Medical Information Act (“CMIA”); or
• personal information covered by certain sector-specific privacy laws, including the Fair Credit Reporting Act (“FCRA”), the Gramm-Leach-Bliley Act (“GLBA”), or the California Financial Information Privacy Act (“FIPA”).

1) THE CATEGORIES OF PERSONAL INFORMATION WE COLLECT ABOUT YOU

We may collect the following categories of personal information. Not all categories may be collected about every Applicant.

• Identifiers, for example: real name, nickname, telephone number, postal address, e-mail address, Social Security number, and signature.
• Professional or Employment-Related Information, for example: educational institutions attended, degrees and certifications, licenses, work experience and previous employers, and professional memberships and affiliations.
• Commercial Information, for example: travel expense records for an interview.
• Internet or Other Electronic Activity Information, for example: interactions with Company’s Internet web site, job application, or job advertisement.
• Sensory or Surveillance Data, for example: voice-mails, audio/visual recordings of interviews, and footage from video surveillance cameras.
• Other details, for example, hobbies and leisure activities or membership in voluntary/charitable/public organizations, for example, as stated on the Applicant’s resume.
• Characteristics of Protected Classifications Under California or Federal Law for Applicants, collected on a purely voluntary basis, except where collection is required by law, and used only in compliance with applicable laws and regulations, for diversity and inclusion reporting and related purposes.

Note on inferring characteristics: Company does not collect or process sensitive personal information or characteristics of protected classifications for the purpose of inferring characteristics about the Applicant.

2) THE CATEGORIES OF SOURCES FROM WHICH WE COLLECT YOUR PERSONAL INFORMATION

We may collect the following categories of personal information. Not all categories apply to every Applicant.

• You, for example, in your job application, forms you fill out for us, assessments you complete, surveys you complete, and any information you provide us during the course of your application and interview process.
• Vendors and service providers, for example, recruiters.
• Third parties, for example, job references, affiliated companies, professional employer organizations or staffing agencies.
• Automated technologies on Company’s electronic resources, for example, to track logins and activity on Company’s careers page.
• Surveillance/recording technologies installed by Company, for example, video surveillance in common areas of Company facilities, voicemail technologies, webcams, and audio/video recording technologies with consent to the extent required by law
• Government or administrative agencies, for example, law enforcement or public health authorities.
• Acquired company, if Company acquired your employer, Company might collect personal information from that employer.

3) THE PURPOSES FOR WHICH WE USE YOUR PERSONAL INFORMATION

We may use the personal information we collect for one or more of the following purposes:

A. Generally Applicable Purposes

Unless stated otherwise in section 3.B, below, we may use Applicants’ personal information for the following purposes:

Recruiting, including:

• To evaluate Applicants’ qualifications or suitability for employment with Company
• To communicate with Applicants
• To conduct a pre-employment or criminal history background check
• For identification purposes
• For diversity and inclusion purposes
• To arrange and manage Company-sponsored events
• To create a talent pool for future job openings
• To demonstrate Applicants’ agreement to, or acceptance of, documents presented to them, e.g., pre-employment arbitration agreement, acknowledgment of employment application, offer letter
• To evaluate and improve the recruiting process
• To promote Company as a place to work

Monitoring, Security, and Compliance, including:

• To monitor and protect Company facilities and information systems
• To ensure compliance with applicable laws and Company policies
• To report suspected criminal conduct to law enforcement and cooperate in investigations
• To exercise Company’s rights under applicable law and to support any claim, defense, or declaration in a case or before a jurisdictional and/or administrative authority, arbitration, or mediation panel

Conducting Our Business, including:

• For training purposes or quality assurance with respect to Company employees conducting the interviews or otherwise assisting with the recruiting and hiring process
• For travel and event planning
• To engage in crisis management
• To manage travel reimbursements

Miscellaneous Other Purposes:

• To manage and operate information technology and communications systems, risk management and insurance functions, budgeting, financial management and reporting, strategic planning;
• To manage litigation involving Company, and other legal disputes and inquiries and to meet legal and regulatory requirements;
• In connection with a corporate transaction, sale, or assignment of assets, merger, divestiture, or other changes of control or financial status of Company or any of its subsidiaries or affiliates; and
• To protect the rights, property, or safety of Company, Applicants, customers or others.