1. Introduction EverAI Limited (“EverAI”, “we”, “us”, or “our”) respects your privacy and is committed to protecting the personal data you share with us during the recruitment and/or application process. EverAI is a "controller" in relation to such personal data. This means that we are responsible for deciding how we hold and use personal information about you. This EverAI Applicant Privacy Notice is intended to inform you about how and why your personal data will be used and stored during the recruitment and application process.

2. Data protection principles We will comply with data protection law and principles, which means that your data will be:

   • Used lawfully, fairly and in a transparent way.
   • Collected only for valid purposes that we have clearly explained and not used in any way that is incompatible with those purposes.
   • Relevant to the purposes we have told you about and limited only to those purposes.
   • Accurate and kept up to date.
   • Kept only as long as necessary for the purposes we have told you about.
   • Kept securely.

3. Who is your personal information collected from? We collect personal information about job candidates from the following sources:

   • You, the applicant, when you apply for employment (e.g., directly through our website or through a job board) or respond to a proactive contact from us.
   • Publicly accessible sources, e.g., professional profiles like LinkedIn or platforms that showcase your work or experience relevant to a role.
   • Third parties with whom you have a pre-existing relationship and/or whom you authorize to provide us with information about you, including:
     • Referrers
     • Recruitment agencies. (For information on the data protection practices of recruitment agencies, please contact them directly.)
     • Your named references.

4. The kind of information we hold about you In connection with recruitment and/or your application for work with us, we will collect, store, and use the following categories of personal information about you:

   • Information in our standard application form (name, email, contact information, link to LinkedIn profile, location, work authorization confirmation for your location (yes/no), timezone information, salary expectations, answers to other role-specific questions, portfolios or other documents needed to consider you for a particular role, and answers to any free fields in the application form).
   • The information you have provided to us in your CV and/or additional documents that form part of your application.
   • Any information you provide to us during your interview(s) or during the recruitment, interview, and hiring process.
   • To facilitate hiring in our remote-first environment and accommodate varying timezones on the hiring team, we may ask to record interviews, so that all members of the hiring team can properly review the application. We will always ask for your consent before doing so, and it will always be clear in the call interface that a recording is in progress. We adhere to strict data deletion periods for any recordings (see Section 10 below).
   • Automatically generated transcripts of any recorded interviews.
   • Performance/results of any case study. We use this information solely to evaluate your fitness for the role.
   • Information obtained from sources other than yourself previously referred to in this notice.
   • Any legally mandated information per local requirements.

   You do not need to reveal, nor will we base our recruitment decisions on, any type of more sensitive information. However, if you voluntarily share this type of information (e.g., on your CV or in an interview), we may collect, store and process:

   • Information about your race or ethnicity, religious or philosophical beliefs, trade union membership, sexual orientation and political opinions.
   • Information about your gender identity and/or pronouns.
   • Information about your health, including information necessary to accommodate any disability.
   • Information about criminal convictions and offences.

5. How we will use information about you We will use the personal information we collect about you to:

   • Assess your skills, qualifications, and suitability for the role.
   • Carry out reference checks.
   • Communicate with you and (as applicable) referring recruitment agencies about the recruitment process.
   • Keep records related to our hiring processes.
   • Comply with legal or regulatory requirements.

Once we receive your application materials, we will process that information to decide whether you meet the basic requirements to be shortlisted for the role. If you do, we will decide whether your application is strong enough to invite you for an interview. If so, we will use the information you provide to us during your interview(s) to decide whether to make an offer of employment. If we decide to make such an offer, we will contact your references and/or perform any role-specific preliminary checks before making a final offer. You are responsible for informing your named references that you are giving us their contact information and obtaining any necessary consent for same. If you fail to provide requested information that is necessary for us to consider your application (such as evidence of qualifications or work history), we will not be able to process your application.

1. Legal bases for processing under European data protection law (e.g., GDPR, UK GDPR) To the extent required by applicable law, we process your personal information only according to the following legal bases:
   • Legitimate interests: It is in our legitimate interests to:
     • Determine applicants’ fitness for a particular role, and to ultimately make hiring decisions, so as to appropriately staff the company.
     • Engage appropriate third parties (e.g., a centralized recruitment management platform) to assist in same.
     • Record interviews and store them for a limited period of time, to facilitate hiring in a remote-first environment and accommodate varying timezones on the hiring team.
   • Contractual necessity: We need to process your personal information to decide whether to enter into a contract (of employment) with you.
   • Legal obligation: Where a relevant legal obligation applies (e.g., confirming your right to work from your location), our processing is based on the same.
   • Consent: In limited circumstances, we may base processing activities on your informed consent, for example, when processing information that you voluntarily offer and (in the event we do not move forward with your application) retaining your application materials for future roles.

Where we rely on consent as our legal basis for processing your data, you may withdraw your consent at any time with effect for the future. If we process any special category data provided as part of your application (e.g., health, religious, or ethnicity information), this is based on is Art. 9(2)(b) of the GDPR, which relates to our obligations in employment. Depending on the circumstances, we may rely on different legal bases when processing the same information for different purposes. If you reside outside the EEA, UK, or Switzerland, the legal bases on which we rely may differ from those listed above.

1. Automated decision-making You will not be subject to decisions that will have a significant impact on you based solely on automated decision-making.

2. Disclosure of your personal information We will only share your personal information with third parties where necessary for us to process your application. The parties to whom we may disclose your personal information include:

   • EverAI staff on the applicable hiring team: Internal staff receive information about your application on a need-to-know basis and are subject to confidentiality obligations. Generally, only members of the hiring team for a given role and toplevel management have access to your application information.
   • Service providers: We use service providers to facilitate our hiring processes, including office tools and a centralized recruitment management platform. These service providers may only use your information to perform certain tasks on our behalf and have access only to the information needed to perform such tasks that we define. All third-party service providers or other recipients are required to take appropriate security measures to protect your personal information in line with applicable law.
   • Recruitment agencies: If your application came in through a recruitment agency, we share limited information regarding the status of your application with them upon request.
   • Other third parties required by law: We take our legal obligations seriously, and may access, preserve, and share personal information with regulators, public authorities, law enforcement, government agencies, or others, where we reasonably believe such disclosure is necessary to:
     • Comply with valid legal process, court orders, applicable law, regulations, or official requests;
     • Address illegal or suspected illegal activities, security, or technical issues;
     • Protect against harm to the rights, property or safety of our company, users, staff, or other third parties; or
     • Maintain and protect the security and integrity of our infrastructure.

   Your personal information may also be transferred outside the EEA or UK in connection with the application and recruitment process. As a remote-first environment, our staff (and members of the hiring team and management) are located and may access your information from outside the EEA or UK. Some of our service providers, including our centralized recruitment platform (Ashby), are also located outside the EEA or UK, including in the United States of America. When we transfer personal information outside the EEA or UK, we ensure that the transfer complies with this privacy notice and applicable law. Where an appropriate safeguard for transfers of personal information outside the EEA or UK is required, we generally rely on adequacy decisions published by, and/or Standard Contractual Clauses approved by, the European Commission and/or UK Information Commissioner’s Office.

3. Data security We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorized way, altered or disclosed. In addition, we limit access to your personal information to those employees, agents, contractors and other third parties who have a need to know. They will only process your personal information on our instructions and they are subject to a duty of confidentiality. We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.