Privacy Notice – Employees (Effective Date: May 25, 2018)

I. Introduction.

Your privacy is important. This Privacy Notice (the “Privacy Notice,”) together with its addendums, the terms and conditions of your Contract of Employment or Employment Agreement, as amended from time to time (the “Employment Agreement”) and any handbook or policy, as amended time to time, explains how we deal with applicable privacy requirements and sets out the basis on which Frank Recruitment Group Services Limited and its affiliates, including without limitation, Nigel Frank International Limited, Mason Frank International Limited, Frank Recruitment Group UK Services Limited, Frank Recruitment Group Services USA Ltd., Frank Recruitment Group Inc., Frank Recruitment Group Services Inc., Frank Recruitment Group Private Limited (Singapore), Frank Recruitment Group Pty Limited (Australia) and Frank Recruitment Group GmbH (collectively, “we,” “us,” “our,” or “FRG”) collect, process, store, use, disclose and remove your personally identifiable information or personal data (“Personal Data” or “PII”).

Finally, this Privacy Notice applies regardless of the form or method by which you provide Personal Data to FRG. This Privacy Notice applies to Personal Data that you provide to FRG in writing, over any website or application operated or used by FRG, FRG’s intranet, via email, via text messages (or similar forms of communications), via video conferencing or telephonically.

Please read the following carefully to understand our views and practices regarding your Personal Data, how we will treat it and your rights.

The handbook, FRG policies or your Employment Agreement may contain additional terms and obligations related to your use of FRG equipment, computers, databases and email. Please read those documents carefully. In the event of a conflict with respect to data privacy between this Privacy Notice, on the one hand, and any FRG policy or handbook or your Employment Agreement, on the other hand, the terms of this Privacy Notice shall prevail. FRG’s issuance of this Privacy Notice does not otherwise change, alter, eliminate or reduce any of your or FRG’s obligations under your Employment Agreement or any FRG policy or handbook.

II. Who are we?

FRG is a global niche technology recruitment company that operates under the brands Nigel Frank, Anderson Frank, Mason Frank, Nelson Frank, Jefferson Frank, Churchill Frank, Pearson Frank, Washington Frank, FRG Technology Consulting, Gulfjob Market and Dynamic Jobs.

If you want to contact FRG or any of its group companies, click here.

III. Who does this Privacy Notice protect?

This Privacy Notice applies to all FRG employees, regardless of which FRG affiliate is your actual employer, your title, what brand or team you work on, whether you work in “Support” or “Front Office” at FRG, what office you work in or if FRG employs you remotely. This Privacy Notice applies to Personal Data that you provide to FRG during the employment application process (regardless of whether you actually become an FRG employee), during employment and after employment. If this Privacy Notice applies to you, you may be referred to herein as a “data subject” or collectively, “data subjects.”

As a global document, the first part of the notice is general and applies globally. The second part of the Privacy Notice is comprised of country-specific addendums, and where applicable, FRG will handle Personal Data relying on certain exemptions under local law, including exemptions relating to employee records. Please be sure to check the addendums to see if there is one that applies to your country. In the event of a conflict between the general part of this Privacy Notice and an addendum, the addendum prevails.

This Privacy Notice is inapplicable to FRG clients, candidates, independent contractors, freelancers, vendors, partners or suppliers.

IV. What information will we collect?

Some of the data that we collect or receive about you is Personal Data including but not limited to:

  • Your name;
  • Your contact details e.g. email address, cell phone number, home phone number,
  • street address;
  • Social security number or national insurance number
  • Visa number;
  • Passport number;
  • Superannuation details (where applicable);
  • Tax related information;
  • Right to work status \ citizenship;
  • Information that could be used to identify your spouse, children or other family
  • members;
  • Date of birth;
  • Medical or prescription drug information; and
  • Bank account details.

Other information that we collect or receive from you or about you is not Personal Data, and is not covered by this Privacy Notice.

Mobile Device Management. Where permitted by applicable law and except as set forth in the addendums hereto, in order to monitor and protect other FRG employee’s Personal Data, the Personal Data of FRG clients and candidates, and FRG’s other confidential information, proprietary information or trade secrets, FRG may install a mobile device management product on any FRG issued mobile phone or computer, or on any mobile device owned or leased by you from which or on which you have access to FRG confidential information, proprietary information, trade secrets, FRG email or FRG client, candidate or employee information. This mobile device management service may permit FRG to disable or “kill” the phone or computer, to clear or “wipe” the phone or computer or see your activity and information on your phone or computer, including non-FRG related activity and information. Furthermore, this mobile device management service may permit FRG to track the location of the computer or phone on which the service is installed.

Web Beacons. FRG may use or include web beacons in emails or other electronic communications that FRG sends to you. We use web beacons to help us analyze the effectiveness of our communications to you. For example, we may use web beacons to understand when and if you opened our email, how many times you opened the email, if you have forwarded the email to another email address or if you clicked on a link in an email that we sent to you. The web beacons do not collect or give us your Personal Data but they do provide information to us about your actions after receiving a communication from us

If your provision of Personal Data to FRG is necessary for FRG to hire you (or consider hiring you as an employee), your failure to provide us with accurate Personal Data may result in FRG not being able to process your employment application or offer you employment, continue your employment or terminate your employment.

If FRG obtains your Personal Data from someone other than you, and if required under applicable law, FRG shall inform you of the identity and contact details of the person or entity from whom FRG obtained your Personal Data, whether FRG obtained your Personal Data from publicly available sources, the categories of Personal Data that FRG obtained and, if FRG is processing your Personal Data based on its legitimate interest (see EEA/UK Addendum below), the nature of FRG’s legitimate interest, and shall do so by the earlier of (1) one month after FRG obtains your Personal Data or (2) if FRG uses your Personal Data to communicate with you, the first time that FRG communicates with you.

FRG shall not provide you with the information described in the paragraph immediately above if you already possess this information, providing you with such information is against (or not mandatory under) applicable law, is subject to an obligation of professional secrecy, proves impossible, would involve a disproportionate effort or would render impossible or seriously impair the achievement of the objectives of the processing, in which case, FRG shall take appropriate measures to protect your rights, freedoms and legitimate interests.

V. Why do we process your Personal Data?

FRG will store, process and use your Personal Data to conduct its business and comply with applicable local law, including in some or all of the following ways:

  • To facilitate the hiring and interview process;
  • To facilitate the compensation and wage payment process or to correct any issue with your compensation or payment;
  • To complete and submit documents required by government agencies or applicable law;
  • To provide health, dental and other benefits to you or a family member;
  • To pay you pension, national insurance, medical or other payments to you or on your behalf;
  • To provide you with retirement benefits, where applicable (like 401(k) in the US);
  • To provide you with information necessary for your taxes;
  • To investigate, respond to or resolve any employment related compliant or issue made by, about or involving you,
  • To investigate and respond to any leave of absence you may request,
  • To terminate your employment or to consummate your resignation of employment with us;
  • To provide you with a service requested by you, like verifying your employment or compensation for a loan or a mortgage;
  • To extent permitted by applicable law, to monitor or ensure your appropriate use of FRG information or equipment, including an FRG issued computer or mobile phone, and any FRG database or system (such as FRG’s client/candidate database, FRG’s email systems, FRG’s document storage system, FRG’s HR systems and database and FRG’s financial systems and database);
  • To extent permitted by applicable law, to monitor your compliance with your obligations under your Employment Agreement, any FRG policy or our handbook;
  • To make it possible for you to travel on FRG business or on an award or incentive trip;
  • To enable you to submit your CV or resume to FRG for employment, to apply online including through any website or online application operated by FRG (collectively, the “Websites”));
  • To answer your questions and enquiries;
  • To use your information on an anonymised basis to monitor compliance with our equal opportunities policy, other FRG policies and any legal or compliance requirements;
  • To carry out our obligations arising from any contracts entered into between you and us, including your Employment Agreement;
  • To enforce any of your contractual obligations to us, including those under your Employment Agreement, in an FRG policy on in our handbook;
  • To fill an open vacancy at FRG and to advise you of vacancies at FRG for which FRG believes you may be qualified or interested in;
  • To input your Personal Data into FRG’s applicant or human resources database;
  • To qualify or screen you to determine if you are qualified for an FRG vacancy;
  • To work with you through the interviewing process;
  • To answer any questions you may have regarding an FRG job vacancy;
  • To draft, negotiate, change or enforce your Employment Agreement and to draft, revise, negotiate or answer any questions you may have about your Employment Agreement, any FRG policy or our handbook;
  • To complete your onboarding process (including any necessary or required background checks);
  • To facilitate and complete your off boarding process;
  • To offer you, enroll you in or answer questions you may have about any benefit of employment;
  • To change any election you have made regarding your employment or any employee benefits;
  • To process any changes to any term or condition of your employment;
  • To answer any questions from your representative, executor, accountant, attorney, spouse or child (after obtaining any required consent from you where legally required and feasible) related to your employment;
  • To cooperate with any government agency in any audit, inquiry or investigation;
  • To complete and file any employment related tax returns and to pay any employment related taxes or other deductions;
  • To reclaim or receive any amounts owed by you to us;
  • If you are a job applicant, to send you electronically or by post communications regarding the job application process; and
  • To exercise or defend any legal claims against you, made by you or involving you.

VI. Who do we share your Personal Data with?

We may share your Personal Data with third parties in connection with your employment or potential employment at FRG. Some of the most common examples of this are:

  • With insurance or benefits brokers, vendors, carriers or providers;
  • With retirement benefit brokers, vendors, trustees or providers;
  • With third parties who you request;
  • With payroll vendors and providers;
  • With government agencies in connection with any visa or similar issue or proceeding;
  • With background check and employment and education verification providers;
  • With drug screening companies;
  • With non-benefit insurance brokers or carriers in connection with any claim under a policy of insurance maintained by FRG;
  • With consultants or software providers who build, maintain or develop computer systems for FRG such as the HR database;
  • With mobile phone providers if we are issuing you a mobile phone;
  • With third parties to provide data storage services;
  • With third parties who provide the mobile device management service described above;
  • To third parties, regulatory or law enforcement agencies if we believe in good faith that we are required by law to disclose it in connection with the detection of crime, the collection of taxes or duties, in order to comply with any applicable law or order of a court of competent jurisdiction, or in connection with legal proceedings;
  • To FRG affiliates, whose locations can be found at https://www.frankgroup.com/contact in order that they may process your Personal Data in accordance with this Privacy Notice; and
  • In the event of a sale, merger, liquidation, receivership or transfer of all or substantially all of the assets, or a controlling interest in the equity, of FRG (or any of its group companies) provided that such counterparty(ies) to any such transaction agrees to adhere to the terms of this Privacy Notice (or a similar document).

The third parties referenced above have agreed to maintain the confidentiality of, and to protect, your Personal Data in accordance with applicable law.

VII. What will FRG do if my Personal Data is breached?

FRG has put in place reasonable technical, administrative and physical safeguards intended to prevent a breach of your Personal Data. That being said, FRG cannot guarantee that your Personal Data will not be breached.

A breach can take many forms, including, without limitation, the loss of your Personal Data or the unauthorized access to, disclosure, modification, copying and transfer of your Personal Data.

Once FRG becomes aware of the breach, FRG will take reasonable steps to isolate the breach, stop the breach, determine the root cause, determine the Personal Data breached, fix the root cause and determine if notice to you and/or the appropriate government agency(ies) is required. FRG will comply with all applicable law in reacting to, and dealing with, a breach of Personal Data.

If you believe, for any reason, that your Personal Data has been breached while in FRG’s care, custody or control, please email FRG immediately at privacy@frankgroup.com.

VIII. Will my Personal Data be transferred to another country?

Yes, FRG may transfer your Personal Data to the categories of third parties described in this Privacy Notice, some of whom are located outside of the country in which you provided your Personal Data to FRG or the country of collection.

If so, FRG will take reasonable steps to ensure that your Personal Data is protected and treated in accordance with this Privacy Notice and local applicable law. The countries where FRG may transfer your Personal Data will have varying levels of data security practices and laws, some of which may be less stringent or protective than your country. FRG will use all reasonable efforts to require that any of its suppliers and vendors who receive your Personal Data are contractually bound to (a) keep your Personal Data confidential and (b) take, at a minimum, all reasonable efforts to maintain the privacy and security of your Personal Data.

Under certain circumstances, FRG may share your Personal Data with one or more of its group companies who may be located in a country other than yours or other than the country in which FRG collected your Personal Data. In such cases, FRG will comply with applicable laws and its Binding Corporate Rules (“BCRs”). If you would like to read the BCRs, click here. The BCRs are incorporated by reference into this Privacy Notice.

IX. How long will FRG store my Personal Data for?

We are required by law to store your Personal Data for the identified purposes as long as is necessary to comply with our statutory and contractual obligations which in most cases will extend beyond the cessation, for any reason, of your employment with FRG or, if you never became an employee of FRG, the termination of your employment application process.

Furthermore, we will store your Personal Data post employment or employment application process so that FRG can issue or respond to any claims arising out of your employment or prospective employment with FRG, or in connection with any investigation by or of a government authority related to your employment or prospective employment with FRG.

X. Sending Personal Data over the internet

Your Personal Data is held on servers hosted by us, our internet services providers or third party vendors with whom FRG has a contract. The transmission of information via the internet is not completely secure. Although we will take the efforts set forth in the Privacy Notice to protect your Personal Data, we cannot guarantee the security of any data transmitted through or to our Websites. Any transmission of data by you to us over the internet is at your own risk.

XI. Changes to our Privacy Notice

Any changes to this Privacy Notice will be posted on our intranet and may be

communicated to you via email so you are always aware of what information we collect, how we use it, and under what circumstances, if any, we disclose it. We encourage you to check the intranet frequently for updates. Your employment, continued employment or engagement in the employment screening process constitutes your acceptance of the revised Privacy Notice.

FRG will interpret and enforce this Privacy Notice in accordance with all applicable law.

This Privacy Notice was last updated on May 16, 2018.

EUROPEAN ECONOMIC AREA/UNITED KINGDOM ADDENDUM

(German employees, or prospective employees, should also read the Germany

Addendum which immediately follows this Addendum)

I. Who is FRG’s Supervisory Authority for Data Protection Purposes?

FRG has designated the UK Information Commissioner’s Office (“ICO”) as the supervisory authority for purposes of Data Protection Act 1998 (“DPA”) and General Data Protection Regulation (“GDPR”).

II. Who is the Data Controller?

The FRG entity who actually employs you is the data controller (as defined in the GDPR) with respect to your Personal Data

III. How do I contact the person at FRG in charge of GDPR and data privacy?

The contact details of FRG’s Chief Privacy Officer (“CPO”) are:

Frank Recruitment Group Services Limited

The St. Nicholas Building

St. Nicholas Street

Newcastle-Upon-Tyne

Tyne & Wear U.K. NE1 1RF

Attn: Chief Privacy Officer

Email: privacy@frankgroup.com

IV. How do we lawfully process your data?

In order to process your Personal Data lawfully FRG must have a legal basis to do so. FRG relies on three main legal basis for processing your Personal Data:

1) where we obtain your affirmative consent to use your Personal Data in this way;

2) where we have a legitimate interest in processing your Personal Data, which we have balanced against your rights and freedoms and concluded that our processing is justifiable and necessary; or

3) where our handling of your Personal Data is necessary for us to perform the obligations under or to enforce your obligations under, any contract between you and us, including your Employment Agreement

We may rely on one or more legal bases to process your Personal Data.

A. Consent

Throughout the employment application process and during and after your employment, if any, with FRG, you may provide FRG with express consent to process your Personal Data in order for FRG to perform any of the activities listed in Section V of the general portion of this Privacy Notice.

B. Legitimate interest

FRG has a legitimate interest in processing your Personal Data in order to perform its role as your employer (or prospective employer), including without limitation, all of the functions and circumstances set forth in Section V of the general portion of this Privacy Notice above. FRG also has a legitimate interest in sharing your Personal Data with certain third parties so as those described in Section VI of the general portion of this Privacy Notice above. FRG also has a legitimate interest in processing your Personal Data to communicate with you after you have applied for, or sought information about, a job with FRG that is posted on one of the Websites, a job board, a social media site or other forum.

C. Necessary for the performance of a contract

FRG also has a legal bases to process your Personal Data in the performance of its contract with you, namely your Employment Agreement and to perform our obligations under our handbook and our policies. This basis also includes FRG’s processing of your personal data to defend itself, bring or respond to any claims arising out of your employment and to monitor your compliance with your obligations under your Employment Agreement, our handbook and our policies.

V. Your Special Rights under Data Protection Laws

 A. Do I have a right to be erased (forgotten)?

Yes. You have the right to request that FRG deletes or removes your Personal Data where there is no compelling reason for us to continue to process it. You can exercise this right, free of charge, by sending an email to FRG at privacy@frankgroup.com.

Please note that your right to erasure is not absolute. FRG will remove your Personal Data when:

(1) the Personal Data is no longer necessary in relation to the purpose for which FRG originally collected and/or processed it;

(2) if FRG is processing your Personal Data on the basis of your consent and you withdraw consent;

(3) you object to the processing of your Personal Data and there is no overriding legitimate interest for us to continue to process it;

(4) the Personal Data was unlawfully processed; and

(5) the Personal Data must be erased to comply with a legal obligation.

FRG can refuse to comply with an erasure request in the following limited circumstances:

(a) to exercise FRG’s right of freedom of expression and information;

(b) to comply with a legal obligation or for the performance of a public interest task;

(c) for archiving purposes in the public interest, scientific research, historical research or statistical purposes; or

(d) for the establishment, exercise or defence of legal claims.

If we remove your Personal Data per your request for erasure, then we will confirm this with you.

If we have disclosed any of your Personal Data to a third party and you submit an erasure request to us, then we will inform (1) you about the recipients and (2) any such third parties of your erasure request unless doing so is impossible or involves disproportionate efforts.

We will respond to your erasure request without undue delay. Please note that, for your and FRG’s protection, we cannot respond to an erasure request until we have verified the identity of the person making the request. This verification process may extend the response timeframes set forth in this paragraph.

B. Do I have a right of access to a copy of my Personal Data?

Yes. You have the right to:

  • obtain confirmation that your Personal Data is being processed;
  • a copy of your Personal Data being processed;
  • the purposes of the processing;
  • the categories of personal data being processed;
  • the recipients or categories of recipients to whom FRG has disclosed your
  • Personal Data; and
  • the criteria FRG uses to determine how long it will store your Personal Data.

You can exercise this right by sending an email to FRG at privacy@frankgroup.com.

This right is in place to ensure that you are aware of and can verify the lawfulness of the processing. In most cases, we will provide you with a copy of your Personal Data free of charge. However, we may charge you a reasonable fee if your request is manifestly unfounded, excessive or repetitive. With respect to unfounded, excessive or repetitive requests, in rare cases, FRG may refuse to respond to your request but will explain the reason(s) for its refusal to you without undue delay and within one month of its receipt of your request. If FRG so refuses, you have the right to file a complaint with the ICO and to seek a judicial remedy.

If you submit your access request to FRG electronically, FRG will provide you with its response, and a copy of your Personal Data (if applicable) via email or other commonly used electronic form.

If FRG did not collect your Personal Data from you, FRG will inform you about the source from which it obtained your Personal Data. Your right of access does not adversely affect your right of erasure (forgotten) and right of rectification, both of which are described in this Privacy Notice.

Generally, FRG will provide you with a copy of your Personal Data without undue delay and within one month of its receipt of your request, provided that FRG may extend this time period for up to two additional months if your request is complex or numerous. If FRG exercises this extension of time, FRG will inform you of its decision to exercise the extension within one month of its receipt of your request, and will explain the reason(s) for the extension. If your request is large or complex, FRG may ask you to specify the particular information or category of information you seek.

Please note that, for your and FRG’s protection, FRG cannot respond to an access request until it verifies the identity of the person making the request for your Personal Data. This verification process may extend the response timeframes set forth in the paragraph above.

C. Do I have a right to object to the processing of my Personal Data, including the processing of my Personal Data by FRG for direct marketing?

Yes, you have a right to object to the processing of your Personal Data where:

  • FRG’s processing is based on its legitimate interest; or
  • where FRG is using your Personal Data to directly market to you.

You can exercise this right, free of charge, by sending an email to FRG at privacy@frankgroup.com.

If FRG receives an objection request from you for reasons unrelated to direct marketing, FRG will stop processing your Personal Data unless we can show compelling legitimate ground(s) for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of any legal claims.

If FRG receives an objection request from you for reasons related to direct marketing, we will stop processing your Personal Data.

If you receive a direct marketing communication from FRG and you do not wish to receive future direct marketing communications from FRG, you may request to unsubscribe from future marketing communications by sending FRG an email at gpdr@frankgroup.com. In addition, if the direct marketing communication you received was via email, you can click the “Unsubscribe” link at the bottom of the email, fill out the required form and FRG will process your unsubscribe request.

D. Do I have a right to restrict processing of my Personal Data?

Yes, you have a right to restrict the processing of your Personal Data. You can exercise this right, free of charge, by sending an email to FRG at privacy@frankgroup.com. When you exercise this right, FRG may continue to store your Personal Data but cannot further process it. FRG will cease processing your Personal Data in the following circumstances:

(1) when you file a rectification request with FRG (see the “Do I have a right to have any inaccurate or incomplete Personal Data rectified?” section below) in accordance with this Privacy Notice and applicable law. The restriction shall remain in place until such time as FRG has verified the accuracy of the Personal Data that is the subject of your rectification request;

(2) where FRG is processing your Personal Data based on its legitimate interest and you file a notice with FRG objecting to the processing of your Personal Data (see the “Do I have a right to object to the processing of my Personal Data?” section above) in accordance with this Privacy Notice and applicable law, FRG will cease processing your Personal Data until such time as FRG has made a determination as to whether its legitimate grounds for continued processing override your reasons for objecting to the processing;

(3) when the processing is unlawful and you do not seek or want erasure and you file a restriction request with FRG in accordance with this Privacy Notice and applicable law instead; and

(4) if FRG no longer needs the Personal Data and you require the data to establish, exercise or defend a legal claim.

While the processing of your Personal Data is restricted, FRG may continue to process such data by storing it, processing it with your consent or processing it for the establishment, exercise or defence of legal claims.

FRG will inform you if it decides to lift a restriction on processing.

If FRG has disclosed any of your Personal Data to a third party and you submit a request to restrict processing, FRG will inform (1) you about the recipients if you so request and (2) any such third parties of your restriction request unless doing so is impossible or involves disproportionate efforts.

FRG will act on your restriction request in accordance with this Privacy Notice without undue delay. Please note that, for your and FRG’s protection, FRG cannot act on a restriction request until it verifies the identity of the person making the request. This verification process may extend the timeframe in which FRG acts on your restriction request.

E. Do I have a right to Personal Data portability?

Yes. You can exercise this right, free of charge, by sending an email to FRG at privacy@frankgroup.com. This right exists to allow you to obtain and use your Personal Data for your own purposes across different services. Under this right, you can move, copy or transfer your Personal Data from FRG to another data controller.

This right applies where FRG is processing your Personal Data with your consent or for the performance of a contract. It also applies if we process your Personal Data by automated means. If your portability request concerns someone other than you, FRG will have to consider whether providing or porting the Personal Data would prejudice the other person’s or people’s rights.

Generally, FRG will respond to your portability request without undue delay and within one month of its receipt of your request, provided that FRG may extend this time period for up to two additional months if your request is complex or numerous. If FRG exercises this extension of time, FRG will inform you of its decision to exercise the extension within one month of its receipt of your request, and will explain the reason(s) for the extension. Where technically feasible, you may request that FRG transmit your Personal Data to another data controller.

F. Do I have a right to object to decision been taken by automated means?

If FRG uses automated (i.e. non-human) methods to process your Personal Data to a make decisions that could potentially have a damaging legal or similarly significant effect on you (each, an “Automated Decision”), you have the right not to be subject to the Automated Decision. This right is inapplicable to any Automated Decision made by FRG that is necessary for entering into or the performance of a contract between you and FRG, is authorized by law or is based on your explicit consent.

If FRG makes any Automated Decisions to which this right applies, FRG will ensure that you are able to obtain human intervention, express your point of view and obtain an explanation of the decision and challenge it.

If FRG engages in “profiling” by automated means, FRG will ensure that appropriate safeguards are in place including (1) ensuring that the processing is fair and transparent by providing you with meaningful information about the logic involved and the significance and consequences of the outcome of the decision, (2) using appropriate mathematical or statistical procedures for the profiling, (3) implementing appropriate technical and organizational measures to enable inaccuracies to be corrected and minimize the risk of errors and (4) securing the Personal Data in a way that is proportionate to the risk to your interests and rights and prevents discriminatory effects.

G. Do I have a right to have any inaccurate or incomplete Personal Data rectified?

Yes. You can exercise this right, free of charge, by sending an email to FRG at privacy@frankgroup.com.

Generally, FRG will respond to your rectification request within one month of its receipt of your request, provided that FRG may extend this time period for up to two additional months if your request is complex. In rare cases, FRG may refuse to respond to your request but will explain the reason(s) for its refusal to you within one month of its receipt of your request. If FRG so refuses, you have the right to file a complaint with the ICO and to seek a judicial remedy.

If FRG has disclosed any of your Personal Data to a third party and you submit a rectification request to FRG that FRG is going to honor, FRG will inform (1) you about the recipients and (2) any such third parties of your rectification request as well as any corrected Personal Data, unless doing so is impossible or involves disproportionate efforts.

We will use reasonable endeavours to ensure that your Personal Data is maintained and up to date.

VI. What are my rights if the Security of my Personal Data is breached?

A breach of Personal Data (a “Breach”) means a breach of security leading to the destruction, loss, alteration, unauthorized disclosure of, or access to, your Personal Data for which we are responsible under applicable law.

If the Breach is likely to have a significant detrimental effect on your rights and freedoms (such as resulting in discrimination, damage to reputation or financial loss), FRG will notify the ICO without undue delay, and if feasible, within 72 hours of FRG’s becoming aware of the Breach. FRG will assess the determination of “significant detrimental effect” on a case by case basis.

If the Breach is likely to result in a “high risk” to your rights and freedoms, FRG will notify you without undue delay. To be clear, the threshold requiring FRG to notify you of a Breach is higher than the threshold requiring FRG to notify the ICO of a Breach so it is possible that FRG will notify the ICO of a Breach but not you. FRG will assess the determination of “high risk” on a case by case basis.

Any Breach notice issued by FRG will contain, where possible, (1) the categories and approximate number of individuals and Personal Data records effected by the Breach, (2) the name and contact details of the ISM (or other FRG contact representative if FRG does not have a ISM at the time that FRG issues the Breach notice), (3) a description of the likely consequences of the Breach, (4) a description of the measures that FRG has taken, and may take, to stop the Breach and, where appropriate, to mitigate the adverse effects of the Breach and (5) recommendations on actions you can take to protect yourself in light of the Breach.

VII. Will my Personal Data be transferred outside the EEA/UK?

FRG may transfer your Personal Data to third parties described in this Privacy Notice who are located outside of the EEA/UK. If so, FRG will take reasonable steps to ensure that your Personal Data is protected and treated in accordance with this Privacy Notice and local applicable law. Some of the countries outside the EEA/UK where your Personal Data may be transferred will be on the EU Commission’s list of countries that it has deemed to have adequate security controls in place. If FRG transfers your Personal Data to a country not on this list, we will require the recipient to agree to the EU Commission’s model clauses for data protection or other adequate safeguards.

Under certain circumstances, FRG may share your personal data with one or more of its group companies who may be located in another country, including outside of the EEA/UK. In such cases, FRG will comply with its BCRs as explained in Section VIII of the Privacy Notice above.

VIII. How long will FRG store my Personal Data for?

We are required by law to store your Personal Data for as long as is necessary to comply with our statutory and contractual obligations which in most cases will extend beyond the cessation, for any reason, of your employment with FRG or, if you never became an employee of FRG, the termination of your employment application process.

With respect to the data privacy legislation applicable to the countries in the EEA/UK (i.e. the General Data Privacy Regulation “GDPR”) (and similar laws), we will store and process your Personal Data that we obtain via (i) your consent until the earlier of (a) the purpose for which we obtained such information has been fully accomplished or (b) you inform us that you have withdrawn your consent, (ii) our legitimate interest until the earlier of (a) the purpose for which we obtained such information has been fully accomplished or (b) FRG concludes that your rights and freedoms outweigh our right to process your Personal Data and (iii) our necessity for the performance of a contract, such as the Employment Agreement, until the termination or expiration of the contract including the termination or expiration of FRG’s and your respective duties or obligations under any such contract that survive any such termination or expiration.

Furthermore, we will store your Personal Data post employment or employment application process so that FRG can issue or respond to any claims arising out of your employment or prospective employment with FRG, or in connection with any investigation by or of a government authority related to your employment or prospective employment with FRG.

GERMANY ADDENDUM

FRG shall not monitor your use of FRG’s computer systems, email or telephone without your prior written consent. FRG shall not install any mobile device management products on FRG equipment that you use or any equipment owned or leased by you.

SINGAPORE ADDENDUM

FRG’s Data Protection Officer is Robert Knight. You can email the Data Protection Officer at privacy@frankgroup.com.

UNITED STATES OF AMERICA ADDENDUM

If you would like a copy of FRG’s US comprehensive information security program, please email FRG’s DPO at privacy@frankgroup.com.

If FRG receives a “Do Not Track” signal or request from a web browser, FRG will not honor such request or signal. FRG has taken this position in part to provide you with a personalized and efficient experience on the Websites.

As discussed in this Privacy Notice, there are third parties who conduct tracking on the Websites.

Information about web beacons used by FRG and third parties with whom it contracts can be found in Section IV of the general section of this Privacy Notice above.

AUSTRALIA ADDENDUM

In this notice, Personal Data has the same meaning as “Personal Information” under the Privacy Act 1988 (Cth). When we handle your Personal Data, we will do so in accordance with Australian privacy requirements, including any exemptions for employee records that apply under Australian privacy laws.

You are also notified that:

a) your Personal Data will be held and processed overseas including in the United States, United Kingdom, Germany, Spain, Berlin or Singapore where our offices are located and other countries in which we may open offices. We may also disclose your personal information to others, like our consultants, agents, contractors and service providers, and those that act as data processors, auditors or external advisers, and may be held and processed in countries including those listed in the beginning of this subsection “a”;

b) we may collect Personal Data about you, where lawful to do so, from your use of FRG’s computer systems and resources which are provided and maintained by FRG for its business purposes, and made available to you for the performance of your Please ensure that you read FRG’s policies and/or Handbook carefully outlining the conditions for acceptable use of FRG’s computer systems and resources. We will comply with any obligations that apply to collection of your Personal Data under workplace surveillance legislation in Australia;

c) If we use your Personal Data to contact you and you would prefer us not to, or if you indicate a preference for a method of communication, please let us know and we will do our best to respect your preference. When your choice is to continue to deal with us, we take it that you agree to and consent to us using your personal information in these ways, providing we follow the system and approach we explain in this Privacy Notice and comply with applicable law. Where we do not have your Personal Data, we are not able to contact you, process your requests or employment application, carry out FRG’s human resource management functions (including the provision of employee benefits), or provide our services to you; and

d) the governing law for the purposes of the Privacy Notice, and any matters relating to them, including all disputes, will be the laws of New South Wales, Australia. You unconditionally submit to the non-exclusive jurisdiction of the courts having jurisdiction there.

You may wish to contact us to request access to your Personal Data, to seek to correct it or to make a complaint about privacy. Our contact details are set out below

Frank Recruitment Group Pty Ltd

Suite 5, Level 3

350 Collins Street

Melbourne VICTORIA 3000

Australia

Email: privacy@frankgroup.com

Our Chief Privacy Officer will respond to your request for access to Personal Data we hold about you as soon as we reasonably can, including if we are unable to provide you with access (such as when we no longer hold the information).

We do not impose any charge for a request for access, but we may charge you a reasonable fee for our costs associated with providing you with access and retrieval costs.

For complaints about privacy, we will establish in consultation with you a reasonable process, including timeframes, for seeking to resolve your complaint.