Candidate Privacy Notice

We are committed to protecting the privacy of your personal data. This Candidate Privacy Notice (“Notice”) applies to all candidates (“Candidate,” “You,” “Your”) of Cloud Linux Software, Inc. (“Us,” “We,” or “Our”) whose personal data is processed during the recruitment process.

This Notice describes how we collect, use, store, and disclose personal data about individuals applying for open positions, those we contact regarding employment and contractual relationship opportunities, individuals expressing interest in such opportunities, attendees of recruitment events, and those undergoing interviews or assessments. It also outlines the rights Candidates may have concerning the personal data we process about them.

As used in this Notice, “Personal Data” or “Personal Information” refers to any information that relates to, identifies, or can reasonably be used to identify an individual, directly or indirectly.

This Notice does not cover:

• Your interactions with our non-career websites or when you engage with our products and services;
• Our processing of your personal data as an employee.

These processing activities are governed by other privacy notices, which will be provided to you as applicable. We recommend reading this entire Notice to ensure you are fully informed about how we collect, use, store, disclose, or otherwise process your personal information, as well as your privacy rights.

Cloud Linux Software, Inc. is registered at 20791 Three Oaks Pkwy, #980, Estero, FL 33929, USA, may access your personal data for recruitment purposes. If you have any questions about this Privacy Notice or want to know more about how we handle your personal data, please contact our Data Protection Officer (DPO) via email at: [email protected].

In most cases, we collect personal data directly from you. We may also receive information from third parties (e.g., referrers, recruiting agencies, previous employers, and background check providers). Additionally, we use publicly available sources like job boards and social networking platforms to contact potential candidates. You are not legally required to provide us with your personal data. However, failure to provide certain information may prevent us from processing your application (e.g., if we cannot verify your right to work in the relevant country). Accurate and complete information is essential for the recruitment process.

Subject to applicable law, we may collect the following categories of personal information during the application and recruitment process:

• Identity and Contact Data: Full name, date of birth, gender, contact details (e.g., phone number, email address, messenger), photograph, work and personal references, and other similar contact data.
• National identifiers and work eligibility information: This may include your national identification number, social insurance number, government-issued ID, nationality, visa status, residency, work permit status, and immigration information, where permitted by law.
• Employment history and recruitment data: This includes your resume, work history, skills, qualifications, professional background, reference check, interview notes, social media profiles (if applicable), criminal background records, and other information revealed during background checks (subject to applicable law).
• Educational information: Your academic history, degrees, certifications, training, and transcript information.
• Sensitive personal information: Where permitted by law, we may process data related to racial or ethnic origin, health, or biometric data. Where the processing of this personal data is not required by law, we will seek your consent to process your data and, in the consent mechanism, we will explain the purposes for which we will use your data. This will be voluntary, and you may decide whether or not to give consent.
• Video Interviews and Recording: We conduct candidate interviews using video technology, which may be used at various stages of the recruitment process. The company may record live video interviews to assist in evaluating candidates. However, candidates have the right to decline the recording of their interview, and doing so will not negatively impact their opportunity to interview with our company.
• Other information: Any other information you voluntarily submit during your application (e.g., compensation history, professional portfolio).
• Online data: Publicly available information such as LinkedIn profiles or other sources.
• Usage data: Information collected during your interactions with our websites.

We will use your personal data for the following purposes and related lawful bases:

6.1. Sharing with service providers. Your personal information may be disclosed to service providers who assist us with recruitment, background checks, or technological services. These providers are required to protect your data under strict contractual terms.

6.2. Sharing under legal or regulatory obligations We may disclose your data to comply with legal requirements, court orders, or in the event of a merger or acquisition.

We work with providers globally and may transfer your data to countries outside the European Economic Area (EEA) or the UK. To ensure an adequate level of data protection, we implement the following measures:

We implement appropriate security, technical, and organizational measures to protect your personal data against theft, loss, or unauthorized access. We limit access to your data on a genuine business need-to-know basis. If you suspect that your personal data has been compromised, please contact us immediately for investigation. We have established procedures to address potential data security breaches and will inform you and any relevant regulator of a suspected breach, as legally required.

We do not retain your personal data longer than necessary. The duration for which we keep your personal data varies depending on many factors. To determine the appropriate retention period for personal data, we consider the volume, nature, and sensitivity of the personal data, the risk of harm from unauthorized use or disclosure, the processing purposes, and whether these purposes can be achieved by other means, along with legal requirements.

When determining the relevant retention periods for your personal data, we will take into account factors including:

• Legal obligations under applicable law;
• Our legitimate interests (e.g., to protect our business against potential legal claims);
• Guidelines issued by relevant data protection authorities.

For instance, the default data retention period for most processing activities is 3 years. However, please be aware that the specific retention period may vary depending on the country you are applying to work in. You can request information about the retention period applicable to you by contacting us at [email protected].

You have the right to ask for your data to be deleted at any time. When we no longer need to keep your personal data, we delete or anonymize it following applicable security standards, so it can never be linked back to an individual.

Under the applicable data protection laws, you have the following rights regarding your personal data:

• Right to access. You have the right to obtain confirmation that your personal data is processed and to obtain a copy of your personal data.
• Right to rectification. You have the right to ask us to rectify data you think is inaccurate. You also have the right to ask us to complete data you think is incomplete.
• Right to erasure. You have the right to ask us to delete your personal data in certain circumstances.
• Right to restriction of processing. You have the right to ask us to restrict the processing of your personal data in certain circumstances but we need to verify whether we have overriding legitimate grounds to use it.
• Right to object to processing. You have the right to object to processing if we are able to process your data based on our legitimate interests. Please note that in some cases, we may demonstrate that we have legitimate grounds to process your data which override your rights and freedoms.
• Right to data portability. You have the right to ask that we transfer the information you gave us from one organization to another, or give it to you. The right only applies if we are processing information based on your consent or under, or in talks about entering into a contract and the processing is automated.
• Right to withdraw consent. When we rely on consent to process your personal data, you have the right to withdraw your consent at any time.
• Right to complain. If you have concerns about how we handle your personal data, you can contact our Data Protection Officer (DPO) for assistance. Additionally, you have the right to file a complaint with the relevant data protection authority in your country.

You are not required to pay any charge for exercising your data protection rights. We have one month to respond to you. Please contact us at [email protected] if you wish to exercise your data protection rights. We may need to request specific information from you to confirm your identity before complying with your request.

Automated decision-making takes place when an electronic system uses personal data to make a decision without human involvement. We do not use automated decision-making that produces legal effects concerning you or similarly significantly affects you. Nevertheless, under the applicable data protection laws, you have the right to not be subject to a decision based solely on automated processing, without human involvement, that has a legal effect or significantly affects you. This right allows you to request the involvement of one of our employees or representatives in the decision-making process.

We may, from time to time, change or update this Notice. All changes to this Notice will be published on this page. We recommend that you revisit and read this Notice regularly to ensure that you are up-to-date. In case of substantial changes to this Notice, we will take additional steps to ensure you are aware of them.

If you have any questions or comments about this Notice or want to know more about how we use your personal data, please contact our Data Protection Officer (DPO) via email at: [email protected].

According to the California Consumer Privacy Act (“CCPA”), this section applies to certain personal data collected about Candidates who are California residents and supplements the rest of our Notice above.

14.1. How We Collect, Use, and Share Your Personal Information

Sections 3-6 above contain information detailing the categories of Personal Data and to whom it was disclosed. We have not sold or shared personal data of Candidates. We only use Sensitive Personal Information, as defined by California law, consistent with the exceptions to the right to limit Sensitive Personal Information.

14.2. Your California Rights

You have certain rights regarding the Personal Information we collect or maintain about you. Please note these rights are not absolute, and there may be cases when we decline your request as permitted by law.

• The right of access means that you have the right to request that we disclose what Personal Information we have collected, used, and disclosed about you in the past 12 months.
• The right of deletion means that you have the right to request that we delete Personal Information collected or maintained by us, subject to certain exceptions.
• The right to non-discrimination means that you will not receive any discriminatory treatment when you exercise one of your privacy rights.

CLOUD LINUX does not sell Personal Information to third parties (under California Civil Code §§ 1798.100–1798.199, also known as the California Consumer Privacy Act of 2018).

14.3. How to Exercise Your California Rights

You can exercise your rights yourself or you can alternatively designate an authorized agent to exercise these rights on your behalf. Please note that to protect your Personal Information, we will verify your identity by a method appropriate to the type of request you are making. We may also request that your authorized agent have written permission from you to make requests on your behalf, and we may also need to verify your authorized agent’s identity to protect your Personal Information.

Please use the contact details provided in this Notice, if you would like to:

• Access this policy in an alternative format;
• Exercise your rights;
• Learn more about your rights or our privacy practices; or
• Designate an authorized agent to request on your behalf.