Non-Employee Privacy Notice

This Notice is available in the following languages:

Chinese | French | German | Portuguese | Spanish

1. What is this Notice?

This is the Non-Employee Privacy Notice (“Notice”) of Foundever™ or any of its parent, sibling, subsidiaries, or affiliate companies, (“Foundever”, “We”, “Company”) in their role as Data Controllers. This Policy applies to all Personal Data received by us in any format, including electronic, paper, or oral. For purposes of your Personal Data, we are a Data Controller, which means we are responsible for deciding how we collect, store, and use your Personal Data.

This Notice explains how we discharge our ongoing obligations with respect to the collection, use, and storage of your Personal Data in the context of your contact with us.

2. Your Personal Data

In this Notice, “your Personal Data” means information about you from which you can be identified (such as name, address, email address, telephone number, or other identifiers that permit the physical or online contacting of a specific individual) or that is associated with an identifiable person (such as demographic information or information about a person’s activities when such information is linked to personally identifying information). Your Personal Data does not include data where the identity has been removed (anonymous data).

We collect, use and disclose Personal Data to operate our business and as required by law. Please take a moment to read this Notice to learn more about our information practices.

2.1 Where does your Personal Data come from?

Personal Data may be collected from a variety of sources. For example, when you have a telephone conversation with one of our representatives, we may collect a recording of those conversations. Your call may be recorded for quality and training purposes, to resolve concerns, and to detect and prevent fraud. If you choose to contact us by email or mail, we may retain your email or mailing address, the content of your communication, and our response.

We may collect your personal data when you visit our offices in our visitors’ database, which may include, but is not limited, to name, company name, phone number, email address, date and time of the visit, photograph, copy of government issued ID, etc. Video footage is also captured via our CCTV system installed on our Company’s premises. We collect your personal data to ensure the physical security of the people and facilities and the security of confidential information you may be exposed to during your visit.

In addition, from time to time we may collect Personal Data in the form of personal, contact, or other demographic information you provide when participating in surveys, contests, promotional offers, and other activities. . The Personal Data we collect from you is provided by you voluntarily, although if you choose not to provide information, your access to and participation in certain services, features may be restricted. By participating in such surveys, contests, promotional offers, or other activities, you are explicitly consenting to the collection and processing of your Personal Data by Foundever.

We may also receive information from third parties with whom we have business relationships. Where we combine third-party information with other Personal Data that we have collected from you, this Policy governs our use of such information.

Subject to our Website Privacy Notice, we may also collect Personal Data when you visit or use the services on our websites, register or apply for one of our products or services, interact with us through social media or online ads, participate in surveys, or engage with us in any way.

Subject to our Recruitment and Hiring Privacy Notice, we may process your Personal Data during and after the recruitment and hiring process.

When you provide Personal Data to us, we expect that you have authority to consent to its collection, use, and disclosure as outlined in this Policy. If you communicate with us, or provide Personal Data to us in any way, you acknowledge your consent for Personal Data collection, use and disclosure as set out in this Policy, applicable laws, and industry standards. If we want to use your Personal Data for a purpose that was not disclosed at the time of initial consent, consent will be sought at the time of this new purpose.

Subject to legal and contractual restrictions, you can, with reasonable notice to Foundever, withdraw your consent for use and disclosure of your Personal Data, other than that which is required for legal or regulatory purposes. You can also request that Foundever refrain from contacting you for advertising, marketing, promotions, rewards programs, research, or contests by updating your privacy preferences or notifying Foundever.

2.2 How do we use/process your Personal Data?

In general, we use the Personal Data we collect for access management to our physical sites; to provide you with information, products, and services you request; to inform you about other information, events, promotions, products, or services we think will be of interest to you; and to administer and assist us with the operation of our business. For example, we may use the Personal Data we collect to:

Respond to your emails, submissions, comments, requests, or complaints;
Provide you with the services, products, or information you requested;
Verify your identity where required;
Contact you about our products, services, activities, events, promotions or offers and for other marketing, informational, product development, and promotional purposes by post, email, or telephone;
Request feedback and to enable us to develop, customize and improve our information and services;
Maintain our records; prevent and detect crime, fraud, or corruption;
Process financial transactions; and
Enhance compliance with our legal responsibilities and the policies, rules, and other agreements governing the Sites in order to protect the online community and the overall integrity of the Sites.

Subject to local laws and regulations, and where there is a need, we may share your Personal Data with third parties, including but not limited to any of our parent, sibling, subsidiaries, or affiliate companies or suppliers if required by law; necessary to enter a contract with you; where there is another legitimate interest in doing so; or where it is necessary to protect your vital interests or those of another person.

Such third parties may be located in other countries. Before we share your Personal Data, we will take the necessary steps to ensure that your Personal Data will be given adequate protection as required by relevant data protection laws and according to Foundever’s global privacy policies and standards.

Any access to your Personal Data is restricted to those individuals that have a need-to-know basis. Foundever will only disclose your Personal Data as required or permitted by applicable law to legal or business consultants, government authorities and courts.

2.4 Where will your Personal Data be processed?

Subject to local requirements and legislation, as a global organization with global IT system, your Personal Data may be transferred to other countries Foundever does business or to any of its parent, sibling, subsidiaries or affiliate companies for employment consideration and other business or legal purposes.

To ensure that there are adequate safeguards, Foundever has put in place data transfer agreements, including the European Commission Standard Contractual Clauses where applicable, between our entities for transfer of Personal Data within the Foundever of companies, and with our vendors when required, providing heightened levels of security and protection to the processing and retention of your Personal Data. International transfer of Personal Data will only take place in accordance with the appropriate data transfer mechanism and safeguards.

2.5 Do we process your Personal Data without any human intervention?

We do not take any decisions about you that would have a legally significant effect on you based solely on automated processing (i.e., without human involvement). Any automated processing that would result in a legally significant effect on you will always be reviewed by a human prior to any action being taken.

2.6 How long do we keep your Personal Data?

We maintain a Data Retention Policy and Data Retention Schedule which set out the retention timelines for the categories of Personal Data that we process.

Foundever will only retain your Personal Data for as long as is reasonably necessary to provide you with the services you have engaged with us to provide, or as is legally required and permitted.

2.7 How do we protect your Personal Data?

We strive to protect your Personal Data while it is under our control. We maintain appropriate organizational, physical and technical security measures to protect your Personal Data against unauthorized or unlawful processing and/or against accidental loss, alteration, disclosure or access, or accidental or unlawful destruction of or damage thereto. We have internal controls and relevant policies and procedures to maintain these measures taking into account the risk associated with the categories of personal data and processing we undertake.

In some cases, your Personal Data is accessible online though the use of password. Your password is always personal and should never be shared with anyone. To help protect the confidentiality of your Personal Data, you must keep your password confidential and secured. Please raise an incident report, via Ethics Point or to your manager, or contact a member of the Privacy or Security team immediately if you believe that your password has been compromised or misused.

If a data breach involving your Personal Data occurs, or we suspect that a data breach has occurred, whether the entity who experience the data breach is Foundever or third parties we use, or our clients, we will expeditiously conduct an investigation, and assessment and take necessary remediation actions.

2.8 What are your rights with regard to the processing of your Personal Data?

Dependent upon where you are located and subject to certain exceptions set out in applicable privacy laws, you may have the following rights:

Access: you can request information about the Personal Data we process on you and you can request a copy of your Personal Data that we hold.
Correction: you can ask us to correct your Personal Data if you don’t think it is accurate, complete, or up to date.
Deletion: you can ask us to delete your Personal Data, if:
- It is no longer necessary for the purposes for which we obtained it.
- You validly object to the processing as described below.
- We must delete the Personal Data to comply with a legal obligation.
Objection: if we process your Personal Data to perform tasks carried out in the public interest or on the basis of legitimate interests, you can object to this processing on the basis of your particular situation. We will only then continue the processing if we have overriding legitimate grounds, or the processing is to establish, exercise, or defend legal claims. You may also object to being subject to a decision based solely on automated processing, which has legal or similarly significant effects on you and if we process your Personal Data for direct marketing purposes.
Restriction: you can ask us to restrict our processing of your Personal Data if:
- you contest the accuracy of the Personal Data (for a period that enables us to check it);
- we no longer need the data, but you require it to establish, exercise, or defend legal claims; or
- you have objected (as above) and are awaiting confirmation as to whether we have overriding legitimate grounds for processing.
Transfer/Portability: if our processing is based on your consent or necessary to carry out our contract with you and is carried out by automated means, you can request a copy of the Personal Data you have provided to us and the transfer of this to someone else. Where technically feasible, you can ask us to transfer it directly.
Right to complain to the Supervisory Authority: We aim to resolve all complaints internally via our Data Protection Officers, who can be contacted as stated below, but you do have the right to complain to the Supervisory Authority at any time.

3. How to reach out?

If you have any questions about this Privacy Notice or how we handle your Personal Data, or if you wish to exercise your rights, including withdrawal of your consent, please contact Foundever’s Data Protection Officer at privacy@foundever.com or write to us at 50/52 Boulevard Haussmann, 75009 Paris, France, Attention: Data Protection Officer. Please note, however, that certain Personal Data may be exempt from such access, correction, deletion requests pursuant to applicable data protection laws and regulations.