JOB APPLICANT PRIVACY NOTICE

We at AiDigital know that data privacy is very important to you. This privacy policy (this “Privacy Notice”) describes what kinds of personal information we may obtain and process in connection with your employment application at AiDigital and our recruitment process. This Privacy Notice does not cover the collection and processing of your personal information by AiDigital in the context of products or services provided by AiDigital.

What “AiDigital” means. In this notice, “AiDigital,” “we,” “us,” and “our” mean AiDigital Holdco LLC and any companies it directly or indirectly controls (the “AiDigital Group”). We use “AiDigital” as a shorthand for the group; this does not make all group companies controllers. For each application, the controller is the specific AiDigital group company that runs the recruitment for that role, as shown in the job posting and listed in Appendix A (Controller Matrix).

Who is the “controller”?

• The controller is the AiDigital group company that posts the role or runs the recruitment for it. You’ll see that entity in the job posting or we’ll tell you during the process. Where two group companies decide together, they are joint controllers and we will provide a summary of our arrangement on request.
• We keep a simple Controller Matrix with the recruiting entities and contacts (Appendix A).

The General Data Protection Regulation (“GDPR”) grants natural persons of the European Union certain rights regarding their personal data. The California Privacy Rights Act (“CPRA”) grants California residents certain rights regarding their personal information. If you are an applicant who resides in the European Union or California, you can read more about your rights below. 

By submitting your application to us, you acknowledge and agree that: (i) you have read and understood this Privacy Notice and acknowledge the collection, processing, use and disclosure of your personal information as set out in this Privacy Notice; (ii) you are not required to provide any requested information to us, but failure to do so may result in not being able to continue your candidacy for a job with us; and (iii) the information you give us is true and correct to the best of your knowledge and belief, and you have not knowingly omitted any related unfavorable information. Providing any inaccurate or misleading information may make you ineligible for employment.

This Privacy Notice applies to the personal information you provide to AiDigital as an applicant for employment but should not be construed as an offer of employment and does not form part of any contract of employment offered to candidates hired by AiDigital. If you are offered employment at AiDigital, you will be provided with a separate privacy notice addressed to employees.

The Information We Collect and/or Receive

We collect the following personal information about you in connection with your employment application and as part of our recruitment process, as permitted under applicable law:

• Identification & contact details (name, email, phone, address, country)
• Application content (CV/résumé, cover letters, portfolio, references);
• Career & education (employment and education history, qualifications)
• Right‑to‑work (immigration/work‑permit details where lawful and appropriate)
• Scheduling & communications (calendar availability, interview notes)
• Video, photo or audio recordings (e.g., from virtual interviews or on‑site CCTV where applicable)
• Demographic information and/or protected classifications (where permitted/required by law)
• Diversity or accommodation information (e.g., disability/health details to arrange reasonable accommodations; these are distinct from aggregate demographics)
• Assessment data (skills tests, case studies) and background‑check results where lawful and appropriate for the role
• Device/usage data from our careers site (cookies—see our Cookie Policy)
• Any other information you choose to share during the process.

We receive personal information directly from you and to the extent permitted by applicable law, we may receive certain personal information about you from third parties, including but not limited to, your former employers, publicly available sources, professional social networking sites, professional recruiting agencies, and educational institutions. Where we obtain data from third parties, we provide this notice within one month of obtaining the data, or at first contact or first disclosure—whichever occurs first—and we indicate whether any source is publicly available

For more information regarding your choices regarding cookies, please see our cookie policy available at: https://www.aidigital.com/cookie-policy.

How We May Use Your Information

We may use your personal information as set forth below:

• To consider your application, and to contact you to schedule and conduct interviews;
• To determine your eligibility and suitability for current and future job roles with AiDigital;
• To contact references or other individuals who may provide information to us about your employment history;
• To conduct background checks and related assessments;
• To potentially prepare employment terms or an employment contract;
• To engage in diversity and equal opportunity initiatives (where permitted and/or required under applicable law);
• To improve and develop our recruitment processes;
• To comply with corporate governance and legal requirements, including but not limited to, monitor diversity, health and safety and anti-discrimination requirements;
• To ensure the safety and security of our systems;
• To respond to inquiries, complaints and disputes;
• To analyze trends in our recruitment process using your information in de-identified and aggregated manner such that it does not identify you; and
• Otherwise, with your consent.

Legal Bases for Processing

1.  Performance of (Pre-)Contractual Steps 

We process information necessary to evaluate your application and, if successful, prepare and issue an offer/contract. Examples: screening CVs, scheduling interviews, skills testing where required for the role, communicating decisions, preparing offer documentation.

2.  Compliance with Legal Obligations 

We process data where needed to comply with law.
Examples: verifying right-to-work / immigration checks, tax and social-security identification where legally required, diversity or disability accommodations where mandated by law, responding to competent authorities.

3. Legitimate Interests 

We process data where necessary for our legitimate interests, and we balance these interests against your rights. You may object at any time to processing based on legitimate interests (see Your Rights).  Examples:

• selecting suitable candidates and managing an efficient, fair recruitment process;
• preventing fraud and maintaining the security of our systems and premises (e.g., IT logs, access records for on-site interviews);
• retaining limited records to establish, exercise or defend legal claims arising from a recruitment process;
• keeping your CV in a talent pool for similar roles (unless you opt out);
• internal reporting and improving our hiring practices (using aggregated or de-identified data where possible).

4. Consent (for Optional Activities) 

We rely on your consent only where the activity is optional and consent is freely given. You may withdraw consent at any time; withdrawal does not affect prior lawful processing.
Examples: retaining your profile in a talent pool beyond our standard period.

5. Special-Category Data (Sensitive Data) 

We only process special-category data (e.g., health/disability information, ethnicity data for equal-opportunity purposes) when necessary and permitted by law, and we apply enhanced safeguards.

Typical grounds:

• Article 9(2)(b) of GDPR (employment and social-protection law) — e.g., reasonable accommodations during recruitment;
• Article 9(2)(h) of GDPR (occupational health) — e.g., fitness-for-work assessments for safety-critical roles;
• Article 9(2)(a) of GDPR (explicit consent) — used sparingly for voluntary diversity information where not required by law. Where feasible, we prefer aggregated or de-identified reporting.

6. Criminal-Convictions / Background Checks — Article 10 of GDPR

We only process data relating to criminal convictions or offences where authorized by EU or Member-State law and necessary for the role, and we apply appropriate safeguards. Where such checks are not legally authorized, they are not performed.     

7. Vital Interests — Article 6(1)(d) of GDPR (Rare)

In exceptional circumstances (e.g., a medical emergency during an on-site assessment), we may process limited data to protect your vital interests or those of another person.

If you choose not to provide information that we identify as mandatory for assessment or to meet legal requirements (for example, identity/right-to-work evidence at the legally appropriate stage), we may be unable to progress your application.

How We Share Your Information

We may share your personal information the following parties of a strictly need-to-know basis and in accordance with applicable law:

• With our parent company, subsidiaries, affiliates and/or other companies under common control with us, to the extent such company is involved in the recruitment and/or hiring process;
• Members of our departments to the extent they are involved in the recruitment, hiring or legal process;
• To third-party contractors and service providers that provide services to us in connection with our recruitment and/or hiring process such as background check providers, and recruitment agency;
• To fulfill our legal and regulatory requirements;
• To comply with applicable law, such as to comply with a subpoena, or similar legal process, and when we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to a government request;
• To assess or complete a corporate sale, merger, reorganization, sale of assets, dissolution, investment, or similar corporate event where we expect that your personal information will be part of the transferred assets.

We will take reasonable measures (e.g., by contract) to require that any party receiving any of your personal information from us, undertakes to: (i) retain and use such information only for the purposes set out in this Privacy Notice; (ii) not disclose your personal information except with your consent, as permitted by applicable law, or as permitted by this Privacy Notice; and (iii) generally protect the privacy of your personal information.

Your Choices

Update Information: If the personal information we have for you changes, you may correct, update, or delete it by contacting us as set forth in Section IX of this Privacy Notice. We will use commercially reasonable efforts to process all such requests in a timely manner. You should be aware, however, that it is not always possible to completely remove or modify information in our databases.  

Recruiting Communications: You can withdraw from a process or ask us not to retain your CV for future roles. You may manage your receipt of communications regarding available positions or other marketing by clicking on the “unsubscribe” link located on the bottom of any of our marketing emails. Please note that you cannot opt out of receiving e-mails relating to your application and the recruitment process. 

Automated decision making: We do not make hiring decisions solely by automated means. If we use tools that rank or score applications, they are reviewed by humans; we explain the logic at a high level on request.

International Transfers

Because our careers site/ATS is operated in the United States, applicant data may be collected and initially stored in the US. For EU roles, that data is then accessed from and/or transferred to the EU for review and decision-making by the EU controller. Accordingly, data may flow both ways between the EU and the US.

When we transfer personal data internationally, we use appropriate safeguards, such as:

• For transfers from the EU to approved U.S. recipients: participation in the Data Privacy Framework (where certified) or EU Standard Contractual Clauses with transfer assessments and supplementary measures.
• Contractual protections for other international transfers.

Rights Granted to California Residents

The CPRA provides California consumers and households with specific rights regarding their personal information.

1. Right to Know About Your Personal Information 

You have the right to request that we disclose the following kinds of information to you about our collection, disclosure, sale, sharing, and use of your personal information

2. Right to Request Deletion

You have the right to request deletion of your personal information. We will honor such request but might not be able to fulfill your request if we (or our service providers) are required to retain your personal information. Examples of such exceptions are:

• Completing a transaction or performing a contract we have with you; 
• Detecting and addressing data security incidents, and repairing or upkeep of our IT systems;
• Protecting against fraud or other illegal activity; 
• Complying with applicable law or a legal obligation, or to exercise rights under the law (e.g., the right to free speech); or
• Using your personal information internally to improve our Website, Products, Digital Content and Services.

3. Right to Request Correction

You have the right to request that we correct inaccurate personal information that we maintain about you. We will honor such request but might not be able to fulfill your request if it is impossible to do so or would involve disproportionate effort, or if we have a good-faith, reasonable, and documented belief that a request to correct is fraudulent or abusive.

4. Right to Opt-Out of the Sale and/or Sharing of Personal Information. 

You have the right to opt-out of the sale and/or sharing of your personal information. Please exercise your rights as set forth in Section V below.

5. Right to Limit the Use and Disclosure of Sensitive Personal Information

You have the right to limit certain ways in which a business uses and discloses sensitive personal information. Please note, however, that we only collect the information mentioned in this Policy, and do not use or disclose it for any purposes that are covered by this right (nor have we done so in the past). 

6. Right to Designate an Authorized Agent

You have the right to submit a request through the use of an authorized agent. If you choose to do so, we may require that you (i) provide the authorized agent written permission to act on your behalf, and (ii) verify their identity directly with us. We may deny a request from an authorized agent that does not submit proof of authorization.

7. Right to Non-Discrimination

We will not discriminate against you for exercising any of your CPRA rights. We will not (i) deny you products or services, (ii) charge you different prices or rates for products or services, including through granting discounts or other benefits, or imposing penalties, (iii) provide you a different level or quality of products or services, and (iv) suggest that you may receive a different price or rate for products or services or a different level or quality of products or services.  

‍Exercising Your Privacy Rights

To exercise these rights, please submit a verifiable consumer request to us entitled “California Privacy Request,” by using the following methods:

• Email us at: dataprivacy@aidigital.com; or
• Visit the following Internet Web page link [insert link].

‍What we need to know to fulfill your request

The verifiable consumer request must: (i) provide sufficient information that allows us to reasonably verify you are the person about whom we collected Personal Information or an authorized representative; and (ii) describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it. We cannot respond to your request or provide you with Personal Information if we cannot verify your identity or authority to make the request and confirm the Personal Information related to you. Making a verifiable consumer request does not require you to create an account with us. 

‍How you will hear back from us

We will confirm receipt of a verifiable consumer request within then (10) business days of its receipt. We will endeavor to respond to a verifiable consumer request within forty-five (45) calendar days of its receipt. If we require more time, we will notify you of the extension and provide an explanation of the reason for the extension in writing, and we will provide you with a response no later than ninety (90) calendar days of receipt of the request. If you have an account with us, we will deliver our written response to that account. If you do not have an account with us, we will deliver our written response by mail or electronically, at your option. The response we provide will also explain the reasons we cannot comply with a request, if applicable. For data portability requests, we will select a format to provide your Personal Information that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance. 

We may charge a reasonable fee to process or respond to your verifiable consumer requests if they are excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will inform you of the reasons for this decision and provide you with a cost estimate before completing your request.

Rights Granted to Individuals in the European Union 

Your GDPR rights. You have certain rights with respect to your personal data, including those set forth below. You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you. Please note that in some circumstances, we may not be able to fully comply with your request, such as if it is frivolous or extremely impractical, if it jeopardizes the rights of others, or if it is not required by law, but in those circumstances, we will still respond to notify you of such a decision. In some cases, we may need additional time to comply, or ask you to provide us with additional information, which may include personal data, if necessary to verify your identity and the nature of your request.

• Right of access: You can request more information about the personal data we hold about you and request a copy of such personal data. 
• Right to rectification: If you believe that any personal data, we are holding about you is incorrect or incomplete, you can request that we correct or supplement such data. 
• Right to erasure: You can request that we erase some or all of your personal data from our systems. 
• Right to restriction of processing: You have the right to ask us to restrict the processing of your personal data. 
• Right to object to processing: You have the the right to object to the processing of your personal data in certain circumstances.
• Right to data portability: You can ask for a copy of your personal data in a machine-readable format. You can also request that we transmit the data to another controller where technically feasible.
• Right to withdraw consent: If we are processing your personal data based on your consent (as indicated at the time of collection of such data), you have the right to withdraw your consent at any time. Please note, however, that if you exercise this right, you may have to then provide express consent on a case-by-case basis for the use or disclosure of certain of your personal data, if such use or disclosure is necessary to enable your employment.
  

Exercising Your Privacy Rights

To exercise these rights, please submit a verifiable data subject right request to us entitled “GDPR Applicant Privacy Request,” by using the following methods:

• Email us at: dataprivacy@aidigital.com; or
• Visit the following Internet Web page link www.aidigital.com

Email dataprivacy@aidigital.com with the subject “GDPR Applicant Privacy Request”. We may request information necessary to verify your identity and to locate the data. We respond within one month of receipt; where requests are complex or numerous, we may extend by up to two additional months and will inform you. We do not charge a fee unless a request is manifestly unfounded or excessive (in which case we may charge a reasonable fee or refuse to act)

How to complain. You have the right to lodge a complaint with a supervisory authority in the EU Member State where you live or work, or where an alleged infringement occurred. A list of EU authorities is available at: http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm. 

Where the controller is Dream Wave Limited, you may also contact the Office of the Commissioner for Personal Data Protection (Cyprus): 15 Kypranoros Street, 1061 Nicosia; commissioner@dataprotection.gov.cy; +357 22 818 456; https://www.dataprotection.gov.cy.

What we need to know to fulfill your request

The verifiable consumer request must: (i) provide sufficient information that allows us to reasonably verify you are the person about whom we collected Personal Information or an authorized representative; and (ii) describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it. We cannot respond to your request or provide you with Personal Information if we cannot verify your identity or authority to make the request and confirm the Personal Information related to you. Making a verifiable consumer request does not require you to create an account with us. 

‍How you will hear back from us

We will confirm receipt of a verifiable consumer request within then (10) business days of its receipt. We will endeavor to respond to a verifiable consumer request within forty-five (45) calendar days of its receipt. If we require more time, we will notify you of the extension and provide an explanation of the reason for the extension in writing, and we will provide you with a response no later than ninety (90) calendar days of receipt of the request. If you have an account with us, we will deliver our written response to that account. If you do not have an account with us, we will deliver our written response by mail or electronically, at your option. The response we provide will also explain the reasons we cannot comply with a request, if applicable. For data portability requests, we will select a format to provide your Personal Information that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance. 

We may charge a reasonable fee to process or respond to your verifiable consumer requests if they are excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will inform you of the reasons for this decision and provide you with a cost estimate before completing your request. 

How We Protect Your Information

We take commercially reasonable security measures to protect your information from loss, misuse, and unauthorized access, disclosure, alteration, and destruction, taking into account the risks involved in processing and the nature of such data, and in compliance with applicable laws and regulations. We also limit access to your personal information to those of our employees, agents, contractors, and service providers that have a legitimate need for such access. You should keep in mind, however, that no Internet transmission is 100% secure or error-free.  

Data Retention

We will retain your personal information only for as long as we need it to fulfill the purpose for which it was collected, to protect our legitimate interests, and to comply with any retention or statutory limitations in accordance with our data retention policies and practices or as otherwise required by applicable law.

If you are not hired, we retain your application data for 6 months after the recruitment process ends (to consider you for similar roles and to defend legal claims), after which we delete or anonymise it. If you agree to join our talent pool, we keep your profile for up to 24 months, unless you opt out earlier by emailing dataprivacy@aidigital.com.

Important Notice to All Non-U.S. Residents

Our servers are located in the United States. If you are located outside of the United States, please be aware that your information, including your personal information, may be transferred to, processed, maintained, and used on computers, servers, and systems located outside of your state, province, country, or other governmental jurisdiction in compliance with applicable legislation.

Changes to this Privacy Notice

This Privacy Notice is effective as of the date stated at the top of this Privacy Notice.  We may change this Privacy Notice from time to time, and will post any changes on the recruiting website as soon as they go into effect.  By submitting an applicable, after we make any such changes to this Privacy Notice, you are deemed to have accepted such changes.  Please refer back to this Privacy Notice on a regular basis.

Contact Us

If you have any questions about this Privacy Notice or to report a privacy issue, please contact us in one of the following ways:

Global privacy contact: dataprivacy@aidigital.com
Mailing address: AiDigital Holdco LLC, 382 NE 191st St, PMB No. 96639, Miami, FL 33179‑3899, USA
EU contact (for Dream Wave roles): Dream Wave Limited, Themistokli Dervi 17–19, The City House, 1066 Nicosia, Cyprus

If we appoint a DPO or EU representative, we will list those details here or provide them on request.