VGS HR Data Privacy Framework Notice

Very Good Security, Inc. (“VGS”, “we”, “us”, “our”) complies with the EU-U.S. Data Privacy Framework and the Swiss-U.S. Data Privacy Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union or Switzerland to the United States. VGS has certified to the Department of Commerce that we adhere to the Data Privacy Framework Principles. If there is any conflict between the terms in this Privacy Notice and the Data Privacy Framework Principles, the Data Privacy Framework Principles shall govern. To learn more about the Data Privacy Framework program, and to view our certification, please visit https://www.dataprivacyframework.gov/.

Who:

Applicants, employees, and ex-employees of VGS.

Collection:

VGS collects Personal Data from you when you apply to work at VGS. for example by:

• Voluntary submission to VGS;
• Voluntary submission to third-party job posting sites or through recruiters; and
• Additional Personal Data when you start employment with Evaluate.

HR Personal Data:

For the purposes of this Human Resources Privacy Notice, includes your name, email, phone number, social security number (if applicable), work permit number (if applicable), Right to Work (if applicable), USCIS visa number (if applicable), address and bank account information.

Use

VGS collects HR Personal Data from you for the following purposes:

• Job Applicants: We collect HR data from job applicants to track incoming job applications and coordinate interviews.
• Current Employees and Ex-Employees: We collect HR Data from employees for legitimate business purposes related to employment including, but not limited to, security related background checks, verification of employment, payroll, expense reimbursement and travel.

How does VGS store your data?

VGS stores your data with third party services who process HR data on behalf of VGS, including but not limited to:

• Billing services
• SaaS providers (e.g. our HR and recruiting CRMs)
• Cloud service providers

VGS' contracts with third party service providers prohibit the providers from using your data on their own behalf.

Compliance with VGS EU Privacy Notice:

VGS otherwise represents and warrants that it handles your data in accordance with its EU-US Data Privacy Framework Notice available at: https://www.verygoodsecurity.com/dpf-privacy-notice

ENFORCEMENT

VGS periodically assesses its Privacy Notice and Data Privacy Framework Notice to ensure that they are accurate, comprehensive, and prominently displayed. VGS is committed to ensuring that complaints are resolved in a timely manner, and we will investigate and attempt to resolve any complaints and disputes regarding the collection, use, and disclosure of Personal Information in accordance with the Privacy Principles.

In compliance with the Data Privacy Framework Principles, VGS commits to resolve complaints about your privacy and our collection or use of your personal information transferred to the United States pursuant to Data Privacy Framework. European Union and Swiss individuals with Data Privacy Framework inquiries or complaints should first contact VGS at:

Very Good Security, Inc.
General Counsel
207 Powell Street, Ste 200
San Francisco, CA 94102

Or by email: privacy@verygoodsecurity.com

If you have unresolved privacy or data use concerns, VGS commits to cooperate with the panel established by the EU data protection authorities (DPAs) and/or the Swiss Federal Data Protection and Information Commissioner and comply with the advice given by the panel and/or Commissioner with regard to data transferred from he EU and/or Switzerland.