European Associate and Job Applicant Privacy Notice 

Effective Date: [3/13/2025]

This European Associate and Job Applicant Privacy Notice (Privacy Notice) describes what personal data eFolder, Inc., d/b/a Axcient, and its affiliates and subsidiaries (collectively Axcient or us) collects in an employment context, how it is obtained, how it is used and the basis and purposes of that use, how long we store your personal data, who we share your employment-related personal data with, how we protect your personal data and your rights regarding that personal data. Please see our Data Privacy Framework policy for more information about how we collect, use, and disclose certain personally identifiable information: https://axcient.com/data-privacy-framework-policy/  

This Privacy Notice is only applicable to individuals (or you) located in Europe, namely our employees, independent contractors, and job applicants (collectively Associates) who reside in the European Union and/or United Kingdom (collectively the EEA). Employment-related personal data collected from Axcient Associates in other jurisdictions may be subject to other privacy policies available in those jurisdictions. 

DATA CONTROLLER AND QUESTIONS 

Axcient processes personal data collected from you in connection with your current, past, or prospective employment with the company as a part of its standard operations. Our official address is 707 17th St STE 3900, Denver, CO 80202. 

Axcient takes steps to ensure its Associates and business partners manage your personal data properly to maintain your trust. We expect Associates and business partners that handle personal data to take reasonable measures to maintain the confidentiality of your information, consistent with this Privacy Notice, our other policies, and applicable law. If you have any questions about the collection, use, or processing of your personal data, you can contact us at privacy@axcient.com. 

  1. PROCESSING OF YOUR PERSONAL DATA 

Axcient processes your personal data in the following manner: 

Data Subjects

You, i.e. a prospective, current, or former Associate or independent contractor of Axcient (as a natural person). 

Sources of Personal data

Directly from you; From other persons, e.g. your friends or co-workers; your manager(s); our business contacts, clients, vendors, or customers; our background check provider(s) (e.g., HireRight or other contracted providers); and other, associated sources. From other service providers, such as HR platforms, who have in turn collected information from or about you as described by their own privacy notices. Automatically when you use our telephone system, or IT infrastructure, or via audiovisual surveillance or access control systems when you are physically present in our facilities. From other third parties we interact with in pursuit of human resources-related goals, for example, recruitment agencies and some employment benefits providers. From our customers or prospective customers. In some cases, our customers or prospective customers may conduct or direct their own background or security check into you (for example if our customer is a government agency who requires a security clearance). We may receive information from the relevant customer or their designee in connection with such a review. 

Categories of Personal  Information Collected and Used 

Your name and contact data (name, middle name (if applicable), last name, physical address, e-mail address, phone number, or other contact information); as well as the name and contact data of your emergency contact(s), beneficiaries, and dependents. Your medical or dietary information, where required to ensure your well-being in an emergency, to cater to you at an Axcient function, or to provide you with health insurance/make accommodations for your health where appropriate. Your Social Security number, taxpayer identification number, and/or other, similar income tax and work authorization-related information where permitted by law (e.g., National Identification Number). Your banking or other financial account details, including bank account and routing number, if you decide to be paid by direct deposit. Your criminal history, educational background, previous employment, references, credit history, whether you are subject to a bankruptcy or other adverse legal action, and other, similar information where required for a background check or security clearance, as necessary to your department and position. Information relevant to immigration status or professional licensure, including documents pertaining to ability to work or perform various job functions, or where our legal and/or compliance departments are assisting with a visa, license, or other, similar document. Your billing history on any Axcient-issued payment card, and/or any other expenses you submit to us for reimbursement. Your photograph, to the extent that you are photographed for an ID card or Axcient directory, at an Axcient social function, for company promotion or website listing, or for another, similar legitimate purpose. Records of your correspondence over corporate email, phone calls, text messages, and other, similar materials, business records, or systems logging. Your geolocation data and device information (including device identifiers, like IP addresses) when logging into our VPN or other systems remotely. Session logs, access logs, and other logging data collected from use of our software applications, our devices provided for your use or (as permitted by law) your personal devices where used under our Bring-Your-Own-Device policy to access company IT or resources, and our technical infrastructure. We may monitor other Associate electronic activity on our devices, or over our networks, as necessary to detect and respond to threats to our network, intellectual or physical property, reputation, or business position.  Information reasonably intended to provide you and your dependents with employment benefits, including name(s), address(es), and government or national identification number(s), and records of your benefits, claims, and payment history. Your movement and actions in our facilities, including as captured by the use of your access badge to access locked areas or our security cameras. This may include audio/video capture. Information about your prior, professional experience, qualifications, and other, related information provided by you in your CV, cover letter and / or other documents. The contents of any work-related complaints you decide to file with Human Resources  or another department.  Your communications with us, including the contents of any investigations involving you conducted by HR or another department. Information about your work, quality of work, and professional behavior from professional reviews and other, similar HR-related documents.  Your professional social media accounts and information provided therein to the extent that this is necessary in order to determine your suitability for a specific position, or if you otherwise choose to share it with us. Other information as may be reasonably requested in the course of your employment with us.  Please note that certain information collected above may be subject to additional notices and/or legal requirements (such as information associated with background checks, government security clearances, biometric data, or others). We are committed to conducting any such collection in accordance with law. 

Purposes for which Personal data is Collected and/or Used 

To protect the security and integrity of our network, data, systems, facilities, intellectual property, and business. To fulfill our tax and compliance obligations as your employer. To ensure and promote a safe, collegial, and productive working environment and to improve the quality of the work performed for us. To make accommodations for disabilities. To investigate and protect against possible insider threats to our business, including but not limited to the possible theft of our intellectual or other property, threats to our infrastructure, or for similar purposes. To conduct investigations and comply with other legal and business requirements regarding a safe and ethical workplace. To evaluate your suitability for employment, or continued employment, with us. To prepare for, or protect and defend against actual or potential legal claims, or for other, related, legal purposes. To administer payroll, provide benefits for you and your beneficiaries, and similar purposes. To assist in securing a security clearance for you or in passing security checks required by our clients, where relevant to your position, and to maintain records relating to background checks and security clearances. To manage our corporate finances. To help respond and inform your family or others in the case of an emergency. For other purposes relevant to operating our business consistent with the disclosures and description in this Privacy Notice. 

Legal grounds for Processing 

Article 6(1)(a) of the GDPR — by your consent, if you are currently applying for a position with us. Article 6(1)(b) of the GDPR — to take steps required prior to entering into a contract; namely your contemplated or continued employment with us. Please note that failure to provide requested personal data may in some cases preclude our ability to offer you employment, or to continue your employment. Article 6(1)(f) of the GDPR — our legitimate interest to accomplish a variety of tasks, including: To protect the security of our network, data, systems, facilities, and business. To fulfill our tax and compliance obligations as your employer. To ensure and promote a safe, collegial, and productive working environment and to improve the quality of the work performed for us. To make accommodations for disabilities. To conduct investigations and comply with other legal and business requirements regarding a safe and ethical workplace. To evaluate your suitability for employment, or continued employment, with us. To prepare for, or protect and defend against actual or potential legal claims, or for other, related legal purposes. To administrate payroll, provide benefits for our Associates, and similar purposes. To manage our corporate finances. To help ensure that you are taken care of properly, and that your family is informed, in the case of an emergency. For other purposes consistent with the disclosures and description in this policy. 

Data Retention

We generally retain the personal data of our Associates for at least 5 years following the end of the relevant Axcient Associate’s tenure with us. We may retain personal data of our Associates for longer than this period to prepare for or defend against legal claims, as required by law, or for other reasons permitted by law. 

2. RECIPIENTS OF PERSONAL DATA 

We may transfer personal data processed for the purposes established above to the following: 

  • Courts, arbitrators, mediators, opposing party and their lawyers (if needed for the legal proceedings); 
  • Police, law enforcement authorities, tax authorities, other government or municipal institutions (e.g., if required by relevant laws); 
  • Other persons or entities performing official functions assigned to them (e.g. notaries, debt collection companies); 
  • Professional advisers such as lawyers, consultants, auditors or accountants (e.g., if needed for the protection of our legitimate interests); 
  • Service providers who provide information technology, cloud and system administration services, marketing, human resources, accounting, cybersecurity, postal or courier services, or other services; 
  • Service providers who provide human resources software solutions. We currently use solutions provided by BambooHR and LatticeHQ, available at https://bamboohr.com/ and https://lattice.com/. We may transfer your personal data to this software and such transfer will also include data transfer outside the EEA (to the USA); 
  • Insurance providers who provide and underwrite Company’s insurance policies; 
  • Other entities in the same group of companies as part of regular reporting activities on company or Associate performance, accounting, in the context of a business reorganization or group restructuring exercise, for management of the business, for system maintenance support and hosting of data; 
  • Employment benefit providers for the purpose of providing employment benefits to you and your dependents or beneficiaries, such as private health insurance, educational leave, a private pension plan, life insurance, and other, similar benefits; 
  • Financial, tax or legal audits, due diligence, or other inspection of Axcient; 
  • Advisors, companies, or personnel for the purposes of conducting confidential investigations into suspected misuse of resources, or to combat threats to the interests, safety, or property of you, ourselves, or third parties. 
  • To manage stock options or grants; 
  • In the case of any reorganization, merger, incorporation of a joint venture, or any other transfer of business, property or shares of Axcient (also if related to bankruptcy or and other similar procedure) – to the transferees or other related parties (their representatives); and 
  • Banks and other financial institutions.

3. YOUR RIGHTS 

You have the following rights with respect to your personal data. Please note that we may limit our responses to these rights as permitted by law. 

Right to be informed and right of access

We are obligated to provide clear and transparent information about our data processing activities. This Privacy Notice fulfills this right.  You also have the right to obtain confirmation from us as to whether or not your personal data is being processed and to access information about how Axcient processes your personal data.   You also have the right to receive a copy of the personal data we hold about you. Where the request is made by electronic means, the information shall be provided in a commonly used electronic form, where feasible and unless you request otherwise in writing. 

Right to rectification 

You have the right to have your personal data corrected if it is inaccurate or incomplete. To exercise this right, please contact peopleops@axcient.com. 

Right to erasure (‘right to erasure’)

You have the right to obtain from Axcient the erasure of your personal data, if:                  The personal data is no longer necessary in relation to the purposes for which it was collected or processed, You withdraw any consent on which the processing is based and there is no other legal ground for the processing, You object to the processing as described below and there are no overriding legitimate grounds for the processing, Personal data has been unlawfully processed, Personal data must be erased to comply with an applicable legal obligation.  Please note that applicable law may establish some exceptions for responding to the right to erasure. If those exceptions are applied in your case, we will inform you about them accordingly as required by law in connection with your rights request. 

Right to restriction of processing 

You have the right to restrict our processing or your personal data, if:  You contest its accuracy, for a period enabling us to verify the accuracy or correct it, The processing is unlawful and you request the restriction of its use, You object to processing as described below and we do not have legitimate grounds to overrule your objection.  Where processing has been restricted, such personal data shall, with the exception of storage, only be processed with your consent; to establish, exercise, or defend our legal claims; or to protect of the rights of another natural or legal person or for reasons of important public interest or as expressly permitted by applicable law. 

Right to object 

You have the right to object to the processing of your personal data, where such data processing threatens your rights and freedoms. Axcient will no longer process the personal data in such a circumstance unless we demonstrate a compelling legitimate ground for the processing that overrides your interests, rights and freedoms or for the establishment, exercise or defense of legal claims. 

Right to withdraw the consent 

If the processing of your personal data is based on your consent, you have the right to withdraw this consent at any time. Your withdrawal of consent will not affect the lawfulness of processing based on consent before its withdrawal. 

Right to lodge a complaint with a supervisory authority

You have the right to lodge a complaint with Autoriteit Persoonsgegevens, or another authority if you reside in a different EU member nation, if you believe that we are processing your personal data in violation of the General Data Protection Regulation. Autoriteit Persoonsgegevens’ mailing address is Autoriteit Persoonsgegevens, Postbus 93374, 2509 AJ DEN HAAG; they can also be reached by phone at 070-88888 500* or via the methods provided on their website, found at https://autoriteitpersoonsgegevens.nl/nl.  If you reside in the United Kingdom, you have the right to lodge a complaint with the Information Commissioner’s Office if you believe that we are processing your personal data in violation of the GDPR as implemented in the UK. The Information Commissioner’s Office’s address is Wycliffe House, Water Ln, Wilmslow SK9 5AF, United Kingdom. Their website can be found at https://ico.org.uk/ and they can also be reached via the methods provided on the “contact us” page of their website or by phone at 0303 123 1113.  You are free and encouraged to contact us before lodging a complaint and express your concerns.  

You can exercise the above rights by making a written request at privacy@axcient.com. Please note that we may limit our response to your rights as permitted by applicable law. 

We will attempt to fulfil any request to exercise these rights within 1 month. In some cases, this term may be extended for 2 months. In that case, we will notify you about this extension and reasons for it within 1 month from the receipt of request.  

4. INTERNATIONAL TRANSFER OF PERSONAL DATA 

Axcient may transfer personal data outside the EEA pursuant to the requirements established in this Privacy Notice and applicable laws, if such transfers are protected with appropriate safeguards in accordance with the GDPR. 

Please note that Axcient is headquartered in the United States. For the maintenance and management of our business, it is necessary to transfer some of your personal data to the United States, which the European Commission does not consider to have an adequate data protection regime. As such, all international transfers (including transfers of personal data relating to UK and EU personnel) are made subject to Axcient’s commitments under the Data Privacy Framework available from the U.S. Department of Commerce, or, where those are not available or Axcient has not certified compliance, the applicable standard contractual clauses or other mechanisms designed to provide an adequate level of protection as mandated by the European Commission. You can contact the PeopleOps team via the contact information above to learn more about specific data transfer mechanisms. 

5. AT-WILL EMPLOYMENT DISCLAIMER 

This Privacy Notice does not create an express or implied contract of employment or any other contractual commitment. Axcient may modify this Privacy Notice in its sole discretion without notice, at any time, consistent with applicable law. 

6. COMPLAINTS

In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, Axcient commits to cooperate and comply respectively with the advice of the panel established by the EU data protection authorities (DPAs) and the UK Information Commissioner’s Office (ICO) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to unresolved complaints concerning our handling of human resources data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF in the context of the employment relationship.