California Applicant Privacy Policy

Sibros Technologies, Inc.

Effective Date: December 1, 2023

This California Applicant Privacy Policy (the “Policy”) describes how Sibros Technologies, Inc. and our affiliates and subsidiaries (collectively, “Sibros,” “we” or “us”) collects and uses personal information relating to California residents who are external job applicants and potential candidates for positions with Sibros (each an “Applicant”) for purposes of our notice and privacy policy requirements under the California Consumer Privacy Act and the regulations issued thereto, each as amended (collectively, the “CCPA”). The information in this Policy is intended to provide an overall description of our processing of personal information about Applicants.

Scope

This Policy applies generally to the Applicant personal information that we collect and otherwise process about Applicants, in the context of reviewing, assessing, considering, managing, storing or processing their applications or otherwise considering them for a position with us. The personal information that we collect, and our use and disclosure of such personal information may vary depending on the circumstances, such as the position(s) or location for which you apply, as well as the associated qualifications and responsibilities. In addition, if you visit one of our offices or locations, we may collect information as part of our onsite security.

Not Covered by this Policy

This Policy does not address or apply to our collection of personal information that is not subject to the CCPA, such as consumer credit reports and background checks, publicly available data, or other information that is exempt under the CCPA.

This Policy does not apply to the personal information we collect from employees or contractors, which is subject to different privacy policies, or to the personal information we collect through our website, which is subject to the Sibros Privacy Policy posted at https://www.sibros.tech/privacy-policy.

In addition, we may provide Applicants with other notices or policies about our data practices, such as those covered by other laws (e.g., if we conduct a background check). We encourage you to carefully read this Policy, together with any other privacy policy we may provide to you.

Categories of Personal Information Collected and Disclosed

The table below generally identifies the categories of personal information about Applicants that we collect and have collected in the prior twelve (12) months, as well as the categories of third parties to whom we may disclose this information for a business or commercial purpose. In some cases (such as where required by law), we may ask for consent or give you certain choices prior to collecting or using certain personal information. In addition to the third parties listed in the table below, we disclose your personal information to our service providers, who process the information on our behalf, other third parties as required by law, or otherwise with your consent.

Categories	Description	Third Party Disclosures for Business or Commercial Purposes
Identifiers	Real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, social security number, driver’s license number, and other government identifiers.	Advisors and agents Recruiters Affiliates and subsidiaries Regulators, government entities and law enforcement Internet service providers, operating systems, and platforms
Categories of Personal Information Described in Cal. Civ. Code § 1798.80	Records containing personal information, such as name, signature, photo, contact information, education and employment history, Social Security number and other government identifiers, financial or payment information, medical information.	Advisors and agents Recruiters Affiliates and subsidiaries Regulators, government entities and law enforcement Internet service providers, operating systems, and platforms
Commercial Information	Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.	Advisors and agents Affiliates and subsidiaries Regulators, government entities and law enforcement Internet service providers, operating systems, and platforms
Internet or Other Electronic Network Activity Information	Internet or other electronic network activity information, including, but not limited to, browsing history, search history, and information regarding your interaction with an internet website or application, as well as physical and network access logs and other network activity information related to your use of any device, network or other information resource.	Advisors and agents Affiliates and subsidiaries Regulators, government entities and law enforcement Internet service providers, operating systems, and platforms
Biometric Information	Physiological, biological or behavioral characteristics that can be used alone or in combination with each other to establish individual identity, including fingerprint/ handprint (in accordance with applicable laws.)	Advisors and agents Affiliates and subsidiaries Regulators, government entities and law enforcement Internet service providers, operating systems, and platforms
Geolocation Data	Location information about a particular individual or device.	Advisors and agents Affiliates and subsidiaries Recruiters Regulators, government entities and law enforcement Internet service providers, operating systems, and platforms
Characteristics of Protected Classifications Under California and Federal Law	Race/ethnicity, gender, sex, veteran status, disability, and other characteristics of protected classifications under California or federal law. This information is collected on a voluntary basis, and is used in support of our equal opportunity and diversity and inclusion efforts and reporting obligations or where otherwise required by law.	Advisors and agents Affiliates and subsidiaries Recruiters Regulators, government entities and law enforcement Internet service providers, operating systems, and platforms
Audio, Electronic, Visual, or Thermal Information	Audio, electronic, visual, or similar information, such as, CCTV/video footage, photographs, call recordings, and other audio recording (e.g., recorded webinars.	Advisors and agents Affiliates and subsidiaries Regulators, government entities and law enforcement Internet service providers, operating systems, and platforms
Professional or Employment-Related Information	Performance information, professional membership records, references, assessment records, resumes, cover letters and work history, attendance records, conduct information (including disciplinary and grievance records), and termination data.	Service providers Advisors and agents Affiliates and subsidiaries Recruiters Regulators, government entities and law enforcement Internet service providers, operating systems, and platforms
Education Information	Degrees earned, educational institutions attended, transcripts, training records and other information about your educational history or background that is not publicly available personally identifiable information as defined under the Family Educational Rights and Privacy Act.	Advisors and agents Affiliates and subsidiaries Recruiters Regulators, government entities and law enforcement Internet service providers, operating systems, and platforms
Inferences and Profiles	Inferences drawn from any of the information identified above to create a profile about an individual regarding her or his preferences, characteristics, predispositions, behaviors, and personality tests and profiles reflecting skill and aptitude.	Advisors and agents Affiliates and subsidiaries Regulators, government entities and law enforcement Internet service providers, operating systems, and platforms
Sensitive Personal Information	(a) Social Security number and other government identifiers; (b) financial account and payment information (e.g., for direct deposit purposes); (c) racial or ethnic origin or sexual orientation (e.g., on a voluntary basis to support of our equal opportunity and diversity and inclusion efforts and reporting obligations, or where otherwise required by law, or union membership); and in limited cases and as necessary(e) health information (e.g., as necessary to provide reasonable accommodations).	Affiliates and subsidiaries Recruiters Regulators, government entities and law enforcement Internet service providers, operating systems, and platforms

We do not sell or share (as defined by the CCPA) personal information or sensitive personal information related to Applicants, including those we know who are under the age of 16.

Sources of Personal Information

In general, we may collect Applicant personal information identified in the table from the following categories of sources:

Directly from you
Recruiters and recruiting platforms
Referrals and references
Publicly available information and data brokers
Service providers, representatives and agents
Affiliates and subsidiaries

Retention

Sibros retains the personal information we collect only as reasonably necessary for the purposes described below or otherwise disclosed to you at the time of collection. For example, we will retain your information as necessary to comply with our tax, accounting and recordkeeping obligations, to consider you for additional positions (with your permission), as well as an additional period of time as necessary to protect, defend or establish our rights, defend against potential claims, and comply with our legal obligations.

Purposes for Collecting, Using, Disclosing and Processing Personal Information

Subject to applicable legal restrictions, generally we collect, use, disclose and process Applicant personal information as reasonably necessary for the following general purposes:

Recruiting, hiring and managing, and evaluating Applicants

To review, assess, recruit, consider or otherwise manage Applicants and job applications, including:

scheduling and conducting interviews;
identifying candidates, including by working with external recruiters;
reviewing, assessing and verifying information provided, and otherwise screening or evaluating Applicants’ qualifications, suitability and relevant characteristics;
extending offers, negotiating the terms of offers, and assessing salary and compensation matters;
satisfying legal and regulatory obligations;
communicating with Applicants regarding their applications and about other similar position(s) for which they may be interested;
maintaining Applicant personal information for future consideration; and
supporting our equal opportunity policy and practices.

Business operations and customer services

Relating to the organization and operation of our business and performance of obligations to customers, including:

developing, producing, marketing, selling and providing goods and services;
providing after-sales services to customers;
auditing and assessing performance and business operations, including customer services and associated activities;
training and quality control;
satisfying customer reporting and auditing obligations;
facilitating business development opportunities, as relevant; and
facilitating communications in furtherance of the foregoing.

Security and monitoring

To monitor and secure our resources, network, premises and assets, including:

detecting, preventing, investigating and responding to suspected or alleged misconduct or violations of company policies and work rules;
detecting, preventing, investigating and responding to security and privacy incidents;
managing physical and technical access controls;
maintaining and reviewing access and activity logs and records; and
ensuring the security and functioning of our systems and assets, and securing our offices, premises and physical assets, including through the use of electronic access systems and video monitoring.

Auditing, accounting and corporate governance

Relating to financial, tax and accounting audits, and audits and assessments of our business operations, security controls, financial controls, or compliance with legal obligations, and for other internal business purposes such as administration of our records retention program.

M&A and other business transactions

For planning, due diligence and implementation of commercial transactions, for example mergers, acquisitions, asset sales or transfers, bankruptcy or reorganization or other similar business transactions.

Defending and protecting rights

To protect and defend our rights and interests and those of third parties, including to manage and respond to Applicant and other legal claims and disputes,, and to otherwise establish, defend or protect our rights or interests, or the rights, interests, health or safety of others, including in the context of anticipated or actual litigation with third parties.

Complying with legal obligations

Relating to compliance with applicable legal obligations such as hiring eligibility, responding to subpoenas and court orders, as well as assessments, reviews and reporting relating to such legal obligations, including under employment and labor laws and regulations, Social Security and tax laws, environmental regulations, workplace safety laws and regulations, and other applicable laws, regulations, opinions and guidance.

Contacting you about potential positions

To identify other positions for which an Applicant may be suited or interested, and to contact Applicants about such positions. If you do not wish to be contacted about potential positions, please let us know using the contact information below.

Sensitive Personal Information

Notwithstanding the purposes described in this Policy, we do not collect, use or disclose sensitive personal information about Applicants beyond the purposes authorized by the CCPA (pursuant to Cal Civ. Code § 1798.121 and § 7027(l) of the CCPA regulations). Accordingly, we only use and disclose sensitive personal information about Applicants as reasonably necessary and proportionate: (i) to perform our services requested by you; (ii) to help ensure security and integrity, including to prevent, detect, and investigate security incidents; (iii) to detect, prevent and respond to malicious, fraudulent, deceptive, or illegal conduct; (iv) to verify or maintain the quality and safety of our services; (v) for compliance with our legal obligations; (vi) to our service providers who perform services on our behalf; and (vii) for purposes other than inferring characteristics about you.

Your CCPA Rights

California Applicants have certain rights under the CCPA with respect to their personal information, subject to certain limitations and exceptions

Deletion

The right to request deletion of their personal information that we have collected about them.

Know/Access

The right to know what personal information we have collected about them, including the categories of personal information, the categories of sources from which the personal information is collected, the business or commercial purpose for collecting, selling, or sharing personal information, the categories of third parties to whom we disclose personal information, and the specific pieces of personal information we have collected about them.

Correction

The right to request correction of inaccurate personal information we maintain about them.

Opt out of sales and sharing

The right to opt-out of the sale and sharing of their personal information. However, as discussed above we do not sell or share Applicant personal information.

Limit use/disclosure of sensitive personal information

The right to request to limit certain uses and disclosures of sensitive personal information. However, as discussed above, we do not use or disclose Applicant sensitive personal information beyond the purpose authorized by the CCPA.

Non-discrimination

The right not to be subject to discriminatory treatment for exercising their rights under the CCPA.

‍Submitting CCPA Requests

Applicants may submit a request to Sibros to exercise their CCPA rights to know/access, to delete and to correct their personal information held by us by submitting a privacy request via our Applicant CCPA Request Form.

We will take steps to verify your request by matching the information provided by you with the information we have in our records. Your request must:

Provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative (i.e., by completing all required fields on our Applicant CCPA Request Form if you choose to submit a request in that manner).
Describe your request with sufficient details that allows us to properly understand, evaluate, and respond to it.

In some cases, we may request additional information in order to verify your request or where necessary to process your request. Authorized agents may initiate a request on behalf of another individual through one of the above methods; authorized agents will be required to provide proof of their authorization and we may also require that the relevant consumer directly verify their identity and the authority of the authorized agent.

Contact Us About This Policy

For additional details, or if you have questions regarding our use of your personal information as described in this Policy, you may contact us at privacy@sibros.tech.