Privacy Policy

Solidigm Worldwide Candidate Privacy Policy Notice

Legal

Last Updated: December 2023

About this Policy

This Worldwide Candidate Privacy Policy Notice (“Candidate Privacy Policy”) provides details on how Solidigm, located at 10951 White Rock Road, Rancho Cordova, CA 95670, and its subsidiaries (collectively called the “Solidigm”, “Company” or “we”), as data controllers, may process (including collect, use, and share) the Personal Information we collect about you or from you as a Candidate for employment with the Company. If you receive an offer, you may be retained by a subsidiary. For example, Candidates who accept employment for positions assigned to Poland may be employed by SK hynix NAND Product Solutions UK Limited. If you accept a position and do not know which entity will employ or retain you, please contact the HR Help Desk or your Business HR Representative.

This Privacy Policy updates Solidigm’s prior privacy policy to reflect changes that Solidigm made in 2023. This update version supersedes all prior versions.

For purposes of this Candidate Privacy Policy, “Personal Information” or “PI” means any information that identifies, relates to, or could reasonably be linked to an identifiable natural person.

“Candidate” means an individual who is being recruited for, has expressed an interest in, and/or applied for an employment, independent contractor, or executive position with Company.

This Candidate Privacy Policy is in addition to the Company’s Worldwide Personnel Privacy Policy, which will apply to you if you are retained (employed) by Company, and the Solidigm Privacy Policy found on Solidigm’s website.

Collection and Use of Your Personal Information

You may share and the Company may otherwise collect and process the following types of Candidate PI for recruitment and hiring purposes:

· Personally Identifying Information: This includes PI such as name, date and place of birth, place of residence and address, citizenship, languages spoken;

· Contact Details: This includes PI such as home or other mailing address, telephone number, and email addresses;

· Educational and Professional Background: This includes PI such as academic/professional qualifications, and former or current compensation, if permitted by applicable law, work history, curriculum vitae (“CV”), résumé, certifications, reference letters and interview notes;

· Other Information: This includes any other PI that you choose to provide to the Company, whether in an application form, such as through a resume, curriculum vitae (“CV”), current company biography, public profile you share with the Company, or otherwise. Examples of PI under this category include, but are not limited to, PI about your hobbies, social preferences, etc.

Also, if your application progresses, including if you accept an offer for the position, you may share or the Company may collect, process, and use the following additional types of Candidate PI:

· National Identifiers: This includes PI such as national ID/passport, immigration status and documentation, visas, social security numbers (US only), national insurance numbers;

· Biometric Data: This includes PI relating to you physical, physiological, or behavioral characteristics that allows for the confirmation of your identity, such as facial images, and video meeting or presentations;

· Background Check Information: This includes any PI provided by you or obtained through a third-party background investigation service provider (including, for example, criminal records) and sanctions check information (for vetting purposes and compliance with certain laws) where legally permissible, subject to any further legal requirements;

· Medical and Disability Information: This includes PI such as information about your short- or long-term disabilities or illnesses that you might share with your recruiting professional at the Company that is relevant to the Company and the particular position you are being considered for by the Company, in each case to the extent permitted by applicable law;

· IT information: This includes PI required to provide access to the Company’s information technology systems and networks, such as internet protocol addresses, log files, login information, passwords, software/hardware inventories. For further information about how we process IT information, see the Contact information below;

· Demographic Information, Government Issued Identification Numbers, and other Information Required to Onboard You: This includes PI you share with Company to the extent required by law to prove your eligibility to work for Company as well as PI you optionally provide to the Company about your demographics.

Where lawfully authorized and with legally required consents, the Company may also collect certain demographic data, which qualifies as sensitive PI, such as race, ethnicity, sexual orientation, and disability, to help the Company in its efforts towards diversity and inclusion. This information, when collected, is generally done so on the basis of the Candidate’s voluntary consent, and Candidates are not required to provide this information unless it is necessary for the Company to collect such information to comply with its legal obligations.

If a Candidate is retained by the Company, then the personal information from the first day retained through the duration of employment is covered by the Company’s Personnel Employee Privacy Policy. This Candidate Privacy Policy continues to apply to the Candidate personal information.

Purposes for Collection and Use of Your Personal Information

The Company may collect and use your PI, including the PI you submit as a Candidate, to process your application for employment or other submission as an individual contractor or non-employee executive, and comply with all laws applicable to your candidacy, including, for example, for employees confirming your eligibility to work in a specific geographic location, and administering and evaluating your employment application. The Company may also process your PI to complete the on boarding process should you accept a role with the Company, including conducting background checks and pre-engagement verifications directly related to your application. The Company will use your PI for multiple specific reasons related to processing your application, along with other legitimate business purposes and legal bases noted below (the “Processing Purposes”):

· Administering and processing your employment application or other submission for a role with Company, as well as communicating with you throughout the entire recruiting process;

· Determining your suitability for the role for which you have applied, or for other roles. This includes assessing and reviewing your prior experience, and your interview information;

· Conducting background checks and pre-engagement verifications directly related to your application. Any such background check may include a review of a limited criminal history, national ID verification, as well as of your credit history (for certain executive level positions), employment and educational background, and extended global sanctions, to the extent authorized under applicable law;

· Complying with applicable laws and regulations (e.g., tax, health and safety, anti-discrimination, and labor and employment laws), including, for example, your ability to legally work, initiating payroll, identifying tax withholdings and benefits, and complying with statutory and retention requirements and cooperating with the legal process, including, for example, government investigations and seeking legal counsel and other professional consultations;

· If provided, and with your explicit consent, we may use information about your disability status and demographic information, to provide appropriate accommodations, comply with the Company's diversity and retention policies and disclosures, and promote a broad representation of Candidate within the Company.

You will be notified of changes to the processing of your PI prior to changes we implement.

Legal Basis for Processing Your Personal Information.

The legal basis for processing your PI is based on one or more of the following four legal bases:

· on our legitimate business interests in managing our relationship with you and legitimate business interests in carrying out our business obligations;

· to take steps prior to our potential precontractual measures relating to our potential future relationship with you;

· on our complying with laws that apply to your PI and the processing that is necessary to satisfy our legal and regulatory obligations; and

· your consent as required by law.

Submissions of PI to the Company by You and Collected from Third Parties

Resumes, CVs, and other similar documents and information submitted by you to the Company for review should include only information relevant to your job qualifications and employment history, including, for example, your prior employment, relevant positions and dates, significant accomplishments, skills and qualifications, education, degrees, or certifications obtained, dates, and issuing institutions. As permitted by local law, during your candidacy and the hiring process, we also may obtain information about you from publicly available sources or from third parties, including, for example, references, a third-party recruitment vendor, a third-party background investigation and pre-employment verification service provider, or other similar sources. In so doing, the Company will take steps to confirm that PI we receive about you from any third parties has been collected with your consent or that those third parties are otherwise legally permitted to disclose your PI to the Company.

If you provide PI to the Company about other individuals (for example, information about your references), prior to any disclosure to the Company, please ensure (1) you have informed those other individuals about your intent to provide the Company with their PI, and (2) those other individuals agree that you may provide the Company with their PI.

The Company recommends that you do not provide Company with any of your sensitive personal characteristics, including, for example, your resident registration numbers, height, weight, religion, age, and political beliefs. Subject to applicable law, however, the Company may request that you self-identify with certain characteristics, such as gender, race, ethnicity, or veteran status. You may choose not to disclose such characteristics, and choosing not to disclose those will not subject you to any adverse treatment. If you do disclose those characteristics to the Company, the Company will keep that information confidential and use it only for internal reporting and statistical purposes, as well as to comply with applicable laws.

Company uses a third-party solution to process your application, SmartRecruiters. You can find the third party’s privacy policy on its website.

Who Accesses Your Personal Information

The Company may share your PI with third parties, including affiliates of the Company, for any of the Processing Purposes, as follows:

· To the Company and its Affiliates: Because the Company is part of a larger corporate group with headquarters in the United States and offices and employees/contractors in multiple jurisdictions, and because the corporate group shares executive oversight, human resources, procurement, and management decision making, the Company may share your PI to various internal parties involved in the process, in order to make a hiring decision and assure compliance with applicable laws, policies, and procedures (Art. 6 (1) sentence 1 lit. f GDPR). In addition, Company may share your PI with its parent, SK hynix, Inc. headquartered in Korea, which wholly owns Company.

· To Regulators, Legal Authorities, and Other Third Parties: The Company may share your PI with regulators, administrative tribunals, courts and other legal authorities, independent external advisers, and internal compliance and investigation teams, as necessary to fulfill any of the Processing Purposes listed above (Art. 6 GDPR, Section 26(1) BDSG).

· To Data Processors: The Company will provide to data processors PI necessary to fulfill any of the Processing Purposes. For example, these data processors may carry out instructions related to data hosting services or similar functions, legal or regulatory compliance services, and recruitment or workforce administration. Where required, these data processors will be subject to contractual obligations to implement appropriate technical and organizational measures to safeguard your PI, and to process it only as instructed to fulfill any of the Processing Purposes.

For the Processing Purposes, the Company may process and store your PI on systems used by the Company in the United States as well as other secure locations as necessary. Some recipients of your PI from the Company are located within and outside of the European Economic Area and United Kingdom (collectively, the “EEA”), and Asia.

If you are a Candidate in the EEA applying for a position within the Company, the Company will be the controller of your data for the purposes of your application’s receipt and review and for human resources administration. Under those circumstances, local hiring legal entities may also be the data controllers for your local recruitment related processing.

The Company has established a legal basis for processing your PI by, among others, establishing the legal basis for the Processing Purposes, which may include entering into appropriate data transfer agreements, obtaining your consent as required, and implementing other appropriate safeguards to provide you with an adequate level of data protection. Based on those, the Company confirms that it has implemented an adequate level of global protection for your PI. The Company also confirms that it has implemented appropriate technical and organizational security measures designed to protect your PI against accidental or unlawful destruction, accidental loss or alteration, unauthorized disclosure, or access, and against all other unlawful forms of data processing. To see if you have the right to request an explanation of the appropriate safeguards, email DSRequests@Solidigm.com. If you have the right, you may request the information by CLICKING HERE .

As such transfer of your PI is necessary and unavoidable for the application process, such data transfer to third countries outside the EEA is permitted under Art. 49 (1) (c) GDPR.

Only authorized personnel will have access to your PI with a Processing Purpose described in this Candidate Privacy Policy.

Records Retention

The Company will retain your PI no longer than is necessary to carry out any of the Processing Purposes described in this Candidate Privacy Policy, or as otherwise required or permitted by applicable law and Company procedures.

The Company may retain your PI after the recruitment and application process has terminated, even if you did not receive or accept an offer of retention (employment), to contact you about potential future opportunities or other recruitment purposes. Where a different retention period is required by applicable law, however, the Company reserves the right to extend or alter any of its applicable records retention time periods.

Using a process that meets industry standards, the Company will permanently delete your PI when no longer necessary for any of the Processing Purposes or as described immediately above. The Company will continue to process (including use, disclose, and store) any retained PI consistent with this Candidate Privacy Policy.

Measures Designed to Protect the Safety of PI

The Company takes the following measures that are designed to protect the safety of PI:

· Managerial measures: Establishment and implementation of internal management plans, regular training of employees, etc.;

· Technical measures: Management of access rights to PI processing systems, etc., installation of access control system, encryption of personally identifiable information, installation of security program;

· Physical measures: Control of access to the IT team or data storage room, etc.

Geography specific Provisions:

Company is a worldwide organization with employees in different countries, regions, and states. The regulators of these different areas of the world have passed different types of laws to protect privacy. Some laws are stricter while others offer different rights. Company provides the following additional information to those of you who are protected by laws.

Your Choices and Rights Concerning Your PI

Depending on the laws that apply to your PI, you may have certain rights regarding the PI you provide to the Company. Those rights may differ among jurisdictions.

If you are in the EEA, UK or California, you have the following rights:

Right	California	EEA/UK
Right of Access/Know/Confirm	X	X
Right to Rectification/Correction	X	X
Right to Erasure/Deletion	X	X
Right to Restrict Processing		X
Right to Portability/Copy		X
Right to Object and Rights Concerning Automated Decision Making		X
Right to Withdraw Consent		X
Rights Related to Sale and Sharing/Targeted Advertising	X
Right to Limit the Use and Disclosure of Sensitive PI	X

This is an explanation of these categories of rights.

Generally, the rights are described as follows:

· Right of Access/Know/Confirm: The right to confirm with the Company whether the PI has been processed and, if so, how it was processed. This also includes the right to request access to that PI. The right includes access to the following information to the extent not already included in this Privacy Policy: the categories of PI processed, the purpose of the processing, the recipients or categories of recipients, the source of the PI if the Candidate is not the source, and the existence of automated decision-making including information about the logic, significance, and envisioned consequences for the Candidate.

· Right to Rectification/Correction: The right to rectify inaccurate or incomplete PI concerning the Candidate.

· Right to Erasure/Deletion: The right to have the Company erase PI about the Candidate, outside of the Company’s normal records retention policies. However, the Company may continue to retain the PI for legitimate purposes, including statistical purposes, depending on applicable statutory and regulatory requirements.

· Right to Restrict Processing: The right to request that the Company limit or restrict the processing of the Candidate’s PI. Where the Company processes Candidate’s PI for the Processing Purposes, however, the Company has a legitimate interest in processing that PI, which may override the request.

· Right to Portability/Copy: The right to receive the Candidate’s PI that the Candidate provided to the Company, in a structured, commonly used, and machine-readable format, and the Candidate may have the right to have the PI transmitted to another entity.

· Right to Object and Rights Concerning Automated Decision Making: The right to object to or complain about, at any time, the processing of the Candidate’s PI, including for allegations of profiling, and the Company may be required to stop processing the PI for that Processing Purpose unless the Company can do so under another legal bases. This could include a request by the Candidate for human intervention, in relation to an automated decision that the Company made, so that the Candidate may express the Candidate’s view and contest the automated decision.

· Right to Withdraw Consent: After providing the Company with consent to the processing of PI, Candidate may withdraw it at any time with future effect. Withdrawing consent will not, however, affect the lawfulness of any processing the Company conducted prior to the withdrawal, or the Company’s processing of Candidate PI under other legal bases.

· Rights Related to Sale of PI and Sharing/Targeted Advertising: Solidigm does not sell PI, does not share PI with others for their advertising purposes, and does not use others’ PI to advertise to you.

· Right to Limit the Use and Disclosure of Sensitive PI: The right to tell Company to limit our use and disclosure of your sensitive PI to the use that is necessary for the purpose.

Candidates in certain jurisdiction also have the right to lodge a complaint with the competent data protection supervisory authority in the relevant jurisdiction.

Candidates and their legal personal representatives with one or more of these rights may exercise the rights by completing the online form available by CLICKING HERE . If your jurisdiction is not listed here, then to see if your jurisdiction provides you with rights, complete the questions on the request form. Company reserves the right to validate the requestor’s identity, including when the request is made by a representative of the data subject. Company also reserves the right to seek addition details to assist in Company’s response and to aid Company in locating Candidate’s PI.

Notice to California Residents

California residents may exercise their rights noted above by completing the online form available by CLICKING HERE , by emailing DSRequests@Solidigm.com, or by calling the tollfree number 1-888-209-0378. In addition to the information above, this section describes Solidigm’s practices regarding the PI we collected about California residents in the last 12 months, the sources of that information, our business or commercial purposes for collecting that information, and the third parties with whom we shared that information. Solidigm does not “sell” or “share” your PI.

Categories of PI (described in more detail above)	Recipients to whom PI is disclosed for a business purpose
Resumes, CVs, and other similar documents and information that you provide, which may include sensitive PI	Our affiliates and subsidiaries, our services providers, third parties when required by law or to comply with valid legal process, third parties to enforce our rights or protect our rights, third parties in connection with or during negotiations of any corporate transaction, any third party with your consent or at your direction, or as we believe to be necessary and appropriate.
Publicly available PI	Our affiliates and subsidiaries, our services providers, third parties when required by law or to comply with valid legal process, third parties to enforce our rights or protect our rights, third parties in connection with or during negotiations of any corporate transaction, any third party with your consent or at your direction, or as we believe to be necessary and appropriate.
Professional and background check PI collected by third party service providers including sensitive PI	Our affiliates and subsidiaries, our services providers, third parties when required by law or to comply with valid legal process, third parties to enforce our rights or protect our rights, third parties in connection with or during negotiations of any corporate transaction, any third party with your consent or at your direction, or as we believe to be necessary and appropriate.

European Union Members States, United Kingdom, and Other Countries with Privacy Rights Laws

EEA/UK

The Global Data Protection Regulation (“EU GDPR”) and the UK’s adoption of EU GDPR as well as the adoption by other EEA members states (collectively “GDPR”) protects the processing of PI in the European Union. The following provides you with additional information about our privacy practices:

· As a legal basis for processing PI in the EEA and UK for the Processing Purposes mentioned above, we rely on the necessity of processing for the performance or termination of your employment (Art. 6(1) GDPR) or for processing any other contractual relationship (Art. 6(1)(a) GDPR) and the necessity of the processing to protect the above legitimate interests (Art. 6(1)(f) GDPR). Furthermore, we process Candidate PI relying on the necessity of the processing to comply with our respective legal obligations (Art. 6(1)(c) GDPR. Insofar as we process special categories of PI (within the meaning of Art. 9(1) GDPR) for the above mentioned Processing Purposes, in particular health data, we also rely on your consent (Art. 9(2) GDPR) or the necessity of the processing for the exercise of rights or fulfillment of obligations arising from labor law, social security law and social protection, e.g. the recording of severe disability due to additional leave (Art. 9(2)(b) GDPR in conjunction with Art. 6(1)(c) GDPR, for the assessment of the ability to work (Art. 9(2)(h) GDPR) and for reasons of public interest in the area of public health (Art. 9(2)(i) GDPR).\

· The legal basis for the above mentioned transfer of PI to the Company’s Affiliates Because the Company is part of a larger corporate group with headquarters in the United States and offices and employees in multiple jurisdictions, which share human resources and management decision making, the Company may transfer your PI to various internal parties involved in the employment process to establish, manage, or terminate your employment relationship with the Company, and assure compliance with applicable laws, policies, and procedures Art. 6(1)(f) GDPR);

· The legal basis for the above-mentioned transfer of PI to Regulators, Legal Authorities, and Other Third Parties is Art. 6 GDPR.

South Korea

The Company processes your PI within the scope expressly indicated in Purposes for Collection and Use of Your Personal Information, above. If you provide consent to Company for the use of your PI, Company will notify you of the third parties that will receive your Personal Information.

China

The Chinese Personal Information Protection Law (the "PIPL") provides any person located in China and/or any PI that has been collected or is processed within China with specific rights and obligations aimed at protecting the rights and interests of individuals, regulating PI processing activities, and facilitating reasonable use of PI.

For purpose of this Notice, “China” refers to mainland China, excluding Hong Kong Special Administrative Region (“SAR”), Macau SAR, and Taiwan Region.

Legal basis. Where the PIPL applies, we process your PI based one or more of the following legal bases:

· your consent;

· where it is necessary to enter into or perform a contract to which you are a party, or for the implementation of human resources management in accordance with the labor rules and regulations formulated in accordance with applicable laws and the collective contract concluded in accordance with applicable laws;

· where it is necessary for the performance of our statutory obligations;

· where it is necessary for the response to a public health emergency or for the protection of the life, health and property safety of a natural person in an emergency;

· where it is for the purposes of public interest, and the handling of PI is within a reasonable scope;

· where we reasonably process the PI that has been publicly disclosed by you or otherwise disclosed publicly in a lawful manner within a reasonable scope in accordance with the provisions of PIPL; and

· other circumstances prescribed by laws and administrative regulations.

Specific notice about sensitive PI. Some of the PI we process about you may fall into the scope of sensitive PI under the PIPL, including the national identifiers (such as national ID/passport, visas), biometric data (such as facial images), financial information (e.g., bank account), non-public criminal records, medical and disability Information (such as short- or long-term disabilities or illnesses). Such information is sensitive because once leaked or illegally used, it may lead to impact on personal rights and interests, such as infringement of human dignity or harm to personal or property safety. We only process your sensitive PI where it is necessary to fulfill any of the Processing Purposes listed above.

Cross-border transfer of PI. As described above, due to our global nature, it may be necessary for us to transfer your data internationally to our affiliates and trusted third parties located outside of China. Where we do so, we will secure your PI by using appropriate safeguards consistent with the Chinese laws and regulations that apply to us.

How to Contact Us

To submit a data subject request, click here and provide the information requested. If you have questions or concerns about the Company’s privacy practices or to exercise any rights that you may have that is described in this Privacy Policy, you can contact the Company’s Data Protection Officer by emailing DSRequests@Solidigm.com. Requests will be responded to in a timely manner.

Login

Solidigm Worldwide Candidate Privacy Policy Notice