AssemblyAI Inc. (the “Company,” “AssemblyAI,” “us” or “we”) is committed to protecting the privacy and security of the personal data of provided by individuals applying for a job or other role at the Company (“Job Applicants”), as well as the personal data of our current and former employees (“Employees”) and contractors (together with Employees, “Worker”) and their emergency contacts and beneficiaries. Please read this GDPR Job Applicant and Worker Privacy Notice (the “Privacy Notice”) to learn how we treat your personal data when you are one of our Job Applicants or Workers. If you are located in in the European Economic Area (“EEA”), Switzerland, or the United Kingdom (“UK”), you have certain rights under General Data Protection Regulation and as the General Data Protection Regulation EU GDPR forms part of the law of England and Wales by virtue of section 3 of the European Union (Withdrawal) Act 2018 (collectively, together, the “GDPR”) with respect to your personal data, as outlined below. In this Privacy Notice, we use the term “personal data” as it is defined under the GDPR. This Privacy Notice only applies to Job Applicants and Workers located in the EEA, Switzerland, and the UK.

‍

As we continually work to improve our operations and business, we may need to change this Privacy Notice from time to time. Upon material changes, we will alert you to any such changes by placing a notice on the Company’s intranet, by sending you an email and/or by some other means. 

‍

What Categories of Personal Data Do We Collect? 

Below details the categories of personal data we may collect and may have collected over the past twelve (12) months. Note that the collection, use, and disclosure of your personal data may vary depending on the nature of your relationship with us, including as a Worker or Worker’s emergency contacts and beneficiaries. 

‍

FOR JOB APPLICANTS: 

Depending on your preferences, where you are in the application stage (e.g., screening, assessment tests, interviews, background and reference checks, or decision stage), and other factors, the collection, use, and disclosure of your personal data may vary.

‍

• Personal Contact Data such as name, mailing address, email address, phone number. 
• Internet or Other Electronic Network Activity Data such as information regarding your interaction with our website, job posting, application, or advertisement (including chats and instant messaging).
• Sensory Data such as photos, videos, and recordings of your environment. 
• Professional or Employment-Related Data such as resume, job title, job history, performance evaluations, membership in professional organizations and unions, and job interview transcripts, notes, responses to screening questions and assessment results.
• Education Data such as grades or transcripts, student financial information, and student disciplinary records.
• Special Categories of Personal Data such as personal data revealing racial and ethnic origin, political opinions, religious or ideological convictions or trade union membership, criminal records in connection with a background check.
• Other Personal Data that you provide. 

‍

FOR WORKERS:

Similar categories of data we collect in your role as a Job Applicant as described above may be collected and retained if you become an Employee of the Company. For additional categories of personal data that may be collected solely from Workers, please see below.

‍

• Professional or Employment-Related Data such as performance management information (e.g., employment status, work schedule, job assignments, hours worked, accomplishments, awards), training and development information, discipline and counseling information, and employment termination information.
• Other Personal data such as health data, dependent information, emergency contact information, beneficiary information, and any other personal data that you may provide. 

‍

Legal Basis for Processing your Personal Data

Depending on the nature of your relationship with us, including whether you’re a Job Applicant, an Employee, a contractor, or a Worker’s emergency contacts and beneficiaries, we only process your personal data where applicable law permits or requires it, including where the processing is necessary to assess your potential employment with us, where the processing is necessary to comply with our legal obligations or for our legitimate interests or the legitimate interests of third parties, or with your consent. We may process your personal data for legitimate business purposes and for the following purposes:

‍

• Process and manage your application: We use your personal data to process your job application, establish a job applicant profile for the recruitment process, assess your qualifications for a specific role with us, schedule and conduct interviews, communicate with you, and carry out background and reference checks (see the following bullet point for additional information). We may collect visual information of job applicants through photographs used for identification purposes. With your consent, we may record video of you in connection with the application process, for example through a third party screening service. 
• Process and manage your employment: If you are offered a position with us, we will use your personal data in the employee on-boarding process and managing your personnel records including enrolling and administering employee benefits, paying wages, managing workflows, carrying out job promotion processes, evaluating performance, and other related employment purposes (as authorized by you and permitted by applicable law). 
• Conduct reference and background checks (as permitted by applicable law): We use personal data we collect to conduct reference checks and to evaluate your qualifications and experience. We may also conduct background checks (as authorized by you and permitted by applicable law).
• Provide immigration support: If applicable and as permitted by applicable law, we may collect your personal data to assist with immigration support, such as applying for visas or work permits. 
• Analyze and improve our recruitment process and tools: For example, we analyze trends in our applicant pool, and use personal data to understand and improve our recruitment process and tools (including improving diversity and inclusion). 
• Record-keeping: We keep records of your personal data as required by law and in accordance with our record retention policies. 
• Meeting legal requirements and enforcing legal terms: We collect and process your personal data for purposes of: fulfilling our legal obligations under applicable law, regulation, court order or other legal process, such as preventing, detecting and investigating security incidents and potentially illegal or prohibited activities; protecting the rights, property or safety of you, us or another party; enforcing any agreements with you; responding to claims; and resolving disputes. Additionally, we may use information about protected characteristics to analyze and monitor the diversity of our job applicants and Employees in accordance with applicable laws.

‍

We will only process your personal data for the purposes we collected it for or for compatible purposes. If we need to process your personal data for an incompatible purpose, we will provide notice to you and, if required by law, seek your consent. We may process your personal data without your knowledge or consent where required by applicable law or regulation.

‍

We may also process your personal data for our own legitimate interests, including for the following purposes:

• To prevent fraud.
• To ensure network and information security, including preventing unauthorized access to our computer and electronic communications systems and preventing malicious software distribution.
• To support internal administration with our affiliated entities.
• To conduct data analytics analyses to review and better understand our recruitment process.

‍

We will not process your personal data for the purpose of automated decision-making without your prior consent. 

‍

Collection and Use of Special Categories of Personal Data

We may collect and process certain special categories personal data about you, such as health data, as well as personal data revealing racial and ethnic origin, political opinions, religious or ideological convictions or trade union membership, or criminal record in connection with a background check to the extent such processing is necessary for us to carry out our obligations with respect to your application or employment. Where we have a legitimate need to process special categories of personal data about you for purposes not identified above, we will only do so only after providing you with notice and, if required by law, obtaining your prior, express consent.

‍

How We Disclose Personal Data

Unless specifically noted, authorized by you, or required for us to comply with our legal obligations, enforce our rights, or defend against legal claims, we will disclose your personal data to the categories of service providers.  

‍

• Service Providers perform business functions on our behalf and may include:
  
  • Hosting, technology and communication providers.
  • Security and fraud prevention consultants.
  • Background and reference check screening services.
  • Hiring process and benefits management and administration tools.
  • Health and safety technology providers.

‍

We may also disclose or transfer your personal data to a third party if we undergo a merger, acquisition, bankruptcy or other transaction in which that third party assumes control of our business (in whole or in part).

‍

Data Security 

We seek to protect your personal data from unauthorized access, use and disclosure using appropriate physical, technical, organizational and administrative security measures based on the type of personal data and how we are processing that information. You should also help protect your data by appropriately selecting and protecting your password and/or other sign-on mechanism, limiting access to your computer or device and browser, and signing off after you have finished accessing your account. Although we work to protect the security of your account and other data that we hold in our records, please be aware that no method of transmitting data over the internet or storing data is completely secure.

‍

Data Retention

We retain personal data about you for as long as necessary to perform our business or commercial purposes, including employment-related purposes, for collecting your personal data. When establishing a retention period for specific categories of personal data, we consider who we collected the personal data from, our need for the personal data, why we collected the personal data, and the sensitivity of the personal data. In some cases we retain personal data for longer, if doing so is necessary to comply with our legal obligations, resolve disputes or collect fees owed, or is otherwise permitted or required by applicable law, rule or regulation. We may further retain information in an anonymous or aggregated form where that information would not identify you personally. 

‍

Note that if you are a Job Applicant that applied through a third-party such as a recruiting company or submitted your application through a recruiting software (e.g., Greenhouse Linkedin), you may be subject to their separate terms of service and privacy policy.

‍

Your Rights under the GDPR

If you are a Job Applicant or Worker located in the EEA, Switzerland, or the UK, we are required to provide you with additional information about our processing of your personal data. Please note that, except as otherwise provided by applicable law, the information in this section as well as the other sections of this Privacy Notice apply to you. 

‍

If you are a Job Applicant or Worker located in the UK, Switzerland or EEA, the Company is the controller of your personal data. As a data controller, the Company is responsible for ensuring that the Company’s processing of your personal data complies with the GDPR. 

‍

Rights of Access, Correction, Erasure, and Objection

It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during the recruitment process. By law, you may have the right to request access to, correct, and erase the personal data that we hold about you, or object to the processing of your personal data under certain circumstances. You may also have the right to request that we transfer your personal data to another party. 

‍

Right to Withdraw Consent

Where you have provided your consent to the collection, processing, or transfer of your personal data, you may have the legal right to withdraw your consent under certain circumstances. 

‍

We may request specific information from you to help us confirm your identity and your right to access, and to provide you with the personal data that we hold about you or make your requested changes. Applicable law may allow or require us to refuse to provide you with access to some or all of the personal data that we hold about you, or we may have destroyed, erased, or anonymized your personal data in accordance with our record retention obligations and practices. If we cannot provide you with access to your personal data, we will inform you of the reasons why, subject to any legal or regulatory restrictions.

‍

Cross-Border Data Transfers 

Where permitted by applicable law, we may transfer the personal data we collect about you to the United States and other jurisdictions that may not be deemed to provide the same level of data protection as your home country for the purposes set out in this Privacy Notice. We may also transfer your personal data pursuant to standard contractual clauses or the Data Privacy Frameworks(s) described below.

‍

Data Privacy Framework(s)

AssemblyAI complies with the EU-U.S. Data Privacy Framework (“EU-U.S. DPF”), the UK Extension to the EU-U.S. DPF (“UK-U.S. DPF”), and the Swiss-U.S. Data Privacy Framework (“Swiss-U.S. DPF”) as set forth by the U.S. Department of Commerce.  AssemblyAI has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (“EU-U.S. DPF Principles”) with regard to the processing of all personal data received from the European Union in reliance on the EU-U.S. DPF and in reliance on the UK Extension to the EU-U.S. DPF (the “UK-U.S. DPF Principles”) as to the processing of all personal data received from the United Kingdom (and Gibraltar). AssemblyAI has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (“Swiss-U.S. DPF Principles”) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF.  If there is any conflict between the terms in this Privacy Policy and the EU-U.S. DPF Principles, the UK-U.S. DPF Principles, and the Swiss-U.S. DPF Principles, the EU-U.S. DPF Principles, the UK-U.S. DPF Principles, and the Swiss-U.S. DPF Principles shall govern.  To learn more about the EU-U.S. DPF, the UK-U.S. DPF, and the Swiss-US DPF, and to view our certification, please visit www.dataprivacyframework.gov/.

‍

The Federal Trade Commission has jurisdiction over AssemblyAI’s compliance with the EU-U.S. DPF, the UK-U.S. DPF, and the Swiss-U.S. DPF. This Privacy Policy describes the types of personal data we collect, the purposes for which we collect and use your personal data, and the purposes for which we disclose your personal data to certain types of third parties in the sections above.  Pursuant to the EU-U.S. DPF, the UK-U.S. DPF, and the Swiss-U.S. DPF, EU, UK, and Swiss individuals have the right to obtain our confirmation of whether we maintain personal data relating to them in the U.S. Upon request, we will provide EU, UK and Swiss individuals with access to the personal data that we hold about them. EU, UK, and Swiss individuals may also correct, amend, or delete the personal data we hold about them where it is inaccurate, or has been processed in violation of the EU-U.S. DPF Principles, the UK-U.S. DPF Principles, and the Swiss-U.S. DPF Principles, except where the burden or expense of providing access would be disproportionate to the risks to the individual’s privacy in the case in question, or where the rights of persons other than the individual would be violated. An EU, UK, and Swiss individual who seeks access, or who seeks to correct, amend, or delete inaccurate data transferred to the U.S. under the EU-U.S. DPF, the UK-U.S. DPF, and the Swiss-U.S. DPF, should direct their query to legal@AssemblyAI.com. If requested to remove data, we will respond within a reasonable timeframe. For more information about rights afforded to EU, UK, and Swiss individuals, please see the “European Union, United Kingdom, and Swiss Data Subject Rights” section of this Privacy Policy. 

‍

In addition, under the EU-U.S. DPF, the UK-U.S. DPF, and the Swiss-U.S. DPF, we will provide EU, UK, and Swiss individuals with the choice to opt-out from the sharing of their personal data with any third parties (other than our agents or those that act on our behalf or under our instruction), or before we use it for a purpose that is materially different from the purpose for which it was originally collected or subsequently authorized. 

‍

We will provide EU, UK, and Swiss individuals with the choice to opt-in to sharing their sensitive personal data with any third parties or if we plan to process their personal data for a purpose other than those for which it was originally collected or subsequently authorized. EU, UK, and Swiss individuals may request to limit the use and disclosure of your personal data by submitting a written request to legal@AssemblyAI.com. In addition to any other disclosures described in our Privacy Policy, in certain situations, we may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements. 

‍

AssemblyAI’s accountability for personal data that it receives in the U.S. under the EU-U.S. DPF, the UK-U.S. DPF, and the Swiss-U.S. DPF and subsequently transfers to a third party acting as an agent on our behalf is described in the EU-U.S. DPF Principles, the UK-U.S. DPF Principles, and the Swiss-U.S. DPF Principles. In particular, AssemblyAI remains liable under the EU-U.S. DPF Principles, the UK-U.S. DPF Principles, and the Swiss-U.S. DPF Principles if our agents process personal data in a manner inconsistent with the EU-U.S. DPF Principles, the UK-U.S. DPF Principles, and the Swiss-U.S. DPF Principles, unless AssemblyAI proves that we are not responsible for the event giving rise to the damage.

‍

In compliance with the EU-U.S. DPF, the UK-U.S. DPF, and the Swiss-U.S. DPF, AssemblyAI commits to resolve EU-U.S. DPF Principles, UK-U.S. DPF Principles, and Swiss-U.S. DPF Principles-related complaints about our collection and use of your personal data. EU, UK, and Swiss individuals with inquiries or complaints regarding our handling of personal data received in reliance on the DPF should first contact AssemblyAI at legal@AssemblyAI.com. 

If a privacy complaint or dispute relating to personal data received by AssemblyAI in reliance on the EU-U.S. DPF, UK-U.S. DPF, Swiss-U.S. DPF (or any of its predecessors) cannot be resolved through our internal processes, we have agreed to participate in the VeraSafe Data Privacy Framework Dispute Resolution Procedure. Subject to the terms of the VeraSafe Data Privacy Framework Dispute Resolution Procedure, VeraSafe will provide appropriate recourse free of charge to you. To file a complaint with VeraSafe and participate in the VeraSafe Data Privacy Framework Dispute Resolution Procedure, please submit the required information here: www.verasafe.com/privacy-services/dispute-resolution/submit-dispute/. 

‍

If a complaint or dispute cannot be resolved through our internal process, we have also agreed to cooperate with the EU and UK data protection authorities and the Swiss Federal Data Protection and Information Commissioner and to participate in the dispute resolution procedures of the panel established by such data protection authorities.

‍

If your EU-U.S. DPF, UK-U.S. DPF, or Swiss-U.S. DPF complaint cannot be resolved through the above channels, under certain conditions, you may invoke binding arbitration for some residual claims not resolved by other redress mechanisms. See Annex 1 of the Data Privacy Framework Principles, located at www.dataprivacyframework.gov/s/article/ANNEX-I-introduction-dpf?tabset-35584=2. 

‍

Contact for Questions

If you have any questions or comments regarding this Privacy Notice, the ways in which we collect and use your personal data or your choices and rights regarding such collection and use, please contact:

• legal@assemblyai.com
• Legal Department, 2261 Market Street #4577, San Francisco, California 94114

‍

Individuals with disabilities may access this Privacy Notice in an alternative format by contacting legal@AssemblyAI.com. 

‍