Candidate Privacy Notice

1. Scope of This Notice

This Candidate Privacy Notice explains how Nexma collects, uses, and protects the personal data of individuals who apply for, or are considered for, roles at Nexma ("Candidates"). It applies to applications made through our careers channels, referrals, and recruiting partners. It supplements our general Privacy Policy.

2. Personal Data We Collect

Depending on the role and your application, we may collect:

• Identification and contact details (name, email, phone, location);
• Professional information (CV/résumé, work history, education, skills, references, portfolio or work samples);
• Application and assessment information (interview notes, exercise results, and your responses to our questions);
• Information you choose to share, and information from public professional profiles or background checks where lawful; and
• Where permitted and necessary, information required to assess eligibility to work or to meet legal obligations.

3. Purposes and Legal Bases

We process Candidate data to evaluate applications, communicate with you, conduct interviews and assessments, make hiring decisions, and comply with our legal obligations. For Candidates in the EEA and UK, our legal bases under the GDPR and UK GDPR (Article 6) include our legitimate interests in recruiting, taking steps at your request prior to entering a contract, compliance with legal obligations, and, where applicable, your consent.

Where we process special categories of data (Article 9 GDPR) — for example, to provide accommodations or meet equal-opportunity obligations — we do so only on a valid legal basis and with appropriate safeguards.

4. Retention

We keep Candidate data only as long as necessary for the purposes above. If you are not hired, we may retain your information for a limited period to consider you for future roles and to meet legal requirements, after which it is deleted or anonymized. If you are hired, relevant information becomes part of your employment record under our employee privacy notice.

5. How We Share Information

We share Candidate data with personnel involved in hiring and with service providers acting as processors on our behalf (for example, applicant-tracking and assessment providers), who are bound to protect it and use it only for the services they provide to us. We may also disclose information where required by law.

6. International Transfers

Where Candidate data is transferred across borders, including outside the EEA or UK, we put appropriate safeguards in place, such as Standard Contractual Clauses or another lawful transfer mechanism, to protect your information.

7. Your Rights

Subject to applicable law, you may have rights to access, correct, delete, or restrict the processing of your personal data, to object to certain processing, and to data portability. Candidates in the EEA and UK have these rights under the GDPR and UK GDPR; California applicants have rights under the CCPA, including rights to know, delete, and correct, and the right not to be discriminated against for exercising them. To exercise your rights, contact us using the details below.

8. Automated Decision-Making

Hiring decisions at Nexma are made by people. We do not make decisions producing legal or similarly significant effects about Candidates based solely on automated processing without appropriate safeguards and, where required, your consent or another lawful basis.

9. Contact

If you have questions about this notice or wish to exercise your rights, contact us using the details below. If you are in the EEA or UK and remain unsatisfied, you may lodge a complaint with your local data-protection authority.