POINT72 POLAND SP. Z O.O.

In this notice, “we”, “us” and “our” means the entity employing or proposing to employ you or in which you are or may become a partner on the date that you receive this document, which will be Point72 Poland sp. z o.o., with its registered office in Warsaw, address ul. Plac Marszałka Józefa Piłsudskiego 1, 00-078 Warsaw, Poland, entered in the Commercial Register of the National Court Register under number KRS 0000819343 (“Point72”).

References in this notice to GDPR mean the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).

About this privacy notice

Please take the time to read and understand this privacy notice in conjunction with Point72’s International Personal Information Privacy Policy which can be found here.

For the purposes of data protection law, Point72 is a data controller in respect of your personal data.

This privacy notice applies if you are an employee of our organisation or you take part in the recruitment process for employment in our organization or you are or may become a partner of our organization and sets out the basis on which any personal data about you will be processed by us.

We will only process your personal data as necessary to fulfil the purposes set out in this notice as they apply to you.

1. SOURCES OF PERSONAL DATA THAT WE COLLECT ABOUT YOU

Point72 collects information about its employees and candidates for employment in the course of the recruitment process and subsequent employment. Such information:

1.1 is collected directly from you (for example, it is delivered to us on your own initiative or in the forms that you are asked to complete);

1.2 is generated and collected automatically when you use or otherwise interact with Point72’s IT systems (for example, when you log in to our network or send an e-mail which is retained in our systems);

1.3 is created and/or delivered by colleagues or managers (for example in the annual appraisal process or in the course of an internal investigation);

1.4 is provided to us by third parties (for example by a business partner who comments on your performance or as a result of information received from public authorities, from a bailiff in respect of seizure of your salary or from an employment agency that assists us in searching for candidates for work); and

1.5 is occasionally obtained by us from other sources (e.g. downloaded from the Electronic Services Platform of the Social Insurance Institution, where electronic sick-leave certificates of Point72’s employees are made available).

2. PERSONAL DATA THAT WE COLLECT ABOUT YOU

Subject to applicable law, we will collect and process the following personal data about you:

2.1 during and for the purpose of recruitment process: name and surname, date of birth, contact data, education, professional qualifications, employment history and any other data, which you disclose to us based on your voluntary consent (such as employment or academic references) or that we are entitled to process on another legal basis (such as results of conducted background checks or criminal record checks, if allowed by applicable law);

Apart from the data specified in point 2.1 above, during your employment with us we may also process the following personal data about you:

2.2 place of birth, mailing and residence address, registered address, National Health Fund branch, citizenship, information on the general defence obligation, PESEL number, identity card number, tax identification number (NIP), business and personal contact (including emergency contact to a next of kin) information, photograph, and, under some circumstances, also other detailed information/identity documents that are processed in order to perform our legal obligations (e.g. driver’s license or passport);

2.3 citizenship and, in the case of foreigners – detailed information on the lawfulness of their residency and work in Poland (such as information on visas, residency and work permits);

2.4 information required by law regarding your health status and information about disabilities that you have provided us with;

2.5 job title, department, responsibilities, responsible line manager(s), team members for whom you are responsible and related information regarding your status in Point72’s organisation, such as your internal employee ID number and authorisations held (e.g. powers of attorney);

2.6 date of hire and termination of employment (with the mode of termination and related information), references from former employers obtained from you or with your consent, employment history with Point72, used and remaining holiday entitlement and other work leave;

2.7 information regarding your salary and additional benefits that you are entitled to, including healthcare packages or health insurance, your bank account details or information relating to seizure of your salary;

2.8 records of working hours, sickness and other absence records, records of professional training and information on other activities and plans relating to the employee’s professional development;

2.9 information on your job performance, employment record and, depending on the nature of your position with Point72, records of your role in Point72’s business and assessment of the compliance of your conduct with the law, Point72’s policies and employee obligations, collected, for example, in relation with the annual performance appraisal process or internal investigations conducted in relation to a disciplinary process or a complaint lodged by you;

2.10 phone conversations recordings, in accordance with rules specified in our Work Rules; and

2.11 information on your personal and family situation, such as your health status, economic position, marital status and information regarding your spouse/partner and children, provided by you on your own initiative in order to enjoy additional benefits (such as assistance grants, loans, medical and insurance benefits).

3. LEGAL BASIS FOR THE PROCESSING OF YOUR PERSONAL DATA

Your personal data may be stored and processed by us on the following legal basis:

3.1 the processing is necessary for the performance of your contract of employment with us or in order to take steps at your request prior to entering into a contract of employment (art. 6 point 1 (b) GDPR). For example, we use your personal data to pay you, to evaluate your individual performance, and to provide benefits in connection with your employment;

3.2 to comply with any legal or regulatory obligation to which we are subject (including compliance with any request from regulatory authorities or other relevant public authorities) (art. 6 point 1 (c) GDPR);

3.3 the processing is necessary for the purposes of the legitimate interests pursued by us or by a third party (art. 6 point 1 (f) GDPR). Our legitimate interests include, but are not limited to:

3.3.1 managing our information technology,

3.3.2 ensuring the security of our systems and their use in accordance with our policies and procedures (including our email system),

3.3.3 protecting our business from theft of intellectual property, disclosure of company secrets and other acts of unfair competition, appropriation of property, cyberattacks and other interference;

3.3.4 allowing us to effectively and efficiently administer and manage the operation of our business including establishing, exercising or defending our legal rights for the purposes of legal proceedings;

3.3.5 protecting information which is proprietary to us;

3.3.6 ensuring a consistent approach to the management of our employees and the employees of our affiliate companies worldwide;

3.3.7 maintaining compliance with internal policies and procedures and, if appropriate, conducting internal investigations;

3.4 the processing is necessary to protect your vital interests (art. 6 point 1 (d) GDPR), for example to enable us to contact you or your next of kin in the event of an emergency.

4. DISCLOSURE OF YOUR INFORMATION TO THIRD PARTIES

We may disclose your personal data to third parties, where reasonably necessary for the purposes of processing. In particular, we may disclose your data to:

4.1 our affiliates within the Point72 group for the purposes of:

4.1.1 the management and administration of our business and our affiliates’ business;

4.1.2 complying with the functions that each of them may perform relating to regional or global HR operations;

4.1.3 benchmarking employee salaries and benefits with similar organisations;

4.1.4 assessing compliance with applicable laws, rules and regulations, and internal policies and procedures across our business and our affiliates’ business;

4.1.5 where your personal data are held as part of an internal directory, enabling adequate communication with you for the performance of employment duties or for emergency reasons; and

4.1.6 the administration and maintenance of the databases storing personal data relating to our employees or to employees of our affiliates.

We will take steps to ensure that the personal data is accessed only by employees of our affiliates that have a need to do so for the purposes described in this notice.

4.2 We may also share your personal data with third party agents and contractors outside of our corporate group for the purposes of providing services to us, including payroll service providers, IT and communications providers, law firms, accountants, auditors and Approved Publication Arrangement and Approved Reporting Mechanism service providers. These third parties will be subject to confidentiality requirements and they will only use your personal data as described in this privacy notice.

4.3 We may also share your personal data with our business partners (including banks, brokers and counterparties) to the extent it is necessary for them to receive this information as part of Point72’s general business operations.

4.4 Third parties to whom Point72 is required to disclose the information under a legal requirement (including litigation counterparties, in the execution of an obligation imposed by a court).

4.5 Competent public authorities, including the tax office, the Social Insurance Institution, regulatory and prosecuting authorities and courts.

4.6 Your potential future employers, if you ask us to issue and deliver references.

4.7 In case of a potential sale of the our company or of its assets, we may communicate your personal data to a potential buyer for the purpose of due diligence operations.

5. TRANSFERS OF PERSONAL DATA OUTSIDE THE EUROPEAN ECONOMIC AREA

The personal data that we collect from you may be transferred to, and stored at, a destination outside the European Economic Area (“EEA”), in particular to the United States. It may also be processed by individuals operating outside of the EEA who work for our affiliates in the United States or elsewhere or for one of our suppliers.

Where we transfer your personal data outside the EEA, we will ensure that it is protected in a manner that is consistent with how your personal data will be protected by us in the EEA.

This can be done in a number of ways, for instance:

5.1 the country that we send the data to might be approved by the European Commission as offering a sufficient level of protection;

5.2 the recipient might have signed up to a contract based on “model contractual clauses” approved by the European Commission, obliging them to protect your personal data.

In other circumstances the law may permit us to otherwise transfer your personal data outside the EEA. In all cases, however, we will ensure that any transfer of your personal data is compliant with data protection law.

You can obtain more details about the protection given to your personal data when it is transferred outside the EEA (including a copy of the standard data protection clauses which we have entered into with certain recipients of your personal data) by contacting us in accordance with the “Contacting us” section below.

6. RETENTION OF PERSONAL DATA

How long we hold your personal data for will vary. The relevant retention period will be determined by various criteria including:

6.1 the purpose for which we are using the data – we will need to keep the data for as long as is necessary for that purpose; and

6.2 legal obligations – laws or regulations may set a minimum period for which we have to keep your personal data.

In general, we retain personal information about you during your employment as well as after your employment has ended, although certain personal data will be deleted during your employment as well as after your employment has ended, in accordance with our Data Destruction Guidelines or if required by law or necessary for the purpose for which the data are processed.

As a general principle, we retain personal data for periods compliant with the applicable law and we do not retain employee information (except in an anonymised / statistical form) for longer than we need it, given the purposes for which it is stored.

7. YOUR RIGHTS

You have a number of legal rights in relation to your personal data held by us. You can ask us to:

7.1 provide you with information regarding the processing of your personal data and access to the personal data which we hold about you;

7.2 in certain circumstances, as provided by law, provide you with a copy of your personal data in a structured, commonly used and machine – readable format and/or request that we transmit those data to a third party where this is technically feasible. Please note that this right only applies to personal data which you have provided to us;

7.3 correct your personal data if it is inaccurate or incomplete;

7.4 erase your personal data; or

7.5 restrict our processing of your personal data. In certain circumstances you can also object to our other processing of your personal data.

These rights will be limited in some situations; for example, where we are required to process your personal data by EU or EU member state law or where we are legally entitled to refuse your request.

You can also lodge a complaint with the data protection authority (details of which are provided below) if you think that any of your rights have been infringed by us.

Data Protection Authority in Poland is:

President of the Data Protection Office (Prezes Urzędu Ochrony Danych Osobowych)

ul. Stawki 2

00-193 Warszawa

You can find out more information about your rights by contacting the President of the Data Protection Office, or by searching their website at https://uodo.gov.pl/

To exercise your rights, please contact us using the details set out below.

8. CONTACTING US

If you would like further information on the collection, use, disclosure, transfer or processing of your personal data or the exercise of any of the rights listed above, please address questions, comments and requests to DataPrivacy@Point72.com.

9. CHANGES TO THIS PRIVACY NOTICE

This Privacy Notice takes effect on 8 September 2020. If we change it, to keep you fully aware of our processing of your personal data and related matters, we will post the new version to www.point72.com.