Personnel, Applicant, and Candidate Privacy Policy

Last Updated: December 12, 2024

At Mimicrii, our mission is to accelerate the development of artificial intelligence (“AI”) applications. We have a talented workforce (“you”) that helps us accomplish this mission.

Here we describe our privacy practices for our global workforce. You will learn about the personal information we collect, how we use it, how you can access and control it, and the measures we take to keep it safe.

1. Scope and Applicability

This Privacy Policy applies to employees, independent contractors, consultants, and other individuals (collectively, "personnel") who currently work or previously have worked for Mimicrii, Inc. or an affiliate (“Mimicrii” or “we”) except as excluded by the next paragraph below. This policy also covers individuals who applied to work for Mimicrii (“applicants”) or who were recruited by us (“candidates”). 

This policy covers individuals who sign up, apply, or are recruited to complete tasks or related services for AI applications as independent contractors of Mimicrii subsidiaries.

2. Personal Information We Collect

We collect different kinds of information depending on whether you currently work or formerly worked for us, or applied or were recruited for a job. We may collect information directly from you, automatically from our computer systems, devices and premises, or from third party sources, such as when you authorize us to check your background as permitted under applicable law. The provision of certain personal information is mandatory and may be required under applicable law or in accordance with a contractual requirement. The collection of any such mandatory information will be made clear at the time of its collection.

We collect the following categories of information:

Identification Information - Name and identifiers; government identification numbers such as passport number, social security number, drivers license number, state identification number; citizenship or work permit status; other details in and copies of identity documents; audio and visual information such as your image and voice.

Contact Information - Mailing address; personal and work email address; personal and work phone number; emergency and other contact details.

Background, Application, or Recruitment Information - Resume and cover letter; education history, academic degrees, certifications, skills, awards, and professional qualifications; references provided during the application process; information from or needed to complete background checks (if permitted under applicable law); security clearance information; other information you provide to us in support of the application or recruitment process.

Personnel Records - Job title; office location; contract, start date, termination date; sick time, vacation time, other leave including parental leave; working days and hours; training history; current or past performance evaluations; disciplinary processes and grievance procedures; workplace illness and injury information; other documents relevant to establishing, maintaining, or terminating personnel.

Compensation or Benefits Information - Banking details; tax information such as tax registration number and withholdings; salary, bonuses, stock and equity grants, and benefits; expenses and company allowances; information about your dependents, spouse, or partner; other information necessary for the administration of payroll, health insurance, or benefits.

Communications or Survey Information - Content of communications when you communicate with us; answers to survey questions; date and time of the communication or survey completion and IP address.

Demographic or Sensitive Information - Demographic information including gender; age or date of birth; marital status; veteran status; race, ethnicity and national origin; sexual orientation; religious or philosophical beliefs; trade union membership; and health information including information about any disabilities.

Security or Access Data - Information obtained through electronic means such as building access data and other security records; and video surveillance in public and common areas in or near our offices.

|IT Data - Information required to provide access to company IT systems and networks (including information collected through those systems) such as IP addresses, access files and login information; inferred location based on IP address; device identifiers and information; application and website data, and other information about activities you engage in on Company property, equipment, accounts, systems and network.

3. How and Why We Use Personal Information

We use the personal information we collect to carry out and support our human resources activities and business operations and for other purposes described below or at the time we collect the information

4.  Legal Bases for Processing Personal Information – EEA, UK, and Switzerland only

If you are based in the EEA, the UK or Switzerland, we rely on several legal bases to process personal information:

- Contractual Necessity. We use your personal information to manage the employment relationship with you, to ensure that we pay you your benefits, and to comply with our contractual obligations with you.

- Legal obligations. We process personal information, including sensitive personal information, when legal and regulatory obligations require us to. For example, we may be required by law to keep certain data about your leave, including medical leave, or to report benefits information to tax authorities.

- Legitimate Interests. We may process your information where we have a legitimate interest in internal management, effective personnel administration, maintaining and improving efficiencies and processes in the workplace, maintaining the safety and security of personnel and others, complying with contractual obligations, enforcing policies, and defending our interests in legal proceedings.

- Vital interests. We may process information in order to protect the vital interests of personnel, particularly sharing information in the event of an accident or emergency.

- Consent. We may seek your consent to process your personal information in specific circumstances, such as to provide a reference, seek to monitor diversity, or obtain medical reports.

5. Personal Information Sharing and Disclosure

  • We do not share your personal information except as follows: 

  • With Personnel and Affiliates. We share your information with Mimicrii personnel, within the scope of their job responsibilities and in accordance with law, for the human resources and business purposes described in this Privacy Policy. We may share personal information with our affiliates in order to administer human resources, staff compensation and benefits at an international level on our HR platform, as well as for other legitimate business purposes such as IT services and security, tax and accounting, and general business management.

  • Service Providers. Mimicrii uses certain trusted third-party service providers who provide services to us or on our behalf, or otherwise support our relationship with you, such as (but not limited to) our recruitment platform provider, HR platform provider, payroll providers and benefits or leave administration providers. These third parties may have access to your personal information to perform services on our behalf but only as is reasonably necessary for the purpose that Mimicrii has engaged them for and in compliance with this Privacy Policy. 

  • Business Transferees. We may share information in connection with a merger, acquisition, reorganization, or sale of assets, or in the event of bankruptcy.

  • Authorities and Others. We may disclose your information to third parties if we determine such disclosure is reasonably necessary to: (a) comply with applicable law, regulation, legal process, or government request, (b) protect any person from death or serious bodily injury, (c) prevent fraud, abuse, or a security issue of Mimicrii, and (d) to protect Mimicrii’s or its licensors’ rights, property, safety, or interest.

  • Consent. We may also disclose or share your personal information where you have given us your consent to do so.

6. Security

Mimicrii is concerned with safeguarding your personal information. Mimicrii employs appropriate and reasonable physical, technological, and organizational security measures to protect the personal information that we collect and process about you. The measures are designed to provide a level of security appropriate to the risk of processing. In addition, we limit access to personal information to those employees, agents, contractors, and other third parties who have a legitimate business need for such access. 

7. International Transfers

Mimicrii is headquartered in the United States , with employees located globally. Our third-party service providers and partners operate worldwide. This means that, in connection with our business and for employment, administrative and management and legal purposes, information that we collect about you may be transferred to, stored, and processed by us, our affiliates, and other third parties in countries outside the country in which you are resident. These countries may have data protection and privacy regulations that may not offer the same level of protection as the laws in your country. 

We will ensure that any transfer is lawful and that there are appropriate security arrangements in place.

For transfers of personal information from the EEA, the UK, and Switzerland to third countries (i.e., countries which do not benefit from an "adequacy decision" from the European Commissioner, or similar decision in the UK and Switzerland) we will transfer personal information according to the requirements of applicable data protection legislation by putting in place appropriate safeguards, including by entering into Standard Contractual Clauses approved by the European Commission (and equivalent clauses in the UK and Switzerland).  

For details of these safeguards, please contact us as provided in Section 12. 

8. Data Retention

We will retain your personal information only for as long as is necessary for the purposes set out in Section 3. How and Why We Use Personal Information. In general, we will keep your personal information for the duration of our relationship and for a period afterwards. In considering how long to keep your personal information, we will take into account its relevance to our business and your employment either as a record or in the event of a legal claim. We will retain and use your personal information to the extent necessary to comply with our legal obligations (for example, if we are required to retain your data to comply with applicable laws), resolve disputes, and enforce our legal agreements and policies.

9. Your Privacy Rights and Choices – EEA, UK, and Switzerland only

If you are based in the EEA, the UK, or Switzerland, you may have the following rights with regard to the personal information we control about you, subject to applicable law.

You can access, correct, amend, and delete your personal information by contacting us at privacy@mimicrii.com

You can object to the processing of your personal information, ask us to restrict the processing of your personal information, or request the portability of your personal information. You can exercise these rights by contacting us at privacy@mimicrii.com.

If we have collected and processed your personal information with your consent, then you can withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal. You can withdraw your consent by contacting us at privacy@mimicrii.com.

You have the right to complain to a data protection authority about our collection and use of your personal information. For more information, please contact your local data protection authority. If you are based in the EEA, the contact details for data protection authorities are available here and if you are based in the UK, the contact details are available [here](https://ico.org.uk/global/contact-us/). 

We may request specific information from you to help us confirm your identity and process your request.

10. U.S. State Law Requirements

Some U.S. state privacy laws, such as the California Consumer Privacy Act (“CCPA”), require specific disclosures for state residents.

This Privacy Policy is designed to help you understand how Mimicrii handles your personal information. In the sections above, we explain: (1) the categories of information Mimicrii collects and the sources of that information; (2) how Mimicrii uses information; (3) when Mimicrii may disclose information; and (4) how Mimicrii retains information. Mimicrii does not sell your personal information. Mimicrii also does not “share” your personal information as that term is defined in the CCPA.

State laws like the CCPA also provide the right to request information about how Mimicrii collects, uses, and discloses your information. And they may give you the right to access and correct your information, and to request that Mimicrii delete that information. Finally, the CCPA provides the right to not be discriminated against for exercising these privacy rights.

If you have questions or concerns related to your rights under CCPA, or would like to exercise your rights, you (or your authorized agent) can contact us at privacy@mimicrii.com. We may request certain information from you to verify your identity in order to respond to your request

The CCPA also requires a description of the personal information we collect using the following categories:

  • Identifiers, such as your name, postal address, email address, phone number, passport number, social security number, driver's license number, company name and role, employee ID, and other unique identifiers including online identifiers (e.g. IP address);

  • Personal information categories listed in California Civil Code § 1798.80(e), such as your name, signature, postal address, phone number, passport number, driver’s license or state identification card number;

  • Protected classification characteristics under California or federal law, such as your age, race, gender, national origin, citizenship, religion, marital status, sexual orientation, or disability;

  • Commercial information, such as website engagement;

  • Internet or network information, such as browsing and search history, website and advertisement interactions;

  • Geolocation data, such as city, state, and country based on IP address;

  • Audio, electronic, visual, and similar information;

  • Professional or employment-related information, such as information about your role;

  • Non-public education information, such as your education grades and transcripts;

  • Inference data, such as information about your preferences; and

  • Sensitive personal information, as defined by the CCPA, such as your racial or ethnic origin, sexual orientation, religious or philosophical beliefs, trade union membership, social security, driver’s license, state identification card or passport number, citizenship or immigration status, account log-in information, content of communications (but only if Mimicrii is the intended recipient of the communication) and health information (including information about any disabilities).

We collect this information for the business and commercial purposes described in Section 3 of this Privacy Policy. The categories of third parties to whom we disclose the information for a business purpose are described in Section 5.

11. Data Privacy Framework Notice

Mimicrii complies with the EU-U.S. Data Privacy Framework (“EU-U.S. DPF”) and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (“Swiss-U.S. DPF”) as set forth by the U.S. Department of Commerce. Mimicrii has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (“EU-U.S. DPF Principles”) with regard to the processing of personal data received from the European Union and the United Kingdom in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF. Mimicrii has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (“Swiss-U.S. DPF Principles”) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this Privacy Policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit here.

Mimicrii’s commitments under the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF are subject to the regulatory enforcement powers of the U.S. Federal Trade Commission. If there is any conflict between this Privacy Policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern.

Mimicrii may employ third party service provider companies and individuals to help Mimicrii carry out and support our human resources activities and business operations. Mimicrii maintain contracts with service providers that restrict their access, use, and disclosure of personal data in compliance with our EU-U.S. DPF and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF obligations, including the onward transfer principle, and we may be liable if they fail to meet those obligations and we are responsible for the event giving rise to damage.

12. Disputes. 

JAMS is the US-based independent organization responsible for reviewing and resolving complaints about our Data Privacy Framework compliance - free of charge to you. Please first submit any such complaints directly to us via privacy@Mimicrii.com. If you aren’t satisfied with our response, please contact JAMS at www.jamsadr.com/eu-us-data-privacy-framework. In the event your concern isn’t addressed by JAMS, you may be entitled to binding arbitration granted under the Data Privacy Framework Program and its principles to resolve complaints as described here.

In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, Mimicrii commits to cooperate and comply respectively with the advice of the panel established by the EU data protection authorities (“DPAs”) and the UK Information Commissioner’s Office (“ICO”) and the Swiss Federal Data Protection and Information Commissioner (“FDPIC”) with regard to unresolved complaints concerning our handling of human resources data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF in the context of the employment relationship. 

13. Changes to this Policy

Mimicrii may change this Privacy Policy from time to time. Each version of this policy is identified by its date.

14. Contacting Us

The Mimicrii entity that employs you, along with Mimicrii, Inc., act as the controllers of your personal information.

If you have questions about this Privacy Policy, please contact us at privacy@mimicrii.com

We are committed to ensuring this Privacy Policy is accessible to individuals with disabilities. If you wish to access this Privacy Policy in an alternative format, please contact us as described above.