Privacy Policy

PRIVACY POLICY

Introduction

Health Equity Technologies, Inc. Privacy Statement
This privacy statement (“Privacy Statement”) describes how Health Equity Technologies, Inc.(“HET” “us”, “we”) generally collects, uses and shares your information. It applies to HET and its parents and subsidiaries, except where a parent or subsidiary presents its own statement without reference to HET’s.

Individuals that are residents of California should refer to the California Consumer Privacy Act of 2018 (CCPA) Supplement (“CCPA Supplement”) below.

Individuals that are submitting an application for employment should also refer to the Talent Acquisition Privacy Notice (“Talent Acquisition Privacy Notice”) below.

We may provide additional supplementary privacy notices as needed.

Information We Collect and Use

At HET, we value your privacy and are committed to protecting and processing your personal information responsibly. This section describes the various types of information that we collect and how we use it.

1. Information You Provide to HET

You may choose to provide us with information to receive certain services. You agree to let us use and share the information you submit for the purposes described in this Privacy Statement orotherwise agreed to by you, including providing and customizing services, conducting our business (including for internal business operations, analytics and to provide, develop, change, market or optimize our services and products) and to communicate and market to you directly or via third parties.

Please note that where we provide products and services as a business-to-business provider, HET’s client or affiliates are responsible for the collection and use of personal information while using our products or services, unless otherwise described. If HET obtains personal data as a service provider, HET’s clients are also responsible for providing appropriate notice to individuals and, when applicable, obtaining any required consents.

The information you provide us and how we use it depends on the services you choose to accessor — if you are an authorized user of a product or service purchased by our client — our contract with the client and may include:

• Name, date of birth and demographic information (e.g., age, gender, etc.)

• Business contact information: information that you would find on a business card, such as name and email address

• Home, work and/or mobile phone number

• Home, work, billing and/or shipping addresses

• Messages from you

• Health, prescription, pharmacy and related information

• Insurance information

• Professional information (e.g., National Provider Number (“NPI”))

Specific situations in which you may provide us with information include but are not limited to:

• You may need to provide your name, email address and country or region of residence to create an account to access certain services, use a product or make a request. Your email address may be used to contact you in relation to any services to which you subscribe.

• Your business contact information may be used to contact or communicate with you about business matters. We may also your business contact information that you provide to usor that we collect from your organization, our business partners or our suppliers. We may also combine your business contact information with other business-relevant information, such as information about your professional education, skills, work experience or other publicly available information, such as business-related blogs, publications, job roles andcertifications. This information may be used to tailor our interactions with you in any part of HET’s business, for example in the sales process, to maintain a relationship with youand for post-contractual relationships.

2. HET Website(s)

Our websites offer ways to communicate with you about HET and its products and services. The information that we collect on our websites is used to provide you with access to the website, to operate the website, to improve your experience and to personalize the way that information is provided to you. If you visit our websites without logging in with an account, we may still collect information that is connected to your website visit. For more information on the technologies that we use to collect website information and setting your preferences, see the Cookies and Similar Technologies section below.

We collect information about your use of our websites, such as:

• the webpages you view

• the amount of time you spend on pages

• the website URL that referred you to our pages

• your geographic information derived from your IP address

• any hyperlinks or advertisements you select

We use this information to improve and personalize your experience with our websites, provide you with content that you may be interested in, create marketing insights and to improve our websites, online services and related technologies.

When you use a HET website or a HET online service such as “as-a-service” and desktop applications or mobile applications, we also collect the information that your browser or device automatically sends, such as:

• your browser type and IP address

• operating system, device type and version information,

• language settings

• crash logs

• account information (if signed in with an ID)

• passwords

• use of HET online services, including the pages you view, your interactions on that page and your settings within the service.

This information is collected to:

• provide you with access to our webpages or services

• operate the service

• provide support

• personalize and improve your experience of the service

• improve the webpage view on your device and browser

• adapt to your settings and language

• adapt content for relevancy

• develop other services and technologies

• comply with applicable system and network security requirements or legal requirements.

We prepare reports on our websites to derive insights into trending topics and general market knowledge. These reports may be provided to third parties with details on how users interacted or showed interest in the third-party product or service that was presented on our websites. All reports display aggregated information and cannot be used to identify our website visitors.

We may also provide platforms and forums that enable online sharing, support and collaboration among registered members. Any information that you submit to these platforms may be made available others on the internet or removed by us, as covered in the platform privacy notice or terms. We are not responsible for any content that you make available through your use of our products or services.

Mobile application privacy notices may provide additional details about the information that is collected by the app, such as geo-location information or the unique User-ID of a device. Unique User-IDs are used to connect to servers and to connect the use of the device across apps. Depending on the functions of the app, you may be able to tailor your privacy settings by using the settings menu or in your user profile.

If HET offers online education services, we may collect information on course completions to be able to provide you with credentials, certificates or further information when needed.

We accept no responsibility for the content provided on or privacy practices, of third-party websites or applications.

3. Marketing

Subject to your preferences, we use the information that we collect directly from you, your organization or third-party data providers, to communicate with you about our products, servicesand offerings. We also use this information to personalize your experience with our content and advertisements and to develop internal marketing and business intelligence. To set or update your marketing communications preferences, you may select Unsubscribe at the bottom of each marketing email. To review or set your preferences regarding the information that we collect about you on our websites select Cookie Preferences in the website footer.

We use information that we collect for marketing purposes. This may include information:

• Collected directly from you through your interactions with HET, such as attendance at events or submission of online registration forms,

• Received from third-party data providers, subject to controls confirming that the third party legally acquired the information and has the right to provide the information to HET for use in our marketing communications,

• Subject to your preferences, collected on our websites or from your interactions with HETemails and content (such as whether emails are opened or links selected), including content on third-party sites. For more information on the technologies that we use to collect this information, see Cookies and Similar Technologies.

• Subject to your preferences, we may use this information to market to you regarding HETproducts, services and offerings. For example, we may:

o Personalize your experience with HET products and services, such as sharing more relevant content or pre-filling registration forms on our websites.

o Contact you by mail, telephone, email or text message (including by an automatic telephone dialing system) at any of the addresses, phone numbers or other information provided by you or on your behalf in connection with your account or service, including for marketing purposes.

To opt out of the use of your hashed email for personalization or targeted advertising, you can withdraw your email consent by submitting an opt-out request or selecting Unsubscribe in each marketing email.

To review or set your preferences regarding the information that we collect about you online on our websites, select Cookie Preferences in the website footer.

We also use this information to develop internal marketing and business intelligence which is essential for our business operations. For example, we may:

• Combine the information collected to better understand your interests and potential business needs, such as HET events you attend, content you review or any of our websites that you visit.

• Aggregate the information that is collected about website visitors for the purposes of developing and modelling marketing audiences.

• Leverage insights from the information collected to personalize content and advertisements across multiple interactions and devices.

For more information on the technologies that we use to collect this information and setting your preferences, see Cookies and Similar Technologies.

4. Contractual Relationships

A contractual relationship is created when you order a trial, a product or a service from us. While we mainly provide our products and services to businesses, individuals may also enter into an agreement with us directly as a client. We may collect any information that is reasonably necessary to prepare for, enter and fulfill, the contractual agreement.

The information collected in a contractual relationship may include the business contact information of the requester, an account ID and the order details. Information that is required for shipment and payment, for the implementation of services or to grant access to the product or service may also be collected.

This information may be collected for various purposes, depending on the nature of the products or services, for example, for contractual management and compliance, to provide support, for the improvement or development of our products and services, to contact you for customer satisfaction surveys and to generate technical and market insights.

5. Support Services

When you contact us to request support, we collect your contact information, problem description and possible resolutions. We record the information that is provided to handle the support query, for administrative purposes, to foster our relationship with you, for staff trainingand for quality assurance purposes.

The information that we collect may include any information exchanged during our phone conversations or provided during live chat support sessions on our websites. We may use this information to inform you of products or services that are related to your support request. This can include product updates or fixes and we may combine the information that is collected through other interactions with you or your organization to provide more valuable suggestions in relation to product support, such as any available training regarding the issue.

While we handle the support case, we may have incidental access to information that you have provided or information that is on your system. This information may contain information about you, clients, client’s authorized users (including client’s employees) or other relevant parties. The conditions regarding the handling and processing of this information is covered by the applicable Terms of Use or other agreements between HET’s client(s) and HET.

6. Protecting You and HET

We may collect and use information to protect you and HET from IT security threats and to secure the information that we hold from unauthorized access, disclosure, alteration ordestruction. This includes information from our IT access authorization systems, such as log-in information.

The security solutions we use to protect your information, our infrastructure and our networks may collect information such as IP addresses and log files. This collection is necessary for the functionality and utility of security programs to enable the investigation of any potential security incidents and generate insights on security threats.

We may use specialized tooling and other technical means to collect information at access points to and in, IT systems and networks to detect unauthorized access, viruses and indications of malicious activities. The information we collect may be used to conduct investigations when unauthorized access, malware or malicious activities are suspected and to remove or isolate malicious code or content.

7. HET Locations

When you visit a HET location, we collect your name or business contact information and, in some cases, information from a government issued ID. This information is collected for access management and to protect the security and safety of our locations and employees.

The information that is collected at our locations is used to issue access badges. We may verify the identity of visitors where legally permissible and, for supplier personnel working on site, a badge with a photo identification may be requested for identification purposes.

Camera supervision and access management are used for reasons of security and safety of our locations, employees and assets.

8. Recruitment and Former Employees

We collect information about job applicants or prospective candidates from several sources. We may look for prospective candidates with the help of recruitment intermediaries and may use publicly available information on social media platforms to identify prospective candidates for a specific function.

When an employee leaves HET, we retain basic information from the former employee about their employment at HET. We may continue to process necessary information that is related to them for any remaining business, contractual, employment, legal and fiscal purposes to the extent handled by HET. In some countries outside the U.S., the management of pensions or other retirement programs may be handled by an independent organization. Information about the processing of information for pensions can be found with such local organization.

Applicants are referred to the Talent Acquisition Privacy Supplement below for more information.

9. Conducting our Business Operations

We collect and use information to improve our business operations, systems and processes. For example, information may be used to conduct, maintain, audit and optimize our operations, to protect our assets and employees, for product development and to defend our rights.

We collect information about our business operations to make informed decisions about the organization, the business and to report on performance, audits and trends. For example, we use this information to analyze the costs and quality of our operations. Where possible, this is done by using aggregated information, but it may use personal information.

We collect and use information from our business systems, which may include personal information, to:

• protect or enforce our rights, including to detect fraud or other criminal activities (for example, by using information in payment systems)

• handle and resolve disputes

• answer complaints and defend HET in legal proceedings

• and comply with legal obligations in the countries where we do business

We collect information from the use of our business processes, websites, cloud and online services, products or technologies. This information may include personal information and is used for product and process development. For example, we may use this information to increase efficiency, decrease costs or improve services by developing automated processes and tools or to develop or improve the technologies on which these are based.

10. Cookies and Similar Technologies

A cookie is a piece of data that a website may send to your browser, which may be stored on your computer and can be used to identify your computer. Web beacons, including pixels and tags, are technologies that are used to track a user visiting a HET web page or if a web page was copied to another website. Web beacons may be used in email messages or newsletters to determine whether messages are read, forwarded or links selected. Local Shared Objects can store content information displayed on the webpage visited and preferences. These may be used to provide connected features across our websites or display targeted HET advertising on other websites based on your interests.

Session cookies can be used to track your progression from page to page so that you are not asked for information that you have already provided during the current session or information that is needed to be able to complete a transaction. Session cookies are erased when the web browser is closed. Persistent cookies store user preferences for successive visits to a website, such as recording your choice of language and country location. Persistent cookies erase their data within 12 months.

When you visit our websites, cloud and online services, software products or view our content on certain third-party websites, we collect information regarding your connection by using various online tracking technologies, such as cookies, web beacons, local storage or HTML5. Information that is collected with these technologies may be necessary to operate the website or service, to improve performance, to help us understand how our online services are used or to determine the interests of our users. We may use advertising partners to provide and assist in the use of such technologies on HET and other sites.

If a website collects cookies, a cookie management option will either presented as a notification window when you first visit a webpage or opened by selecting cookie preferences in the website footer. HET’s cookie manager may not address all types of tracking technologies (for example, web beacons). When using mobile apps, use the options on your mobile device to manage settings.

Blocking, disabling or rejecting HET cookies may cause services to not function properly, such as in connection with a shopping cart or block the use of websites or HET Cloud services that require you to sign in. Disabling cookies does not disable other online tracking technologies but prevents the other technologies from accessing any details stored in cookies.

Our websites may offer the possibility to use third-party social media options. If you elect to use these options, these third-party sites may log information about you, such as your IP address, access time and referring website URLs. If you are logged in to those social media sites, they may also link collected information with your profile information. We accept no responsibility for the privacy practices of these third-party services and encourage you to review their privacy policies for more information.

For information on cookies and how to remove these technologies by using browser settings, see https://www.allaboutcookies.org/.

Children

Unless otherwise indicated, our websites, products and services are not intended for use by children under the age of 16.

How We Share Personal Information

This section describes how we share information and how we facilitate that sharing.

We may share your personal information internally and externally with suppliers, advisors, clients or business partners for HET’s legitimate business purposes and only on a need-to-know basis.

When sharing personal information, we implement appropriate checks and controls to confirm that the information can be shared.

Internal: Personal information is shared for our legitimate business purposes, such as managing our relationship with you and other external parties, compliance programs or systems and networks security. We do this to improve efficiency, for cost savings and internal collaboration between our subsidiaries. Our internal access to personal information is restricted and granted only on a need-to-know basis. Sharing of this information is subject to the appropriate intra-HETarrangements, our policies and security standards.

External:

• Our business with suppliers may include the collection, use, analysis or other types of processing of personal information on our behalf.

• Our business model includes cooperation with independent business partners for marketing, selling and the provision of HET products and services. Where appropriate, we share business contact information with selected business partners.

• We may share personal information with professional advisors, including lawyers, auditorsand insurance companies to receive their services.

• We may share contractual relationship information with others, for instance, our business partners, financial institutions, shipping companies, postal or government authorities, such as the customs authorities that are involved in fulfillment.

• In certain circumstances, personal information may be subject to disclosure to government agencies in accordance with judicial proceedings, court orders or legal processes. We may also share personal information to protect the rights of HET or others when HETbelieves that such rights may be affected, for example to prevent fraud.

• If we decide to sell, buy, merge or otherwise reorganize businesses in some countries, such a transaction may involve disclosing some personal information to prospective or actual business purchasers or the collection of personal information from those selling such businesses.

We do not sell or otherwise disclose personal information, except as described in this Privacy Statement, in a notice provided to individuals at the time of collection or as individuals explicitly consent.

Facilitating International Transfers

When visiting HET’s website, you acknowledge and agree your information may be transferred to or accessed by HET subsidiaries and third parties in the U.S. and around the world. By providing your Personal Information, you consent to any transfer and processing in accordance with this Privacy Statement.

HET complies with laws on the transfer of personal information between countries to keep your personal information protected, wherever it may be. Where information is transferred outside the EEA to a country that is not subject to an adequacy decision by the EU Commission, data is adequately protected by EU Commission approved standard contractual clauses.

By choosing to visit HET’s website, utilize the services or otherwise provide information to us, you agree that any dispute over privacy or the terms contained in this Privacy Statement will be governed by the law of the State of Delaware and the adjudication of any disputes arising in connection with HET or its website will be in accordance with the terms.

Controller and Representative Information

HET does business through its subsidiaries worldwide. The privacy laws in some countries consider a Controller to be the legal entity (or natural person) who defines the purposes for which the processing of personal information takes place and how that information is processed. Parties that are involved in processing operations on behalf of a Controller may be designated as Processors. Designations and associated obligations differ, depending on the jurisdiction.

Where this is relevant for the privacy laws in your country, the Controller of your personal information is HET’s main subsidiary in your country or region, unless HET or another HETsubsidiary identifies itself as the Controller for a specific interaction with you.

HET’s corporate headquarters can be contacted at: 860 North DeWitt Place, Suite 1208, Chicago, IL 60611.

Information Security and Retention

To protect your personal information from unauthorized access, use and disclosure, we implement reasonable physical, administrative and technical safeguards. These safeguards include role-based access controls and encryption to keep personal information private while in transit. We also require our business partners, suppliers and third parties to implement appropriate safeguards, such as contract terms and access restrictions, to protect information from unauthorized access, use and disclosure.

We only retain personal information as long as necessary to fulfill the purposes for which it is processed or to comply with legal and regulatory retention requirements. Legal and regulatory retention requirements may include retaining information for:

• audit and accounting purposes,

• statutory retention terms,

• the handling of disputes and

• the establishment, exercise or defense of legal claims in the countries where we do business.

We retain any contractual relationship information for administrative purposes, legal and regulatory retention requirements, defending HET rights and to manage HET ‘s relationship with you. The information that is provided in a supplementary privacy notice may provide more detailed information on applicable retention terms.

When personal information is no longer needed, we have processes in place to securely delete it, for example by erasing electronic files and shredding physical records.

Your Rights

You have certain rights when it comes to the handling of your personal information. The HET Contact Us form can be used to:

• Request access to the personal information that we have on you or have it updated. Depending on the applicable law, you may have additional rights concerning your personal information.

• Request to obtain your personal information in a usable format and transmit it to another party (also known as data portability).

• Request to delete the personal information we hold about you.

• Ask questions related to this Privacy Statement and privacy practices. Your message will be forwarded to the appropriate member of HET’s data privacy team.

• Submit a complaint to HET if you are not satisfied with how HET is processing your personal information.

• Submit an opt-out request of specific personal information processing types

Your rights may be subject to limitations and exceptions resulting from applicable laws. For example, there may be situations where we cannot share certain information that you seek if disclosing this means disclosing information about others.

You may also have the right to complain to the competent supervisory authority. Contact details of Data Protection Authorities in the European Economic Area can be found here, and in the UK here.

Legal Basis

In some jurisdictions, the lawful handling of personal information is subject to a justification, sometimes referred to as legal basis. The legal bases that we rely on for the lawful handling of your personal information vary depending on the purpose and applicable law.

The different legal bases that we use are:

Necessary for the performance of a contract with you. We rely on this legal basis when we need to process certain personal information, such as your contact details, payment details andshipment details, to perform our obligations or to manage our contractual relationship with you. Examples include:

• If you intend to purchase a product or service, we require your business contact information to enter into a contract with you or you may need to create an account ID to access a purchased product online.

• When fulfilling a contact, you may need to receive support services, for which we will need to collect your contact information.

• We need personal information to consider job applicants.

Necessary for the purposes of HET’s or a third party’s legitimate interest. Legitimate interests relate to being able to conduct and organize business, which includes the marketing of our offerings, protecting our legal interests, securing our IT environment or meeting client requirements. Examples include:

• We capture your use of and interaction with our websites to improve them.

• We process your account ID or credentials to manage access authorization of our services.

• Where we have a contractual relationship with the organization that you are working for, we have a legitimate interest to process your personal information used to manage this contract.

• We process your business contact information in combination with other business-relevant information to tailor our interactions with you and promote our products and services.

• We may process your contact information together with details of a HET event you attended to develop Marketing and business intelligence.

• We process the personal information of applicants based on our legitimate interest to source suitable talent

• To keep our general business operations functional. To this end we may, for example, processes the login information of our IT systems and networks or CCTV footage at HETlocations for security and safety purposes.

• We may also process personal information where it is necessary to defend our rights in judicial, administrative or arbitral proceedings. This also falls under the legal basis of legitimate interest in countries where they are not a separate legal basis.

• We may process personal information for credit protection, which is a specific legal basis under Brazilian law (LGPD) but is also covered under the legal basis of legitimate interest in other countries.

Consent. The processing is based on your consent where we request this. For example, you may provide consent for the optional use of Cookies and Similar Technologies or email of Marketing materials.

Legal obligation, where we need to process certain personal information based on our legal obligation**.

**For example, we may be obliged to ask for a government-issued ID for certain transactions, such as for a financing transaction.

Privacy Statement Updates

If a material change is made to this Privacy Statement, the effective date is revised and a notice is posted on the updated Privacy Statement for 30 days. By continuing to use our websites and services after a revision takes effect, it is considered that users have read and understand the changes.

California Consumer Privacy Act of 2018 (CCPA) Supplement (“CCPA Supplement”)

If you are a California resident, you have certain rights under the California Consumer Privacy Act of 2018 (CCPA). This supplement is an overview of the information required by the CCPA and provides instructions on how to exercise the rights granted by the CCPA. There may be cases where we present you with an additional privacy notice that includes information specific to an activity or offering.

1. Disclosures about Your Personal Information

Collection, Business Purposes and Disclosure of Personal Information
As described in the HET Privacy Statement to support your relationship with HET or your use of our products and services, we may have collected and disclosed, for a business purpose, information from the following categories in the last twelve months:

• Information necessary to provide you with access to and use of our websites, products and services

• Information necessary to respond to your request for information order or support

• Information about your use of HET services

• Business contact information of clients, prospects, partners and suppliers

• Information about visitors to our sites and locations

• Information collected for marketing and business intelligence

This includes Personal Information defined by the CCPA as:

• Identifiers such as IP address, mobile device ID and cookies

• Personal information under the Customer Records provision of the California Civil Code such as your name, postal address, email address or payment information you provide to purchase a HET product or service

• Commercial information related to purchases of HET products or services

• Internet/network activity information relating to your interactions with HET websites or applications

• Geolocation data such as information about the location of your device when you use a HET mobile application

• Audio, electronic and visual information such as visitors’ presence on security systems at HET offices

• Professional information such as your employer name and job title

• Inferences about your consumer preferences

• “Sensitive Personal Information” such as State or Government issued identification (driver’s license) or Financial Information

o When you submit a Data Rights request, you provide us with personal information, including your name and contact details, which we use to respond to your request. In some circumstances, to verify your identity and to ensure we disclose the personal information to the correct individual, we may also request a copy of your photo ID, which is deleted immediately after verification of your identity.

o Upon your Data Rights request, your personal information is processed for handling and fulfilling your request, in line with HET’s legal obligations and commitments related to these requests.

Retention: For each category of personal information, HET retains your personal information only for as long as necessary, based retention criteria including:

• the time required to fulfill the business or commercial purposes for which personal information is processed,

• the time required to comply with legal and regulatory retention requirements and

• the time required to maintain contractual and customer relationships.

2. Sources and Sharing of Personal Information

The Privacy Statement describes the types of sources from which we collect Personal Information and how we share your information with third parties. As explained, we may collect Personal Information directly from you, automatically from your device, from selected partners and/or from your employer. We may share information about you with our subsidiaries, suppliers and, where appropriate, with selected partners to help us provide you or the company you work for, products or services or to fulfill your requests or with your consent.

3. Rights relating to Your Personal Information

In addition to the rights granted under the HET Privacy Statement, as a California resident, you have the right to:

Know your Personal Information

You can request specific pieces of Personal Information or information about the categories of Personal Information that HET holds about you by submitting a request through our webform HET Contact Us form.

Request Deletion or Rectify your Personal Information

You can request the deletion of or seek to rectify (correct, update or modify) the Personal Information that HET holds about you by submitting a request through our webform here HETContact Us form.

If you are accessing our websites while located outside of California, you can opt-out of the use of email addresses for the purpose of marketing communications by going to “Cookie preferences” in the footer and setting your cookie preferences to “Required”.

Limit the Use or Disclosure of Sensitive Personal Information:

Under CCPA, you have the right to limit the use and disclosure of your SPI if we are using your SPI beyond what is reasonable and proportionate to provide the requested goods or services. To limit the use or disclosure of Sensitive Personal Information, then complete the details on this form as needed.

4. Non-Discrimination

If you choose to exercise any of these rights, we will not deny goods or services to you or provide different quality of services.

5. Authorized Agent

You may use an authorized agent to submit a request about your personal information via our webform here HET Contact Us form. To use an authorized agent, you must provide the agent with written authorization. In addition, you may be required to verify your own identity with HET.

6. Additional Disclosure

As permitted under HIPAA, HET may “Sell” or disclose Deidentified Patient Information (as those terms are defined under CCPA) that has been deidentified pursuant to the deidentification methods described in HIPAA.

How to Contact Us

Questions about this Policy or about HET‘s handling of your Personal Information may be submitted here HET Contact Us form.

HET Talent Acquisition Privacy Supplement

This Talent Acquisition Privacy Notice explains how HET processes your personal information during the recruitment and/or hiring process in order to progress your application, which may culminate in the entering into a contract with you. We request that you read and acknowledge this Talen Acquisition Privacy Notice.

1. What personal data will HET process about you?

Personal data you provide, which may include:

• Your first name and last name, address, email address, phone number(s), education history, work experience, CV, resume, information about your primary country of residence, additional countries of interest, country you are applying to and the eligibility to work there, areas and communities of interest;

• Whether you have ever worked for HET or a HET business partner, whether you have any government experience and if you signed any or accepted any agreement or are otherwise subject to any restriction with your current or former employers;

• Depending on the country, information pertaining to criminal records, where permitted in accordance with applicable law and subject to a conditional offer of employment having been tendered;

• Depending on the country you are applying your disability, ethnicity, gender, race and religion (but only on a voluntary basis and in accordance with applicable law);

• Whether you require any accommodations/adjustments as submitted by you on a voluntary basis (please note such will not be considered in respect of any hiring decision).

You will receive more information about the nature of the pre-employment verification checks before they begin and, if applicable, your consent will be obtained in accordance with applicable law.

Personal data processed during the recruitment process, although it will vary by the country and nature of the role for which you will be considered, which may include:

• Any cover letter or personal statement you provide;

• Any references you provide, including any information received by HET in respect of any references you have provide;

• Any interviewer or recruiter notes from their interactions with you or with the HETemployee that recommended you;

• If during the recruitment process you complete a video enabled assessment, we may store the video recordings of the assessment;

• If during the recruitment process you complete a coding assessment, we will record and store any code created in response to the given exercises;

• Any other information you give us or as otherwise permitted or required by law.

Personal data processed if you receive and accept an HET offer of employment, such as your email address, first name, middle name, last name and HET employee serial number may be used from the date of offer acceptance.

2. For what purposes will HET process your personal data?

In response to your application or your interest about job positions, your information will be used by HET as necessary to:

• Verify your information and conduct relevant and appropriate legally permitted pre-employment, identity and eligibility verification checks, as well as to assess your skills, qualifications and experience;

• Comply with local, national or international laws, obligations and legal requirements;

• Communicate with you about HET events, new jobs and careers opportunities and the recruitment process including any interviews;

• Complete the selection process;

• Conduct surveys and research activities with the objective of improving HET’s recruiting process;

• Perform analysis of our applicant pool in order to better understand who is applying to positions at HET and how to attract top talent;

• Where legally permissible, we may ask you to voluntarily disclose your disability, ethnicity, gender and nationality, to help HET with its diversity and inclusion programs (such as to assess the HET workforce, promote benefits and inclusive policies for the related population) for an ameliorative purpose;

• Enable you to access the HET on-boarding site and learning applications which may help you to become familiar with the company, understand where and how you fit into the organizational structure and assist with your integration into the culture of the workplace.

By submitting your application, you authorize HET to process and store your personal data in HET’s decruitment tools for the secure storage of your data whilst your application is assessed and otherwise as set out above to the extent permissible by law.

3. How do we retain and safeguard your personal data?

If you are given and accept a conditional offer of employment by HET, the personal information collected during your pre-employment period may become part of your employment record on HET’s personnel records Employment Data System, to be retained throughout and for a period of time after your employment with HET in accordance with applicable law (specific periods vary by country).

If HET does not employ you, HET will retain your personal information according to the document retention policy after which your personal information will be erased or anonymized in accordance with applicable law.

We employ organizational, physical and technological measures to protect the confidentiality of personal information and to safeguard personal information against loss or theft, as well as unauthorized access, disclosure, copying, use or modification, in light of, among other things, the sensitivity of the information and the purposes for which it is to be used. These safeguards also apply when we dispose of or destroy your personal information.

4. With whom and why we share your personal data?

Your information may be accessed by HET recruiters, HET recruitment process outsourcing, HET talent acquisition focals or hiring managers of HET, as relevant and necessary for your application for the role you are being considered for.

In some cases, HET may share your personal data with service providers for the purposes identified above or other third parties if legally required or allowed. Depending on the geography, these third parties are suppliers of human resource information systems, used by HET, as well as suppliers related to occupational health and safety management services systems.

Your information may be shared with government officials where legal reporting requirements may exist or law enforcement agencies or private litigants in response to valid law enforcement process (warrant, subpoena or court order) and to the extent permitted by law.

If your prospective management line is out of the country, we may transfer your personal information from the country to which you applied to other people within the same business line in one or more HET entities in other countries as applicable for the purpose of processing your application, ensuring that your data is processed according to local laws and HET requirements and helping us to understand your experience with HET‘s application process.

When your personal information is used or stored in a jurisdiction other than the one in which you reside, it may be subject to the law of that foreign jurisdiction, including any law permitting or requiring disclosure of the information to the government, government agencies, courts and law enforcement in that jurisdiction.

5. Your rights
You may also access and correct personal information we hold about you under the law applicable in the jurisdiction where you reside by using the HET Contact Us form.

Please be aware that depending on the circumstances, if you request us to delete, withdraw consent or otherwise stop processing your personal information (where such rights are available to you under applicable law), we may not be able to proceed with your application, as it may depend on the processing of such personal information for the purposes described in the Privacy Statement and this Talent Acquisition Privacy Notice.

6. General

More information on how HET handles your privacy, such as the Controller of your personal data, questions and complaints and how to contact us can be obtained by request at the HET Contact Us form.

7. Declaration and confirmation:

You declare and confirm that the information you have provided as part of your application is true and complete. You must promptly update any information you have provided as and when there are changes.

You understand that any misrepresentation or deliberate omission of fact may lead to HET’s termination of your employment or consideration for employment.

We may change this policy from time to time. We will post any changes to this policy on this page. If the changes we make are significant, we will provide a more prominent notice when required by applicable laws.

CANADIAN RESIDENTS: HET is committed to compliance with the Accessibility for Ontarians with Disabilities Act (AODA), the Ontario Human Rights Code and all other applicable laws in the recruitment process.

https://www.ontario.ca/laws/statute/05a11
https://www.cphrmb.ca/news/376500/The-Accessibility-for-Manitobans-Act.htm
https://www.ohrc.on.ca/en/ontario-human-rights-code