Recruitment Privacy Policy

Effective Date: May 16, 2025

1.0 Overview

Performio is committed to protecting the privacy and security of your personal information. We take care to protect the privacy of all individuals who apply to work for us or show an interest in doing so.

Depending on the role you are applying for, you may be applying to work with us under any one of the following entities:

Entity Name	Address
PerformanceCentre, Inc.	8605 Santa Monica Blvd PMB 52242 West Hollywood, California 90069-4109 USA
Performio AUS Pty Ltd	Level 40 80 Market Street South Melbourne, Victoria, 3205 Australia
Performio India Pty Ltd	7/1 Halasuru Rd Halasuru Hermit Colony, Sivanchetti Gardens, Bengaluru, Karnataka 560042, India

We have developed this Recruitment Privacy Notice (Privacy Notice) to describe how the above Performio group companies (referred to as “Performio,” “we,” “our,” or “us”), collect, use, share or otherwise process your personal information for the purposes of the recruitment exercise.

This Privacy Notice applies globally, meaning it applies to all Performio recruitment activities. We highlight where information is specific to a jurisdiction or entity and may provide additional or supplemental privacy information during or after the recruitment process.

Performio determines the purposes and means of the processing of your personal information as described in this Privacy Notice and is therefore defined as a data controller (or equivalent terms under applicable data privacy laws) for personal information in scope of this notice.

Our recruitment activities are not intended for individuals under the age of 16. We do not knowingly collect personal information from individuals under 16. If we learn that we have collected personal information from individuals under the age of 16, we will delete that information unless there is a legal need to retain the information.

If you have any questions about how Performio processes your personal information, please see the Contact Us section below.

Persons with disabilities may obtain this notice in alternative format upon request by contacting us at privacy@performio.co

2.0 How We Collect Personal Information

We only collect personal information that we know we will genuinely use and in accordance with data protection laws.

In most instances we collect personal information directly from you, the candidate, for example through our online application form. In other instances, we may collect personal information from:

Recruitment agencies
Background and pre-employment check providers
Your named referees
Publicly available sources (such as LinkedIn)

Please note, our website may use cookies, pixels, or other automatic tracking technologies to collect information. Such data collection is not covered in this Privacy Notice. For more information please see our Global Privacy Notice or the cookie settings/banner.

3.0 What Personal Information We Collect

In connection with your application for work with us, we may collect, store, and use the following categories of personal information about you:

Contact Data: We process personal data such as your name, address, email, and telephone number in order to communicate with you during the recruitment process.
Application Data: Any information you have provided to us in your application, including copies of your CV, Cover Letter, and education details.
Optional Data: Information that is optional for you to provide as part of our application form, including your desired compensation and a link to your LinkedIn profile. Note: we will not ask for this information for all roles/entities.
Role-specific Data: We may ask for answers to questions for certain roles, e.g. a question may ask about your experience level regarding certain software, about your technical capabilities, or about your proximity to one of our offices.
Interview Data: Any information you provide to us during an interview, including the results of any assessments.
CCTV Data: CCTV images if you visit one of our sites during the recruitment exercise.

We may also collect, store and use the following types of more sensitive personal information:

Health Data: Information about any disability status, health or medical condition that you provide us.
Application Data: Depending on the entity to which you are applying, you may be asked demographic questions relating to gender identity, race, ethnicity, sexual orientation disability or veteran status. You can decline to answer these questions.
Background Checks and References: Information generated from background, security or reference checks, which could include information about criminal convictions and offenses. Any criminal record checks and/or decisions to not to proceed with the recruitment process will be taken in accordance with the relevant laws of the location you are applying for.

You are not typically under any statutory or contractual requirement or obligation to provide us with your personal information; however, we will often require elements of the information above in order to conduct the recruitment exercise in an efficient and effective manner. Offer letters are contingent on successful Background Checks.

4.0 How We Use Personal Information

We may use your personal information in accordance with the table below. The “Lawful Bases” column may vary or otherwise be non-applicable depending on the role and your location.

Purpose	Data Types	Lawful Bases
Assess your skills, qualifications, and suitability for the role.	Contact Data; Application Data; Optional Data; Role-specific Data; Interview Data.	Legitimate Interest
Carry out background and reference checks, where applicable. Depending on the role to which you have applied, background checks may involve the collection of information about your criminal convictions. We collect this information to satisfy ourselves that there is nothing in your criminal convictions history which makes you unsuitable for the role and as part of our security policy. Our roles require a high degree of trust and integrity, and it is therefore best practice to undertake such checks and a pre-requisite in some instances. We may only use information relating to criminal convictions where the law allows us to do so.	Background Checks and References	Legitimate Interest; Legal Obligation; Explicit Consent; Employment, Social Security or Social Protection purposes; Substantial Public Interest (detecting and preventing unlawful acts).
Communicate with you about the recruitment process.	Contact Data	Legitimate Interest
Keep records related to our hiring processes.	All	Legitimate Interest; Legal Obligation; Consent
Comply with legal or regulatory requirements.	This could involve any personal information categories, however, any data that needs to be processed will always be the minimum required by the applicable law.	Legal Obligation
Maintain the physical security of our offices and the safety of you and our staff – i.e. if you visit one of our sites for an interview our CCTV system will likely capture your image.	CCTV Images	Legitimate Interest; Legal Obligation
Use information that you voluntarily provide about your health or disability status to consider whether we need to provide appropriate adjustments during the recruitment process, for example whether adjustments need to be made during an interview. You are under no obligation to provide this data.	Health Data	Legal obligations in employment

4.1 Anonymization

We may invite applicants to anonymously share information relating to their demographic background in certain jurisdictions. If you choose to complete this survey, your responses may be used to identify areas of improvement in our hiring process by way of our legitimate interest but will in no way be linked to you or your file. Completion of this survey is entirely voluntary, and your responses, or your decision not to provide responses, will not be considered in the hiring process or thereafter. We do not discriminate on the basis of any protected group status under any applicable law.

More generally, we may create anonymous or aggregated data from your personal information and other individuals whose personal information we collect. We do this by excluding information that makes the data personally identifiable to you and use that anonymous data for analytical and research purposes.

4.1 Automated decision-making

You will not be subject to decisions that will have a significant impact on you based solely on automated decision-making.

5.0 How We Share Personal Information

We may share personal information with the following categories of third parties, subject to written agreements:

Service Providers: With service providers (e.g., our application tracking system, cloud storage providers, background screening providers, HR service providers, recruiters and meeting scheduling tools);
Professional Service Providers: With legal, accounting, and other professional service providers, where necessary;
Affiliated Entities: With our affiliated entities, where necessary (e.g. the role requires cross-jurisdictional work);
Legal Authorities: With legal authorities or third parties if we deem necessary to enforce our rights, or the rights of third parties, or when required by any applicable law, rule regulation, subpoena, or other legal process, or in order to prevent illegal, harmful, fraudulent, or damaging activities;
Other Parties: We may share your information with certain, specified third parties with your consent.

Where such parties are deemed “processors” (or equivalent under applicable privacy laws), we only share your personal information in instances where they have provided sufficient guarantees that they will process your data securely and in accordance with applicable privacy laws. Such service providers are not legally permitted to do anything with your personal information unless we have instructed them to do it. We have written agreements/terms in place to ensure that they will not share your personal information with any organization apart from us or further sub-processors, which must process your personal information to the same high standards.

6.0 Where We Process Personal Information

We may collect, process, and store your information in the United States (where we have our headquarters) and other countries where Performio or its affiliates, subsidiaries, or service providers operate facilities, in accordance with what is permitted by applicable laws and regulations.
While some of these countries may have data protection laws that are different from the laws of your jurisdiction (and, in some cases, may not be as protective), when we transfer, store or process personal information outside of your jurisdiction (including to or in the US), we take appropriate safeguards to require that your personal information remain protected in accordance with this Privacy Notice and applicable law.

Some of these recipients of your personal information are located in countries for which the EU, Swiss and UK regulators have issued adequacy decisions, which means that these countries are recognized as providing an adequate level of data protection under applicable laws. Where recipients of your personal information are located in countries outside the EEA and/or the UK that are not the subject of an adequacy decision, but where EU/UK/Swiss law applies, we will use the Standard Contractual Clauses approved by the European Commission and/or, the International Data Transfer Agreement/UK addendum approved by the UK regulator, to help ensure your personal information is protected.

For more information on the transfer safeguards we rely on, please contact us by privacy@performio.co.

7.0 Your Rights and Choices

You have various rights and choices regarding our use of your personal information. These rights and choices may differ depending on your jurisdiction and the Performio entity that you are applying to work for, or may be referred to by another name. We have summarized the rights as follows:

Update your preferences: You can contact us should you wish to update any of your privacy-related preferences with us.
Manage your communications with us: You can contact us should you wish to change how we communicate with you, or what we communicate about.
Access your information: You may request access to the information that we hold on you, which we will provide to the extent required/permitted in accordance with local data privacy laws.
Correct or rectify your information: You may request for us to update, edit or correct your personal information.
Delete or erase your information: You may request for us to delete your information, which we will action to the extent required/permitted in accordance with local data privacy laws.
Object to our processing of your information: You may request for us to delete your information, which we will action to the extent required/permitted in accordance with local data privacy laws.
Restrict the processing of your information: You may wish to restrict our processing of your information. We will review all restrictions and comply to extent required/permitted in accordance with local data privacy laws.
Restrict the processing of your information: In certain jurisdictions you have the right to know or be informed about how we process your information. We meet this requirement by providing you with information regarding our processing activities, via privacy notices, for example. You may contact us for any additional information.

In certain US states only:

Opt-out of sales or sharing: You have a right to opt out of sales of personal information or sharing personal information for Cross-Contextual Behavioral Advertising. Information in this notice is not subject to any sale.
Limit disclosure of sensitive information: You have a right to limit the disclosure of sensitive personal information, if we use or disclose sensitive personal information.
Freedom from discrimination: You have a right to exercise the rights described above free from discrimination or retaliation as prohibited under applicable law.

In the UK, EU and Switzerland only:

Port your information: You have a right to obtain a copy of the data we hold on you in a machine-readable format so that you can provide or “port” that data to another provider.
Complain to a supervisory authority: You have the right to file a complaint with a supervisory authority about our collection and processing of your personal information. You can find EEA data protection regulators here, the UK regulator here and the Swiss regulator here.
Freedom from discrimination: You have a right to exercise the rights described above free from discrimination or retaliation as prohibited under applicable law.

To submit a request to exercise your rights, please contact us at privacy@performio.co. We may have a reason under the law why we do not have to comply with your request or may comply with it in a more limited way than you anticipated. If we do, we will explain that to you in our response.

8.0 Additional Jurisdiction Specific Information

This Privacy Notice has been written to apply to all jurisdictions in which Performio operates, however, in this section, we provide additional information to outline compliance in certain jurisdictions.

8.1 Australia

For our entity and operations in Australia, Performio must abide by the Privacy Act and the Australian Privacy Principles (APP) as summarized below. It should be noted that any information that constitutes “Employee Records” is exempt from these principles.

Principle	Title	Performio’s compliance
APP 1	Open and transparent management of personal information	Performio manages personal information in an open and transparent way. We do this by explaining how we process personal information in privacy notices (such as this one), which we keep up to date and present to individuals when we collecting their data or make a significant change to how it is managed.
APP 2	Anonymity and pseudonymity	We give individuals the option of not identifying themselves, or of using a pseudonym except where: · We are required or authorised by or under an Australian law, or a court/tribunal order, to deal with individuals who have identified themselves (APP 2.2(a)), or · It is impracticable for us to deal with individuals who have not identified themselves or used a pseudonym (APP 2.2(b)).
APP 3	Collection of solicited personal information	We only solicit and collect personal information that is reasonably necessary for, or directly related to, our functions or activities, and only by lawful and fair means (APP 3.1). We do not solicit and collect sensitive information as part of the activities governed by this Privacy Notice.
APP 4	Dealing with unsolicited personal information	Should we receive unsolicited personal information, we decide whether or not such information could have been collected via one of our solicited channels. If not we will destroy or de-identify the information as soon as practicable, if it is lawful and reasonable to do so.
APP 5	Notification of the collection of personal information	We take reasonable steps either to notify you or to ensure you are aware of certain matters relating to the collection of your personal information, as required by App 5. We do this at or before the time of collection, or as soon as practicable afterwards, and typically by providing you with a copy of our Privacy Notice.
APP 6	Use or disclosure of personal information	We only use or disclose personal information for the purpose(s) for which it was collected, as outlined in this Privacy Notice. The categories of recipients are also summarized in this notice.
APP 7	Direct marketing	We will only communicate directly with an individual to promote goods and services, where legislation permits us to do so and where we allow you to opt out receiving such information.
APP 8	Cross-border disclosure of personal information	We do not disclose personal information to overseas recipients, unless we have taken reasonable steps to ensure that the overseas recipient does not breach the APPs in relation to the information or unless an exception applies. We take accountability for any such onwards transfers and identify such disclosures in this Privacy Notice.
APP 9	Adoption, use or disclosure of government related identifiers	We do not use or disclose government-related identifiers in accordance with this Privacy Notice.
APP 10	Quality of personal information	We take reasonable steps to ensure the personal information we collect, use and disclose is accurate, up to date and complete, having regard to the purpose of such collection, use or disclosure. These reasonable steps include, but are not limited to: implementing internal practices, procedures and systems to audit, monitor, identify and correct personal information; training staff to ensure updated or new personal information is promptly added to relevant existing records; providing individuals with a simple means to review and update some of their personal information through their accounts with us; contacting individuals to verify the quality of personal information when it is used or disclosed, particularly if there has been a lengthy period since collection; ensuring that any data collection via third parties is subject to due diligence, appropriate practice and enforceable contracts.
APP 11	Security of personal information	We take reasonable steps to protect personal information from misuse, interference and loss, and from unauthorized access, modification or disclosure. Where we no longer need personal information for any purpose for which the information may be used or disclosed under the APPs, we take reasonable steps to destroy the information or ensure that it is de-identified. A high-level overview of our security practices can be found elsewhere in this Privacy Notice.
APP 12	Access to personal information	We give you access to your personal information should you make a valid request for access in accordance with APP 12.
APP 13	Correction of personal information	You can request that we correct your information. We will take reasonable steps to do so should we be satisfied that the information we hold is incorrect , to ensure it is accurate, up-to-date, complete, relevant and not misleading, having regard to the purpose for which it is held.

8.2 EEA, UK, and Switzerland

We process personal information, or “Personal Data” as that term is defined in the EU General Data Protection Regulation, on the following legal bases: (1) with your consent; (2) as necessary for our legitimate interests where those interests do not override your fundamental rights and freedom related to data privacy; and (3) as necessary for compliance with our legal obligations. See the table in section 4 for further detail.

Please see section 13.1 and 13.2 for details on how to contact our UK/EU representatives.

8.3 India

Where data of Indian individuals are involved, the “reasonable security practices and procedures” under section 43A Explanation (ii) of the Information Technology Act, 2000 means this Performio Recruitment Privacy Notice and such data security procedures that Performio may implement from time to time and which may, in Performio’s discretion, be informed to you from time to time.

Should Indian Data Protection Legislation apply to the processing of your personal information, the lawful bases for processing your data will not be as set out in section 4, but will instead be consent, except where:

We process your information for the specified purposes for which you voluntarily provide the information, and you have not indicated denial of consent for such processing;
We need to process you information to comply with orders or judgments, either under any Indian law, or under any foreign law when relating to claims of a contractual or civil nature; or
We need to process your information for purposes related to employment or safeguarding employers from loss or liability.

8.4 US

If you reside in a state that provides specific data privacy rights in addition to those set out in section 7 above, you may contact us using the Contact Us section below. Your rights may only be exercised by you or by your designated agent. You may submit a request to know twice within a 12-month period unless applicable data privacy law grants you additional rights.

9.0 How We Protect Personal Information

We take reasonable steps to protect your personal data from loss, misuse, or unauthorized access, disclosure, alteration, or destruction, taking into due account the risks involved in the processing and the nature of the information. However, no website, application, Internet, or email transmission is ever fully secure or error free, and we do not guarantee the security of any information.

10.0 How Long We Retain Personal Information

We retain your personal information for as long as we have an ongoing legitimate business need to do so.

Should you be successful in your application, your data will form part of your personnel file and will be managed in accordance with our employee privacy notice and internal retention procedures.

Should you be unsuccessful in your application, after we have communicated to you our decision about whether to appoint you, we will retain your personal information in accordance with local applicable privacy laws. Typically we will need to retain your personal information for a period of time so that we can (a) show, in the event of a legal claim, that we have not discriminated against candidates on prohibited grounds and that we have conducted the recruitment exercise in a fair and transparent way, and (b) so that we can contact you in connection with similar roles in the future, should you have provided your consent for us to do so. After this period, we will securely destroy your personal information in accordance with our data retention procedures.

11.0 Changes to This Notice

We may make changes to this Privacy Notice from time to time. We will post any changes here, and such changes will become effective when they are posted.

12.0 Contact Us

For questions about our privacy practices, contact us via:

Mail:

Performio Privacy
8605 Santa Monica Blvd PMB 52242
West Hollywood, California 90069-4109 US

Email: privacy@performio.co

Phone Number: +1 (833) 817-7084

12.1 Data Protection Officer

We have appointed a Data Protection Officer (DPO) to help us monitor internal compliance, inform, and advise on data protection obligations, and act as a point of contact for individuals and regulators. Our DPO is The DPO Centre Ltd and can be contacted via the privacy email address above.

12.2 EU/UK Representatives

We have appointed both an EU and UK Representative to help facilitate queries and the exercising of privacy rights by individuals located within the European Union and United Kingdom respectively.

Our EU Representative can be contacted as follows:

Postal Address: The DPO Centre Europe Ltd, Vijzelstraat 68-78, Amsterdam, 1017 HL, The Netherlands
Phone number: +31 2020 91510

Email: eurep@performio.co

Our UK Representative can be contacted as follows:

Postal Address: The DPO Centre Ltd, 50 Liverpool Street, London, EC2M 7PR

Phone number: +44 (0) 203 797 1289

Email: ukrep@performio.co