Privacy Notice

Introduction

This Privacy Notice applies only to personal data collected on the Site on which it appears and any sub-sites hereof (together the “Site”). There are two main areas of the site where personal data is collected and, in each case, the data is processed differently. There are therefore three sections to this Privacy Notice as follows:

• SECTION 1 - GENERAL, which applies when you fill in a form to enquire about our products and services or use the “Contact Us” form.

• SECTION 2 - JOB APPLICATIONS AND ENQUIRIES, which applies to all of the Jobs section of the site

• SECTION 3 – AMENDMENTS AND HOW TO CONTACT OUR PRIVACY TEAM

If, for any reason, you believe that Somo (now CI&T) holds personal data about you collected elsewhere, for example as a former employee or candidate for employment, and you want to exercise your rights regarding that data, you can still communicate with us using the same contact details provided below. Please provide as much detail as possible about the data that you believe we hold.

Somo (now CI&T) is committed to protecting any personal data you provide to us and to process your personal data in accordance with this Privacy Notice, any applicable laws, including the UK Data Protection Act (2018), GDPR, and applicable industry guidelines, including those established by the Interactive Advertising Bureau, American Association of Advertising Agencies and Direct Marketing Association.

The purpose of this Privacy Notice is to provide clear notice about the user information we may collect online in connection with our Site, how that data is processed and stored, and how you can request access to, correction of and deletion of any personal information that we hold about you.

This Privacy Notice may be updated from time to time. You may access the current version at any time by clicking on the “Privacy Notice” link at the footer on our Site.

SECTION 1 - GENERAL

PERSONAL INFORMATION

In operating enquiries from our Site we may collect and process the following data about you:

• Contact information and the nature of your interest in Somo (now CI&T) that you provide by filling in non-employment related enquiry forms on our Site, such as when you register to receive information such as a newsletter or contact us via the contact us page.

• Details of your visits to our Site and the resources that you access including traffic data, location data, weblog statistics and other communication data. This data is collected anonymously and not linked to you.

WHAT SPECIFIC PERSONAL DATA DO WE COLLECT?

Please refer to Section 2 for additional information on data collected on the Jobs area of the site

We may collect, store and use the following kinds of personal information when you contact us with a general enquiry using our website:

• Information that you provide to us for the purposes of registering with us, the legal basis for this is to provide you with information at your request prior to potentially entering into a contract: Name, Job Title, Company Name, Email Address, Telephone Number, Postal Address, Country, Interests in Somo’s (now CI&T) services or nature of your enquiry.

• Your consent will be sought separately for use of this information for marketing other Somo Global (now CI&T) services to you, and you can withdraw that consent at any time.

If you contact us by telephone or email us directly, we collect contact information to enable us to call you back as quickly as possible. This information, or the details that you provide via email, will be stored on our CRM database to allow our teams to deal with your enquiry in the best possible way.

Somo (now CI&T) does not knowingly collect or process any special category personal data when you make this type of general enquiry.

Somo Global (now CI&T) does not knowingly collect or process any data from children

HOW YOUR INFORMATION WILL BE USED

Please refer to Section 2 for how your information will be used in connection with the jobs area of the site.

We will keep your information that we collect on the Site for a reasonable period for the purposes set out in this Privacy Notice or, where you have previously given consent, until you withdraw that consent, ask us to suspend processing or to delete your personal data. We follow generally accepted online advertising industry standards to ensure that your personal data disclosed to us is kept secure, accurate and up to date and kept only for so long as is necessary for the purposes for which it is used. These standards include undertaking necessary physical, electronic, and management activities required to protect data integrity, access, and use.

The information that you supply for this type of contact will not be subjected to any automatic decision procedures.

Personal data provided to us for general enquiries and using “Contact Us” forms may be used, without limitation, for the following purposes:

• provide you with requested products and services

• administration in connection with your request

• internal analysis to improve or more effectively tailor Somo’s (now CI&T) Site

• To contact you about business or offerings generally

• direct marketing, where you have consented to this

• any other purpose you have consented to or which is allowed under applicable law

• to send to you marketing communications relating to our business which we think may be of interest to you by post or, where you have specifically agreed to this, by email or similar technology (if you agree to direct marketing and subsequently change your mind, you have the right to object to this processing by emailing marketing@ciandt.com or clicking on the ‘Unsubscribe’ button on the email communication you receive from Somo (now CI&T))

• to deal with enquiries and complaints made by or about you relating to the Site.

NON-PERSONAL INFORMATION

In some instances, Somo (now CI&T) may collect non-personal (aggregate) data through cookies and Web beacons. This information is used to better understand and improve the usability, performance, and effectiveness of the Site. Please read the “Cookies” section below for more information.

WHO IS YOUR PERSONAL INFORMATION SHARED WITH?

Please refer to Section 2 for additional information about sharing of data in connection with job applications

Somoglobal (now CI&T) uses a GDPR-compliant third-party processor to provide a system to manage the contact data gathered on the site. This third-party can only process your data in accordance with our instructions. The data is further processed for direct marketing using a different GDPR-compliant third-party, again only in accordance with our instructions. The legitimate interest for this processing is direct marketing in line with GDPR Recital 47.

Somoglobal (now CI&T) has teams working globally and it may be necessary to share contact data internally with those teams, for example, to answer specific questions prior to a contract. This will always be done in a secure and GDPR-compliant manner such as using Standard Contractual Clauses (SCCs). A limited number of our staff will have access to your data insofar as is reasonably necessary for the purposes as set out in this Privacy Notice. In addition, we may disclose your personal information in the following circumstances:

• To the extent that we are required to disclose the information by law

• In connection with any legal proceedings or prospective legal proceedings

• In order to establish, exercise or defend our legal rights (including providing information to others for the purposes of fraud prevention and reducing credit risk)

• Except as provided in this Privacy Notice, we will not provide your information to third parties.

YOUR RIGHTS AND ACCESS TO PERSONAL INFORMATION

YOUR RIGHTS

• Under the General Data Protection Regulation you have a number of important rights. In summary, those include rights to:

• access to your personal data and to certain other supplementary information that this Privacy Notice is already designed to address

• require us to correct any mistakes in your information which we hold

• request the erasure of personal data concerning you in certain situations

• request access to the personal data concerning you which you have provided to us, in a structured, commonly used and machine-readable format and have the right to transmit those data to a third party in certain situations

• object at any time to processing of personal data concerning you for direct marketing

• object to decisions being taken by automated means which produce legal effects concerning you or similarly significantly affect you

• object in certain other situations to our continued processing of your personal data

• otherwise restrict our processing of your personal data in certain circumstances

• claim compensation for damages caused by our breach of any data protection laws.

EXERCISING YOUR RIGHTS

Somo (now CI&T) tries to be as open as it can be in terms of giving people access to their personal information. Individuals can find out if we hold any personal information by making a ‘subject access request’ under the Data Protection Act 2018 and/or GDPR “Right of Access” If we do hold information about you we will:

• confirm that your data is being processed;

• provide you with access to your personal data;

• provide other supplementary information; and

• provide the above to you within one month of receipt of the request.

To make a request to Somo (now CI&T) for any personal information we may hold, you can request this by emailing or writing to our GDPR Working Group using the address provided below.

If you agree, we will try to deal with your request informally, for example by providing you with the specific information you need over the telephone.

You may instruct us to provide you with any personal information we hold about you. Provision of such information will be free with exception when:

• The request is manifestly unfounded or excessive, particularly if it is repetitive, at which point we will charge a reasonable administrative fee in order to process the request.

• A reasonable administrative fee can also be charged to comply with requests for further copies of the same information.

We also require the supply of appropriate evidence of your identity (for this purpose, we will usually accept a photocopy of your passport certified by a solicitor or bank plus an original copy of a utility bill showing your current address).

We will provide the information in a commonly used electronic format or secure remote access self-service system if possible.

We may withhold such personal information to the extent permitted by law. You may instruct us not to process your personal information for marketing purposes by email at any time. In practice, you will usually either expressly agree in advance to our use of your personal information for marketing purposes, or we will provide you with an opportunity to opt-out of the use of your personal information for marketing purposes.

If you would like to exercise any your rights, please either:

• In the case of job applications, you can utilise the Manage Your Data tool provided to access and delete data that you submit. When you submit your application, you should be provided with login details to enable you to use this facility directly on the PinPoint system.

• contact us using our contact details below, ensuring we have enough information to identify you, proving your identity and address and confirming which information to which your request relates

If you wish to complain to a Supervisory Authority:

For the United Kingdom, this is:

Information Commissioner's Office

Wycliffe HouseWater Lane

Wilmslow

Cheshire

SK9 5AF

Tel: +44 (0)303 123 1113 (local rate) or +44 (0)1625 545 745 if you prefer to use a national rate number

Fax: +44 (0)1625 524 510

Web: https://ico.org.uk/global/contact-us/

A list of EU Supervisory Authorities is available at :

https://edpb.europa.eu/about-edpb/about-edpb/members_en

SECURITY OF YOUR PERSONAL INFORMATION

We will take all reasonable technical and organisational precautions to prevent the loss, misuse or alteration of your personal information.

We will store all the personal information you provide on our secure (password and firewall protected) servers.

Somo (now CI&T) is dedicated to maintaining the security of personal data and preventing unauthorised access through the implementation of appropriate technical and organisational measures, as far as is reasonably possible. Such security measures also include that personal data may be accessed only by a limited number of persons within Somo (now CI&T).

Our employees are made aware of and must comply with Somo’s (now CI&T) security standards. When we occasionally use third party contractors to perform tasks that might otherwise be performed by our employees, these contractors are contractually bound to adhere to this Privacy Notice and they are subject to similar restrictions as our employees.

COOKIES AND OTHER TECHNICAL INFORMATION

When you enter the Site, you are given the choice of whether to accept or decline cookies. If you decline, your information will not be tracked when you visit the Site. A single cookie will be used in your browser to remember your preference not to be tracked. To make full use of the personalised features on the Site, your computer, tablet or mobile phone will need to accept cookies, as we can only provide you with certain personalised features of this Site by using them.

Our cookies don’t store sensitive information such as your name, address: they simply hold the ‘key’ that, once you’re signed in, is associated with this information. However, if you accept cookies and want to change this, you can restrict, block or delete cookies from our Site, or any other website, using your browser. Each browser is different, so check the ‘Help’ menu of your particular browser (or your mobile phone’s handset manual) to learn how to change your cookie preferences.

WHAT IS A COOKIE AND HOW TO I MANAGE THEM?

A cookie consists of information sent by a web server to a web browser and stored by the browser. The information is then sent back to the server each time the browser requests a page from the server. This enables the web server to identify and track the web browser.

We use session cookies on the Site. Session cookies will be deleted from your computer when you close your browser. We will use the session cookies for the following purposes: To prevent accidental contact form resubmissions. Each browser is different, so check the ‘Help’ menu of your particular browser (or your mobile phone’s handset manual) to learn how to change your cookie preferences.

Most browsers allow you to reject all cookies, whilst some browsers allow you to reject just third party cookies. For example, in Internet Explorer you can refuse all cookies by clicking Tools, Internet Options, Privacy, and selecting Block all cookies using the sliding selector. Blocking all cookies will, however, have a negative impact upon the usability of many websites.

3RD PARTY COOKIES

When you visit our Site you may notice some cookies that aren’t related to Somo (now CI&T). Some 3rd party cookies we use are ‘analytical’ cookies. They allow us to recognise and count the number of visitors and to see how visitors move around the Site when they’re using it. This helps us to improve the way our Site works, for example by making sure users are finding what they need easily. If you go on to a web page that contains embedded content, you may be sent cookies from these websites. We don’t control the setting of these cookies, so we suggest you check the third-party websites for more information about their cookies and how to manage them.

PROVIDERS WE USE TO COLLECT INFORMATION - COOKIES FROM THIRD PARTIES:

We use Google Analytics to analyse the use of this Site. Google Analytics generates statistical and other information about website use by means of cookies, which are stored on users’ computers. The information generated relating to our Site is used to create reports about the use of the Site. Google will store this information. Google’s privacy policy is available at: http://www.google.com/privacypolicy.html We use HubSpot tracking code which sets the following cookies when someone visits our Site:

o hstc

• The main cookie for tracking visitors. It contains the domain, utk (see below), initial timestamp (first visit), last timestamp (last visit), current timestamp (this visit), and session number (increments for each subsequent session). (Expires: 2 years) hubspotutk This cookie is used for to keep track of a visitor’s identity. This cookie is passed to HubSpot on form submission and used when de-duplicating contacts. (Expires: 10 years)

o hssc

• This cookie keeps track of sessions. This is used to determine if we should increment the session number and timestamps in the hstc cookie. It contains the domain, viewCount (increments each pageView in a session), and session start timestamp. (Expires: 30 min)

o hssrc

• Whenever HubSpot changes the session cookie, this cookie is also set. We set it to 1 and use it to determine if the user has restarted their browser. If this cookie does not exist when we manage cookies, we assume it is a new session. (Expires: None. Session cookie)

o hsoptout

• This cookie is used by the opt-in privacy policy to remember not to ask the user to accept cookies again. This cookie is set when you give users the choice to opt out of cookies. (Expires: 2 years)

o hsdonot_track

• This cookie can be set to prevent the tracking code from sending any information to HubSpot. Setting this cookie is different from opting out of cookies, which still allows anonymized information to be sent to HubSpot. (Expires: 2 years)

o hs_testcookie

• This cookie is used to test whether the visitor has support for cookies enabled. (Expires: Session cookie)

o hsPagesViewedThisSession

• This cookie is used to keep track of page views in a session. (Expires: Session cookie) messagesUtk This cookie is used to recognize visitors who chat with us via the messages tool. If the visitor leaves our Site before they’re added as a contact, they will have this cookie associated with their browser. If we have a history of chatting with a visitor and they return to our Site later in the same cookied browser, the messages tool will load our conversation history with that visitor. Our cookies don’t store sensitive information such as your name, address: they simply hold the ‘key’ that, once you’re signed in, is associated with this information. However, if you accept cookies and want to change this, you can restrict, block or delete cookies from our Site, or any other website, using your browser. Each browser is different, so check the ‘Help’ menu of your particular browser (or your mobile phone’s handset manual) to learn how to change your cookie preferences.

SECTION 2 – JOB APPLICATIONS AND ENQUIRIES

This section of the Privacy Notice applies only to the Jobs section of the site and sets out the basis on which the personal data collected from you, or that you provide to us, will be processed by us in connection with our recruitment processes.

For the purpose of the General Data Protection Regulation (“GDPR”) the Data Controller is Somo Global (now CI&T).

We use Pinpoint, an online software product provided by The Infuse Group Ltd (t/a Pinpoint Software), to assist with our recruitment process. We use Pinpoint to process personal information as a data processor on our behalf. Pinpoint is only entitled to process your personal data in accordance with our instructions.

Where you apply for an opportunity posted by us, these Privacy Notice provisions will apply to our processing of your personal information, in addition to Sections 1 and 3 of this Privacy Notice.

Your Personal Information - recruitment

Information we collect from you

We collect and process some or all of the following types of information from you:

• Information that you provide when you apply for a role. This includes information provided through an online application, via email, in person at interviews and/or by any other method.

• In particular, we process personal details such as name, email address, address, date of birth, qualifications, experience and any information relating to your employment history, skills and experience that you provide to us.

• If you contact us, we may keep a record of that correspondence.

• Details of your visits to our careers website including, but not limited to, traffic data, location data and other communication data, the site that referred you to our careers website and the resources that you access.

Information we collect from other sources

Pinpoint provides us with the facility to link the data you provide to us with other publicly available information about you that you have manifestly made public on the Internet – this may include sources such as LinkedIn and other social media profiles.

When you apply for an opening, PinPoint provides you with the opportunity to retrieve your data from LinkedIn to save time filling in the application. It is your responsibility to ensure that the retrieved data is accurate before submitting the application. Only the data necessary to complete the application is retrieved.

Pinpoint’s technology enables us to search other sites where candidates publish their personal information because they are seeking matching job vacancies. We do this to help us to find possible candidates to fill our job openings. Where we find you in this way we will obtain your personal data from these sources to contact you about potentially suitable vacancies.

Uses made of your information - recruitment

Lawful basis for processing

We rely on legitimate interest as the lawful basis on which we collect and use your personal data in connection with job applications. Our legitimate interests are the recruitment of staff for our business.

Purposes of processing

We use information held about you in the following ways:

To consider your application in respect of a role for which you have applied.
To consider your application in respect of other roles.
To communicate with you in respect of the recruitment process.
To enhance any information that we receive from you with information obtained from third party data providers where this data has been made public by you.
To find appropriate candidates to fill our job openings.
To help Pinpoint improve their services.

Data shared with our global teams

Somo (now CI&T) works in globally-distributed teams and, when you apply for a role with us, it may be necessary for team members in other countries to have access to your application for employment, particularly where you are applying for a role in a non-EEA location. Where this is the case, we will ensure the appropriate security measures and compliance with the GDPR including Standard Contractual Clauses where required.

Automated decision making / profiling

We may leverage Pinpoint’s technology to help us select appropriate candidates for us to consider based on their match to criteria we have identified. The process of finding suitable candidates is automatic, however, any decision as to who we will engage to fill the job opening will be made by our team.

How we store your personal data - recruitment

Security

We take appropriate measures to ensure that all personal data is kept secure including security measures to prevent personal data from being accidentally lost, or used or accessed in any unauthorised way. We limit access to your personal data to those who have a genuine business need to view it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.

We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.

Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted through any online means, therefore any transmission remains at your own risk.

Where we store your personal data

The data that we collect from you and process using Pinpoint’s Services will be transferred to and stored at one of several datacentre locations in Amsterdam (Netherlands) and may be synchronised to one of several datacentre locations in London (United Kingdom) for backup and redundancy purposes. By submitting your personal data, you agree to this transfer, storing or processing.

How long we keep your personal data

We retain all candidate data for a period of 12 months from the time of application for queries and dispute resolution. Otherwise, your personal information will be deleted on one of the following occurrences:

Deletion of your personal information by you via the Manage Your Data tool or
Receipt of a written request by you to us.

SECTION 3 – AMENDMENTS AND HOW TO CONTACT OUR PRIVACY TEAM

PRIVACY NOTICE AMENDMENTS

Somo (now CI&T) reserves the right to change this Privacy Notice at any time, so please re-visit this page frequently. We will provide notice of substantial changes of this Privacy Notice on the homepage of the Site and/or we will send you an e-mail regarding such changes to the e-mail address that you may have provided us with. Such substantial changes will take effect seven (7) days after such notice was provided on our Site or sent by email. Otherwise, all other changes to this Privacy Notice are effective as of the stated “Last Revised” date and your continued use of the Site after the Last Revised date will constitute acceptance of, and agreement to be bound by, those changes

THIRD PARTY WEBSITES

You might find links to third party websites on our Site. These websites should have their own privacy policies which you should check. We do not accept any responsibility or liability for their policies whatsoever as we have no control over them.

UPDATING INFORMATION

Please let us know if the personal information which we hold about you needs to be corrected or updated.

CONTACT

If you have any questions about this Privacy Notice or our treatment of your personal information, please write to us by email or by post using the following contact information:

The data controller is:

Somo Global Ltd.,

21 Arlington Street,

London

SW1A 1RN

Our Data Protection Officer can be contacted either by writing to the above address or by emailing dpo@somoglobal.com

Our Data Protection Team can be contacted either by writing to them at the above address or by emailing them at

gdpr-request@somoglobal.com