This privacy statement (the “Privacy Statement”) is effective April 1, 2019.

This Privacy Statement describes the practices of Illumio, Inc. and its subsidiaries around the world (”Illumio,” “us,” "our" or “we”) regarding the collection, use and disclosure of personal information (“personal data”) collected from you in order to perform our obligations under the law, consider your application for employment with us and onboard you as an employee of Illumio if we offer you a position with us.

This Privacy Statement provides you with information about the type of data we collect, why we collect it, with whom we share it and how we protect it during the recruiting and hiring process.

This Privacy Statement does not form part of any contract of employment should you be offered employment by us and does not cover the handling of our employee personal data. We cover the collection and processing of employee personal data through internal policies, processes and notices.

For additional information about our collection, use and disclosure of personal data from users on our websites at www.illumio.com, please go to https://www.illumio.com/legal/privacy-policy.

Personal Data We Collect

You may choose to register with our applicant tracking system or provide information to one of our recruiters in order to receive information about new job postings, make inquiries about job openings or apply for a position with Illumio.

When you do, we will collect the following types of personal data:

• name;
• contact information (physical address, e-mail address(es), telephone number(s)); and
• other identifying data required by applicable laws.

You may also provide us with additional personal data about yourself including, for example, education, work history and references. After you register in our applicant tracking system, you will be asked to upload a prepared resume or build a resume using skills fields or, if you so choose, import information from your social media account. If you do, we require you to provide certain information.

The personal data we request and that you voluntarily choose to provide will depend on the job you are seeking. If you do not provide the information required, we may be unable to process your application.

Unless requested for a specific legal obligation, you should not provide data relating to your:

• racial or ethnic origin;
• political opinions;
• philosophical or religious beliefs;
• membership of a trade union or political party;
• physical or mental health;
• sexual life or sexual orientation; or
• criminal convictions or offences.

If you provide us with personal contact information about another person, for example, by providing a reference or job referral, it is your responsibility to ensure that the person is aware and consents to you providing his/her personal contact information.

We may also receive personal data from third parties. For example, if you have been hired through a third party staffing or recruiting firm, we will receive information on your experience and qualifications. Those providing candidate referrals also provide personal data to us. Where permitted or otherwise authorized by law, information received from third parties may include the results of background checks.

How We Process Personal Data

We use the personal data you provide to:

• manage your registration in our applicant tracking system;
• communicate with you about the recruiting and hiring process, set up and conduct interviews and assessments;
• conduct background checks, as required or legally permitted by applicable local law;
• process your job application;
• conduct onboarding activities if you are offered a position, such as issuance of a badge, training, assignment of equipment and access to systems;
• comply with legal requirements; and
• operate and improve our applicant experience that may include sending you a survey about your experience.

If you are hired, we will use your personal data for onboarding, including to set up necessary business processes for your employment with Illumio such as payroll, training, benefits, administration of your participation in applicable benefit plans offered by Illumio, expense reimbursement, performance management, company directory listing and access to company facilities, network and applications.

Where required by law, we provide aggregated statistics about candidates using the personal data you submit. These statistics are anonymous.

With your consent, if you are not hired for the first position to which you apply, we may retain and consider your data obtained through the application process for other job openings with Illumio

At all times, we will process your personal data fairly and lawfully. We will handle your personal data in accordance with this statement unless it conflicts with stricter requirements of applicable law in which case applicable law will prevail.

How We Protect Personal Data

We use reasonable security procedures and technical and organizational measures to protect against accidental or unlawful destruction, loss, disclosure or use of personal data we handle. Our network and systems used to provide services are governed by corporate Information security policies, which are based upon standards, including International Organization for Standardization (ISO) 27001 and National Institute of Standards and Technology (NIST). We limit access to and use of your personal data to authorized persons and trusted third parties who have a reasonable need to know the information in order to perform our services and business operations and who are bound by confidentiality obligations.

How Long We Retain Personal Data

We retain your personal data only for as long as is necessary to fulfill the purposes for which the data was collected from you and in consideration of and compliance with applicable legal or regulatory requirements to maintain the data for legitimate purposes. For example, where required by law for audits or accounting requirements, to enforce our agreements or handle disputes. We may also retain personal data where it is required in order to establish, exercise or defend our legal rights. When personal data is no longer needed for the purpose it was collected or processed or to comply with a legal obligation, we securely destroy it.

How to Exercise Rights in Relation to Personal Data

We rely on you to provide accurate, complete and current personal data to us. If you need to correct or update the personal data you provided to us, please email us at [email protected].

If you are a resident of the EU, you have certain rights in relation to your personal data. If you would like further information in relation to these or would like to exercise any of them, please contact us at [email protected]. Your rights are as follows:

• to obtain confirmation from us if we are processing your personal data;
• to access any personal data we hold about you;
• to request that we correct inaccurate personal data and to have incomplete data completed;
• to object to the processing of your personal data;
• to prevent the processing of your personal data for direct marketing purposes;
• to provide your personal data to a third party provider of services;
• to receive a copy of any personal data which we hold about you;
• to restrict processing of your personal data; and
• to erase your personal data we are holding about you.

We will consider all such requests and provide our response within a reasonable period (and in any event any time period required by applicable law). You may submit personal data requests using our form, here. Please note, however, that certain personal data may be exempt from such requests in certain circumstances. If an exception applies, we will tell you this when responding to your request. We may request you provide us with information necessary to confirm your identity before responding to any request you make.

Changes to this Privacy Statement

Any personal data that we process is subject to the Privacy Statement in effect at the time such personal data is processed. We may, however, modify and revise this Privacy Statement from time to time. If we make any material changes to this Privacy Statement, we will notify you of such changes by posting the updated Privacy Statement on this website or through other means, and we will indicate when such changes will become effective.