Privacy Notice

ROMA Privacy Notice
Last Updated: 8/1/2024
ROMA Hired, Inc. (collectively “ROMA,” “we,” or “our”) take data privacy seriously. This Privacy Notice
(“Notice”) explains who we are, how we collect, share, and use personal information, and how you can
exercise your privacy rights.

This Notice covers personal information we collect:

(a)
in connection with our search, assessment, leadership advisory, CEO succession, board
evaluation, and other services (the “Services”), whether we are in the process of recruiting you
as a Candidate for a role with a Client, assessing you as an employee of a Client, identifying
exceptional Candidates for you as a Client, retaining you as a Vendor, or engaging with you as a
Source or Referee in relation to one of our Candidates; and
(b) when you visit our website (the “Website”) and in the usual course of our business, such as in
connection with our events and marketing activities.
This Notice does not cover any other data collection or processing, including, without limitation, data
collection practices of other web pages to which we provide links on our Website.

QUICK LINKS

To make it easier to navigate to the parts of this Notice that directly apply to you, we have divided the
Notice into the Sections described in the hyperlinks below. While we encourage you to read the entire
Notice, we strongly recommend that you review Section 1 (The Basics), Section 4 (General Information),
and any other Section that applies to you:
If you have any questions or concerns about our use of your personal information, please contact us
using our website.

1. THE BASICS

Key terms
In this Notice, the following terms have the meanings set forth below:
“Client” means any of our clients and their employees who are looking to recruit or assess executives
and to whom we provide the Services.
“Candidate” means any candidate, applicant, prospect, or Client employee who is considered,
evaluated, or assessed by ROMA in connection with the Services.
“Referee” means any individual who provides employment or personal references for a particular
Candidate.
“Source” means any individual who helps to identify and provide market intelligence about a potential
Candidate.
“Vendor” means any entity other than ROMA that provides products or services to ROMA pursuant to a
contract with ROMA.

2. DATA COLLECTED VIA SERVICES

This Section applies to information that we collect and process about Candidates, Clients, Referees,
Sources, and Vendors.
What Personal Information Do We Collect?

CANDIDATE DATA

Information Candidates provide to us: If you are a Candidate, you may provide personal information to
us, for example, when you upload your résumé into our Candidate Portal through our Website, email
your résumé to an ROMA search consultant, speak with an ROMA search consultant, or communicate
with us in any way in connection with the Services. Further, as described below, we may obtain
information about you from other sources.
You are not obligated to provide ROMA any information or participate in any of the Services we offer. As
such, we will consider any information we collect directly from you as having been provided voluntarily.
If, however, you are unwilling to provide us with certain requested information, please understand that
this may limit our ability to consider you in connection with the Services.
The information we may collect for all Candidates typically includes:

• Contact details: such as your name, e-mail address, postal address, and telephone number.
• Résumé information: such as your contact details, employment history, educational history,
  professional qualifications, as well as languages and other skills and activities.
  The information we may collect for all Candidates typically includes:
• Identification data: such as your civil/marital status, photograph, date of birth, gender, national
  origin, corporate identifier, national identifier (i.e., social security number or equivalent in your
  country, driver’s license, or national ID/passport number).
• Lifestyle preferences and personality profile: such as community involvement and memberships,
  hobbies, social activities, and/or individual preferences, intellectual capacity, personality,
  behavior, executive competencies, and/or character traits.
• Health, diversity, and criminal conviction information: where appropriate, and in accordance
  with local law, we may also collect information related to your health, diversity information
  (including racial or ethnic origin, religious or other similar beliefs, and physical and/or mental
  health, including disability-related information), and/or details of any criminal convictions.
• Financial information: to reimburse expenses incurred in connection with the Services (e.g.,
  travel, lodging and/or meal costs when attending an interview with a Client), we may collect
  certain financial information needed to document the expense and to reimburse you (e.g., bank
  account number and/or credit card number).
• Other information: such as your prior military service, compensation and benefit details (where
  permitted by local law), performance history, details of any dependents, immigration status,
  and, any other relevant information you may choose to share with us. We also keep a record of
  your marketing preferences and our contact history with you.

Information we collect from third party sources about Candidates: We may collect any of the above
personal information about you from publicly available sources, and third parties, including, under the
following circumstances: (i) Sources and Referees may disclose personal information about you; (ii) our
Clients may share personal information about you; (iii) we may obtain information about you from
publicly available third party sources (e.g., LinkedIn, news reports, press releases); and (iv) we may
source personal information about you from our third party data providers and degree
verification/background check providers. When we obtain information about you from third party
providers or vendors, we take appropriate steps to ensure that such third parties are legally permitted
or required to disclose such information to us.
Information Clients provide to us: Our Clients may provide us with personal information about certain
Candidates in connection with our Services (for example, they may provide us with a list of Candidates
they would like us to assess through the Services). We typically process this personal information as a
processor on our Client’s behalf. We use that information to provide the Services to our Client and as
instructed by our Client. Under these circumstances, it is our Client, as the controller, that controls what
personal information about you we collect and how we use it. If you have privacy-related questions or
concerns about a Client’s privacy practices or the choices a Client has made to share your information
with us or any other third party, you should reach out to the Client or review their privacy policies. We
are not responsible for the privacy or security practices of our Clients, which may differ from those set
forth in this Notice.

CLIENT DATA

Information Clients provide to us: We need to collect and use information about you or individuals at
your organization in the course of providing the Services to you. We generally only need to have your
contact details or the details of individual contact(s) at your organization (such as name, telephone
number, email address, and job title) to ensure that our relationship runs smoothly. We also hold
information relating to your online engagement with Candidate profiles through our Client applications
and will keep a record of our contact with you. We may also hold extra information about you that
someone in your organization has chosen to tell us.
Information we collect from third party sources about Clients: Where appropriate and in accordance
with local laws and requirements, we may seek more information about you or your colleagues from
other sources generally by way of due diligence or other market intelligence including: (i) from third
party market research and by analyzing online and offline media (which we may do ourselves or employ
other organizations to do for us); (ii) from attendee lists at relevant events; and/or (iii) from other
limited sources and third parties.

REFEREE DATA

Information Referees provide to us: In securing a reference from you about one of our Candidates, we
may process your contact details (such as name, email address, and telephone number). We may also
process certain professional details (such as your job title, occupation, academic and professional
qualifications, and employment history) and your connection to the Candidate (such your relationships
to, experience with, and opinions about the relevant Candidate). We generally ask the Candidates to
provide us with much of this information but we may supplement it with information we collect about
you from publicly available sources (such as LinkedIn) or by asking you directly.

SOURCE DATA

Information Sources provide to us: We may process your contact details (such as name, email address,
and telephone number), professional details (such as job title, occupation, academic and professional
qualifications, and employment history) and information about your connection to our Candidate (such
as your relationship to, experience with, and opinions about the relevant Candidate). We may collect
this information directly from you and/or from publicly available sources (such as LinkedIn). In some
cases, we may collect the information from our Candidates.

VENDOR DATA

Information Vendors provide to us: We need a small amount of information from our Vendors to ensure
that things run smoothly. We need contact details of relevant individuals at your organization so that we
can communicate with you. We also need other information such as your bank details so that we can
pay for the services you provide (if this is part of the contractual arrangements between us).
How Do We Use Your Personal Information?
We may use the personal information we collect through our Services in a number of ways.

CANDIDATE DATA

We typically use Candidate data for the following purposes:
Search & Leadership Advisory Activities: to provide our Clients with the Services, including assessing
your suitability for executive roles with a Client; contacting you about board and executive search or
assessment assignments conducted for Clients; sending your information to our Clients; and/or verifying
the details you have provided (such as through psychometric evaluations or by requesting information
from third parties (e.g., Referees or degree verification vendors)). We may also use your personal
information for other business purposes such as data analysis, identifying usage trends, creating
anonymized data sets for research, statistics and analytics purposes, creating knowledge pieces (such as
white papers), determining the effectiveness of our Services, and/or to enhance, customize, and
improve our features, products and services.
Marketing Activities: to send you information (such as reports, promotions, research, white papers,
events and general information about, for example, relevant industry sectors) that we think you may
find interesting (in each case, in accordance with your marketing preferences).
Equal Opportunity Monitoring: to ensure that our recruitment processes are aligned with our
commitment to ensuring equal opportunities. Some of the data we may collect about you (in
appropriate circumstances and in accordance with applicable local law) falls under the umbrella of
“diversity information”. This could be information about your ethnic background, gender, disability, age,
sexual orientation, religion or other similar beliefs, and/or social-economic background.
Some of this information is considered ‘sensitive’ personal information and as such, slightly stricter data
protection will apply. Where required by law, we will obtain your explicit consent before we use it.
Where appropriate and in accordance with local laws and requirements, we will use this information to
provide our Clients with diverse pools of qualified Candidates. We may also disclose this data (suitably
anonymized where appropriate) to Clients where this is contractually required or the Client specifically
requests such information to enable them to comply with their own employment processes or legal
requirements – but again, only where in accordance with applicable local law.
We may also collect other sensitive personal information about you, such as health-related information,
religious affiliation, or details of any criminal convictions if this is appropriate in accordance with local
law and is required for a role for which we are recruiting you. We will never do this without your explicit
consent.

CLIENT DATA

We typically use Client data for the following purposes:
(1) Search & Leadership Advisory Activities: to provide the Services to your organization; to manage our
relationship and account with you and your organization; and/or for our other business purposes such
as data analysis, identifying usage trends, creating anonymized data sets for research, statistics and
analytics purposes, creating knowledge pieces (like white papers), determining the effectiveness of our
Services, and/or to enhance, customize, and improve our features, products, and services.
(2) Marketing Activities: to send you information (such as reports, promotions, research, white papers,
and event invitations) that we think you may find interesting (in each case, where this is in accordance
with your marketing preferences).

REFEREE DATA

We use Referee Data to obtain your opinion regarding Candidates in the course of providing the Services
to our Clients. In addition, we may use your details to contact you in relation to any of our Services that
we think may be of interest to you as a potential Client or Candidate.

SOURCE DATA

We use Source Data to identify and gather information on potential Candidates in the course of
providing the Services to our Clients. In addition, we may use your details to contact you in relation to
any of our Services that we think may be of interest to you as a potential Client or Candidate.

VENDOR DATA

We typically use Vendor Data: (i) to store (and update when necessary) your details in our database, so
that we can contact you in relation to our agreements; (ii) to obtain support and services from you; (iii)
to perform certain legal obligations; (iv) to help us target appropriate marketing campaigns; and (v) to
help us establish, exercise, or defend legal claims.

3. DATA COLLECTED VIA OUR WEBSITE

This Section applies to personal information that we collect and process through our Website in the
usual course of our business, such as in connection with our events and marketing activities.
What Personal Information Do We Collect?
Information you provide to us: Certain parts of our Website may ask you to provide personal
information voluntarily, for example, we may ask you to provide your contact details (like your name,
email address, and phone number) to complete surveys, subscribe to marketing communications (like
newsletters), submit inquiries, and/or otherwise communicate or interact with us.
We may also collect personal information from you offline, such as when you attend one of our events.
You are not obligated to provide ROMA any information or participate in any of the Services we offer. As
such, we will consider any information we collect directly from you as having been provided voluntarily.
If, however, you are unwilling to provide us with certain requested information, please understand that
this may limit your ability to participate in the Services.
Information we collect automatically: When you visit our Website, we may collect certain information
automatically from your device. In some countries, including countries in the European Economic Area,
this information may be considered personal information under applicable data protection laws. Such
automatically collected information may include your IP address, device type, unique device
identification numbers, browser-type, broad geographic location (e.g., country or city-level location)
and/or other technical information. We may also collect information about how your device has
interacted with our Website, including the pages or content accessed and links clicked.
Collecting this information enables us to better understand the visitors who come to our Website,
where they come from, and what content on our Website is of interest to them. We use this information
for our internal analytics purposes and to improve the quality and relevance of our Website to our
visitors.
Some of this information may be collected using cookies and similar tracking technology, as explained
further below.
Social Media Widgets: Our Website includes social media features, such as social media widgets that link
to a social media website or allow you to share website content. These features may collect your IP
address, which page you are visiting on our Website, and may set a cookie to enable the feature to
function properly. Social media features, such as widgets, are either hosted by a third party or hosted
directly on our Website. Your interactions with these features are governed by the privacy policy of the
company providing it.
How Do We Use Your Personal Information?
We typically use the personal information we collect through our Website in the usual course of our
business for the following reasons: (i) to respond to a request that you sent us, such as a request for
information about our Services; (ii) to administer, protect, and improve our Website and our Services;
(iii) to better understand the preferences of our Website visitors; (iv) to compile aggregated statistics
about Website usage; (v) to provide you with marketing and promotional communications (where this is
in accordance with your marketing preferences); and/or (vi) for other business purposes such as data
analysis, identifying usage trends, determining the effectiveness of our marketing, and enhancing,
customizing and improving our Websites, products and services.
Cookies and Similar Tracking Technology
Like many Websites, we use cookies or other similar technologies to collect and use personal
information.

4. GENERAL INFORMATION

How We Share Your Information
We may share your personal information with the following types of third parties for the purposes
described in this Notice:

• We freely share your information with our group companies. Your information is maintained on
  ROMA’s global database, which is secure and accessible only to ROMA employees worldwide.
• We may share your information with any competent law enforcement body, regulatory or
  government agency, court or other third party where we believe disclosure is necessary as a
  matter of applicable law or regulation; to exercise, establish, or defend our legal rights; or to
  protect your vital interests or those of any other person.
• In the case of Candidates, Referees, and Sources, we may share your information with Clients who will need to process your information for the purposes we have described in this Notice.
• In the case of Candidates, we may share your information with third parties who we have
  retained to provide services such degree and/or license verification checks, to the extent that
  these checks are appropriate and in accordance local laws.
• Similarly, for Candidates we may share your information with Sources and Referees with whom
  we liaise in connection with providing the Services to our Clients.
• For Sources and Referees, we endeavor to keep your information confidential from
  the Candidates you discuss with us, but under limited circumstances, your information may be
  disclosed to them.
• We may share your information with third party service providers (our Vendors) who perform
  functions on our behalf (including external consultants, business associates and professional
  advisers, such as lawyers, auditors, accountants, technical support providers, and third party
  travel agencies, outsourced IT and document storage providers).
• We may share your information with a potential buyer (and its agents and advisers) in
  connection with any proposed purchase, merger, or acquisition of any part of our business,
  provided that we inform the buyer it must use your personal information only for the purposes
  disclosed in this Notice.
• We may share your information with our marketing partners to send emails on our behalf.
• We may share information with any other person with your consent.

Please be assured that we do not use your information for purposes that are incompatible with those
set forth in this Notice.
International Data Transfers
Your personal information may be transferred to, and processed in, countries other than the country in
which you are resident. These countries may have data protection laws that are different from the laws
of your country (and, in some cases, may not be as protective).
Specifically, our servers are located in the United States, Germany, and Singapore, and our group
companies and third party service providers and partners operate around the world. This means that
when we collect your personal information we may process it in any of the countries where our group
companies and service providers are located.
However, we have taken appropriate safeguards to require that your personal information will remain
protected in accordance with this Notice. These include implementing the European Commission’s
Standard Contractual Clauses for transfers of personal information between our group companies,
which require all group companies to protect personal information they process from the EEA in
accordance with European Union data protection law.
Our Standard Contractual Clauses are available upon request. We have implemented similar appropriate
safeguards with our third party service providers and partners and further details are available upon
request.
Legal Basis For Processing Personal Information (If You Are Resident in the EEA)
If you are resident in the European Economic Area, our legal basis for collecting and using the personal
information described above will depend on the personal information concerned and the specific
context in which we collect it.
However, we will normally collect personal information from you where the processing is in our
legitimate interests and not overridden by your data protection interests or fundamental rights and
freedoms (for example, in connection with the Services, we typically rely on our legitimate interests to
process personal information for our Search & Leadership Advisory Activities and where permitted by
law, certain marketing activities).
When required by law, we will collect personal information only where we have your consent to do so
(for example, if we need to collect and process any sensitive personal information about you). In some
limited cases, it may be necessary for us to process personal information and, where appropriate and in
accordance with local laws and requirements, sensitive personal information, in connection with
exercising or defending legal claims (for example, where we need to take legal advice in relation to legal
processing or are required by law to preserve or disclose certain information as part of the legal
process).
If you have questions about or need further information concerning the legal basis on which we collect
and use your personal information, please contact us on our website.
Your Data Protection Rights
You have the following data protection rights:

• If you wish to access, correct, update, or request deletion of your personal information, you can
  do so at any time by contacting us using our website. Consistent with applicable law, when
  asked to remove a record from our database, ROMA will retain minimal personal information in
  order to prevent future contact, to keep a record of the information disclosed to our Clients and
  Candidates, and to preserve ROMA’s interests in accordance with any applicable legal
  requirements. If you are a California resident, you can submit a request to exercise your access
  and deletion rights with respect to your personal information via our website. Please note that
  before processing your request, we may take reasonable steps to verify your identity.
• In addition, if you are a resident of the European Economic Area, you can object to processing of
  your personal information, ask us to restrict processing of your personal information, or request
  portability of your personal information. Again, you can exercise these rights by contacting us
  using the contact details provided on our website.
• You have the right to opt-out of marketing communications we send you at any time. You can
  exercise this right by clicking on the “unsubscribe” or “opt-out” link in the marketing e-mails we
  send you. To opt-out of other forms of marketing (such as postal marketing or telemarketing),
  please contact us.
• Similarly, if we have collected and processed your personal information with your consent, then
  you can withdraw your consent at any time. Withdrawing your consent will not affect the
  lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing
  of your personal information conducted in reliance on lawful processing grounds other than
  consent. If you withdraw your consent to our Notice, you will not be able to be a part of a ROMA
  search, assessment or leadership project.
• Residents of California have the right to know what categories of personal information we
  collect, the sources from which we collect the information, how we use that information, and
  the categories of third parties to which we disclose that information. You can find this
  information in Sections 2 and 3 of our Privacy Policy above.
• In addition, if you are a resident of California, you have the right to opt out of the “sale” of your
  personal information. Under the CCPA, “sale” is broadly defined to mean the sharing of personal
  information with third parties who are not acting as our service providers. This may include our
  sharing of your information with prospective employers. If you are a California resident and
  would like to opt out of information sharing for purposes that may be a “sale” under California
  law, you may do so on our website.
• You have the right to complain to a data protection authority about our collection and use of
  your personal information. For more information, please contact your local data protection
  authority. (Contact details for data protection authorities in the European Economic Area are
  available here.)

We respond to all requests we receive from individuals wishing to exercise their data protection rights in
accordance with applicable data protection laws. Consistent with applicable law, we do not discriminate
(as defined in applicable law) against individuals for exercising their legal rights with respect to their
personal information.
How Long Do We Keep Your Personal Information?
We will retain information we collect from you where we have an ongoing legitimate business need to
do so (for example, to provide you with the Services or to comply with applicable legal, tax, or
accounting requirements).
When we have no ongoing legitimate business need to process your personal information, we will either
delete or anonymize it or, if this is not possible (for example, because your personal information has
been stored in backup archives), then we will securely store your personal information and isolate it
from any further processing until deletion is possible.
How Do We Keep Your Personal Information Secure?
Transmissions over the Internet are not completely secure or error-free. We do however take
appropriate technical and organizational measures to protect your personal information from loss,
misuse, unauthorized access, disclosure, alteration, and destruction. The measures we use are designed
to provide a level of security appropriate to the risk of processing your personal information and to help
ensure that your data is safe, secure, and only available to you and to those with authorized access. If
you have any questions about the security of your personal information, you may contact us.
Updates To This Notice
We may update this Notice from time to time in response to changing legal, technical, or business
developments. When we update our Notice, we will take appropriate measures to inform you of any
material changes.
From time to time, we may refer to this Notice in notices and consent requests, for example related to
Candidate searches or surveys. Under such circumstances, this Notice applies as modified in the
particular notice or consent request.
You can see when this Notice was last updated by checking the “Last Updated” date displayed at the top
of this Notice.
How To Contact Us
Please feel free to contact us with any comments, questions, complaints, or suggestions you might have
regarding the information or practices described in this Notice.

• If you are a visitor to any of our Websites the controller of your personal information is ROMA
  Hired, Inc.
• If you are a Candidate, the controller of your personal information is typically the local ROMA entity that contacts you.
• If you are a Referee, Source, or Client, the controller of your personal information is typically the
  ROMA entity that is engaging with and managing the relationship with you.