Candidate Privacy Notice (UK)

Candidate Privacy Notice

1. About Us and this Privacy Notice

Sony Interactive Entertainment Europe Limited (collectively referred to as “SIEE”, “we”, “us” or “our” in this Privacy Notice) controls the personal data collected from you when you submit an application to work for us (whether as an employee, worker or contractor).

SIEE respects your privacy and is committed to protecting your personal data. This Candidate Privacy Notice (“Privacy Notice”) explains what personal data we collect about you, how we collect it, why we collect it, who we share it with, where it is processed, how we handle it and what your choices and legal rights are.

It is important that you read this Privacy Notice so that you are fully aware of how and why we are using your data. This Privacy Notice supplements other notices and privacy policies and is not intended to override them.

For further information about this Privacy Notice or our processing of your personal data, please contact us by either of the following methods:

• Post: Data Protection Office, Sony Interactive Entertainment Europe Limited, 10 Great Marlborough Street, London, United Kingdom, W1F 7LP

• Online: siee.dpo@sony.com

Sony Interactive Entertainment Europe Limited is registered in England under company number 03277793.

2. Data Protection Principles

SIEE will comply with data protection law and principles, which means that your data will be:

• Used lawfully, fairly and in a transparent way.

• Collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes.

• Relevant to the purposes we have told you about and limited only to those purposes.

• Accurate and kept up to date.

• Kept only as long as necessary for the purposes we have told you about.

• Kept securely.

3. Data Collection and Handling

3.1. Who collects your personal data?

SIEE is a “data controller” and gathers and uses certain personal data about you relating to your application to work for us. This means that we are responsible for deciding how we hold and use personal data about you.

3.2. About the personal data we collect and hold about you

Personal data means any information about a person that can directly or indirectly identify that person. It does not include data where the identity has been removed (anonymous data). In connection with your application to work for us, we will collect, store and use the following categories of personal data about you:

• Personal data you have provided to us in your curriculum vitae (“CV”) and covering letter.

• Personal data you have provided to us during the recruitment process including first and last name, employment areas of interest (type of position, industry, experience level), title, physical address, phone number, email address, gender, employment history, education history and qualifications, salary/remuneration expectations and notice period.

• Details about eligibility to work such as passport, visa, or work permit details.

• Any information you provide to us during an interview or in e-mail communications.

3.3. How your personal data is collected

We may collect personal data from candidates from the following sources:

• You, the candidate.

• Your named referees.

• Third party recruitment agencies.

• Background check providers.

3.4. How and why we use your personal data

We will only use your personal data in accordance with applicable data protection laws and this Privacy Notice. Most commonly, we will use your personal data to:

• Assess your skills, qualifications and suitability for a particular role.

• Carry out background and reference checks, where applicable.

• Communicate with you about the recruitment process.

• Keep records related to our hiring processes.

• Comply with legal or regulatory requirements.

It is in our legitimate interests to process your personal data in order to decide whether to appoint you to a particular role as it would be beneficial to our business to fill that role. We also need to process your personal data in order to decide whether to enter into a contract with you.

Having received your CV, covering letter, your application form and, where applicable, the results of any test you have been required to take during this recruitment process, we will then process that information to decide whether you meet the basic requirements to be shortlisted for a particular role. If you do, we will decide whether your application is strong enough to invite you for an interview. If we decide to interview you, we will use the information you provide to us during your interview(s) to decide whether to offer you the role. If we decide to offer you the role, we will then take references and/or, for some roles, conduct background checks, after we make you an offer.. You will not be subject to decisions that will have a significant impact on you based solely on automated decision-making.

3.5. If you fail to provide personal data

If you fail to provide information when requested, which is necessary for us to consider your application (such as evidence of qualifications or work history), we will not be able to process your application successfully. For example, if we require references for this role and you fail to provide us with relevant details, we will not be able to take your application further.

3.6. Special categories of personal data

We may also collect, store and use more sensitive personal data such as information about your race or ethnicity and information about your disability status, which are special categories of personal data. We will use information about your disability status to consider whether we need to provide appropriate adjustments during the recruitment process, for example whether adjustments need to be made during your interview. We will use information about your race or ethnic origin to ensure meaningful equal opportunity monitoring and reporting. We will not process such data without first obtaining your explicit consent to do so. You may withdraw your consent at any time by contacting us at siee.dpo@sony.com.

3.7. Criminal background checks

We envisage that we will hold information about criminal convictions. We will only collect information about criminal convictions during the recruitment process, if it is appropriate given the nature of the role and where we are legally able to do so. We will use information about criminal convictions and offences to assess suitability for a particular role (such as for our moderation and safety team) so as to comply with our obligations as required by law. We will have in place an appropriate policy and safeguards which we are required by law to maintain when processing such data.

3.8. Change of purpose

We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.

3.9. How long we keep your personal data

We keep your personal data during and after your participation in our recruitment process for no longer than is necessary for the purposes for which the personal data is processed and in accordance with our records retention policy. We will then securely destroy your personal data in accordance with our records retention policy and applicable laws and regulations. If we wish to retain your personal data, on the basis that a further opportunity may arise in the future and we may wish to consider you for that, we will seek your explicit consent to retain your personal data for a fixed period of time on that basis. You may withdraw your consent at any time by contacting us at siee.dpo@sony.com.

3.10. Data Security

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions, and they are subject to a duty of confidentiality. We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

4. Data Sharing

4.1. Who we share your personal data with

We will only share your personal data with the following third parties for the purposes of processing your application:

• Other entities in the SIE group of companies (SIE Group).

• Recruitment service providers.

• IT service providers (e.g. Greenhouse Software, Inc.).

• Professional advisors (e.g. auditors)

We may also retain, use and/or disclose any of your personal data as required or permitted by law, regulation or order, including to the police or other appropriate authorities, to investigate complaints made by or against you, or to protect or defend ourselves, or others, against illegal, criminal or harmful activities.

4.2. Security of personal data transferred to third parties

All our third party service providers and other entities in the SIE Group are required to take appropriate security measures to protect your personal data in line with our policies and the applicable data protection laws. We do not allow these third parties to use your personal data for their own purposes. We only permit them to process your personal data for specified purposes and in accordance with our instructions.

4.3. International transfers

Your information may be processed, stored and transferred outside your country of residence and beyond the United Kingdom (UK) and European Economic Area (EEA), where we are located, for the purposes set out in this Privacy Notice, such as in the United States or Japan. Data protection laws in these countries may not offer the same level of protection as in your country, the UK or the EEA and you may have fewer legal rights in relation to your information. We ensure there are adequate safeguards in place when transferring your data outside your country, the UK and the EEA, including by relying on Privacy Shield, European Commission Standard Contractual Clauses or other lawful mechanisms or otherwise that the transfer only occurs where permitted by applicable law.

5. Your Rights

5.1. Your right to object to us processing your personal data

Where our processing of your personal data is based solely on our legitimate interests (or those of a third party), you have the right to object to that processing if you give us specific reasons why you are objecting, which are based on your particular situation. If you object, we can no longer process your personal data unless we can demonstrate legitimate grounds for the processing, which override your interests, rights and freedoms, or the processing is for the establishment, exercise or defence of legal claims. Please contact our Data Protection Office (DPO) at siee.dpo@sony.com if you wish to object in this way.

5.2. Your rights to correct and access your personal data and to ask for it to be erased

Please contact our DPO if you would like to correct or request access to personal data that we hold relating to you or if you have any questions about this Privacy Notice. You also have the right to ask for your personal data that we hold and process to be erased (the ‘right to be forgotten’) in certain circumstances. Our DPO will provide you with further information about the right to be forgotten, if you ask for it.

5.3. How to complain

We hope that our DPO can resolve any query or concern you raise about our use of your personal data, so please contact the DPO at siee.dpo@sony.com. If you are not satisfied with the resolution of your query or concern by our DPO, you do have the right to contact the Information Commissioner at ico.org.uk/concerns/ or telephone: 0303 123 1113 for further information about your rights and how to make a formal complaint.

5.4. Changes to this Privacy Notice

We reserve the right to update this Privacy Notice at any time, and we will provide you with a new Privacy Notice when we make any substantial updates. We may also notify you in other ways from time to time about the processing of your personal data.