PRIVACY NOTICE - CANDIDATES.

Effective date: 11 February 2026

This Privacy Notice applies to the processing of Personal Information of all Candidates who submit applications to Consensys Software Inc. and its affiliates (the “Company”). We respect your privacy and are committed to protecting your personal information. This Privacy Notice explains how we collect, use, disclose and protect your Personal Information. This Privacy Notice supersedes all relevant notices prior to the Effective Date.

This Privacy Notice tells you about your rights and choices with respect to your Personal Information, including how you can contact us if you have any questions or concerns. 

In this Privacy Notice “Personal Information” means any information relating to an identified or identifiable natural living individual.

Data Controller 

Consensys Software, Inc. (“Consensys,” “we,” “us,” or “our”) is the “data controller” (or similar designation that may apply under local law) in respect of all Personal Information collected and processed in relation to your application.

Personal Information We Collect 

We may collect and process the following categories of Personal Information about you:

1. Identification details such as name, title, addresses, phone number, email addresses, date of birth and gender. 
2. Professional experience and qualifications such as your professional profile, education details, qualifications, training and professional memberships.
3. References, background checks and identity verification information (which may include criminal record information where applicable and permitted by law). This may include a copy of your government ID and other relevant information as needed.
4. Information related to your engagement by Consensys, including agreed contracting hours, start dates, location and other such information as needed. 
5. Any other information you voluntarily provide. 

Where We Collect Personal Information From

Most of the Personal Information we hold about you is received directly from you (for example, through our interview process, by completing forms or by corresponding with us by email or video conference) but we may also: 

1. receive information about you from other sources (for example, agencies, background check providers (who in turn receive information from public sources) data processors to whom we may outsource tasks, customers, counterparties and other third-parties); and
2. create data about you in the course of you completing the job application process for Consensys.

Purpose and Legal Bases for Processing 

If you reside in a region which requires a legal basis for the processing of your Personal Information, we rely on the legal bases described below.  Please note that more than one legal basis may exist for the processing of your Personal Information. 

1. Consent - where we have obtained your consent (which you are not required to give and which you may withdraw at any time).
2. Contract - processing that is necessary for the performance of our contract with you or in order to take steps at your request prior to entering into a contract with you. This may include preparing for your onboarding and drafting our contract with you, paying you, managing your application, to plan and organise work, providing tooling to you to complete your employment, etc.
3. Compliance with legal obligations -  we may process your data to comply with legal and regulatory requirements to which we are subject.  This may include complying with health and safety obligations, or in the course of operating our whistleblowing policy, to prevent fraud, etc.
4. Legitimate interest - where the processing is necessary for the purposes of our (or a third party’s) legitimate interests, except where such interests are overridden by your interests or fundamental rights and freedoms which require protection of Personal Information. Our legitimate interests include:
1. the running and management of our business, such as the planning and organisation of work, candidate management, accounting and auditing;
2. the processing of Personal Information in connection with security and protection of our, your and others’ property;
3. the processing of Personal Information in connection with any actual or prospective litigation, internal or regulatory investigation. 

We will only process your Personal Information for these specific purposes and legal bases, apart from in exceptional circumstances where we may rely on other legal bases permitted by law, such as where we consider that the processing is in your (or another’s) vital interests. Your Personal Information will always only be processed to the extent that we consider that it is necessary for such purposes.

For special or sensitive categories of information, which may include biometric data, we may require an additional justification in order to process it. If we do process this information, we will share additional information with you at the point of data collection. In cases where Consensys is the data controller for the processing of this information, we may rely on one or more of the following bases: 

1. we have obtained your explicit consent;
2. you have made such data publicly known in a clear and obvious way;
3. it is necessary for the performance or exercise of obligations or rights which are imposed or conferred by law on us or you in connection with our consideration of your application;
4. it is necessary for the purposes of occupational medicine; and/or 
5. it is necessary for the establishment, exercise or defence of legal claims.

Where you are required to supply Personal Information

It is important that the Personal Information we hold about you is accurate and current. Please keep us informed if your Personal Information changes.

In order to consider your application, the provision of some of your Personal Information is required. For example, we might conduct certain screening activities, like, an identity check. Should you fail to supply the Personal Information we require in order to satisfy these checks it might result in us being unable to consider your application. In addition, if you are successful in your application, your Personal Information is required to prepare a contract of employment between you and Consensys.

Who We Share Personal Information With

We may share Personal Information we hold with any member of the Consensys group of companies.

We may also share your Personal Information with third parties, some of which may be located in third countries, such as:

1. If successful, payment providers for the purpose of paying you, in such cases we have agreements in place with those providers in order to protect the security of your Personal Information; 
2. cloud platforms which provide business management services, databases and information systems. Personal Information is processed for the purposes of managing your job application with us. 
3. auditors and professional advisors, such as lawyers and consultants so that we can protect our legitimate business interests and comply with applicable laws and regulations;
4. email providers, telephone and online conferencing services, and online training providers in order to set up accounts for you for our legitimate business interests;
5. phone recording services in order to protect our legitimate business interests;
6. Where appropriate, background screening service providers, which run appropriate background checks on prospective candidates to ensure there have been no issues to flag;
7. business travel providers (i.e. taxi companies and travel agents) to assist with business travel needs and verification of identity;
8. accounting platforms, platforms which manage business expenses, so that we can protect our legitimate business interests and comply with applicable laws and regulations;
9. in the event that we sell or buy any business or assets, in which case we may disclose Personal Information we hold to the prospective seller or buyer of such business or assets;
10. if we or substantially all of our assets are acquired by a third party, in which case Personal Information we hold will be one of the transferred assets;
11. if we are under a duty to disclose or share a data subject’s Personal Information in order to comply with any legal obligation, or in order to enforce or apply any contract with the data subject or other agreements; or to protect our rights, property, or safety of our employees, customers, or others.

When we do disclose your Personal Information to a third party, we will have regard to the data protection principles and ensure appropriate agreements are in place to ensure the ongoing security of your Personal Information.  

Sharing your Personal Information internationally 

Personal Information we hold may also be processed by us or third-party processors acting on our behalf located outside the region where you reside. In particular, if you reside in the European Economic Area (EEA) this means that your Personal Information will be transferred, stored and processed in the United States and other third countries. When we transfer your Personal Information internationally, we ensure that relevant safeguards are in place to afford adequate protection for your Personal Information and we will comply with applicable data protection laws, by relying on an EU Commission adequacy decision, or the current standard contractual protections for the transfer of your Personal Information or a derogation if one is available.

Retention of your Personal Information 

We will keep your Personal Information in a form which permits your identification for no longer than is necessary for the purposes for which the Personal Information is processed or for the purposes of satisfying any legal, accounting, or reporting requirements. To determine the appropriate retention period for Personal Information, we consider the amount, nature, and sensitivity of the Personal Information, the potential risk of harm from unauthorised use or disclosure of your Personal Information, the purposes for which we process your Personal Information and whether we can achieve those purposes through other means, and the applicable legal requirements. 

Data Security 

We implement a variety of security measures that are reasonably designed to protect the safety of your Personal Information from loss, misuse, and unauthorized access, disclosure, alteration, or destruction.

We impose controls for access to Personal Information based on business requirements and in accordance with the relevant lawful bases for processing. Any party with access rights will only process your Personal Information in accordance with applicable data security policies and procedures, relevant obligations or third party contractual terms.

We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.

Personal Information about you will be stored in the United States.

Your Rights as a Data Subject 

As a data subject you may have the following rights dependent on your jurisdiction:

• Right of access - You can request access to your Personal Information.
• Right to rectification - You can request correction of inaccurate or incomplete Personal Information. 
• Right of erasure -  You can request deletion of your Personal Information under certain circumstances. 
• Right to restrict processing - You can request restriction of data processing in certain cases.
• Right to data portability - You can request transfer of your Personal Information to another party. 
• Right to object -  You can object to processing based on legitimate interests. 
• Right to withdraw consent -  Where processing is based on your consent you may withdraw it at any time.

To exercise any of these rights please contact us using this form. We will respond to your request in accordance with applicable data protection laws. 

Privacy Notice Updates 

This notice may be updated periodically from time to time to reflect changes in legal requirements or our data processing practices. It does not form part of any contract to provide services. We encourage you to review this notice regularly.

Contact Details If you have any questions or concerns about this Privacy Notice or our data processing activities or practices please contact us at privacy@consensys.net. Consensys Software Inc. is located at 5049 Edwards Ranch Road, Fort Worth, TX, USA. 

The Consensy Group Data Protection Officer can be reached at: dpo@consensys.net.

You may also have the right to lodge a complaint with the Supervisory Authority in your country of residence if you live within the EEA. The list of EU supervisory authorities is located here. All other supervisory authorities, such as the UK’s Information Commissioner’s Office, can be located via a search for their website homepage.