NOMIC FOUNDATION RECRUITMENT PRIVACY POLICY

Nomic is a Swiss Foundation, located at c/o Kaiser Odermatt & Partner AG, Baarerstrasse 12, 6300 Zug (“Nomic” or the “Company”). As part of Nomic recruitment process, the Company collects and processes personal information or personal data relating to job applicants.

For the purpose of this privacy policy, personal data or personal information means any information relating to an identified or identifiable person. Examples of personal data include: full name, address, identity document or passport number, personal profile, and internet protocol (IP) address, among others.

Nomic is committed on being transparent about how it handles candidates’ personal information, protecting the privacy and security of the candidates and complying with the European Union (“EU”) General Data Protection Regulation (“GDPR”), the Swiss Federal Act on Data Protection, the Swiss Ordinance to the Federal Act on Data Protection, and any other regulation concerning personal data protection in the different jurisdictions where Nomic works. The reason for this privacy notice is to make candidates aware of how and why Nomic collects and uses personal information during the recruitment process.

This privacy notice applies to all job applicants, whether they apply for a role directly or indirectly through an employment agency, and it has non-contractual terms.

1. What data does Nomic collect?

As part of the recruitment process, Nomic collects the following personal information of the candidates:

• Contact details, including name, country of residence and eligibility to work there, telephone number and personal e-mail address.
• Personal information included in a CV, or in any application form, cover letter or interview notes.
• Details of skills, qualifications, educational history, experience and work history with previous employers.

2. How does Nomic collect personal information?

Nomic collects the majority of information directly from the candidates when they complete the online application forms in Nomic web page (https://nomic.foundation/jobs). Nomic may also gather information during the interviews conducted with candidates as part of the recruitment process.

In cases where the Company obtains information from social networks or public sources such as LinkedIn, GitHub, or SeekOut, such information is only the one published by the candidates themselves on their profiles. The scope of information collected is limited to contact details, skills, work experience, and information contained in the public profile.

In the specific case of code platforms (like GitHub), Nomic may review public activity, such as commits or contributions, to assess technical skills and suitability for the role applied for.

If the candidate fails to provide information when requested, which is necessary for Nomic to consider the application, Nomic will not be able to fully process the application.

As a third method of collecting information, when necessary, Nomic collects data through external recruiters, who manage potential candidates and upload their information to the Ashby platform, as described in section No. 5 below.

As a final method of collecting information, Nomic employees may refer candidates whom they consider suitable for potential hiring by the Company. In such cases, Nomic employees upload all information provided to the Ashby platform, as described in section No. 5 below.

3. How and why does Nomic use personal information?

Nomic processes the applicant’s information for several purposes arising from the employment application, including assessing the candidate’s skills and suitability for the relevant role, communicating with the candidate about the recruitment process, carrying out background and reference checks, and keeping records related to the recruitment process.

It is necessary for Nomic to process this data to meet its legitimate interests relating to recruitment administration, to take steps at the request of the applicant prior to entering into a contract, or to comply with legal obligations, such as those relating to the monitoring of equal opportunities.

On those bases, Nomic legitimate interests include: pursuing business by employing employees, workers and contractors; managing the recruitment process; conducting due diligence on prospective staff and performing effective internal administration.

Nomic has assessed that these legitimate interests are not overridden by the rights and freedoms of the applicants, taking into account the nature of the data processed and the reasonable expectations of individuals in the context of a recruitment process. Applicants may object to the processing of their personal data based on legitimate interests at any time by contacting Nomic’s team (See No. 10 below).

In some cases, Nomic may use different artificial intelligence platforms to support and streamline the evaluation process, using the information provided by applicants and other relevant data. The final hiring decision will always remain under the responsibility of Nomic’s employees.

4. Who will have access to personal information?

The access to applicants’ personal records is limited to Nomic employees who participate in the recruitment process, such as the human resources department, interviewers and directors.

Nomic will disclose personal information only in the following circumstances: to comply with a subpoena, court order, legal process, or other legal requirement, when Nomic believes in good faith that such disclosure is necessary to comply with the law; to protect, establish, or exercise Nomic’s legal rights, or to defend against legal claims; when Nomic believes that such disclosure is reasonably necessary to prevent harm to an individual; or to take action regarding illegal activities, suspected fraud, threats to Nomic’s property, or violations of Nomic’s legal terms.

5. How does Nomic store data?

Nomic stores candidate information across several recruitment and assessment platforms, manually or electronically, as follows:

• LinkedIn Recruiter: Candidate data available on LinkedIn is accessed and processed through LinkedIn Recruiter.
• Ashby: Used as Nomic’s Applicant Tracking System. All candidate information collected during the recruitment process is stored within Ashby.
• SeekOut: Used to identify potential candidates. Information stored on SeekOut is collected from publicly available sources (such as LinkedIn and GitHub) and from information voluntarily shared by candidates.
• CoderPad: Used for coding interviews and technical assessments. It is integrated with Ashby to streamline the recruitment process.

Nomic will only retain data for as long as needed to fulfil Nomic purposes, including any relating to legal, accounting, or reporting requirements. When a candidate submits an application directly to a position through Nomic’s recruitment platform, they acknowledge and accept that their personal data may be retained for up to two (2) years for the purpose of being considered for future employment opportunities. This period is considered reasonable and consistent with applicable data protection standards.

For profiles collected from public professional sources (such as LinkedIn or GitHub), Nomic retains personal data for a period of up to one (1) year, based on its legitimate interest in identifying and evaluating potential candidates. After this period, the data will be securely deleted or anonymized, unless otherwise required by applicable law.

Notwithstanding the above, Nomic Foundation will retain and use personal information to the extent necessary to comply with legal obligations (for example, if we are required to retain your information to comply with applicable tax/revenue laws), resolve disputes, and enforce agreements.

6. Candidates’ rights.

Under certain circumstances, and in accordance with applicable data protection laws, individuals have the following rights regarding their personal information processed by Nomic:

• Right of access. Individuals may request access to their personal data. This enables them to receive a copy of their personal data held by Nomic and to verify that it is being processed lawfully.
• Right to rectification. Individuals may request Nomic to correct or update any incomplete or inaccurate personal information it holds.
• Right to erasure. Individuals may request Nomic to delete or remove their personal data in certain circumstances, for example, when there is no longer a legal basis or legitimate reason for Nomic to continue processing it, or when the individual has exercised their right to object to processing.
• Right to object. Individuals may object to the processing of their personal data when Nomic relies on legitimate interests (or those of a third party) and there is something about their particular situation that makes such processing inappropriate. Individuals also have the right to object to processing of their data for direct marketing purposes.
• Right to restriction of processing. Individuals may request Nomic to suspend the processing of their personal data in specific cases — for instance, while its accuracy or the reasons for processing are being verified.
• Right to data portability. Individuals may request Nomic to provide a copy of their personal data in a structured, commonly used, and machine-readable format, or to transfer it directly to another controller, when technically feasible and when the processing is based on consent or contractual necessity.

If the applicant wishes to exercise any of the rights described above, they may contact Nomic’s team (See No. 10 below). Nomic may need to request specific information from the applicant to verify their identity and confirm their right to access personal information or to exercise any of the other rights. This verification process is a security measure designed to ensure that personal information is not disclosed to any individual who does not have the legal right to receive it.

7. Jurisdictions.

Nomics primarily operates in the Americas and Europe. When processing personal information of candidates located in other jurisdictions, Nomic ensures that appropriate data protection safeguards are applied in accordance with applicable privacy laws.

8. Transfers of personal information overseas.

As it was stated, Nomic may store personal information collected either manually or electronically. Electronic data may be transferred to, and stored at, destinations outside the European Economic Area (“EEA”), for example, when an applicant has provided contact details for a referee located overseas or when a member of the recruitment team is based outside the EEA.

Such transfers will only occur when one of the following conditions applies:

• The destination country is recognised by the EU as providing an adequate level of data protection;
• The third party receiving the data is subject to a framework recognised by the EU as providing an adequate standard of data protection;
• The transfer is governed by approved contractual clauses ensuring appropriate data protection safeguards;
• The transfer is necessary for the performance of a contract with the applicant, or to take steps at the applicant’s request prior to entering into such a contract;
• The transfer is necessary for the performance of a contract with another individual, where such transfer is in the applicant’s interests;
• The transfer is necessary to protect the vital interests of the applicant or of another person where consent cannot be obtained;
• The transfer is necessary for important reasons of public interest.

9. Changes to this privacy notice.

Nomic reserves the right to update or amend this privacy notice at any time.  Any changes will be published on Nomic’s website and on the recruitment platforms it uses, ensuring that applicants can easily access the most current version. Nomic may also inform applicants about the processing of their personal information through other appropriate means.

10. Contact.

If you have any questions about this privacy notice, about how we handle your personal information, or if you wish to exercise any of the rights described in this policy, please contact legal@nomic.foundation.

11. Competent authority.

If you believe that Nomic has not handled your personal information in accordance with applicable data protection laws, you may present a complaint to the data protection authority of the country in which you live, work, or where the alleged infringement has taken place.

Concerning the European Economic Area, a list of the European data protection authorities is available here: https://edpb.europa.eu/about-edpb/board/members_en.