Effective Date: December 2020

Privacy Notice for Applicants, Employees and Contractors

As part of our commitment to protecting your personal data and processing it in a transparent manner, this privacy notice (“notice”) provides information on the personal data collected and processed by Everest Global, Inc. d/b/a  Everest Group and its corporate affiliates (jointly, Everest Group) in connection with our relationship or potential relationship with you (“you” or “your”) as an applicant, candidate, employee, contractor or service provider.  This notice is provided by the Everest Group (“Everest Group”, “we”, “our” or “us”). If you are employed by Everest Group or retained by Everest Group as a contractor, this notice does not form part of your contract of employment or contractor engagement agreement.

Whose data do we process?
We process the personal data of individuals who work for EVEREST GROUP, including current and former employees, workers, individual contractors, contingent workers, interns, agency workers, consultants, and directors, and the individual employees or personnel of contractors or service providers. We also process the personal data of individuals who apply to work for EVEREST GROUP or are have asked to be considered as candidates for work at Everest Group. We also may process the personal data of other individuals whose data is provided to us in connection with these relationships (e.g. next-of-kin, emergency contact information and/or dependents).

This notice describes the personal data that may be collected from you and from others about you, the purposes for which that personal data is collected, stored and used, and our reason for doing so (also referred to as our “legal basis”).  In this notice we also outline which internal EVEREST GROUP function may use your personal data and when it may be shared with other vendors and advisors, and we summarize your rights in relation to our processing of your personal data, and how you can exercise these rights.

What is personal data?
Personal data is any information relating to an identified or identifiable natural person.

What is identifiable natural person?
An identifiable natural person is a living natural person (rather than a legal entity, such as a company) who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

CONTACT DETAILS

If you would like to contact us regarding the processing of your personal data, please contact Everest Group’s Data Protection Officer via regular mail at Data Protection Officer, Everest Group, 12770 Merit Drive, Suite 800, Dallas, TX 75251 or via email at [email protected].

1. WHO IS RESPONSIBLE FOR YOUR PERSONAL DATA?

EVEREST GROUP will be a data controller of your personal data.  Everest Group and its affiliates jointly control personal data.

What is an EVEREST GROUP affiliate?  
In this notice, “EVEREST GROUP affiliate” or “our affiliate” means any entity controlled, directly or indirectly by Everest Global, Inc. or any entity directly or indirectly under common control with Everest Global, Inc.

A list of the Everest Group controllers likely to be relevant to you and, where applicable, their representatives are set out in Appendix 1.

This notice applies in conjunction with any other notices you receive from EVEREST GROUP affiliates in connection with the processing of your personal data.

2. WHAT PERSONAL DATA DO WE PROCESS?

2.1. YOUR PERSONAL DATA

EVEREST GROUP and EVEREST GROUP affiliates will, depending on your role and the terms of your relationship or potential relationship with us, process certain personal data relating to you and people connected to you, including:

A. Personal details:such as your name, gender, nationality, date of birth, home contact details (e.g. address, telephone number, e-mail), immigration data (including passport details and place of birth), eligibility to work data, photograph and languages spoken.

This category includes data such as your title, forename, middle name(s) and surname, birth name, preferred name, any additional names, country of residence and of tax residence, second nationality, civil/marital status, age, national ID number, hobbies, languages spoken, mother’s maiden name, name of spouse, and next-of-kin and dependent contact information.

B. Information relating to your role or potential role with us:such as position, employment status, work contact details (e.g. address, telephone number, e-mail), your work biography and qualifications, your reporting line, your job title and job description and your working hours and patterns.

This category includes data such as your worker ID and any other ID, your performance review information, work location, default hours, default language, time zone and currency for location, various system IDs, your employee/contingent worker type, your hire/contract begin and end dates, whether you are full or part time, the date of expiry or termination of your employment or engagement, the reason for termination, your last day of work, exit interview feedback, references, status (active/inactive/terminated), the reason for any change in role and the date of change and your benefit coverage start date.

C. Information relating to recruitment and selection:such as CV and application, references, and information compiled in undertaking a background check, which may include criminal record data, financial stability checks and reviews of professional and social media.

This category includes data such as professional and academic background (including previous role information), photograph, qualifications, interview and assessment data.

D. Regulatory information: such as your regulated status and any regulatory references.

This category includes data such as records of your registration with any applicable regulatory authority, any relevant certificates, information regarding any issues that may affect professional propriety, compliance approval status and any conflict of interest disclosure.

E. Details of your remuneration and benefits entitlements:such as your remuneration information (including salary/hourly plan/contract pay information as applicable, allowance, bonus and merit plans) and payroll information, including bank account details.

This category includes data such as grade, social security number, tax information, benefit plans and third party benefit recipient information.

F. Information regarding holidays and leave:such as your absence records.

This category includes data such as dates and categories of leave/time-off, holiday dates and information related to family leave.

G. Information regarding human resources (“HR”) processes:such as performance reviews and performance management, disciplinary or grievance processes, flexible working arrangements, restructure and redundancy plans.

This category includes data such as allegations, investigations and proceeding records and outcomes, colleague and manager feedback, talent programs, consultation records, selection and redeployment data, health and safety audits, risk assessments, incident reports, data relating to training and development needs or training received, as well as background information and context to the applicable HR processes.

H. Monitoring data:to the extent permitted by applicable laws, this includes closed circuit television footage, call recordings and control function surveillance, data caught by technology security programs and filters.

This category includes data such as system and building login and access records, internet and system usage records, keystroke, download and print records, email and IM communications and external searches of public sources, if and to the extent permitted by applicable laws. This activity also includes reviews of training metrics, monitoring external personal investments and compliance with policy, and management of conflicts with EVEREST GROUP roles.

I. Information relating to legal claims, complaints and disclosures:such as information relating to involvement in claims and legal proceedings or dispute resolution, and employee involvement in incident reporting and disclosures.

This category includes data such as settlement arrangements and payments, subject matter of litigation and complaints.

J. Special categories of personal data and data relating to criminal convictions and offences:such as data relating to your political opinions, sexual orientation, ethnicity and race, your religious or philosophical beliefs or concerning your health, and data relating to actual and alleged criminal convictions and offences, in each case if and to the extent permitted or required by applicable laws.

What are special categories of personal data?
Special categories of personal data are: (i) personal data that reveal racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership; (ii) any genetic data or biometric data processed for the purpose of uniquely identifying a natural person; or (iii) data concerning health or sex life or sexual orientation.

What data relating to criminal convictions and offences are processed?
We process criminal convictions and offences data in the context of background checks and regulatory registrations, as set out in this notice.

K. Details of third parties:such as the names and details of your emergency contact, next of kin, beneficiaries and the family members of our employees and workers.

This category includes data such as the third party’s name, date of birth, age, contact details and any additional information which we process in connection with our regulatory obligations.  See section 2.3 of this notice if you provide such data to us.

2.2 HOW DO WE COLLECT YOUR PERSONAL DATA?

We mainly collect your personal data directly from you.

You will usually provide this information directly to us, or enter it into our systems (for example, through your self-service access to our HR systems, your participation in HR processes, messages you send or receive that are recorded on our systems, or through verbal information which may be recorded, in each case if and to the extent permitted by applicable laws).  In addition, further information about you will come from your colleagues (for example, your managers or HR).

In some cases, we may obtain your personal data from EVEREST GROUP affiliates or from third parties. This may include references from a previous employer, medical reports from external professionals, tax authorities, benefit providers or where we employ a third party to carry out background checking (where permitted by applicable law).  In some circumstances, data may be collected indirectly from monitoring devices or by other means (for example, building and location access control and monitoring systems, closed circuit television, telephone logs and recordings and email and Internet access logs), if and to the extent permitted by applicable laws.

2.3  DATA RELATING TO THIRD PARTIES

In certain circumstances we may process personal data of other persons connected to you, such as dependents and family members.  The personal data regarding third parties that you provide to us will be processed for the purposes of HR administration and management, including the administration of benefits and to contact your next-of-kin in an emergency, and by Compliance to establish and meet regulatory requirements and identify any conflicts of interest.. Before you provide data relating to third parties to us, you should ensure you are permitted to do so and make them aware of the information contained in this notice.

3. PURPOSES AND REASONS FOR PROCESSING YOUR PERSONAL DATA

3.1 PURPOSES FOR PROCESSING

Your personal data are collected and processed for various business purposes, in accordance with applicable laws and any applicable collective bargaining agreements.  Data may occasionally be used for purposes not anticipated by you where the circumstances warrant such use (e.g., in investigations or disciplinary proceedings).

EVEREST GROUP and EVEREST GROUP affiliates process your personal data for a specific purpose and process only the personal data relevant for achieving that purpose.  In particular, we process your personal data for the following purposes and for compatible purposes:

A. Applicant/candidate attraction, assessment and selection:including all activities in connection with recruitment (including vetting and background checks).

If and to the extent permitted by applicable laws, this includes recruitment and appropriate vetting for recruitment including, where relevant and appropriate, credit checks, right to work verification, identity fraud checks, criminal record checks, relevant employment history, relevant regulatory status and professional qualifications.

B. Workforce management and development: including all activities undertaken in managing and administering the relationship between EVEREST GROUP and its employees and workers. This includes talent management, assessment and development, employee relations, benefits including administrative support and location-based processing.

This includes:

• • • training, development, promotion, career and succession planning;
    • allocating and managing duties and responsibilities and the business activities to which they relate, including business travel and tax matters;
    • identifying and communicating effectively with staff;
    • managing conduct and performance processes, handling complaints and investigations and operating other informal and formal HR processes and making related management decisions;
    • processing information about absence or medical information regarding physical or mental health or condition in order to administer related benefits, determine fitness for work, facilitate a return to work, or to make adjustments to your role or the workplace;
    • making management decisions regarding employment or engagement or continued employment or engagement or redeployment and related processes;
    • complying with applicable laws and regulation (for example employment, working time, health and safety and tax laws and regulation to which we are subject in the conduct of our business);
    • complying with reference requests where EVEREST GROUP is asked or required to act as a referee; and
    • where relevant, publishing appropriate internal or external communications or publicity material including via social media in appropriate circumstances.

C. Managing compensation and administering benefits: including staff compensation and management of benefits and retirement entitlements.

This category includes providing and administering remuneration, and benefits and reimbursement of business costs and expenses and making appropriate tax and social security deductions and contributions.

D. Promoting diversity and preventing discrimination: including those activities that we undertake as an Equal Opportunities employer.

This category includes managing monitoring programs to ensure equality of opportunity and diversity with regard to personal characteristics protected under applicable anti-discrimination laws and to monitor the effectiveness of those programs.

E. Management and improvement of EVEREST GROUP systems and operations: including improvements to HR systems, management of technology systems and processes and business transformation and changes to EVEREST GROUP’s structure and operations.

This category includes:

• • • business contingency planning;
    • engagement with employees (and/or employee representatives) for planning, managing and carrying out restructuring or redundancies or other change programs (including consultation, selection, alternative employment searches and related management decisions);
    • conducting surveys for benchmarking and identifying improved ways of working, employee relations and engagement at work (these will often be anonymous but may include profiling data such as age to support analysis of results);
    • planning, due diligence and implementation in relation to a commercial transaction or service transfer involving EVEREST GROUP that impacts on your relationship with EVEREST GROUP (for example a transfer of your employment under applicable automatic transfer laws);
    • implementing email, technology, internet, social media, HR related and other company policies and procedures; and
    • providing technical support and maintenance for HR information systems and to change access permissions.

F. Prudent business management and protecting and enforcing EVEREST GROUP rights: including vendor management, management and strategy and management reporting activities.

This category includes:

• • • business operational and reporting documentation such as the preparation of annual reports or tenders for work or client team records including the use of photographic images;
    • supporting HR administration and management and maintaining and processing general records necessary to manage the employment, worker or other relationship and operate the contract of employment or engagement; and
    • operating the relationships with third party customers and suppliers including the disclosure of relevant background checking information in line with the appropriate requirements of regulated customers to those customers, contact or professional CV details or photographic images for identification to clients or disclosure of information to data processors for the provision of services to EVEREST GROUP.

G. Protection of business, clients, staff and systems: this includes protecting the private, confidential and proprietary information of EVEREST GROUP, EVEREST GROUP affiliates and our employees, clients and third parties.

This includes, to the extent permitted by applicable law, carrying out monitoring of our technology systems to protect and maintain the integrity of such systems and infrastructure and to ensure compliance with relevant technology policies. We also locate information through searches where needed for a legitimate business purpose.

H. Meeting our regulatory and compliance obligations and preventing crime: this includes carrying out regulatory compliance checks, making disclosures to, and complying with requests from public authorities, regulators (whether inside or outside of the country where you reside or the European Economic Area) or governmental bodies across our global group, and investigating conduct and preventing fraud and other crime.

This includes:

• • • activities to enforce our legal rights and meet our obligations, and for any purposes in connection with any legal claims made by, against, or otherwise involving you;
    • actions we take to comply with lawful requests by public authorities (including without limitation to meet national security or law enforcement requirements), disclosure requests, or where otherwise required or permitted by applicable laws, court orders, government regulations, or regulatory authorities (including without limitation data protection, tax and employment), in all cases whether within or outside your country of residence; and
    • processing activities to satisfy our regulatory obligations to supervise the persons employed or appointed by us to conduct business on our behalf, including preventing, detecting and investigating a wide range of activities and behaviors, whether relating to specific business dealings or to the workplace generally and liaising with regulatory authorities.

We may also process data for other purposes we notify to you from time to time.

Additional information regarding specific processing of personal data may be notified to you locally or as set out in applicable policies.

In particular, additional details of technology monitoring and management of confidential information are set out in EVEREST GROUP’s Data and Information Protection Policy and Data Use and Standards Policy.

3.2  OUR REASONS (LEGAL BASES) FOR PROCESSING

The personal data processing described in this notice may be:

A. necessary in order to enter into contracts with you relating to your employment or engagement with us and meet our obligations under such contracts;

This applies to paragraphs A, B, C and F of section 3.1 above.

B. necessary in order to comply with our legal obligations under applicable data protection laws, including the laws of the EU and its Member States, and the laws of California;
This applies to paragraphs B, D, E and H of section 3.1 above.

C. necessary for the legitimate interests of EVEREST GROUP or others (as described below), where these are not overridden by your interests or fundamental rights and freedoms; or

This applies to paragraphs A to H of section 3.1 above.

D. in limited circumstances and to the extent the legal bases for processing set out above do not apply, processed with your consent (which we obtain from you from time to time).

The ‘legitimate interests’ referred to in section 3.2 C above are:

• • the processing purposes described in A to H of section 3.1 of this notice to the extent the processing is not necessary in order to: (i) enter into contracts with you and meet our obligations under such contracts, or (ii) comply with our legal obligations under the laws of the EU and its Member States;
  • working with the firm’s regulators to meet their requirements, and complying with our regulatory obligations globally; and
  • exercising our fundamental rights and freedoms, including our freedom to conduct a business and right to property.

SPECIAL CATEGORIES OF PERSONAL DATA

What are special categories of personal data?
Special categories of personal data are: (i) personal data that reveal racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership; (ii) any genetic data or biometric data processed for the purpose of uniquely identifying a natural person; or (iii) data concerning health or sex life or sexual orientation.

Special category data is processed for one or more of the following reasons:

A. the processing is necessary for the purposes of carrying out the obligations and exercising specific rights in the field of employment and social security and social protection law in so far as it is authorised by Union or Member State law or a collective agreement pursuant to Member State law providing for appropriate safeguards for the fundamental rights and the interests of the data subject;

This applies to certain processing activities described under section 3.1 B and D above. This may include the following, although this is not an exhaustive list:

• • health and medical information may be used to comply with, and exercise our rights under, employment, health and safety or social security laws; for example to provide statutory incapacity or parental benefits, avoid breaching legal duties to you, to ensure fair and lawful management of your employment, avoid unlawful termination of your employment, to monitor absence and to administer EVEREST GROUP’s private medical and long term disability schemes, to make reasonable accommodations or adjustments and avoid unlawful discrimination or dealing with complaints arising in this regard;
  • trade union membership may be recorded to ensure that we may comply with any relevant rights that you may have in connection with any trade union membership, as required to enable us to meet our obligations under employment law; and
  • information regarding your racial or ethnic origin, religion, philosophical or political belief, sexual orientation, sexual life and sexual orientation may be used in the event of a complaint under EVEREST GROUP’s grievance, whistleblowing, anti-bullying and harassment or similar policies where such characteristics or information are relevant to the particular complaint, in order to comply with employment law obligations.

B. the processing is necessary for the establishment, exercise or defence of legal rights and claims;

This applies to processing for the purposes of establishing, exercising and defending legal rights and claims, as described in H of section 3.1 of this notice, to the extent this involves processing any special categories of personal data.

C. the processing is necessary for reasons of substantial public interest;

D. the processing relates to personal data that you have made public; or

E. solely to the extent that the processing is not otherwise justified under one of the above justifications, your explicit consent to the processing (which we obtain from you from time to time).

DATA RELATING TO CRIMINAL CONVICTIONS AND OFFENCES

We only process personal data relating to criminal convictions and offences as authorised by applicable law. For example, we process criminal record information as part of our pre-employment and periodic background check procedures (see section 3.1 A above), our annual certification process, in connection with correspondence received from, or reporting to, law enforcement agencies or in the course of the management of our relationship with you, in each case where required or authorised by applicable law.  For example, where we have a legal or regulatory requirement to report an offence or applicable laws authorize EVEREST GROUP to process information about the offence for the purpose of making decisions regarding your relationship with EVEREST GROUP.

4. MANDATORY DATA

Where we ask you to provide personal data to us on a mandatory basis, we will inform you of this at the time of collection. We will also inform you if particular information is required by the contract or statute.  Failure to provide any mandatory information will mean that we cannot carry out certain HR processes.  For example, if you do not provide us with your bank details, we will not be able to pay you. In some cases, it may mean that we are unable to continue with your employment or engagement as EVEREST GROUP will not have the personal data we believe to be necessary for the effective and efficient administration and management of our relationship with you.

5. YOUR CONSENT 

We may seek your consent to certain processing which is not otherwise justified on one of the bases set out in section 3.2 of this notice.  If consent is required for the processing in question, it will be sought from you separately to ensure that it is freely given, informed and explicit.  Information regarding such processing will be provided to you at the time that consent is requested, along with the impact of not providing any such consent.  You should be aware that it is not a condition or requirement of your employment to agree to any request for consent from EVEREST GROUP.

To the extent EVEREST GROUP is relying on your consent to process your personal data, you have the right to withdraw your consent to such processing at any time. You can do this by contacting our data protection team at [email protected].

Please note that any processing of your personal data prior to your withdrawal of consent will remain unaffected by any such withdrawal.  Please note also that this notice does not apply to consents you provide for any other reason, such as in connection with access to medical reports or vetting procedures.

6. SHARING PERSONAL DATA

Within EVEREST GROUP, your personal data can be accessed by or may be disclosed internally on a need-to-know basis to:

• • local, regional and global HR, including managers and team members;
  • local, regional and executive management responsible for managing or making decisions in connection with your relationship with EVEREST GROUP or when involved in an HR process concerning your relationship with EVEREST GROUP (including, without limitation, employees and workers from Compliance, Legal, Operations, the Office of Global Security and Information Security);
  • local and regional support services (such as travel bookings and other support services) and personal assistants;
  • system administrators; and
  • where necessary for the performance of specific tasks or system maintenance by employees and workers in EVEREST GROUP teams such as the Finance and IT Department and the Global HR information systems support team.

Certain basic personal data, such as your name, location, job title, contact information and any published skills and experience profile may also be accessible to other employees. The security measures in place within EVEREST GROUP to protect your data are set out in section 7 below.

Your personal data may also be accessed by third parties with whom we work and who provide us with services, such as hosting, supporting and maintaining the framework of our HR information systems.  This includes those vendors that we work with to provide health related services, such as Occupational Health and well-being services.

Personal data may also be shared with certain interconnecting systems such as talent management, performance review, and local payroll and benefits systems. Data contained in such systems may be accessible by providers of those systems, their affiliates and sub-contractors.

Due to the size and complexity of EVEREST GROUP’s operations it is not possible to name each of our data recipients in this notice.  Examples of third parties with whom your data may be shared include EVEREST GROUP’s clients (and client staff, where appropriate), suppliers (and supplier staff), tax authorities, regulatory authorities, EVEREST GROUP’s insurers, bankers, IT administrators, lawyers, auditors, investors, consultants and other professional advisors, payroll providers, and administrators of EVEREST GROUP’s benefits programs.  EVEREST GROUP requires such third parties to process any data disclosed to them in accordance with applicable law, including with respect to data confidentiality and security.

Where these third parties act as a “data processor” (for example a payroll provider) they carry out their tasks on our behalf and upon our instructions for the above-mentioned purposes. In this case your personal data will only be disclosed to these parties to the extent necessary to provide the required services.

In addition, we may share personal data with national authorities or regulators in order to comply with a legal obligation or regulatory requirement to which we are subject.

1. 7. SECURITY OF DATA

EVEREST GROUP uses a variety of technical and organisational methods to secure your personal data in accordance with applicable laws.

EVEREST GROUP is committed to protecting the security of the personal data you share with us. In support of this commitment, we have implemented appropriate technical, physical and organisational measures to ensure a level of security appropriate to the risk.

A number of the measures that we use to protect information are set out in the Global Privacy Policy and the Information Security Handbook, which sets out the applicable Firm policies including the Technology Risk policies.

We require our vendors and suppliers to keep the personal data that we provide to them secure, both in transit and once received by them.  This includes encryption, where appropriate.

8. INTERNATIONAL TRANSFER

EVEREST GROUP will ensure that appropriate safeguards are in place to protect your personal data and that transfer of your personal data is in compliance with applicable data protection laws.  The transfer of your personal data among Everest Group affiliates is covered by and conducted under standard contractual clauses as approved the European Commission. Where required by applicable data protection laws, EVEREST GROUP has ensured that service sign standard contractual clauses as approved by the European Commission or other supervisory authority with jurisdiction over the relevant data exporter.  You can obtain a copy of any standard contractual clauses in place which relate to transfers of your personal data by contacting [email protected].

The data sharing listed in this notice may involve the transfer of personal data to any country in which EVEREST GROUP or a EVEREST GROUP affiliate conducts business or has a service provider or to other countries for law enforcement purposes (including, without limitation, the United States of America and other countries whose data privacy laws are not as stringent as those in effect in the United Kingdom, Switzerland or the European Union).

9. DATA SUBJECT RIGHTS

You may be entitled under the applicable data protection laws to the following rights in respect of your personal data:

A. Information and access: You have the right to be provided with certain information about EVEREST GROUP’s processing of your personal data and access to that data (subject to exceptions).
B. Rectification:If your personal data changes, we encourage you to inform us of the change. You have the right to require inaccurate or incomplete personal data to be updated or corrected.
C. Erasure: You have the right to require that your data be erased in certain circumstances, including where it is no longer necessary for us to process this data in relation to the purposes for which we collected or processed the data, or if we processed this data on the basis of your consent and you have since withdrawn this consent.
D. Data portability: Where we process your personal data on the basis of your consent, or where such processing is necessary for entering into or performing our obligations under a contract with you, you may have the right to have the data transferred to you or another controller in a structured, commonly used and machine-readable format, where this is technically feasible.
E. Right to object to certain data processing: To the extent that EVEREST GROUP is relying upon the legal basis of legitimate interest to process your personal data, then you have the right to object to such processing, and EVEREST GROUP must stop such processing unless we can either demonstrate compelling legitimate grounds for the processing that override your interests, rights and freedoms or where EVEREST GROUP needs to process the data for the establishment, exercise or defence of legal rights and claims. Where EVEREST GROUP relies upon legitimate interest as a basis for processing, we believe that we can demonstrate such compelling legitimate grounds, but we will consider each case on an individual basis.
F. Right to restriction of processing: You have the right to restrict EVEREST GROUP’s processing of your personal data while your request for data rectification or objection to personal data processing is being considered, if we no longer need to process your data but you need that data in connection with a legal claim, or if our processing is unlawful but you do not want us to erase the data.  If this right applies, we will continue to store your data but will only further process it with your consent, for the establishment and exercise of legal rights or defence of legal claims, to protect the rights of another person, or for reasons of important public interest.
G. Right to withdraw consent: To the extent that EVEREST GROUP is relying upon your consent to process personal data, you have the right to withdraw such consent at any time.  Please see section 5 of this notice.
H. Complaint: You also have the right to lodge a complaint with a supervisory authority, in particular that in your Member State of residence, where applicable.

If you wish to exercise any of these rights you may do so by sending an email to [email protected]. a written request to EVEREST GROUP, clearly marked “Individual Rights” and sent to the following address:

Office of the Data Protection Officer
Everest Group, 12770 Merit Drive, Suite 800, Dallas, TX 75251.

We may provide additional ways for you to exercise your rights from time to time.

10. RETENTION OF PERSONAL DATA

EVEREST GROUP and EVEREST GROUP affiliates retain personal data for varying time periods in order to assist us in complying with legal and regulatory obligations, to enable compliance with any requests made by regulators or other relevant authorities and agencies, to enable us to establish, exercise and defend legal rights and claims, and for other legitimate business reasons.

EVEREST GROUP and EVEREST GROUP affiliates retain your personal data for the period of time required for the purposes for which it was collected, any compatible purposes which we subsequently establish, any new purposes to which you subsequently consent, or to comply with legal, regulatory and EVEREST GROUP policy requirements.

11. UPDATES TO THIS NOTICE

The information in this notice may change from time to time – for example, the categories of personal data that GS collects, the purposes for which it is used and the ways in which it is shared may change.  This notice may be updated from time to time.

APPENDIX 1: EVEREST GROUP CONTROLLER ENTITIES

Everest Global, Inc.  (US)

Everest Group Consulting Limited (UK)

Everest Business Advisory India Private Limited (India)

Everest Outsourcing Canada Co. (Canada)

Everest Group Czech Republic (Czech Republic)

* The local representative of Everest Group within the European Union is Everest Group Czech Republic