First Data Corporation and its subsidiaries and affiliates (collectively, the “Company”) take protection of the privacy of our job applicants, employees, former employees, dependents and beneficiaries of employees and former employees, contractors and contingent workers (“Data Subjects”) very seriously. The Company collects and processes information relating to Data Subjects in connection with their working relationship or application for employment with the Company (“Employment Data”). The Company collects and processes Employment Data in compliance with applicable data protection laws, including the European Union’s (EU’s) Data Protection Directive (Directive 95/46/EC) as implemented into the national law of each EU member state and other countries’ laws regarding data protection and with the laws of the various states in the United States and the Privacy Principles of the Safe Harbor Framework.

1. Notice and Choice

The Company provides Data Subjects with notice disclosing why Employment Data is collected and how it will be used. Employment Data is collected and used fairly and lawfully and in accordance with this Policy and the notices provided.

The Company collects and processes Employment Data only for purposes of administering the employment relationship, for carrying out of lawful business activities, when required by law, or for purposes relevant to Corporate policies. The Company will not process Employment Data in ways incompatible with those purposes.

The Company may disclose Employment Data to third parties only for purposes stated above. Examples of the types of third parties to whom the Company may disclose Employment Data include governmental entities, where required, and vendors serving the Company in connection with the administration of employee benefits, training, performance management, security, data collection and similar matters.

The Company will seek consent from Data Subjects before using the Employment Data for any other purpose, with the exception of purposes for which the Company is required to process data by any legislative or regulatory requirement.

The Company will obtain the Data Subject’s prior written consent before processing Sensitive Employment Data, except where the processing is necessary to carry out the Company’s rights and obligations in the field of employment law or where consent is not required under applicable law.

The Employment Data collected by the Company is necessary for business purposes, including the administration of the employment relationship. Therefore, failure to provide necessary Employment Data may disqualify an individual from employment or from participation in certain Company plans and programs.

2. Onward Transfer

When the processing of Employment Data is outsourced by the Company to a third party, the Company will select reliable third parties and processing will be subject to written agreements between the Company and the third parties processing the data. These written agreements specify the rights and obligations of each party and will provide that the third party has adequate security measures in place and will only process Employment Data on the specific written instructions of the Company. The Company may also transfer Employment Data to third parties as required by law or legal instrument, to protect the Company’s legal rights or assets, to facilitate acquisition or disposition of Company businesses, and in emergencies where the health or safety of a person is endangered.

The Company does not sell, rent, share, trade or disclose any Employment Data it keeps relating to a Data Subject to any other parties without the prior written consent of the Data Subject, with the exception of entities within the Company and any suppliers or vendors which the Company has engaged to provide services and are involved in the processing of Employment Data on the Company’s behalf.

Personal data will not be transferred to a country or territory when collected in a country or territory that considers the receiving country or territory to having inadequate data protection law(s), unless adequate measures are in place to protect the rights and freedoms of data subjects in relation to the processing of personal data.

3. Access and Data Integrity

Data Subjects have the right to request access to Employment Data relating to them held by the Company. Upon request, and after providing proof of identity, individuals will be given access to their Employment Data, where proportionate and as required by applicable law.

The Company shall process access requests in the ordinary course of business and pursuant to applicable law, and will ensure that any reasonable requests for information will be handled promptly and fairly.

The Company will exercise reasonable efforts to ensure that Employment Data is accurate, adequate, relevant, and not excessive for the purposes for which it is processed.

The Company will exercise reasonable efforts to ensure that Employment Data is retained for no longer than is necessary for the purpose for which it is being processed.

4. Security

The Company implements technical, physical and organizational measures to protect Employment Data against accidental or unlawful destruction, or accidental loss or alteration, or unauthorized disclosure or access (in particular where the process involves transmission of Employment Data over a network).

The Company ensures a level of security appropriate to the risk represented by the process and nature of the Employment Data to be protected, with all due regard to the state of the art and cost measures.

The Company will not transmit Employment Data across the public Internet using a method that is not reasonably secure from parties who may attempt to intercept it. Employment Data will not, therefore, be transmitted in unencrypted form in the body of or in an attachment to an Email message that will be transmitted unencrypted across the public Internet.

5. Treatment of Sensitive Employment Data

Access to Sensitive Employment Data* will be limited to Company employees and third-party processors that: (1) the Company authorizes to have access to Sensitive Employment Data; (2) need access to such data to perform normal job responsibilities or to provide services to the Company; and (3) are bound by company policy, contract or other legal obligation to use and disclose the data only as authorized by the Company. Sensitive Employment Data must only be used as needed to satisfy the required responsibilities of the personnel authorized to access it. To the extent possible, the Employee ID number will be used as the identifier for any Company employee instead of relying upon Sensitive Employment Data for identification purposes. Sensitive Employment Data will be disposed of in accordance with the Company’s Information Security Policy and the Confidential Document Disposal Policy and associated references. All Sensitive Employment Data will be encrypted if transmitted electronically or secured in packaging if hard copy is sent by mail or delivery service and if faxed, the fax sending and receiving machines must be located in secure rooms.

The Company takes compliance with its data protection obligations very seriously. Employees will receive training regarding data privacy rights and obligations, as appropriate.

Failure by any Company employee to comply with this Policy and all applicable privacy laws, or to undergo training, as appropriate, will amount to a serious disciplinary offense, subject to discipline that may include termination of employment.

If anyone has any questions or concerns regarding this Policy or the Company’s privacy policies and practices, please contact the Global Privacy Office at dataprivacyoffice@firstdata.com.

* “Sensitive Employment Data” for the purposes of this Policy means any Employment Data relating to a Data Subject's racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, data concerning health or sex life, criminal record data, Social Security numbers and other national identifier numbers.