Global Employee Privacy Policy

LAST UPDATED: October 28, 2025

Schrödinger, LLC and its corporate affiliates (collectively, “Schrödinger,” “Company,” “we,” or “us”) value your trust and are committed to handling Personal Information (as defined below) appropriately in accordance with applicable law. Schrödinger operates in many countries. Some of these countries have laws related to the collection, use, transfer, and disclosure of the Personal Information of individuals, including our employees. We take these obligations very seriously, and we are committed to protecting the privacy of our current and former employees.

The purpose of this Global Employee Privacy Notice (the “Global Notice”) is to explain what Personal Information we collect, access, use, store, transfer, retain, and disclose (together, “process”). As used in this Global Notice, “Personal Information” refers to information about you and your working relationship with Schrödinger, or your spouse, domestic/civil partner, or dependents (“Dependents”), and from which you or they are identifiable.

This Global Notice may be supplemented by other privacy notices that are:

Specific to certain jurisdictions and/or specific to uses of your Personal Information; or
For other reasons detailed in Additional Information Regarding the United Kingdom and European Union and our Additional Information Regarding California.

Personal information submitted elsewhere on the Company’s websites will be used in accordance with the Company’s general online Privacy Policy.

1. Personal Information We Process

The Personal Information that we process will vary based on work location and your position. The following categories of Personal Information we may process may include:

Personal Contact Details: Name, work or home contact details (email, phone numbers, physical address).
Demographic Information: Gender, date and place of birth, age, national origin, ethnicity, disability, military/veteran status, and participation in sponsored groups.
Employment Details: National identification number, driver’s license number, employee identification number, and photograph.
Marital Status and Family Information: Marital/civil partnership status, domestic partners, dependents, emergency contact information.
Financial and Tax Information: Banking details (including financial account numbers, securities account numbers, trading activity), tax identification number, tax location code, social security number, and any other equivalent government identification number.
Work Authorization Information: Citizenship, passport data, and details of residency or work permit.
Background Check Information (if permitted by local law): Name, social security number or the equivalent government identification number, date of birth, credit reports, school transcripts, military records, professional history, and criminal records.
Position and Employment Status: Description of current position, job title, corporate status, management category, business unit, job code, salary plan, pay grade or level, job function(s) and subfunction(s), company name and code (legal employer entity), division/department/team name and code, location, employment status and type, full-time/part-time, retirement eligibility, reporting manager(s) information, internal job and work history, job responsibilities, service date, promotion dates, employee class, and length of service.
Professional History, Skills, and Certifications: Work history, hire/re-hire and termination date(s) and reason, length of service, promotions and disciplinary records, date of transfers, details contained in letters of application and resume/CV (internal and external employment history, education history, student transcripts, grade point average, grades, disciplinary records, professional qualifications, language and other relevant skills, certification, and certification expiration dates).
Talent Management Information: Details on performance management ratings, e-learning programs, performance and development reviews, willingness to relocate, information used to populate employee biographies, third party references and letters of application, employee satisfaction, opinions and inferences.
Training Attendance and Certifications: Training and development program attendance, completion, and certification, and certification expiration dates.
Compensation and Payroll: Base salary, incentive compensation, bonus, benefits and allowances, compensation type, salary step within assigned grade, details on stock options, stock grants and other awards, currency, pay frequency, effective date of current compensation, salary reviews, long-term compensation awards, total compensation, benefit election statements, shares purchased in the employee stock purchase plan, other company equity grants, payroll identification number, equity data, overtime eligibility and overtime pay.
Management Records: Details of any shares of common stock or directorships.
Contract Information: Terms of employment, employment contract, severance plan and eligibility data.
Leave Information: Working time records (including vacation and other absence records, leave status, hours worked, and department standard hours), pay data, and hire/re-hire and termination date(s) and reason.
System and Application Access and Usage Data: Information required to access company systems and applications (such as user and system IDs for company network or servers, email account, instant messaging account, passwords, access logs, activity logs, and electronic content produced by employees using company systems) and information about employee activities online (such as frequency, time, type, and duration of activities).
Security Information: CCTV video recordings, logs regarding use of systems and applications.
Communication Tools Information: Video and audio information derived from video conferences/meetings, chat, instant messaging, screen sharing, trainings, webinars, and other use of remote communication tools.
Event Information: Dietary restrictions, clothing size, travel and transaction details for business related travel, expense reimbursement information, and travel itinerary details.
Health/Medical Information: COVID-19 symptoms and test results, vaccination status, temperature, accommodations requested, etc. We collect this information in order to accommodate a disability or illness, comply with applicable law(s), promote employee and public health, manage the workforce, and to provide benefits.
Sensitive Information: In certain cases we process certain types of sensitive information. We will collect this information, provided that applicable law permits, only if necessary to meet specific obligations, provide specific benefits, or monitor equal opportunity employment. This includes data about sex, sexual orientation, gender identity or expression, race, ethnic origin, disability, marital status, creed, pregnancy or maternity, military veteran status, nationality, national origin, color, trade union membership, and/or age of our employees (“Diversity Data”).

If you do not provide us with the Personal Information necessary to manage your employment with us, we may not be able to deliver to you all the services, compensation, and benefits associated with your job or maintain our employment relationship with you. To the extent that you decide to provide or make available Personal Information that is not required for the purposes as described in Section 4 “How and Why We Process Personal Information”, your decision to provide Personal Information is voluntary. If we process Personal Information based on your consent, you may withdraw your consent at any time.

2. Information from Other Sources

We receive Personal Information from you as well as from other sources. This Personal Information is obtained from a variety of sources, as permitted by applicable law, including:

References you provide
Managers
Educational Records
Recruiters
Licensing / Certification Organizations
Background Check Providers (if permitted by local law)
Credit Reports (if permitted by local law)
Facilities and IT systems and support service providers
Public and/or government and/or regulatory authorities (if applicable)
Legal Service Providers (if applicable)
Third Party Organizations in the M&A Context (if applicable) when they share Personal Information with us to, for example, facilitate mergers, acquisitions, and other reorganization and restructurings of our business

3. How and Why We Process Personal Information

We process your Personal Information for the purposes listed below based on one or more of the following reasons: (i) because we are required to do so by local applicable law; (ii) because such information is necessary to fulfill the employment contract; (iii) because such information is of particular importance to us and we have a specific legitimate interest to process it; or (iv) where necessary to protect the vital interests of any person. This may include:

Managing our employment relationship:
- Recruiting and performing background checks
- Onboarding
- Administering payroll and benefits
- Discipline and performance management
- Employee training
- Off-boarding (i.e., processing leave, transfers, secondments, and termination)
- Promoting equal employment opportunities
- Travel arrangements and events
- Communications, facilities, and operations
- Responding to emergencies
Detecting, investigating, preventing fraud and other crimes or malpractice or breaches of internal company policies

Monitoring, searching, and reviewing corporate and employee communications and use of corporate assets to ensure compliance with code of ethics, internal policies, and applicable laws/regulations

Conducting workforce analytics and planning, and business continuity

Performing business operations

Implementing and developing an information security program

Complying with legal requirements (in all countries in which we operate)

4. With Whom Personal Information is Shared

From time to time, we sometimes need to make Personal Information available to Schrödinger corporate affiliates for the purposes described above. Access to Personal Information within Schrödinger will be limited to those who have a need to know the information, and may include your managers and their designees, personnel in HR, IT, Ethics & Compliance, Legal, and Finance. All personnel within Schrödinger will generally have access to your business contact information such as name, position, telephone number, work location, and work email address.

Occasionally, we may share your Personal Information with: (i) third party service providers acting upon our request (such as accountants, auditors, lawyers, and other outside professional advisors, travel agencies, company health providers, banks, insurance companies, payroll providers, human resources services, IT systems suppliers and support) only as necessary to perform their services; (ii) unaffiliated third parties, if it is part of a merger, divestiture, or asset sale, insofar as it is necessary for the purposes of such merger, divesture, or asset sale; and (iii) unaffiliated third parties, if required to do so by law or court order (e.g., tax authorities, social security agencies, enforcement agencies, or other governmental agencies).

5. Where We Process Your Personal Information

Due to the global nature of our business activities, we may disclose Personal Information to personnel and departments throughout Schrödinger for the purposes set out above (see Section 4 above “How and Why We Process Personal Information”). This may include transferring Personal Information to other countries or regions, which may have a different data protection regime than is found in the country or region where you are based, including, for example, the United States, India, Germany, France, Korea, Japan, and the United Kingdom (UK). When making these transfers, we will take steps designed to ensure that your Personal Information is adequately protected and transferred in accordance with the requirements of data protection law, including by putting in place appropriate data transfer mechanisms (such as contractual clauses). For a list of the companies that may process Personal Information, see the major operating companies and subsidiaries of registrants listed in our 10-K.

Several countries require that organizations put in special protections when information is shared cross border. Schrödinger complies with those obligations and has implemented intercompany mechanisms to meet those requirements. For transfers from within the UK, Switzerland, and/or European Economic Area (the “EEA”) to outside the UK, Switzerland, and/or EEA, we ensure a similar degree of protection is afforded to it by ensuring that at least one of the following safeguards is implemented:

Adequacy Decisions: Some countries outside of the EEA are recognized under the UK government, Swiss government, and the European Commission as providing an adequate level of data protection according to EEA standards (the full list of these countries is available here: https://commission.europa.eu/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_en#:~:text=The%20European%20Commission%20has%20so,commercial%20organisations%20participating%20in%20the). The UK recognizes the EEA member states, the specified countries, and certain other countries as providing an adequate level of data protection according to UK standards (the full list is available here: https://ico.org.uk/for-organisations/uk-gdpr-guidance-and-resources/international-transfers/international-transfers-a-guide/#Q1). Switzerland recognizes EEA member states and certain other countries as providing an adequate level of data protection according to Swiss standards (the full list is available here:: https://www.fedlex.admin.ch/eli/cc/2022/568/en#annex_1).
Standard Contractual Clauses. For transfer from the EEA, Switzerland, and/or the UK to countries not considered adequate by the European Commission, Switzerland, or the UK government (as applicable), we have put in place adequate measures, such as standard contractual clauses adopted by the relevant authority, to protect your Personal Information.

For further information about these transfers (including, for employees in the EEA, a copy of these measures) please contact us using the details in Section 13 below (“How You Can Contact Us”).

6. How We Secure Personal Information and Maintain Data Integrity

Schrödinger will take appropriate measures to protect Personal Information that are consistent with applicable privacy and data security laws and regulations, including requiring service providers to use appropriate measures to protect the confidentiality and security of Personal Information.

7. Data Integrity and Retention

Schrödinger will take reasonable steps to ensure that the Personal Information processed is reliable for its intended use, and is accurate and complete for carrying out the purposes described in this Global Notice.

We will retain Personal Information for the period necessary to fulfill the purposes outlined in this Global Notice unless a longer retention period is required or permitted by law. The criteria used to determine our retention periods are: (i) the duration of your employment; (ii) as long as we have an ongoing relationship with you or your Dependents/Beneficiaries and the length of time thereafter during which we may have a legitimate need to reference your Personal Information to address issues that may arise; (iii) as required by a legal obligation to which we are subject; and (iv) as advisable in light of our legal position (such as in regard of applicable statutes of limitations, litigation, or regulatory investigations).

8. Choices and How You Can Access and Correct Your Personal Information

To the extent the right is provided to you by applicable law, if you would like to request to:

Review, confirm, access, correct, update, suppress, restrict, delete, or object to or opt out of the processing of your Personal Information;
Obtain more information about the categories of Personal Information we collected, used, or disclosed, the sources for such Personal Information, the business and commercial purposes for which we collect Personal Information, and the third parties to whom it was disclosed;
Receive an electronic copy of your Personal Information, including specific pieces of your Personal Information, and, where applicable, a copy of your Personal Information for purposes of transmitting it to another company; or
Not be subject to a decision which is based solely on automated processing (without human involvement) where that decision produces a legal effect or otherwise significantly affects you;

you may contact us using the details in Section 13 below (“How You Can Contact Us”). We will respond to your request consistent with applicable law. We will not unlawfully discriminate against you for exercising your rights under applicable law.

For your protection, we may need to verify your identity before implementing your request. For that purpose, we may need to request additional Personal Information from you. If you make a request to delete, we may ask you to confirm your request before we delete your Personal Information. We will try to comply with your request as soon as reasonably practicable.

If we rely on your consent to process your Personal Information, you may withdraw your consent at any time.

Please note that we may need to retain certain information for recordkeeping purposes and certain Personal Information may be exempt from certain requests pursuant to applicable data protection laws or other laws and regulations.

If you are a UK/EU individual, please also refer to the Additional Information Regarding the United Kingdom and European Union at the end of this Global Notice for more information about privacy requests you may make.

9. Employee’s Obligations

Please keep Personal Information up to date and inform us of any significant changes to Personal Information. You agree to inform your Dependents whose Personal Information you provide to Schrödinger about the content of this Global Notice, and ensure you have the right to provide that information to Schrödinger. You further agree to follow applicable law and Schrödinger policies, standards, and procedures that are brought to your attention when handling any Personal Information to which you have access in the course of your relationship with Schrödinger. In particular, you will not access or use any Personal Information for any purpose other than in connection with and to the extent necessary for your work with Schrödinger. You understand that these obligations continue to exist after termination of your relationship with the Company.

10. How You Can Contact Us

In certain countries, consistent with applicable law, you may have certain rights with respect to the Personal Information that Schrödinger holds about you. For more information about privacy requests you may make, please refer to Section 9 above (“Choices and How You Can Access and Correct Your Personal Information”).

If you have questions or requests, please feel free to contact us at compliance@schrodinger.com and 888-530-6008.

11. When this Global Notice Was Last Updated and How Future Changes Will Be Notified

The “Last Updated” legend at the top of this Global Notice indicates when this Global Notice was last revised. We review this Global Notice regularly and reserve the right to make changes at any time to take account of changes in our recruitment, business, and legal requirements, and the manner in which we process Personal Information.

LAST UPDATED: October 28, 2025

Additional Information Regarding the United Kingdom and European Union

1. Introduction

This Supplement only applies where the United Kingdom (“UK”) General Data Protection Regulation (together “UK GDPR”) or the EU GDPR governs Schrödinger’s use of your Personal Information (this “Supplement”). As such, this Supplement will predominantly apply to employees located in the UK and European Economic Area (“EEA”).

2. Processing of Personal Information

We use your Personal Information for legitimate business purposes as described in the overview below.

Description of Purpose	Examples	Types of Personal Information	Why We Process Personal Information	Third Party Sources
Recruiting and performing background checks	Recruit job applicants and employees for open positions and perform background checks to confirm veracity of application details, such as education, experience, work authorization, and qualifications.	Personal Contact Details Demographic Information Employment Details Work Authorization Information Background Clearance Information (if permitted by local law) Position and Employment Status Professional History, Skills, and Certifications	With your consent. Legal obligations*, for example relating to workplace safety. Based on our legitimate interests, such as ensuring the accuracy of your application and promoting a safe work environment.	Background check providers (if permitted by local law) Credit Reports
Onboarding	Incorporate new hire (or re-hire) into our human resources system and use it to manage the new hire process (including by setting new hire with email account, access to systems and facilities); process work permissibility.	Personal Contact Details Demographic Information Marital Status and Family Information Position and Employment Status Professional History, Skills, and Certifications Contract Information Compensation and Payroll Financial and Tax Information Work Authorization Information Management Records System and Application Access and Usage Data Communication Tolls Information Health/Medical Information	Manage our contractual relationship with you.	N/A
Administering payroll and benefits	Administer and process salary and other payments, reviews, wages, and other awards such as stock options, stock grants and bonuses, pensions and savings plans, leave, healthcare; process leave and sickness leave; manage business expenses and reimbursements; honor other contractual benefits.	Personal Contact Details Position and Employment Status Financial and Tax Information Management Records System and Application access and Usage Data Security Information	Manage our contractual relationship with you.	Managed payroll provider
Discipline and performance management	Perform appraisals, performance management; process promotions; provide employment references; manage disciplinary matters; review employment decisions.	Personal Contact Details Employment Details Professional History, Skills, and Certifications Position and Employment Status Contract Information Demographic Information Talent Management Information Training Attendance and Certifications Compensation and Payroll Leave Information Security Information Communication Tools Information	Manage our contractual relationship with you. Based on a legitimate interest, such as promoting talent within the Company and disciplining employees for employment contract violations.	N/A
Employee training	Plan, administer, and monitor training requirements and career development activities and skills.	Personal Contact Details Demographic Information Employment Details Position and Employment Status Professional History, Skills, and Certifications Training Attendance and Certifications Communication Tools Information System and Application Access and Usage Data	Manage our contractual relationship with you. Based on legitimate interest, such as providing employees with appropriate compliance training and other informational materials and courses.	N/A
Off-boarding (i.e., processing leave, transfers, secondments, and termination)	Process and/or manage leave, sickness leave, secondments, transfers, or terminations.	Personal Contact Details Employment Details Contract Information Leave Information Management Records Position and Employment Status System and Application Access and Usage Data Security Information Communication Tools Information	Manage our contractual relationship with you.	N/A
Promoting equal opportunities in employment	Monitor and foster equal opportunity in recruitment processes and employment, including to comply with related applicable laws and regulation.	Personal Contact Details Demographic Information Position and Employment Status Professional History, Skills, and Certifications Contract Information Sensitive Information	Based on legitimate interest, such as promoting equal opportunities in employment.	N/A
Travel arrangements and events	Make business travel arrangements; accommodate dietary restrictions and disability; promote employee and public health (such as in the context of the COVID-19 pandemic).	Personal Contact Details Employment Details Financial and Tax Information Event Information Dietary Preferences	Manage our contractual relationship with you. Necessary to protect the vital interests of employees. Based on a legitimate interest, such as arranging events and travel required for employment.	Event management service providers, such as hotels, travel agents, etc.
Communications, facilities, and operations	Operate and manage the IT, communications systems, and facilities; create and maintain one or more internal employee directories; facilitate communications with you; protect the health and safety of employees and promote public health (such as in the context of the COVID-19 pandemic).	Personal Contact Details Employment Details System and Application Access and Usage Data Security Information Communication Tools Information Health/Medical Information Event Information	Necessary to protect the vital interests of employees. Based on a legitimate interest, such as operating IT systems, communications, and facilities.	Facilities and IT systems and support service providers
Responding to emergencies	Ensuring the safety of onsite personnel and visitors; responding to, handling, and documenting onsite accidents and medical and other emergencies; actively monitoring properties to ensure adequate incident prevention, response, and documentation (including CCTV); requesting assistance from emergency services; and sending notifications and alerts in the event of incidents or emergencies (such as via SMS, email, call, audio-visual device prompts, etc.).	Personal Contact Details Employment Details Marital Status and Family Information Security Information Communication Tools Information Health/Medical Information Event Information	Legal obligations*, for example, relating to health and safety regulations and documenting onsite accidents. Legitimate interests, such as monitoring properties through CCTV to ensure individuals’ safety. Protect individuals’ vital interests, such as contacting medical or emergency services where an individual’s life is at risk.	Facilities and event management service providers. Emergency communication service provider.
Detecting, investigating, preventing fraud and other crimes or malpractice or breaches of internal companies policies	Monitor compliance with our internal policies, including pursuant to the Company’s policies and procedures with regard to monitoring of telephone, email, Internet and other company resources, and other monitoring activities as permitted by local law; conduct investigations including employee reporting of allegations of wrongdoing, policy violations, fraud, or financial reporting concerns, and complying with internal policies and procedures.	Personal Contact Details Employment Details Management Records System and Application Access and Usage Data Security Information Communication Tools Information Background Clearance Information (if permitted by local law)	Necessary for the compliance with a legal obligation to which the Company is subject. Based on a legitimate interest, such as preventing fraud.	Facilities and IT systems and support service providers. Background Check Providers (if permitted by local law). Ombuds services provider.
Monitoring, searching, and reviewing corporate and employee communications and use of corporate assets to ensure compliance with code of ethics, internal policies, and applicable laws/regulations	Ensure compliance with internal policies, including information technology and information security policies, applicable laws and regulations (including those related to anti-bribery and corruption); access, record, monitor, search, and review corporate IT equipment and systems (including corporate and employee correspondence using corporate email addresses, instant messages and/or other electronic communications) and telephone calls using the corporate equipment.	Personal Contact Details Employment Details Management Records System and Application Access and Usage Data Security Information Communication Tools Information Background Clearance Information (if permitted by local law)	Necessary for compliance with a legal obligation to which the Company is subject. Based on a legitimate interest, such as preventing fraud.	Facilities and IT systems and support service providers. Background Check Providers (if permitted by local law).
Conducting workforce analytics and planning, and business continuity	Perform workforce reporting and data / trend analysis and strategic planning, succession planning, project management; manage company assets; conduct employee surveys; design employee retention programs; allocate company assets and human resources; ensure business continuity and crisis management.	Personal Contact Details Employment Details Professional History, Skills, and Certifications Talent Management Information Contract Information Compensation and Payroll System and Application Access and Usage Data Security Information Event Information Leave Information Management Records Communication Tools Information	Based on legitimate interest, such as allocating resources appropriately and evenly and ensuring business continuity.	N/A
Performing business operations	Carry out legitimate internal business activities, such as internal training, monitoring for and preventing fraud, enforcing our internal policies, protecting our rights, privacy, safety or property, and/or that of our affiliates, you or others, detecting and preventing cyberattacks, managing mergers, acquisitions, sales, reorganizations, joint ventures, assignments, transfers, or disposals and integration with purchaser.	Personal Contact Details Employment Details Demographic Information Marital Status and Family Information Financial and Tax Information Work Authorization Information Position and Employment Status Professional History, Skills, and Certifications Talent Management Information Training Attendance and Certifications Compensation and Payroll Contract Information Leave Information System and Application Access and Usage Data Security Information Communication Tools Information Event Information Health/Medical Information Background Clearance Information (if permitted by local law)	Based on our legitimate interests, such as training our recruiting personnel on how to evaluate applications. Legal obligations*, for example, relating to financial transactions, such as the obligation to maintain books and records.	Third party organizations, when they share Personal Data with us to, for example, facilitate mergers, acquisitions and other reorganization and restructurings of our business. Background check providers (if permitted by local law). Facilities and IT systems and support service providers.
Implementing and developing an information security program	Perform workforce analytics to identify patterns in the use of technology systems and information entrusted to us as well as the Company’s people and property.	Personal Contact Details System and Application Access and Usage Data Security Information. Communication Tools Information	Based on a legitimate interest, such as ensuring that our information and networks are secure.	Facilities and IT systems and support service providers.
Complying with legal requirements (in all countries in which we operate)	Comply with legal and other requirements applicable to our businesses in all countries in which we operate, such as record-keeping obligations, conducting audits to verify that our internal processes function as intended, compliance with government inspections, and other requests from government or other public authorities; respond to legal process such as subpoenas; pursue legal rights and remedies; defend litigation; and manage any internal complaints or claims (including those received through the hotline).	Personal Contact Details Demographic Information Marital Status and Family Information Financial and Tax Information Work Authorization Information Background Clearance Information (if permitted by local law) Position and Employment Status Professional History, Skills, and Certifications Talent Management Information Training Attendance and Certifications Compensation and Payroll Management Records Contract Information Leave Information System and Application Access and Usage Data Security Information Communication Tools Information Event Information Health/Medical Information Sensitive Information	Legal obligations*, such as complying with legal processes. Legitimate interests, such as enforcing terms and conditions to protect trademarks and bringing or defending legal claims.	Public and/or government and/or regulatory authorities, including courts, tribunals, regulators and government authorities. Third persons (legal or natural), as relevant for the specific legal action and/or processes in question (such as lawyers, auditors, insurers, advisory firms, etc.). Background check providers (if permitted by local law).

*For more information on our legal obligations, please see section ‘Other Disclosures’ below.

** For more information on disclosure of Personal Information in connection with a sale or business transaction, please see ‘Other Disclosures’ below.

3. Who is Responsible for Your Personal Information?

The primary company responsible for your Personal Information (i.e., the main data controller) will be the Schrödinger company by which you are employed. A list of the Schrödinger companies is available here.

If you have any questions, concerns or complaints about the way your Personal Information is used by Schrödinger, you can contact us using the contact details in Section 13 (“How You Can Contact Us”) of the Global Notice.

You also may lodge a complaint with a data protection authority for your country or region or in the place of the alleged misconduct. A list of EEA data protection authorities is available at https://ec.europa.eu/newsroom/article29/items/612080. Information regarding the UK data protection authority is available at: https://ico.org.uk/.

4. Disclosures of Personal Information

We also disclose your Personal Information as necessary or appropriate, in particular when we have a legal obligation or legitimate interest to do so, as set out in further detail below. As permitted by local law, the purposes for which we process Personal Information are set out in the table below:

Recipients	Purpose
Schrödinger, Corporate Affiliates and Departments	All purposes described in this Global Notice.
Professional Advisors (such as accountants, auditors, lawyers, insurers, bankers, and other outside professional advisors)	Administering payroll and benefits Discipline and performance management Off-boarding (i.e., processing leave, transfers, secondments, and termination) Responding to emergencies Detecting, investigating, preventing fraud and other crimes or malpractice or breaches of internal company policies Monitoring, searching, and reviewing corporate and employee communications and use of corporate assets to ensure compliance with code of ethics, internal policies, and applicable laws/regulations Implementing and developing an information security program Complying with legal requirements (in all countries in which we operate)
Payment and benefits service providers (such as banks, company health providers, insurance companies, payroll providers, human resources providers)	Administering payroll and benefits Performing business operations Complying with legal requirements (in all countries in which we operate)
Website hosting, email delivery, and information technology and related infrastructure, and analytics service providers	Onboarding Communications, facilities, and operations Off-boarding (i.e., processing leave, transfers, secondments, and termination) Performing business operations Responding to emergencies Detecting, investigating, preventing fraud and other crimes or malpractice or breaches of internal company policies Monitoring, searching, and reviewing corporate and employee communications and use of corporate assets to ensure compliance with code of ethics, internal policies, and applicable laws/regulations Implementing and developing an information security program Complying with legal requirements (in all countries in which we operate)
Background check service providers	Recruiting and performing background checks Onboarding
Travel agencies	Travel arrangements and events
Public and governmental authorities	Responding to emergencies Detecting, investigating, preventing fraud and other crimes or malpractice or breaches of internal company policies Monitoring, searching, and reviewing corporate and employee communications and use of corporate assets to ensure compliance with code of ethics, internal policies, and applicable laws/regulations Implementing and developing an information security program Complying with legal requirements (in all countries in which we operate)
Emergency services	Responding to emergencies Complying with legal requirements (in all countries in which we operate)
Auditing service providers	Detecting, investigating, preventing fraud and other crimes or malpractice or breaches of internal company policies Monitoring, searching, and reviewing corporate and employee communications and use of corporate assets to ensure compliance with code of ethics, internal policies, and applicable laws/regulations Complying with legal requirements (in all countries in which we operate)
Other third parties	General Business Operations

5. Other Disclosures

We also disclose your Personal Information as necessary or appropriate, in particular when we have a legal obligation or legitimate interest to do so, as set out in further detail below.

Purpose	Further Detail
To comply with applicable law and regulations	This may include laws outside your country of residence, which could give rise to a legal obligation requiring us to process your Personal Information, including: Civil and commercial matters: where we are in receipt of a court order to disclose information for the purposes of court proceedings. Criminal matters: to comply with requests and orders from law enforcement to provide information in relation to a criminal investigation in compliance with applicable local laws, or to take steps to report information we believe is important to law enforcement where so required or advisable under applicable local laws. Corporate and taxation matters: to comply with our obligations under applicable corporate and tax legislation, which may require collection of specific transactional Personal Information for tax purposes. Regulatory matters: to respond to a request or to provide information we believe is necessary or appropriate to comply with our obligations to engage with regulators, such as when relevant data protection supervisory authorities initiate investigation into our Company. These can include authorities outside of your country of residence. Compliance and internal investigations: to comply with whistleblowing requirements. Health and safety regulations: to comply with health and safety reporting obligations in accordance with applicable local laws, such as in relation to accidents involving members of the public on our premises.
For other legal reasons	For dispute resolution purposes. To protect our rights, privacy, safety or property, and/or that of our affiliates, you or others.

Purpose

Further Detail

To comply with applicable law and regulations

This may include laws outside your country of residence, which could give rise to a legal obligation requiring us to process your Personal Information, including:

- Civil and commercial matters: where we are in receipt of a court order to disclose information for the purposes of court proceedings.
- Criminal matters: to comply with requests and orders from law enforcement to provide information in relation to a criminal investigation in compliance with applicable local laws, or to take steps to report information we believe is important to law enforcement where so required or advisable under applicable local laws.
- Corporate and taxation matters: to comply with our obligations under applicable corporate and tax legislation, which may require collection of specific transactional Personal Information for tax purposes.
- Regulatory matters: to respond to a request or to provide information we believe is necessary or appropriate to comply with our obligations to engage with regulators, such as when relevant data protection supervisory authorities initiate investigation into our Company. These can include authorities outside of your country of residence.
Compliance and internal investigations: to comply with whistleblowing requirements.
Health and safety regulations: to comply with health and safety reporting obligations in accordance with applicable local laws, such as in relation to accidents involving members of the public on our premises.

For other legal reasons

- For dispute resolution purposes.
To protect our rights, privacy, safety or property, and/or that of our affiliates, you or others.

6. Data Protection Officer (DPO)

German residents may also contact our Data Protection Officer (DPO) at:

Prof. Dr. h.c. Heiko Jonny Maniero, LL.B., LL.M. mult., M.L.E.
DGD Deutsche Gesellschaft für Datenschutz GmbH
Fraunhoferring 3
85238 Petershausen
Deutschland
Phone: +49 (0) 8131-77987-0
Fax: +49 (0) 8131-77987-99
Email: info@dg-datenschutz.de
Website: https://dg-datenschutz.de/

LAST UPDATED: October 28, 2025

Additional Information Regarding California

This Supplement applies to California residents pursuant to the California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act of 2020 (“CCPA”), and supplements the information provided in the Global Notice (this “Supplement”) to notify California residents of the processing of Personal Information.

NOTICE AT COLLECTION

1. Collection and Disclosure of Personal Information

The following chart details which categories of Personal Information we collect and process, as well as which categories of Personal Information we disclose to third parties for our operational business and employment purposes, including within the 12 months preceding the date this Supplement was last updated.

Categories of Personal Information	Disclosed to Which Categories of Third Parties for Operational Business Purposes
Identifiers, such as name, alias, postal address, unique personal identifiers, IP address that can reasonably be linked or associated with a particular individual or household, email address, account name, online identifiers, photo badges, beneficiary designations, and government-issued identifiers (e.g., Social Security number, driver’s license number, passport number)	Our affiliates; service providers that provide services such as payroll, benefits, consulting, training, expense management, medical/health, IT, and other services; professional advisors, such as accountants, auditors, bankers, and lawyers; public and governmental authorities, such as regulatory authorities and law enforcement; business partners
Personal information as defined in the California customer records law, such as name, contact information, signature, Social Security number, driver’s license number, passport number, insurance policy number; medical, insurance, financial, education and employment information; bank account number, credit card number for company card, physical characteristics or description	Our affiliates; service providers that provide services such as payroll, benefits, consulting, training, expense management, medical/health, IT, and other services; professional advisors, such as accountants, auditors, bankers, and lawyers; public and governmental authorities, such as regulatory authorities and law enforcement; business partners
Protected Class Information, such as characteristics of protected classifications under California or federal law, such as sex, age, gender, race, disability, citizenship, military/veteran status, gender identity and expression, primary language, immigration status, marital status, and requests for leave	Our affiliates; service providers that provide services such as payroll, benefits, consulting, training, expense management, medical/health, IT, and other services; professional advisors, such as accountants, auditors, bankers, and lawyers; public and governmental authorities, such as regulatory authorities and law enforcement
Commercial Information, such as transaction information and purchase history, such as travel expenses, including information about corporate credit card purchases, frequent flyer rewards, and other travel-related programs and expenses	Our affiliates; service providers that provide services such as payroll, benefits, training, consulting, expense management, medical/health, IT, and other services; professional advisors, such as accountants, auditors, bankers and lawyers; public and governmental authorities, such as regulatory authorities and law enforcement; business partners
Internet or network activity information, such as access and usage information regarding websites, applications and systems, information about online communications, including browsing and search history, timestamp information, IP address and access and activity logs	Our affiliates; service providers that provide services such as payroll, benefits, training, expense management, medical/health, IT, and other services; professional advisors, such as accountants, auditors, bankers and lawyers; public and governmental authorities, such as regulatory authorities and law enforcement; business partners
Geolocation Data, such as device location, and approximate location derived from IP address, or GPS, Wi-Fi, or BLE tracking	Our affiliates; service providers that provide services such as payroll, benefits, training, consulting, expense management, medical/health, IT, and other services; professional advisors, such as accountants, auditors, bankers and lawyers; public and governmental authorities, such as regulatory authorities and law enforcement; business partners
Audio/Video Data. Audio, electronic, visual and similar information, such as call and video recordings, including voicemail and security camera footage, information about the use of electronic devices and systems, key card usage; photos on websites or in employee directories	Our affiliates; service providers that provide services such as payroll, benefits, training, expense management, medical/health, IT, and other services; professional advisors, such as accountants, auditors, bankers and lawyers; public and governmental authorities, such as regulatory authorities and law enforcement; business partners
Education Information subject to the federal Family Educational Rights and Privacy Act such as student transcripts, grade point average, grades, academic standing and disciplinary records, confirmation of graduation	Our affiliates; service providers that provide services such as payroll, benefits, training, expense management, medical/health, IT, and other services; professional advisors, such as accountants, auditors, bankers and lawyers; public and governmental authorities, such as regulatory authorities and law enforcement; business partners
Employment Information. Professional or employment-related information, such as work history and prior employer, information from reference checks, employment application, membership in professional organizations, personnel files, personal qualifications and training, eligibility for promotions and other career-related information, work preferences, business expenses, wage and payroll information, benefit information, information on leaves of absence or PTO, performance reviews, information on internal investigations or disciplinary actions	Our affiliates; service providers that provide services such as payroll, benefits, training, expense management, medical/health, IT, and other services; professional advisors, such as accountants, auditors, bankers and lawyers; public and governmental authorities, such as regulatory authorities and law enforcement; business partners
Sensitive Personal Information. Personal Information that reveals an individual’s Social Security, driver’s license, state identification card, or passport number; precise geolocation; racial or ethnic origin, citizenship, immigration status, or union membership; the contents of mail, email, and text messages unless Company is the intended recipient of the communication	Our affiliates; service providers that provide services such as payroll, benefits, training, consulting, expense management, medical/health, IT, and other services; public and governmental authorities, such as regulatory authorities and law enforcement

We do not “sell” or “share” your Personal Information, including your sensitive personal information, as defined under the California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act (“Sensitive Personal Information”). We have not engaged in such activities in the 12 months preceding the date this Supplement was last updated. Without limiting the foregoing, we do not “sell” or “share” the Personal Information, including the Sensitive Personal Information, of minors under 16 years of age and have no actual knowledge of any such “sale” or “sharing.”

2. Purposes for the Collection, Use, and Disclosure of Personal Information

Please refer to Section 4 (“How and Why We Process Personal Information”) of the Global Notice.

3. Purposes for the Collection, Use, and Disclosure of Sensitive Personal Information

We may use your Sensitive Personal Information for purposes of performing services for our business, providing services as requested by you, and ensuring the security and integrity of our business, infrastructure, and the individuals we interact with. This includes establishing and maintaining your employment relationship with us, complying with legal obligations, managing payroll and corporate credit card use, administering and providing benefits, and securing the access to, and use of, our facilities, equipment, systems, networks, applications and infrastructure. We do not use your Sensitive Personal Information for purposes beyond those described here or otherwise allowed by applicable law.

4. Retention Period

We retain Personal Information, including, without limitation, Sensitive Personal Information, in line with the criteria outlined in Section 8 (“Data Integrity and Retention”) of the Global Notice.

GO TO TOP OF PRIVACY POLICY

5. Sources of Personal Information

We collect Personal Information from you and from other sources, as described in Section 3 (“Information from Other Sources”) of the Global Notice.

6. Individual Rights and Requests

You may, subject to applicable law, make requests as described in Section 9 (“Choices and How You Can Access and Correct Your Personal Information”) of the Global Notice.

7. Authorized Agents

If an agent would like to make a request on your behalf as permitted by applicable law, the agent may contact us as described above in Section 9 (“Choices and How You Can Access and Correct Your Personal Information’) of the Global Notice. As part of our verification process, we may request that the agent provide, as applicable, proof concerning their status as an authorized agent. In addition, we may require that you verify your identity as described in Section 9 (“Choices and How You Can Access and Correct Your Personal Information”) of the Global Notice or confirm that you provided the agent permission to submit the request.