GBT’S CAREERS PRIVACY NOTICE

This notice (Notice) sets out how Global Blood Therapeutics, Inc. (GBT or Company or we or our) collect, use, store and share personal data that we collect through the Careers section of our website (located at https://www.gbt.com/careers/) (Careers Site) and offline in connection with your application or candidacy for a job or other position with GBT.

Individuals located in the European Union should be sure to read the important information provided here.

1.0 Information we collect from you

1.1

GBT will collect the information you provide us in connection with your application or candidacy, which can include some or all of the following personal data:

(a) Contact information, such as name, home address, telephone number, personal email address and other contact information;

(b) Work authorization status, such as visa status and work permit information;

(c) Biographical information, such as previous job history and education details;

(d) Professional and other work-related qualifications, such as licenses, certifications and professional memberships;

(e) Information relating to references, such as references’ names and contact details; and

(f) Any other information you provide to us, such as current salary, desired salary, employment preferences and willingness to relocate.

1.2

We ask that you avoid submitting the following categories of personal data (Sensitive Personal Data), unless such information is legally required and/or the Company requests you to submit such information: racial or ethnic origin; political opinions; religious or philosophical beliefs; trade union membership; genetic or biometric data; health data; and data related to your sex life or sexual orientation. 

1.3

Any information you provide to us must be true, complete and not misleading. Submitting inaccurate, incomplete or misleading information may lead to a rejection of your application or candidacy during the recruitment process or disciplinary action including immediate termination of your employment. In addition, it is your responsibility to ensure that the information you submit does not violate any third party’s rights.

1.4

If you provide us with personal data of a reference or any other individual as part of your application or candidacy, it is your responsibility to obtain consent from that individual prior to providing the information to us, where such consent is required by applicable law.

2.0 Information from other sources

We may obtain personal data about you from third parties such as your previous employers and other references, recruiters, background check providers, credit reference and anti-fraud agencies and providers of screening lists and public registers.

3.0 How we use and share personal data

3.1

The personal data that you submit on the Careers Site will be used for Company’s personnel recruitment, management and planning purpose, as permitted by local law, including:

(a) Processing your application;

(b) Assessing your suitability, capabilities and qualifications for a job with us;

(c) Conducting reference checks;

(d) Communicating with you regarding your application or candidacy; and

(e) Conducting background checks, if we offer you a job, such as credit checks, anti-fraud checks, checks to prevent fraud and money laundering, and drug tests – each only as permitted under applicable laws and if appropriate for the job you are applying for.

3.2

In connection with the purposes listed above, we may share your personal data with third parties who assist us with these activities, such as background check providers, external recruiters, service providers who provide services such as hosting and operating the Careers Site.

3.3

We may also disclose your personal data to government or law enforcement officials or private parties as required by law, and use and disclose such information as we believe necessary or appropriate to (a) comply with applicable laws and lawful requests and legal process, such as to respond to subpoenas or requests from government authorities; (b) protect our rights, privacy, safety or property, and/or that of you or others; and (c) protect, investigate and deter against fraudulent, harmful, unauthorized, unethical or illegal activity

4.0 Sensitive personal data

4.1

Although we ask that you not provide us with any Sensitive Personal Data unless we specifically request it, we may collect, use and share your Sensitive Personal Data relating to your race or ethnic origin, physical or mental health or condition, trade union membership, commission or alleged commission of criminal offences and any related legal actions only for the following purposes:

(a) information relating to criminal convictions and offences for the purposes of assessing your suitability for your role;

(b) information relating to your racial or ethnic origin for the purposes of conducting equal opportunity monitoring; or

(c) information relating to any disabilities that you may have for the purposes of assessing or making reasonable adjustments and accommodations to the recruitment process.

5.0 Contact Us

If you have any questions or concerns regarding your personal data, or if you wish to exercise any of your rights set out in Section 7.4 below, email us at privacy@gbt.com or write to us at Chief Privacy Officer.

Global Blood Therapeutics, Inc.
Attn: Chief Privacy Officer
181 Oyster Point Boulevard
South San Francisco, CA 94080.

6.0 Changes to this Notice

6.1

Company reserves the right to change this Privacy Notice at any time. When we update this Privacy Notice, we will notify you of changes that are deemed material under applicable legal requirements by updating the date of this Privacy Notice and providing other notification as required by applicable law.

7.0 Notice to European Users

The following applies to individuals in the European Economic Area.

7. 1 Controller

(1) GBT is the controller of your personal data for purposes of European data protection legislation.

7.2 Legal bases for processing

(1) We process your personal data (other than Sensitive Personal Data) for each purpose described in Section 3.1 above on the basis that such processing is necessary for Company’s legitimate business interests in recruiting suitably qualified and skilled employees. If you disagree, you may object to the use of your personal data as set out in Section 7.4 below.

(2) If we hire you, we process your personal data on the basis that such processing is necessary to take steps necessary to enter an employment agreement with you. In addition, the personal data we collect in connection with your application or candidacy may be incorporated into our HR system and may be used to manage the new-hire process and such information may become part of your employee file.

(3) Where we use Sensitive Personal Data, generally we do so to perform our legal duties and exercise our rights as a prospective employer, or because it is necessary to establish, defend or prosecute legal claims. On occasion, we may do so on the basis that we are protecting the vital interest of a member of our staff or a third party, or where the purpose is in the substantial public interest.

7.3 Retention

(1) We will retain your personal data for as long as is necessary for the purposes for which it was collected and any other permitted purposes (such as to comply with regulatory requirements to retain such data). Please note that these periods may be extended where reasonably necessary (for example where we are required to do so by law or by a regulator). We will either irreversibly anonymise or securely destroy personal data that we no longer need. We reserve the right to use anonymous data for any legitimate business purpose without further notice to you or your consent.

7.4 Your rights

(1) It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during the application process. Subject to certain conditions and limitations, you have the legal right to request access to (and a copy of), correct, and erase the personal data that we hold about you, or object to or restrict the processing of your personal data under certain circumstances. For certain data, you also have the right to request that we transfer your personal data to another party. Where processing is based on consent, you have the right to withdraw your consent so that we stop that particular processing. You can submit these requests by using our contact details in Section 5 above. If you are not satisfied with our use of your personal data or our response to any exercise of these rights you have the right to complain to the data protection regulator in the country where the Company group entity with which you deal is established. You can find your data protection regulator here.

(2) We may request specific information from you to help us confirm your identity and process your request. Applicable law may require or permit us to decline your request.  If we decline your request, we will inform you of the reasons why, subject to any legal or regulatory restrictions.

7.5 Sending your personal data outside of the EEA

(1) We may transfer your personal data to countries other than the country in which the data was originally collected for the purposes described in this Notice. For example, if you are located outside of the United States, we may transfer your personal data to the United States, where GBT is headquartered, if required for the hiring decision of the job you are applying for or if otherwise required for internal administrative purposes. The countries to which we transfer personal data may not have the same data protection laws as the country in which you initially provided the information. When we transfer personal data across borders, we consider a variety of requirements that may apply to such transfers.

(2) Specifically, we may transfer personal data from the European Economic Area (EEA) to:

  1. Countries that the European Commissions has deemed to adequately safeguard personal data;
  2. Pursuant to the recipient’s compliance with standard contractual clauses, EU-US Privacy Shield, or Binding Corporate Rules;
  3. Pursuant to the consent of the individual to whom the personal data pertains; or
  4. As otherwise permitted by applicable EEA requirements.

(3) Please contact us for more information about the specific safeguards applied to the transfer of your personal data.

Effective date: March 31, 2020