Effective Date: January 1, 2024
As part of our commitment to protecting your personal data and processing it in a transparent manner, this privacy notice (“notice”) provides information on the personal data collected and processed by Everest Global, Inc. d/b/a Everest Group and its corporate affiliates (jointly, Everest Group) in connection with our relationship or potential relationship with you (“you” or “your”) as an applicant, candidate, employee, contractor or service provider. This notice is provided by the Everest Group (“Everest Group”, “we”, “our” or “us”). If you are employed by Everest Group or retained by Everest Group as a contractor, this notice does not form part of your contract of employment or contractor engagement agreement.
This notice covers all job/employment applicants/candidates, employees and individual contractors (including current and former), contingent workers, interns, agency workers, consultants, and directors, and the individual employees or personnel of contractors or service providers of Everest Group and its affiliated companies. We also may process the personal data of other individuals whose data is provided to us in connection with these relationships (e.g., next-of-kin, emergency contact information and/or dependents (including minor children)). Please check below webpages for a region- or country-specific notice that may provide additional information, including, for example:
This notice describes the personal data that may be collected from you and from others about you, the purposes for which that personal data is collected, stored and used, and our reason for doing so (also referred to as our “legal basis”). In this notice, we also outline which internal Everest Group function may use your personal data and when it may be shared with other vendors and advisors, and we summarize your rights in relation to our processing of your personal data, and how you can exercise these rights.
Please take the time to read and understand this notice, which should be read in conjunction with our other corporate policies and procedures. When appropriate, we will provide a “just in time” notice to cover any additional processing activities not mentioned in this document.
Everest Group will be a data controller of your personal data. Everest Group and its affiliates jointly control your personal data.
What is an Everest Group affiliate?
In this notice, “Everest Group Affiliate” or “our affiliate” means any entity controlled, directly or indirectly by Everest Global, Inc. or any entity directly or indirectly under common control with Everest Global, Inc. A list of the Everest Group controllers likely to be relevant to you and, where applicable, their representatives are set out in Appendix 1.
This notice applies in conjunction with any other notices you receive from Everest Group Affiliates in connection with the processing of your personal data.
Everest Group is a “data controller”. This means we are required under data protection legislation to notify you of how we will collect, process and store your personal data during the application and recruitment process. We will also explain what rights you have in relation to how we process your personal data.
If you would like to contact us regarding the processing of your personal data, please contact Everest Group’s Data Protection Officer via regular mail at Data Protection Officer, Everest Group, 700 Central Expy S, Suite 400, Allen, TX 75013 or via email at [email protected].
Everest Group and our Affiliates will, depending on your role and the terms of your relationship or potential relationship with us, process certain personal data relating to you and people connected to you. The EU/UK and California residents shall refer to the specific country notice’s link provided Section 2 of this notice.
Broad list of data types that we process during the application and recruitment process shall include:
We may need to process data of individuals related to you (referred to as ‘third parti(es)’), such as your spouse/partner, dependants, next to kin, emergency contacts, beneficiaries, and family members. This category includes data such as the third party’s name, date of birth, age, contact details and any additional information which we process in connection with our regulatory obligations.
The situations where we collect your personal data or sensitive/special category personal data from other sources shall include:
In certain circumstances, we may process the personal data of other persons related to you, such as your spouse/partner, emergency contacts, dependents and family members. The personal data regarding third parties that you provide to us will be processed for the purposes of HR administration and management, including the administration of benefits and to contact your next-of-kin in an emergency, and by compliance to establish and meet regulatory requirements and identify any conflicts of interest.
Before you provide data relating to third parties to us, you should ensure you are permitted to do so and make them aware of the information contained in this notice. You must ensure and secure evidence that these related parties, or their legal representatives if they are minors, have given their free and express consent that their personal data may be processed by Everest Group and/or Everest Group Affiliates and subcontractors for the purposes described in this privacy notice.
i. Processing purposes
Your personal data are collected and processed for various business purposes, in accordance with applicable laws and any applicable collective bargaining agreements. Data may occasionally be used for purposes not anticipated by you where the circumstances warrant such use (e.g., in investigations or disciplinary proceedings).
Everest Group and Everest Group Affiliates process your personal data for a specific purpose and process only the personal data relevant for achieving that purpose. In particular, we process your personal data for the following purposes and for compatible purposes:
a. Applicant/candidate attraction, assessment, and selection: It includes all activities in connection with recruitment (including vetting and background checks). If and to the extent permitted by applicable laws, this includes recruitment and appropriate vetting for recruitment including, where relevant and appropriate, credit checks, right to work verification, identity fraud checks, criminal record checks, relevant employment history, relevant regulatory status and professional qualifications.
b. Workforce management and development: It includes all activities undertaken in managing and administering the relationship between Everest Group and its employees and workers. This includes talent management, assessment, and development, employee relations, benefits including administrative support, and location-based processing, including:
• training, development, promotion, career and succession planning
• allocating and managing duties and responsibilities and the business activities to which they relate, including business travel and tax matters
• identifying and communicating effectively with staff
• managing conduct and performance processes, handling complaints and investigations and operating other informal and formal HR processes and making related management decisions
• processing information about absence or medical information regarding physical or mental health or condition in order to administer related benefits, determine fitness for work, facilitate a return to work, or to make adjustments to your role or the workplace
• making management decisions regarding employment or engagement or continued employment or engagement or redeployment and related processes
• complying with applicable laws and regulations (for example employment, working time, health and safety, and tax laws and regulations to which we are subject in the conduct of our business)
• complying with reference requests where Everest Group is asked or required to act as a referee
• where relevant, publishing appropriate internal or external communications or publicity material including via social media in appropriate circumstances
c. Managing compensation and administering benefits: including staff compensation and management of benefits and retirement entitlements.
This category includes providing and administering remuneration, and benefits and reimbursement of business costs and expenses, and making appropriate tax and social security deductions and contributions.
d. Promoting diversity and preventing discrimination: It includes those activities that we undertake as an Equal Opportunities employer.
This category includes managing monitoring programs to ensure equality of opportunity and diversity with regard to personal characteristics protected under applicable anti-discrimination laws and to monitor the effectiveness of those programs.
e. Management and improvement of Everest Group systems and operations: It includes improvements to HR systems, management of technology systems and processes and business transformation and changes to Everest Group’s structure and operations. This category includes:
• business contingency planning
• engagement with employees (and/or employee representatives) for planning, managing, and carrying out restructuring or redundancies or other change programs (including consultation, selection, alternative employment searches, and related management decisions)
• conducting surveys for benchmarking and identifying improved ways of working, employee relations and engagement at work (these will often be anonymous but may include profiling data such as age to support analysis of results)
• planning, due diligence, and implementation in relation to a commercial transaction or service transfer involving Everest Group that impacts on your relationship with Everest Group (for example a transfer of your employment under applicable automatic transfer laws)
• implementing email, technology, internet, social media, HR-related and other company policies and procedures
• providing technical support and maintenance for HR information systems and to change access permissions
f. Prudent business management and protecting and enforcing Everest Group rights: It includes vendor management, management and strategy, and management reporting activities. This category includes:
• business operational and reporting documentation such as the preparation of annual reports or tenders for work or client team records including the use of photographic images
• supporting HR administration and management and maintaining and processing general records necessary to manage the employment, worker or other relationship and operate the contract of employment or engagement
• operating the relationships with third-party customers and suppliers including the disclosure of relevant background checking information in line with the appropriate requirements of regulated customers to those customers, contact or professional CV details or photographic images for identification to clients or disclosure of information to data processors for the provision of services to Everest Group
g. Protection of business, clients, staff, and systems: This includes protecting the private, confidential, and proprietary information of Everest Group, Everest Group Affiliates, and our employees, clients, and third parties.
This includes, to the extent permitted by applicable law, carrying out monitoring of our technology systems to protect and maintain the integrity of such systems and infrastructure and to ensure compliance with relevant technology policies. We also locate information through searches where needed for a legitimate business purpose.
h. Meeting our regulatory and compliance obligations and preventing crime: This includes carrying out regulatory compliance checks, making disclosures to, and complying with requests from public authorities, regulators (whether inside or outside of the country where you reside or the European Economic Area) or governmental bodies across our global group, and investigating conduct and preventing fraud and other crime. This includes:
• activities to enforce our legal rights and meet our obligations, and for any purposes in connection with any legal claims made by, against, or otherwise involving you.
• actions we take to comply with lawful requests by public authorities (including without limitation to meet national security or law enforcement requirements), disclosure requests, or where otherwise required or permitted by applicable laws, court orders, government regulations, or regulatory authorities (including without limitation data protection, tax and employment), in all cases whether within or outside your country of residence.
• processing activities to satisfy our regulatory obligations to supervise the persons employed or appointed by us to conduct business on our behalf, including preventing, detecting and investigating a wide range of activities and behaviours, whether relating to specific business dealings or to the workplace generally and liaising with regulatory authorities.
We may also process data for other purposes that we shall notify to you from time to time.
Additional information regarding specific processing of personal data and sensitive/special category personal data may be notified to you locally or as set out in applicable policies.
For our employees and contractors reference additional details of technology monitoring and management of confidential information are set out in Everest Group’s Global Privacy and Confidentiality Policy and other policies referenced therein.
ii. Change in processing purpose
We will solely utilize your personal information for the original reasons it was collected unless there’s a valid legal basis and a reasonable need to use it for another compatible purpose. For instance, if you’ve submitted personal data while exploring job opportunities at Everest Group, we may process it based on our legitimate interest in recruiting candidates. However, if you apply for a position and are hired, we will process your personal information for the purpose of establishing an employment relationship with you.
iii. Our legal basis for processing your data
The personal data processing described in this notice may be:
a. necessary in order to enter into contracts with you relating to your employment or engagement with us and meet our obligations under such contracts. This applies to paragraphs a, b, c, and f of Clause 9i. above of this notice.
b. necessary in order to comply with our legal obligations under applicable data protection laws, including the laws of the EU and its Member States, and the laws of California. This applies to paragraphs b, d, e, and h of Clause 9i. above of this notice.
c. necessary for the legitimate interests of Everest Group or others (as described below), where these are not overridden by your interests or fundamental rights and freedoms. This applies to paragraphs a to h of Clause 91. above of this notice.
d. based on your explicit consent.
e. in limited circumstances and to the extent the legal bases for processing set out above do not apply, processed with your consent (which we obtain from you from time to time).
The ‘legitimate interests’ referred to in sub-clause c of Clause 9(iii) above of this notice are:
• the processing purposes described in sub-clause a to h of Clause 9i. above of this notice to the extent the processing is not necessary in order to: (i) enter into contracts with you and meet our obligations under such contracts, or (ii) comply with our legal obligations under the laws of the EU and its Member States
• working with the firm’s regulators to meet their requirements, and complying with our regulatory obligations globally
• exercising our fundamental rights and freedoms, including our freedom to conduct a business and right to property
Sensitive/special category personal data is processed for one or more of the following reasons:
i. the processing is necessary for the purposes of carrying out the obligations and exercising specific rights in the field of employment and social security and social protection law in so far as it is authorised by Union or Member State law or a collective agreement pursuant to Member State law providing for appropriate safeguards for the fundamental rights and the interests of the data subject.
This applies to certain processing activities described under sub-clause b and d of Clause 9i. mentioned above.
This may include the following, although this is not an exhaustive list:
a. health and medical information may be used to comply with, and exercise our rights under, employment, health and safety, or social security laws, for example to provide statutory incapacity or parental benefits, avoid breaching legal duties to you, to ensure fair and lawful management of your employment, avoid unlawful termination of your employment, to monitor absence and to administer Everest Group’s private medical and long term disability schemes, to make reasonable accommodations or adjustments and avoid unlawful discrimination or dealing with complaints arising in this regard.
b. trade union membership may be recorded to ensure that we may comply with any relevant rights that you may have in connection with any trade union membership, as required to enable us to meet our obligations under employment law.
c. biometrics data may be collected only on our facial recognition access system deployed in our offices located in India for the three specific purposes (i) access and authentication, (ii) smart attendance system, (iii) safety and security of workspace and company property.
d. information regarding your racial or ethnic origin, religion, philosophical or political belief, sexual life and sexual orientation may be used in the event of a complaint under Everest Group’s grievance, whistleblowing, anti-bullying, and harassment or similar policies where such characteristics or information are relevant to the particular complaint, in order to comply with employment law obligations.
ii. the processing is necessary for the establishment, exercise or defence of legal rights and claims.
This applies to processing for the purposes of establishing, exercising and defending legal rights and claims, as described in sub-clause h of Clause 9i. above of this notice, to the extent this involves processing any special categories of personal data.
iii. the processing is necessary for reasons of substantial public interest.
iv. the processing relates to personal data that you have made public.
v. solely to the extent that the processing is not otherwise justified under one of the above justifications, your explicit consent to the processing (which we obtain from you from time to time).
We do not sell your sensitive/ special category personal data collected under this notice.
We only process personal data relating to criminal convictions and offences as authorised by applicable law. For example, we process criminal record information as part of our pre-employment and periodic background check procedures (see sub-clause a of Section 9i. above), our annual certification process, in connection with correspondence received from, or reporting to, law enforcement agencies or in the course of the management of our relationship with you, in each case where required or authorised by applicable law. For example, where we have a legal or regulatory requirement to report an offence or applicable laws authorize Everest Group to process information about the offence for the purpose of making decisions regarding your relationship with Everest Group.
Where we ask you to provide personal data to us on a mandatory basis, we will inform you of this at the time of collection. We will also inform you if information is required by the contract or statute. Failure to provide any mandatory information will mean that we cannot carry out certain HR processes. For example, if you do not provide us with your bank details, we will not be able to pay you. In some cases, it may mean that we are unable to continue with your employment or engagement as Everest Group will not have the personal data, we believe to be necessary for the effective and efficient administration and management of our relationship with you.
We may seek your consent to certain processing which is not otherwise justified on one of the bases set out in Section 9ii above of this notice. If consent is required for the processing in question, it will be sought from you separately to ensure that it is freely given, informed and explicit. Information regarding such processing will be provided to you at the time that consent is requested, along with the impact of not providing any such consent. You should be aware that it is not a condition or requirement of your employment to agree to any request for consent from Everest Group.
To the extent Everest Group is relying on your consent to process your personal data, you have the right to withdraw your consent to such processing at any time. You can do this by contacting our data protection team at [email protected].
Please note that any processing of your personal data prior to your withdrawal of consent will remain unaffected by any such withdrawal. Please note also that this notice does not apply to consents you provide for any other reason, such as in connection with access to medical reports or vetting procedures.
Within Everest Group, your personal data can be accessed by or may be disclosed internally on a need-to-know basis to:
i. local, regional and global HR, including managers and team members;
ii. local, regional and executive management responsible for managing or making decisions in connection with your relationship with Everest Group or when involved in an HR process concerning your relationship with Everest Group (including, without limitation, employees and workers from Compliance, Legal, Operations, the Office of Global Security and Information Security);
iii. local and regional support services (such as travel bookings and other support services) and personal assistants;
iv. system administrators; and
v. where necessary for the performance of specific tasks or system maintenance by employees and workers in Everest Group teams such as the Finance and IT Department and the Global HR information systems support team.
Certain basic personal data, such as your name, location, job title, contact information and any published skills and experience profile may also be accessible to other employees. The security measures in place within Everest Group to protect your data are set out in Section 15 below.
Your personal data may also be accessed by third parties with whom we work and who provide us with services, such as hosting, supporting and maintaining the framework of our HR information systems. This includes those vendors that we work with to provide health related services, such as Occupational Health and well-being services.
Personal data may also be shared with certain interconnecting systems such as talent management, performance review, and local payroll and benefits systems. Data contained in such systems may be accessible by providers of those systems, their affiliates, and sub-contractors.
Due to the size and complexity of Everest Group’s operations, it is not possible to name each of our data recipients in this notice. Examples of third parties with whom your data may be shared include Everest Group’s clients (and client staff, where appropriate), suppliers (and supplier staff), tax authorities, regulatory authorities, Everest Group’s insurers, bankers, IT administrators, lawyers, auditors, investors, consultants and other professional advisors, payroll providers, and administrators of Everest Group’s benefits programs. Everest Group requires such third parties to process any data disclosed to them in accordance with applicable law, including with respect to data confidentiality and security.
Where these third parties act as a “data processor” (for example a payroll provider) they carry out their tasks on our behalf and upon our instructions for the above-mentioned purposes. In this case, your personal data will only be disclosed to these parties to the extent necessary to provide the required services.
In addition, we may share personal data with national authorities or regulators in order to comply with a legal obligation or regulatory requirement to which we are subject. We may also disclose or transfer your personal data in the event of a re-organization, merger, sale, joint venture, assignment, or other transfer or disposition of all or any portion of our business.
Everest Group is committed to protecting the security of the personal data you share with us. In support of this commitment, we use generally accepted standards of technical and operational security to secure your personal data. Only authorized personnel of Everest Group or Everest Group Affiliates and of our third-party service providers are permitted to access any personal data, and these employees and third-party service providers are required to treat this information as confidential. Despite these precautions, we cannot guarantee that unauthorized persons will not obtain access to your personal data.
We require our third-party service providers to keep the personal data that we provide to them secure, both in transit and once received by them. This includes encryption, where appropriate.
As we operate at a global level, we may need to transfer personal data or sensitive/special category personal data to countries other than the ones in which the information was originally collected and in particular our recruitment and employee data is hosted in the United States. When we export your personal data or sensitive/special category personal data to a different country, we will take steps to ensure that such data exports comply with applicable laws. For example, if we transfer personal data or sensitive/special category personal data from Europe to a country outside it, such as the United States, we will implement an appropriate data export solution such as entering into standard contractual clauses with the data importer or taking other measures to provide an adequate level of data protection under European law. However, we have taken appropriate safeguards to require that your personal data or sensitive/special category personal data will remain protected in accordance with this notice. You can obtain a copy of any standard contractual clauses in place which relate to transfers of your personal data by contacting [email protected].
The data sharing listed in this notice may involve the transfer of personal data or sensitive/special category personal data to any country in which Everest Group or a Everest Group affiliate conducts business or has a service provider or to other countries for law enforcement purposes (including, without limitation, the United States of America and other countries whose data privacy laws are not as stringent as those in effect in the United Kingdom, Switzerland or the European Union).
If you are an EU/UK or US State of California resident, please check below webpages for a region- or country-specific notice that may provide additional information, including, for example:
If you would like to exercise your data protection rights regarding your personal data, you can do so by:
Everest Global Inc.
Legal Department (Atten Privacy)
700 Central Expy S, Suite 400
Allen, TX 75013
Upon receipt of your request to exercise your data protection rights, we may take reasonable steps to verify your identity before acting on certain data protection rights, in accordance with applicable law. If you are using an authorized agent to exercise your data protection rights and that agent does not provide a power of attorney with the initial request, we may request further evidence of the agent’s right to act on your behalf, including valid written authorization or contacting you to verify the request. If we believe exceptions apply, we will respond to your request to the extent we are able to do so, and we will provide an explanation of the basis for not complying wholly or partially with your request.
Please note that Everest Group does not discriminate against those who exercise their rights under applicable data protection laws.
Our application process allows you to provide us with relevant personal data from information you have on third-party websites (such as LinkedIn, Google Drive and Dropbox). If you choose to incorporate your personal data from third-party websites, it will be used in accordance with this notice.
Everest Group may use first- and third-party cookies and other tracking technologies, including web beacons, to manage our Sites and services, to identify you and your interests and remember your preferences, and to collect analytics about how you use our Sites and services. Everest Group may collect information about whether you open or click any links in the knowledge, research, or event communications that we send you. You have options regarding our use of cookies and other tracking technologies.
In addition, we use tools and applications that reduce security threats and reduce the risk of access by bots and automated devices, but we do not use those tools and applications for non-security purposes.
Some of our online recruiting activities are hosted by third parties. When you access sites operated by these third parties, they may to the extent permitted by applicable law, including your consent to the extent required, and consistent with this privacy notice, place their own cookies or other tracking technologies on your device.
Please refer to our Privacy Notice for more information
Everest Group and Everest Group Affiliates shall retain personal data for varying time periods in order to assist us in complying with legal and regulatory obligations, to enable compliance with any requests made by regulators or other relevant authorities and agencies, to enable us to establish, exercise and defend legal rights and claims, and for other legitimate business reasons.
Generally this means your information will be retained until the end or your employment, employment application, or work relationship with us plus a reasonable period of time thereafter to respond to employment or work-related inquiries, comply with regulatory obligations, or to deal with any legal matters (e.g. judicial or disciplinary actions), document the proper deductions during and on termination of your employment or work relationship (e.g. to tax authorities), or to provide you with ongoing pensions or other benefits.
If we do not employ you, and unless you object by following the process described in the Section “Your rights and how to exercise your rights” above, we may nevertheless continue to retain and use your personal data for a period of time (which may vary depending on the country) for system administration purposes, to consider you for potential future roles, and to perform research. Thereafter, we retain a minimal amount of your personal data to record your recruiting activity with us.
To the extent that we have collected personal data, including sensitive/special category personal data, for the specific purpose of fulfilling our legal obligations regarding public health or workplace safety, we will retain that data for the duration of those legal obligations. Thereafter, we retain a minimal amount of your personal data to establish our compliance with those obligations.
Furthermore, if you wish to be considered for future job opportunities that aligns with your interests and you provide us with your consent, we will also hold onto your personal data to contact you about such openings. You have the option to withdraw this consent at any time by reaching out to [email protected].
This privacy notice is currently available in only English languages. You can request for this privacy notice in any specific language as per requirement by writing to us at [email protected].
The information in this notice may change from time to time – for example, the categories of personal data that we collect, the purposes for which it is used and the ways in which it is shared may change.
Everest Group reserves the right to modify this notice as required by changes to our business processes or applicable law. We will post any changes to our notice on this page. Please check this page regularly to keep up to date.
Everest Global, Inc. (US)
Everest Group Consulting Limited (UK)
Everest Business Advisory India Private Limited (India)
Everest Outsourcing Canada Co. (Canada)
Everest Group Limited Czech Republic s.r.o. (Czech Republic).
* The local representative of Everest Group within the European Union is Everest Group Czech Republic
©2023 Everest Global, Inc. Privacy Notice Terms of Use Do Not Sell My Information
"*" indicates required fields