Supplemental Notice For EEA/UK Candidates

This Supplemental Notice for EEA/UK Candidates (“EEA/UK Notice") applies to Candidates in the European Economic Area (“EEA”) and United Kingdom (“UK”). This EEA/UK Notice supplements the information contained in the Candidate Privacy Notice.

1. Data Controller.

The data controller is the entity who determines the purposes and means of the processing of your Personal Data. For Candidates, the data controller is the Sigma legal entity in the country of the job you are applying to. For example, for UK Candidates, the data controller is Sigma Computing UK Limited Oak House, Shackleford Road, Elstead, Godalming GU8 6LB.

2. DPO.

If you have any questions about our privacy practices please contact Sigma’s Data Protection Officer (“DPO”). Our DPO may be reached at privacy@sigmacomputing.com or by writing to:  
Sigma Computing UK Limited
Attn: DPO
Oak House, Shackleford Road, Elstead,
Godalming GU8 6LB.

3. Legal Basis for Processing.

Our legal basis for collecting and using your Personal Data will depend on the Personal Data we collect and the context in which we collect such Personal Data. In most cases, our processing of your Personal Data will be justified on one of the following bases:

  • As necessary for the performance of a contract with you or to take steps at your request to enter a contract, such as to make you an offer, for the execution or amendment of your employment contract, and the performance of our contractual duties and exercising our contractual rights;
  • As necessary for compliance with a legal obligation to which Sigma is subject, such as meeting statutory record keeping requirements, avoiding unlawful and discriminatory actions, and completing, legally required work authorization verifications;
  • As necessary for the legitimate interests pursued by the Sigma, except where such interests are overridden by your interests or fundamental rights and freedoms which require protection of Personal Data, including:    
    • To consider you for, and assess your suitability for, employment opportunities with Sigma; including to determine immigration and work-authorization status and assess your eligibility to work for Sigma in the relevant location;    
    • For compliance, fairness, and fraud prevention purposes, including to implement diversity and equal opportunity programs, to comply with applicable laws and exercise or defend our legal rights and obligations;    
    • For Sigma’s Security, Business, Planning, Reporting and Administration purposes related to recruiting and hiring;    
    • To manage, maintain, develop, and improve our recruitment and hiring process    
    • To communicate with you regarding your job application, including to respond to requests for reasonable accommodations and provide necessary adjustments; and    
    • To otherwise communicate and engage with you.    
    • To respond to requests for reasonable accommodations and provide necessary adjustments. For example, we may process your Personal Data for our legitimate interests of determining your qualifications for employment, to communicate with you and to interview you, to verify your information, to administer and secure our premises and systems, manage our recruitment program;
  • In limited circumstances, we will rely on your consent for processing of your Personal Data. For example, we will process your Personal Data with your consent, to keep your information on file for future opportunities with Sigma, to perform background checks, where permitted by applicable laws, or to process your Personal Data using non-essential cookies or similar technologies. Where we rely on your consent, we will make this clear at the relevant time to you. Whenever such consent is granted, you may withdraw your consent at any time.

4. Special Categories of Data

We collect and process certain Special Categories of Personal Data where necessary and in compliance with applicable data protection laws. Our processing of such Special Categories of Personal Data has been described in Section 4 and Section 5 of the Candidate Privacy Notice.  In the event we collect Special Category Personal Data from you for other purposes, we will provide you with additional notice or confirm your consent at collection.

5. Your Rights.

In addition to the rights stated in Section 8.1 of the Candidate Privacy Notice, you have the following privacy rights:

  • Right to data portability: Where we are relying upon your consent or the fact that the processing is necessary for the performance of a contract to which you are party as the legal basis for processing, and that Personal Data is processed by automatic means,  you may ask us to provide you with the Personal Data which you have provided to Sigma, in a structured, commonly used and machine-readable format, and also to have your Personal Data transferred to another party where this is technically feasible.
  • Right to Object: When we process your Personal Data based on legitimate interests, you may object to this processing. If you object, we will no longer process your Personal Data unless there are compelling and prevailing legitimate grounds under applicable law (e.g., your data is necessary for us to establish, exercise, or defend our legal rights).
  • Right to Restriction: You may ask us to restrict our processing of your Personal Data where (a) you contest the accuracy of the Personal Data until we have taken sufficient steps to correct or verify its accuracy;  (b) the processing is unlawful but you do not want us to erase your Personal Data; (c) we no longer need the Personal Data for the purposes of the processing, but you require them for the establishment, exercise, or defense of legal claims; or (d) where you have objected to processing justified on legitimate interest grounds pending verification as to whether Sigma has compelling legitimate grounds to continue processing. Where Personal Data is subjected to restriction in this way, we will only process it with your consent or for the establishment, exercise or defense of legal claims.
  • Automated Decision-Making: You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or has similarly significantly affects on you. We may refuse to honor your opt-out request if the decision (a) is necessary for entering into, or performance of, a contract between the you and Sigma; (b) is authorized by UK or European Union (or EU Member State) laws to which Sigma is subject and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests; or (c) is based on your explicit consent. Sigma implements suitable measures to safeguard your rights, freedoms and legitimate interests, and provides you with the right to obtain human intervention and to contest the automated decision.
  • Right to complain to a supervisory authority: You may lodge a complaint with your applicable supervisory authority if you consider that the processing of your Personal Data infringes applicable data protection laws. A list of supervisory authorities is available at https://www.edpb.europa.eu/about-edpb/about-edpb/members_en
  • Right to control your digital legacy: Residents of France may issue directives concerning the disposition of their Personal Data after their death, in the conditions set forth in Art. 85 of the Law on Computing Technologies and Freedoms (January 6, 1978).

6. Data Transfers.

Your Personal Data may be transferred to, and processed in, countries outside the EEA/UK. These countries may have data protection laws that are different to the laws of your home country, and in some cases, may not be as protective. To the extent that Personal Data is transferred outside the EEA/UK,

  • Sigma will ensure compliance with applicable data protection laws when transferring or processing such Personal Data.
  • Sigma will take appropriate safeguards to require that your Personal Data remains protected, including implementing applicable data transfer mechanisms, such as European Commission’s Standard Contractual Clauses and the UK International Data Transfer Addendum (as applicable) or other lawful mechanisms for transfers of Personal Data as approved by the applicable regulators or legislators.
  • Sigma Computing Inc. has also self-certified compliance with the DPF, as further described in Section 7 below.

7. DPF Notice.

Sigma Computing Inc. has self-certified compliance with the EU-U.S. Data Privacy Framework (“EU-U.S. DPF”), the UK extension to the EU-U.S. Data Privacy Framework (“UK Extension”), and the Swiss-U.S. Data Privacy Framework set forth by the U.S. Department of Commerce (“Swiss-U.S. DPF” and collectively, the “DPF”).

  • Certification. Sigma has certified to the U.S. Department of Commerce that it adheres to (a) the EU-U.S. DPF Principles with regard to the processing of Personal Data received from the EU in reliance on the EU-U.S. DPF, (ii) the UK Extension with regard to the processing of Personal Data received from UK (and Gibraltar) in reliance on the UK Extension, and (iii) the Swiss-U.S. DPF Principles with regard to the processing of Personal Data received from Switzerland in reliance on the Swiss-U.S. DPF (collectively, the “DPF Principles”).  If there is any conflict between the terms in the Candidate Privacy Notice and the DPF Principles, the DPF Principles shall govern. To learn more about the DPF and view our certification, please visit https://www.dataprivacyframework.gov/s/us-businesses.
  • Inquiries or Complaints. If you have any inquiries or complaints about the handling of your Personal Data, please contact us in accordance with Section 13 of the Candidate Privacy Notice or Section 2 of this EEA/UK Notice. We will investigate and attempt to resolve complaints within 45 days of receiving your complaint. If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third-party dispute resolution provider (free of charge) at https://www.jamsadr.com/DPF-Dispute-Resolution. A binding arbitration option may also be available to you in order to address residual complaints not resolved by any other means. Sigma is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission (FTC).
  • Choice and Disclosure.      
    • To the extent required by the DPF Principles, Sigma will offer you the opportunity to choose (opt out) when your Personal Data is to be used for a purpose that is materially different from the purpose for which it was originally collected or subsequently authorized by you.    
    • To the extent required by the DPF Principles, when processing Sensitive Personal Data, Sigma will offer you the opportunity to give affirmative express (opt-in) choice, subject to certain exceptions, if the Sensitive Personal Data is to be disclosed to a third-party or used for a purpose other than those for which it was originally collected or subsequently authorized by the individual through the exercise of the opt in choice.    
    • Sigma may disclose Personal Data in response to lawful requests by public authorities, including national security or law enforcement requirements    
    • Sigma may disclose Personal Data, without offering you a choice, in the following cases: to our processors or service providers; to our affiliates; or as part of a corporate restructuring (as further described in Section 6 of the Candidate Privacy Notice).  If we disclose your Personal Data to other third parties, we will obtain your consent.    
    • You may choose to disable third-party cookies that collect Personal Data through Sigma’s website.    
    • We also allow you to choose to opt out of marketing-related emails from us, and to update or correct Personal Data in your account.
  • Liability for Onward Transfers.    
    • Sigma Computing complies with DPF Principles regarding accountability for onward transfers.    
    • Sigma is responsible for the processing of Personal Data subject to the DPF, which is subsequently transferred to a third-party. Before disclosing Personal Data to such third-parties, we will obtain assurances from the recipient that it will (a) process the Personal Data in accordance with Sigma’s instructions and only for the purposes specifically permitted by Sigma; (b) provide at least the same level of protection for Personal Data as required by the DPF Principles; (c) notify Sigma if the recipient is no longer able to provide the required protections. Sigma shall remain liable under the DPF Principles if the third-party processes such Personal Data in a manner inconsistent with the DPF Principles.

Last Updated: December 18, 2025