Candidate Privacy Notice

Effective date: 2026-04-27

This notice explains how Contour Operations Corporation ("Contour", "we", "us") collects, uses, shares, and protects your personal information when you apply for a position with us. We act as the Personal Information Controller (PIC) under Republic Act No. 10173 (the Data Privacy Act of 2012, "DPA") and its implementing rules issued by the National Privacy Commission ("NPC").

1. Who we are

Contour Operations Corporation is a Philippine domestic corporation registered with the Securities and Exchange Commission. Our office is in Iloilo City, Philippines. We provide dedicated remote staffing services to clients in the United States, Europe, and other countries.

2. What data we collect

When you apply for a role, we collect the following personal information:

• Identification: full name, email address, mobile number
• Employment information: resume or CV, work history, education, certifications, references
• Optional information: LinkedIn or portfolio URL, cover letter, salary expectation
• Records of our interactions: emails, interview notes, assessment scores, your application status
• Technical information collected automatically when you use this site: IP address, browser type, timestamps

We do not require sensitive personal information (as defined under the DPA) at the application stage. If a specific role requires it (e.g. health information for safety-critical roles), we will request your separate, explicit consent at that point.

3. Why we collect it

We process your personal data for the following purposes:

• To evaluate your qualifications and fit for the role you applied to
• To contact you about your application, schedule interviews, and communicate decisions
• To conduct background and reference checks where required and with your separate consent
• To comply with our obligations under Philippine labor, tax, and employment laws
• To maintain a talent pool for future suitable opportunities, only with your consent
• To improve our recruitment process through anonymized aggregate analytics

The legal basis for processing is your consent, provided when you submit the application. For background checks and verification, we rely on the legitimate interest of evaluating candidates and on your separate consent where required by law.

4. Who we share it with

We share your personal data only with the following recipients, and only as needed:

• Contour employees involved in recruitment, hiring, and onboarding
• The specific client you would be deployed to, only if you are shortlisted and only with your consent at that stage
• Background check providers, only with your separate consent
• Government agencies when required by law (e.g. BIR, SSS, PhilHealth, Pag-IBIG once hired)
• IT service providers (Microsoft 365, Odoo, our applicant tracking system) bound by data processing agreements with us

We do not sell, rent, or trade your personal data to anyone, and we do not use it for marketing.

5. How long we keep it

If you are not hired, we keep your application data for up to 12 months from your last interaction with us. After that, we delete or anonymize it. You can ask us to delete your data sooner. If you are hired, your data becomes part of your employee record and is governed by our employee privacy notice.

6. Your rights

Under the Data Privacy Act, you have the following rights:

• Right to be informed about what data we hold and how we process it
• Right to access your personal data and obtain a copy
• Right to correct inaccurate or incomplete information
• Right to erasure or blocking of your data, subject to legal exceptions
• Right to object to processing for marketing or profiling
• Right to data portability, where applicable
• Right to lodge a complaint with the National Privacy Commission
• Right to damages for any misuse of your data
• Right to withdraw consent at any time, without affecting the lawfulness of processing before withdrawal

To exercise any of these rights, email our Data Protection Officer at dpo@contouroperations.com. We respond within 15 days as required by NPC rules.

7. How we protect your data

We apply organizational, physical, and technical security measures in line with NPC Circular 16-01:

• Access controls and multi-factor authentication on all systems holding candidate data
• Encryption in transit (TLS) and at rest for cloud-stored documents
• Background checks and confidentiality agreements with all employees handling candidate data
• Vendor due diligence and data processing agreements with all third-party processors
• Incident response and breach notification procedures aligned with NPC requirements (notify NPC and affected parties within 72 hours of confirmed breach)

8. International transfers

Some of our IT vendors (e.g. Microsoft, Odoo) process data outside the Philippines. We use providers that maintain protections substantially equivalent to the DPA. For clients in the US or EU, your data may be shared with them only after you are shortlisted and only with your consent at that stage.

9. Cookies and analytics

Our website uses minimal cookies for session management and basic analytics. We do not use third-party advertising cookies or cross-site tracking.

10. Contact us

For any question about this notice or to exercise your rights:

• Data Protection Officer: dpo@contouroperations.com
• General inquiries: inquiry@contouroperations.com
• Office: Contour Operations Corporation, Iloilo City, Philippines

To complain to the regulator:

• National Privacy Commission, 5th Floor, Philippine International Convention Center (PICC) Complex, Vicente Sotto Street, Pasay City 1307
• Website: privacy.gov.ph
• Email: complaints@privacy.gov.ph

11. Changes to this notice

We may update this notice from time to time. The "Effective date" at the top reflects the most recent change. For material changes, we notify candidates whose applications are still active. The current version is always available at this URL.