What Information We Collect and Maintain About You

During your engagement with us, we ask you to provide certain Personal Data, such as name and surname, home address, telephone number, date and place of birth, identity card number, driver’s license number (if applicable), social security number, passport details, work permit number (if applicable), residence permit number (if applicable), marital status, dependents, bank account, credit card number (if applicable for business related travel), any other government identification information (if applicable), and — on a voluntary basis — emergency contact information.

Furthermore, solely if applicable for your role (in accordance with industry custom), the Personal Data we collect and maintain about you may include voice recordings, motion captures and scans of your face, body, and movements (“Scans”) for the purposes of creating digital versions of your likeness, movements, and sounds for use in and in connection with our audio and/or audiovisual production activities. Such data will be collected and used in line with applicable legal requirements, “Union” (as defined below) obligations, and where necessary your consent.

We also may collect certain “Sensitive Personal Data” that includes health information, such as information regarding health insurance benefit entitlements and leaves of absence, sick day reporting, national service conscription (if applicable) and whether you have a disability that requires a reasonable accommodation. In some jurisdictions, some of the examples provided in the prior paragraphs in this Section are also classified as Sensitive Personal Data. We will treat it as such wherever this is the case. In the event of a public health emergency, for purposes of meeting our health and safety obligations, we may request more detailed information, including information about symptoms and diagnostic test results.

Additionally, certain demographic data such as legal sex, gender identity, race, ethnicity, sexual orientation, veteran status, and/or disability may be collected on a voluntary basis and/or where legally required by local law. Your responses will be kept confidential and will only be processed to the extent there is a lawful basis for doing so and/or to comply with legal requirements. Your engagement to render services with us will not be impacted in any way by your answers or your decision not to respond.

We maintain or will maintain information regarding your relationship with us, such as your engagement date, email address, personal mobile telephone numbers, title and function, schedule (weekly hours), department, and location, right to work or expatriate status (if applicable), membership in any guild or labor union (“Union”) applicable to your engagement, expense reimbursement information, salary, training and development, promotions, and other contractual or discretionary benefits, to the extent these apply to you (collectively “Engagement-Related Information”).

Further, we may maintain or will maintain other Personal Data that you voluntarily disclose to us, or that is provided or made available by third parties, as well as, in certain cases, information derived from your use of the systems, devices and tools available to you in the performance of your tasks if such information is required for compliance with relevant laws or any Union collective bargaining agreements (each, an “Agreement”).

Why We Collect Personal Data

We process your Personal Data to improve and maintain effective personnel administration, for general business and human resources management purposes, and to comply with obligations imposed by law and any applicable Union Agreement. In particular, the processing of Personal Data is necessary to enable us to:

• Provide and administer certain plans and/or programs and entitlements.
• Comply with legal and any applicable Union Agreement requirements, obligations, and rights, such as income tax, pension, health, and welfare contributions, and reporting requirements.
• Plan, implement, and measure our inclusion and diversity efforts and programs.
• Comply with award and/or production incentive requirements and related reporting.
• Monitor compliance with applicable legislation and internal policies.
• Facilitate communication with you through your address, telephone number, and email address.
• Execute agreements.
• Handle any legal or other claims arising out of your engagement.

In addition, we may need to process Sensitive Data to comply with legal obligations such as income tax, social security payments or withholdings, and governmental reporting; to record absence due to illness; and to administer pensions, leaves of absence, and health benefit entitlements.

We may collect health information to ensure the health and safety of you and others in the workplace in response to public health needs. Such information where collected will only be held for as long as it is necessary to fulfill the purpose for which the data was collected, including any applicable legal or reporting requirements. Only where required under applicable law we may share such Personal Data with third parties such as health authorities.

We may include your name and/or photograph on internal company tools accessible by our employees and production personnel.

Apple does not sell or share your Personal Data, as those terms are defined under California law.

Retention

We retain Personal Data only for as long as is necessary to meet the purposes for which such information was collected, and for the periods specified by applicable laws and Union Agreements (including relevant employment laws and applicable financial reporting laws where your Personal Data may be held as part of such a record), which vary by country. In most countries that requires at least a ten-year retention period for such records after collection and often for as long as you remain engaged and for ten years following the end of your engagement. Certain categories of Personal Data may need to be retained to administer post-engagement benefits, meet our legal and business requirements, provide evidence in case of litigation or lawsuits, or assist in decisions relating to re-engagement. The period chosen takes account of applicable legal and Union Agreement requirements to retain data and specific business use cases.

Where Your Personal Data Is Transferred

We may transfer your Personal Data to our servers located anywhere including in the country where you are engaged. The transfer of your Personal Data is carried out to accomplish the purposes described in this Privacy Notice. We comply with applicable laws for the transfer of Personal Data between different countries to ensure that your Personal Data enjoys the same high degree of privacy protection, regardless of where the Personal Data is processed.

The transfer of Personal Data to us abides by the requirements for international data transfers established in each region where Apple-engaged individuals are located. We subscribe to the appropriate legal instruments for the international transfer of data to the United States, where required, or are bound by appropriate contractual arrangements (such as Standard Contract Clauses, as approved by the European Commission) or other prescribed legal basis to protect your Personal Data. We may also seek consent in certain circumstances to transfer your Personal Data outside the region in which you are located. Apple’s privacy practices, as described in this Privacy Policy, comply with the Global Cross-Border Privacy Rules (CBPR) System and the Global Privacy Recognition for Processors (PRP) System. For more information about the Global CBPR and PRP Systems, visit Global CBPR Forum.

What Other Entities Have Access To and May Use Your Personal Data

As we operate internationally, information relating to administration and operations, including your Personal Data, may need to be transferred to or accessed by other entities affiliated with us, which may be located in the region of your engagement or may be located in other regions where we are located or doing business, unless specifically prohibited by applicable laws.

We may also make your Personal Data available to other third parties that provide services to Apple, such as information technology systems suppliers, production services companies, visual effects companies, medical practitioners, relocation facilitators, private health associations, pension and payroll service companies, legal practitioners and advisers, management consultants or HR consultants, financial institutions, insurers, and benefits providers (collectively, “Service Providers”).

We will ensure that the Service Providers will either abide by applicable data protection laws in your country of engagement or other equivalent laws in the location in which they are based which ensure adequate protection, and that they are bound by appropriate contractual arrangements or other prescribed legal bases to protect your Personal Data.

Security

We have in place security measures to protect your Personal Data from loss, misuse, and unauthorized access, disclosure, alteration, and destruction. The security measures are implemented and maintained in accordance with legal, organizational, and technological developments. Where Personal Data is shared with Service Providers, we will require that those Service Providers provide the appropriate security measures to protect Personal Data from unauthorized use or disclosure. All Service Providers are required to comply with applicable laws, including data protection laws.

Monitoring and Reviewing

At all times, we have the right, but do not assume the obligation, to access, monitor, and record Apple-provided emails, systems and/or devices (collectively, “Devices”) usage. While limited personal use of our Devices is allowed, to the extent permitted by local laws, we may monitor the Devices. You should have no expectation about the privacy of content or personal information on our systems and/or Devices. The purpose of monitoring and reviewing these Devices is to ensure our compliance with legal and regulatory requirements and with our policies and procedures; to detect and investigate suspected breaches (including criminal offenses) of applicable legal and regulatory requirements and our policies and procedures; to investigate complaints; to preserve emails (including any attached documents) for pending or anticipated litigation; and to ensure the safety of Personal Data and our information systems security. Refusing to permit a search or removal of our content from our Devices may result in disciplinary action up to and including termination of your engagement.

CCTV Systems

We have installed (or caused to be installed) a closed-circuit television (“CCTV”) system in most of our locations as well as those locations where you may render services for us. All internal cameras are fixed and have been installed in public areas of our locations as well as in certain private areas. Under no circumstances is it intended that the primary focus of a camera is a permanent private area. The purpose of the CCTV system is to ensure the safety of our engaged individuals, and the protection of our assets and property. There is no intention to monitor the work of the individuals whom we engage. The images will be stored for no longer than the maximum legal period applicable in each jurisdiction, or as otherwise agreed with local representatives where applicable, in no case longer than one month unless specific images are required for a specific investigation related to the purposes outlined above, in which case they will be held until that purpose has expired. The images will only be viewed in case of suspicion of an incident, in relation to requests from relevant authorities (e.g., local police) or otherwise in accordance with local works agreements if applicable.

Lawfulness of Processing

In many cases, the processing of your Personal Data as described in this Privacy Notice is necessary for the performance of your engagement or for compliance with specific legal obligations and applicable Union Agreement obligations to which we are subject in the context of your engagement with us. There are also many instances where the processing is necessary for the achievement of our legitimate interests to run our business, or for the achievement of third parties’ legitimate interests in specific case-by-case situations.

Where applicable, when we have relied upon legitimate interests to process your Personal Data, we have undertaken an assessment of the appropriate balance to be struck between your rights and legitimate expectations of privacy in the location of your engagement, having regard to the nature of the Personal Data and the potential impact its processing may have on you, and our legitimate interests to operate our business, and have ensured that we only collect and use the minimum amount of Personal Data necessary for the specific purpose identified. That’s the case when we process your image through our CCTV systems and when we monitor and review emails and use of systems and Devices as described above. We may also rely upon legitimate interests to process your Personal Data including CCTV footage and any badging data, where applicable and permissible by local law and while following any required procedures where applicable. Other information not explicitly mentioned in this Privacy Notice may be processed with a reliance upon legitimate interests when it’s necessary in the context of investigations to ensure compliance with internal policies and applicable laws, or in situations when this kind of processing (including disclosure to a third party) is necessary for investigating or defending claims against us.

There may also be situations, outside the scope of this Privacy Notice and your engagement with us, where we will ask for your consent to use your Personal Data. Where we do so we will take full account of applicable legal requirements (or Union Agreement requirements, if any) such as those regarding a potential perceived “imbalance of power” in our relationship with you and will ensure that you have a genuine choice whether or not to provide your Personal Data in that context.

In certain limited situations, we may also need to process your Personal Data in order to protect your vital interests, which may include sharing limited information with the emergency contacts you have provided to us.

How to Access Your Personal Data and Exercise Your Rights

We have appointed a Data Protection Officer, with appropriate support resources, for the Personal Data of individuals engaged by us in all regions where there is such a legal requirement. You may contact the Data Protection Officer for your region at dpo@apple.com with any questions or concerns that you have around this Privacy Notice and our use of your Personal Data, for example if you have any questions in relation to the legal bases that we use to process your Personal Data, the recipients of your information or the retention periods that we apply. Please include your role and the name of the project(s) on which we have engaged you in your request. The Data Protection Officer is legally required to be independent in the performance of the Data Protection Officer’s tasks and to put the data protection rights of individuals first.

It is in everyone’s interests to keep Personal Data accurate, complete, and up to date, and we expect you to assist in doing so. For example, if you provide an emergency contact, please take steps to ensure that this information is accurate and up to date.

You are provided with reasonable and appropriate access to your Personal Data to obtain a copy or to review it. Reasonable access applies to both the process of processing Personal Data and nature of the Personal Data. Appropriate access may mean, for example, that requests for access may be made during normal business hours, following standard procedures, and that the frequency of access requests is not excessive.

In many instances, you may directly access, correct, and delete your Personal Data using our systems (or those of our Service Providers). To access, correct, or delete Personal Data that is not accessible to you through applicable systems, you will need to make a request to dpo@apple.com. Please include your role and the name of the project(s) on which we have engaged you in your request. If appropriate, your Personal Data will be corrected or deleted in accordance with your request.

If you are engaged in California, you have a right to knowledge, access, correction, and deletion of your Personal Data under the California Consumer Privacy Act. You also have a right to opt out of the sale or sharing of your Personal Data, a right to limit the use of your Sensitive Personal Data (as defined above), and a right not to be discriminated or retaliated against for exercising one of your California privacy rights. We do not sell or share Personal Data (as those terms are defined under California law), and do not discriminate or retaliate in response to privacy rights requests. We may use or disclose your Sensitive Personal Data for purposes that would allow you to exercise your right to limit under California law. To access Personal Data that is not already accessible to you through our internal systems and applications, you or your agent can make a request to dpo@apple.com. Please include your role and the name of the project(s) on which we have engaged you project in your request. We will ask you for information that we consider necessary to verify your identity for security and to prevent fraud. This information may include name, contact information, and information related to your employment relationship with us, but the specific information requested may differ depending on the circumstances of your request.

Where provided by applicable law, you also may request the restriction of the processing or anonymization of your Personal Data, as well as object to the processing of Personal Data if you believe you have legitimate reasons to do so, or withdraw your consent to the processing of your Personal Data, as appropriate. In such cases, please contact dpo@apple.com.

You may at any time — including if you are not satisfied with our response, refer your complaint to the relevant supervisory authority in your jurisdiction. The Data Protection Officer can assist you with this. If you have any questions regarding this Privacy Notice, please contact the Data Protection Officer at dpo@apple.com. Please include your role and the name of the project(s) on which we have engaged you in your request. This Privacy Notice is intended to describe how we collect, process, transfer, and safeguard your Personal Data, and our obligations as they relate to that Personal Data. This Privacy Notice does not extend to or describe how your colleagues utilize Personal Data that you may share with them. While engaged by us, you are responsible for knowing and abiding by our policies that protect Personal Data and privacy. Failure to do so can result in discipline, up to and including termination of your relationship with us. In some cases, civil or criminal penalties may be imposed.

This Privacy Notice may be updated from time to time (and such updates, if any, are available at: www.apple.com/legal/privacy/apple-original-content/en-ww).

Privacy Notice — Last Updated: September 24, 2024

California Privacy Disclosures

To help Californians make informed privacy decisions about their Personal Data, the State has created a common framework for businesses to talk about privacy. We use that framework here to describe, for each category of Personal Data under California law, whether we collect that Personal Data or disclose it for a business purpose related to your engagement with us.

Categories of Personal Data

• Identifiers: Identifiers include information that identifies you, such as your name, email address, home address, driver’s license or passport number, social security number, state identification card, and address, and badge ID.
• Characteristics of protected classifications under California or federal law: California and federal laws provide protection against discrimination if you belong to a protected class. Under California law, certain Personal Data in this category may be considered Sensitive Personal Data. Protected classes include groupings based on race, ethnicity, or national origin; religious or philosophical beliefs; sexual orientation; genetic information; family status; age (such as the elderly); and whether you have a disability.
• Commercial information: Commercial information includes information about your transactions with us, such as information you share as part of the expense reimbursement process. Under California law, certain Personal Data in this category may be considered sensitive.
• Biometric information: Under California law, biometric information includes any physiological or behavioral characteristics that can be used to establish your identity, such as a fingerprint or an image of your face from which a faceprint can be created or Scans (as defined above). Under California law, certain Personal Data in this category may be considered sensitive.
• Network activity information: This includes any information related to your activity on our electronic networks, such as records related to your use of an email address (provided by us) and access to our systems.
• Geolocation data: Geolocation data is data that describes an individual’s precise location. Under California law, certain Personal Data in this category may be considered sensitive.
• Sensory data: This includes audio and voice recordings.
• Employment information: This includes professional information such as your wage information, reviews and performance evaluations, work eligibility documentation, and Union membership. Under California law, certain Personal Data in this category may be considered sensitive.
• Education information: This includes information received from an educational institution about your application, attendance, and academic performance, including transcripts, disciplinary records, and diplomas.
• Inferences from your Personal Data to create a profile about you: We undertake not to make inferences from your Personal Data to create a profile about you.
• Personal Data described in Section 1798.80(e): The California Consumer Privacy Act requires that we tell you whether we collect any Personal Data that is described in California Civil Code Section 1798.80(e). The Code section includes a broad variety of categories of Personal Data, such as name, contact information, physical characteristics, credit card or billing information, and more. Under California law, certain Personal Data in this category, such as financial information, health information, sex life, social security number, driver’s license, state identification card, or passport number, may be considered sensitive. We collect Personal Data described in Section 1798.80(e). Some of this information is already described in the categories above. For a full description of how we collect and handle your Personal Data, we encourage you to review the above Privacy Notice.

The table below describes the sources from which we collect the categories of Personal Data about you listed above, our purposes for collection and disclosure of your Personal Data, and the categories of third parties to whom we disclose your Personal Data.

* May be considered Sensitive Personal Data.

Any Personal Data that we hold may also be used to comply with applicable law.

This California Privacy Disclosure may be updated from time to time.

California Privacy Disclosure — Last Updated: September 25, 2024