Privacy notices

When you provide personal data about yourself and others

This is personal data that you provide to the local HR Recruitment team or enter directly into our HRIS. You may also provide us with personal data about others e.g. your dependents. We use this information for HR administration and management reasons. Examples include the administration of employment benefits or contacting your next-of-kin in the event of emergency. To comply with our legal obligations, or where we need this information to fulfil our obligations to you under an employment contract or contract for services, certain data fields in our HRIS are mandatory. Where HRIS fields are voluntary it is your choice if you wish to provide the information requested.

We may collect personal data from other organisations

We may obtain information about you from other organisations. For example, references from your previous employer(s) and background checks where permitted by applicable law. We sometimes advertise through recruitment agencies or use the services of specialist search organisations. These companies will collect your application information. You may also be asked to complete a work preference questionnaire which is used to assess your suitability for the role you have applied for, the results of which are assessed by our recruiters. If you are applying to work with us through an agency, please review their privacy notice for details of how they will handle your information.

We may collect personal data automatically from you

For example, when you use the IT systems and work devices, we monitor this usage in order to provide an effective experience for you. This means automatically collecting information from devices accessing the dentsu network regarding what applications are opened and how well the systems are running. We use this information to evaluate how staff use these systems and diagnose issues within the IT infrastructure.

The personal data we collect about you depends on your circumstances, your role, the law where you are and whether you are a prospective, current or past Worker. Below you can find information we process for Workers, as well as our purposes for doing so.

RECRUITMENT

We will need to process the personal data of all prospective Workers from the moment you become a prospect or candidate for a role. This allows us to assess your suitability for the role and our business. The types of processing are as follows:

Purpose of processing your personal information	Detail	Grounds for processing
Assessing suitability for the role.	We will use your personal information to assess your suitability for the role, enable shortlisting, prepare for any interviews and assessments required, and contact you to arrange, conduct, evaluate and feedback on assessments and interviews and, where successful, to make you an offer/provide you with an agreement/contract of employment. This applies to all Workers and applies whether you have made an application directly to us, have been added as a prospect or via an agency or any other third-party. For this purpose, we will collect: Contact details and other information to confirm your identity. This includes your name, gender, address, phone number, date of birth and email address; Information about your employment history and skills. This includes your CV / resumes, application forms, references, records of qualifications, skills, training and other compliance requirements. This may also include records of when you contact us, emails, webchats and phone conversations; and Information generated by us and you, through a combination of recruiting activities to further assess suitability for the role(s), such as interviews, assessment centres, assessments/tests (cognitive ability tests, skills tests, personality tests, job simulations, psychometric tests, etc). For example, you may complete a written test or we may take interview notes. Once working at dentsu, we will also use your personal information to assess your suitability for other roles you may apply for or projects that may be assigned to you.	Legitimate Interest
Applicant administration	We will carry out pre-employment checks (where permitted by law) either using in-house resources or approved third-parties, to establish eligibility to work and other pre-Employment Checks which shall be commensurate to the risks and responsibilities of each job role such as criminal record, financial sanctions, etc and follow up references provided to us and potential other sources where necessary. We will process and record the personal data of anyone given a job with dentsu, even if they don't turn up on their first day.	Legitimate Interest, Contractual Necessity, Legal Obligations
Talent pool	If you are unsuccessful following assessment for the role or are a prospect, we will retain your details in our talent pool for a reasonable period so that we can contact you should any further suitable roles arise. The time for which we retain your details will differ depending on where you are based. For further details please consult any notice applicable to your specific country or region. If you would like us to delete this data, please contact the data protection officer details outlined in your applicable notice or contact us at DPO@dentsu.com and we will be happy to triage your requestor candidates can also request deletion of all data held in our HR system from their application login.	Legitimate Interest
Reasonable adjustments	Where applicable, we will make reasonable adjustments to the recruitment process based on the accessibility requirements you make us aware of or we become aware of. For this purpose, we may, subject to the circumstances, collect information about you to help us assess adjustments which need to be made or work restrictions which may apply. This may include your nationality, preferred language, and details of any accessibility requirements.	Legitimate Interest, Legal Obligations
Equal opportunities monitoring	In some countries we may, subject to local laws, ask you to share information about your ethnicity, disability, age, religion/belief, gender and sexual orientation. This information is used to comply with equality and diversity requirements and to help us improve our employment practices.	Legal Obligations

We will need to process the personal data of all prospective Workers from the moment you become a prospect or candidate for a role. This allows us to assess your suitability for the role and our business. The types of processing are as follows:

Working for dentsu

We will use your personal information for the purposes of your contract/agreement with us, to comply with legal obligations, or where we have a legitimate interest in doing so to manage and protect our business. We will rely on legitimate interest pursued by dentsu where it is not overridden by the interests or fundamental rights and freedoms of Our People. The table below lists out the ways in which we do so.

	1. To Assist You in your role
Purpose of processing your personal information	Detail	Grounds for processing
Employee Administration	We will maintain and process general records necessary for the management of workers, to operate the contract/agreement of employment or contract for services between you and the dentsu organisation, and we will need to allocate and manage your duties and responsibilities and the business activities to which they relate. Depending on where you are based, we may process and record your personal data for purposes including, but not limited to: Collecting information to facilitate your onboarding to the organisation. For example when receiving IT equipment and setting you up on our systems or sending you items to your home address if you are working remotely. Facilitating moves within the company in the event of changes to your role, location, or manager. Should you relocate to a different location, there are processes in place for support with visa applications, tax and relocation assistance. Running employee surveys, new joiner or leaver surveys. We may need to respond to reference requests that have been made for you for instance by new employers, mortgage or rental companies, etc. For some leave requests we will need information that indicates the nature of the time off and duration so we can approve, apply correct policies and redistribute workload as needed. In certain locations and for some roles, overtime will need to be tracked. Where requested, we will need to process information required to help you participate in activities and programmes you are eligible for. In some dentsu locations , we have workforce representation groups who need to be informed when workers join or leave the company.	Legitimate Interest, Contractual Necessity, Legal Obligations
Remuneration & benefits administration	This involves providing and administering remuneration, benefits (such as pension/retirement schemes, insurance, policies to benefit your health and wellbeing, etc), and recognition /incentive schemes. This may involve us passing appropriate personal information on to the relevant third-party providers so they can contact you, or you may register with them directly. We will also provide the details of any beneficiaries you nominate in case of death or other benefits to the relevant third-party. We may use third-party suppliers for benefits and recognition systems and we’ll make sure we follow the requirements of the law and that your personal information is protected by them appropriately. We will run pay benchmarking processes and reporting as required by law and to ensure we are rewarding our employees appropriately with equal pay. We will process personal information in relation to staff awards, recognition schemes, and incentives to reward good performance. We may contact you or send you gifts on special occasions such as your birthday and to recognise ‘length of service’ milestones working for us. We will do this using any personal data you provide us with (either in a HRIS or more generally) but you can always ask for this to not happen by contacting your People Leader or raising a case via Ask People Services.	Legitimate Interest, Contract Necessity, Legal Obligations
Conducting reviews and determining performance requirements.	Where applicable, we may need to conduct reviews to assess or investigate performance, capability, conduct, absence, or grievance concerns and other informal and formal HR or Legal processes, to make related management decisions and anything else required under our contract with you. We will review and track your performance at regular intervals. Your personal information will be stored to track your progress. The ways in which your data will be used may include: Setting objectives and goals. Tracking progress against identified deficiencies based on specific action plans. Tracking your competencies against your current and other roles. Gathering feedback from managers, peers, direct reports and others in the organisation. Managing staff rewards for fulfilling objectives / tasks.	Legitimate Interest, Contract Necessity
Processing employee work-related claims	Where relevant, we will need to process any claim made by or involving you when a party is seeking compensation in cases of illness or injury.	Legitimate Interest
Payroll management	This involves providing and administering payroll including tax and social security deductions and contributions, and any other deductions or garnishments required by law or your contract. We will often utilise third-party suppliers for benefits and recognition systems, and we’ll make sure we follow the requirements of the law and that your personal information is protected by the appropriate technical and organisational measures.	Legitimate Interest, Contractual Necessity
Expense management	This involves reimbursing expenses where you have paid for something which is considered a genuine cost of business or providing access to corporate credit cards. We will often utilise third-party suppliers for expense systems and credit card schemes, we’ll make sure we follow the requirements of the law and that your personal information is protected by the appropriate technical and organisational measures.	Legitimate Interest, Contractual Necessity

	2. To Ensure Our Success As A Business
Purpose of processing your personal information	Detail	Grounds for processing
Day to day business operations	We will process your personal data because of your day-to-day activities in your role with us at dentsu. The type of data processed will depend on the nature of your role, but can include: Being part of group / 'all office' email distribution lists internally; Having the capability to access staff business records such as email, Office 365, Teams and OneDrive; Staff time management and scheduling, including timesheet recording; Sharing contact information with clients, including for pitches; Booking and invoicing for services; Inviting you to and confirming your attendance at internal and external dentsu events; Providing knowledge to a central service management system (e.g. ServiceNow) and responding to service downtime; Logging IT Service Desk tickets with internal system providers, which includes support to: (i) permit internal or external IT support to remotely operate or physically repair staff systems as necessary to fix / manage requests raised by you (only when you have granted access via screenshare or camera); and, (ii) provision of AI service desk chatbot to assist with triaging service tickets; Tracking intranet usage. You will be searchable on the intranet and your; and information will appear on pages where you have produced the content; Meeting room and desk booking systems.	Legitimate Interest, Contractual Necessity
Business management and planning	Your personal data may be stored to allow dentsu to manage its business operations and plan appropriately for the future. This will include resource planning, project planning, staff cost management, resource allocation, client profitability analysis and timesheet compliance. Managers are required to assess their direct reports to assess Potential Level, Retention Risk and Impact of Loss. Your information will be processed for this on an ongoing basis.	Legitimate Interest
Accounting & auditing	This includes managing forecasting, budget / account management and planning for the future. From time to time, we will disclose your personal data to third-party service providers (e.g. Microsoft Dynamics 365) to assist in our accounting and auditing processes.	Legitimate Interest, Contractual Necessity
Preventing and detecting crime	We use your information to prevent and detect unlawful activity, including IT and building access rights and security monitoring, use of CCTV, fraud detection and prevention measures.	Legal Obligations, Legitimate Interest
Network and information security	We have systems in place to prevent unauthorized access to our computer and electronic communications systems and preventing the distribution of malicious software. Your personal data is processed for several reasons, including authenticating legitimate users, contacting you in the event of an incident, training and testing in phishing awareness, setting up IT alerts, and restricting where corporate data can be stored. To further enhance security, we have deployed a secure corporate browser for dentsu-managed devices and for dentsu corporate apps on personal devices. This system monitors user browsing activity to protect against malicious websites, threats, and malware, capturing and storing all browser-related traffic, including (but not limited to) websites visited, data transfers, IP addresses, and dentsu email addresses. We also deploy tools which capture and process data regarding the reliability of dentsu devices and systems and to identify issues requiring further diagnostics by monitoring various technical parameters of end-user devices, with a view to undertaking analytics on device performance in real time. Please note: This system will not: monitor other browsers on your personal device (e.g. Chrome, Edge, Safari etc); the only data we will collect pertains to interactions with corporate applications. collect any inputs or clicks performed by you on a website, including filling in forms, responding to questions, or updating details. We only collect the full URL. process, correlate, or share any information collected unless it triggers a security event.	Legal Obligations, Legitimate Interest
Support internal administration with our affiliated entities.	This can include planning, due diligence and implementation in relation to a commercial transaction or service transfer that impacts your relationship with dentsu. For example, mergers and acquisitions or a transfer of your employment under automatic transfer rules.	Legitimate Interest
Data analytics and reporting	We do this to review and better understand employee retention and attrition rates, and to understand the success of our systems / programmes. This helps inform our business decisions and we will often use the assistance of external parties to do this. Your information may be gathered for business operational and reporting documentation such as the preparation of annual reports, which may use photographic images and graphs, and staff engagement or benchmark questionnaires. Your data, if used, will normally be anonymised so that you would not be personally identified. We will also run data mining to assess the success of our systems and analyse how we can help you work more efficiently.	Legitimate Interest

	3. To Keep Us Compliant
Purpose of processing your personal information	Detail	Grounds for processing
Complying with applicable law	We are required to monitor and document activity as required to demonstrate legal compliance. This includes conflict of interest records, gifts and hospitality and anti-bribery and corruption reporting, and mandatory compliance training. This also includes our obligations in relation to maternity or parental leave legislation, working time and health and safety legislation, taxation rules, worker consultation requirements, other employment laws and regulations to which dentsu is subject. Personal data is also kept enabling us to process data subject rights requests employees may have during or after their employment with dentsu. We will occasionally need to comply with lawful requests by public authorities (including without limitation to meet national security or law enforcement requirements), discovery requests, or where otherwise required or permitted by applicable laws, court orders, government regulations, or regulatory authorities (including without limitation data protection, tax and employment), whether within or outside your country.	Legal Obligations, Legitimate Interest
Equal opportunities monitoring	We will also need to gather information such as ethnicity, disability, age, religion/belief, gender and sexual orientation in order to comply with equality and diversity requirements and to help improve the company's employment practices. We run D&I and social impact initiatives and ask all employees to sign up to a DEI pledge, for which your personal information will be processed.	Legal Obligations, Legitimate Interest
Education, training, and development requirements	Throughout your employment with dentsu, you will undergo various training programmes to both enhance your skills and also to fulfil mandatory compliance requirements. This depends on your role and where you are working, but can include: Mandatory Data Protection, Ethics & Compliance, Intellectual Property, Code of Conduct, and Security e-learning courses. Employees' completion of these training courses is recorded and stored. Additional required training courses may be added, and completion is required, based on market-level and global requirements. External coaches will occasionally run sessions. With consent, basic personal information will be shared with those coaches. In certain markets, we run a mentor scheme to assist with the mentee's progression and learning. Participation data is tracked, and employee profile data may be used to select appropriate mentor/mentee matches. Available learning platforms will track learning content utilization, assessment scores, platform access, learning completions, and attendance in live learning programs.	Legal Obligations, Legitimate Interest
Complying with health & safety obligations	This will include us needing to process information about absence or (where required or permitted by applicable law) medical information regarding physical or mental health or condition in order to: assess eligibility for incapacity or permanent disability related remuneration or benefits; determine fitness for work; facilitate a return to work; make adjustments or accommodations to duties or the workplace; and make management decisions regarding employment or engagement, or continued employment or engagement, or redeployment, and conduct-related processes. This includes providing support in work related injuries, illness, management of your health and safety, providing any accessibility support you may need (including where you make us aware in your health declaration upon joining us and as updated by you when appropriate) and contacting your emergency contact if ever needed. This may include us making a referral to the occupational health service and assisting you with ill health retirement applications. Any staff members who require assistance exiting the building in an emergency will have their information provided to fire marshals by way of Personal Emergency Evacuation Plans (PEEPS). Those fire marshals and any first aiders will also have their information stored on company systems, including the training they have received. In some dentsu locations, we will carry out Display Screen Equipment (DSE) Assessment & New Expectant Mother (NEM) Assessment to ensure workstations are suitable for all employees. We are also required by law to record details of any accident that occurs in the workplace.	Legal Obligations, Legitimate Interest
Business continuity	We may contact you in the event of an emergency or potential threat to you or our business such as a natural disaster or cyber-attack. Such emergencies or disasters might include a fire or any other case where business is not able to occur under normal conditions. To ensure you are promptly informed about such events, we may use any personal data you provide us with (either in a HRIS or more generally) which may include your private contact details e.g. private phone number or email. The following are the scenarios in scope: Severe weather Emergency Service/Security Incidents Health emergencies Cyber Security Significant technological failures	Legitimate Interest

	4. To Resolve Disputes
Purpose of processing your personal information	Detail	Grounds for processing
Gathering evidence for disciplinary action or termination.	Sometimes we may need to gather personal data in relation to any allegations, complaints, investigations and disciplinary processes that occur during your time working at dentsu , whatever your role in the process. This can include "whistle blowing or speak up now" reports from employees and are handled through third-party services. Evidence in all cases will need to be gathered and recorded for the duration of any investigation. We may also need to manage litigation proceedings on behalf of dentsu. Your data may be processed where required.	Legitimate Interest
Monitoring of work communications	In accordance with relevant laws, we reserve the right to monitor and scan electronic communications sent using the accounts, network and equipment we provide to you for work purposes. This is to ensure that dentsu IT resources are being used in compliance with the law and are in line with dentsu policies. You can learn more information about using dentsu IT resources in our Acceptable Use Policy on Neon.	Legitimate Interest, Legal Obligation

Leaving dentsu

After you end your role with us, we may need to retain your personal information to fulfil certain business obligations for the following purposes:

Purpose of processing your personal information	Detail	Grounds for processing
Employee administration	When you leave dentsu, we run certain processes involving your personal data to understand why you left us, to help run our business or to support a legal obligation we have. When you leave, we may conduct an exit interview and ask you to partake in a leaver’s survey. Your data will be used when we are preparing for your departure, for example when you are returning IT equipment or corporate credit cards. This may involve the use of your home address if you are working remotely. We will also retain information to manage and administer your pension and other related legal obligations.	Legitimate Interest, Contractual Necessity, Legal Obligations
Processing employee work-related claims	Sometimes we need to deal with claims or disputes involving you or others. This could include an accident at work. We do this because we have a legal obligation to provide the information, or it is in our interests to bring or defend a claim.	Legitimate Interest
Business management and planning	After you leave, we will retain certain information to understand and evidence decision making in your role and maintain knowledge within the business; for example, this may include your handover notes or emails you have sent. We do this because it is in our interests to use this information to help run our business, or it may be to support a legal obligation we have. We may also ask if you’d like to opt in to our alumni marketing programme whereby you can receive communications about dentsu and information about new job openings.	Legitimate Interest, Contractual Necessity
Complying with applicable law	Where required, we may need to use your personal information to comply with our obligations to third parties in connection with your employment, such as tax authorities and professional bodies.	Legal Obligations, Legitimate Interest
Equal opportunities monitoring	Where required or permitted by applicable law, we run monitoring programmes to ensure equality of opportunity and diversity with regard to personal characteristics protected under local anti-discrimination laws.	Legal Obligations, Legitimate Interest

Across dentsu:

Dentsu is a global organisation. To ensure effective and efficient services and communications throughout the group, your personal data may be shared with other dentsu organisations, for example with our group companies in Japan and the USA.

The following people and teams within dentsu may be granted, on a need-to-know basis, access to your personal data:

• Local, regional and global HR managers and HR team members;
• Local, regional and executive management responsible for managing or making decisions in connection with your relationship with dentsu, or when involved in an HR process concerning your relationship with dentsu; system administrators; and
• Where necessary for the performance of specific tasks or system maintenance, teams such as the Finance, Legal & Compliance, Technology & Security and HR teams.

Basic personal data, such as your name, location, job title, contact information, any published skills and experience profile, as well as any photo that you upload to the HRIS, may be accessible to other employees to facilitate standard business operations.

Outside dentsu:

Your personal data may be also shared with organisations outside of the Dentsu group. To help you understand who these organisations are, here is a non-exhaustive list:

• Third-party suppliers: Organisations (and their sub-contractors) that provide us with technology solutions and/or support such as the organisations that have been engaged to host, support and otherwise maintain systems we use to process your personal information. This could also include organisations that provide systems which interconnect with the HRIS or are used more generally. Examples include expense management software, payroll and benefits systems, IT servicing technology and systems (including service desk support provision and local on-site engineer resources) and many more. Where we use a third-party service provider we’ll make sure we follow the requirements of the law and that your personal information is protected by the appropriate technical and organisational measures.
• Dentsu’s professional advisers: We may need to share your information with professional advisers including but not limited to IT administrators, auditors, consultants, payroll providers, external lawyers, administrators of dentsu’s benefits programmes.
• Insurance providers: We may also need to share your information with insurance providers in relation to our insurance policies.
• Clients: We may share your information with our clients where necessary to manage and deliver services to them.
• Public authorities: We may share your information with public authorities to comply with lawful requests (including without limitation to meet national security or law enforcement requirements) or where otherwise required, whether within or outside your country. We only share your personal information in accordance with applicable laws and have strong internal oversight of what we do and take expert advice to inform our approach.

How do we protect your personal information?

We have implemented appropriate technical and organisational measures to protect your personal information. These include but are not limited to, physical building controls, device and file encryption and ID verification. Where we transfer your personal information to third-party provider we only do so where we have the appropriate safeguards in place to protect your personal data.

How long do we keep your personal information?

We keep your personal data for as long as it is required to fulfil such purpose(s) for which it was collected. This will usually be the period of your employment or contract for services, or as otherwise set out in the context of prospective employees or other, with the dentsu organisation plus the length of any applicable statutory limitation period once that employment or contract period has ended. For example, data such as tax and pensions information, may need to be kept for longer. Otherwise we will delete or anonymise it so that you cannot be identified and it can no longer be associated with you.

Further information about our data retention policies and requirements for different categories of data we use across our network is available here

Depending on the applicable privacy law of the market you are in, you may have several rights in relation to your Personal Data, including:

Objecting to our processing of your Personal Data. Where we rely on legitimate interest (or those of a third-party) and if you feel it impacts on your fundamental rights and freedoms, you can object to our processing.. You can object at any time, and we shall stop processing the data you have objected to, unless we can show legitimate grounds to continue. 

Accessing your Personal Data. We may be required to provide you with information we hold about you upon your request, including a description and copy of the Personal Data and why we are processing it, unless a lawful exception applies.

Requesting the provision of your Personal Data to a third party. You may ask us to provide you or a third party you have chosen, your Personal Data in a structured, commonly used, machine-readable format. This right only applies to Personal Data you have provided to us; and if you have consented to our use or where we used the Personal Data to perform a contract with you. 

Requesting erasure (deletion) of your Personal Data.  You may ask us to delete your data where you think we no longer require it. Note, we may be required to retain certain Personal Data by law and/or for our own legitimate business purpose. But when we do so, we will inform you.

Requesting correction or updating of your Personal Data. This enables you to have any incomplete or inaccurate Personal Data we hold about you corrected. 

Requesting the restriction of our processing of your Personal Data. In some situations and only in some jurisdictions you can request a restriction to our processing. If you request this, we can continue to store your Personal Data but are restricted from processing it while the restriction is in place.

Withdrawing your consent. Where you have consented to our processing of your Personal Data, you can withdraw your consent at any time. Withdrawal of consent will not affect the lawfulness of what we have done with your Personal Data before you withdrew consent or affect our right to continue with our collection, use or disclosure of your Personal Data where such collection, use or disclosure of Personal Data is permitted under applicable laws without consent.

Making a Complaint. We will do our best to resolve any complaint. However, if you feel we have not resolved your complaint, or if you wish to reach out to them directly, you can complain to your local data protection authority. For example, in the UK, the local data protection authority is the UK Information Commissioner's Office. If you have any questions about who your local authority is, please contact us and we can provide the relevant information.

If you exercise the rights above, the request should include your contact information and describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it. In addition, you should provide adequate information that we can reasonably verify that you are the person about whom we collected the personal information (including information that enables us to verify the identifying information we possibly maintain about you).

We will respond to requests within the required timeframes. If we need extra time to respond, we will let you know why, and how long we require, in writing. To protect your Personal Data, we will only honour requests if we have been able to verify your identity or authority to make the request and confirm the Personal Data relates to you. The method used to verify your identity will depend on the type, sensitivity and value of the information, including the risk of harm to you posed by any access or deletion. Verification will usually be performed by matching the identifying information provided by you to the personal information that we already have.

Note that if you are in a market where these rights do not exist, we reserve the right to deny your request.

 Our Notice might change from time to time. We’ll notify you about any changes to the Notice by posting on our website, internal intranet or contacting you directly.

If you have any questions about this Notice, our approach to privacy or you would like to exercise any of the rights mentioned in this Notice you can contact our Data Protection Officer in any of the following ways:

1. Address: Data Protection Officer, Dentsu international, Regent’s Place, 10 Triton Street, Regent’s Place, London, NW1 3BF 
2. Email: DPO@dentsu.com  
3. [Or using the information of your local DPO included in the section below].

Dentsu organisation	The specific dentsu entity that entered into an employment contract or relationship or a contract for services with you.
Data controller	The natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. This will be the dentsu organisation that entered into an employment dentsu or contract for services with you. It may also include other dentsu organisations that need to process your personal data for their own purposes.
Other dentsu organisation	The parents, affiliates, and/or subsidiaries of the dentsu organisation described above.
Processing (or Processed)	Any operation which is performed on personal data - such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
Personal Data	Personal information means information that identifies you as an individual, or is capable of doing so. Any information relating to an identified or identifiable person. An identifiable person is someone who can be identified, directly or indirectly, by reference to details such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that person.

1. We may conduct surveillance including video surveillance such as CCTV (for staff and visitors to our premises) and monitoring usage of our computers, devices, systems, networks and other IT resources (for staff and visitors to our public websites). This surveillance and monitoring may operate on an ongoing 24/7 basis, with effect from 18 June 2025. Please contact us if you have any queries about these activities. Surveillance records may be used and disclosed for the purposes described in the Notice in respect of processing of personal information, to the extent permitted by law.
   1. The ‘grounds for processing’ set out in the Privacy Notice are not necessarily grounds for processing under Australian privacy laws.
   2. We sometimes collect and process personal information under Australian laws including the Corporations Act, Fair Work Act, Income Tax Assessment Act and other tax laws, long service leave acts, Privacy Act, public health acts, Superannuation Guarantee (Administration) Act, Surveillance Devices Act, Telecommunications (Interception and Access Act) work health and safety acts, workers compensation acts, and Workplace Surveillance Act.

If we are unable to collect personal information that we seek, our ability to fulfill the purposes of processing your personal information, as outlined in the Privacy Notice, may be limited. In some cases, this may impact our ability to hire or retain you for a role, or result in disciplinary action or reallocation of your duties

Read the Austrian People Privacy Notice here.

Read the Argentinian People Privacy Notice here.

Read the Belgian People Privacy Notice here.

Read the Brazilian People Privacy Notice here.

Read the Bulgarian People Privacy Notice here.

Read the Canadian People Privacy Notice here.

Read the Chilean People Privacy Notice here.

单击此处阅读简体中文版的《人员隐私声明》。

1. The ‘legitimate interest’ of the ‘grounds for processing’ set out in the Privacy Notice are not necessarily grounds for processing under Personal Information Protection Laws.
2. We would not collect Sensitive Information as defined under applicable laws from job applicants unless and until the individual has accepted an offer of employment
3. If you have any questions about the Privacy Notice, our approach to privacy or you would like to exercise any of the rights mentioned in the Privacy Notice you can contact:
   
   Dentsu China
   Email: DentsuChina.HR@dentsu.com
   Address：Building A, Haisu Culture Plaza, No. 658 Zhaohua Road, Changning District, Shanghai, China
4. In case your Personal Information would be transferred to the headquarter office of Dentsu and other Dentsu affiliates, the Personal Information to be transferred would be subject to the written notice provided by our local HR team. The contact of the overseas recipient is as follows:
   
   Dentsu Headquarter Office:
   Dentsu International Limited
   Global Data Protection Officer dpo@dentsu.com
   Address: 10 Triton Street, London, UK NW1 3BF

1. 隐私声明中所述的"合法利益"处理依据，未必构成《个人信息保护法》认可的处理事由。
2. 在求职者正式接受录用通知前，我们不会根据中国法律收集其敏感个人信息。
3. 如对隐私声明、隐私保护政策或行使声明中所述权利存在疑问，请联系：  ‌
   电通中国‌  
   邮箱：DentsuChina.HR@dentsu.com
   地址：中国上海市长宁区昭化路658号海粟文化广场A栋
4. 如需向电通总部及其他关联公司传输个人信息，须以中国区人力资源团队的书面通知为准。境外接收方联系方式如下：
    ‌电通集团总部‌  
   Dentsu International Limited
    全球数据保护官：dpo@dentsu.com
    地址：英国伦敦NW13BF区Triton街10号

Última actualización: Enero 2026

BIENVENIDO

Este Aviso de privacidad ("Aviso") es aplicable a la información personal que obtenemos, a nivel global, sobre nuestro personal en el momento de la contratación, durante el empleo y tras la finalización del mismo. Explica qué información personal recopila el Grupo Dentsu (“Grupo Dentsu”,” nosotros” o “Dentsu”) sobre usted (incluso de terceros), el modo en que utilizamos dicha información, por qué la recopilamos, qué hacemos con ella y sobre qué base y cómo la protegemos.

Cualquier palabra o terminología legal a la que nos refiramos se mostrará en un color diferente. Puede encontrar más información sobre su significado al final de este Aviso.

Revisaremos regularmente este Aviso y tomaremos medidas razonables para informarle de cualquier cambio que podamos hacer. Por favor, lea detenidamente.

Tenga en cuenta que en el país de empleo pueden existir directrices adicionales. Esas directrices tendrán prioridad sobre este Aviso.

1. ) ¿A QUIEN AFECTA ESTE AVISO?

Este Aviso afecta a “Nuestro Personal”, lo cual le incluye a "usted“: empleados potenciales, actuales y pasados, contratistas, personal de la agencia. También incluye a personas relacionadas con usted, como la persona que designa como contacto en caso de emergencia.

Dentsu y las empresas del grupo liderado por Grupo Dentsu utilizan sistemas de información de recursos humanos globales (“SIRH“) que capturan y almacenan los datos personales de Nuestro Personal para fines de contratación y gestión de empleo.

2.) ¿QUIÉN RECOPILA SUS DATOS?

Sus datos personales son recopilados por la sociedad Dentsu con la que ha firmado un contrato de trabajo o un contrato de prestación servicios, a la que ha solicitado empleo o para la que ha trabajado. Esta sociedad Dentsu es la responsable del tratamiento de sus datos personales. Puede que sus datos personales necesiten ser tratados por otras sociedades partes de Grupo Dentsu para sus propios fines independientes. En estos casos, estas sociedades también serán responsables del tratamiento de sus datos personales.

Si tiene preguntas sobre qué sociedad de Dentsu es responsable del tratamiento de sus datos personales, póngase en contacto con su equipo local de Recursos Humanos, quien esté llevando su proceso de reclutamiento o selección, en su caso, con el responsable de protección de datos.

3.) ¿QUÉ ES LO QUE NO INCLUYE?

Este Aviso pretende exclusivamente informarle sobre la forma en que utilizamos su información personal.  No está pensado para generar un contrato o relación laboral, o de ningún tipo con usted únicamente está pensado para informar y/u obtener su consentimiento para el uso de su información personal.

Este Aviso no se aplica a la información que tenemos sobre empresas u otras organizaciones, ni aplica a otras empresas u organizaciones ajenas a Dentsu que recopilan y utilizan su información personal. Deberá revisar las políticas de privacidad de estas últimas antes de facilitarles su información personal.

4.) ¿CÓMO RECOPILAMOS SUS DATOS PERSONALES

Recopilamos la mayoría de sus datos personales directamente de usted, pero en algunos casos los obtenemos de terceros.

Cuando facilita sus propios datos personales o los de otras personas

Estos son datos personales que usted proporciona al equipo de Contratación de Recursos Humanos local o introduce directamente en nuestro SIRH, para lo cual otorga su autorización (consentimiento previo, expreso e informado) para su Tratamiento por parte de Dentsu. También puede proporcionarnos datos personales sobre otras personas, como por ejemplo, sus subordinados, personas de contacto, siempre y cuando se cuente con la autorización previa de estas personas para compartir su información personal. Utilizamos esta información por razones de administración y gestión de recursos humanos. Los ejemplos incluyen la administración de prestaciones sociales o el contacto con sus familiares en caso de emergencia.

Con el fin de cumplir con obligaciones legales con usted en virtud de la posible contratación de trabajo o de servicios, será obligatorio el cumplimiento de ciertos campos de datos en nuestro SIRH. En otros casos, el cumplimiento de los campos del SIRH será voluntaria.

Podemos recopilar datos personales de otras entidades

Podemos obtener información sobre usted de otras entidades, siempre que dichas entidades hayan obtenido previamente su autorización o cuando esto se encuentre permitido por la ley aplicable. Por ejemplo, referencias de su/s empleador/es anterior/es, referencias personales y verificaciones de antecedentes cuando lo permita la ley aplicable.

A veces hacemos publicidad a través de agencias de contratación o utilizamos los servicios de entidades de búsqueda de especialistas (como, por ejemplo, head hunters, reclutadores, entre otros). Estas empresas recopilarán la información de su solicitud de empleo conforme a sus propias políticas de privacidad. También se le puede solicitar que rellene un cuestionario de preferencia de trabajo que se utiliza para evaluar su idoneidad para el puesto que ha solicitado y cuyos resultados son evaluados por nuestros encargados de la selección de personal.

Si está tramitando su solicitud para trabajar con nosotros a través de una agencia, revise su aviso de privacidad y sus políticas para conocer más detalles sobre cómo tratarán y transferirán a terceros su información.

5.) ¿QUÉ TIPO DE DATOS PERSONALES RECOGEMOS Y CÓMO LOS UTILIZAMOS?

Los datos personales que recopilamos sobre usted dependen de sus circunstancias, su función, la ley y de si usted es un empleado potencial, actual o antiguo. A continuación, puede encontrar información sobre los propósitos para los cuales se trata su información personal y los tipos de información personal que tratamos de los candidatos, empleados y antiguos trabajadores.

CANDIDATOS DE EMPLEO: SOLICITUD PARA UNIRSE A DENTSU

FINALIDAD DEL TRATAMIENTO DE SU INFORMACIÓN PERSONAL	FINALIDAD DETALLADA	BASE QUE LEGITIMA EL TRATAMIENTO
CONTRATACIÓN - FASE DE SOLICITUD	Usaremos su información personal para evaluar su postulación y determinar si es apto para trabajar con nosotros. Asimismo, organizaremos entrevistas y evaluaciones a través de este proceso de postulación. Esto ocurre si ha presentado una solicitud directamente con nosotros como a través de una agencia o de un tercero. Esto también incluirá ponerse en contacto con usted para organizar, realizar, evaluar e informar sobre las evaluaciones y entrevistas y, en caso de que tenga éxito, para hacerle una oferta y, en su caso, proporcionarle un contrato de trabajo. Con esta finalidad, recopilaremos sus datos de contacto y otra información para confirmar su identidad: nombre, sexo, dirección, número de teléfono, fecha de nacimiento y dirección de correo electrónico, así como su número de identidad. También recopilaremos información sobre su experiencia profesional y competencias: CV, formularios de solicitud, referencias, registros de cualificación, competencias, capacitación y otros requisitos de cumplimiento. Esto también puede incluir registros de cuándo se comunica con nosotros: correos electrónicos, webchats y conversaciones telefónicas.	Autorización
CONTRATACIÓN – LISTA DE SELECCIONADOS	Nuestros directores de contratación preseleccionarán las solicitudes de entrevista, de acuerdo con los detalles que usted haya cargado en nuestro sistema de solicitud en línea.	Autorización
CONTRATACIÓN - EVALUACIONES	Esto implica la evaluación de su idoneidad para hacer el trabajo que ha solicitado. Podríamos pedirle que participe en jornadas de evaluación; pruebas completas o cuestionarios de perfil de personalidad ocupacional y/o que asista a una serie de entrevistas, o una combinación de estas. La información será generada por usted y por nosotros. Por ejemplo, puede que complete una prueba escrita o podemos tomar notas de la entrevista.	Autorización
COMPROBACIONES PREVIAS AL EMPLEO	Llevar a cabo comprobaciones previas al empleo (cuando lo permita la Ley), que incluyen su derecho a trabajar legalmente, sus calificaciones profesionales, antecedentes penales y revisar las referencias que nos ha proporcionado.	Autorización
ADECUACIÓN PRECISA DEL TRABAJO	Entender si tiene algún historial de empleo anterior con nosotros y las razones por las que se fue, verificar si ha presentado una solicitud anteriormente, entender por qué rechazó nuestra oferta de trabajo si lo hizo, y ver si le interesarían otros roles con nosotros (siempre puede pedirnos que no le contactemos y respetaremos su decisión)	Autorización
AJUSTES RAZONABLES	Realizar ajustes razonables en el proceso de contratación, de acuerdo con los requisitos de accesibilidad de los que usted nos informa o de los que tenemos conocimiento. Con este fin, podemos, dentro de lo razonable, recopilar información sobre usted para evaluar los ajustes que deben realizarse o las restricciones laborales que puedan aplicarse. Esto puede incluir su nacionalidad, idioma de preferencia y detalles de cualquier requisito de accesibilidad.	Autorización
RESERVA DE TALENTO	Si tras la evaluación no tiene éxito para el puesto que solicitó, conservaremos sus datos en nuestra reserva de talentos durante un período de 6 meses para que podamos contactarle en caso de que surjan vacantes adecuadas. Si desea que eliminemos sus datos, no dude en contactar con nosotros en  americas.dpo@dentsu.com.	Autorización

A nivel local, le podrían notificar información adicional sobre las formas en que Grupo Dentsu trata sus datos personales. A menos que se indique lo contrario más arriba, utilizaremos esta información como reclutador para comprender completamente y evaluar la idoneidad de un candidato para un cargo, y verificar la información que se nos proporciona.

EMPLEADOS: TRABAJANDO PARA DENTSU
Utilizaremos la información personal recogida con motivo de su contrato de trabajo con nosotros, para cumplir las obligaciones legales para administrar y proteger nuestro negocio. Para ello se obtendrá la autorización necesaria para el tratamiento de datos personales, si es el caso. Esto significa que:

FINALIDAD DEL TRATAMIENTO DE SU INFORMACIÓN PERSONAL	FINALIDAD DETALLADA	BASE QUE LEGITIMA EL TRATAMIENTO
DESEMPEÑAR NUESTRA FUNCIÓN COMO EMPLEADOR	Esto implica asignar y administrar sus obligaciones y responsabilidades y las actividades comerciales a las que se refieren, permitiendo la comunicación entre el personal, evaluando su desempeño, ayudando a cambiar su patrón de trabajo cuando sea apropiado, organizando viajes de negocios, ofreciéndole apoyo de recursos humanos y gestión de casos y desarrollando sus competencias (tales como capacitación y certificaciones), así como ayudándole en su carrera y en la planificación de su desarrollo profesional. Con esta finalidad, podríamos tratar información sobre su contrato de trabajo, asistencia y desempeño, tales como su fecha de inicio, lugar/es de trabajo, análisis de rendimiento, notas y planes de desarrollo, registros de su capacitación, registros de recursos humanos como permisos, enfermedades, reclamaciones y otros requisitos de cumplimiento.	Autorización
REMUNERACIÓN Y ADMINISTRACIÓN DE PRESTACIONES	Esto implica proporcionar y supervisar su remuneración, aportes a prestaciones sociales (salud, pensión, cesantías, entre otras) y prestaciones de cobertura de vida, planes de incentivos, hacer las deducciones y contribuciones de impuestos y seguridad social adecuadas y administrar gastos. Le ofreceremos la oportunidad de elegir los beneficios cuando tenga derecho a ellos. Esto puede implicar que transfiramos y/o transmitamos, según sea el caso, la información personal apropiada al proveedor de beneficios a terceros correspondiente para que puedan contactarle, o puede registrarse directamente con ellos. También proporcionaremos la información sobre cualquier beneficiario que usted nombre en caso de fallecimiento u otros beneficios al tercero pertinente.	Autorización
ANÁLISIS Y TRAMITACIÓN DE RECLAMACIONES	Esto implica la gestión y administración de estudios de conducta, rendimiento, capacidad, ausencias y reclamaciones, denuncias, quejas, investigaciones y procedimientos y otros procesos de recursos humanos formales e informales, por ejemplo, solicitudes de empleo internas, toma de decisiones relacionadas con la gestión y cualquier otra cuestión requerida en virtud del contrato que tenemos firmado con usted.	Autorización
ADMINISTRACIÓN Y GESTIÓN DE RRHH	Esto incluye mantener y tratar registros generales necesarios para la gestión de personal y para administrar el contrato de trabajo o el contrato de servicios entre usted y la organización Grupo Dentsu.	Autorización
CONSULTAS CON LOS REPRESENTANTES DE LOS TRABAJADORES	Esto implica consultas o negociaciones con representantes de los trabajadores, por ejemplo, el comité de empresa pertinente en su país de trabajo.	Autorización
SEGURIDAD Y SALUD EN EL TRABAJO	Tratar información sobre ausencias o (cuando lo requiera o permita la ley aplicable) información médica sobre la salud física o mental o condición a fin de: valorar si reúne las condiciones para la remuneración o las prestaciones por incapacidad o discapacidad permanente; determinar la aptitud física para el trabajo; facilitar la reincorporación al trabajo; hacer ajustes o acondicionamientos para las tareas o el lugar de trabajo; y tomar decisiones de carácter administrativo en relación al empleo o al compromiso, o la continuidad del empleo o del compromiso, o la reubicación y los procesos relacionados con la conducta. Esto incluye recibir asistencia en caso de enfermedad profesional o lesión por accidente de trabajo, y en la gestión de su seguridad y salud, ofrecer cualquier tipo de apoyo a la accesibilidad que pueda necesitar (incluyendo dónde nos lo comunica en su declaración de salud en el momento de unirse a nosotros, y según la información actualizada que nos proporcione cuando corresponda) y contactar con la persona nombrada en caso de emergencia si es necesario. Esto puede incluir que contactemos a la Administradora de Riesgos Laborales - ARL y le ayudemos con las solicitudes de jubilación por enfermedad.	Autorización
SOLICITUDES DE REFERENCIAS	Responder a solicitudes de referencia de posibles empleadores cuando Dentsu deba hacer recomendaciones.	Autorización
SUPERVISIÓN DE LA IGUALDAD DE OPORTUNIDADES	En algunos países, sujetos a las leyes locales, podemos tratar información sobre su origen étnico, discapacidad, edad, religión/creencia, género y orientación sexual. Esta información se utiliza para cumplir, como empleador, con los requisitos de igualdad y diversidad y para ayudarnos a mejorar nuestras prácticas de empleo. El acceso a esta información está estrictamente restringido.	Autorización
SUPERVISIÓN DEL CUMPLIMIENTO	Supervisar y documentar la actividad, según sea necesario, para demostrar el cumplimiento legal. Esto incluye registros de conflictos de intereses, obsequios y hospitalidad, informes contra sobornos y corrupción, así como capacitación de cumplimiento obligatorio. Cumplir con las leyes y reglamentos aplicables, por ejemplo, la legislación sobre la licencia de maternidad o paternidad, la legislación sobre la jornada laboral y la seguridad y salud, las normas tributarias, los requisitos de consulta a los trabajadores y otras leyes y regulaciones laborales a las que Grupo Dentsu está sujeto.	Autorización
SOLICITUDES LEGALES DE LAS AUTORIDADES PUBLICAS	Para cumplir con las solicitudes legales de las autoridades públicas (incluyendo, a modo enunciativo y no limitativo, cumplir con los requisitos de seguridad nacional o de los cuerpos de seguridad), las solicitudes de descubrimiento de pruebas, o cuando las leyes aplicables, órdenes judiciales, regulaciones gubernamentales o autoridades reguladoras lo requieran o lo permitan (incluyendo, a modo enunciativo y no limitativo, la protección de datos, impuestos y empleo), ya sea dentro o fuera de su país.	Obligación legal – Requerimiento por parte de una autoridad pública o administrativa en ejercicio de sus funciones legales o por orden judicial
GESTIÓN DEL EMPLEO EN CASO DE FUSIONES O ADQUISICIONES	La planificación, diligencia debida e implementación en relación con una modificación estructural de las Sociedades partes de Grupo Dentsu.  Por ejemplo, fusiones y adquisiciones, o una transferencia de su empleo bajo las reglas de transferencia automática.	Autorización
GESTIÓN DE RELACIONES CON CLIENTES Y PROVEEDORES	La divulgación, transmisión y/o transferencia de datos personales a los proveedores puede ser necesaria para permitir la prestación de bienes y servicios para Dentsu y/o nuestros clientes.	Autorización
GESTIÓN DE CASOS	Tratar las solicitudes que usted nos pueda hacer. Podría ser para ayudarle a participar en actividades y programas como empleado que cumple con los requisitos.	Autorización
CELEBRACIÓN DE OCASIONES ESPECIALES	Contactar con usted en ocasiones especiales, como su cumpleaños, y para reconocer los hitos de "la antigüedad de servicio" trabajando para nosotros (pero siempre puede solicitarnos que no lo hagamos).	Autorización
GESTIÓN DE NUESTRAS FINANZAS	Esto incluye la gestión de previsiones, el presupuesto y la gestión y planificación de cuentas para el futuro.	Autorización
PREVENCIÓN Y DETECCIÓN DE DELITOS	Información requerida para prevenir y detectar actividades ilegales, incluidas las de TI y la creación de derechos de acceso y seguimiento de seguridad, uso de CCTV, medidas de detección y prevención de fraudes.	Autorización
INFORMACIÓN EMPRESARIAL Y ANALÍTICA	Recopilar información para la documentación operacional e informes de la empresa, como la preparación de informes anuales que incluyen el uso de imágenes fotográficas y el compromiso del personal o cuestionarios de referencia. En caso de utilizarse, sus datos serán normalmente anonimizados para que usted no sea identificado personalmente.	Autorización
GESTIÓN DE RECLAMACIONES LEGALES	Atender y gestionar nuestro caso en una reclamación legal realizada por nosotros o en nuestra contra. Dicho procedimiento está sujeto a estrictas disposiciones de confidencialidad. Esto podría incluir un accidente laboral.	Autorización

Tenga en cuenta, sin embargo, que esta no es una lista exhaustiva de los fines para los que tratamos datos personales. No obstante, en el caso de que en el futuro se pretenda destinar sus datos a fines distintos, le informaremos de forma previa y, en su caso, le solicitaremos su consentimiento previo, expreso e informado (Autorización).

CANDIDATOS DE EMPLEO: SOLICITUD PARA UNIRSE A GRUPO DENTSU

Después de terminar su relación laboral con nosotros, es posible que debamos conservar su información personal para cumplir con ciertas obligaciones legales o empresariales para los siguientes fines:

FINALIDAD DEL TRATAMIENTO DE SU INFORMACIÓN PERSONAL	FINALIDAD DETALLADA	BASE QUE LEGITIMA EL TRATAMIENTO
RECLAMACIONES Y CONFLICTOS	Para lidiar con reclamaciones o conflictos que le involucren a usted o a terceros (p. ej., un accidente laboral) cuando tengamos la obligación legal de proporcionar la información o nos interese presentar una reclamación o defendernos de una.	Autorización
CONTINUIDAD DE LA ACTIVIDAD	Comprender y demostrar la toma de decisiones en su rol y mantener el conocimiento dentro de la empresa después de su salida. Lo hacemos porque nos interesa utilizar esta información para ayudar a dirigir nuestro negocio o, en su caso, para respaldar una obligación legal.	Autorización
RETENCIÓN DE EMPLEADOS	Entender por qué se ha ido. Lo hacemos porque nos interesa utilizar esta información para ayudar a dirigir nuestro negocio, o, en su caso, para respaldar una obligación legal.	Autorización
ADMINISTRACIÓN DE PENSIONES	Gestionar y administrar su pensión y las obligaciones legales relacionadas.	Autorización
OBLIGACIONES A TERCEROS	Cumplir con nuestras obligaciones para con terceros en relación con su empleo, como las autoridades fiscales y los organismos profesionales.	Autorización
SUPERVISIÓN DE LA IGUALDAD DE OPORTUNIDADES	Cuando sea requerido o permitido por la ley aplicable, ejecutar programas de seguimiento para asegurar la igualdad de oportunidades y diversidad con respecto a las características personales protegidas bajo las leyes locales contra la discriminación.	Autorización

6.) SUPERVISIÓN DE LAS COMUNICACIONES EN EL TRABAJO

De acuerdo con las leyes pertinentes, y respetando siempre sus derechos fundamentales, nos reservamos el derecho de supervisar y escanear las comunicaciones electrónicas enviadas utilizando las cuentas, la red y el equipo que le proporcionamos con fines laborales. Esto es para garantizar que los recursos de TI de Grupo Dentsu se utilicen de conformidad con la ley y de acuerdo con las políticas de Dentsu. Puede encontrar más información sobre el uso de los recursos de TI de Dentsu en nuestra Política de Uso Aceptable en Dentsudot.

Es posible que tengamos que acceder a estas comunicaciones por diversas razones. Estas incluyen el cumplimiento de las obligaciones legales que nos impone la divulgación de información, la prevención o la detección de delitos, o el interés legítimo de hacerlo para promover y proteger nuestro negocio.

7.) COMPARTIR SU INFORMACIÓN

Grupo Dentsu es una organización global. Para garantizar unos servicios y unas comunicaciones eficientes y efectivas en todo el grupo, sus datos personas pueden ser transferidos y/o transmitidos a  otras organizaciones de Dentsu, por ejemplo, con nuestras compañías del grupo en Japón y en los Estados Unidos.

Las siguientes personas y equipos dentro de Dentsu pueden ser autorizados para acceder a sus datos personales según la necesidad:

• Directores de recursos humanos locales, regionales y globales y miembros del equipo de recursos humanos;
• la dirección local, regional y ejecutiva responsable de administrar o tomar decisiones en relación con su relación con Dentsu, o cuando participa en un proceso de Recursos Humanos en relación con su relación con Dentsu; administradores del sistema; y
• cuando sea necesario para el desempeño de tareas específicas o de mantenimiento del sistema, equipos como el Departamento de Finanzas y el Informático, así como el equipo técnico del SIRH Global.

Los datos personales básicos, como su nombre, ubicación, puesto de trabajo, información de contacto, cualquier perfil de competencia o experiencia publicado, así como cualquier foto que cargue en el SIRH, pueden ser accesibles a otros empleados para facilitar las operaciones empresariales estándar.

FUERA DE GRUPO DENTSU

Sus datos personales también pueden ser transferidos y/o transmitidos a  organizaciones fuera de Dentsu. Para ayudarle a comprender quiénes son estas organizaciones, esta es una lista no exhaustiva:

• Proveedores externos: organizaciones (y sus subcontratistas) que nos proporcionan soluciones tecnológicas y/o asistencia, como las organizaciones que se han comprometido a hospedar, proporcionar asistencia o bien, mantener el SIRH. Esto también podría incluir organizaciones que proporcionan sistemas que se interconectan con el SIRH. Los ejemplos incluyen software de administración de gastos, nómina local y sistemas de prestaciones. Cuando usemos un proveedor de servicios externo, nos aseguraremos de cumplir con los requisitos que marca la ley y de que su información personal esté protegida por las medidas técnicas y organizativas adecuadas.
• Asesores profesionales de Dentsu: Administradores de TI, auditores, consultores, proveedores de nóminas, administradores de los programas de prestaciones de Dentsu.
• Proveedores de seguros: Es posible que también necesitemos compartir su información personal con proveedores de seguros en relación con nuestras pólizas de seguro.
• Clientes: Compartimos su información personal con nuestros clientes cuando es necesario para gestionar y prestar servicios.
• Autoridades públicas: Es posible que compartamos su información con las autoridades públicas para cumplir con las solicitudes legales (incluyendo, a modo enunciativo y no limitativo, los requisitos de seguridad nacional o de aplicación de la ley) o cuando sea necesario, ya sea dentro o fuera de su país. Solo compartimos su información personal de acuerdo con las leyes vigentes y ejercemos una estrecha supervisión interna sobre lo que hacemos y nos asesoramos con expertos para informar sobre nuestro enfoque.

8.) CÓMO PROTEGEMOS SU INFORMACIÓN PERSONAL Y DURANTE CUÁNTO TIEMPO LA CONSERVAMOS

¿CÓMO PROTEGEMOS SU INFORMACIÓN PERSONAL?

El tratamiento de su información personal se realiza previa obtención de su consentimiento previo, expreso e informado, salvo en los casos en que la ley aplicable permita el tratamiento sin dicha autorización.

Hemos implementado medidas técnicas y organizativas adecuadas para proteger su información personal. Estas incluyen, a modo enunciativo y no limitativo, controles físicos de edificios, cifrado de dispositivos y archivos y verificación de identidad. Cuando transferimos y/o trasmitimos su información personal a un proveedor externo, lo hacemos únicamente en el marco de las autorizaciones otorgadas por usted o cuando exista una habilitación legal, y solo cuando ese tercero cuenta con las medidas de seguridad adecuadas para proteger sus datos personales.

¿DURANTE CUÁNTO TIEMPO CONSERVAMOS SU INFORMACIÓN PERSONAL?

Mantenemos sus datos personales durante el tiempo que se requiera de acuerdo con los fines para los que fueron recopilados. Por lo general, este será el período de duración de su empleo o contrato con la organización Grupo Dentsu más la duración de los plazos de prescripción de las responsabilidades que se puedan derivar del empleo o contrato o que exija la ley. Por ejemplo, es posible que los datos sobre impuestos o pensiones deban conservarse durante más tiempo. De lo contrario, los eliminaremos para que no pueda ser identificado y ya no se puedan asociar con usted.

9.) SUS DERECHOS

Dependiendo de su país de residencia, puede tener varios derechos con respecto a sus datos personales. Consulte a su autoridad local de protección de datos para averiguar qué derechos se aplican en su caso. A continuación, detallamos algunos ejemplos.

ACCEDER A SUS DATOS PERSONALES

Tendrá derecho a solicitar una copia de los datos personales que Grupo Dentsu guarda sobre usted. Si es un empleado actual, puede acceder a una copia de sus datos personales a través de nuestro SIRH y otras herramientas basadas en intranet.

MANTENER SUS DATOS PERSONALES CORRECTOS Y ACTUALIZADOS

Tiene derecho a solicitar que se corrijan las inexactitudes de sus datos personales. Es importante que la información personal que tenemos sobre usted se mantenga precisa y actualizada. Si es un empleado actual, puede actualizar sus registros de recursos humanos directamente a través de nuestro SIRH y otras herramientas basadas en intranet.

SUPRESIÓN Y LIMITACIÓN DEL USO DE DATOS DE INFORMACIÓN PERSONAL

Tiene derecho a solicitar que borremos su información personal cuando:

• crea que los datos personales ya no son necesarios para los fines para los que fueron recogidos originalmente;
• cuando se le haya pedido que otorgue su consentimiento para el tratamiento de sus datos personales, puede revocar su consentimiento en cualquier momento poniéndose en contacto con su equipo local de Recursos Humanos. Debe tener en cuenta que al retirar su consentimiento puede impedirnos realizar ciertas tareas dentro del proceso de contratación; o
• sus datos personales han sido tratados ilegalmente o deben borrarse para cumplir con una obligación legal aplicable.

Además, puede solicitar en ciertas situaciones que limitemos el tratamiento de sus datos personales. Esto significa que puede limitar la forma en que usamos sus datos. Seguiremos almacenando sus datos personales con acceso restringido, de acuerdo con nuestras medidas de seguridad, pero no los utilizaremos.

Si desea más información, o si tiene comentarios o preguntas acerca de nuestro Aviso, escríbanos a:

Delegado de Protección de Datos de DAN por correo electrónico americas.dpo@dentsu.com

Si desea presentar una queja sobre cómo tratamos su información personal, comuníquese con el Delegado de Protección de Datos, quien analizará el asunto y le informará. Si no está satisfecho con nuestra respuesta o cree que no estamos utilizando su información personal de conformidad con la ley, también tiene derecho a presentar una queja ante la autoridad de protección de datos en el país donde resida o trabaje.

DATOS DE CONTACTO

Si desea más información, o si tiene comentarios o preguntas acerca de este Aviso, puede comunicarse con nosotros a través de los siguientes canales:

Delegado de Protección de Datos de Grupo Dentsu: Correo electrónico: americas.dpo@dentsu.com

Teléfono: 3234901416
Dirección: Carrera 19C No. 91-63

La Política de Tratamiento de la Información / Política de Privacidad de DAN se encuentra disponible para su consulta en el siguiente enlace: https://www.carat.com/latam/privacy-policy

¿CÓMO LE INFORMAREMOS DE LOS CAMBIOS EN EL AVISO?

Nuestro Aviso puede sufrir modificaciones cada cierto tiempo. Le notificaremos sobre cualquier cambio en el Aviso mediante su publicación en nuestro sitio web o en Dentsudot.

GLOSARIO

PALABRA O FRASE	¿QUÉ SIGNIFICA?
Sociedad Grupo Dentsu	La entidad específica de Grupo Dentsu que formalizó un contrato o relación de trabajo o un contrato de servicios con usted.
Responsable del tratamiento	La persona física o jurídica, la autoridad pública, agencia u otro cuerpo que, solo o conjuntamente con otros, determine los fines y medios del tratamiento de datos personales. Será la organización Grupo Dentsu que formalice un contrato de trabajo o contrato de servicios con usted. También puede incluir otras organizaciones de Dentsu que necesiten tratar sus datos personales para sus propios fines.
Otras organizaciones de DAN	Las matrices, filiales y/o subsidiarias de la organización Grupo Dentsu descrita anteriormente.
Tratamiento (o tratado)	Cualquier operación que se realiza sobre datos personales, como la recogida, grabación, organización, estructuración, almacenamiento, adaptación o alteración, recuperación, consulta, uso, divulgación por transmisión, difusión o puesta a disposición, alineación o combinación, restricción, borrado o destrucción.
Datos personales	Información personal significa información que le identifica a usted como individuo o que es capaz de hacerlo. Cualquier información relacionada con una persona identificada o identificable. Una persona identificable es alguien que puede ser identificada, directa o indirectamente, por referencia a detalles tales como un nombre, un número de identificación, datos de ubicación, un identificador en línea o uno o más factores específicos de la identidad física, fisiológica, genética, mental, económica, cultural o social de esa persona.

Read the Croatian People Privacy Notice here.

Read the Czech People Privacy Notice here.

Read the Danish People Privacy Notice here.

Read the Estonia People Privacy Notice here.

Read the Finnish People Privacy Notice here.

Read the French People Privacy Notice here.

Read the German People Privacy Notice here.

Read the Greek People Privacy Notice here.

Read the Hungarian People Privacy Notice here.

按兩下此處閱讀繁體中文的People隱私聲明。

1. The ‘grounds for processing’ set out in the Privacy Notice are not necessarily grounds for processing under Hong Kong privacy laws.
   
   私隱聲明中所載的「處理依據」不一定是根據香港私隱法例的處理依據。
2. It is obligatory for you to supply the data. If we are unable to collect personal information that we seek, our ability to fulfill the purposes of processing your personal information, as outlined in the Privacy Notice, may be limited. In some cases, this may impact our ability to hire or retain you for a role, or result in disciplinary action or reallocation of your duties.
   
   您有義務提供有關資料。如我們未能收集所需的個人資料，則我們根據私隱聲明所列明的目的處理您的個人資料的能力可能會受到限制。在某些情況下，這可能會影響我們聘用或保留您擔任某職位的能力，或導致紀律處分或職責調配。
3. We do not collect Hong Kong Identification Card ("HKID Card") number from job applicants unless and until the individual has accepted an offer of employment. 
   
   除非及直至求職者本人士已接受我們的聘用邀請，否則我們不會向求職者收集香港身份證（「身份證」）號碼。
4. We only collect criminal records from job applicants for our pre-employment checks only if we consider that it is for a lawful purpose directly related to a function or activity of Dentsu, the collection of the data is necessary for or directly related to that purpose, and, in relation to that purpose, the data is adequate but not excessive. This will depend on the specifics of the individual case, including the role and nature of the job involved, its function and potential tasks.
   
   在進行僱用前審查時，我們僅會於以下情況向求職者收集刑事紀錄：假如我們認為收集刑事紀錄的合法目的是與電通職能或活動直接相關，並且收集該等資料對該目的而言是必要或直接相關，且資料屬於足夠但不過量的情況下。這將視乎個別情況的具體細節，包括職位及工作的性質、其職能及潛在職責而定。
5. Our data retention period for Hong Kong is as follows:
   
   我們於香港的資料保留期限如下：
   
   (i) no longer than two years in respect of recruitment-related data held about a job applicant from the date of rejecting the applicant; and
   
   關於求職者的招聘相關資料，自拒絕該申請人之日起計，不會保留超過兩年；及
   
   (ii) no longer than seven years in respect of employment-related data held about an employee from the date the employee leaves employment, unless (a) the individual concerned has given express consent for the data to be retained for a longer period; or (b) there is a subsisting reason that obliges the employer to retain the data for a longer period.
   
   關於僱員的僱傭相關資料，自僱員離職之日起計，不會保留超過七年，除非 (a) 有關人士已明確同意將資料保留更長時間；或 (b) 存在使僱主有義務將資料保留更長時間的持續原因。

1.) This Addendum supplements the People Privacy Notice and applies to all employees, contractors, and workers based in India.

2.) It is intended to ensure compliance with applicable Indian data protection laws and clarify the legal basis for processing personal data in the Indian context.

3.) It should be read in conjunction with the People Privacy Notice. In the event of any conflict between the Addendum and the People Privacy Notice, the provisions of this Addendum shall prevail for data subjects located in India.

Legal grounds for processing

4.) In addition to the legal basis outlined in the People Privacy Notice, the Company shall process your personal data in India based on the following additional legal ground:

a.) Consent

i.) Where required under applicable Indian laws, the Company may seek your explicit and informed consent for collection, use, storage and sharing of personal data. Such consent will be obtained through appropriate documentation or digital acknowledgement and will be freely given, specific, informed, and unambiguous.

ii.)Such consent shall be obtained in addition to, and not in substitution of, the Company’s reliance on legitimate use as a legal ground for processing employee personal data.

Consent Procurement

5.) Consent will be obtained via one or more of the following methods:

a.) Digital acceptance through secure HR portals or consent management tools
b.) Signed paper or electronic form
c.) Email confirmations or click-through mechanisms

Consent Storage and Audit Trail

6.) The Company shall maintain a secure and auditable record of all contents obtained, including:

a.) The date, method, and content of the consent request
b.) Any subsequent modification or withdrawals

7.) These records will be retained for as long as necessary for audit and compliance purposes, subject to applicable legal obligations.

Withdrawal of consent:

1.) You have the right to withdraw your consent at any time by contacting the Company’s Grievance Redressal Officer.

a.) The Company will cease processing your data for the specific purpose(s) for which the consent was originally obtained.
b.) This does not affect the lawfulness of processing carried out prior to the withdrawal.

Important Note

9.)Some processing activities are necessary for employment-related purposes. If you withdraw consent for such essential processing (e.g. payroll, statutory compliance, benefits administration), the Company may not be able to fulfil its obligations as an employer, and this may have practical implications on your continued employment or access to certain services or entitlements. In such cases, the Company will engage with you to explain the consequences and explore alternative arrangements, where feasible.

Klik di sini untuk membaca Pemberitahuan Privasi Orang dalam bahasa Indonesia.

The ‘grounds for processing’ set out in the Privacy Notice are not necessarily grounds for processing under Indonesia privacy laws.

Dasar pemrosesan yang ditetapkan dalam Pemberitahuan Privasi tidak selalu merupakan dasar pemrosesan menurut undang-undang privasi Indonesia.

Read the Italian People Privacy Notice here.

한국어로 된 People Privacy Notice를 읽으려면 여기를 클릭하십시오.

Carat Korea

This addendum supplements the People Privacy Notice and sets forth additional information related to how we process the personal data of data subjects in South Korea. To the extent that there are any inconsistencies between the People Privacy Policy and this Addendum, this Addendum will prevail with respect to data subjects in South Korea.

The data handler under the Personal Information Protection Act for data subjects in South Korea is Carat Korea Co., Ltd.

1.) Items of personal information processed

Legal basis	Items of personal information processed
Your consent	All types of personal data as stated in the Privacy Notice, except resident registration number  AD-ID
Internal Employee Consent	Name, Gender, Age, Education background, Affiliated department, Job grade, Job title/position, Salary and compensation details, Contact information, Training records, Email address, Home address, Marital status, Residential address, Nationality, Performance evaluation, Promotion, Resignation/retirement, Timesheet records, Attendance records
Where any Act, Presidential Decree, National Assembly Regulations, Supreme Court Regulations, Constitutional Court Regulations, National Election Commission Regulations or Board of Audit and Inspection Regulations specifically requires or permits the processing of resident registration numbers	Resident registration number

2.) Data sharing

We provide your personal information to or outsource the processing thereof to third parties as specified below:

2.1) Provision of personal information to Third Parties

Name of the recipient	Purposes of use by the recipient	Items of the information to be transferred	Periods of retention/use by the recipient
Korea Investment & Securities (02-3276-5689)	Retirement pension enrollment, maintenance, withdrawal	Name, Company ID, Address, Contact, Email, Job title, Affiliated department, Salary, Date of employment	For 3 years during the employee’s tenure and after resignation
National Tax Service (02-397-1200)	Income tax and other tax filings, payments, and year-end tax adjustments per the Tax Act	Name, Contact, Date of employment and retirement, Salary, Dependents information	For 5 years during the employee’s tenure and after resignation
National Pension Service (1355)	National pension enrollment, maintenance, suspension, and insurance payment	Same as above	Same as above
Shiftee Inc. (02-6261-5319)	Submission of employment insurance-related documents (HR, etc.)	Name, Company ID, Address, Contact, Date of employment, Affiliated department, Job title, Attendance	For 3 years during the employee’s tenure and after resignation
National Health Insurance Service (1577-1000)	Health insurance enrollment, maintenance, suspension, and insurance payment	Name, Contact, Salary, Job title, Dependents information	Same as above
Korea Worker’s Compensation & Welfare Service (1588-0075)	Employee compensation insurance enrollment, maintenance, suspension, and insurance payment	Same as above	Same as above
Employment Center (1588-0075)	Employment insurance enrollment, suspension, insurance payment	Same as above	Same as above
Dentsu Holdings Korea Co., Ltd. (02-6005-0400)	To provide management support services (such as Accounting, Tax, HR, General Affairs, Legal, IT, etc.) to dentsu internal employees	Name, gender, age, educational background, department, job position, job title, detailed salary and compensation information, contact details, training records, email address, home address, marital status, residential address, nationality, performance evaluations, promotions, resignations, timesheet records, attendance records	Same as above
Firstin Co., Ltd. (070-7119-8045)	Payroll management and provision of management support services	Name, employee ID number, address, contact details, email address, bank account number, date of joining, department, job position, salary, dependent information	Same as above
Konkuk University Hospital (1588-1533)	Provision of comprehensive employee medical check-up services	Name, contact detail, gender, Date of birth	Same as above
Ministry of Employment and Labor (1350)	Provision of materials during workplace inspections and labor supervision	Name, Company ID, Affiliated department, Date of hire and termination	Same as above
Samjeong Accounting Corp. (02-2112-0101)	Provision of materials upon request during regular audits	Same as above	Same as above
Dentsu Asia Pacific Pte Ltd.	To provide management support services (such as Accounting, Tax, HR, General Affairs, Legal, IT, etc.) to dentsu internal employees	Name, Gender, Age Education background, Affiliated department, Job grade, Job title/position, Salary and compensation details, Contact information, Training records, Email address, Home address, Marital status, Residential address, Nationality, Performance evaluation, Promotion, Resignation/retirement, Timesheet records, Attendance records	For 3 years during the employee’s tenure and after resignation
Carat Media Taiwan Ltd.	To provide management support services (such as Accounting, Tax, HR, General Affairs, Legal, IT, etc.) to dentsu internal employees	Name, Gender, Age Education background, Affiliated department, Job grade, Job title/position, Salary and compensation details, Contact information, Training records, Email address, Home address, Marital status, Residential address, Nationality, Performance evaluation, Promotion, Resignation/retirement, Timesheet records, Attendance records	Same as stated above
Dentsu International Limited	For the management and configuration of internal secure browser, and for the analysis, investigation, and reporting of security risks and incidents	Name, Email, Information related to the use of the internal secure browse (Country and country code, IP address, Technical information, Usage information including visited pages, date and time of page access, last logged-in browser, page interactions such as file download/upload, cut/copy/paste, etc.)	Platform internal data: retained for up to 60 days from the date of the security event / Security event information: retained for up to 12 months from the date of the security event / Security incident information: retained for up to 3 years from the date the incident is closed
ISLAND	Same as stated above	Same as stated above	Same as stated above

2.2) Outsourcing of the processing of personal information to third parties

Name of the outsourced processor	Outsourced tasks
메조미디어 (Mezzo Media)	AD-ID를 통한 미디어 집행 (Media AD execution via AD-ID)

2.3)Cross-border transfer of personal information

Name of the recipient (if the recipient is a corporation then the name and contact information of the corporation)	Items of the information to be transferred	Countries where the personal information is to be transferred and the date, time, methods of the transfer	Purposes of use by the recipient	Periods of retention/use by the recipient	Legal basis of the transfer
Dentsu Asia Pacific Pte Ltd.	Name, Gender, Age Education background, Affiliated department, Job grade, Job title/position, Salary and compensation details, Contact information, Training records, Email address, Home address, Marital status, Residential address, Nationality, Performance evaluation, Promotion, Resignation/retirement, Timesheet records, Attendance records	Singapore	To provide management support services (such as Accounting, Tax, HR, General Affairs, Legal, IT, etc.) to dentsu internal employees	For 3 years during the employee’s tenure and after resignation	The company provides the personal data of its officers and employees to third parties located overseas, with their consent, pursuant to Article 28-8(1)(1) of the Personal Information Protection Act.
Carat Media Taiwan Ltd.	Name, Gender, Age Education background, Affiliated department, Job grade, Job title/position, Salary and compensation details, Contact information, Training records, Email address, Home address, Marital status, Residential address, Nationality, Performance evaluation, Promotion, Resignation/retirement, Timesheet records, Attendance records	Taiwan	To provide management support services (such as Accounting, Tax, HR, General Affairs, Legal, IT, etc.) to dentsu internal employees	Same as stated above	Same as stated above
Dentsu International Limited	Name, Email, Information related to the use of the internal secure browse (Country and country code, IP address, Technical information, Usage information including visited pages, date and time of page access, last logged-in browser, page interactions such as file download/upload, cut/copy/paste, etc.)	United Kingdom	For the management and configuration of internal secure browser, and for the analysis, investigation, and reporting of security risks and incidents	Platform internal data: retained for up to 60 days from the date of the security event / Security event information: retained for up to 12 months from the date of the security event / Security incident information: retained for up to 3 years from the date the incident is closed	Same as stated above
ISLAND	Same as stated above	Germany	Same as stated above	Same as stated above	Same as stated above

If you do not want your personal information to be transferred overseas, you can refuse by not agreeing to, or by requesting us to stop, the cross-border transfer of such personal information, but if you refuse, you may not be able to receive the remote support, or may not able to use the secure browser.

3.) Matters concerning the installation, operation, and the right to refuse a device that automatically collects personal information.

We may use cookies to store and retrieve your information to provide individualized services to you. Cookies are small amounts of information sent to the user’s computer browser by the server used to operate the website and are also stored on the hard disk of the user’s computer. If you refuse to save cookies, you may experience difficulties in using customized services.

• Purpose of using cookies: Cookies are used to provide more convenient service to your by identifying the type of visit and use of the service, etc.
• Installation, operation, and refusal of cookies: You can allow or refuse cookies through the option settings in the Tools/Options menu at the top of the web browser.

4.) Data retention

4.1) Data retention

If required to retain personal information pursuant to applicable Korean laws, such as those set forth below, we will retain personal information solely for the retention periods and purposes prescribed thereunder.

• Trade books and other important documents relating to business: 10 years; slips or documents similar thereto: 5 years (the Commercial Act)
• Ledgers and documents related to year-end tax settlement, etc.: 5 years (the Income Tax Act, the Framework Act on National Taxes)
• Log-in and IP address records: 3 months (the Communications Secrecy Act)
• Documents related to the notification of acquisition or loss of status as a workplace-based insured person, etc.: 5 years (the National Pension Act)
• Employee roster and material documents related to employment contracts: 3 years (the Labor Standards Act)
• Information related to the issuance of certificates including certificates of work experience: 3 years following termination of employment contract (the Labor Standards Act)
• Health examination charts and results of health examinations: 5 years (or 30 years in the case of workers handling certain materials prescribed by the Ministry of Employment and Labor) (the Occupational Safety and Health Act)
• Documents related to paternity leave and other documents concerning equal employment opportunity and work-family balance assistance: 3 years (Equal Employment Opportunity and Work-family Balance Assistance Act)

4.2) Data destruction

When destroying your personal information because it is no longer needed, we will do so in accordance with the following procedures and method:

• Procedures for destruction: We select the personal information to be destroyed (e.g., personal information whose purpose of processing has been achieved or whose retention period has expired) and destroy it with the approval of our Data Protection Officer.
• Method of destruction: If printed on paper, the personal information will be destroyed by shredding, incinerating, or some other similar method and, if saved in electronic form, the personal information will be destroyed by technical methods (e.g. Low-Level Format) which will ensure that the data cannot be restored or recovered.

5.) Your rights

You may exercise your rights related to personal information against us, including a request for access to, modification or deletion of, or suspension of processing of, your personal information as provided by applicable law including the Personal Information Protection Act. You may also exercise your right of withdrawal of consent to processing of personal information, right to portability, and rights relating to automated decision-making.

6.) Contact us

If you have any questions about this Addendum or how we handle your personal information, please contact our CISO.

• Name: Heonjeong Yun
• Contact information: +82-02-6005-0400 / DataProtection.kr@dentsu.com

Dentsu Creative

This addendum supplements the People Privacy Notice and sets forth additional information related to how we process the personal data of data subjects in South Korea. To the extent that there are any inconsistencies between the People Privacy Policy and this Addendum, this Addendum will prevail with respect to data subjects in South Korea.

The data handler under the Personal Information Protection Act for data subjects in South Korea is Dentsu Creative Korea Inc.

1.)Items of personal information processed

Legal basis	Items of personal information processed
Your consent	All types of personal data as stated in the Privcay Notice, except resident registration number  Name, address, telephone number, email address
Internal Employee Consent	Name, Gender, Age, Education background, Affiliated department, Job grade, Job title/position, Salary and compensation details, Contact information, Training records, Email address, Home address, Marital status, Residential address, Nationality, Performance evaluation, Promotion, Resignation/retirement, Timesheet records, Attendance records
Where any Act, Presidential Decree, National Assembly Regulations, Supreme Court Regulations, Constitutional Court Regulations, National Election Commission Regulations or Board of Audit and Inspection Regulations specifically requires or permits the processing of resident registration numbers	Resident registration number

2.)Data sharing

We provide your personal information to or outsource the processing thereof to third parties as specified below:

2.1)  Provision of personal information to Third Parties

Name of the recipient	Purposes of use by the recipient	Items of the information to be transferred	Periods of retention/use by the recipient
Korea Investment & Securities (02-3276-5689)	Retirement pension enrollment, maintenance, withdrawal	Name, Company ID, Address, Contact, Email, Job title, Affiliated department, Salary, Date of employment	For 3 years during the employee’s tenure and after resignation
National Tax Service (02-397-1200)	Income tax and other tax filings, payments, and year-end tax adjustments per the Tax Act	Name, Contact, Date of employment and retirement, Salary, Dependents information	For 5 years during the employee’s tenure and after resignation
National Pension Service (1355)	National pension enrollment, maintenance, suspension, and insurance payment	Same as above	Same as above
Shiftee Inc. (02-6261-5319)	Submission of employment insurance-related documents (HR, etc.)	Name, Company ID, Address, Contact, Date of employment, Affiliated department, Job title, Attendance	For 3 years during the employee’s tenure and after resignation
National Health Insurance Service (1577-1000)	Health insurance enrollment, maintenance, suspension, and insurance payment	Name, Contact, Salary, Job title, Dependents information	Same as above
Korea Worker’s Compensation & Welfare Service (1588-0075)	Employee compensation insurance enrollment, maintenance, suspension, and insurance payment	Same as above	Same as above
Employment Center (1588-0075)	Employment insurance enrollment, suspension, insurance payment	Same as above	Same as above
Dentsu Holdings Korea Co., Ltd. (02-6005-0400)	To provide management support services (such as Accounting, Tax, HR, General Affairs, Legal, IT, etc.) to dentsu internal employees	Name, gender, age, educational background, department, job position, job title, detailed salary and compensation information, contact details, training records, email address, home address, marital status, residential address, nationality, performance evaluations, promotions, resignations, timesheet records, attendance records	Same as above
Firstin Co., Ltd. (070-7119-8045)	Payroll management and provision of management support services	Name, employee ID number, address, contact details, email address, bank account number, date of joining, department, job position, salary, dependent information	Same as above
Konkuk University Hospital (1588-1533)	Provision of comprehensive employee medical check-up services	Name, contact detail, gender, Date of birth	Same as above
Ministry of Employment and Labor (1350)	Provision of materials during workplace inspections and labor supervision	Name, Company ID, Affiliated department, Date of hire and termination	Same as above
Samjeong Accounting Corp. (02-2112-0101)	Provision of materials upon request during regular audits	Same as above	Same as above
Dentsu Asia Pacific Pte Ltd.	To provide management support services (such as Accounting, Tax, HR, General Affairs, Legal, IT, etc.) to dentsu internal employees	Name, Gender, Age Education background, Affiliated department, Job grade, Job title/position, Salary and compensation details, Contact information, Training records, Email address, Home address, Marital status, Residential address, Nationality, Performance evaluation, Promotion, Resignation/retirement, Timesheet records, Attendance records	For 3 years during the employee’s tenure and after resignation
Carat Media Taiwan Ltd.	To provide management support services (such as Accounting, Tax, HR, General Affairs, Legal, IT, etc.) to dentsu internal employees	Name, Gender, Age Education background, Affiliated department, Job grade, Job title/position, Salary and compensation details, Contact information, Training records, Email address, Home address, Marital status, Residential address, Nationality, Performance evaluation, Promotion, Resignation/retirement, Timesheet records, Attendance records	Same as stated above
Dentsu International Limited	For the management and configuration of internal secure browser, and for the analysis, investigation, and reporting of security risks and incidents	Name, Email, Information related to the use of the internal secure browse (Country and country code, IP address, Technical information, Usage information including visited pages, date and time of page access, last logged-in browser, page interactions such as file download/upload, cut/copy/paste, etc.)	Platform internal data: retained for up to 60 days from the date of the security event / Security event information: retained for up to 12 months from the date of the security event / Security incident information: retained for up to 3 years from the date the incident is closed
ISLAND	Same as stated above	Same as stated above	Same as stated above

2.2) Outsourcing of the processing of personal information to third parties

Name of the outsourced processor	Outsourced tasks
티아이커머스	광고주 캠페인 경품 당첨자 안내 및 경품 발송, 제세공과금 처리
㈜모바일이앤엠애드	광고주 이벤트 진행을 위한 경품 발송
㈜알리는사람들	기업 메세징 서비스
오투커뮤니케이션즈	광고주 이벤트 및 서비스 경품 발송
㈜루트업	광고주 딜러 플랫폼 운영 및 관리
기지커뮤니케이션즈	광고주 이벤트 운영 및 서비스 경품 발송 목적
엔크리에이션	상동
블루인마케팅	상동

2.3) Cross-border transfer of personal information

Name of the recipient (if the recipient is a corporation then the name and contact information of the corporation)	Items of the information to be transferred	Countries where the personal information is to be transferred and the date, time, methods of the transfer	Purposes of use by the recipient	Periods of retention/use by the recipient	Legal basis of the transfer
Dentsu Asia Pacific Pte Ltd.	Name, Gender, Age Education background, Affiliated department, Job grade, Job title/position, Salary and compensation details, Contact information, Training records, Email address, Home address, Marital status, Residential address, Nationality, Performance evaluation, Promotion, Resignation/retirement, Timesheet records, Attendance records	Singapore	To provide management support services (such as Accounting, Tax, HR, General Affairs, Legal, IT, etc.) to dentsu internal employees	For 3 years during the employee’s tenure and after resignation	The company provides the personal data of its officers and employees to third parties located overseas, with their consent, pursuant to Article 28-8(1)(1) of the Personal Information Protection Act.
Carat Media Taiwan Ltd.	Name, Gender, Age Education background, Affiliated department, Job grade, Job title/position, Salary and compensation details, Contact information, Training records, Email address, Home address, Marital status, Residential address, Nationality, Performance evaluation, Promotion, Resignation/retirement, Timesheet records, Attendance records	Taiwan	To provide management support services (such as Accounting, Tax, HR, General Affairs, Legal, IT, etc.) to dentsu internal employees	Same as stated above	Same as stated above
Dentsu International Limited	Name, Email, Information related to the use of the internal secure browse (Country and country code, IP address, Technical information, Usage information including visited pages, date and time of page access, last logged-in browser, page interactions such as file download/upload, cut/copy/paste, etc.)	United Kingdom	For the management and configuration of internal secure browser, and for the analysis, investigation, and reporting of security risks and incidents	Platform internal data: retained for up to 60 days from the date of the security event / Security event information: retained for up to 12 months from the date of the security event / Security incident information: retained for up to 3 years from the date the incident is closed	Same as stated above
ISLAND	Same as stated above	Germany	Same as stated above	Same as stated above	Same as stated above

If you do not want your personal information to be transferred overseas, you can refuse by not agreeing to, or by requesting us to stop, the cross-border transfer of such personal information, but if you refuse, you may not be able to receive the remote support, or may not able to use the secure browser.

3.) Matters concerning the installation, operation, and the right to refuse a device that automatically collects personal information.

We may use cookies to store and retrieve your information to provide individualized services to you. Cookies are small amounts of information sent to the user’s computer browser by the server used to operate the website and are also stored on the hard disk of the user’s computer. If you refuse to save cookies, you may experience difficulties in using customized services.

• Purpose of using cookies: Cookies are used to provide more convenient service to your by identifying the type of visit and use of the service, etc.
• Installation, operation, and refusal of cookies: You can allow or refuse cookies through the option settings in the Tools/Options menu at the top of the web browser.

4.) Data retention

4.1 Data retention

If required to retain personal information pursuant to applicable Korean laws, such as those set forth below, we will retain personal information solely for the retention periods and purposes prescribed thereunder.

• Trade books and other important documents relating to business: 10 years; slips or documents similar thereto: 5 years (the Commercial Act)
• Ledgers and documents related to year-end tax settlement, etc.: 5 years (the Income Tax Act, the Framework Act on National Taxes)
• Log-in and IP address records: 3 months (the Communications Secrecy Act)
• Documents related to the notification of acquisition or loss of status as a workplace-based insured person, etc.: 5 years (the National Pension Act)
• Employee roster and material documents related to employment contracts: 3 years (the Labor Standards Act)
• Information related to the issuance of certificates including certificates of work experience: 3 years following termination of employment contract (the Labor Standards Act)
• Health examination charts and results of health examinations: 5 years (or 30 years in the case of workers handling certain materials prescribed by the Ministry of Employment and Labor) (the Occupational Safety and Health Act)
• Documents related to paternity leave and other documents concerning equal employment opportunity and work-family balance assistance: 3 years (Equal Employment Opportunity and Work-family Balance Assistance Act)

4.2) Data destruction

When destroying your personal information because it is no longer needed, we will do so in accordance with the following procedures and method:

• Procedures for destruction: We select the personal information to be destroyed (e.g., personal information whose purpose of processing has been achieved or whose retention period has expired) and destroy it with the approval of our Data Protection Officer.
• Method of destruction: If printed on paper, the personal information will be destroyed by shredding, incinerating, or some other similar method and, if saved in electronic form, the personal information will be destroyed by technical methods (e.g. Low-Level Format) which will ensure that the data cannot be restored or recovered.

5.) Your rights

You may exercise your rights related to personal information against us, including a request for access to, modification or deletion of, or suspension of processing of, your personal information as provided by applicable law including the Personal Information Protection Act. You may also exercise your right of withdrawal of consent to processing of personal information, right to portability, and rights relating to automated decision-making.

6.) Contact us

If you have any questions about this Addendum or how we handle your personal information, please contact our CISO.

• Name: Kyungjae Yu
• Contact information: +82-02-6005-0400 / DataProtection.kr@dentsu.com

dentsu X Korea

This addendum supplements the People Privacy Notice and sets forth additional information related to how we process the personal data of data subjects in South Korea. To the extent that there are any inconsistencies between the People Privacy Policy and this Addendum, this Addendum will prevail with respect to data subjects in South Korea.

The data handler under the Personal Information Protection Act for data subjects in South Korea is dentsu X Inc.

1.)Items of personal information processed

Legal basis	Items of personal information processed
Your consent	All types of personal data as stated in the Privcay Notice, except resident registration number Name, birthday, address, telephone number, IP address, email address
Internal Employee Consent	Name, Gender, Age, Education background, Affiliated department, Job grade, Job title/position, Salary and compensation details, Contact information, Training records, Email address, Home address, Marital status, Residential address, Nationality, Performance evaluation, Promotion, Resignation/retirement, Timesheet records, Attendance records
Where any Act, Presidential Decree, National Assembly Regulations, Supreme Court Regulations, Constitutional Court Regulations, National Election Commission Regulations or Board of Audit and Inspection Regulations specifically requires or permits the processing of resident registration numbers	Resident registration number

2.)Data sharing

We provide your personal information to or outsource the processing thereof to third parties as specified below:

2.1) Provision of personal information to Third Parties

Name of the recipient	Purposes of use by the recipient	Items of the information to be transferred	Periods of retention/use by the recipient
Korea Investment & Securities (02-3276-5689)	Retirement pension enrollment, maintenance, withdrawal	Name, Company ID, Address, Contact, Email, Job title, Affiliated department, Salary, Date of employment	For 3 years during the employee’s tenure and after resignation
National Tax Service (02-397-1200)	Income tax and other tax filings, payments, and year-end tax adjustments per the Tax Act	Name, Contact, Date of employment and retirement, Salary, Dependents information	For 5 years during the employee’s tenure and after resignation
National Pension Service (1355)	National pension enrollment, maintenance, suspension, and insurance payment	Same as above	Same as above
Shiftee Inc. (02-6261-5319)	Submission of employment insurance-related documents (HR, etc.)	Name, Company ID, Address, Contact, Date of employment, Affiliated department, Job title, Attendance	For 3 years during the employee’s tenure and after resignation
National Health Insurance Service (1577-1000)	Health insurance enrollment, maintenance, suspension, and insurance payment	Name, Contact, Salary, Job title, Dependents information	Same as above
Korea Worker’s Compensation & Welfare Service (1588-0075)	Employee compensation insurance enrollment, maintenance, suspension, and insurance payment	Same as above	Same as above
Employment Center (1588-0075)	Employment insurance enrollment, suspension, insurance payment	Same as above	Same as above
Dentsu Holdings Korea Co., Ltd. (02-6005-0400)	To provide management support services (such as Accounting, Tax, HR, General Affairs, Legal, IT, etc.) to dentsu internal employees	Name, gender, age, educational background, department, job position, job title, detailed salary and compensation information, contact details, training records, email address, home address, marital status, residential address, nationality, performance evaluations, promotions, resignations, timesheet records, attendance records	Same as above
Firstin Co., Ltd. (070-7119-8045)	Payroll management and provision of management support services	Name, employee ID number, address, contact details, email address, bank account number, date of joining, department, job position, salary, dependent information	Same as above
Konkuk University Hospital (1588-1533)	Provision of comprehensive employee medical check-up services	Name, contact detail, gender, Date of birth	Same as above
Ministry of Employment and Labor (1350)	Provision of materials during workplace inspections and labor supervision	Name, Company ID, Affiliated department, Date of hire and termination	Same as above
Samjeong Accounting Corp. (02-2112-0101)	Provision of materials upon request during regular audits	Same as above	Same as above
Dentsu Asia Pacific Pte Ltd.	To provide management support services (such as Accounting, Tax, HR, General Affairs, Legal, IT, etc.) to dentsu internal employees	Name, Gender, Age Education background, Affiliated department, Job grade, Job title/position, Salary and compensation details, Contact information, Training records, Email address, Home address, Marital status, Residential address, Nationality, Performance evaluation, Promotion, Resignation/retirement, Timesheet records, Attendance records	For 3 years during the employee’s tenure and after resignation
Carat Media Taiwan Ltd.	To provide management support services (such as Accounting, Tax, HR, General Affairs, Legal, IT, etc.) to dentsu internal employees	Name, Gender, Age Education background, Affiliated department, Job grade, Job title/position, Salary and compensation details, Contact information, Training records, Email address, Home address, Marital status, Residential address, Nationality, Performance evaluation, Promotion, Resignation/retirement, Timesheet records, Attendance records	Same as stated above
Dentsu International Limited	For the management and configuration of internal secure browser, and for the analysis, investigation, and reporting of security risks and incidents	Name, Email, Information related to the use of the internal secure browse (Country and country code, IP address, Technical information, Usage information including visited pages, date and time of page access, last logged-in browser, page interactions such as file download/upload, cut/copy/paste, etc.)	Platform internal data: retained for up to 60 days from the date of the security event / Security event information: retained for up to 12 months from the date of the security event / Security incident information: retained for up to 3 years from the date the incident is closed
ISLAND	Same as stated above	Same as stated above	Same as stated above

2.2) Outsourcing of the processing of personal information to third parties

Name of the outsourced processor	Outsourced tasks
메조미디어 (Mezzo Media)	광고주 미디어 광고 캠페인 운영 (Media AD campaign operation)

2.3) Cross-border transfer of personal information

Name of the recipient (if the recipient is a corporation then the name and contact information of the corporation)	Items of the information to be transferred	Countries where the personal information is to be transferred and the date, time, methods of the transfer	Purposes of use by the recipient	Periods of retention/use by the recipient	Legal basis of the transfer
Dentsu Asia Pacific Pte Ltd.	Name, Gender, Age Education background, Affiliated department, Job grade, Job title/position, Salary and compensation details, Contact information, Training records, Email address, Home address, Marital status, Residential address, Nationality, Performance evaluation, Promotion, Resignation/retirement, Timesheet records, Attendance records	Singapore	To provide management support services (such as Accounting, Tax, HR, General Affairs, Legal, IT, etc.) to dentsu internal employees	For 3 years during the employee’s tenure and after resignation	The company provides the personal data of its officers and employees to third parties located overseas, with their consent, pursuant to Article 28-8(1)(1) of the Personal Information Protection Act.
Carat Media Taiwan Ltd.	Name, Gender, Age Education background, Affiliated department, Job grade, Job title/position, Salary and compensation details, Contact information, Training records, Email address, Home address, Marital status, Residential address, Nationality, Performance evaluation, Promotion, Resignation/retirement, Timesheet records, Attendance records	Taiwan	To provide management support services (such as Accounting, Tax, HR, General Affairs, Legal, IT, etc.) to dentsu internal employees	Same as stated above	Same as stated above
Dentsu International Limited	Name, Email, Information related to the use of the internal secure browse (Country and country code, IP address, Technical information, Usage information including visited pages, date and time of page access, last logged-in browser, page interactions such as file download/upload, cut/copy/paste, etc.)	United Kingdom	For the management and configuration of internal secure browser, and for the analysis, investigation, and reporting of security risks and incidents	Platform internal data: retained for up to 60 days from the date of the security event / Security event information: retained for up to 12 months from the date of the security event / Security incident information: retained for up to 3 years from the date the incident is closed	Same as stated above
ISLAND	Same as stated above	Germany	Same as stated above	Same as stated above	Same as stated above

If you do not want your personal information to be transferred overseas, you can refuse by not agreeing to, or by requesting us to stop, the cross-border transfer of such personal information, but if you refuse, you may not be able to receive the remote support, or may not able to use the secure browser.

3.)Matters concerning the installation, operation, and the right to refuse a device that automatically collects personal information.

We may use cookies to store and retrieve your information to provide individualized services to you. Cookies are small amounts of information sent to the user’s computer browser by the server used to operate the website and are also stored on the hard disk of the user’s computer. If you refuse to save cookies, you may experience difficulties in using customized services.

• Purpose of using cookies: Cookies are used to provide more convenient service to your by identifying the type of visit and use of the service, etc.
• Installation, operation, and refusal of cookies: You can allow or refuse cookies through the option settings in the Tools/Options menu at the top of the web browser.

4.) Data retention

4.1) Data retention

If required to retain personal information pursuant to applicable Korean laws, such as those set forth below, we will retain personal information solely for the retention periods and purposes prescribed thereunder.

• Trade books and other important documents relating to business: 10 years; slips or documents similar thereto: 5 years (the Commercial Act)
• Ledgers and documents related to year-end tax settlement, etc.: 5 years (the Income Tax Act, the Framework Act on National Taxes)
• Log-in and IP address records: 3 months (the Communications Secrecy Act)
• Documents related to the notification of acquisition or loss of status as a workplace-based insured person, etc.: 5 years (the National Pension Act)
• Employee roster and material documents related to employment contracts: 3 years (the Labor Standards Act)
• Information related to the issuance of certificates including certificates of work experience: 3 years following termination of employment contract (the Labor Standards Act)
• Health examination charts and results of health examinations: 5 years (or 30 years in the case of workers handling certain materials prescribed by the Ministry of Employment and Labor) (the Occupational Safety and Health Act)
• Documents related to paternity leave and other documents concerning equal employment opportunity and work-family balance assistance: 3 years (Equal Employment Opportunity and Work-family Balance Assistance Act)

4.2) Data destruction

When destroying your personal information because it is no longer needed, we will do so in accordance with the following procedures and method:

• Procedures for destruction: We select the personal information to be destroyed (e.g., personal information whose purpose of processing has been achieved or whose retention period has expired) and destroy it with the approval of our Data Protection Officer.
• Method of destruction: If printed on paper, the personal information will be destroyed by shredding, incinerating, or some other similar method and, if saved in electronic form, the personal information will be destroyed by technical methods (e.g. Low-Level Format) which will ensure that the data cannot be restored or recovered.

5.) Your rights

You may exercise your rights related to personal information against us, including a request for access to, modification or deletion of, or suspension of processing of, your personal information as provided by applicable law including the Personal Information Protection Act. You may also exercise your right of withdrawal of consent to processing of personal information, right to portability, and rights relating to automated decision-making.

6.) Contact us

If you have any questions about this Addendum or how we handle your personal information, please contact our CISO.

• Name: Heonjeong Yun
• Contact information: +82-02-6005-0400 / DataProtection.kr@dentsu.com

iProspect Korea

This addendum supplements the People Privacy Notice and sets forth additional information related to how we process the personal data of data subjects in South Korea. To the extent that there are any inconsistencies between the People Privacy Policy and this Addendum, this Addendum will prevail with respect to data subjects in South Korea.

The data handler under the Personal Information Protection Act for data subjects in South Korea is iProspect Korea Co., Ltd.

1.) Items of personal information processed

Legal basis	Items of personal information processed
Your consent	All types of personal data as stated in the Privacy Notice, except resident registration number Currently None
Internal Employee Consent	Name, Gender, Age, Education background, Affiliated department, Job grade, Job title/position, Salary and compensation details, Contact information, Training records, Email address, Home address, Marital status, Residential address, Nationality, Performance evaluation, Promotion, Resignation/retirement, Timesheet records, Attendance records
Where any Act, Presidential Decree, National Assembly Regulations, Supreme Court Regulations, Constitutional Court Regulations, National Election Commission Regulations or Board of Audit and Inspection Regulations specifically requires or permits the processing of resident registration numbers	Resident registration number

2.) Data sharing

We provide your personal information to or outsource the processing thereof to third parties as specified below:

2.1) Provision of personal information to Third Parties

Name of the recipient	Purposes of use by the recipient	Items of the information to be transferred	Periods of retention/use by the recipient
Korea Investment & Securities (02-3276-5689)	Retirement pension enrollment, maintenance, withdrawal	Name, Company ID, Address, Contact, Email, Job title, Affiliated department, Salary, Date of employment	For 3 years during the employee’s tenure and after resignation
National Tax Service (02-397-1200)	Income tax and other tax filings, payments, and year-end tax adjustments per the Tax Act	Name, Contact, Date of employment and retirement, Salary, Dependents information	For 5 years during the employee’s tenure and after resignation
National Pension Service (1355)	National pension enrollment, maintenance, suspension, and insurance payment	Same as above	Same as above
Shiftee Inc. (02-6261-5319)	Submission of employment insurance-related documents (HR, etc.)	Name, Company ID, Address, Contact, Date of employment, Affiliated department, Job title, Attendance	For 3 years during the employee’s tenure and after resignation
National Health Insurance Service (1577-1000)	Health insurance enrollment, maintenance, suspension, and insurance payment	Name, Contact, Salary, Job title, Dependents information	Same as above
Korea Worker’s Compensation & Welfare Service (1588-0075)	Employee compensation insurance enrollment, maintenance, suspension, and insurance payment	Same as above	Same as above
Employment Center (1588-0075)	Employment insurance enrollment, suspension, insurance payment	Same as above	Same as above
Dentsu Holdings Korea Co., Ltd. (02-6005-0400)	To provide management support services (such as Accounting, Tax, HR, General Affairs, Legal, IT, etc.) to dentsu internal employees	Name, gender, age, educational background, department, job position, job title, detailed salary and compensation information, contact details, training records, email address, home address, marital status, residential address, nationality, performance evaluations, promotions, resignations, timesheet records, attendance records	Same as above
Firstin Co., Ltd. (070-7119-8045)	Payroll management and provision of management support services	Name, employee ID number, address, contact details, email address, bank account number, date of joining, department, job position, salary, dependent information	Same as above
Konkuk University Hospital (1588-1533)	Provision of comprehensive employee medical check-up services	Name, contact detail, gender, Date of birth	Same as above
Ministry of Employment and Labor (1350)	Provision of materials during workplace inspections and labor supervision	Name, Company ID, Affiliated department, Date of hire and termination	Same as above
Samjeong Accounting Corp. (02-2112-0101)	Provision of materials upon request during regular audits	Same as above	Same as above
Dentsu Asia Pacific Pte Ltd.	To provide management support services (such as Accounting, Tax, HR, General Affairs, Legal, IT, etc.) to dentsu internal employees	Name, Gender, Age Education background, Affiliated department, Job grade, Job title/position, Salary and compensation details, Contact information, Training records, Email address, Home address, Marital status, Residential address, Nationality, Performance evaluation, Promotion, Resignation/retirement, Timesheet records, Attendance records	For 3 years during the employee’s tenure and after resignation
Carat Media Taiwan Ltd.	To provide management support services (such as Accounting, Tax, HR, General Affairs, Legal, IT, etc.) to dentsu internal employees	Name, Gender, Age Education background, Affiliated department, Job grade, Job title/position, Salary and compensation details, Contact information, Training records, Email address, Home address, Marital status, Residential address, Nationality, Performance evaluation, Promotion, Resignation/retirement, Timesheet records, Attendance records	Same as stated above
Dentsu International Limited	For the management and configuration of internal secure browser, and for the analysis, investigation, and reporting of security risks and incidents	Name, Email, Information related to the use of the internal secure browse (Country and country code, IP address, Technical information, Usage information including visited pages, date and time of page access, last logged-in browser, page interactions such as file download/upload, cut/copy/paste, etc.)	Platform internal data: retained for up to 60 days from the date of the security event / Security event information: retained for up to 12 months from the date of the security event / Security incident information: retained for up to 3 years from the date the incident is closed
ISLAND	Same as stated above	Same as stated above	Same as stated above

2.2)  Outsourcing of the processing of personal information to third parties

Name of the outsourced processor	Outsourced tasks
N/A	N/A

2.3) Cross-border transfer of personal information

Name of the recipient (if the recipient is a corporation then the name and contact information of the corporation)	Items of the information to be transferred	Countries where the personal information is to be transferred and the date, time, methods of the transfer	Purposes of use by the recipient	Periods of retention/use by the recipient	Legal basis of the transfer
Dentsu Asia Pacific Pte Ltd.	Name, Gender, Age Education background, Affiliated department, Job grade, Job title/position, Salary and compensation details, Contact information, Training records, Email address, Home address, Marital status, Residential address, Nationality, Performance evaluation, Promotion, Resignation/retirement, Timesheet records, Attendance records	Singapore	To provide management support services (such as Accounting, Tax, HR, General Affairs, Legal, IT, etc.) to dentsu internal employees	For 3 years during the employee’s tenure and after resignation	The company provides the personal data of its officers and employees to third parties located overseas, with their consent, pursuant to Article 28-8(1)(1) of the Personal Information Protection Act.
Carat Media Taiwan Ltd.	Name, Gender, Age Education background, Affiliated department, Job grade, Job title/position, Salary and compensation details, Contact information, Training records, Email address, Home address, Marital status, Residential address, Nationality, Performance evaluation, Promotion, Resignation/retirement, Timesheet records, Attendance records	Taiwan	To provide management support services (such as Accounting, Tax, HR, General Affairs, Legal, IT, etc.) to dentsu internal employees	Same as stated above	Same as stated above
Dentsu International Limited	Name, Email, Information related to the use of the internal secure browse (Country and country code, IP address, Technical information, Usage information including visited pages, date and time of page access, last logged-in browser, page interactions such as file download/upload, cut/copy/paste, etc.)	United Kingdom	For the management and configuration of internal secure browser, and for the analysis, investigation, and reporting of security risks and incidents	Platform internal data: retained for up to 60 days from the date of the security event / Security event information: retained for up to 12 months from the date of the security event / Security incident information: retained for up to 3 years from the date the incident is closed	Same as stated above
ISLAND	Same as stated above	Germany	Same as stated above	Same as stated above	Same as stated above

If you do not want your personal information to be transferred overseas, you can refuse by not agreeing to, or by requesting us to stop, the cross-border transfer of such personal information, but if you refuse, you may not be able to receive the remote support, or may not able to use the secure browser.

3.) Matters concerning the installation, operation, and the right to refuse a device that automatically collects personal information.

We may use cookies to store and retrieve your information to provide individualized services to you. Cookies are small amounts of information sent to the user’s computer browser by the server used to operate the website and are also stored on the hard disk of the user’s computer. If you refuse to save cookies, you may experience difficulties in using customized services.

• Purpose of using cookies: Cookies are used to provide more convenient service to your by identifying the type of visit and use of the service, etc.
• Installation, operation, and refusal of cookies: You can allow or refuse cookies through the option settings in the Tools/Options menu at the top of the web browser.

4.) Data retention

4.1 Data retention

If required to retain personal information pursuant to applicable Korean laws, such as those set forth below, we will retain personal information solely for the retention periods and purposes prescribed thereunder.

• Trade books and other important documents relating to business: 10 years; slips or documents similar thereto: 5 years (the Commercial Act)
• Ledgers and documents related to year-end tax settlement, etc.: 5 years (the Income Tax Act, the Framework Act on National Taxes)
• Log-in and IP address records: 3 months (the Communications Secrecy Act)
• Documents related to the notification of acquisition or loss of status as a workplace-based insured person, etc.: 5 years (the National Pension Act)
• Employee roster and material documents related to employment contracts: 3 years (the Labor Standards Act)
• Information related to the issuance of certificates including certificates of work experience: 3 years following termination of employment contract (the Labor Standards Act)
• Health examination charts and results of health examinations: 5 years (or 30 years in the case of workers handling certain materials prescribed by the Ministry of Employment and Labor) (the Occupational Safety and Health Act)
• Documents related to paternity leave and other documents concerning equal employment opportunity and work-family balance assistance: 3 years (Equal Employment Opportunity and Work-family Balance Assistance Act)

4.2 Data destruction

When destroying your personal information because it is no longer needed, we will do so in accordance with the following procedures and method:

• Procedures for destruction: We select the personal information to be destroyed (e.g., personal information whose purpose of processing has been achieved or whose retention period has expired) and destroy it with the approval of our Data Protection Officer.
• Method of destruction: If printed on paper, the personal information will be destroyed by shredding, incinerating, or some other similar method and, if saved in electronic form, the personal information will be destroyed by technical methods (e.g. Low-Level Format) which will ensure that the data cannot be restored or recovered.

5.) Your rights

You may exercise your rights related to personal information against us, including a request for access to, modification or deletion of, or suspension of processing of, your personal information as provided by applicable law including the Personal Information Protection Act. You may also exercise your right of withdrawal of consent to processing of personal information, right to portability, and rights relating to automated decision-making.

6.) Contact us

If you have any questions about this Addendum or how we handle your personal information, please contact our CISO.

• Name: Hayoung Shim
• Contact information: +82-02-6005-0400 / DataProtection.kr@dentsu.com

Read the Latvian People Privacy Notice here.

Read the Lithuanian People Privacy Notice here.

The ‘grounds for processing’ set out in the Privacy Notice are not necessarily grounds for processing under Malaysia privacy laws.

Última actualización: Enero 2026

BIENVENIDO

En cumplimiento de la Ley Federal de Protección de Datos Personales en Posesión de los Particulares (la “Ley”), los responsables por el tratamiento de los datos personales recabados de usted será alguna de las siguientes sociedades:

AM Network Group México, S.A. de C.V.	Arrechedera y Claverol, S.A. de C.V.
Buying Uplift Media, S.A. de C.V.	Carat Mexicana, S.A. de C.V.
Control Media Región Norte, S.A. de C.V.	Dentsu Creative México, S.A. de C.V.
DentsuX Mexicana, S.A. de C.V.	Flock Advertising México, S.A.P.I. de C.V.
Mercadotecnia en Buscadores, S.A. de C.V.	NVG Network, S.A. de C.V.
Vizeum de México, S.A. de C.V.

Las sociedades anteriormente mencionadas forman parte del grupo corporativo Dentsu y, para efectos del presente Aviso de Privacidad, cada una de ellas tendrá el carácter de Responsable, en términos de la Ley, respecto de los datos personales que recabe y trate en el ámbito de sus respectivas actividades. En el entendido que el tratamiento y la relación de usted será con la sociedad o Responsable correspondiente que hubiese recabado sus datos personales.

En lo sucesivo, cuando se haga referencia al “Responsable” o a “Dentsu”, se entenderá hecha a cualquiera de dichas sociedades, según corresponda a la que, en cada caso, actúe como Responsable del tratamiento.

El domicilio del Responsable es el ubicado en Av. Insurgentes Sur No.1458 Piso 17, Col. Actipan 03230 Benito Juárez, Ciudad de México.

Este Aviso de privacidad (“Aviso”) es aplicable a los datos personales que obtenemos de usted como candidato, empleado o exempleado en el proceso previo, la contratación, durante el empleo y/o tras la finalización del mismo.

I.) ¿QUÉ TIPO DE DATOS PERSONALES RECOGEMOS Y CÓMO LOS UTILIZAMOS?

Recopilamos la mayoría de sus datos personales directamente de usted, pero en algunos casos los obtenemos de terceros.

1. Datos de identificación

• Nombre
• Sexo
• Fecha de nacimiento
• Edad
• Nacionalidad
• Género

2. Datos de contacto

• Domicilio
• Número de teléfono
• Dirección de correo electrónico

3. Datos laborales

• Número de seguridad social
• Referencias laborales
• Antecedentes laborales & administrativos
• Información sobre experiencia profesional
• Registros de cualificación
• Competencias profesionales
• Registros de capacitación
• Información del contrato de trabajo
• Fecha de inicio de la relación laboral
• Lugar o lugares de trabajo
• Evaluaciones y análisis de desempeño
• Planes de desarrollo
• Registros de permisos
• Registros de incapacidades por enfermedad
• Registros de reclamaciones
• Otros registros de cumplimiento en materia de recursos humanos

4. Datos académicos y de capacitación

• Certificaciones y constancias relacionadas con el perfil profesional

5. Datos de comunicaciones (únicamente para caso de empleados, en los equipos propiedad de Dentsu)

• Registros de correos electrónicos
• Registros de webchats
• Registros de conversaciones telefónicas

Recabamos la mayoría de sus datos personales directamente de usted; sin embargo, en algunos casos podremos obtenerlos de terceros.

Los datos personales son proporcionados directamente por usted al área de recursos humanos de Dentsu o a través de nuestros sistemas de información, así como, en su caso, respecto de otras personas, tales como contactos de emergencia.

Asimismo, podremos obtener información de terceros, tales como referencias laborales, verificaciones de antecedentes o agencias de reclutamiento, cuando ello sea permitido por la legislación aplicable.

El suministro de ciertos datos personales será obligatorio para el cumplimiento de obligaciones legales y contractuales. Si su solicitud es gestionada a través de un tercero, le recomendamos consultar el aviso de privacidad correspondiente.

Medidas de Seguridad

Dentsu ha implementado medidas de seguridad administrativas, técnicas y físicas para proteger los datos personales contra daño, pérdida, alteración, destrucción o uso, acceso o tratamiento no autorizado.

Plazo de Conservación

Los datos personales serán conservados durante el tiempo necesario para cumplir con las finalidades para las cuales fueron recabados y para cumplir con obligaciones legales aplicables. Posteriormente, serán eliminados o anonimizados conforme a la legislación aplicable.

II.) FINALIDADES DEL TRATAMIENTO DE DATOS PERSONALES.

1. Candidatos de empleo

• Evaluar la idoneidad del candidato para un puesto de trabajo y gestionar procesos de reclutamiento y selección.
• Organizar, realizar y evaluar entrevistas y evaluaciones, así como comunicar resultados y formular ofertas de empleo y contratos.
• Preseleccionar solicitudes con base en la información proporcionada en plataformas o sistemas de reclutamiento.
• Aplicar evaluaciones técnicas, psicométricas o de personalidad.
• Realizar comprobaciones previas al empleo, incluyendo verificación de derecho a trabajar, calificaciones, antecedentes y referencias.
• Verificar historial laboral previo, solicitudes anteriores y posibles intereses en futuras vacantes.
• Implementar ajustes razonables conforme a requisitos de accesibilidad.
• Conservar información en bolsas o reservas de talento para futuras vacantes.
• Gestionar comunicaciones relacionadas con el proceso de reclutamiento.

2. Empleados

• Administrar la relación laboral, funciones, desempeño, comunicación interna, viajes, capacitación y desarrollo.
• Gestionar asistencia, evaluaciones, planes de desarrollo y expedientes laborales.
• Administrar recursos humanos, permisos, incapacidades y cumplimiento laboral.
• Gestionar nómina, remuneraciones, pensiones, prestaciones e impuestos.
• Administrar beneficios laborales y comunicación con proveedores y beneficiarios.
• Gestionar reclamaciones, quejas, investigaciones y procedimientos disciplinarios.
• Consultar y negociar con representantes de los trabajadores y sindicatos.
• Supervisar cumplimiento normativo, anticorrupción y capacitación obligatoria.
• Atender solicitudes legales de autoridades públicas.
• Gestionar seguridad y salud en el trabajo y reincorporaciones.
• Contactar personas designadas en caso de emergencia.
• Atender solicitudes de referencias laborales.
• Gestionar relaciones con clientes y proveedores.
• Participar en procesos de fusiones, adquisiciones o transferencias laborales.
• Gestionar solicitudes internas y programas corporativos.
• Reconocer antigüedad y ocasiones especiales.
• Gestionar finanzas corporativas y planeación.
• Prevenir y detectar delitos, fraudes y accesos no autorizados.
• Elaborar información empresarial y analítica.
• Atender y gestionar reclamaciones legales.

3. Exempleados

• Atender reclamaciones, conflictos y procedimientos legales.
• Asegurar continuidad operativa y conservación de conocimiento.
• Analizar causas de terminación de la relación laboral.
• Administrar pensiones y obligaciones laborales posteriores.
• Cumplir obligaciones frente a terceros y autoridades.

III.) TRANSFERENCIAS DE DATOS PERSONALES EN DENTSU.

El Grupo Dentsu es una organización global. Con el objeto de garantizar servicios y comunicaciones eficientes y efectivas dentro del grupo corporativo, sus datos personales podrán ser transferidos a otras sociedades que forman parte del Grupo Dentsu, incluyendo de manera enunciativa mas no limitativa, a compañías del grupo ubicadas en Japón y en los Estados Unidos. En dichos casos, los datos personales serán tratados conforme a las mismas finalidades previstas en el presente Aviso de Privacidad.

En caso de que se realicen transferencias entre sociedades del grupo corporativo, usted podrá ejercer sus derechos ARCO ante cualquiera de los Responsables señalados en el presente Aviso, conforme a los mecanismos aquí establecidos.

IV.) TRANSFERENCIAS DE DATOS PERSONALES FUERA DE DENTSU

Sus datos personales también podrán ser transferidos a terceros distintos de Dentsu. Para ayudarle a comprender quiénes son estas organizaciones, a continuación se presenta una lista enunciativa mas no limitativa:

• Proveedores externos: organizaciones (y, en su caso, sus subcontratistas) que nos proporcionan soluciones tecnológicas y/o servicios de apoyo, tales como aquellas encargadas de hospedar, dar soporte o mantener los sistemas de información de recursos humanos, así como proveedores de sistemas interconectados con dichos sistemas, incluyendo, entre otros, software de administración de gastos, nómina local y sistemas de prestaciones. En estos casos, nos aseguraremos de que dichos proveedores cumplan con las disposiciones legales aplicables y cuenten con medidas técnicas y organizativas adecuadas para la protección de su información personal.
• Asesores profesionales de Dentsu: incluyendo administradores de tecnologías de la información, auditores, consultores, proveedores de servicios de nómina y administradores de programas de prestaciones.
• Proveedores de seguros: cuando sea necesario compartir su información personal con proveedores de seguros en relación con las pólizas contratadas por Dentsu.
• Clientes: cuando resulte necesario compartir su información personal para la adecuada gestión y prestación de servicios.
• Autoridades públicas: cuando sea necesario para dar cumplimiento a requerimientos legales, órdenes judiciales o solicitudes de autoridades competentes, incluyendo, de manera enunciativa mas no limitativa, aquellas relacionadas con seguridad nacional, aplicación de la ley, protección de datos, materia fiscal o laboral, ya sea dentro o fuera de su país. En estos casos, únicamente compartiremos su información personal conforme a la legislación aplicable y bajo estrictos controles internos.

V.) DERECHOS ARCO

De conformidad con la Ley Federal de Protección de Datos Personales en Posesión de los Particulares, usted tiene derecho a ejercer los derechos de Acceso, Rectificación, Cancelación y Oposición (ARCO) respecto de sus datos personales, así como aquellos derechos que le correspondan conforme a la legislación aplicable en su país de residencia.

A continuación, se describen dichos derechos, sin perjuicio de otros que pudieran resultar aplicables:

ACCESO – DERECHO DE ACCEDER A SUS DATOS PERSONALES

Usted tiene derecho a solicitar información sobre si en Dentsu tratamos sus datos personales, así como a acceder a una copia de los mismos y conocer las finalidades para las cuales son utilizados.

Si es un empleado activo, podrá consultar y, en su caso, acceder a sus datos personales a través de nuestros sistemas de información de recursos humanos y otras herramientas internas.

RECTIFICACIÓN – DERECHO A SOLICITAR LA CORRECCIÓN DE SUS DATOS PERSONALES

Usted tiene derecho a solicitar la corrección de sus datos personales cuando sean inexactos, incompletos o no se encuentren actualizados.

Si es un empleado activo, podrá actualizar directamente cierta información a través de nuestros sistemas internos, sin perjuicio de su derecho a presentar la solicitud correspondiente conforme a este Aviso.

CANCELACIÓN – DERECHO A SOLICITAR LA ELIMINACIÓN DE SUS DATOS PERSONALES

Usted tiene derecho a solicitar la cancelación de sus datos personales cuando considere que:

• ya no son necesarios para las finalidades para las cuales fueron recabados;
•  haya revocado su consentimiento para su tratamiento, cuando éste sea la base legal aplicable;
• hayan sido tratados en contravención a la legislación aplicable; o
• deban eliminarse para cumplir con una obligación legal.

En ciertos casos, la cancelación podrá dar lugar al bloqueo de los datos personales, los cuales serán conservados únicamente para el cumplimiento de obligaciones legales.

OPOSICIÓN – DERECHO A OPONERSE AL TRATAMIENTO DE SUS DATOS PERSONALES

Usted tiene derecho a oponerse al tratamiento de sus datos personales cuando exista causa legítima para ello, o cuando los datos sean tratados para finalidades específicas.

En caso de que sus datos personales sean necesarios para el cumplimiento de obligaciones legales a cargo de Dentsu, éstos no podrán ser cancelados y serán conservados únicamente durante el plazo necesario para dicho cumplimiento.

Para ejercer cualquiera de sus derechos ARCO, revocar el consentimiento, limitar el uso o divulgación de sus datos personales, o solicitar información adicional relacionada con el presente Aviso, deberá presentar su solicitud a través del siguiente medio de contacto:

DEPARTAMENTO DE PROTECCIÓN DE DATOS DENTSU por correo electrónico a: americas.dpo@dentsu.com

El Departamento de Protección de Datos dará trámite a su solicitud y le comunicará la respuesta correspondiente de conformidad lo siguiente:

VI.) PROCEDIMIENTO DE SOLICITUD

La solicitud para el ejercicio de los Derechos ARCO deberá presentarse por escrito y contener, al menos, la siguiente información:

• el nombre del titular y domicilio u otro medio para comunicarle la respuesta;
• los documentos que acrediten su identidad o, en su caso, la personalidad e identidad de su representante legal;
• la descripción clara y precisa de los datos personales respecto de los que se busca ejercer alguno de los derechos ARCO;
• cualquier otro elemento o documento que facilite la localización de los datos personales; y
• en el caso de solicitudes de rectificación, las modificaciones a realizarse y la documentación que sustente dicha petición.

Dentsu le informará si su solicitud resulta procedente o no dentro de un plazo máximo de 20 (veinte) días naturales contados a partir de la fecha en que sea recibida.

En caso de que su solicitud sea procedente, Dentsu hará efectiva la determinación correspondiente dentro de un plazo máximo de 15 (quince) días naturales contados a partir de la fecha en que se le comunique la respuesta.

VII.) ¿CÓMO LE INFORMAREMOS DE LOS CAMBIOS EN EL AVISO?

Nuestro Aviso puede sufrir modificaciones cada cierto tiempo. Le notificaremos sobre cualquier cambio en el Aviso mediante su publicación en nuestro sitio web o en el portal “Dentsu Dot” (sitio interno de Dentsu).

Read the Dutch People Privacy Notice here.

The ‘grounds for processing’ set out in the Privacy Notice are not necessarily grounds for processing under New Zealand privacy laws.

Read the Norwegian People Privacy Notice here.

1.1) The Philippines’ Data Privacy Act of 2012 (Republic Act No. 10173), its implementing rules and issuances of the Philippine National Privacy Commission shall be applicable to the processing of the personal data of Philippine residents or citizens.

1.2)We will process your personal information, as defined under applicable laws and identified in the Privacy Notice, for the purposes stated in the Privacy Notice based on your consent, contractual necessity, compliance with legal obligations, and legitimate interests.

1.3) The ‘grounds for processing’ set out in the Privacy Notice are not necessarily available grounds for processing of all types of personal data under Philippines privacy laws.

1.4) We will only process your sensitive personal information, as defined under applicable laws, including your gender; age and/or date of birth; results of cognitive ability tests, personality tests, psychometric tests; criminal records and financial sanctions; ethnicity, disability, religion/belief, and sexual orientation; information about illness or injury; and, information regarding disciplinary proceedings, for the purposes stated in the Privacy Notice based on your consent, when allowed under applicable laws, or where necessary for the protection of lawful rights and interests, or the establishment, exercise, or defense of legal claims.

1.5) Subject to the terms and conditions set out herein, in the Privacy Notice, and your consent, we shall collect and process diversity and equal opportunity data pertaining to you for the purposes specified in the Privacy Notice, including your ethnicity, disability, age, religion/belief, gender and sexual orientation. Such data will be utilized and/or shared only to monitor, assess, study, determine compliance with and/or formulate and implement company or group policies and practices on or relevant to, equal opportunity policies and standards, anti-discrimination, diversity, and D&I concerns. In this regard, we may also share any of such data with other controllers specifically (i) any affiliate or related party, and (ii) a third party outside the Dentsu Group, but in all cases, these parties shall use the data only for and in line with the declared purposes. The nature, scope, extent and duration of the processing shall be as may be necessary to implement the purposes as stated in the Privacy Notice.

1.6) You are not required to consent to the collection and processing of your diversity data for the stated purposes as a condition of your employment, receipt of salary or benefits, promotion or other aspect of your employment. Some of your diversity data may have been or need to be collected and processed to perform, implement and enforce your employment contract, employment policies which you are required to adhere to or have adhered to, compliance and similar obligations under applicable law, and/or pursuant to other lawful basis. This request for your consent is not for or pursuant to those purposes for which you have already given consent or for which we rely on other lawful basis allowed by applicable law.

1.7) The Privacy Notice is intended to tell you how we use personal information. This Notice does not apply to the information we hold about companies or other organisations, or to other companies or organisations collecting and using your personal information. You should review their privacy policies before giving them your personal information.

1.8) If you have any questions about the Privacy Notice, our approach to privacy or you would like to exercise any of the rights mentioned in the Privacy Notice you can contact:

1.8.1) Our Data Protection Officer:
Address: Data Protection Officer, Dentsu international, Regent’s Place, 10 Triton Street, Regent’s Place, London, NW1 3BF
Email: DPO@dentsu.com

1.8.2) The Philippine Data Protection Officer:
Address: G/F United Life Building, 837 A. Arnaiz Ave., Makati City, Philippines
Email: ph.dpo@dentsu.com

2.) Unenforceable provision in Dentsu’s Privacy Notice. Paragraph 3 of the Privacy Notice states, “The Notice is intended to tell you how we use personal information but is not intended to create a contract with you.” This clause may not be enforceable in the Philippines, especially where the lawful basis relied upon is the consent of the data subject. Under NPC Circular No. 2023-04, the data subject’s acceptance of the provisions of the consent form creates a contract between the data subject and a controller on the terms of processing of the personal data. As such, in case of a complaint, Dentsu may not be able to raise the provision under Paragraph 3 to disclaim any liability arising from processing of personal data outside the parameters set out in the Privacy Notice.

Read the Polish People Privacy Notice here.

Read the Portuguese People Privacy Notice here.

Read the Romanian People Privacy Notice here.

1. The ‘grounds for processing’ set out in the Privacy Notice are not necessarily grounds for processing under Singapore privacy laws.
2. If we are unable to collect personal information that we seek, our ability to fulfill the purposes of processing your personal information, as outlined in the Privacy Notice, may be limited. In some cases, this may impact our ability to hire or retain you for a role, or result in disciplinary action or reallocation of your duties.
3. We do not collect Singapore National Registration Identification Card (“NRIC”) number from job applicants unless and until the individual has accepted an offer of employment.

Read the Slovak People Privacy Notice here.

Read the Sri Lanka People Privacy Notice here.

Read the Swedish People Privacy Notice here.

Read the Swiss (French) and Swiss (German) People Privacy Notices here.

按兩下此處閱讀繁體中文的People隱私聲明。

1. The ‘grounds for processing’ set out in the Privacy Notice are not necessarily grounds for processing under Taiwan privacy laws.
2. It is obligatory for you to supply the data. If we are unable to collect personal information that we seek, our ability to fulfil the purposes of processing your personal information, as outlined in the Privacy Notice, may be limited. In some cases, this may impact our ability to hire or retain you for a role, or result in disciplinary action or reallocation of your duties.

1. 隱私聲明中提到的“處理依據”不一定符合台灣相關隱私法律的規定。
2.  您必須提供相關資料。如果我們無法獲取所需之個人資料，可能會限制我們達成隱私聲明中所述處理您個人資料目的之能力。在某些情況下，這可能會影響我們能否聘用或保留您職位，甚至可能將導致紀律處分或職務調動。

Read the Thai (English) People Privacy Notice here.

Read the Turkish People Privacy Notice here.

Read the United Kingdom & Ireland People Privacy Notice here.

Last updated 17 November 2025

In this U.S. Notice, the term “personal information” has the meaning ascribed to it under applicable U.S. privacy laws, which generally means information that identifies, relates to, describes, references, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular employee or device.  Under applicable U.S. privacy laws, personal information further includes “sensitive personal information,” such as Social Security number, driver’s license number, passport number, financial data, biometric data, racial and ethnic origin, and information concerning an individual’s health.

The term “personal information” has the same meaning as “personal data” in our Peoples Privacy Notice, whether or not capitalized.  The term “Workers” also has the same meaning as the term “employees,” whether or not capitalized throughout the Peoples Privacy Notice and the United States People Privacy Notice.

Please note, there may be additional guidance issued in your jurisdiction of employment. That guidance will take precedence over this Notice if applicable.

1.  Who does this Notice affect?

In addition to the information provided in the Peoples Privacy Notice above, the sections below provide additional information relevant only for Workers under the California Consumer Privacy Act, as amended by the California Privacy Rights Act (“CCPA”).  Pursuant to the CCPA, we are required to provide you a notice, at or before the point of collection of such personal information, that identifies the categories of personal information that may be collected and how that personal information is collected, used, and disclosed.  This Notice is intended to provide you with the CCPA required notice.  Any terms defined in the CCPA have the same meaning when used in this Notice.

For example, this Notice explains how you can exercise your rights under the CCPA to request that we provide certain personal information that we have collected about you, correct inaccuracies in your personal information, or delete certain personal information that we have collected from you, subject to certain exemptions. 

Workers who are not residents of the United States should refer to the appropriate Peoples Privacy Notice in their jurisdiction.

3.  What is not included?

The Notice is intended to tell you how we use your personal information in an employment relationship but is not intended to create a contract with you.  This Notice does not cover you as a consumer of dentsu, or outside of your employment relationship with dentsu.

4. How do we collect your personal data?

We may collect personal information from public records or widely available sources.

This includes personal information from the media, and other records and information that are made available by federal, state, or local government agencies.

5. What kinds of personal data do we collect and how do we use it?

During the past 12 months, we may have collected the following CCPA categories of personal information:

1. Identifiers and Contact Information — personal unique identifiers, such as full name and federal or state issued identification numbers including Social Security Number, driver’s license number, and passport number, email address, and account name;
2. Personal Information — Identifiers listed in the preceding category and physical characteristics or description, telephone number, state identification number, insurance policy number, education, employment, employment history, financial information such as account number and balance, or medical and health insurance information;
3. Characteristics of Protected Classes — characteristics of protected classes or groups under state or federal law, such as sexual orientation, veteran or military status, or marital status;
4. Biometric Information — genetic, physiological, behavioral and biological characteristics, such as fingerprints, photographs, voiceprints, retina scans, keystroke gate, or other physical patters or exercise data;
5. Internet or Online Information —browsing history, search history, and information regarding interaction with our websites, applications, or advertisements;
6. Geolocation Data — physical location or movements, including device location;
7. Audio and Visual Information — audio, electronic, visual, thermal, olfactory, or similar information, such as call and video recordings;
8. Employment Information — professional or employment-related information, such as performance evaluations, work history, and prior employers;
9. Non-public Education Information — education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, and class lists;
10. Inferences drawn from other personal information — inferences based on information about an individual to create a summary about, for example, an individual’s preferences and characteristics; and
11. Sensitive Personal Information (as defined under CCPA) solely for purposes permitted by law, including: performing services reasonably expected by employees; detecting security incidents; resisting malicious, deceptive, fraudulent, or illegal actions; ensuring the physical safety of natural persons; short-term transient use; performing services on behalf of the business; and verifying or maintaining the quality or safety of our services. If we ever use sensitive personal information beyond these permitted purposes, Workers who reside in California will have the right to limit our use and disclosure of sensitive personal information.  

RECRUITMENT

We will need to process the personal information of all prospective Workers from the moment you become a prospect or candidate for a role. This allows us to assess your suitability for the role and our business. The types of processing are as follows:

Purpose of processing your personal information	Detail
PRECISION JOB MATCHING	Understand if you have any prior employment history with us and the reasons why you left, check whether you have applied to us before, understand why you have declined a job offer from us if you did so, and see if you would be interested in other roles with us (you can always ask us not to contact you and we will respect your decision).
EQUAL OPPORTUNITIES MONITORING	We may ask you to provide sensitive personal information to comply with federal and state laws. This could include declaring information about your ethnicity, disability, age, religion/belief, gender and sexual orientation. This information is used to comply with equality and diversity requirements, to help us improve our employment practices, for internal analytics purposes, and provided to clients. Access to this information is strictly limited.
TALENT POOL	If you are unsuccessful following assessment for the position you have applied for, we will retain your details in our talent pool, so that we can contact you should any further suitable vacancies arise. If you would like us to delete this data, please click here.

Additional information about the ways in which dentsu processes your personal information may be notified to you locally. Unless otherwise stated above we use this information as a recruiter to fully understand and assess an applicant’s suitability for a role and verify the information provided to us.

WORKING FOR DENTSU

We will use your personal information for the purposes of your employment with us, to comply with legal obligations, or to manage and protect our business.

Purpose of processing your personal information	Detail
MANAGING RELATIONSHIPS WITH CUSTOMERS AND SUPPLIERS	Disclosure of personal information to clients and suppliers may be necessary to enable fulfilment of goods and services or as required by legal agreements.
MONITORING OF WORK COMMUNICATIONS	Any and all telephone conversations or transmissions, electronic mail or transmissions, or internet access or usage by an Worker by any electronic device or system, including but not limited to the use of a computer, telephone, wire, radio or electromagnetic, photoelectronic or photo-optical systems may be subject to monitoring at any and all times and by any lawful means.

6. Sharing your information

Across dentsu:

Dentsu is a global organization. To ensure effective and efficient services and communications throughout the group, your personal information may be shared with other dentsu organizations, for example with our group companies in Japan and the European Union.

As per CCPA requirements, the table below shows the personal information that we may have disclosed, in the preceding 12 months, to third parties for our business purposes.

Personal Identifiers	Third-party suppliers Our professional advisers Insurance providers Clients Public authorities
Personal Information	Third-party suppliers Our professional advisers Insurance providers Clients Public authorities
Characteristics of Protected Classes	Third-party suppliers Our professional advisers Insurance providers Public authorities
Commercial Information	Third-party suppliers Our professional advisers Public authorities
Biometric Information	Third-party suppliers Our professional advisers Public authorities
Internet or Online Information	Third-party suppliers Our professional advisers Public authorities
Geolocation Data	Third-party suppliers Our professional advisers Clients Public authorities
Audio and Visual Information	Third-party suppliers Our professional advisers Public authorities
Employment Information	Third-party suppliers Our professional advisers Insurance providers Clients Public authorities
Education Information	Third-party suppliers Our professional advisers Clients Public authorities
Inferences	Third-party suppliers Our professional advisers Public authorities
Sensitive Personal Information	Third-party suppliers Our professional advisers Insurance providers Clients Public authorities

California residents have the right to opt out of the sale of their information by businesses that sell personal information. The CCPA defines a “sale” as the disclosure of personal information for monetary or other valuable consideration and “share” as a disclosure of personal information for the targeted advertising to you.

We do not offer an opt-out from the “sale” or “share” of personal information, in the context of employment, because we do not and have not within at least the last 12 months “sold” or “shared” Workers personal information that is subject to the CCPA’s sale limitation.

7. Your Rights

Depending on your state of residence you may have a number of rights in respect of your personal information. Residents of California have the following rights under the California Consumer Privacy Act, as amended by the California Privacy Rights Act, (“CCPA”):

ACCESSING YOUR PERSONAL INFORMATION

You may have the right to request a copy of the personal information covering the prior 12 months:

• The categories of personal information we collect about you;
• The categories of sources from which we collected the personal information;
• Our business or commercial purpose for collecting personal information about you;
• The categories of third parties to whom we disclosed personal information about you, and the categories of personal information disclosed; and
• The specific pieces of personal information we collect about you.

KEEPING YOUR PERSONAL INFORMATION CORRECT AND UP-TO-DATE

You have a right to request that any inaccuracies in your personal information are corrected.

DELETION  OF PERSONAL INFORMATION

You have the right to request that we delete your personal information, subject to certain exceptions.

In addition, you have the right to be free from discrimination for exercising your rights under the CCPA.

EXERCISING YOUR RIGHTS

You can exercise your privacy rights by submitting your request here.  We will respond to verifiable consumer requests within 45 days of receipt; where reasonably necessary, we may extend our response period by an additional 45 days and will notify you of the extension and reasons.

Consumers wishing to exercise their privacy rights, please review our dentsu international Privacy Policy or Merkle Privacy Policy. 

The request should include your contact information and describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it. In addition, you should provide sufficient information that allows us to reasonably verify that you are the person about whom we collected the personal information or verify an authorized representative.

You may authorize an agent to make an access or deletion request on your behalf. Your authorized agent may make a request on your behalf by submitting a request as noted above. As part of our verification process, we may request that you provide additional information.

We will respond to requests in a reasonably timely manner. If we require extra time to respond, we will inform you of the reason and extension period in writing. In order to protect the security of your personal information, we will not honor a request if we cannot verify your identity or authority to make the request and confirm the personal information relates to you. The method used to verify your identity will depend on the type, sensitivity and value of the information, including the risk of harm to you posed by any authorized access or deletion. Generally speaking, verification will be performed by matching the identifying information provided by you to the personal information that we already have. 

Various laws, in addition to CCPA, apply to much of the personal information that we collect, use, and disclose. When other laws apply, personal information may be exempt from, or outside the scope of the CCPA requests. For example, information subject to certain federal privacy laws, such as the Gramm-Leach-Bliley Act or the Health Insurance Portability and Accountability Act, is exempt from CCPA Requests. As a result, in some instances, we may decline all or part of an Access Request or Deletion Request related to personal information exempt from CCPA Requests. This means that we may not provide some or all of this personal information when you make an Access Request. Also, we may not delete some or all of this personal information when you make a Deletion Request if it is necessary to retain to comply with legal obligation.

In addition, we may not include personal information when we respond to or process requests if the law recognizes an exception. For example, we will not provide personal information about another individual if doing so would adversely affect the data privacy rights of the other individual.

Any disclosures we provide for California residents will only cover the 12-month period preceding our receipt of your request (and will not be made more than twice in a 12-month period). If we cannot comply with a request, or cannot fully comply with a request, the response we provide will also explain the reasons we cannot comply.

If we deny your request in whole or in part, you may have the right to appeal the decision. In such circumstances, we will provide you with information regarding the appeals process, such as action taken or not taken and an explanation of our decision.  If you are not happy with our response, you may have the right to file a complaint against us with the relevant state Attorney General.

10. How to Contact Us

If you have any questions about your personal information and are an existing employee, please submit a case through our internal platform, Ask People Services.  If you are a former employee, candidate, beneficiary, or otherwise external to us, you may submit a request to HROperations@dentsuaegisnetwork.zendesk.com.

If you have any questions about this Notice, please contact us at 1 (877) 570-5939.

Nhấp vào đây để đọc Thông báo về quyền riêng tư của mọi người bằng tiếng Việt.

1. The ‘grounds for processing’ set out in the Privacy Notice are not necessarily grounds for processing under Vietnam privacy laws.
2. Amendment to Section 8 “Your rights”
   
   The title of this section is revised to “Your rights and your obligations”
   
   A new paragraph is added at the end of this Section 8 as follows:
   
   Additionally, you may have several obligations in relation to your Personal Data, subject to the applicable privacy law of the market you are in, including:
   • Protect your own personal data; request relevant organisations and individuals to protect your personal data.Respect and protect others’ personal data.
   • Fully and accurately provide your personal data when you consent to the processing.
   • Participate in dissemination of personal data protection skills.
   • Comply with regulations of law on protection of personal data and prevent violations against regulations on protection of personal data.
     
3. Addition of a new Section 11 “Unwanted consequences and damage that may occur”
   
   A new Section 11 is added at the end of Section 10, as follows:
   
   “We are not aware of, nor can we identify, any potential unwanted consequences or damage that may arise during the processing of your personal data. Notwithstanding our ongoing efforts to evaluate and implement appropriate security technologies and methodologies in the maintenance and development of our software and systems, it is important to note that, due to the inherent nature of cyber threats, the risks associated with them cannot be entirely eliminated.”

1. Các “căn cứ xử lý” được nêu trong Thông báo về quyền riêng tư không nhất thiết là các căn cứ xử lý theo pháp luật về bảo vệ dữ liệu cá nhân của Việt Nam.
2. Sửa đổi Mục 8 “Quyền của bạn”
   
   Tiêu đề của Mục này được sửa đổi thành: “Quyền và nghĩa vụ của bạn””
   
   Một đoạn mới được bổ sung vào cuối Mục 8 như sau:
   Ngoài ra, bạn có thể có một số nghĩa vụ liên quan đến Dữ liệu Cá nhân của mình, tùy thuộc vào pháp luật bảo vệ dữ liệu cá nhân hiện hành tại nơi bạn đang sinh sống hoặc làm việc, bao gồm:
   Tự bảo vệ dữ liệu cá nhân của mình; yêu cầu các tổ chức, cá nhân có liên quan bảo vệ dữ liệu cá nhân của bạn.
   • Tôn trọng và bảo vệ dữ liệu cá nhân của người khác.
   • Cung cấp đầy đủ và chính xác dữ liệu cá nhân của bạn khi bạn đồng ý cho việc xử.
   • Tham gia phổ biến, tuyên truyền kỹ năng bảo vệ dữ liệu cá nhân.
   • Tuân thủ quy định của pháp luật về bảo vệ dữ liệu cá nhân và ngăn chặn hành vi vi phạm quy định về bảo vệ dữ liệu cá nhân.”
     
3. Bổ sung Mục 11 mới “Hệ quả không mong muốn và thiệt hại có thể phát sinh”
   
   Một Mục 11 mới được bổ sung vào sau Mục 10, như sau:
   
   “Chúng tôi không nhận biết được, cũng như không thể xác định bất kỳ hệ quả không mong muốn hoặc thiệt hại nào có thể phát sinh trong quá trình xử lý dữ liệu cá nhân của bạn. Mặc dù chúng tôi luôn nỗ lực đánh giá và triển khai các công nghệ và phương pháp bảo mật phù hợp trong quá trình vận hành và phát triển phần mềm và hệ thống của mình, cần lưu ý rằng do bản chất vốn có của các mối đe dọa mạng, các rủi ro liên quan không thể được loại bỏ hoàn toàn.”