I. INTRODUCTION
This Data Protection Notice (“Notice”) describes the manner by Take-Two Interactive Software Europe Limited and its affiliates (the “Company”) collects, uses, and otherwise processes certain individually identifiable information about participants at a virtual careers fair event (“Participant Data”), as described in more detail below.
II. CATEGORIES OF PARTICIPANT DATA
The Company may collect and process all or some of the following categories of Participant Data:
• Personal and contact information, including name, title, email address, address, telephone number, screen name, the university participant is attending and age.
• Cookies and similar technology information, including cookies, web beacons, Internet log files, and similar tracking technologies.
III. PURPOSES OF PROCESSING OF PARTICIPANT DATA
The Company collects, uses, and otherwise processes Participant Data for the following purposes:
providing information on intern recruitment and placement purposes, conducting human resources analysis, compliance with legal and regulatory requirements; monitoring and enforcing compliance with applicable policies and procedures; providing physical and/or network access and IT support and services; and protecting the security of Participant Data as well as Company systems and premises.
If participants do not provide the Participant Data that the Company requires for the purposes described above, the Company may not be able to provide participants with internship information and/or updates to such.
The Company will retain Participant Data no longer than thirty (30) days from the date the Company receives Participant Data. If a participant wishes to opt out or their data to be deleted, they may contact: [email protected].
The Company processes Participant Data as necessary to fulfil the relationship. The Company also processes Participant Data with consent (e.g. when participants are specifically asked), as required by law (e.g. for legal compliance and reporting purposes), and where it is in the Company’s (or a third- party’s) legitimate interests and those interests are not overridden by privacy and data protection rights (such as to protect the security of facilities or systems).
IV. DISCLOSURES OF PARTICIPANT DATA
As part of normal business operations, the Company may disclose Participant Data to third-party service providers in connection with the purposes described in Section III. The Company will (i) exercise appropriate due diligence in the selection of such third party service providers, and (ii) require via appropriate contractual measures that such third party service providers maintain adequate technical and organizational security measures to safeguard the Participant Data, and process the Participant Data only as instructed by the Company and for no other purposes.
The Company may also disclose Participant Data to external advisors (e.g., lawyers, accountants, and auditors) and, to the extent required or permitted by applicable legal obligations, to governmental agencies and regulators (e.g., tax authorities), courts and other tribunals, and government authorities
(including authorities located in the United States, such as the Securities and Exchange Commission or the Department of Justice). Participant Data may also be shared with Take-Two Interactive Software, Inc. and its subsidiaries and affiliates in the United States, United Kingdom and Europe (collectively, “Take-Two ”) where necessary for legitimate business purposes.
V. INTERNATIONAL TRANSFERS OF PARTICIPANT DATA
As necessary in connection with the purposes described in this Notice, limited members of the human resources, finance, legal, and the IT departments and Take-Two or affiliated company points of contact (i.e., persons with assigned responsibility for the services performed by a participant) may access and otherwise process Participant Data in the United States in connection with their job responsibilities. Participant Data may also be shared with service providers, affiliates, other members of the Take-Two company group, and other third-parties located countries that do not have equivalent data protection legislation to the EU. The Company takes appropriate steps to ensure that any transfers to such countries are subject to appropriate safeguards, including through the use of European Commission-approved Standard Contractual Clauses. For more information on how the Company transfers Participant Data, please contact [email protected].
VI. DATA SECURITY AND DATA INTEGRITY
The Company and Take-Two maintain all reasonable physical, technical, and organizational security measures to safeguard Participant Data from loss, misuse, or unauthorized access, disclosure, alteration or destruction. The Company and Take-Two also maintain reasonable procedures to help ensure that such data is reliable for its intended use, accurate, complete, and current.
VII. DATA PROTECTION RIGHTS
Participants have the right to access, review, correct, or request the deletion or portability of their Participant Data in accordance with applicable law. Participant may also object to the processing of Participant Data in some circumstances, and where processing relies on consent, the participant may withdraw it at any time. These rights may be limited in some circumstances, for example if a participant requests the deletion of Participant Data that the Company is required by law to keep. Participants also have the right to complain to the relevant data protection authority. Also, participant are responsible for informing the Company if there are any changes or inaccuracies to their Participant Data. Participants should transmit any requests for access or updates to, or corrections or deletions of their own Participant Data to the Company as specified below in Section VIII.
VIII. QUESTIONS ABOUT PROCESSING OF PARTICIPANT DATA
Participants who have any questions about this Notice or wish to exercise any of the rights here described, should contact [email protected]