ADP Associate and CW Privacy Statement

Date Issued: 07/01/2021

Supersedes: 04/30/2019

Last Review Date: 07/01/2021

Respecting the privacy of our Associates and Contingent Workers is an essential part of our global privacy program. Automatic Data Processing, Inc.1 and all companies in the ADP Group Companies (“ADP”), including the ADP company employing you, are committed to the proper handling of the Personal Data collected or generated in connection with your employment relationship. This privacy statement explains our practices with regard to the Personal Data we collect from Associates, Contingent Workers, former employees, directors and other Individuals whose data are Processed by us for human resources purposes and for the purposes of managing ADP operations.

Our Binding Corporate Rules (BCR) ADP Workplace Privacy Code and Global Privacy Policy set the standards for protecting your Personal Data regardless of where it is Processed or where it is stored. It also protects the Personal Data of others that we collect from you with their consent, such as information about your family members or beneficiaries.

The types of Personal Data that we Process include, but are not limited to:

Demographic information;

Contact information;

Identification information;

Personal life details;

Financial information;

Professional life details;

Communications data; and

Connection data.

We Process as well, subject to Applicable Law, Special Categories of Personal Data. Special Categories of Personal Data include photographic images, racial or ethnic data, criminal data, physical or mental health data, biometric data, religion or beliefs, and sexual preference, as further defined in the ADP Workplace Privacy Code.

We collect, Process and transfer the Personal Data which you provide to us as well as information obtained from other sources, including but not limited to recruiters, your previous employers or references, websites, credit reference agencies, government bodies and Third Parties who provide employment background screening services or who assist us with internal investigation, only if permitted by law. The collecting, Processing and transferring of your Personal Data is aligned with the commitments made in the ADP Workplace Privacy Code.

The specific Business Purposes for which we Process Associate and Contingent Worker Personal Data include the following:

Payroll, human resources and personnel management;

Contract personnel management;

Business process execution and internal management;

Health, safety, security and integrity; (e) Organizational analysis and development, management reporting and acquisitions and divestitures;

Compliance with laws and risk management; and

Protecting the vital interests of Individuals.

We also Process your Personal Data for the following Secondary Purposes:

Disaster recovery and business continuity, including transferring the Information to an Archive;

Internal audits or investigations;

Implementation or verification of business controls;

Statistical, historical, or scientific research;

Dispute resolution;

Legal or business counseling;

Compliance with laws and company policies; or

Insurance purposes.

When no other legal basis for Processing Personal Data is available, we request your consent for the Processing of Personal Data. You have the right to withdraw your consent at any time. Your consent must be unambiguous, freely given, specific and informed.

Your Personal Data will be disclosed in the following circumstances:

To other ADP Group Companies including ADP, Inc. in the United States, ADP Private Limited in India, and any other ADP entity in the world (e.g., via the Associate Portal and other communication/collaborative tools; if a manager works in another country), who will only

Process your Personal Data for the purposes set forth above, for the provision of IT and back office services for the company, in accordance with the requirements of the ADP Workplace Privacy Code;

To our Third Party suppliers, including IT suppliers, financial and insurance services companies, law firms, auditors, investigators, credit reference agencies and criminal records bureaus (where permitted by law), and to those companies that provide benefits and services to you;

To government and welfare bodies and authorities, law enforcement agencies and courts in all of the countries where we operate and when required or permitted by law;

To Clients, suppliers and other business partners, when the provision of professional contact details and other Personal Data is necessary in the framework of the business relationship;

With your consent, as directed by you (e.g., as reference to a potential new employer) or as needed to protect your vital interests, such as in the event of an emergency or natural disaster; and

To an acquiring organization if we are involved in a sale or a transfer of some or all of our business.

You may request access to the Personal Data we maintain about you, as well as its rectification, removal or blockage if it is incorrect, incomplete or not Processed in accordance with Applicable Laws and our ADP Workplace Privacy Code. You can exercise this right and any other data protection rights you have under Applicable Law, by contacting your local Human Resources manager or by sending an email to myHRSupport@adp.com.

ADP will comply with all Applicable Laws that regulate automated decision-making. Where such laws restrict the use of automated decision-making tools, ADP will not make adverse decisions about an Associate or a Contingent Worker solely based on the results provided by the automated tool unless specific exemptions are met or appropriate consent is collected.

Please note that you have shared responsibility with regard to the accuracy of your Personal Data and you can update it using the HR self-service application or by sending an email to privacy@adp.com. Please let us know of any changes to your Personal Data.

We have implemented commercially reasonable and appropriate technical, physical, and organizational measures to protect Personal Data from misuse or accidental, unlawful, or unauthorized destruction, loss, alteration, disclosure, acquisition, or access.

ADP will only retain your information for as long as necessary for the Purposes for which the Personal Data is processed. ADP has implemented a Global Records Information Management (RIM) Policy and has established records retention schedules for all types of Personal Data that ADP processes. Personal Data is retained in accordance with the records retention schedules to ensure that records containing Personal Data are retained as needed to fulfill the applicable Business Purposes, to comply with applicable laws, or as advisable in light of applicable statutes of limitations. When the retention period has expired, records containing Personal Data will be securely deleted or destroyed, de-identified, or transferred to archive, in accordance with the applicable records retention schedule.

The Personal Data we Process is transferred to any country where ADP has operations and elsewhere in the world where data recipients are located to carry out the above purposes. We ensure appropriate protection of your information through our ADP Workplace Privacy Code. Additionally, we require our Third Party suppliers to implement similar privacy and data protection controls, ensuring an adequate level of data protection, through approved means for cross-border data transfers, as defined by Applicable Law.

From time to time, we may update this Privacy Statement to reflect new or different privacy practices. We will place a notice online when we make material changes to this Privacy Statement.

This Privacy Statement for Associates and Contingent Workers was last updated in July 2021.

For a listing of Group Companies bound by this Privacy Statement and the ADP Workplace Privacy Code, please click here.

If you have any questions about the collection and Processing of your Personal Data or about the security of your Personal Data, please contact your local Human Resources manager or. myHRSupport@adp.com

If you have any questions about Privacy at ADP, please contact the Global Data Privacy and Governance Team by sending an email to privacy@adp.com. If you send us a letter, please provide your name, address, email address, and detailed information about your question, comment, or complaint.

If you believe that ADP has not handled your Personal Data properly or that it has breached its privacy obligations under any applicable data protection laws, the ADP Workplace Privacy Code, or under Applicable Law, you may file your complaint in writing to the address above, or via email, to the Global Data Privacy and Governance Team at privacy@adp.com. The Global Data Privacy and Governance Team will investigate each complaint and notify the Individual within a reasonable timeframe of the outcome of the investigation. If you are not satisfied by the resolution ADP proposes, you may lodge a complaint in accordance with the provisions of the ADP Workplace Privacy Code.