APAC Candidate Privacy Notice

Introduction

This Candidate Privacy Notice (“Notice”) explains how Jefferies processes personal data during the recruitment process.  By “Jefferies” (including “we”, “our” or “us”), we mean:

• Jefferies (Australia) Pty Ltd or Jefferies (Australia) Securities Pty Ltd where you are applying for a role in Australia;
• Jefferies Hong Kong Limited where you are applying for a role in Hong Kong Special Administrative Region;
• Jefferies India Private Limited or Jefferies India Services Private Limited where you are applying for a role in India;
• Jefferies (Japan) Limited (Tokyo Branch) or Jefferies Japan Company Limited where you are applying for a role in Japan; and
• Jefferies Singapore Limited where you are applying for a role in Singapore

Note: If you are applying for a role in South Korea, please refer to the privacy documentation that applies to Jefferies Hong Kong Limited, Seoul Branch, which can be found on Jefferies’ Candidate Privacy Notices page.

The recruitment process commences from the point at which you apply to work at Jefferies and ends when you accept a position with us, or your application is otherwise closed.   

“Personal data” is information that can be used to identify an individual or relates to an identifiable individual and “processing” includes any collection, use, transfer and storage of that personal data. This Notice applies to candidates for all positions with Jefferies, including employees or interns to be engaged directly in Jefferies’ business and others providing services to Jefferies (including consultants, non-executive directors, senior advisors, temps and vendor staff) (collectively “Candidates”). We refer to Candidates as “you” and “your” in this Notice.

Jefferies respects your privacy, is committed to protecting your personal data and will handle your personal data in accordance with applicable data protection law. For the purpose of applicable data protection legislation, the entity in the jurisdiction where you are applying for a role listed above is the entity which is responsible for your personal data. Contact details for these entities are set out in Section 12 of this Notice.

Please note that this Notice is non-contractual and we may amend it from time to time. The most recent version of this Notice will be available on Jefferies’  Candidate Privacy Notices page and linked in the email footers of the Jefferies recruiting team.

What types of personal data do we collect?

The table in this Section 2 sets out the different categories and types of your personal data that Jefferies may process during the recruitment process.

Jefferies may also process more sensitive types of your personal data in some jurisdictions which applicable legislation may refer to as “special category” or “sensitive” personal data (“Sensitive Personal Data”). This processing occurs where required, necessary or permitted under applicable data protection law in your jurisdiction. We may also process such personal data where volunteered by you for “equality and inclusion” purposes, including meaningful equal opportunity monitoring and reporting in aggregate form. If you choose not to provide this information, it will not impact your application.

Depending on your jurisdiction, Sensitive Personal Data may include information relating to your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, genetic data, biometric data and criminal convictions data.

Categories of personal data that may include Sensitive Personal Data elements are marked with a “*” in the table below. Details regarding the specific purposes for which we process your personal data are set out in Section 4 below.

Please note that if you fail to provide (when requested) information which is necessary for us to consider your application, we will not be able to take your application further. This may be because we need to collect certain personal data to comply with applicable law or to enter into a contractual relationship with you. If we decide to offer you a role, then we will carry out employment background checks, in which case we will manage your personal data in accordance with the applicable Staff Privacy Notice for your jurisdiction which will be made available to you at the time of any offer being made.

How do we collect your personal data?

We collect your personal data either from you directly or from other sources. Where we obtain it indirectly, we will always do so in accordance with applicable law and only to the extent it is necessary for your application with us.

We collect your personal data from you directly when:

• You contact us directly in relation to your application, usually by corresponding with us by phone, providing CVs to us via email and filling in forms;
• You attend an interview (whether in person or virtually) and we compile meeting notes or update our records for you based on the interview output;  
• You visit our website and enter your information in relation to an application you are submitting; and / or
• You visit our website and enter your information to subscribe for our newsletter or event notifications.

We collect your personal data indirectly when:

• We use third party sources, such as LinkedIn and other recruitment and professional networking sites to search for potential Candidates;
• We contact Jefferies staff that have an existing relationship with you or Jefferies staff that have had contact with you during the recruitment process;
• We contact your current and / or former colleagues or contacts that you have named as your referees; and / or
• We work with third parties providing recruitment services to Jefferies, such as employment agencies, headhunters or similar.

How and why do we use your personal data?

Depending on the nature of our relationship with you, we may process your personal data for a range of different purposes. Please refer to the table in Appendix 1 that sets out: (i) the purposes for which we may process your personal data; and (ii) which personal data categories are in scope of each purpose.

There are a number of different ways that organisations are lawfully able to process individuals’ personal data depending on the applicable jurisdiction’s laws. Jefferies will principally rely on the following when processing your personal data:

• It is in our legitimate interests to decide whether to appoint you to work with or for Jefferies since it would be beneficial to our business to appoint someone to that role or work;
• We may process your personal data where this is necessary for us to establish, exercise or defend legal claims, or in order to comply with our legal obligations; and
• We will also process your personal data where you give us your consent to do so (for example, to consider you for a role at Jefferies). 

All of the information obtained during the application process will only be accessed and used for the purpose of progressing your application, or to fulfil legal or regulatory requirements as necessary.

Voluntarily provided Equality and Inclusion Data

At Jefferies, we believe that an equitable and inclusive workplace fosters creativity, innovation and thought leadership through the infusion of new ideas and perspectives. We have made a commitment to building a culture that provides opportunities for all staff regardless of our differences and supporting a workforce that is reflective of the communities where we work and live. As part of our commitment to fostering an inclusive and equitable workplace, we invite candidates to voluntarily provide equality and inclusion data during the recruitment process. This equality and inclusion data that you can opt to voluntarily provide includes both general personal data and Sensitive Personal Data, namely your race and ethnicity, sexual orientation, disability status, sex, gender identity, transgender status, veteran status and marital status (“E&I Data”).

Your E&I Data is confidential and will only be used where necessary by the recruitment team to assess representation and ensure fair treatment across candidates.

Please note that the provision of your E&I Data is entirely voluntary and you will not suffer any adverse consequences if you choose not to provide it. You can withdraw your consent to our processing of your E&I Data at any time by contacting your recruitment contact.

Who do we share your personal data with?

We may share your personal data with third parties where it is appropriate and / or necessary to do so under applicable law and regulations. We may share your personal data with the following categories of recipients:

• Affiliates within the Jefferies Group;
• Colleagues within Jefferies, including those who may have interacted with you during the recruitment process or whose team you may have applied to join (where appropriate, this may include colleagues in overseas offices);
• Individuals who you have listed as your referees, such as current and former colleagues or employers;
• Third party Recruitment Process Outsource providers who assist us with our recruitment activities by, for example, sourcing candidates, reviewing CVs and conducting interviews, in addition to third party recruitment agencies and headhunters;
• Third party online recruitment platforms and applicant tracking system providers that enable our ongoing management of the applications we receive for various positions across our business;
• Third party outsourced IT and document storage providers;
• Third parties that may hold information in relation to your educational and professional achievements, such as educators, examining bodies and professional bodies;
• Individuals and organisations who hold information related to your reference or application to work with us, such as current, past or prospective employers, educators and regulatory bodies; and / or
• Third party professional advisers such as immigration and employment lawyers and consultants.

Where third parties have access to your personal data, we will ensure that we always have a valid lawful basis to share your personal data, that appropriate measures have been put in place and, where necessary, contractual terms are entered into in order to ensure that your personal data receives an adequate level of protection. We only permit third parties to process your personal data for specified purposes and in accordance with our instructions.

How do we store and safeguard your personal data?

We are committed to protecting the security and confidentiality of all personal data that we process. This includes taking all reasonable steps to protect it from misuse, loss, alteration or unauthorised access. We do this by implementing a range of appropriate technical and organisational measures. These include the utilisation of industry standard encryption, robust access controls, network security controls, intrusion detection systems and training for staff on confidentiality and handling personal data.

Please note you are responsible for ensuring that any information that you send to us is sent securely (e.g. encrypting attachments) and that you do not share your login details with anyone.

How do we transfer your personal data internationally?

The different purposes for which we process your personal data, as set out in Section 4 above, may require us to transfer your personal data outside of the jurisdiction in which it was collected. This would include transferring your personal data to the third parties listed in Section 5 above, to our parent company based in the United States and/or to our affiliates located around the globe.

Where an international transfer occurs, we will take steps to ensure that your personal data is adequately protected, including by ensuring that appropriate safeguards are in place in accordance with applicable data protection laws, particularly where your personal data is transferred to countries that are not considered “adequate” by applicable data protection law or the relevant authorities in your jurisdiction.

How long do we keep your personal data for?

If your application is successful, the information you provide during the application process will be transferred to your employee file and retained in line with the Staff Privacy Notice relevant to your jurisdiction which will be made available to you when you join us.

If your application is unsuccessful, we will retain your personal data for a period of 12 months (or for such other period as we may be required to by law) after we have communicated to you our decision about not to engage or employ you. We retain your personal information for that period in the event that (i) a further opportunity may arise in future and we may wish to consider you for that; and/or (ii) a legal claim is brought regarding our recruitment process or decision-making so that we can show that we have conducted the recruitment exercise in a fair and reasonable way and have not discriminated against Candidates on prohibited grounds. After this period, we will securely destroy your personal information in accordance with applicable laws and regulations.

What rights do you have in relation to your personal data?

Under applicable data protection law, you may have rights in relation to the personal data that we hold about you. These rights may include, where permitted under applicable law in the relevant jurisdiction and subject to certain exceptions and restrictions:

• Access: You may ask us to confirm, and provide copies of, your personal data that we hold;
• Erasure: You have the right to request that we erase your personal data in certain circumstances;
• Restrict processing: You have the right to request that we restrict our processing of your personal data in certain circumstances;
• Rectification: You have the right to request that we rectify any personal data that you believe is inaccurate or incomplete, and we will aim to notify you, and any parties to whom the personal data was disclosed, promptly once this has been done;
• Data portability: You have the right to ask us to transfer personal data that you have provided to us to yourself or to another data controller in certain circumstances;
• Object to processing:  You have the right to object to us processing your personal data where we do so: (i) on the basis of our legitimate interests; or (ii) to send you and marketing communications, such as those relating to careers events, open opportunities or our services that we think you may be interested in. If you no longer wish to receive marketing communications from us, you can opt out by either liaising with your Jefferies contact or by electronically unsubscribing from emails we have sent you; and
• Withdraw Consent:  to withdraw your consent for that specific processing at any time (which will not affect the lawfulness of any processing based on consent before its withdrawal). To withdraw your consent, please contact your Jefferies recruitment contact or HR representative in the first instance. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law.

If you would like to exercise any of the data subject rights that are applicable in your jurisdiction, details of how to contact us can be found in Section 12.  Please note that we may keep a record of your communications to help us resolve any issues which you raise.

In accordance with applicable data protection laws you also have the right to lodge a complaint with your local supervisory authority, details of which can be found in Section 12. 

Automated decision making and profiling

Jefferies does not use automated decision making or profiling in our recruitment processes. In the context of data protection legislation, ‘automated decision making’ is the process of making a decision using solely automated means without any human involvement. ‘Profiling’ is the automated processing of personal data to evaluate certain things about an individual.

We use electronic and manual tools to aid us during the recruitment process but do not use features nor software to make automated decisions about your application.

Cookies

We may collect personal data through the use of cookies. A cookie is a small file containing data that is created and stored on your device when you visit a website using a computer or mobile device. When you visit a website, a cookie may be used to track the activities of your browser and provide you with a more consistent and efficient online experience. Tracking your use of our website using cookies enables us to understand how you use the site and track any patterns that emerge individually or from larger groups. This helps us to develop and improve our website and services in response to what our visitors want and need.

We use performance, functional, targeting, social media and strictly necessary cookies on our website. You can find out more about these cookies and their purposes by reading the Cookies Policy on our website. You can view and change your cookie preferences at any time by clicking on the cookie icon on the bottom left-hand side of our homepage when you visit our website. 

Although you can click the ‘reject all’ button on our website to opt out of most cookies, please note that our ‘strictly necessary’ cookies are necessary for the website to function and cannot be turned off in our systems. You can set your browser to block these cookies, but some parts of the site may not work if you do. 

Contacting us in relation to your privacy and details of local supervisory authorities

If you would like further information about any of the matters in this Notice, have any questions about how we collect, store or use your personal data, or would like to exercise any of the rights set out above, please contact us by email at [email protected] or by post at Jefferies Asia Privacy Office, Level 26, Two International Finance Centre, 8 Finance Street, Central, Hong Kong, China. 

Details for the relevant supervisory authorities are set out in the table below:

© 2025 Jefferies Financial Group Inc.