Processing

Privacy Policy

StoneX Group Inc. Privacy Statement

The following explains how we StoneX Group Inc. (Controllers) intend to use the information you provide in your application, along with your rights, our reasons for requesting it and who will have access to it.

As defined by the General Data Protection Regulation (GDPR) StoneX Group Inc. is the Data Controller and ultimately responsible for ensuring the data you provide is kept secure, processed correctly and that you understand your legal rights in relation to the data you provide.

The recruitment software we use via this website is supplied by Net-Worx (2001) Ltd (trading as networx) and they are defined as a Data Processor under the GDPR. They will only process your data in accordance with our instructions.

networx can be contacted at: The Engine House, Wharfebank Business Centre, Ilkley Rd, Otley LS21 3JP.

The Data Protection Officer for networx is Rob Baker and can be contacted at dpo@networxrecruitment.com

StoneX Group Inc. PRIVACY NOTICE RECRUITMENT

The StoneX Group Inc. of entities (Group) is committed to protecting the privacy and security of your personal data.

This privacy notice (Privacy Notice) applies to you as a candidate and prospective employee, worker or contractor of the Group (Candidate).

This privacy notice describes how we collect and use personal data about you, as a Candidate, during our recruitment process; pursuant to securing your engagement as an employee, worker or contractor, as applicable, in accordance with the applicable data protection law (Law) governing your application to any entity within the Group.

It is important that you read this Privacy Notice, together with any other privacy notice we may provide on specific occasions when we are collecting or processing personal information about you, so that you are aware of how and why we are using such information.

1. DATA PROTECTION PRINCIPLES

Our compliance with the respective applicable Law is encapsulated in the adherence of the following principles on personal data:

i. Used lawfully, fairly and in a transparent way. ii. Collected only for valid purposes that we have clearly explained to you and not

used in any way that is incompatible with those purposes. iii. Relevant to the purposes we have told you about and limited only to those

purposes. iv. Accurate and kept up to date.

v. Kept only as long as necessary for the purposes we have told you about. vi. Kept securely.

2. OUR RELATIONSHIP

Pursuant to our relationship with you we are responsible for deciding how we hold and use personal data about you. We are required under the Law to notify you of the personal data contained in this Privacy Notice.

Particularly in relation to the Law applicable to our Group entities in the European Economic Area (EEA), where your personal data is not received from a recruitment agency, the respective EEA entity with whom you are looking to be engaged as a worker, employee or contractor is a “Data Controller”.

3. THE KIND OF DATA WE WILL COLLECT AND PROCESS ABOUT YOU

Personal data means any data about a living individual from which that person can be identified. It does not include data where the identity has been removed (i.e. “Anonymous Data”).

In general, we may collect, store and use the following types of personal data:

i. Personal contact details such as; name, title, systems identification information,

bank accounts, tax identification and other ancillary information. ii. Photographs.

There are “special categories” or more sensitive personal data which require a higher level of protection which we may also, collect, store and use including:

i. Information about your race or ethnicity, religious beliefs, sexual orientation and

political opinions. ii. Information about your health, including any medical condition, health and

sickness records. iii. Genetic information and biometric data iv. Information about criminal convictions and offences.

4. HOW IS YOUR PERSONAL DATA COLLECTED?

We collect personal data pursuant to our recruitment process either;

i. directly from you when you register and enter your personal data electronically on to our recruitment platform or by making personal data available to us manually; or ii. from an employment agency with whom you have registered to find you a suitable

role and who is also engaged by us pursuant to our recruitment process; and/or iii. from a background check provider as required pursuant to our recruitment process.

Where you provide your personal data and/or information to us; whether via our recruitment platform or manually, it is your responsibility to ensure the accuracy and completeness of such personal data and/or information. We will not be liable to you or any party whatsoever for any liability arising from or connected with any inaccurate or incomplete personal data/information that you provide to us.

5. HOW WE WILL USE DATA ABOUT YOU

We will only use your personal data when the Law allows us to. Most commonly, we will use your personal data in the following circumstances:

i. where we need to comply with a legal obligation. ii. where it is necessary for our legitimate interests (or those of a third party) and

your interests and fundamental rights do not override those interests. iii. we may also use your personal data in the following situations, which are likely

to be rare: a. Where we need to protect your interests (or someone else’s interests). b. Where it is needed in the public interest or for official purposes.

6. HOW WE USE PARTICULARLY SENSITIVE PERSONAL DATA

6.1 We acknowledge that processing “special categories” or particularly sensitive personal data requires higher levels of protection. Nonetheless, as permitted and required by the Law our justification for collecting storing and using such data is satisfied where, we have in place an appropriate policy document and safeguards which we are required by law to maintain when processing such data and subject to the following circumstances:

i. with your explicit written consent, in limited circumstances. ii. where we need to carry out our legal obligations or exercise rights in connection

with employment or contractual engagement. iii. where it is needed in the public interest, such as for equal opportunities

monitoring or in relation to our occupational pension scheme. iv. less commonly, we may process this type of data where it is needed in relation to legal claims or where it is needed to protect your interests (or someone else’s interests) and you are not capable of giving your consent, or where you have already made the data public.

INTL FCSTONE PRIVACY NOTICE RECRUITMENT

6.2 DATA ABOUT CRIMINAL CONVICTIONS

We will only collect data about criminal convictions if it is appropriate given the nature of the role and where we are legally able to do so. We acknowledge that this personal data is sensitive personal data. Where appropriate, we will collect personal data about criminal convictions as part of the recruitment process or we may be notified of such data directly by you in the course of you working for us. We may only use personal data relating to criminal convictions where the law allows us to do so. This will usually be where such processing is necessary to carry out our obligations and in accordance with our recruitment policy but we will do so in line with our data protection policy and in adherence to safeguards which we are required by Law pursuant to processing such personal data.

Less commonly, we may use personal data relating to criminal convictions where it is necessary in relation to legal claims, where it is necessary to protect your interests (or someone else’s interests) and you are not capable of giving your consent, or where you have already made the personal data public.

OTHER THAN WHERE YOUR SENSITIVE PERSONAL DATA IS PROCESSED, STORED OR USED IN ACCORDANCE WITH OUR LEGAL AND REGULATORY OBLIGATIONS TO THE LAW OR PURSUANT TO THE EXERCISE OF SPECIFIC RIGHTS IN EMPLOYMENT LAW, YOU CONSENT THAT, WE MAY PROCESS YOUR SENSITIVE PERSONAL DATA PURSUANT TO OUR RECRUITMENT POLICY AS APPLICABLE TO THE ROLE YOU ARE APPLYING FOR.

7. AUTOMATED DECISION-MAKING

You acknowledge that to appropriately consider your suitability for the role you are applying for it is necessary for us to process your personal data. It may also be necessary for us to process sensitive categories of personal data in order to consider your suitability in accordance with our legal and regulatory obligations.

You acknowledge that we may carry out such processing described above by utilising automated decision-making capabilities of our recruitment platform. Automated decision- making takes place when an electronic system uses personal data to make a decision without human intervention.

The automated decision-making capability of our recruitment platform will include:

i. Determining that you have the necessary academic qualification we determine

suitable for the role you are applying for; and ii. Considering your suitability in light of our legal and regulatory obligations; the nature

of our business and the requirements of the role you are applying for.

Particularly in relation to processing your personal data by automated decision-making, we shall engage the following safeguards:

i. Utilise appropriate mathematical or statistical procedures for the profiling; ii. Technical and organisational measures to ensure that inaccuracies and errors are

minimised and that personal data processed can be corrected iii. Security measures are put in place to ensure that personal data you input on the

recruitment platform are secure iv. Prevent profiling undertaken from having discriminatory effects based on racial or ethnic origin, political opinion, religion, trade union membership, genetic or health status or sexual orientation.

INTL FCSTONE PRIVACY NOTICE RECRUITMENT

You acknowledge and agree that where our consideration of your suitability for the role you are applying for involves automated decision making your review, acknowledgement and agreement to this policy (either by electronic confirmation or by signature) serves as your explicit written consent.

8. DATA SHARING

Pursuant to our shared support function infrastructure within the Group, we may have to share your data with other entities in the Group.

In addition to this pursuant to the activities described in this Privacy Notice with us we may have to share your personal data with third parties, including, but not limited to, third-party service providers (within and outside the Group) and governmental agencies. We will share such personal data, where legally permitted, with the understanding that such third parties respect the security of your personal data and to treat it in accordance with the Law.

Pursuant to this, if your application is to a Group entity situated in the EEA please note that this will include transferring your personal data outside the EEA. We have put in place appropriate measures to ensure that your personal data is treated in a way that is consistent with the Law. If you require further information about this, please contact the Data Protection Officer using the contact details provided in this Privacy Notice.

9. DATA SECURITY

We have put in place measures to protect the security of your personal data. Details of these measures are available upon request.

Third parties will only process your personal data on our instructions and where they have agreed to treat the data confidentially and to keep it secure.

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.

Where you directly maintain a Candidate account on our recruitment platform, it is your responsibility to ensure that your access/log-in details to such account are kept secure and not used by any other party. We will not be liable for any liability arising from your failure to keep such details secure or any unauthorised access by any party as a result of such failure.

10. DATA RETENTION

We will only retain your personal data for as long as necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

In some circumstances we may anonymise your personal data so that it can no longer be associated with you, in which case we may use such personal data without further notice to you. If you are unsuccessful in your application, we may retain in accordance with the activities described in this Privacy Notice and/or securely destroy your personal data in accordance with applicable laws and regulations.

11. RIGHTS OF ACCESS, CORRECTION, ERASURE, AND RESTRICTION

11.1 Your duty to inform us of changes It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your working relationship with us.

11.2 Your rights in connection with personal data Under certain circumstances, by Law you have the right to:

i. request access to your personal data (commonly known as a “data subject access request”). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it. ii. request to correct the personal data to another party. iii. restrict personal data processing iv. object to personal data processing v. right not to be subject to automated decision-making vi. to be notified in the event of a data breach vii. right to erase personal data

11.3 No fee usually required

You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.

11.4 What we may need from you

In order to exercise these rights please contact the respective Human Resources department of the Group entity to which you are making your application. We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal data is not disclosed to any person who has no right to receive it.

12. RIGHT TO WITHDRAW CONSENT

In the limited circumstances where you may have provided your consent to the collection, processing and transfer of your personal data for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. To withdraw your consent, please contact the respective Human Resources Department. Once we have received notification that you have withdrawn your consent, we will no longer process your data for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in Law.

Only if you are successfully recruited, we will upload your details to our HR system, Cascade. As a member of staff you will sign a contract of employment and agree to additional terms on how your data is handled and stored.

13. DATA PROTECTION OFFICER

We have appointed a Data Protection Officer (DPO) to oversee compliance with this the Group’s privacy matters. If you have any questions about how we handle your personal data, please contact the respective Human Resources department in the first instance or where required, the DPO.

If you applying to work for or be engaged by an EEA entity within the Group that is domiciled in the United Kingdom, you have the right to make a complaint on data protection issues, at any time, to the Information Commissioner’s Office (ICO), the UK supervisory authority.

14. CHANGES TO THIS PRIVACY NOTICE We may also notify you in other ways from time to time about the processing of your personal data.

If you have any questions about this Privacy Notice, please contact the Human Resources Department.