RedRadar Technologies Candidate Privacy Notice

---

Last updated: April 2026

This Candidate Privacy Notice ("Notice") explains how RedRadar Technologies Ltd. ("RedRadar") collect, use, and protect personal data about people who apply for roles with us, are referred to us, or are otherwise considered for employment, contracting, or fellowship opportunities.

This Notice supplements our Privacy Statement. Where this Notice differs from the Privacy Statement on matters specific to recruitment, this Notice prevails. If you are an existing employee or contractor, separate notices govern the personal data we process about you in connection with your role. Ask your point of contact at RedRadar.

The data controller is the entity with the open role you have applied for or are being considered for:

RedRadar Technologies Ltd., Tel Aviv, Israel — privacy@redradar.ai

The personal data we collect about you depends on the role, the stage of the process, and the jurisdiction. Not every category below applies to every candidate. We collect only what is relevant to evaluating your application or required by law.

Identification and contact data: Name, email address, telephone number, country and city of residence, and (where the role requires it) citizenship and right-to-work status.

Application materials: CV or résumé, cover letter, portfolio, work samples, links to professional profiles (such as LinkedIn or GitHub), and any other materials you choose to share with us.

Professional history: Employment history, education, certifications, skills, languages, publications, professional references, and (where relevant to the role) security clearances or vetting status.

Interview records: Notes from screening calls and interviews, evaluations from interviewers, and exercise or assessment results. We do not record interviews unless we have told you in advance and you have agreed.

Verification and background data, where the role requires it: Identity documents, right-to-work documentation, and (where applicable) background check results, sanctions or politically exposed persons screening results, and security clearance or vetting status. We will tell you in advance which checks apply to a specific role, and we will not run a check that requires your consent without first obtaining it.

Communications: Correspondence between you and us during the recruitment process.

We do not knowingly collect data about your political opinions, religious beliefs, trade union membership, sexual orientation, or health, except where you choose to disclose it (for example, when you request a workplace adjustment) or where the law requires us to ask.

We may collect personal data about you:

• Directly from you, when you apply, send us materials, attend interviews, or correspond with us.
• From references, with your consent.
• From background check, identity verification, or screening providers, where the role requires such checks and applicable law permits.
• From public sources, including professional networks, publications, conference talks, and public code repositories, in connection with assessing your application.
• From referrers, where someone refers you to us.
• From recruiters or staffing agencies, where they have introduced you to us.

Not all of these sources apply to every candidate.

We use your personal data to:

• Evaluate your suitability for the role you applied for and other roles that may fit your profile.
• Communicate with you about your application.
• Conduct interviews, exercises, and assessments.
• Where required for the role, verify your identity, right to work, qualifications, and (if applicable) security clearance, vetting, or background check status.
• Make hiring decisions and extend offers.
• Comply with legal, regulatory, tax, and export-control obligations.
• Defend ourselves against legal claims relating to recruitment.

Lawful basis under the GDPR / UK GDPR:

• Steps taken at your request prior to entering a contract — for the core processing involved in evaluating your application.
• Our legitimate interests in identifying, evaluating, and selecting candidates, and in keeping records of past applications.
• Compliance with a legal obligation — for right-to-work checks, sanctions screening, and any other check required by law.
• Your explicit consent — for any processing of special-category data (such as health information shared in connection with workplace adjustments) and for any background check or clearance verification that requires it.

You can withdraw any consent at any time. Withdrawal will not affect the lawfulness of processing that took place before the withdrawal, and may affect our ability to continue evaluating your application for roles where the underlying check is required.

For some roles — particularly those involving access to client data, secure environments, or sensitive government and defense engagements — we may conduct or rely on identity verification, background checks, sanctions screening, or verification of security clearance and vetting status.

Whether any such check is performed, what kind of check it is, and which provider conducts it depends on the role, the client, the jurisdiction, and applicable law. Some applications involve no checks at all; others involve checks specific to a client or a clearance level.

Where a check applies to a role you are being considered for:

• We will tell you in advance which checks will be performed.
• Where applicable law requires your written consent, we will obtain it before the check is run.
• We will use only providers bound by appropriate confidentiality and data protection obligations.

For some roles, your continued employment may depend on obtaining or maintaining a clearance or vetting status with a government or client. Information related to those processes is processed on the basis of your consent or, where applicable, a legal or contractual requirement.

To support our recruitment process, we may use third-party software and services. These may include applicant tracking systems, scheduling tools, video conferencing platforms, identity verification providers, background check providers, and similar services. The specific tools we use vary, and we do not use all of these for every role or every candidate.

Where we use a third-party service, that service acts as our processor (or, in some cases, as an independent controller for limited purposes such as fraud prevention or its own platform-security obligations). Each provider is bound by contract to use the data only for the purposes we have authorized. If you would like to know which third-party providers may handle your data in connection with a specific application, write to privacy@redradar.ai and we will provide a current list.

We share candidate personal data only where necessary, and only with recipients bound by appropriate confidentiality and data protection obligations. Recipients may include:

• Background check, identity verification, or reference contacts, where applicable to the role.
• Recruitment platforms or applicant tracking systems, where we use them.
• Professional advisors, including immigration counsel, employment counsel, and accountants, where needed.
• Government and regulatory authorities, where we are required by law (for example, right-to-work reporting, tax authorities, or export-control screening).
• Clients or partners, where the role involves placement at or vetting for a specific client engagement, and only where this has been disclosed to you and (where required) you have consented.
• A successor entity, in the event of a merger, acquisition, financing, or restructuring, where required to evaluate or transfer pending applications.

We do not sell your personal data, and we do not share it with third parties for their own marketing purposes.

If we hire you, we transfer the relevant parts of your application file to your employee record, which is governed by our employee data notices and retained as required by law.

If we do not hire you, we keep your application data for up to 24 months after the conclusion of the recruitment process, unless:

• You ask us to delete it earlier, in which case we will do so subject to any legal retention obligation.
• You ask us to keep your details on file for future opportunities, in which case we will keep them for as long as you remain interested or, if you do not respond to periodic check-ins, until 36 months from your last interaction.
• We are required to keep records longer to defend against potential legal claims, in which case we keep only what is necessary for that purpose and only for as long as the relevant limitation period requires.

Where verification, background check, or clearance records are generated for a role, those records are retained for the period required by the relevant law, regulation, or client contract. Many such records are retained only briefly; others are retained for the duration of an engagement.

Depending on where you live and which laws apply, you may have rights in relation to your personal data, including:

• The right to access the personal data we hold about you and obtain information about how it is processed.
• The right to correct inaccurate or incomplete personal data.
• The right to delete your personal data, subject to legal exceptions.
• The right to restrict or object to certain processing.
• The right to data portability, where it applies.
• The right to withdraw consent at any time, where processing is based on consent.

You can exercise these rights by writing to privacy@redradar.ai. We may need to verify your identity before acting on a request, and we may decline or limit a request where the law allows us to do so — for example, where granting it would compromise the rights of references or other candidates, or where retention is required by law or to defend against legal claims.

We do not make decisions producing legal or similarly significant effects on you based solely on automated processing. Hiring decisions are made by people.

This section supplements the rest of this Notice for candidates in the United States.

Information we collect about job applicants is generally exempt from the consumer rights provisions of state comprehensive privacy laws, but we still apply equivalent practices: we collect only what we need, retain it only as long as we need it, and disclose it only as described in this Notice.

For candidates in California, additional information may be available under the California Consumer Privacy Act notice for personnel and applicants on request.

We may update this Notice from time to time. The "Last updated" date at the top shows when the most recent change was made. Where a change materially affects how we process your personal data as a candidate, we will notify you where required by law.