Last Updated: February 14, 2024

Roku Job Applicant Privacy Notice For Job Applicants

---

Your privacy is important to Roku, and we want you to understand what Personal Information is collected and processed about you as a job applicant. Accordingly, this Applicant Privacy Notice (the "Notice") gives you more information about Roku's processing of your Personal Information. It is important that you read this Notice, so that you are aware of how and why we are processing your Personal Information.¹

This Notice describes how and why Roku, Inc., its subsidiaries, and affiliates ("Roku", "we" or "us") collect and process Personal Information (which is any information that can be used to identify, or could reasonably be associated with, an individual) about you in connection with Roku's recruitment process.

Please note that this Notice does not apply to California residents. If you are a Californian resident, please click here.

1. Personal Information that We Collect and/or Process

The Personal Information that we collect will vary depending upon the circumstances, including the position you applied for, the specific job qualifications and responsibilities, the job location, and the Personal Information you provide (or that you authorize to be provided on your behalf). The Personal Information we may collect to process your application and assess your suitability to work for Roku include identifiers and other contact information, education, professional and employment information such as the type of information contained in resumes, information to track the progress of your information, information within referrals and references, background checks, financial reports and other similar records, and dependent and beneficiary information, emergency contacts, bank account, salary, and employment benefits and other information as necessary to onboard you.

2. Why We Process your Personal Information

Roku primarily collects and processes your Personal Information so we can evaluate your application to work for Roku and, if you are successful, recruit and onboard you. We also collect and use your Personal Information to identify other positions at Roku which may be of interest to you and for other legitimate purposes, including to operate and conduct our business, for IT security and management of our network and offices, for accounting and corporate governance/record-keeping purposes, to respond to claims or legal process or to defend and/or protect our rights.

3. Sources of Personal Information

Most of the Personal Information that we process about you is provided to us by you or generated in the course of your application to work for Roku. However, there will be situations, where we obtain Personal Information from other sources, including:

• Former employers, employment agencies, background check providers, credit reference agencies, and other nominated individuals for references;
• Public registries and directories;
• Our IT systems that you use, including system usage data, computer ID, user ID, IP addresses, service access logs, software and hardware inventory, cookies;
• Systems and technology that you use as part of your application, including cookies, pixels, tags, or similar technologies on websites and in our emails; and
• Publicly available information from social media sites, including LinkedIn.

4. Disclosure of Personal Information

Roku will make your Personal Information available to those with a legitimate need for it. Examples of such disclosures include providing your Personal Information to:

• the Roku group of companies to fulfil any of the purposes outlined in this Notice;
• third parties who provide services to us, to fulfil any of the purposes outlined in this Notice. For example, we disclose Personal Information to employee benefit plans service providers, payroll providers, employee travel management, benefits provision, and for expenses reporting and general software/IT troubleshooting; and
• others on a need-to-know basis to those who require it to perform their tasks and duties in relation to the purposes listed in this Notice.

We may also disclose Personal Information to other third parties on other lawful grounds, including:

• To comply with our contractual and legal obligations, including to respond to a court order, administrative or judicial process; to meet national security or law enforcement requests;
• With your consent;
• Where it is necessary for our legitimate interests (for example, to establish, exercise or defend against potential, threatened or actual litigation or in connection with the sale, merger, assignment or other transfer of all or part of our business); and
• Where necessary to protect the vital interests of yourself or another person.

5. Retention of your Personal Information

If you are successful in your application to work for Roku, the Personal Information processed in connection with your application will become part of your employment record and be retained in accordance with our standard employee data retention practices. If you are unsuccessful in your application, we will retain your details for a reasonable amount of time as permitted by law to consider you for future roles with Roku, in case we face a legal challenge in respect of a recruitment decision, and to help us better understand, analyze and improve our recruitment processes. If you do not want us to retain your Personal Information for consideration for other roles, or want us to update it, please contact workforceprivacy@roku.com.

6. Cookies and Similar Technologies

Roku uses cookies and similar technologies to collect certain information about you when you access our Jobs website (www.weareroku.com). The term "cookie" is used in this Notice to also refer to similar technologies that might collect information automatically, including pixels, tags, and web beacons).

A cookie is a small text file that a Web server places on your computer or mobile device when you visit a website. This small text file includes a unique identifier that distinguishes your computer or mobile device from other devices. Cookies serve several purposes, including letting you navigate between webpages efficiently, remembering your preferences, and generally improving the user experience.

For additional information about how your Personal Information is collected while accessing our Jobs website, please see our Cookie Policy.

7. Updates

We may update this Notice periodically to comply with the requirements of the applicable laws or regulations, or to reflect any changes in our privacy practices.

8. Contact Us

You can address any questions, comments or requests relating to this Notice to workforceprivacy@roku.com.

Annex 1: Supplementary Information (for EU, UK, Swiss, Ukraine, and India Applicants)

In addition to information in the Notice, this annex outlines the purposes for which Roku processes your Personal Information and the legal grounds for doing so, your privacy rights and provides additional information about international data transfers.

1. Legal grounds for processing

Where required by applicable law, Roku relies upon various legal grounds when processing your Personal Information. In some contexts, more than one ground applies. We have summarized these grounds as "Contract", "Legal obligation", "Legitimate interests", "Vital interests" and "Consent" and outline what those terms mean in the following table.
If you are an applicant in Ukraine, the only legal grounds for processing your Personal Information is consent.

If you are an applicant in India, we rely on authorized legitimate uses for processing your Personal Information.

Term	Ground for processing	Explanation
Contract	Processing is necessary for performance of a contract with you or to take steps at your request to enter a contract.	This covers the execution or amendment of your employment contract, the performance of our contractual duties and exercising our contractual rights.
Legal obligation	Processing is necessary to comply with our legal obligations.	This allows us to comply with our legal and regulatory obligations. For example, providing a safe place of work and avoiding unlawful discrimination.
Legitimate interests	Processing is necessary for our or a third party's legitimate interests.	We or a third party have legitimate interests in using your Personal Information to carry on, manage, and administer our respective businesses. Your Personal Information will not be processed on this basis if our or a third party's interests are overridden by your own interests, rights, or freedoms.
Vital Interest	Processing is necessary to protect your or someone else's vital interests.	This covers extremely rare situations where we might need to use your Personal Information to protect your life or similar emergency situations (including an emergency where we need to contact emergency services and/or the people you have nominated as emergency contacts).
Consent	You have given specific consent to processing your Personal Information.	In general, processing of your Personal Information in connection with employment is not conditional on your consent. But there may be occasions where we do specific things, including providing a reference, or obtaining medical reports or background checks, and we may rely on your consent to do so.

2. The purposes for processing your Personal Information (and legal grounds on which we rely)

The main part of the Notice outlines the general purposes for which we process your Personal Information. The table below contains more specific information about these, examples of the Personal Information and the legal grounds on which we rely for each of these purposes. The examples in the table are not exhaustive and there may be in-country variations. If you have any questions about the practice in your country, please email workplaceprivacy@roku.com in the first instance.

Purpose	Examples of Personal Information that may be processed	Grounds for processing
Recruitment	In connection with recruiting and onboarding you, we will process Personal Information including: Information related to your identity (e.g. your name, address, email address, ID information and documents, telephone numbers, place of birth, nationality, contact details, professional experience and education (including degrees, academic records, professional licenses, memberships and certifications, awards and achievements, and current and previous employment details), financial information (including salary information), language skills, and any other Personal Information that you provide as part of your job application. Information concerning your application and our assessment of it, your references, background checks and verification of your right to work. If necessary, information concerning your health, disability or request for work accommodation or reasonable adjustments.	Contract Legal obligation Legitimate interests
Tracking your application	To track your application status, we will process Personal Information including: Personal Information from cookies and similar technologies on our websites and in our emails that track your use of our websites, interaction with emails we send you and your application status.	Consent
Your employment contract including entering it, performing it and updating it.	To enter into, perform, maintain and update your employment contract with Roku, we process Personal Information including: Personal contact details including name, address and personal email address. Employment records (including job titles, work history and working hours). Recruitment records (including right to work documentation, references and other information in your resume, cover letter or application). Employee benefits records. For example, your participation in life and medical insurance.	Contract Legal obligation Legitimate interests
Contacting you or others on your behalf	To contact you or others on your behalf, Roku processes Personal Information including: your personal address and phone number, emergency contact information and information about your next of kin.	Consent Vital Interests
Physical and system security	To maintain the security of our workplaces and IT systems, we process Personal Information about you including: CCTV footage and other information obtained through electronic means including swipe-card or Key-Fob records (if you come for an in-person interview). Your use of our communications systems, including computers and other devices and passwords.	Legal obligation Legitimate interests
Monitoring of diversity and equal opportunities	To support workplace diversity and inclusion, we may process your Personal Information, including: information about your nationality, race and ethnic origin, gender, sexual orientation, religion, disability and age as part of diversity monitoring initiatives. Such data will usually be aggregated and used for equality of opportunity monitoring purposes. Please note we may share aggregated and anonymized diversity statistics with regulators if formally required / requested. Information you choose to disclose through participation in any Employee Resource Groups ("ERG"), which will be processed based on your consent. Due to the nature of an ERG, Personal Information shared through participation in ERG activities generally will not be aggregated or anonymized	Consent Legitimate interests
Improvement of our recruitment process	To improve our recruitment process and candidate experience, as well as to measure performance and analyze key metrics relevant to our business, we may process your Personal Information, including: Feedback information, including responses to surveys, questionnaires, and other voluntary responses. Information about the role for which you applied, including information related to your identity if you choose to provide that data.	Consent Legitimate Interest
Protect the rights and property of Roku, our users, applicants, employees or the public.	We will also use your information to protect the rights and property of Roku, our users, applicants, candidates, employees or the public as required or permitted by law.	Legitimate interests Legal obligation

3. Transfers

Roku is a global group of companies headquartered in San Jose, California, USA. As Roku operates globally, we may need to transfer Personal Information to other countries. In particular, to our headquarters for management purposes. Transfers may also need to be made to other countries where Roku operates (including information on relevant experience you may have for a particular job).

For transfers of Personal Information from the EU, Ukraine, Switzerland, and the UK to Roku group companies located outside of these territories, we have implemented data transfer agreements incorporating the Standard Contractual Clauses approved by the European Commission and the UK International Data Transfer Addendum (as applicable) to enable the transfer of the Personal Information. Likewise, when we use service providers and their services involve international transfers of Personal Information, we aim to implement appropriate data transfer mechanisms, including the Standard Contractual Clauses. Additionally, we are certified under the DPF as further stated below.

4. Data Privacy Framework

Our U.S. affiliates, Roku, Inc. and Roku DX Holdings, Inc., comply with the EU-U.S., (including the UK extension) and the EU-Swiss Data Privacy Frameworks (collectively, the "DPF") (as set forth by the U.S. Department of Commerce ("DOC")) regarding the processing of personal information from the EU, United Kingdom and Switzerland.

Roku, Inc. and Roku DX Holdings, Inc. have certified to the DOC that we follow the DPF Principles (on notice, choice, accountability for onward transfer (including remaining liable for onward transfers to third parties, subject to applicable exemptions), security, data integrity and purpose limitation, access, and recourse, enforcement and liability). If there is any conflict between the terms of this Notice and the DPF Principles, the Principles shall govern.

To learn more about the DPF, and to view our certification, please visit https://www.dataprivacyframework.gov/.

The Federal Trade Commission has jurisdiction over our compliance with the DPF.

Complaints: If you have questions or complaints regarding our compliance with the DPF Principles, please contact us via email here in the first instance. For any unresolved complaints, or if you do not receive timely acknowledgment from us of your complaint, please contact Judicial Arbitration and Mediations Services (JAMS), an alternative dispute resolution provider based in the United States. If your complaint is still not resolved by the above recourse mechanisms, you may contact your data protection authority, or under certain circumstances, you may invoke binding arbitration. Please see Annex I of the DPF here for additional information.

5. Your Privacy Rights

Under certain circumstances, and subject to the law in your country, you may have the right to:

• Request access to and receive a copy of the Personal Information we hold about you.
• Request correction of the Personal Information that we hold about you, where it is incomplete or inaccurate.
• Request erasure of your Personal Information. You can ask us to delete Personal Information where there is no reason for us to continue processing it.
• Object to processing of your Personal Information in certain limited situations.
• Request the restriction of processing of your Personal Information, for example if you want Roku to establish its accuracy or the reason for processing it.
• Request the transfer of your Personal Information to another party.

To exercise these rights, please email workforceprivacy@roku.com. Please note that certain Personal Information may be exempt from such requests in accordance with applicable data protection laws or other laws and regulations.

You will not usually have to pay a fee to access your Personal Information (or to exercise any of the other rights). However, Roku reserves the right to charge a reasonable fee if your request is unfounded or excessive. Roku may also refuse to comply with the request in such circumstances.

Roku may need to request specific information from you to help us confirm your identity and your right to access the information (or to exercise any of your other rights).

In the limited circumstances where Roku relies on your consent to process your Personal Information, you have the right to withdraw your consent at any time. This will not have any effect on the processing that we did before your consent was withdrawn.

6. Contact Us

The primary controller of your Personal Information will be the Roku company that you are seeking to work for (e.g. Roku International BV, Roku Denmark ApS, Roku DX (UK) Ltd, Roku Germany GMBH or LLC "Roku Ukraine", or Roku India Private Limited (formerly known as DataXu India Private Limited).
You can address any questions, comments or requests relating to this Notice to workforceprivacy@roku.com.

You may also contact our Data Protection Officer (DPO) at privacy@roku.com.

You have a right to lodge any complaints with the relevant supervisory authority for data protection in your country, although we ask that you raise your objections internally in the first instance.

¹Please note that this Notice does not cover your use of Roku's products, services or websites as a consumer, to the extent that you are not acting on behalf of Roku at the time. For Roku's data practices relating to consumer use, please see the Roku Privacy Policy.