What does this notice cover?

BridgeBio Pharma, Inc., along with its affiliates and subsidiaries worldwide (collectively, “BridgeBio,” “we,” “us,” or “our”), is committed to handling personal data responsibly and in accordance with applicable law. This Candidate Privacy Notice (“Notice”) explains our data collection and processing practices in the context of our employment opportunities in the European Economic Area, Switzerland and the United Kingdom. It also describes your data protection rights, including a right to object to some of the processing that we carry out. More information about your rights, and how to exercise them, is set out in the “Your choices and rights” section

Please note that this Notice applies only to our processing of your personal data as a candidate for an employment opportunity with BridgeBio. It does not cover your use of our websites as a consumer or investor, participation in any of our research or clinical trials, or any permanent employment with us. You will be presented with different privacy notices in those contexts.

Who is the data controller for your data?

The information in this notice explains the way that all BridgeBio companies process candidate data. The data controller for your data will be the BridgeBio company you have applied to.

What information do we collect from job applicants?
When we consider you for opportunities at BridgeBio, we collect and use these types of data:

  • Your name, contact information (such as address, phone number, email address), gender, work permit or visa information, employment and education history, referrals or references, and any other information you provide (such as information on your resume or cover letter)
  • Desired salary, location preferences, other job preferences
  • Information that you make publicly available in connection with your application, such as contact information, your education, and work experience information (e.g., when you share information via job search and career networking sites as far as it is relevant to consider you for career opportunities and in accordance with your privacy settings on those services)
  • Interview details, and outcomes of any recruiting exercises you complete
  • If disclosed, any special needs, health condition, or information relating to accommodations that you may request during the recruiting process
  • If you’re being referred, information that the person referring you provides about you
  • We also sometimes receive information such as your education and work experience, contact information, and demographics, from thirdparty data providers who have the right to provide us with your information. These partners collect your information from publicly available sources, or through third parties with whom they work
  • Any information that applicable local laws require us to collect in connection with the recruiting process
  • Special category data processing, for example, information about your health and disabilities where we need to make any reasonable adjustments; equal opportunities monitoring information, including information about your ethnic origin, sexual orientation, health and religion or belief

How do we use this information, and what is our legal basis?

We must have a legal basis to process your data. We explain each of these legal bases below. We also set out the purposes for which we process your data.

We use the information we collect from and about you:

  • As necessary to comply with our legal obligations: for example, local laws may require us to submit reports about our recruiting processes and outcomes
  • As necessary for our (or others’) legitimate interests, including our interests in:
    • assessing your suitability for a particular role or roles;
    • facilitating the recruiting and interview process;
    • verifying the information you or others provide about your application;
    • presenting you with an offer of employment if your application is successful; and
    • managing and improving our application and interview process and performing
      management reporting and analysis related to recruiting metrics and success factors,       unless those interests are overridden by your interests or fundamental rights and freedoms which require protection of personal data.
  • Consistent with specific consents you may provide (if applicable), and which you may revoke
    at any time.
    • For example, with your consent, we use your data to contact you about future career
      opportunities at BridgeBio. This includes storing your data and keeping it up to date and
      using it to contact you.

More information about background checks

For certain positions, it will be necessary for us to verify the details you have supplied (for example, in relation to your identity, employment history, academic qualification and professional credentials) and to conduct preemployment background checks (for example, in relation to previous criminal convictions or financial standing). The level of checks will depend on your role, in particular if you will occupy a regulated role, and will be conducted at as late a stage as is practicable in the recruitment process and often only after you have been selected for the position. If your application is successful, we will provide further information about the checks involved and will obtain any necessary consent prior to completing such checks.

How do we share this information?

We share job applicant information for some limited purposes as follows:

  • Within the BridgeBio family of companies We may share your information among the different
    BridgeBio entities if your application is relevant to roles across the entities or to collaborate on
    employment activities and goals.
  • With service providers These are entities that help us manage and improve the recruiting
    process and who perform services on our behalf, such as recruitment providers, interview and
    assessment providers, interview travel booking and expense providers, relocation entities,
    immigration advisors, reporting and analytics services, and preemployment screening services.
    These entities are required to protect the information we share with them with appropriate
    organizational and technical safeguards and to use such information as necessary to provide
    services to us.
  • With regulators and other governmental entities We may access, preserve, and share your
    information with regulators, law enforcement, or others in response to a valid legal request if we
    have a goodfaith belief that the law required us to do so; or we conclude that such sharing is
    necessary to detect, prevent, and address fraud, unauthorized use of our systems, prevent
    violations of our terms, or protect our rights or the rights of others.
  • If we merge with another organization or form a new entity, your personal data may be
    transferred to that new entity.

How do we operate and transfer data as part of our global business?

As a global company headquartered in the United States, we share data globally, both internally within
the BridgeBio family of companies, and externally with our service providers. When we transfer your
personal data to other countries, we take steps to ensure your personal data is adequately protected,
using transfer mechanisms such as EUapproved standard clauses. A copy of the relevant mechanism can
be obtained for your review on request by using the contact details below.

Data retention

We’ll retain information we collect from job applicants for as long as required to comply with our legal obligations, to resolve disputes and to enforce our contractual agreements.

If you’re successful in your application for a position at BridgeBio, we retain the information you provide during the application process as part of your employee records.

If you are not successful, we will retain your personal data with your permission for three (3) years so we can keep you in mind for future recruitment processes; otherwise, it will be deleted following closure of the application process.

How can you exercise your rights provided under the GDPR?

If you are in the EEA you have the right, subject to applicable exceptions and adequate verification of your identity, to access, rectify, port (where technically feasible), and delete your data. You also have the right to object to and restrict certain processing of your data. If you have unresolved concerns, you have the right to complain to a data protection authority. If you would like to exercise such a right, please contact us at the details below.

How to contact us with questions.

If you have any questions, you can contact our data protection officer at [email protected].

How can you learn about changes to this Notice?

We may change this Notice from time to time. If we make changes to the Notice that are material, we will
provide you with notice in accordance with applicable legal requirements.

BridgeBio EEA, Swiss and UK Candidate Privacy Notice