Effective as of February 3, 2023.

This Applicant Privacy Notice (“Notice”) describes the privacy practices of Merus N.V. and Merus US, Inc. (collectively, “Merus”, “Company”, “we”, “us”, or “our”) when you apply for a role at the Company through our electronic job application platform or otherwise.

Merus N.V. is the “controller” in respect of your personal data for purposes of data protection laws, and is primarily responsible for how your personal data is used. Other subsidiary companies may also be a controller in respect of your personal data in relation to certain centralised human resources activities. References in this Applicant Privacy Notice to Company should be read as references to the Company entity that you are applying to or dealing with in relation to your candidacy (i.e., when applying to Merus US, Inc. or Merus N.V., that respective entity is the Company as referred to herein). This Notice describes, under and in accordance with the requirements of applicable law, how we collect, use, disclose and otherwise process your personal information in relation to your application or candidacy.

Personal Information We Collect From you

Company will collect the information you provide us in connection with your application or candidacy, which can include some or all of the following personal information:

  1. Contact information, such as name, home address, telephone number, personal email address and other contact information;
  2. Work authorization status, such as visa status and work permit information;
  3. Biographical information, such as previous job history and education details;
  4. Professional and other work-related qualifications, such as licenses, certifications and professional memberships;
  5. Information relating to references, such as referees’ names and contact details; and
  6. Any other information you provide to us, such as cover letter, desired salary, employment preferences and willingness to relocate.

We ask that you avoid submitting the following categories of personal data (Sensitive Personal Data), unless such information is legally required and/or the Company requests you to submit such information: racial or ethnic origin; political opinions; religious or philosophical beliefs; trade union membership; genetic or biometric data; health data; and data related to your sex life or sexual orientation

Any information you provide to us must be true, complete and not misleading. Submitting inaccurate, incomplete or misleading information may lead to a rejection of your application or candidacy during the recruitment process or appropriate disciplinary action after commencement of your employment. In addition, it is your responsibility to ensure that the information you submit does not violate any third party’s rights.

If you provide us with personal information of any other individual as part of your application or candidacy, it is your responsibility to obtain consent from that individual prior to providing the information to us.

Information We Collect from Other Sources

We may obtain personal data about you from third parties such as your previous employers, recruiters, background check providers, credit reference and anti-fraud agencies and providers of screening lists and public registers. Where required by applicable law, we will inform you of this prior to any such check or investigation.

How We Use and Share Personal Data

The personal data that you submit to us will be used for our personnel recruitment, management and planning purposes, as permitted by local law, including:

  1. Processing your application;
  2. Assessing your suitability, capabilities and qualifications for a job with us;
  3. Conducting reference checks;
  4. Communicating with you regarding your application or candidacy; and
  5. Conducting background checks, credit checks, anti-fraud checks, or similar investigations, each only as permitted under applicable laws and if appropriate for the job for which you are applying.

In connection with the purposes listed above, we may share your personal data with third parties who assist us with these activities, such as background check providers, recruiters and head-hunters, and service providers who provide services such as hosting and operating our electronic job application platform.

We process your personal data for each purpose described in this Section (other than Sensitive Personal Data addressed in the Section below) on the basis that such processing is necessary for Company’s legitimate business interests in recruiting suitably qualified and skilled employees.

If we hire you, we process your personal data on the basis that such processing is necessary to take steps necessary to enter an employment agreement or relationship with you. In addition, the personal data we collect in connection with your application or candidacy may be incorporated into our Human Resources system and may be used to manage the new-hire process and such information may become part of your employee file.

Sensitive Personal Data

Although we ask that you not provide us with any Sensitive Personal Data unless we specifically request it for a legitimate purpose, we may collect, use and share your Sensitive Personal Data relating to your race or ethnic origin, physical or mental health or condition, trade union membership, commission or alleged commission of criminal offenses and any related legal actions in accordance with applicable law and only for the following purposes:

  1. information relating to criminal convictions and offenses for the purposes of assessing your suitability for your role;
  2. information relating to your racial or ethnic origin for the purposes of conducting equal opportunity monitoring; or
  3. information relating to any disabilities that you may have for the purposes of assessing or making reasonable adjustments and accommodations to the recruitment process.

Where we use Sensitive Personal Data, we do so to perform our legal duties and exercise our rights as a prospective employer, or because it is necessary to establish, defend or prosecute legal claims. To the extent necessary, we may also use Sensitive Personal Data to protect your vital interests, or where the purpose is in the substantial public interest.

International Personal Data Transfers

We may transfer your personal information to countries other than the country in which the data was originally collected for the purposes described in this Notice. For example, if you are located within the European Union/European Economic Area (EEA), we may transfer your personal information to the United States, if required for the hiring decision of the job for which you are applying or if otherwise required for internal administrative purposes. The countries to which we transfer personal information may not have the same data protection laws as the country in which you initially provided the information. When we transfer personal information out of the EEA to countries not deemed by the European Commission to provide an adequate level of personal information protection, the transfer will be based on safeguards that allow us to conduct the transfer in accordance with the EU’s data protection laws, such as the specific contracts approved by the European Commission as providing adequate protection for transferring personal information.  For details, see the European Commission’s website for model contracts for the transfer of personal information to third countries.

Please contact us if you want further information on the specific mechanism used by us when transferring your personal information out of the EEA.

Retention

We will retain your personal data for as long as is necessary for the purposes for which they were collected and any other permitted purposes (such as to comply with regulatory requirements to retain such data). Please note that these periods may be extended where reasonably necessary (for example, where we are required to do so by law or by a regulator). We will either irreversibly anonymise or securely destroy personal data that we no longer need. We reserve the right to use anonymous data for any legitimate business purpose without further notice to you or your consent.

Your Rights

Data protection laws in Europe and California give you certain rights regarding your personal information. Depending on your jurisdiction, you may ask us to take the following actions in relation to your personal information that we hold:

  • Access. Provide you with information about our processing of your personal information and give you access to your personal information.
  • Correct. Update or correct inaccuracies in your personal information.
  • Delete. Delete your personal information.
  • Transfer. Transfer a machine-readable copy of your personal information to you or a third party of your choice.
  • Restrict. Restrict the processing of your personal information.
  • Object. Object to our reliance on our legitimate interests as the basis of our processing of your personal information that impacts your rights
  • Withdraw. Where processing is based on consent, you may withdraw this consent to any further processing of your personal information at any time, subject to applicable law.

You can submit these requests via the contact details provided below.  We may request specific information from you to help us confirm your identity and process your request.  California employees may empower an “authorized agent” to submit requests on their behalf. We will require authorized agents to confirm their identity and authority, in accordance with applicable laws. You are entitled to exercise the rights described above free from discrimination.

Applicable law may require or permit us to decline your request. If we decline your request, we will tell you why, subject to legal restrictions. If you would like to submit a complaint about our use of your personal information or response to your requests regarding your personal information, you may contact Merus’ Data Protection Officer as described below or submit a complaint to the data protection regulator in your jurisdiction. You can find your data protection regulator here.

Changes to this Privacy Notice

We reserve the right to modify this Privacy Notice at any time in our sole discretion. When we update this Notice, we will notify you of changes that are deemed material under applicable legal requirements by updating the date of this Notice and providing other notification as required by applicable law. We may also notify you of changes to the Notice in other ways, such as via email or other contact information you have provided. Any modifications to this Notice will be effective upon the date of the modified Notice.

Contact Us

If you have any questions, concerns, or requests about this Privacy Notice or the processing of your personal data, please feel free to contact us at privacy@merus.nl, or write to us at:

Data Protection Officer
Merus N.V.
Uppsalalaan 17
3rd & 4th Floor
3584 CT Utrecht
The Netherlands