Add to collection(s) Add to saved
  1. Social Science
  2. Law

data privacy compliance manual

advertisement 
EMPLOYEE NOTICE OF DATA PRIVACY
POLICIES AND PROCEDURES
Effective: September 30, 2016
EMPLOYEE NOTICE OF DATA PRIVACY
POLICIES AND PROCEDURES
I. EMPLOYEE NOTICE OF DATA PRIVACY POLICIES AND PROCEDURES . 3
A. Ecolab's Commitment to Data Privacy ............................................................................ 3
B. Definitions ....................................................................................................................... 3
C. Scope .............................................................................................................................. 4
D. Data Privacy Principles ................................................................................................... 4
E. Application of Local Law ................................................................................................. 5
F. Human Resources Data Collected .................................................................................. 6
G. Purposes of Collecting Personal Data ............................................................................ 7
H. Disclosure of Personal Data ........................................................................................... 8
I. Security and Data Integrity ............................................................................................... 9
J. Data Access, Correction, and Processing Choice ........................................................... 9
K. EU - U.S. Privacy Shield ................................................................................................. 10
L. U.S – Switzerland Safe Harbor Framework .................................................................... 10
M. Privacy Shield Dispute Resolution and Arbitration ......................................................... 11
N. Changes to this Privacy Notice ....................................................................................... 11
O. Liability ............................................................................................................................ 12
P. Questions and Comments .............................................................................................. 12
Ecolab Data Privacy Compliance Manual » Rev. 9/2016 » Issued by Legal Department » 2
EMPLOYEE NOTICE OF DATA PRIVACY
POLICIES AND PROCEDURES
A.
Ecolab’s Commitment to Data Privacy
The Notice set forth below outlines the Personal Data that Ecolab may collect, how
Ecolab uses and safeguards that data, and with whom we may share it. This Notice is
intended to provide notice to individuals regarding Personal Data in an effort to be
compliant with the data privacy laws and regulations of the jurisdictions in which Ecolab
operates as well as compliance with its own Data Privacy Compliance Manual. In
particular, this Notice is intended to demonstrate Ecolab’s compliance with the EU – U.S.
Privacy Shield Program and the U.S. – Switzerland Safe Harbor Framework.
B.
Definitions
Data Subject: the individual, business, or other entity about which Personal Data is
collected.
Personal Data: any information relating to an identified or identifiable natural person; an
identifiable person is one who can be identified, directly or indirectly, in particular by
reference to an identification number or to one or more factors specific to his or her
physical, physiological, mental, economic, cultural, or social identity. Personal Data is
also commonly referred to as “personal information” or “personally-identifiable
information” (PII).
Processing of Personal Data (“processing”): any operation or set of operations which is
performed upon Personal Data, whether or not by automatic means, such as collection,
recording, organization, storage, adaptation or alteration, retrieval, consultation, use,
disclosure by transmission, dissemination or otherwise making available, alignment or
combination, blocking, erasure or destruction.
Sensitive Personal Data: Personal Data that, if lost, compromised, or disclosed, could
result in substantial harm, embarrassment, inconvenience, or unfairness to a Data
Subject.
Third Party: any natural or legal person, public authority, agency or any other body other
than the data subject, the controller, the processor, and the persons who, under the
direct authority of the controller or the processor, are authorized to process the data.
Ecolab Data Privacy Compliance Manual » Rev. 9/2016 » Issued by Legal Department » 3
EMPLOYEE NOTICE OF DATA PRIVACY
POLICIES AND PROCEDURES
C. Scope
The Ecolab policies and procedures contained in this Notice apply throughout the Ecolab
enterprise, including its wholly owned or controlled subsidiaries and affiliates. Unless
otherwise required by a local jurisdiction or provided for in a subsequent or different
notice, this Notice is intended to apply to all Ecolab employees in all operating units of
Ecolab globally. Unless otherwise required by a local jurisdiction or provided for in a
subsequent or different notice, this Notice applies to all the processing of Personal Data
by the Ecolab organization, including its wholly owned subsidiaries, affiliates, and any
third parties.
D. Data Privacy Principles
Ecolab is committed to the goal of adhering to the following Privacy Principles in all
processing of Personal Data:
Notice: Ecolab will notify individuals at the time of collection of data, or a reasonable time
thereafter based on the laws and regulations of the relevant jurisdiction, the purposes for
which it is collecting and using information about them. This notice shall include
information about who can be contacted about inquiries or concerns, the type of third
parties that the information may be disclosed to, and choices available for use and
disclosure of that data.
Choice: Ecolab provides all individuals the opportunity to opt out of information
disclosure to a Third Party not provided in initial notice or use in a manner not provided
in initial notice. If the information is considered Sensitive Personal Data as defined by
the EU, Ecolab assumes the Data Subject has opted out of having such information
disclosed to Third Parties, and a Data Subject must expressly opt in to consent to such
disclosure.
Ecolab Data Privacy Compliance Manual » Rev. 9/2016 » Issued by Legal Department » 4
EMPLOYEE NOTICE OF DATA PRIVACY
POLICIES AND PROCEDURES
Onward Transfer (Transfer to Third Parties): The Notice and Choice Principles defined in
these principles shall be applied to all onward transfers of Personal Data. Ecolab will not
transfer Personal Data to a Third Party without notice unless one of the following
applies:
1. Ecolab can ensure the Third Party is in compliance with Privacy Shield Principles;
2. The Third Party is subject to the EU Data Protection Directive; or
3. The Third Party has certified via agreement that it provides a level of protection
equivalent to the Privacy Shield Principles.
Access: Ecolab shall provide Data Subjects access to their Personal Data and
opportunity to correct, amend, or delete that Personal Data when inaccurate, except in
certain circumstances allowed in Privacy Shield Principles.
Security: Ecolab takes reasonable precautions to protect Personal Data from loss,
misuse, and unauthorized access, disclosure, alternation, and destruction.
Data Integrity: Ecolab only holds information relevant for the purpose for which it is to be
used, as described in this Notice. Ecolab takes reasonable steps to ensure that
information is reliable for its intended use, accurate, complete, or current.
Enforcement: Ecolab provides recourse mechanisms to resolve individual concerns or
disputes regarding Personal Data. Ecolab provides the procedures as outlined in this
Notice for providing verification to individuals that the Privacy Shield Principles have
been implemented. Ecolab is committed to providing a prompt remedy for any failure to
comply with the Privacy Shield Principles, the laws or regulations of other jurisdictions,
and/or its own privacy policies and procedures.
E.
Application of Local Law
This Notice and the corresponding Data Privacy Compliance Manual is designed to set a
uniform minimum standard for every Ecolab entity with respect to its protection of Ecolab
Employees’ Personal Data. Ecolab recognizes that certain laws may impose additional
requirements than those described in this Notice and the corresponding Data Privacy
Compliance Manual. Ecolab will endeavor to collect and process Employees’ Personal
Data in accordance with local law applicable at the location where such Employee
Personal Data is collected and processed.
Ecolab Data Privacy Compliance Manual » Rev. 9/2016 » Issued by Legal Department » 5
EMPLOYEE NOTICE OF DATA PRIVACY
POLICIES AND PROCEDURES
F.
Human Resources Data Collected
The types of human resources data Ecolab collects (directly from you or from public or
third party information sources) and shares depends on the nature of your position and
role within Ecolab and the requirements of applicable laws in a relevant jurisdiction.
Examples of this information may include, among other things:
contact information (e.g., name, home and business addresses, telephone, fax
and pager numbers, e-mail addresses, emergency contact information)
personal information (e.g., date of birth, marital status, birth place, nationality,
race, gender, religion, preferred language);
employment, performance, compensation, and benefits (e.g., hire date, adjusted
service date, action/status codes, Ecolab identification number, job title,
position/grade, attendance, department, business unit, supervisor, site, union,
objectives, projects, performance reviews, performance and leadership ratings,
salary, bonus, long term incentives, awards, retirement, family
member/dependents names and dates of birth);
education and training (e.g., education level, field and institution; competency
assessments; professional licenses and certifications; training courses);
social security number or other national identification number;
passport number;
driver’s license number, vehicle license plate number;
bank account information;
corporate card number;
employment history and letters of recommendation;
work restrictions and accommodations;
industrial hygiene exposure assessment and monitoring information;
agreements that you enter into with Ecolab;
computer or facilities access and authentication information;
grievance resolutions; and
photographs and other visual images of you.
The examples provided are not all-inclusive, and Ecolab also may collect similar or
related information.
Ecolab Data Privacy Compliance Manual » Rev. 9/2016 » Issued by Legal Department » 6
EMPLOYEE NOTICE OF DATA PRIVACY
POLICIES AND PROCEDURES
Sensitive data: (e.g., data that reveal race, ethnic origin, religious or philosophical
beliefs, health, sexual orientation, political opinions, or trade union membership) are
collected only where allowed by law and are used and disclosed only to fulfill legal
requirements unless employee provides consent for such collection or disclosure.
Certain information collected is required to establish the employment relationship. You
may inquire at the time of collection as to whether certain information is required or
optional to establish the employment relationship. Further, where permissible and as
described in Section J of this Notice, you may inquire about correction of deletion of any
information initially provided.
G. Purposes of Collecting Personal Data
The collected personal information is processed for Ecolab’s business purposes,
including establishing, managing, or terminating your employment relationship with
Ecolab. Such uses include:
determining eligibility for initial employment, including the verification of
references and qualifications;
administering pay and benefits;
processing employee work-related claims (e.g. worker compensation, insurance
claims, etc.);
establishing training and/or development requirements;
conducting performance reviews and determining performance requirements;
assessing qualifications for a particular job or task;
gathering evidence for disciplinary action or termination;
establishing a contact point in the event of an emergency (such as next of kin);
complying with applicable labor or employment statutes;
compiling directories;
ensuring the security of company-held information; and
such other purposes as are reasonably required by Ecolab.
The uses provided are not all-inclusive, and Ecolab also may collect similar or related
information consistent with laws and regulations of a particular jurisdiction, and
subsequent notice provided or posted as consistent with applicable legal requirements.
Ecolab Data Privacy Compliance Manual » Rev. 9/2016 » Issued by Legal Department » 7
EMPLOYEE NOTICE OF DATA PRIVACY
POLICIES AND PROCEDURES
H. Disclosure of Personal Data
Ecolab may share your Personal Data with our employees, contractors, consultants, and
other parties who require such information to assist us with establishing, managing, or
terminating our employment relationship with you, including parties that (a) provide
products or services to us or on our behalf or (b) collaborate with us in the provision of
products or services to you. In some instances, such parties may also provide certain
information technology and data processing services to us so that we may operate our
business. We may share Personal Data with such parties both in and outside of your
home jurisdiction, and, as a result, your Personal Data may be collected, used,
processed, stored, or disclosed in jurisdictions outside of your home country.
When Ecolab shares Personal Data with such parties, our policy is to require that they
only use or disclose such Personal Data in a manner consistent with the use and
disclosure provisions of this Notice and consistent with the laws and regulations of the
jurisdiction where you live.
In addition, Personal Data may be disclosed or transferred to another party (including
Third Parties) in the event of a change in ownership of, or a grant of a security interest
in, all or a part of Ecolab through, for example, an asset or share sale, or some other
form of business combination, merger or joint venture, provided that such party is bound
by appropriate agreements or obligations and required to use or disclose your personal
information in a manner consistent with the use and disclosure provisions of this Privacy
Notice, unless you consent otherwise.
Further, your Personal Data may be disclosed:
as permitted or required by applicable law or regulatory requirements. In such a
case, we will endeavor to not disclose more personal information than is required
under the circumstances;
to comply with valid legal processes such as search warrants, subpoenas, or
court orders;
as part of Ecolab’s regular reporting activities to other parts of Ecolab’s
enterprise
to protect the rights and property of Ecolab;
during emergency situations or where necessary to protect the safety of a person
or group of persons;
where the personal information is publicly available; or
with your consent where such consent is required by law.
Ecolab Data Privacy Compliance Manual » Rev. 9/2016 » Issued by Legal Department » 8
EMPLOYEE NOTICE OF DATA PRIVACY
POLICIES AND PROCEDURES
To a limited extent Ecolab may need to collect Sensitive Personal Data, Ecolab will
ensure that the Data Subject is informed of such collection and processing through
notice provided at the outset of the employee’s employment with Ecolab and at other
times where required by law. Where required by law, the Data Subject’s explicit consent
to the processing and particularly to the transfer of such Sensitive Personal Data to Third
Parties will be obtained. Appropriate security and protection measures will be provided
depending on the nature of the information and the risks associated with the intended
uses.
I.
Security and Data Integrity
Ecolab will take reasonable precautions to protect Personal Data in its possession
secure against the risk of loss, misuse, unauthorized access, disclosure, alteration and
destruction. Ecolab periodically reviews its security measures in an effort to ensure the
privacy of Personal Data.
Ecolab will take reasonable precautions to ensure Personal Data is used only in ways
that are compatible with the purposes for which the data was collected or subsequently
authorized by the individual. While Ecolab will take reasonable steps to ensure that
Personal Data is relevant to its intended use, accurate, complete, and current, Ecolab
also relies upon you to assist in providing accurate updates of your Personal Data.
J.
Data Access, Correction, and Processing Choice
Upon request, Ecolab will grant individuals reasonable access to Personal Data that it
holds about them. In addition, Ecolab will take reasonable steps to permit individuals to
correct, amend, or delete information that is demonstrated to be inaccurate or
incomplete. Ecolab will rely on you to assist in providing timely updates to Personal
Data held by Ecolab you know to be incorrect.
As required by the laws and regulations of the relevant jurisdiction, Ecolab will provide a
Data Subject access to the following information related to the Data Subject’s Personal
Data:
the purposes of any processing;
the categories of Personal Data processed;
the recipients or categories of recipients to whom the Personal Data are to be or
have been disclosed, in particular Third Parties;
Ecolab Data Privacy Compliance Manual » Rev. 9/2016 » Issued by Legal Department » 9
EMPLOYEE NOTICE OF DATA PRIVACY
POLICIES AND PROCEDURES
the period for which the Personal Data will be stored;
the existence of the right to request from Ecolab rectification or erasure of
Personal Data concerning the Data Subject or to object to the processing of such
Personal Data;
the right to lodge a complaint to the DP Coordinator or Privacy Officer and the
contact details of the DP Coordinator and Privacy Officer;
communication of the Personal Data undergoing processing and of any available
information as to their source;
the significance and envisaged consequences of such processing.
Data Subjects can request access to correct, amend, or delete Personal Data by
contacting the following:
K.
PHONE:
844-880-8355
EMAIL:
dataprivacy@ecolab.com
EU – U.S. Privacy Shield
Ecolab complies with the EU-U.S. Privacy Shield Framework as set forth by the U.S.
Department of Commerce regarding the collection, use, and retention of personal
information transferred from the European Union to the United States. Ecolab has
certified to the Department of Commerce that it adheres to the Privacy Shield Principles.
If there is any conflict between the terms in this privacy policy and the Privacy Shield
Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy
Shield program, and to view our certification, please visit https://www.privacyshield.gov/.
L.
U.S. – Switzerland Safe Harbor Framework
Ecolab complies with the U.S-Swiss Safe Harbor Framework as set forth by the U.S.
Department of Commerce regarding the collection, use, and retention of personal
information transferred from Switzerland to the United States. Ecolab has certified to the
Department of Commerce that it adheres to the Safe Harbor Principles. If there is any
conflict between the terms in this privacy policy and the Safe Harbor Principles, the Safe
Harbor Principles shall govern. To learn more about the Safe Harbor Framework, and to
view our certification, please visit http://www.export.gov/safeharbor/.
Ecolab Data Privacy Compliance Manual » Rev. 9/2016 » Issued by Legal Department » 10
EMPLOYEE NOTICE OF DATA PRIVACY
POLICIES AND PROCEDURES
M. Privacy Shield Dispute Resolution and Arbitration
The Federal Trade Commission has jurisdiction regarding investigation and enforcement
of Ecolab’s compliance with the Privacy Shield.
In compliance with the Privacy Shield and Safe Harbor Principles, Ecolab commits to
resolve complaints about our collection or use of your personal information. Employees
in the EU or EEA with inquiries or complaints regarding Ecolab’s privacy policy and
compliance with Privacy Shield should first contact their human resources manager or
Ecolab’s general data privacy contact at:
PHONE:
844-880-8355
EMAIL:
dataprivacy@ecolab.com
In addition, Ecolab employees may submit a complaint to an independent recourse
mechanism. Ecolab commits to cooperate with the panel established by the EU data
protection authorities (DPAs) and comply with the advice given by the panel with regard
to human resources data transferred from the EU in the context of the employment
relationship. The following link may assist you in finding the appropriate DPA:
http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm.
Individuals located in the EU or EEA have the possibility, under certain conditions, to
invoke binding arbitration for complaints regarding Privacy Shield compliance not
resolved by any of the other Privacy Shield mechanisms. Information regarding
arbitration can be found here: https://www.privacyshield.gov/article?id=ANNEX-Iintroduction.
N. Changes to this Privacy Notice
Ecolab reserves the right to modify this Notice from time to time in order that it
accurately reflects the regulatory environment and our data collection principles. When
material changes are made to this Notice, Ecolab will post the revised Privacy Statement
on our website and provide employees subsequent notice where consistent with local
laws or regulations.
Ecolab Data Privacy Compliance Manual » Rev. 9/2016 » Issued by Legal Department » 11
EMPLOYEE NOTICE OF DATA PRIVACY
POLICIES AND PROCEDURES
O. Liability
If a third party service provider providing services on Ecolab’s behalf processes personal
data from the EU or EEA in a manner inconsistent with the Privacy Shield Principles,
unless Ecolab can prove that we are not responsible for an event giving rise to damages
claimed by any claimant or regulatory body, Ecolab will be liable to such claimant or
regulatory body for such damages.
P.
Questions and Comments
If you have any other questions or comments about this Notice as applicable to your
Personal Data, please contact:
PHONE:
844-880-8355
EMAIL:
dataprivacy@ecolab.com
Ecolab Data Privacy Compliance Manual » Rev. 9/2016 » Issued by Legal Department » 12
Related documents
Greensboro, NC
Greensboro, NC
933051 MATERIAL SAFETY DATA SHEET Date
933051 MATERIAL SAFETY DATA SHEET Date
Discussion 1 Computer Organization 1. 2.
Discussion 1 Computer Organization 1. 2.
Download
advertisement