GDPR PRIVACY NOTICE
This Global Privacy Notice summarises and describes how AMITY Corporation ,hereinafter referred to as “AMITY” or “we”/”our”/”us”) collects and use Personal Data about you prior, during and after your working relationship with us, in accordance with the Regulation (EU) 2016/679 (General Data Protection Regulation, the “GDPR”).
2. Key Terms
For the purposes of this notice only:
“Personal Data” means any information that we hold about you from which they can be individually identified or identifiable, whether directly or indirectly.
“Processing” means any operation or set of operations which is performed on Personal Data or on sets of Personal Data, whether or not by automated means, such as collection, use, disclosure, storage, amendment and destruction.
3. The Kind of Information We Process/ Hold About you
We handle the following categories of Personal Data about you:
- personal information such as title, name, gender, date of birth, and family information (including, but not limited to, marital status and dependants,) and staff number etc.;
- contact details such as addresses, telephone numbers and email addresses;
- identification information such as photographs, passport and/or individual number in the Social Security and Tax Number System, etc.
- pay and financial information such as salary, bonus, benefits (including pensions), bank account details;
- recruitment and professional information such as application forms, academic background and work experience etc.;
We also handle the following special categories of sensitive personal information about our staff:
- information about health, including any medical conditions, sickness absence records, occupational health records, medical reports, insurance claims, etc.
4. How Do We Collect Personal Data?
We collect Personal Data about you through the recruitment process from the following sources: i) from you directly , ii) from your references, or iii) background check provider and iv) during the course of you working for us. We may sometimes also collect additional information from third parties, including former employers, credit reference agencies, etc.
If you fail to provide certain information when requested, we may not be able to perform the contract we have entered into with you (such as paying you or providing a benefit), or we may be prevented from complying with our legal obligations (such as to ensure the health and safety of our workers).
5. The Legal Basis for Processing Personal Data
We only process Personal Data where the Processing can be legally justified. This will usually be where the Processing is necessary:
- for the performance of contracts with you;
- for ensuring compliance with our legal obligations as an employer;
- for our legitimate interests (or those of a third party), provided your interests and fundamental rights do not override those interests;
It can also include data processed by us with your written consent where it is to your benefit that we do so, for example to allow us to process sensitive personal data.
When you provide your family or other person’s information to us, you have to obtain prior consent by the family member or other person whose information will be provided.
6. How Personal Data Is Used
We process Personal Data for the following main purposes:
- salary, pensions, insurance and benefits administration;
- HR, business management and planning purposes;
- carrying out appraisals, handling disciplinary and grievance matters, performance management, career planning, training, promotion, secondments, etc.;
- managing disability, sickness or other types of leave, e.g. maternity leave;
- marketing and PR purposes;
- to facilitate communications between employees within the business;
- managing and safeguarding our management, IT and communications systems;
- security reasons;
- health and safety management;
- performing workforce analysis, project management and planning;
- training purposes;
- legal reasons, e.g. complying with employment and health and safety obligations, ensuring you are legally entitled to work in the countries where we employ you and you work, establishing or defending legal claims or when we are acting in the reasonable belief that it has the legal right to do so;
7. Share of Information
We may supply or share Personal Data to our group companies and other third parties that are our service assignees without prior consent by you. We may also supply or share Personal Data to third parties when it is necessary for some other justifiable reason permitted by law and/or regulations.
8. When Might We Transfer Personal Data Overseas?
Personal Data may be transferred to and processed in a country outside the European Economic Area (“EEA”) such as Japan and the United States. Please note that such transferred countries may not have the same data protection laws as the EEA and that they may not afford many of the rights conferred upon you in the First Country. We will ensure that any such international transfers are made subject to appropriate and suitable safeguards as required by relevant laws. When doing so, we will comply with applicable data protection requirements and take appropriate safeguards to ensure the security and integrity of Personal Data.
9. How Long Do We Keep Your Personal Data?
We only retain Personal Data for as long as is reasonably necessary for the purposes for which it is processed, as is required by law, or in order to establish, exercise or defend potential legal claims.
To determine the appropriate retention period for Personal Data, we consider the amount, nature, and sensitivity of the Personal Data, the potential risk of harm from unauthorised use or disclosure of Personal Data, the purposes for which we process Personal Data and whether we can achieve those purposes through other means, and the applicable legal requirements. Once you are no longer an employee, worker or contractor of us, we will retain and securely destroy Personal Data in accordance with applicable laws and regulations.
10. Security of Personal Data
We have put in place appropriate security measures to prevent Personal Data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to Personal Data to those employees, agents, contractors and other third parties who have a business need to know. They will only process Personal Data on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable supervisory authorities of a suspected breach where we are legally required to do so.
11. What Are Your Rights?
You have the following rights:
- You have the right during and after your employment to request access to the information we hold about you.
- You may also ask us to correct, delete or remove information that is irrelevant or inaccurate. If we can agree to that request, it will be actioned. If we cannot, we will explain our reasons to you in writing as soon as we can.
- In some circumstances, you may also have a right to ask us to restrict the Processing of Personal Data or to object to the Processing or transfer of Personal Data.
- If you wish to raise a complaint about how we have handled Personal Data, you can lodge a complaint with the relevant data protection authority.
If you want to make a request for Personal Data specified in the Section 11.1 or any questions about this privacy notice or information we hold about you, please contact your recruiting office or trainer at the Education Department.
12. Changes To the Privacy Notice
We may update this notice periodically. Where we do this, we will inform you of the changes. This notice is non-contractual, which means it does not confer any legal rights on any member of staff and we may amend it at any time in line with law or good practice.