girl with headphones work

Privacy Statement

This page tells you everything you need to know about how blue-infinity Linked by Isobar protects your personal data and what your rights are in relation to your personal data.

You will also find further information on this page about:

If you have any questions concerning data privacy, our Privacy Statements or any of the above, please Contact Us.
 


Global Privacy Principles

Last update: 24 May 2018
Version: 1.0

Dentsu Aegis Network Limited and its group companies are committed to respecting and protecting the privacy of all individuals that it interacts with. As part of our commitment, we have set out in these Global Privacy Principles our approach to how we handle your personal information, being any information that we obtain, process or control that relates to you.

These principles were developed by us in recognition of the differing legal standards that apply to data protection and privacy in all the markets and territories in which we do business. At the core of our principles are the ideas of proportionality and compliance with all applicable laws.

Our Privacy Principles

1. Notice – We will have transparent policies with regard to the processing of your personal information. We will notify you as to how we process your personal information. When notifying you, we will tell you what categories of organizations will have access to your personal information, for what purposes your personal information will be used and how you may exercise the rights we provide you under these Principles and our other policies. If possible we will provide notice at the point of collection, or if we obtain personal information indirectly, we will generally provide notice via our web sites.

2. Choice – Where required by applicable law, we will seek your knowledge and consent for the collection, use or disclosure of your personal information or for collection, use or disclosure of your personal information for additional purposes not previously notified to you or not apparent from your dealings with us. Consent may be given in a variety of different ways, and where you have given your consent you may exercise your right to withdraw it.

3. Purpose Specification – We will only use your personal information within the scope of what was notified to you or as may be permitted under applicable law. If for any reason we intend to use your personal information in a way incompatible with that scope, we will notify you so that you can choose that we do not use your data in that way.

4. Security and Confidentiality – We will use industry standard security when protecting your personal information from loss, misuse and unauthorized access, disclosure, alteration and destruction. We will keep confidential any confidential information provided to us. Further, we shall use contractual or other means to provide a comparable level of protection while your information is being processed by a third party.

5. Data Quality – We will make all efforts to ensure that your personal information is accurate, complete and kept up-to date. Where your personal information is no longer necessary for the purposes collected and notified to you, it will be deleted.

6. Access – We want you to be in control of your personal information and your privacy. Upon request, we will supply you with information about our processing of your personal information and be responsive to your reasonable requests to rectify or delete information held about you.

7. Accountability – We will take all the necessary measures to observe these Principles and our other privacy policies. We are responsible for personal information under our control, and when we process personal information, we shall designate an individual or individuals who are accountable for proper compliance with these Principles.

If you have any further questions about how we process your personal information, or if you would like to exercise any of your rights under our Global Privacy Principles, then please Contact Us.


Marketing Privacy Statement

Last update: 24 May 2018
Version: 1.0

Scope and Aims
This Marketing Privacy Statement (“Statement”) explains how Dentsu Aegis Network and its group companies ("DAN", "we", "our" or "us") collects and uses personal data for marketing purposes and how that information is kept secure.

Sources of Marketing Data
The bulk of the personal data we collect and use for marketing purposes relates to individual employees of our clients and other companies with which we have an existing business relationship. We may also obtain contact information from public sources, including content made public at social media websites, to make an initial contact with a relevant individual at a client or other company.

Targeted E-mail
Our targeted e-mail messages typically include web beacons, cookies, and similar technologies that allow us to know whether you open, read, or delete the message, and links you may click. When you click a link in a marketing e-mail you receive from us, we will also use a cookie to log what pages you view and what content you download from our websites, even if you are not registered at or signed into our site.

Targeted e-mails from us may include additional data privacy information, as required by applicable laws.

Customer Relationship Management (CRM) Databases
Like all large companies, we use customer relationship management (CRM) database technology to manage and track our marketing efforts. Our CRM databases include personal data belonging to individuals at our client and other companies with whom we already have a business relationship or want to develop one. The personal data used for these purposes includes relevant business information, such as: contact data, publicly available information (e.g. board membership, published articles, press releases, your public posts on social media sites if relevant for business purpose), your responses to targeted e-mail (including web activity following links from our e-mails), website activity of registered users of our website, and other business information included by our professionals based on their personal interactions with you. If you wish to be excluded from our CRM databases, please use the Contact Us form.

Combining and Analyzing Personal Data
As described above, we may combine data from publicly available sources, and from our e-mail, website, and personal interactions with you. We combine this data to better understand your needs and the needs of your company, to assess the suitability of our service offerings for your needs, and to perform the other activities described throughout this privacy statement.

Your Rights
You can exercise your right to prevent marketing communications to you by checking certain boxes on the forms we use to collect your personal data, or by utilizing opt-out mechanisms in e-mails we send to you. You can also exercise the right to discontinue marketing communications to you, or to have your personal data removed from our customer relationship management (CRM) databases at any time by using our Contact Us form. In such cases, we will retain minimum personal data to note that you opted out in order to avoid contacting you again.


Recruitment Candidate Privacy Statement 

Last update: 16 March 2018
Version: 1.0

Scope and Aims
This Privacy Statement (“Statement”) explains how Dentsu Aegis Network and its group companies ("DAN", "we", "our" or "us") collects and uses candidate personal information and how that information is kept secure.

Please note that there may be additional guidance issued in the country that you are employed in. Wherever such local guidance may be required to enable compliance with any local law or regulation, if that local guidance is in any respect inconsistent with this document, this document shall only apply to the extent that it is consistent, or may be made consistent, with that local guidance from time to time.

Your Information and Privacy
At DAN, we take privacy very seriously. We do need your information so that we can provide world class recruitment services to you, however protecting your information and respecting your privacy is fundamental to maintaining your trust. Our Global Privacy Principles can be found here.#Global Privacy Principles

We utilise global HR information systems ("HRIS") for recruitment purposes and to capture and store personal data on potential employees and recruitment candidates.

What type of personal data do we collect about you as part of the recruitment process?

We collect and use different types of personal information about you, depending on your circumstances, your role and the law. This list below is illustrative and non-exhaustive.

Type of Information

Examples

Information to contact you at work or home

name, address, telephone, and e-mail addresses.

Information about who to contact in a case of emergency (yours or ours)

name, address, telephone, e-mail addresses and their relationship to you.

Information to identify you

Photographs, passport and/or driving licence details, electronic signatures, national insurance or social security numbers (where applicable).

Information about your suitability to work for us and/or a relevant third party:

References, interview notes, work visas, ID information such as passport details and driving licence information, records/results of pre-employment checks, including criminal record checks, credit and fraud checks.

Information about your skills and experience

CVs, resumes and/or application forms, references, records of qualifications, skills, training and other compliance requirements.

Additional data that we may request where permitted by law.

We may, subject to local laws, ask you to register your personal profile which could include declaring information about your ethnicity, disability, age, religion/belief, gender and sexual orientation.

 

 

Who collects your personal data?

Your personal data is collected by the DAN organisation for purposes of the recruitment process, where, if successful, you may enter into an employment contract. This DAN organisation is a data controller in relation to the personal data that’s collected about you.

How is your personal data collected?

We collect personal data from you and from other organisations, as described below.

You provide personal data about yourself and others

This is personal data that you provide to the local HR Recruitment team or enter directly into DAN recruitment systems (where applicable).

You may also provide us with personal data about others, notably your dependents and other family members. This tends to happen for HR administration and management reasons, eg emergency contact details.

We may collect personal data from other organisations

We may obtain information about you from other organisations. For example, we may gather references from your previous employer(s); medical reports from external professionals; and, the results of a background check (where permitted by applicable law).

How do we use your personal data?

We may collect and further process your personal data for various purposes subject to local law and any applicable collective bargaining agreements. Please note, that the list below is not an exhaustive list of the purposes for which we process personal data for recruitment purposes.

Purposes for which we need your personal information:

Examples

 

Recruitment

 

To assess your suitability to work for DAN;

  • To perform requisition and applicant management activities;
  • To perform precision matching to job vacancies;
  • To conduct screening, assessments and interviews;
  • To maintain a library of correspondence;
  • To make offers and provide contracts of employment;
  • To conduct pre-employment checks, including determining your legal right to work and carrying out criminal record and credit checks where applicable

To operate the relationships with customers and suppliers

This may include

  • the disclosure to customers of relevant vetting information (in line with the appropriate requirements of regulated customers),
  • contact details, curriculum vitae information, or photographic images.

Fraud prevention

We may check your details with/against fraud prevention databases

Diversity Information

In some countries we may, subject to local laws, ask you to register with us your personal profile which could include declaring information about your ethnicity, disability, age, religion/belief, gender and sexual orientation. This information is used to help us improve our employment practices and access to this information is strictly limited.

 

 

What are our legal bases for processing your personal data?

Data protection laws may require that we only process your personal data where we have a legal basis for doing so. In compliance with these laws, our processing activities are done on one or more of the following legal bases:

  • The processing is necessary for our compliance with a legal obligation;
  • The processing is necessary for legitimate interests that are pursued by us or by a third party.
  • The processing is necessary for the performance of a contract to which you are party, or in order to take steps at your request prior to you and the DAN organisation entering into such a contract.

Processing of sensitive personal data

Our processing of sensitive personal data is done on one or more of the following legal bases. The processing is necessary:

  • For the purposes of carrying out our/your obligations or to exercise our/your specific rights under employment, social security or social protection law, to the extent permissible under applicable laws;
    • to protect your vital interests or the vital interests of another person where you or they, as applicable, are physically or legally incapable of giving consent (for example in a medical emergency)
    • for the establishment, exercise or defence of legal claims
    • solely to the extent that our processing of your sensitive personal data cannot be justified by one or more of the legal bases described above, we will obtain your consent to our processing of that personal data. This consent will be obtained from you separately.

Where we have sought your consent to the processing of your sensitive personal data, you may withdraw this consent by contacting your local HR recruitment team. Where you have withdrawn your consent but we retain the sensitive personal data, we will only process that data where we have another legal basis on which to do so (for example, where we need to process your personal data in order to carry out our obligations under employment law). You should note that the withdrawal of consent may prevent us from carrying out certain tasks. For example, contacting your next-of-kin in an emergency.

Processing of Personal Data Relating to Criminal Convictions and Offences

Personal data relating to criminal convictions and offences will only be processed by DAN where authorised to do so by applicable law. For example, a criminal record check may be carried out on recruitment where authorized by law.

Who has access to your personal data?

We may share your personal information between DAN organisations and use it for the purposes set out in this Privacy Statement. We may need to grant organisations outside of DAN access to your personal data. We will always take appropriate measures to keep your personal information confidential, secure and protected, including when we need to share it with our trusted partners.

Dentsu Aegis Network uses all reasonable means to ensure that third party sources use your personal information only for the purposes for which it was provided and in adherence to the Dentsu Aegis Network Privacy Policy.

Is your personal data sent to other territories?

Your personal data may be shared with other DAN organisations as well as organisations outside of DAN.

We may transfer your personal information to other countries (and may store it there), where our people (or suppliers) may process it. When this happens, we’ll make sure we follow the requirements of the law and that your personal information is always protected by the same security standards we follow.

How long do we keep your personal data?

We only hold your personal data for as long as there is a business need or a legal obligation to keep it.

Your rights

You have a number of rights in respect of your personal data. We’ve detailed these rights below.

Accessing your personal data
You have the right to request a copy of the personal data that DAN holds about you.

Keeping your personal data correct and up-to-date
You have a right to request that any inaccuracies in your personal data are corrected. It is important that the personal information we hold about you is kept accurate and up to date. We therefore need you to inform us of any change or update to your personal information.

Deleting and blocking use of personal data
You have the right to request the deletion or blocking of any irrelevant personal data we hold about you, or you may be entitled to object to our continued processing of your personal data.

Where you have been asked to provide your consent to our processing of your personal data, please note that you may withdraw such consent at any time by contacting your local HR Recruitment Team.

You should note that the withdrawal of consent may prevent us from carrying out certain tasks within the recruitment process.

Other rights if you are in France

If you are in France, you also have the right to issue general or specific directives regarding the disposition of your personal data after your death.

If you are an EU Citizen, there are additional rights available (from 25 May 2018)

From 25 May 2018, you also have the following rights:

Data portability – You may request that we provide you with the personal data that we hold on file about you and, where technically feasible, to transmit such data to another organisation – there are limitations to this under law

  • Right to restriction of processing - There are certain situations where you can restrict our processing of your personal data
  • Right to withdraw consent – Where we are relying upon your consent to process personal data, you have the right to withdraw such consent at any time.
  • Right to object to processing justified on legitimate interest grounds - Where your personal data is processed because of a legitimate interest purpose, you have the right to object to such processing.
  • Right to be forgotten – You have the right to request that we erase your personal data where:
    • the personal data is no longer necessary for the purposes it was originally collected;
    • our processing of your personal data is based solely upon your consent, and you withdraw your consent;
    • we are relying on the legal basis of legitimate interests to process your personal data (unless we can demonstrate compelling legitimate grounds for our processing of your personal data and those grounds override your interests); or
    • your personal data has been unlawfully processed, or must be erased for compliance with an applicable legal obligation under EU or an EU member state’s law.

In addition to the rights stated above, you have the right to lodge a complaint with a supervisory authority.

How do we keep your personal data safe?

We have security arrangements in place to guard against unauthorised access, improper use, alteration, destruction or accidental loss of your personal information.

We take appropriate organisational and technical security measures and have rules and procedures in place to ensure that any personal information we hold on computer systems is not accessed by anyone it shouldn’t be.

When we use third party organisations to process information on our behalf we ask them to demonstrate their compliance with our security requirements, and any instructions we may give them and their compliance with relevant data protection legislation throughout the time they work for DAN. These organisations take their instructions from us, and their obligations regarding what information they process and what they can do with it are agreed in the contracts we have with them.

Any questions?

If you have any questions or queries about the way in which we process your personal data please contact either your local HR Recruitment Team, or the Data Protection Officer –  by using our Contact Us form.

Status of this Privacy Statement and notification of changes

We may update this Privacy Statement at any time but will be reviewed annually.


Employee Privacy Statement

Last update: 2 May 2018
Version: 1.0

Your Information and Privacy
Dentsu Aegis Network and its group of organisations ("DAN", "we", "our" or "us") use global HR information systems ("HRIS") to store and further process data about their people, including employees, workers, individual contractors and contingent workers (collectively referred to as "staff").

As a staff member, we want to make sure you understand how your personal data is processed within the HRIS.

This Privacy Statement explains the following:

  • What type of personal data we collect about you and use in the HRIS
  • Who collects your personal data
  • How your personal data is collected
  • How your personal data is used
  • Our legal basis for processing your personal data
  • Who has access to your personal data
  • How long we keep your personal data
  • Your rights
  • How we keep your personal data safe
  • Where to go if you have questions
  • Status of this Privacy Statement and your notification of changes to it
  • Definitions

What type of personal data do we collect about you and use in the HRIS?

We collect various types of personal data about you – as shown by the non-exhaustive list below:

  • Staff-related data. Your title, forename, middle name(s) and surname, birth name, preferred name, any additional names, gender, nationality, second nationality, civil/marital status, date of birth, age, home contact details (address, telephone number, e-mail), bank details, national ID number and/or social security number, curriculum vitae (which may include details of your education, qualifications, work history), languages spoken, next-of-kin/dependant contact information.
  • Employment-related or Engagement-related data. Your work contact details (address, telephone number, e-mail), work location default hours, default language, time zone and currency for location; your remuneration information (including salary/hourly plan/contract pay information, as applicable, allowance, bonus and merit plans), your worker ID and various system IDs, your performance review information, absence records (including dates and categories of leave/time-off); your employee/contingent worker type; your hire/contract begin and end dates; your cost centre; your job title; your scheduled weekly hours, whether you are full or part time; your termination/contract end date and the reason for termination; your last day of work; status (active/inactive/terminated); position title; the reason for any change in job and date of change; your benefit coverage start date.
  • Additional data that we may collect where permitted by law. Examples of this type of data: documentation about you required under local immigration laws; your racial or ethnic origin; your health/disability details and other details provided by a medical professional; background/criminal record checks; reasons for time off/leave; certain maternity/adoption information; your trade union membership and political, religious, philosophical or similar beliefs; your sexual life and sexual orientation (which may be inferred from next-of-kin and emergency contact information); time off/benefits service date; brand; function; customer; competency; business title; various termination information.

Who collects your personal data?

Your personal data is collected by the DAN organisation that entered into an employment contract or relationship or a contract for services with you. This DAN organisation is a data controller in relation to the personal data that’s collected about you.

Your personal data may need to be processed by other DAN organisations, for their own independent purposes. In which case, these organisations are also data controllers of your personal data.

If you have questions about which DAN organisation is a data controller in respect of your personal data, please contact your local HR team or, where applicable, your data protection officer.

How is your personal data collected?

We collect personal data from you and from other organisations, as described below.

Please note that it may be mandatory for us to collect certain personal data about you. This will be the case where the law or a contract between you and the DAN organisation requires that your personal data is obtained. It will also be the case where collection of your personal data is necessary for the DAN organisation to enter into a contract with you.

You provide personal data about yourself and others

For instance, personal data that you provide to your local HR team or enter directly into the HRIS. Where you enter data into the HRIS, you will see that certain data fields are clearly labelled as ‘mandatory’. We require that you complete those mandatory data fields for a couple of reasons. Certain data, such as your banking details, are important – without this kind of information, the DAN organisation cannot fulfil its obligations to you under an employment contract or contract for services. We also make data fields mandatory where the law requires that we collect certain data about you.

You may also provide us with personal data about others, notably your dependents and other family members. This tends to happen for HR administration and management reasons. For example, the data may be needed for the administration of benefits or because we need to contact your next-of-kin in an emergency situation.

Before you provide us with the personal data of others, you must:

  • tell them:
    • that you intend to provide us with their personal data, and
    • how we (and our suppliers) will process their personal data; and
       
  • make sure they’re happy for you to share their personal data with us.

We may collect personal data from other organisations

We may obtain information about you from other organisations. For example, we may gather: references from your previous employer(s); medical reports from external professionals; information from tax authorities and benefits providers; and, the results of a background check (where permitted by applicable law).

How do we use your personal data?

Personal data

We may collect and further process your personal data for various purposes subject to local law and any applicable collective bargaining agreements. We’ve listed such purposes below. Please note, however, that this is not an exhaustive list of the purposes for which we process personal data.

  • Recruitment, training, development, promotion, career and succession planning;
  • Appropriate vetting for recruitment and team allocation including, where relevant and appropriate, credit checks, right to work verification, identity fraud checks, criminal record checks (where permitted by law), relevant employment history, relevant regulatory status and professional qualifications;
  • Providing and administering remuneration, benefits and incentive schemes and making appropriate tax and social security deductions and contributions;
  • Allocating and managing duties and responsibilities and the business activities to which they relate;
  • Communications between staff;
  • Managing and operating conduct, performance, capability, absence and grievance related reviews, allegations, complaints, investigations and processes and other informal and formal HR processes and making related management decisions;
  • Consultations or negotiations with representatives of the workforce;
  • Conducting surveys for benchmarking and identifying improved ways of working, staff relations and engagement at work (these will often be anonymous but may include profiling data such as age to support any analysis of the results);
  • Processing information about absence or (where required or permitted by applicable law) medical information regarding physical or mental health or condition in order to: assess eligibility for incapacity or permanent disability related remuneration or benefits; determine fitness for work; facilitate a return to work; make adjustments or accommodations to duties or the workplace; and make management decisions regarding employment or engagement, or continued employment or engagement, or redeployment, and conduct-related processes;
  • For planning, managing and carrying out restructuring or redundancies or other change programmes including appropriate consultation, selection, alternative employment searches and related management decisions;
  • Complying with reference requests from potential employers where DAN is named as a referee;
  • Operating email, IT, internet, social media, HR-related and other company policies and procedures. The company carries out monitoring of DAN's IT systems to protect and maintain the systems; to ensure compliance with DAN policies, including the OP3 Acceptable Use policy; and to locate information through searches where needed for a legitimate business purpose;
  • Complying with applicable laws and regulation (for example maternity or parental leave legislation, working time and health and safety legislation, taxation rules, worker consultation requirements, other employment laws and regulations to which DAN is subject);
  • Where required or permitted by applicable law, monitoring programmes to ensure equality of opportunity and diversity with regard to personal characteristics protected under local anti-discrimination laws;
  • Planning, due diligence and implementation in relation to a commercial transaction or service transfer that impacts your relationship with DAN. For example, mergers and acquisitions or a transfer of your employment under automatic transfer rules;
  • For business operational and reporting documentation, such as the preparation of annual reports or tenders for work or customer team records including the use of photographic images;
  • To operate the relationships with customers and suppliers. This may include the disclosure to customers of relevant vetting information (in line with the appropriate requirements of regulated customers), contact details, curriculum vitae information, or photographic images. Disclosure of personal data to suppliers may also be necessary;
  • Where relevant for publishing appropriate internal or external communications or publicity material including via social media in appropriate circumstances;
  • To support HR administration and management. This includes maintaining and processing general records necessary for the management of staff and to operate the contract of employment or contract for services between you and the DAN organisation;
  • To centralise HR administration and management processing operations in an efficient manner for the benefit of our staff;
  • To change access permissions;
  • To provide support and maintenance for the HRIS;
  • To enforce our legal rights and obligations, and for any purposes in connection with any legal claims made by, against or otherwise involving you;
  • To comply with lawful requests by public authorities (including without limitation to meet national security or law enforcement requirements), discovery requests, or where otherwise required or permitted by applicable laws, court orders, government regulations, or regulatory authorities (including without limitation data protection, tax and employment), whether within or outside your country; and
  • Other related purposes permitted by applicable privacy and data protection legislation including legitimate interests pursued by DAN where this is not overridden by the interests or fundamental rights and freedoms of staff.

Sensitive personal data

In some territories, the law permits us to collect sensitive personal data or information from which sensitive personal data may be deduced. Therefore, if the law allows, you may be asked to provide us with such data.

The purposes for which we process your sensitive personal data may (to the extent required or permitted by applicable law) include the following. Please note, however, that this is not an exhaustive list of the purposes for which we may process this type of data:

  • Documentation such as work permits, details of residency, visa or similar certificate of entitlement to enter, leave or stay in a country, or proof of citizenship are used to assess and review your eligibility to work for DAN.
     
  • Your racial or ethnic origin, religion, philosophical or political belief, sexual orientation or disability status may be used by DAN. DAN records these statistics where necessary to comply with the equality and diversity requirements of local law. And, subject to local laws, DAN may use the data for statistical reasons – for instance, the statistics derived from your personal data are used for equal opportunities purposes.
     
  • Information about your racial or ethnic origin, religion, philosophical or political belief, sexual orientation or sexual life may be used in the event of a complaint under the DAN grievance, whistleblowing, anti-bullying and harassment or similar policies. In which case, such information shall be used by DAN where it is relevant to the particular complaint and so that DAN may comply with its employment law obligations.
     
  • Health and medical information may be used by DAN so that it can comply with employment, health and safety or social security laws. For example, DAN may need to use this data in order to:
    • provide statutory incapacity or maternity benefits;
    • avoid breaching its legal duties to you;
    • ensure fair and lawful management of your employment or engagement with the DAN organisation;
    • avoid unlawful termination of your employment or engagement with the DAN organisation;
    • make reasonable accommodations or adjustments and avoid unlawful discrimination, or to deal with complaints arising in this regard.
  • Trade union membership may be recorded by DAN. This is for the purpose of ensuring you receive the specific rights to which you are entitled under the Trade Union membership. In turn, this enables DAN to meet its obligations under employment law.

Additional information about the ways in which DAN processes your personal data may be notified to you locally.

What are our legal bases for processing your personal data?

Data protection laws may require that we only process your personal data where we have a legal basis for doing so. In compliance with these laws, our processing activities are done on one or more of the following legal bases:

  • The processing is necessary for our compliance with a legal obligation to which we are subject;
  • The processing is necessary for legitimate interests that are pursued by us or by a third party. The section above entitled How do we use your personal data? calls out these legitimate interests (but please note that the other legal bases mentioned in this Privacy Statement may also apply to our use of your personal data).
  • The processing is necessary for the performance of a contract to which you are party, or in order to take steps at your request prior to you and the DAN organisation entering into such a contract.

Processing of sensitive personal data

Our processing of sensitive personal data is done on one or more of the following legal bases:

  • the processing is necessary for the purposes of carrying out our/your obligations or to exercise our/your specific rights under employment, social security or social protection law, to the extent permissible under applicable laws;
  • the processing is necessary for the purposes of preventive or occupational medicine, for the assessment of your working capacity, medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems and services, to the extent permitted by applicable laws;
  • the processing is necessary to protect your vital interests or the vital interests of another person where you or they, as applicable, are physically or legally incapable of giving consent (for example in a medical emergency);
  • the processing is necessary for the establishment, exercise or defence of legal claims; or
  • solely to the extent that our processing of your sensitive personal data cannot be justified by one or more of the legal bases described above, we will obtain your consent to our processing of that personal data. This consent will be obtained from you separately.

Where we have sought your consent to the processing of your sensitive personal data, you may withdraw this consent by contacting your local HR team or, in some cases, deleting this information from the HRIS yourself. Where you have withdrawn your consent but we retain the sensitive personal data, we will only process that data where we have another legal basis on which to do so (for example, where we need to process your personal data in order to carry out our obligations under employment law). You should note that the withdrawal of consent may prevent us from carrying out certain tasks. For example, contacting your next-of-kin in an emergency.

Processing of Personal Data Relating to Criminal Convictions and Offences

Personal data relating to criminal convictions and offences will only be processed by DAN where authorised to do so by applicable law. For example:

  • a criminal record check may be carried out on recruitment or transfer where authorised by law; or
  • an allegation of a criminal offence or conviction arising during your relationship with DAN may be processed. This will happen, for instance, if there is a legal requirement for DAN to report the offence, or if DAN is permitted by law to use the information about your offence when making decisions about your relationship with DAN.

Who has access to your personal data?

When we share your personal data within DAN

We keep your personal data within DAN. This means that your personal data may be shared with other DAN organisations. The following people and teams within DAN may be granted – on a need-to-know basis - access to your personal data:

  • local, regional and global HR managers and HR team members;
  • local, regional and executive management responsible for managing or making decisions in connection with your relationship with DAN, or when involved in an HR process concerning your relationship with DAN;
  • system administrators; and
  • where necessary for the performance of specific tasks or system maintenance, teams such as the Finance and IT Department and the Global HRIS support team.

Basic personal data, such as your name, location, job title, contact information, any published skills and experience profile, as well as any photo that you upload to the HRIS, may be accessible to all staff for business purposes.

When we share your personal data outside of DAN

We may need to grant organisations outside of DAN access to your personal data. To help you understand who these organisations are, here is a non-exhaustive list:

  • Organisations (and their sub-contractors) that provide us with technology solutions and/or support. For example:
    • Organisations such as Workday that have been engaged to host, support and otherwise maintain the HRIS.
    • Organisations that provide systems which interconnect with the HRIS. These systems include expenses management software from Concur, SAP SuccessFactors, Nintex, SailPoint, the Global Active Directory, local payroll and benefits systems.
       
  • DAN’s professional advisers. For example:
    • Insurers
    • Bankers
    • Investors
    • IT administrators
    • Lawyers
    • Auditors
    • Consultants
    • Payroll providers
    • Administrators of DAN’s benefits programmes
       
  • Authority, agency or other body with jurisdiction

When we share personal data with organisations outside of DAN, we require those organisations to treat the data in accordance with applicable law, including laws about data confidentiality and security.

And, where we engage those organisations (such as our payroll provider) to process personal data on our behalf, we require the data is treated consistently with this Privacy Statement.

For further details of the organisations outside of DAN that have access to your personal data please contact your local HR department or, where applicable, your data protection officer.

Is your personal data sent to other territories?
As mentioned in the section entitled Who has access to your personal data? your personal data may be shared with other DAN organisations as well as organisations outside of DAN. These organisations may be located in various locations worldwide, such as Canada, New Zealand and the US.

This means that your personal data may be transferred to a territory or country that: (a) is outside of the country in which you work, and (b) the European Commission (or other relevant governmental organisation) regards as offering an inadequate level of data protection.

Where there is a transfer of your personal data from the EEA to territories or countries outside of the EEA, we will make sure that such transfer is done in accordance with applicable data protection law. If you have any questions about this, please contact your local HR department or, where applicable, your data protection officer.

How long do we keep your personal data?
In general, we keep your personal data for as long as it is required bearing in mind the purpose(s) for which it was collected. This will usually be the period of your employment or contract with the DAN organisation plus the length of any applicable statutory limitation period once that employment or contract period has ended. Some data, such as pension information, may need to be kept for longer. And, we may keep some types of data, for example tax records, for different periods of time, as required by applicable law.

Your rights
You have a number of rights in respect of your personal data. We’ve detailed these rights below. For further information regarding your rights, or to exercise any of your rights, please contact your local HR department or, where applicable, your data protection officer.

Accessing your personal data
You have the right to request a copy of the personal data that DAN holds about you. But do bear in mind that you can easily see most of this data by logging into the HRIS.

Keeping your personal data correct and up-to-date
You have a right to request that any inaccuracies in your personal data are corrected.

We aim to ensure that all personal data is correct and up-to-date. You also have a responsibility to notify us of any changes to your personal circumstances that may render your data inaccurate - for example, any change of address or bank account.

You can update most of the personal data that we hold about you by logging into the HRIS. Certain information can only be amended with the help of your local HR team, so please contact them if necessary.

Deleting and blocking use of personal data
You have the right to request the deletion or blocking of any irrelevant personal data we hold about you, or you may be entitled to object to our continued processing of your personal data.

Where you have been asked to provide your consent to our processing of your personal data, please note that you may withdraw such consent at any time by contacting your local HR department or, in some cases, by deleting this information from the HRIS yourself.

Where you have withdrawn your consent but we retain your personal data, please note that we will only continue to process such data where we have another legal basis on which to do so. For example, where we need to process your personal data so that we can comply with our employment law obligations.

You should note that the withdrawal of consent may prevent us from carrying out certain tasks. For example, administering certain benefits, contacting your next-of-kin in an emergency, or providing support to you above and beyond our legal obligations.

Other rights if you are in France

If you are in France, you also have the right to issue general or specific directives regarding the disposition of your personal data after your death.

Your additional rights (from 25 May 2018)

From 25 May 2018, you also have the following rights:

  • Data portability – You may request that we provide you with the personal data that we hold on file about you and, where technically feasible, to transmit such data to another organisation. We must add, however, that your right to request this is limited. It is limited to the personal data for which you gave your consent to process, or to the personal data that the DAN organisation needs to perform its obligations under a contract with you.
     
  • Right to restriction of processing - You can restrict our processing of your personal data in the following circumstances:
    • you contest the accuracy of the personal data that we hold about you, restricting us from processing it until we have taken sufficient steps to correct or verify its accuracy;
    • the processing is unlawful, but instead of asking us to erase the personal data you request that we restrict our use of it;
    • we no longer need the personal data for the purposes it was originally collected, but you require the data for the establishment, exercise or defence of legal claims; or

where your personal data is processed because of a legitimate interest that is pursued by us or by a third party and you have objected to that processing, you can restrict our continued processing of that data. This restriction applies until it has been verified that DAN has compelling legitimate grounds to resume processing.

Where your personal data is subjected to a restriction in this way, we will only process it with your consent or for the establishment, exercise or defence of legal claims.

  • Right to withdraw consent - To the extent that we are relying upon your consent to process personal data, you have the right to withdraw such consent at any time. You can do this by (i) in some cases deleting the relevant data from the HRIS (but do note that it may remain in back-ups and linked systems until it is deleted in accordance with our data retention policy) or (ii) contacting your local HR team.
     
  • Right to object to processing justified on legitimate interest grounds - Where your personal data is processed because of a legitimate interest that is pursued by us or by a third party, you may object to such processing. In which case, we shall no longer process this personal data unless we can demonstrate compelling legitimate grounds to resume processing (and those grounds override your interests, rights and freedoms), or we need to process the data for the establishment, exercise or defence of legal claims.
     
  • Right to be forgotten – You have the right to request that we erase your personal data where:
    • the personal data is no longer necessary for the purposes it was originally collected;
    • our processing of your personal data is based solely upon your consent, and you withdraw your consent;
    • we are relying on the legal basis of legitimate interests to process your personal data (unless we can demonstrate compelling legitimate grounds for our processing of your personal data and those grounds override your interests); or
    • your personal data has been unlawfully processed, or has to be erased for compliance with an applicable legal obligation under EU or an EU member state’s law.

In addition to the rights stated above, you have the right to lodge a complaint with a supervisory authority.

How do we keep your personal data safe?

Taking into account state of the art measures and the cost of implementing them, DAN uses a variety of technical and organisational methods to secure your personal data in accordance with applicable laws.

We are committed to protecting the security of the personal data you share with us. In support of this commitment, we have implemented appropriate technical and organizational measures to protect your personal data against:

  • unauthorised or accidental destruction, alteration and/or disclosure;
  • theft and accidental loss; and/or unauthorised access;
  • misuse;
  • damage; and/or
  • any other form of unauthorised processing.

Unfortunately, we cannot guarantee the security of your personal data as no security measures are perfect and there is always some risk of security incidents occurring.

Any questions?

If you have any questions about the way in which we process your personal data or if you believe your data protection rights have been violated, please contact your local HR team or, where applicable, your data protection officer by using our Contact Us form.

Status of this Privacy Statement and notification of changes

We collect personal data from you, so we are obliged to provide you with the information detailed in this Privacy Statement.

Please note that this Privacy Statement does not form part of the employment contract or the contract for services between you and the DAN organisation.

We may update this Privacy Statement at any time. Should we change our approach to data protection, you will be informed of these changes or made aware that we have updated the Privacy Statement.

Definitions

DAN organisation : The specific DAN entity that entered into an employment contract or relationship or a contract for services with you.

Data controller : The natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. This will be the DAN organisation that entered into an employment agreement or contract for services with you. It may also include other DAN organisations that need to process your personal data for their own purposes.

Other DAN organisations : The parents, affiliates, and/or subsidiaries of the DAN organisation described above.

Personal data : Any information relating to an identified or identifiable person. An identifiable person is someone who can be identified, directly or indirectly, by reference to details such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that person. Personal data includes the data that’s described in the section of the Privacy Statement called What type of personal data do we collect about you and use in the HRIS?

Processing (or Processed) : Any operation which is performed on personal data - such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

Sensitive personal data : Personal data that may reveal sensitive matters such as racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, and also includes genetic data, biometric data processed for the purpose of uniquely identifying a natural person, data concerning health or sex life or orientation. Sensitive personal data includes the data that’s described in the section of the Privacy Statement called What type of personal data do we collect about you and use in the HRIS?

Supervisory authority : The authority responsible for dealing with data protection. In the UK, for example, this would be the Information Commissioner’s Office.

If you have any questions concerning data privacy or you want to let us know about our Employee Privacy Statement, please Contact Us.


Contact our Data Policy team