A. AboutXtreme’s Commitment to Data Privacy
The Notice set forth below outlines the Personal Data that AboutXtreme may collect, how AboutXtreme uses and safeguards that data, and with whom we may share it. This Notice is intended to provide notice to individuals regarding Personal Data in an effort to be compliant with the data privacy laws and regulations of the jurisdictions in which AboutXtreme operates as well as compliance with its own Data Privacy Compliance Manual.
B. Definitions
Data Subject: the individual, business, or other entity about which Personal Data is collected. In the case of this notice, the data subject is you, the employee.
Personal Data: any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;. Personal Data is also commonly referred to as “personal information” or “personally-identifiable information” (PII). Processing of Personal Data (“processing”): any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction. Employee Notice of Data Privacy, Policies and Procedures
Sensitive Personal Data: Personal Data that, if lost, compromised, or disclosed, could result in substantial harm, embarrassment, inconvenience, or unfairness to a Data Subject. Specific examples of sensitive personal data collected by AboutXtreme are provided in Section F. Third Party: a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or
processor, are authorized to process personal data.
C. Scope
This Notice applies throughout the AboutXtreme enterprise, including its wholly owned or controlled subsidiaries and affiliates. Unless otherwise required by a local law or provided for in a subsequent or different notice, this Notice is intended to apply to all AboutXtreme employees in all operating units of AboutXtreme globally. Unless otherwise required by a local jurisdiction or provided for in a subsequent or different notice, this Notice applies to all the processing of Personal Data by the AboutXtreme organization, including its wholly owned subsidiaries, affiliates, and any third parties. While global in scope, elements of this notice specific to compliance with the European Union’s General Data Protection Regulation (GDPR) are provided below.
D. Application of Local Law
This Notice and the corresponding Data Privacy Compliance Manual is designed to set a uniform minimum standard for every AboutXtreme entity with respect to its protection of AboutXtreme Employees’ Personal Data. AboutXtreme recognizes that certain laws may impose additional requirements than those described in this Notice and the corresponding Data Privacy Compliance Manual. AboutXtreme will endeavor to collect and process Employees’ Personal Data in accordance with local law applicable at the location where such Employee Personal Data is collected and processed. Specifically, this Notice provides necessary information for AboutXtreme’s compliance with the EU’s GDPR.
E. Employee Data Collected
The types of employee data AboutXtreme collects (directly from you or from public or third party information sources) and shares depends on the nature of your position and role within AboutXtreme and the requirements of applicable laws in a relevant jurisdiction. Examples of this information may include, among other things:
• contact information (e.g., name, home and business addresses, telephone, fax and pager numbers, e-mail addresses, emergency contact information)
• personal information (e.g., date of birth, marital status, birth place, nationality, race, gender, religion, preferred language);
• employment, performance, compensation, and benefits (e.g., hire date, adjusted service date, action/status codes, AboutXtreme identification number, job title, position/grade, attendance, department, business unit, supervisor, site, union, objectives, projects, performance reviews, performance and leadership ratings, salary, bonus, long term incentives, awards, retirement, family member/dependents names and dates of birth);
• education and training (e.g., education level, field and institution; competency
assessments; professional licenses and certifications; training courses);
• social security number or other national identification number;
• passport number;
• driver’s license number, vehicle license plate number;
• bank account information;
• corporate card number;
• employment history and letters of recommendation;
• work restrictions and accommodations;
• industrial hygiene exposure assessment and monitoring information;
• agreements that you enter into with AboutXtreme;
• computer or facilities access and authentication information;
• grievance resolutions; and
• photographs and other visual images of you.
The examples provided are not all-inclusive, and AboutXtreme also may collect similar or related information.
Sensitive data: (e.g., data that reveal race, ethnic origin, religious or philosophical beliefs, health, sexual orientation, political opinions, or trade union membership) are collected only where allowed by law and are used and disclosed only to fulfill legal requirements unless employee provides consent for such collection or disclosure.
Certain information collected is required to establish the employment relationship. You may inquire at the time of collection as to whether certain information is required or optional to establish the employment relationship. Further, where permissible and as described in Section J of this Notice, you may inquire about correction of deletion of any information initially provided.
AboutXtreme will retain your personal data for the length of your employment, plus at least an additional year following termination of the employment relationship. In certain jurisdictions, the length of time following termination may vary depending on local law. You can request the specific time period of retention by contacting your manager or using the contact information in
this Notice.
F. Purposes of Collecting Personal Data
The collected personal information is processed for AboutXtreme’s business purposes, including establishing, managing, or terminating your employment relationship with AboutXtreme.
Such uses include:
• determining eligibility for initial employment, including the verification of references and qualifications;
• administering pay and benefits;
• processing employee work-related claims (e.g. worker compensation, insurance claims, etc.);
• establishing training and/or development requirements;
• conducting performance reviews and determining performance requirements;
• assessing qualifications for a particular job or task;
• gathering evidence for disciplinary action or termination;
• establishing a contact point in the event of an emergency (such as next of kin);
• complying with applicable labor or employment statutes;
• compiling directories;
• ensuring the security of company-held information; and
• such other purposes as are reasonably required by AboutXtreme.
The uses provided are not all-inclusive, and AboutXtreme also may collect similar or related information consistent with laws and regulations of a particular jurisdiction, and subsequent notice provided or posted as consistent with applicable legal requirements.
G. Disclosure of Personal Data
AboutXtreme may share your Personal Data with our employees, contractors, consultants, and other parties who require such information to assist us with establishing, managing, or terminating our employment relationship with you, including parties that (a) provide products or services to us oron our behalf or (b) collaborate with us in the provision of products or services to you. In some instances, such parties may also provide certain information technology and
data processing services to us so that we may operate our business. We may share Personal Data with such parties both in and outside of your home country, and, as a result, your Personal Data may be collected, used, processed, stored, or disclosed in jurisdictions outside of your home country. When AboutXtreme shares Personal Data with such parties, our policy is to require that they only use or disclose such Personal Data in a manner consistent with the use and disclosure provisions of this Notice and consistent with the laws and regulations of the country where you live. In addition, Personal Data may be disclosed or transferred to another party (including Third Parties) in the event of a change in ownership of, or a grant of a security interest in, all or a part of AboutXtreme through, for example, an asset or share sale, or some other form of business combination, merger or joint venture, provided that such party is bound by appropriate agreements or obligations and required to use or disclose your personal information in a manner consistent with the use and disclosure provisions of this Privacy Notice, unless you consent otherwise. Further, your Personal Data may be disclosed:
• as permitted or required by applicable law or regulatory requirements. In such a case, we will endeavor to not disclose more personal information than is required under the circumstances;
• to comply with valid legal processes such as search warrants, subpoenas, or court orders;
• as part of AboutXtreme’s regular reporting activities to other parts of AboutXtreme’s enterprise
• to protect the rights and property of AboutXtreme;
• during emergency situations or where necessary to protect the safety of a person or group of persons;
• where the personal information is publicly available; or
• with your consent where such consent is required by law.
To a limited extent AboutXtreme may need to collect Sensitive Personal Data, AboutXtreme will ensure that the Data Subject is informed of such collection and processing through notice provided at the outset of the employee’s employment with AboutXtreme and at other times where required by law. Where required by law, the Data Subject’s explicit consent to the processing and particularly to the transfer of such Sensitive Personal Data to Third Parties will be obtained. Appropriate security and protection measures will be provided depending on the nature of the information and the risks associated with the intended uses.
H. Security and Data Integrity
AboutXtreme will take reasonable precautions to protect Personal Data in its possession secure against the risk of loss, misuse, unauthorized access, disclosure, alteration and destruction. AboutXtreme periodically reviews its security measures in an effort to ensure the privacy of Personal Data.
AboutXtreme will take reasonable precautions to ensure Personal Data is used only in ways that are compatible with the purposes for which the data was collected or subsequently authorized by the individual. While AboutXtreme will take reasonable steps to ensure that Personal Data is relevant to its intended use, accurate, complete, and current, AboutXtreme also relies upon you to assist in providing accurate updates of your Personal Data.
I. EU Data Privacy Rights
If your personal data is processed in the EU or you are a resident of the EU, the EU General Data Protection Regulation grants you certain rights under the law. In particular, the right to access, correct, or delete the personal data AboutXtreme holds about you. To the extent required by local law, upon request, AboutXtreme will grant individuals reasonable access to Personal Data that it holds about them. In addition, at an employee’s request, AboutXtreme will take reasonable steps to permit individuals to correct, amend, or delete information it holds about them. AboutXtreme will rely on you to assist in providing timely updates to Personal Data held by AboutXtreme you know to be incorrect. The data AboutXtreme collects about employees is required in order to maintain the employment relationships. If you inquire about deletion of certain data needed to maintain the employment relationship, AboutXtreme may be unable to delete that data and continue the employment relationship. As required by the laws and regulations of the relevant jurisdiction, AboutXtreme will provide a Data Subject access to the following information related to the Data Subject’s Personal Data:
• the purposes of any processing;
• the categories of Personal Data processed;
• the recipients or categories of recipients to whom the Personal Data are to be or have been disclosed, in particular Third Parties;
• the period for which the Personal Data will be stored;
• the existence of the right to request from AboutXtreme rectification or erasure of Personal Data concerning the Data Subject or to object to the processing of such Personal Data;
• the right to lodge a complaint to the DP Coordinator or Privacy Officer and the contact details of the DP Coordinator and Privacy Officer;
• communication of the Personal Data undergoing processing and of any available information as to their source;
• the significance and envisaged consequences of such processing.
To the extent allowed by law Data Subjects can request access to correct, amend, or delete Personal Data by contacting the following:
PHONE: 888-809-4AXT
EMAIL: hello@axtcorp.com
If you are located in the EU, you have the right to lodge a complaint regarding the processing of your data with your countries supervisory authority regulating data protection.
J. Legal Basis for Processing under GDPR
AboutXtreme’s processing of personal data is lawful under GDPR because it is necessary for the performance of the employment contract between you, the employee, and AboutXtreme. Further, AboutXtreme’s processing of personal data is lawful due to the legitimate interest of AboutXtreme as a controller. In order to operate and have employees to facilitate that operation, AboutXtreme must collect certain personal data from employee for the purposes already
outlined in this Notice.
K. Changes to this Privacy Notice
AboutXtreme reserves the right to modify this Notice from time to time in order that it accurately reflects the regulatory environment and our data collection principles. When material changes are made to this Notice, AboutXtreme will post the revised Privacy Statement on our website and provide employees subsequent notice where consistent with local laws or regulations.