Last Updated: July 20th, 2020
SimplexCC Ltd. and Simplex Payment Services, UAB and its affiliated companies (collectively “we“, or “the Company”) provides this Data Privacy Notice to explain our practices regarding the collection, use, transfer and other processing of certain personal data about our employees, potential employees and contractors (“Individual Data”), as described in more detail below.
Please note you are under a legal obligation to provide the Company with some of the Individual Data (as specified below), whereas providing the remainder of the Individual Data is subject to your own free will and consent and to your relationship with the Company.
This Data Privacy Notice applies to current and former employees, workers and contractors, as well as candidates/applicants for a role. We may update this notice at any time.
It is important that you read this notice, together with any other privacy notice we may provide on specific occasions when we are collecting or processing personal information about you, so that you are aware of how and why we are using such information.
This document was drafted to help you, our employee or contractor, understand what personal data we, the Company, hold about you, how this data is processed and for what purposes, and what are your rights concerning data privacy.
If you have any questions or need assistance, contact our DPO, whose contact details can be found below.
In this document, you will find the answer to the following questions:
- Why do we collect your data? We will not collect your data unless for specified, explicit and legitimate purposes, in connection with our contractual relationship (whether as an employee or contractor), as required by applicable laws or regulations, or where we have obtained your consent.
- What Information we collect about you? Here you will find the list of the specific information we collect about you and the internal purposes for which the data is collected.
- How do we collect your data? In this section, we specify from which sources we might acquire data about you and under what circumstances.
- How do we use your personal data? Your data can only be processed by us for a legal and legitimate purpose.
- How do we share your personal data with other parties? During the course of our business, or for legal reasons, we might share some of your data with other parties. We understand the importance of making sure other parties also respect and protect your privacy, in the same way we do.
- How do we protect your personal data? We have put in place appropriate security measures to prevent your Personal Data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed, and we limit access to it, even within the company.
- For how long do we keep your data? We keep you data stored for as long as necessary to fulfil the purposes we collected it for, including for when the law requires us to keep it for a certain period.
- What are your rights? The law provides you with a series of rights. Make sure you understand them and feel able to exercise them.
- CATEGORIES OF INDIVIDUAL DATA
During your engagement with the Company, it is routine for us to collect, process and store Individual Data. Although not an exhaustive list, this will include:
- PERSONAL INFORMATION: including name and contact information (full name, home address, phone number and emergency contact information), date of birth, government identification numbers (such as social security numbers), citizenship/residency, work permits (where applicable), personal status (e.g. marital status), photos, attendance records, surveillance/security cameras footages, and other data collection permitted or required by local law;
- EMPLOYEE STATUS: including full-time, part-time, active, leave of absence, and employment termination data;
- ORGANIZATIONAL INFORMATION: including work contact information, job title, department, employer, cost center, location, hire date and any previous hire or service dates, work history, supervisor, and job function;
- COMPENSATION INFORMATION: including current base salary and differentials, pay range, type of employee, average hours worked, incentive information, equity and other compensation program participation, salary history;
- PAYROLL INFORMATION: including bank information, tax information, garnishments and deductions, time worked, vacation information, and other paid time off information;
- PERFORMANCE AND TALENT INFORMATION: including qualifications, evaluations, developmental planning, security policy permissions, communication data and other talent management and team based assessments.
- INFORMATION OF YOUR PRESENCE: including entry and exit data from the Company’s premises and surveillance cameras footages.
- APPLICATIONS/RECORDS: In addition, the Company collects and maintains different types of personal information concerning employees and candidates, including the personal information contained in:
- Resumes and job applications;
- References, recommendation checks and interview notes;
- Recruitment agencies’ reports;
- Attendance records;
- Surveillance/security cameras footages;
- In certain circumstances, and in accordance with applicable laws – criminal record checks;
- Medical evaluations for suitability to work;
- Letters offering and accepting employment;
- Mandatory policy acknowledgement sign-off sheets;
- Payroll information, including but not limited to social insurance number, paycheck deposit information;
- Forms relating to the application for, or in respect of changes to, employee health and welfare benefits, including, short and long term disability, medical care; and
- Emergency contact information.
- CCTV: as part of our security ecosystem, we use CCTV systems to monitor physical access to our facilities.
- IMAGES & VIDEO RECORDINGS: while documenting our social life within the company we may take pictures and video recordings.
- FINGERPRINT: our time attendance system may collect fingerprints (optionaly) as a means to identify employees uniquely.
- SOURCE OF INDIVIDUAL DATA
We generally collect the Individual Data directly from the employees or candidates, workers and contractors. From time to time, the Company receives personal information about the employee, worker or contractor, collected from third parties we do business with in the course of our business interactions, such as:
- Consumer reporting agencies;
- Recruitment and screening agencies;
- Regulatory bodies;
- Former employers;
- Employees referrals.
In those circumstances, the Company will take reasonable steps to ensure that those third parties have represented to us that they have the right to disclose the Individual Data to us. In other cases not currently anticipated, we will notify you of where the data came from unless you are already aware of this information.
- PURPOSES OF USE OF INDIVIDUAL DATA
The Company uses and otherwise processes Individual Data to the extent necessary or appropriate for the following purposes:
- Administering and managing all aspects of an employee’s employment relationship, including, but not limited to, payroll, benefits, corporate travel and other reimbursable expenses, workforce administration and planning, finance, accounting and compensation management, absence monitoring, performance appraisal, disciplinary and grievance processes and other general company, administrative and human resource related processes. This also includes sharing employees’ personal occasions such as birthdays, marriage, birth of a child, etc. within the company (so that employees could be congratulated by colleagues via internal communication systems, etc.).
- Training and employee development, including career development and succession planning;
- Information technology support;
- Cyber security programs;
- Security reasons (including ensuring the security of company-held information), such as to detect fraudulent or illegal behaviour, including for the purpose of conducting security screenings and background checks;
- Compliance activities;
- Conducting a due diligence of the Company in the event of a third party contemplating the purchase or investment in the Company;
- Conducting performance reviews and determining performance requirements, as well as assessing qualifications for a particular job or task, including appraisal and verification of the employee’s references and qualifications;
- Establishing, managing or terminating the employee’s employment;
- Identifying employees or candidates personally and communicate with them;
- Processing employee work-related claims (e.g. employee’s compensation, insurance claims, etc.).
- Gathering evidence for disciplinary action or termination;
- Establishing a contact point in the event of an emergency (such as next of kin);
- Complying with applicable laws, including labour and employment laws, including judicial or administrative orders regarding individual employees (e.g., garnishments, child support payments, statutory reporting requirements, etc.).
- Administering and managing all aspects of workers and contractors engagement by the Company.
The work output of the Company’s employees, workers and contractors, whether in paper record, computer files, or any other storage format belongs to the Company. In pursuance of one or more of the purposes noted above, the Company may monitor employees’ workers’ and contractors’ computer and email use, in strict accordance and subject to the limitations of applicable data protection and employment laws. You should therefore not have any expectation that they constitute your private information.
In the course of conducting business, we sometimes monitor employee, worker or contractor activities and our premises and property, such as by installing surveillance cameras at workplaces that pose high security risks (CCTV cameras). Any such surveillance cameras are there for the protection of employees and third parties, and prevent theft, vandalism and damage to the Company’s goods and property. In most cases, recorded images are routinely destroyed and not shared with third parties, except that such records may be turned over to the police or other appropriate government agency or authority where there is suspicion of a crime or such disclosure is otherwise necessary to enforce the laws.
We are legally required only to process your personal data for certain permitted purposes, and can confirm that we only carry out processing either:
- in line with the Company’s legitimate business interests, i.e. in the furtherance of:
- recruitment and succession planning
- organisation and distribution of work
- management forecasting
- promoting equality and diversity in the workplace
- ensuring health and safety in the workplace
- protection of company property and that belonging to third parties
- maintaining an efficient employee benefits program
- maintaining a well-managed and orderly workforce and business
- for occupational health purposes, and/or
- so that we can protect our business interests, and exercise our rights and obligations, both at law and in relation to your employment contract.
If there are any circumstances where the Company considers it needs to process data and it is not consistent with these reasons, we will provide you with an updated notification (or seek your express consent if that is necessary).
- WORKPLACE MONITORING
We monitor employee, worker or contractor activities and our premises and property, such as by installing surveillance cameras at workplaces that pose high security risks (CCTV cameras), as well as employees’, workers’ and contractors’ computer and email use.
This monitoring is carried out for the following purposes:
- To detect, investigate, and prevent crime, such as theft, fraud or illegal use of software or the intellectual property of the Company or a third party.
- To prevent the unauthorized or unlawful disclosure of confidential business information, for example, trade secrets.
- To comply with obligations to prevent discrimination or sexual harassment under applicable laws, and prevent or reduce company exposure to liability for the unlawful acts of employees, particularly in relation to racist or sexist communications in the workplace.
- Avoid damage to the company’s reputation and goodwill.
- To comply with laws and regulations, e.g., workplace safety, labour, tax and other requirements.
- To ensure the integrity of information systems and compliance with company security and data protection policies.
- CONDITIONS FOR PROCESSING PERSONAL INFORMATION
We will process your Personal Information for a variety of reasons, each of which is prescribed by relevant data protection laws.
- Fulfillment of a contract, compliance with a legal obligation
It is necessary for us to process your Personal Information where it is necessary for the performance of a contract or in order for us to comply with our various legal and/or regulatory responsibilities.
- Legitimate interests
We also process your Personal Information where we deem such processing to be in our (or a third party’s) legitimate interests and provided always that such processing will not prejudice your interests, rights and freedoms. Examples of us processing in accordance with legitimate interests would include: (i) where we disclose your Personal Information to any one or more of our associate/subsidiary companies following a restructure or for internal administrative purposes; (ii) detection and prevention of fraudulent or illegal activities; (iii) processing for the purposes of ensuring network and information security, including preventing unauthorized access to our electronic communications network; (iv) adhering to regulatory and statutory requirements; (v) sharing personal information with our advisers and professional services providers (such as auditors) for ensuring our compliance with regulatory requirements and industry best practices.
Our processing of your Personal Information for the purpose of establishing, managing or terminating your employment relationship does not rely on your consent. In addition, we may collect, use or disclose your Personal Information without your consent where we are permitted or required by applicable law or regulatory requirements to do so. Where your consent is required for our collection, use or disclosure of your Personal Information, we will obtain your consent. In these instances your Personal Information will be processed in accordance with such consent and you will be able to withdraw this consent in writing at any time.
- Special Categories of Personal Data
Our processing of your Personal Information may also involve special categories of personal data, such as your fingerprints (as defined under Article 9 of the GDPR). We will process such information, as well as disclose it to competent authorities (such as licensing bodies or law enforcement bodies), where it is necessary for the following purposes (to the extent permissible by applicable law): (i) prevention or detection of an unlawful act, (ii) preventive or occupational medicine, for the assessment of the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems; (ii) establishment, exercise or defence of legal claims or whenever courts are acting in their judicial capacity; and (iii) prevention of dishonesty, malpractice or other seriously improper conduct, provided that obtaining your consent may prejudice those purposes. In addition, we may process and disclose such information where it is necessary for the purposes of safeguarding your (or others’) economic well-being.
- SHARING INDIVIDUAL DATA WITH THIRD PARTIES
The Company shares the Individual Data, including as stated below:
- THIRD PARTY SERVICE PROVIDERS: We share personal data with third party service providers, for all the purposes listed above, including:
- Personnel risk and integrity assessment and selection solutions, such as in order to identify and reduce risks and ensure trustworthiness, to construct and administer occupational assessments and surveys, and manage end-to-end recruitment and selection processes;
- Human capital management and workforce management solutions to help manage and engage our workforce (such as time and attendance, absence management, salary review, pension payments, employment budget & planning, travel & flight accounting, tax returns, labor activities, analytics, talent acquisition and management, and compliance management with labor laws);
- Human resource information system or human resource management system;
- Enterprise resource planning (ERP) and record management tools;
- Payroll providers;
- Pension administrators and social welfare agencies (e.g. retirement plans);
- Insurance agencies (including health, medial and travel insurance);
- Healthcare administrators.
These third party service providers have access to Individual Data as needed to perform their functions, but they are not permitted to use it for other purposes. The Company also seeks to (i) exercise appropriate due diligence in the selection of such service providers, and (ii) require via contract or otherwise that such service providers maintain adequate technical and organizational security measures to safeguard the Individual Data, and process the Individual Data only as instructed by the Company.
- EXTERNAL ADVISORS: the Company also shares the Individual Data with its external advisors (e.g., lawyers, accountants, and auditors), subject to confidentiality provisions and as necessary.
- REGULATORY BODIES: We also share personal data with certain regulatory bodies to meet local statutory requirements (e.g. tax authorities, regulatory registration bodies, etc.), such as with governmental agencies and regulators (including tax authorities), social organizations (including a social benefits agency), courts and other tribunals, and government authorities, to the extent permitted or required by applicable law;
- PREVENT FRAUD AND CRIMINAL ACTIVITIES, LEGAL REQUESTS AND INVESTIGATIONS: We sometime disclose data about employees workers or contractors when such disclosure is deemed necessary by the Company to detect or prevent criminal activities or fraud, to comply with any statute, law, rule or regulation of any governmental authority or any order of any court of competent jurisdiction.
- BUSINESS TRANSFERS: As we continue to develop our business, we might sell or buy companies, subsidiaries, or business units. If the Company organizes its activities with another entity or in the event of a corporate transaction (such as in the sale of a substantial part of our business, merger, consolidation or asset sale), the Company shall have the right to transfer to such entity the Individual Data, provided that the other entity confirms that it shall be bound by the provisions of this Individual Data Privacy Notice towards the employee worker and contractor;
- RECRUITMENT AGENCIES/OTHER EMPLOYERS: the Company regularly receives requests for information about employees. In such an event, the company will take reasonable steps to ensure that the interests of its employees are safeguarded.
- LEGAL DISPUTES: If the Company receives a notice of legal proceedings against it for actions taken by an employee worker or contractor and in the context of any dispute, claim, suit, demand or legal proceedings, if any, between the Company and the employee worker or contractor;
Please note that your full name appears as part of your signature in email correspondence, however you may choose to replace your full name with your surname, using the standard settings of the email software.
- SAFEGUARDING PERSONAL INFORMATION
The Company takes great care in implementing and maintaining the security of employees’ workers’, contractors’ and candidates’/applicants’ personal data. To ensure the safety of our employees’ information, and prevent unauthorized use of any such information the Company employs industry standard practices and procedures such as compliance checks to ensure the policy is being adhered, data protection impact assessments, internal audits of processing activities etc.
Individuals within the human resources, legal, finance and accounting, security, communications, and information technology departments will receive access to Individual Data when necessary in connection with their job responsibilities, and subject to the Company’s internal security framework.
As an additional safeguard to employees’, workers’ and contractors’ personal data, the Company employs a Data Protection Officer (“DPO“). The DPO has the power to insist on company resources for data protection matters and has a deep knowledge of data protection regulation and law privacy requirements. The DPO’s responsibility includes, among other things: privacy and security compliance advice, notify authorities of a data breach incident, conducting awareness and training programs, etc. The DPO’s contact information is listed below.
- INTERNATIONAL TRANSFERS OF INDIVIDUAL DATA
Since the Company operates globally, it may be required to transfer Individual Data to service providers and affiliates in jurisdictions that are outside the European Economic Area (“EEA”).
These service providers and affiliates may use Individual Data for the purposes described in Section III, including supporting payroll processing, finance, accounting and human resources, global directory, and corporate compliance activities. The Company is taking ongoing measures to ensure that such service providers and affiliates have implemented appropriate safeguards to protect the security of Individual Data.
The data protection and other laws of these countries may not be as comprehensive as those in the European Union − in these instances we will take steps to ensure that a similar level of protection is given to your Individual Data and that such transfer is in accordance with EU privacy and data protection regulations. If you want to learn more about the details of these safeguards you should get in touch with us using the contact details at the bottom of this notice.
- EMPLOYEES, WORKERS AND CONTRACTORS RIGHTS
This section addresses certain rights the employees, workers, applicants and contractors may exercise with respect to their Individual Data. You can get more information in relation to your rights using the contact details below.
Employees, workers, applicants and contractors should send any of the below requests to the Company, and the Company will make efforts to respond promptly.
Right of access
You have the right to access the information we hold about you.
Correcting or erasing your information
You have the right to ask us (and third parties to whom we transfer your personal information) to rectify your personal information if it becomes inaccurate or incomplete.
In addition, note that you are responsible to update the Company if there are any changes or inaccuracies in your Individual Data.
You may also have the right to have incomplete personal data completed, including by means of providing a supplementary statement. Whether or not this is appropriate in any particular case depends on the purposes for which your information is being processed.
You have the right to ask us to erase your personal information if:
- your personal information has been processed unlawfully by us; or
- your personal information is no longer necessary for the purposes for which it was collected by us;
- or where you object to processing (see below) and there is no overriding legitimate interest for continuing to process your personal data.
We need to notify any third parties with whom we have shared your information that you have made a rectification or erasure requests. We will take reasonable steps to do this, but this may not always be possible or may involve disproportionate effort.
Restricting processing of your information
You have the right to restrict our processing of your personal information if:
- you contest the accuracy of the personal information held by us (for a period enabling us to verify the accuracy of the data);
- our processing activities are unlawful; or
- we no longer need your personal information but you would like us to retain it to ensure its continued availability to you in connection with any legal claims.
Right to object to processing
You can object to our processing your personal data under certain circumstances including where processing takes place in line with the Company’s legitimate business interests as set out above. Where you object to processing, we must stop processing your personal data unless we can show that our legitimate ground for processing of your personal data overrides your interests or where we need to process the data to establish, exercise or defend legal claims.
You have rights to obtain and reuse your personal data for your own purposes. This right only applies:
- to personal information you have provided to us (i.e. not any other information);
- where the processing is based on your consent or for the performance of a contract; and
- when processing is carried out by automated means.
We can refuse your data portability request if the processing does not satisfy the above criteria. Also, if the personal information concerns more than one individual, we may not be able to transfer this to you if doing so would prejudice that person’s rights.
Kindly note that the above rights are not absolute. There are instances where applicable law or regulatory requirements allow or require us to refuse your request, for example, refuse your request where we need to process the data to exercise or defend legal claims. In addition, in certain instances, your Individual Data may have been destroyed, erased or made anonymous in accordance with our record retention obligations and practices.
- RETENTION OF INDIVIDUAL DATA
Except as otherwise permitted or required by applicable law or regulatory requirements, the Company endeavors to retain your Individual Data only for as long as it believes is necessary to fulfill the purposes for which the Individual Data was collected (including, for the purpose of meeting any legal, accounting or other reporting requirements or obligations). We may, instead of destroying or erasing your Individual Data, make it anonymous such that it cannot be associated with or tracked back to you.
- CONTACT US
Employees or candidates workers and contractors who have any questions about this Privacy Notice, or wish to exercise their rights as listed in this Privacy Notice, or in any event you have a concern regarding the processing activities of your Individual Data, should contact the Company’s DPO at: [email protected].
We will make an effort to reply within a reasonable timeframe. Please feel free to reach out to us at any time. If you are unsatisfied with our response, you can reach out to the applicable data protection authority:
The State Data Protection Inspectorate (Valstybinė duomenų apsaugos inspekcija in Lithuanian, website available at https://vdai.lrv.lt/)
Address: A. Juozapavičiaus str. 6
LT-09310 Vilnius Lithuania
T +370 5 279 1445
F +370 5 261 9494