UPDATED January 2020

Safeguard Global Privacy Policy
(HR Data)

This Privacy Policy describes how Safeguard World International LLC (“Safeguard Global US”, “we”, “us”) handles personal data[1] to which it is given access, relating to individuals located within the European Union, under the EU-U.S. Privacy Shield Principles. It applies to personal data which qualify as “HR data” under the EU-US Privacy Shield, in accordance with the definition given by the Article 29 Working Party in the First Annual Joint Review of the EU-US Privacy Shield (28 November 2017)[2], [3].

Privacy Shield

We comply with the EU-U.S. Privacy Shield Framework, as set forth by the U.S. Department of Commerce, regarding the collection, use, and retention of personal data transferred from the European Union and the United Kingdom to the United States. We have certified to the Department of Commerce that we adhere to the Privacy Shield Principles with respect to such personal data.

If there is a conflict between the terms in this Privacy Policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern.

The Federal Trade Commission has jurisdiction over our compliance with the Privacy Shield.

To learn more about the Privacy Shield Program, and to view our certification, please visit https://www.privacyshield.gov/.

What types of personal data do we handle, and why?

In the course of its business activities, we may have access to certain categories of personal data related to individuals within the European Union, which fall under the definition of “HR data” under the EU-U.S. Privacy Shield:

  • Safeguard Global Group employees. We may access the following personal data on employees of the Safeguard Global Group, established in the United Kingdom or in Hungary:
    • Standard identification information including, but not limited to, name, address, date of birth, business/personal e-mail address, job title, business location;
    • Salary and associated information, such as the effective date of salary changes;
    • Bank account information, for the purposes of instructing bank payments for salary payments;
    • Social security/social insurance/tax identifier information (this varies according to the country, and more specific details can be supplied upon request);
    • Details about any employee dependents, where it is relevant to a country;
    • Full time/part time status of an employee;
    • Regular expected hours to be worked;
    • Marital status (where required, noting that, in some countries, this has an impact on the tax calculations applied to an employee’s payroll);
    • Details of retirement or pensions funds/plans including, but not limited to, reference (plan identifier) information, contribution values and other pertinent data;
    • Information about the regular payments or deductions that an employee may have applied to their regular payroll calculation;
    • Information about the one-time payments or deductions that an employee may have applied to their regular payroll calculation;
    • Information about the number of hours worked in a given week, month or other time-period, as defined or required by Safeguard Global Group customers.

It is important to note that the scope of information required by Safeguard Global US about a worker or employee will sometimes change over the course of time.  The reader of this policy is welcome to make a request about the data required by reaching out to the Safeguard Global Group’s DPO, at: dpo@safeguardworld.com.

 

We access these personal data when strictly necessary for internal administrative purposes of the Safeguard Global Group, and particularly for human resource management purposes for the Group, considering that the Group’s Chief People Officer is based at Safeguard Global US.

  • Job applicants. We may access the CVs of candidates for a position at the Safeguard Global Group in Europe (which may include the CVs of candidates based in the European Union). In this case, we may access any personal data which the candidates choose to include in their CVs, such as:
    • Name;
    • Contact details;
    • Photograph;
    • Date of birth;
    • Academic qualifications;
    • Professional experience;
    • Hobbies and interests.

We access this personal data when strictly necessary to review certain candidates applying to key positions within the Safeguard Global Group in Europe. This is not the standard procedure, as most recruitment efforts within the Safeguard Global Group are carried out on a regional basis – meaning that the data for most candidates to positions within the Safeguard Global Group in Europe are kept within the European Union.

Safeguard and its Customers/Services

We access these personal data items as identified below (by way of example) when this is strictly necessary to prepare a quote for a customer which is interested in procuring Global Employment Outsourcing services from the Safeguard Global Group – in this case, we require information on the customer’s employee(s) who are to be employed through the Safeguard Global Group, in order to prepare an adequate quote.

In the event of Payroll Services, we do not require to receive this information; instead we receive general information only, such as an estimate of the number of employees in a given country.

  • Customer employees. We may receive personal data on certain employees of Safeguard Global customers, which may be based in the European Union, including:
    • Name;
    • Salary;
    • Eligibility for benefits;
    • Additional information which may be required, based on expected country of employment, as needed in order to provide a quote.

We may also access personal data on customer employees when, after entering into a service agreement and an appropriate data protection agreement with a customer, it is necessary to configure any Safeguard Global Group systems in order to ensure that information on the customers’ employees can be correctly processed. This is typically done by testing those systems with files sent by the customer, containing personal data on their employees – including, potentially, employees based in the European Union. The Safeguard Global Group team in charge of carrying out these tests is based at Safeguard Global US.

Service Provision

Finally, we may also access personal data on customer employees when providing services to customers, including Global Managed Payroll and Global Employment Outsourcing services. Having access to those personal data is necessary in order for us to provide these services, for purposes and under instructions defined by the customers.

  • Standard identification information including, but not limited to, name, address, date of birth, business/personal e-mail address, job title, business location;
  • Salary and associated information, such as the effective date of salary changes;
  • Bank account information, for the purposes of instructing bank payments for salary payments;
  • Social security/social insurance/tax identifier information (this varies according to the country, and more specific details can be supplied upon request);
  • Details about any employee dependents, where it is relevant to a country;
  • Full time/part time status of an employee;
  • Regular expected hours to be worked;
  • Marital status (where required, noting that, in some countries, this has an impact on the tax calculations applied to an employee’s payroll);
  • Details of retirement or pensions funds/plans including, but not limited to, reference (plan identifier) information, contribution values and other pertinent data;
  • Information about the regular payments or deductions that an employee may have applied to their regular payroll calculation;
  • Information about the one-time payments or deductions that an employee may have applied to their regular payroll calculation;
  • Information about the number of hours worked in a given week, month or other time-period, as defined or required by Safeguard Global Group customers.

It is important to note that the scope of information required by Safeguard Global US about a worker or employee will sometimes change over the course of time.  The reader of this policy is welcome to make a request about the data required by reaching out to the Safeguard Global Group’s DPO, at: dpo@safeguardworld.com.

Do we transfer any HR data onwards, to other entities?

As a rule, we do not sell data related to Safeguard Global Group employees, job applicants or customer employees to any third parties, or otherwise share data with third parties, other than as mentioned below.

We may transfer HR data on Safeguard Global Group employees to the following types of third parties:

  • Professional employer organizations (PEOs) for the Safeguard Global Group.
    • HR data may be shared with this type of organisation in order to ensure that we are able to provide insurance coverage and other applicable benefits to the employees of the Safeguard Global Group,
    • These providers act as controllers in their own right, rather than as agents on behalf of Safeguard Global US, and are therefore autonomously responsible for ensuring that these HR data are correctly handled. Safeguard Global US has entered into written agreements with each of these providers, meeting the requirements of the Accountability for Onward Transfer Principle of the EU-U.S. Privacy Shield Framework, namely:
    • Requiring these providers to only process the received HR data for limited and specified purposes, as noted above;
    • Requiring these providers to provide the same level of protection as the EU-U.S. Privacy Shield Framework Principles – in the event that a provider determines that this can no longer be met, the provider must notify us and cease processing HR data we have shared with them, or otherwise take reasonable and appropriate remediation steps to address this.

This may include personal data related to individuals within the European Union and the United Kingdom, in which case the EU-U.S. Privacy Shield Principles apply in full.

If you, as a Safeguard Global Group employee based in the European Union or the United Kingdom, wish to opt-out of the disclosure of your personal data to professional employer organisations, or if you would like more information on the specific third parties to which we may transfer your data, please reach out to us at: privacy@safeguardglobal.com.

Other than the abovementioned category of third parties, Safeguard Global US does not, as a rule, share any HR data related to Safeguard Global Group employees, job applicants or customer employees, originating in the EU or the UK, with any other third parties; however, it is also important to understand that we may be required to disclose personal data in response to lawful requests by competent U.S. public authorities, including to meet national security or law enforcement requirements.

How can you reach out to us?

For any questions regarding this Privacy Policy, our adherence to the EU-U.S. Privacy Shield or our practices regarding personal data, you can reach out to us at: privacy@safeguardglobal.com.

To get in touch with the Data Protection Officer for the Safeguard Global Group, please contact dpo@safeguardglobal.com.

What are your rights, as a data subject? How can you react if you believe that we are mishandling your personal data?

Under the Privacy Shield Principles, you are entitled to:

  • Access the HR data we hold about you;
  • Request the correction, amendment or deletion of HR data we hold about you, where it is inaccurate or has been processed in violation of the Principles.

The above rights can be restricted where the burden or expense for us in allowing them to be exercised would be disproportionate to the risks to your privacy, in your specific case. Restriction may also happen if allowing your rights to be exercised would violate the rights of other persons. However, we will always endeavor to allow the exercise of your rights to the fullest extent feasible.

You can exercise these rights by contacting us, at: privacy@safeguardglobal.com.

In any case, you retain the right to opt-out from any further processing activities which we might wish to carry out using your HR data, for purposes which are different to or incompatible with the purposes laid out in this Policy. We will notify you of any such further processing if and when it takes place, so you can exercise this right; you can also do so spontaneously by using the e-mail address provided above.

While we do not process any sensitive HR data under the scope of this Policy, you also have the right to opt-in (rather than merely opt-out) to any onward transfer of those data or further processing of those data, for purposes which are different to or incompatible with the purposes laid out in this Policy. If and when this becomes applicable, we will notify you so you can exercise this right; you can also do so spontaneously by using the e-mail address provided above.

In compliance with the Privacy Shield Principles, we commit to resolving complaints about our collection or use of your personal data. European Union individuals with inquiries or complaints regarding our Privacy Shield policy should first contact us at: privacy@safeguardglobal.com.

Should you consider that we have not been able to fully resolve your complaint, you remain entitled to submit your complaint to a data protection authority within the European Union, so that the panel established by the European Union data protection authorities (DPAs) can engage us to fully resolve the issue. We may also proactively refer your complaint to this panel.

We commit to cooperating with this panel and complying with the advice given by this panel with regard to HR data transferred from the European Union, whether in the context of an actual or potential employment relationship within the Safeguard Global Group, or where we may be handling those personal data on behalf of a customer.

  • In particular, this means that we will cooperate with the DPAs in the investigation and resolution of any complaints brought against us under the Privacy Shield. It also means that we will comply with any advice given by the DPAs in these cases, including where the DPAs consider that we need to take specific action to comply with the Privacy Shield Principles (such as by offering remedies or compensation to you or other affected individuals), and that we will provide written confirmation to the DPAs that such action has been taken.

Under certain conditions, it may be possible for you to invoke binding arbitration against us for complaints regarding Privacy Shield compliance which have not been resolved through the above mechanisms. Please refer to Annex I of the Privacy Shield Framework for more information.

[1] Personal data means any information relating to an identified or identifiable natural person or individual.

[2] Available at: https://ec.europa.eu/newsroom/article29/item-detail.cfm?item_id=612621 (p. 9).

[3] HR data therefore means any personal data concerning an employee in the context of an employer-employee relationship, which is accessed by Safeguard Global US from a company based in the European Union (regardless of whether the employee is a part of the Safeguard Group).