Employee Data Privacy Policy

Summit LTC (the "Company") takes the protection of employee data seriously. This policy provides a minimum standard for the protection of Company employee data globally. If local laws provide greater protection than this policy, local laws will apply. If local laws provide less protection than this policy, this policy will apply. Questions about compliance with local law may be addressed to internal legal counsel.

 

Violations of this Policy may result in disciplinary action up to and including termination.

 

Definitions

"Employee", only for the purposes of this policy, means job applicant, temporary staff, regular full­ time staff, regular part-time staff, retiree, contractor, consultant, or former employee.

 

"Employee Data" includes "Personal Employee Data" and "Business Employee Data” and means data that is obtained in the context of an employee's working relationship with the Company and its employees.

 

"Business Employee Data" means employee data that is reasonably necessary to be known or disclosed for an individual to perform his or her job functions effectively and efficiently or for the Company to be able to manage the working relationship. This includes an employee's name, title, Company-provided User ID, job function, work experience, office mailing or physical address, office telephone number and office e-mail address, and, where the Company pays, or reimburses an individual for the services, mobile device numbers. For individuals who are in leadership positions or have on-call responsibilities, a personal telephone number (home and/or mobile) may be treated as business employee data. For those who do not have or have not yet been provided an office mailing or physical address, office phone numbers and/or office email addresses to use for communication pertaining to legitimate business purposes, their personal physical or mailing address, personal phone number and/or personal email address will be considered "business employee data" for the purposes of this policy.

 

"Personal Employee Data" means all employee data that does not fall under Business Employee Data that relates to any identified or identifiable Employee, such as an Employee's personal physical or mailing address, personal telephone number (home and/or mobile), personal email address, government identification numbers, date of birth, passport number, financial account information, credit card numbers, health information, biometric data, or unique user identifier.

 

Principles

While collecting, processing, recording, storing, transferring, disclosing, deleting and/or using Personal Employee Data, the Company will abide by the following Privacy Principles:

1. Notice. When we collect your Personal Employee Data, we will give you timely and appropriate notice describing what Personal Employee Data we are collecting, how we will use it, and the types of third parties with whom we may share it.

2. Choice. We will give you choices about the ways we use and share your Personal Employee Data, and we will respect the choices you make. Where your choice cannot or will not be accommodated, we will inform, you of the reason(s) why.

3. Relevance. We will collect only as much Personal Employee Data as we need for legitimate business purposes, and we will not use it for other purposes without obtaining your consent.

4. Retention. We will keep your Personal Employee Data only if we need it for the purposes for which we collected it, or as permitted by law.

5. Accuracy. We will take appropriate steps to make sure the Personal Employee Data provided by you is recorded in our records accurately.

6. Access. We will provide ways for you to access and/or update your Personal Employee Data, as required by law.

7. Security. We will take the appropriate physical, technical, and administrative measures to protect your Personal Employee Data from loss and unauthorized use, access, disclosure, alteration, or destruction.

8. Sharing. We will share your Personal Employee Data only with the Company, its employees, and Company Third Parties in relation to a legitimate business purpose. Any other sharing of Personal Employee Data will only occur with your prior consent.

9. International Transfer. If we transfer your Personal Employee Data to another country, we will take appropriate measures to protect it.

10. Enforcement. We will regularly review how we are meeting these privacy principles, and we will provide an independent way to resolve complaints about our privacy practices.

 

Collection of Employee Data

Employee Data is collected from individuals in many ways., The ways Employee Data is collected includes, but is not limited to, the following:

1. when an employee applies for or accepts an offer of employment;

2. when an employee requests and receives access to Company assets;

3. when an employee and/or family members apply for Company benefits;

4. when an employee updates his/her Employee Data through a Human Resources Management or payroll system;

5. when an employee communicates with Human Resources;

6. during an employee's communication with other employees during their employment;

7. from health, medical or benefit providers in connection with the administration of the Company's benefits programs; and

8. from service providers in connection with pre-employment and placement activities.

 

Employee Data collected (to the extent legally permissible in your jurisdiction) may include, but may not be limited to, the following:

· Personal demographic data (e.g., name, date of birth, gender, and marital status);

· Background information [e.g., education (including schools attended, and dates of attendance, degrees or diplomas granted), training, previous work history (including names of employers, dates of employment, and compensation information), military and veteran status, criminal arrests, indictments and convictions];

· Contact information (e.g., home and office address, home, office and cellular telephone numbers, and home and office e-mail address);

· Identification numbers (e.g., national insurance, social security, driving license, tax identification, passport, and similar identification numbers);

· Compensation information (e.g., wages or salary, commissions, bonuses, and retirement plan account information);

· Health and medical information (e.g., results of pre- and post-employment drug tests, and health information for employees, their spouses, and their dependents); and

· Work history, experience, certifications, training and employment performance information (e.g., training courses attended, job assignments, and account assignments).

· Biometric data as required to access Company assets.

 

Uses and Disclosures of Employee Data

Employee Data is used for legitimate business purposes in accordance with this Policy and applicable law(s). Those legitimate business purposes are as follows:

· Human Resources Management: involves the collection, storage, analysis and sharing of data in order to attract, retain and motivate a highly qualified workforce. This includes, but is not limited to, recruiting, rewards and recognition, compensation planning, talent management, reorganization needs, leadership development, performance management, training, employee benefit administration, compliance with applicable legal requirements, and communication with employees and/or their representatives.

· Business Processes and Management: involves processes used to run the Company's operations to include, but is not limited to, managing company assets, executing the business resiliency program (incident/crisis response, business continuity, disaster recovery, etc.), monitoring and auditing for compliance to company policies, and populating and disseminating employee directories.

· Safety and Security Management: involves activities intended for the safety and protection of employees, property, assets, resources, and communities.

The Company may disclose Business Employee Data about an employee to the Company and its employees, without limitation. The Company and its employees may disclose Business Employee Data to third party organizations that contract with the Company to collect, access, process, record, store, transfer, disclose, delete and/or use Business Employee Data; other individuals; and organizations only for legitimate business purposes.

Personal Employee Data may be disclosed to those with a business need to know and only for legitimate business purposes. Collection, use or disclosure of Personal Employee Data for purposes other than the listed legitimate business purposes must be approved by the appropriate Legal and Human Resources Department staff.

Employee Data may be disclosed to those to whom disclosure is required or permitted by law.

Roles and Responsibilities

Employees:

· Handle Employee Data according to this policy, at a minimum.

· Immediately report all security concerns or incidents to the Director of Human Resources, your immediate supervisor, or the COO.

Supervisors:

· Ensure employees, contractors, and third parties with access to Company information systems are aware of, and comply with, this policy and all applicable Company information security policies.

Human Resources and Legal Departments:

· Prior to permitting the collection, use or disclosure of Employee Data, make sure that such activity complies with this policy.

· Notify appropriate staff if local laws require greater protection for the privacy of Employee Data than what this policy provides.

Privacy Inquiries

The Company is committed to resolving employee data privacy concerns in an efficient and fair way. If you have any questions or concerns about our employee data privacy practices, please contact the Director of Human Resources.