PeopleOps Privacy Policy
1.0 Purpose
The purpose of this policy is to satisfy the notification regulatory requirements as well as to demonstrate Side’s commitment to safeguarding and appropriately handling our employees’, job applicants’ and contractors’ personal information.
This PeopleOps Privacy Policy ensures that Side:
- Complies with data privacy requirements and applicable data processing principles
- Engages in open and transparent management of personal information
- Informs employees, job applicants, and contractors of their privacy rights and Side’s information handling practices.
- Sets expectations and rules around how employees, job applicants, and contractors must treat personal data
2.0 Scope
The PeopleOps Privacy Policy applies to all Side current and former employees, job applicants, workers and contractors (collectively referred to as “individuals”). It applies to all data that Side holds relating to identifiable individuals, and it describes how Side collects and uses personal information (also includes sensitive information, where applicable) during and after their working relationship with Side, in accordance with the following applicable information protection legislation:
- California Consumer Privacy Act (CCPA)
- California Privacy Rights Act (CPRA)
Side has decided to apply the highest regulatory standards in dealing with personal information uniformly across all of our offices, regardless of regulatory requirements, while at the same time complying with any specific, local privacy requirements.
Furthermore, this Privacy Policy does not apply to personal information that Side collects from you during a business transaction as a customer. The terms of service and/or privacy policy associated with that product or service will control how your information is handled.
3.0 What Personal Information We Collect
Personal information is any information about an individual from which that person can be identified. It does not include information where the identity has been removed (anonymous information).
Sensitive information (e.g., race, biometrics) is a type of personal information that may also be collected under consent when required or authorized by law. (Applicability is specific to APP and US State Privacy Laws). In such cases, Side provides individuals with a mechanism to withdraw their consent, and any such requests are documented and retained in accordance with organization data retention policies.
We collect, use and store the following categories of personal information:
- Personal contact details (i.e., name, title, addresses, telephone numbers, and personal email)
- Gender and Race
- Dates of birth, marriage and divorce
- Marital status and dependents
- Next of kin, emergency contact, and death benefit nominee(s) information
- Social Security Number and other government or state-issued IDs
- Bank account information, payroll records and tax status information
- Salary, annual leave, and benefits information
- Start date, leaving or exit date
- Location of employment or workplace
- Relevant proof of identification to verify your identity and personal details (e.g., passport, driving license)
- Recruitment information (i.e., references, copies of right-to-work documentation and other information included in a CV or cover letter or as part of the application process)
- Compensation history
- Performance and appraisal information
- Disciplinary and grievance information
- Photographs, videos
- Information about the use of our information and communications systems
- Photographs, videos
- Accident book, first aid records, injury at work and third-party accident information
- Information about convictions or allegations of criminal behavior
- Evidence of right to work and/or immigration status
Side typically collects personal information about individuals through the application and recruitment process, either directly from candidates or sometimes from an employment agency or background check provider.
Side will sometimes collect additional information from third parties, including former employers, credit reference agencies or other background check agencies.
Side collects additional personal information in the course of job-related activities throughout the employment period or life of the contract.
Side limits the collection of personal information to what is strictly necessary to establish, manage or terminate the employment or contractual relationship with its workers. If Side needs to collect additional personal information for reasons outside establishing, managing or terminating the employment or contractual relationships, we will notify the appropriate individuals in advance and obtain their consent.
Applicable privacy legislations may allow us to collect personal information about individuals without their consent, in specific circumstances, such as investigations or legal proceedings.
4.0 Individual’s Responsibility to Inform Side of Changes
The personal information that we hold about our employees, job applicants, workers and/or contractors must be accurate and current. Individuals are responsible for keeping Side informed if their personal information changes during their working relationship with us.
5.0 How We Use Personal Information
Side will only use personal information as permitted by the applicable legislation.
Most commonly, Side will use personal information in the following circumstances:
- Deciding recruitments or appointments
- Determining the terms of working agreements
- Checking that individuals are legally entitled to work in the jurisdiction
- Paying individuals and, if applicable, deducting tax and any other social contribution
- Providing employment-related benefits including:
- Adoption, maternity, occupational sick, paternity, shared parental and annual leave
- Salary, including any pay awards or allowances
- Pension
- Advances of salary
- Liaising with pension providers, providing information about changes to employment that may impact salaries (e.g., promotion, changes in working hours)
- General administration of the employment or work contract
- Business management and planning, including accounting and auditing
- Conducting performance reviews, managing performance and determining performance requirements
- Making decisions about salary reviews and compensation
- Assessing qualifications for a particular job or task, including decisions about promotions
- Gathering evidence and dealing with grievances, disciplinary matters, etc.
- Making decisions about continued employment or engagement
- Making arrangements for the termination of working relationships
- Education, training and development requirements
- Dealing with legal disputes involving Side individuals, including accidents at work
- Ascertaining an individual’s fitness to work, managing sickness absence(s)
- Complying with health and safety obligations
- To prevent fraud
- To monitor employee’s business and personal use of Side’s information and communication systems to ensure compliance with our IT policies, such as Gmail, Google Drive, Slack, laptop folders or any other resources provided
- To ensure network and information security, including preventing unauthorized access to Side computer and electronic communications systems and preventing malicious software distribution
- To conduct information analytics studies to review and better understand employee retention and attrition rates
- Dealing with any subject rights requests
- To provide employment references, at workers’ request
- To carry Side’s HR-related investigations, solving internal disputes, etc.
Side will only use personal information for the purposes of establishing, managing or terminating the employment or contractual relationships.
If Side needs to use personal information for an unrelated or new/secondary purpose, Side will notify the appropriate individual and obtain their consent for the new purpose or rely on another prescribed exception under the applicable privacy legislation for the use or disclosure. Where consent is used as the basis for the secondary use or disclosure, individuals have the right to withdraw their consent at any time. Where the secondary use or disclosure includes sensitive information (i.e., personal health information), Side will take reasonable steps to ensure that the information is de-identified before it is disclosed or used.
Where, Side is in possession of de-identified data, it ensures that the data cannot be associated with a natural person. Side commits to maintaining and using de-identified data without attempting to re-identify the data.
Please note that Side will, if necessary, process personal information without the individual’s knowledge or consent as allowed by the applicable privacy legislations, in specific circumstances, such as investigations or legal proceedings.
6.0 How We Share Personal Information
Side will, in some circumstances, have to share information with third parties, including third-party service providers.
Side’s third-party service providers are required by contractual obligations to take appropriate security measures to protect personal information in line with applicable privacy legislations.
Side does not allow third-party service providers to use personal information for their own purposes. Side only permits them to process personal information for specified purposes and following instructions.
SIde will in some circumstances transfer personal information outside the jurisdiction the individual works in. In those cases, individuals can expect a similar degree of protection regarding their personal information as that provided under the applicable privacy legislations.
We share your personal information with third parties if it’s:
- Required by law and
- Necessary to establish, manage or terminate the working relationship.
Side does not sell the personal information of any employees, job applicants, or contractors. All information shared by Side is subject to retention periods under the applicable privacy legislations and adheres to the data minimization principle to ensure only strictly needed information is retained.
6.1 Third-party Service Providers Side Uses
These are entities which Side contracts to support activities for HR and payroll purposes:
- Payroll: WorkDay
- Benefits provision: Sequoia
- Background checking: Checkr
- Applicant Tracking system: Lever
7.0 Information Security
Side has put in place appropriate security measures (technical and organizational) to prevent personal information from being accidentally lost, used or accessed in an unauthorized way, altered or disclosed.
In addition, Side limits access to personal information to those employees, contractors and other third parties who have a business need to know. They will only process personal information on Side’s instructions. All access to personal data by employees and agents and all transfers of personal data to third parties is logged based on organizational policy.
Side has put in place procedures to deal with any suspected information security breach and will notify affected individuals and any applicable regulator of a suspected breach where legally required to do so.
8.0 Information Retention
Side will only retain personal information for as long as it is necessary to fulfill the purposes it was collected for, including to satisfy any legal, accounting or reporting requirements.
To determine the appropriate retention period for personal information, Side considers the amount, nature and sensitivity of the personal information, the potential risk of harm from unauthorized use or disclosure of personal information, the purposes for which we process personal information and whether those purposes can be achieved through other means and the applicable legal requirements.
Side will retain and securely destroy the personal information of former employees, workers or contractors following defined timelines or applicable laws and regulations.
9.0 Individual Rights in Connection with Personal Information
Under certain circumstances, by law, individuals have the right to:
- Request access to personal information (commonly known as an “information subject access request”). This enables individuals to receive a copy of the personal information that Side holds about individuals and to check that Side is lawfully processing it.
- Request correction of the personal information that Side holds. This enables individuals to have any incomplete or inaccurate information that Side holds corrected.
- Request erasure of personal information. This enables individuals to ask Side to delete or remove personal information where there is no good reason for continuing to process it.
- Withdraw consent. In the limited circumstances where individuals have provided consent to the collection, use and transfer of personal information for a specific purpose, individuals have the right to withdraw consent at any time. Once Side has received notification of consent withdrawn, Side will no longer process information for the purpose or purposes the individual originally agreed to.
To exercise any of these rights, please email peopleopsprivacy@side.com.
Individuals also have the right to lodge a complaint to the responsible authority in their jurisdiction. For California residents, complaints can be filed with the California Privacy Protection Agency at https://cppa.ca.gov/.
10.0 Changes to This Privacy Notice
Side may update this policy at any time and will provide individuals with a new policy when substantial updates are made. Side will also notify individuals in other ways from time to time about the collection, use and sharing of personal information.Any questions about this policy have to be directed to peopleopsprivacy@side.com or direct supervisors.