Employee Privacy Notice
Scope and Overview
Jost Chemical Company and its foreign subsidiaries, Jost Chemical Europe SPRL and Jost Chemical Poland Sp. z o. o (collectively, “Jost,” “we,” or “us”), are committed to protecting the privacy and security of your personal data. Personal data is any information that relates to an identified or identifiable individual – in other words, information that alone or in combination with other information we possess that could be reasonably used to identify you personally. This could include your name, identification number, location data, online identifier or one or more factors specific to your physical, physiological, genetic, mental, economic, cultural, or social identity. Personal data does not include anonymous or de-identified data. This Privacy Notice describes how we collect and process personal data about you during and after your commission of a sale with Jost. This Privacy Notice only applies to natural persons, commonly thought of as individuals residing in or working in the European Union, European Economic Area, or United Kingdom during the relevant time periods.
First and foremost, this Privacy Notice describes our promises to you. It also describes the purposes for which we may collect, store, and process personal data, categories of personal data that we collect, how we use your personal data, how we secure your personal data, when we may disclose your personal data to third parties, and when we may transfer your personal data outside of your home jurisdiction. This Privacy Notice also describes your rights regarding the personal data that we hold about you, including how you can access, correct, and request erasure of your personal data.
Our Promises to You
We promise to take the nature, scope, context, risks, and purposes of processing your personal data into consideration before we process any of your personal data. We commit to protecting your data using all reasonable measures. We promise to implement technical and organizational measures to protect your data, and we promise to only use as much of your personal data as necessary for each of our specific purposes. We promise to take steps to ensure that the personal data that we collect about you is adequate, relevant, not excessive, and processed for limited purposes. Finally, we will only process your personal data in accordance with this Privacy Notice unless otherwise required by applicable law.
Additionally, we have committed to cooperating with EU data protection authorities and the Swiss Federal Data Protection and Information Commissioner, and we will comply with the advice given by such authorities with regard to human resources data transferred from the EU and Switzerland in the context of the employment relationship.
Collection of Personal Data
We comply with the EU-U.S. Privacy Shield Framework and Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union and Switzerland to the United States. We have certified to the Department of Commerce that we adhere to the Privacy Shield Principles. If there is any conflict between the terms in this Privacy Notice and the Privacy Shield Principles, the Privacy Shield Principles shall govern. We use Privacy Shield Framework as a platform to collect and process your personal data. To learn more about the Privacy Shield program, please visit https://www.privacyshield.gov. We are also subject to the investigatory and enforcement powers of the Federal Trade Commission.
Some personal data is mandatory for us to be able to serve you. Some personal data is exempt from the regulations of the General Data Protection Regulations (“GDPR”). Still other categories of personal data are considered sensitive and may receive special protection. We primarily collect personal data directly from you, but in limited circumstances third parties may provide your personal data to us, such as former employers, official bodies (such as regulators or criminal record bureaus), and/or medical professionals. This Privacy Notice applies to all personal data, whether collected directly from you or through other means.
Mandatory personal data:
- Personal contact details such as name, title, addresses, telephone numbers, and personal email addresses.
- Date of birth.
- Beneficiary and emergency contact information.
- Government identification numbers such as social insurance or other national insurance number, driver’s license number, or other identification card number.
- Bank account details.
- Performance information.
- Insurance enrollment information.
- Start date and job title.
- Location of employment.
- Education and training.
- Employment records (including professional memberships, references, work history, and proof of work eligibility).
- Photograph for identification purposes.
- Other personal details included in a resume or cover letter or that you otherwise voluntarily provide to us.
Personal data to which the GDPR does not apply:
- Lawful interception, national security, military, police, justice.
- Statistical and scientific analysis.
- Data pertaining to deceased persons.
- Processing of personal data by a natural person in the course of a purely personal or household activity.
Personal data that is generally considered sensitive and may receive special protection: *
- Racial or ethnic origin.
- Political opinions.
- Religious or philosophical beliefs.
- Trade union membership.
- Genetic data.
- Biometric data.
- Data concerning health.
- Data concerning sex life or sexual orientation.
- Data relating to criminal convictions and offenses, except where under the control of official authority or when the processing is authorized by relevant law providing for appropriate safeguards for your rights and freedoms.
You may request access to your personal data that we have collected at any time. We will take every reasonable step to ensure that your personal data is accurate, and any inaccurate data will be erased or rectified without delay.
* We may collect and process the following special categories of personal data when you voluntarily provide them for the following legitimate business purposes, to carry out our legal obligations, for the performance of the independent contractor contract, or as applicable law otherwise permits: **
- Data relating to leaves of absence to comply with employment law; however, we will not record the nature of the illness affecting the employee if they are on sick leave.
- Physical or mental health condition or disability status to ensure safety in the workplace and provide appropriate workplace accommodations.
- Race or ethnic origin for work permit purposes.
** This will also apply to any Trade union membership information for the purpose of paying trade union premiums and complying with employment law obligations.
Use of Personal Data
We may process your personal data for the following legitimate purposes:
- Business management and planning.
- Processing independent contractor work-related claims (for example, insurance claims).
- Accounting and auditing.
- Conducting performance reviews and determining performance requirements.
- Assessing qualifications for a particular job or task.
- Gathering evidence for disciplinary action or termination.
- Complying with applicable law.
- Education, training, and development requirements.
- Complying with health and safety obligations.
- For our own legitimate interest, which includes but is not limited to:
- Preventing fraud.
- Ensuring network and information security, including preventing unauthorized access to our computer and electronic communications systems and preventing malicious software distribution
- For the legitimate interests of a data controller or a third party.
We will only process your personal data for the purposes for which we collected it or compatible purposes. If we process your personal data for a purpose other than the aforementioned purposes, we will compare the new purpose to our previously stated purpose, consider our relationship with you, consider the nature of your personal data, consider the possible consequences, and evaluate appropriate safeguards. If we need to process your personal data for any purpose other than what we have provided above, we will provide notice to you and, if required by law, seek your consent. We will not process your personal data for any purpose that is incompatible with the aforementioned purposes.
Should you request access to your personal data, we shall take all reasonable measures to verify your identity. Please note that we will be unable to provide you with your personal data if we have already destroyed it.
We will only disclose your personal data to third parties where allowed by law. Third-party service providers may include, but are not limited to, data storage or hosting providers, our employees, contractors, designated agents, or third-party service providers. These third-party service providers may be located outside of your home jurisdiction.
We require all our third-party service providers, by written contract, to implement appropriate security measures to protect your personal data consistent with our policies and any data security obligations applicable to us as your supplier. We do not permit our third-party service providers to process your personal data for their own purposes. We only permit them to process your personal data for specified purposes in accordance with our instructions.
With regard to purposes, we may also disclose your personal data for the following purposes:
- To other members of our group of companies (including outside of your home jurisdiction) for the purposes set out in this Privacy Notice and as necessary to perform our employment contract with you as an independent contractor.
- As part of our regular reporting activities to other members of our group of companies.
- To comply with legal obligations or valid legal processes such as search warrants, subpoenas, or court orders. When we disclose your personal data to comply with a legal obligation or legal process, we will take reasonable steps to ensure that we only disclose the minimum personal data necessary for the specific purpose and circumstances.
- To protect the rights and property of Jost.
- During emergency situations or where necessary to protect the safety of persons.
- Where the personal data is publicly available.
- If a business transfer or change in ownership occurs and the disclosure is necessary to complete the transaction. In these circumstances, we will limit data sharing to what is absolutely necessary, and we will anonymize the data where possible.
- For additional purposes with your consent where such consent is required by law.
Cross-Border Data Transfers
Where permitted by applicable law, we may transfer the personal data we collect about you to the United States and other jurisdictions that may not be deemed to provide the same level of data protection as your home country, as necessary to perform our contract with you and for the purposes set out in this Privacy Notice. If you are located in the EU, we utilize Standard Contractual Clauses approved by the European Commission and in compliance with EU-U.S. Privacy Shield in order to secure the transfer of your personal data to the United States and other jurisdictions.
We have implemented appropriate physical, technical, and organizational security measures designed to secure your personal data against accidental loss and unauthorized access, use, alteration, or disclosure. In addition, we limit access to personal data to those employees, agents, contractors, and other third parties that have a legitimate business need for such access.
If there is ever a breach of your personal data that affects your rights and freedoms, the supervisory authority of the member state in which you reside will be notified without undue delay and not later than 72 hours after becoming aware of the breach. You shall also be notified without undue delay. A “personal data breach” means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored, or otherwise processed.
Except as otherwise permitted or required by applicable law or regulation, we will only retain your personal data for as long as necessary to fulfill the purposes we collected it for, as required to satisfy any legal, accounting, or reporting obligations, or as necessary to resolve disputes. To determine the appropriate retention period for personal data, we consider our statutory obligations, the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes we process your personal data for, and whether we can achieve those purposes through other means. We will retain personal data for the duration of the contract and the subsequent ten (10) years following the termination of the contract for legal protection purposes.
Under some circumstances we may anonymize your personal data so that it can no longer be associated with you. We reserve the right to use such anonymous and de-identified data for any legitimate business purpose without further notice to you or your consent. Once you are no longer an employee of the company, we will retain and securely destroy your personal data in accordance with applicable laws and regulations.
Rights of Access, Correction, Erasure, and Objection
You have the right to access your personal data and be informed as to how your personal data was used, is being used, or will be used in the future.
Under certain circumstances, you have the right to:
- Request access to your personal information. This enables you to receive a copy of the personal information we hold about you and to check that we are collecting and using it lawfully.
- Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
- Request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to use it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below).
- Object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground.
- Object to the use of your personal information for profiling purposes.
- Request the restriction of collecting and using your personal information. This enables you to ask us to suspend the usage of personal information about you, for example if you want us to establish its accuracy or the reason for processing it.
- Request the data portability of your personal information to another party.
- Right to lodge a complaint to supervisory authority.
- Right to withdraw the consent. In circumstances where you have provided your consent to the collection, processing and transfer of your personal information for a specific purpose, you have the right to withdraw your consent for that specific processing at any time.
- Invoke binding arbitration.
To review, verify, correct or request erasure of your personal information, object to the processing of your personal data, request that we transfer your basic personal information to another party or withdraw the consent, please contact firstname.lastname@example.org in writing. To lodge the complaint to supervisory authorities, please contact directly the Data Protection Authority in your jurisdiction.
In order to meet your request, we may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal information is not disclosed to any person who has no right to receive it. Exercising your rights is free from charges. However, we have right at our sole discretion to refuse to fulfil or charge a reasonable fee for fulfilling of several similar consecutive requests or requests that are manifestly unfounded or excessive. We are also entitled to decline requests on statutory grounds in which cases we will inform you of such decline including the grounds for the decline.
Changes to This Privacy Notice
We reserve the right to update this Privacy Notice at any time, and we will provide you with a new Privacy Notice when we make any updates. If we would like to use your previously collected personal data for different purposes than those we notified you about at the time of collection, we will provide you with notice and, where required by law, seek your consent, before using your personal data for a new or unrelated purpose. We may process your personal data without your knowledge or consent only where required by applicable law or regulation.
In compliance with the Privacy Shield Principles, we commit to resolve complaints about our collection or use of your personal information. If you are an EU or Swiss individual with any questions about our processing of your personal data, would like to make an access, other request, or complaint please contact us at: email@example.com.
We have further committed to refer unresolved Privacy Shield complaints to JAMS, an alternative dispute resolution provider located in the United States. If you do not receive timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your satisfaction, please visit https://www.jamsadr.com/submit/ for more information or to file a complaint. These services will be provided at no cost to you.
If you are unsatisfied with our response or the response of our alternative dispute resolution provider to any issues that you raise, you have the right to make a complaint with the data protection authority in your jurisdiction.
We have appointed Jost Chemical Europe SPRL as our EU representative to help ensure our compliance with applicable law. Please direct any questions relating to our processing of your personal data to our EU representative at: Rue du Bois Portal 30/1-3, 5300 Andenne, Belgium, or by phone at +32-85-552-655.
Effective Date: June 11, 2020