ASSOCIATES, COLLEAGUES AND CONTRACTOR PRIVACY INFORMATION STATEMENT

Welcome to Lee Hecht Harrison Penna Limited. We look forward to working with you to help you to further develop your career. As you’d expect, to properly perform our services, we collect and use information about you.

Lee Hecht Harrison is committed to protecting and respecting your privacy. This Privacy Information Statement describes your privacy rights in relation to the information about you that we process, as well as the steps we take to protect your privacy. We know this is long, but please read this Statement carefully.

Some terms to be clear about

First, we need to be clear about how we use some words in this Statement.

It may seem obvious, but in this Statement you will be referred to as ‘You’.

When we talk about ‘us’ or the ‘Company’, we mean Lee Hecht Harrison Penna Limited. In the United Kingdom, we have our registered office at: 55 Gracechurch Street, London, EC3V 0EE. The Company is part of the Adecco Group, the largest HR services provider in the world. Through its various companies and business lines, the Adecco Group provides several HR (Human Resources) activities like staffing, secondment, payroll services, recruitment & selection, testing solutions, training & education, outplacement, and international mobility (‘our Activities’).

Finally, this is a statement about information about people – like you and your family. It includes facts about you, but also opinions about you and that you hold (“I’m a football fan” for example). It’s not about information about the Company (although sometimes the two overlap). This type of information is sometimes called ‘Personal information’, ‘Personally Identifiable Information’ or ‘PII’. We use the term ‘Personal Information’ in this statement.

What Personal Information does the Company collect and use?

Personal Information that the Company usually collects includes, but is not limited to

  • your name, date and place of birth, contact details and qualifications (education, training courses and internships), documents evidencing your identity and right to work and any other information you mentioned on your resume or CV;

  • if you contact us, we will keep a record of that correspondence;

  • name, email, scheduling availability is collected if you voluntarily give it to us in order to use our calendar scheduling tools;

  • feedback about you from our staff and third parties who you work with or for, and other appraisal information;

  • your feedback about others including us and our services through our satisfaction surveys;

  • when you take assessments or tests, you consent to these results being used to support our selection and development decisions. These decisions are made with a human decision maker, not by the platform itself. We do not share these answers or results with any third parties or affiliates unless required by law or unless you give express consent;

  • we also collect information on your use of our systems including (but not limited to) your IP address, browser, timestamp, location, country traffic data, location data, weblogs and other communication data and the resources that you access. This information will make our systems easier to use in the future;

  • we collect aggregated de-identified information for testing, research and analysis to improve and enhance the safety and security of our services, develop new features and products and facilitate solutions in connection with our services;

  • when you start working for the Company, we shall also collect:

    • your gender, nationality, copy of ID documents, proof of address and copies of documents evidencing your right to work in the locations you will work in (visas, work permits,

      etc.);

    • gender, age and ethnicity is used on an aggregated, anonymised basis for fairness research as required by law;

    • payroll information such as your bank account information, national insurance or social security number, tax codes and reference numbers, your fees, salary and benefits information and any voluntary deductions you ask us to make from your salary and fees (like commuter benefits, or other optional programmes);

    • records of your attendance, time spent on projects, training, promotions, investigations, and disciplinary matters;

    • information about your use of our IT systems and premises (including CCTV and door entry systems);

    • details about your dependents and next of kin;

    • travel information (travel data, credit card information, passport number, expenses incurred) for the purposes of the negotiation, arrangement and purchasing of all travel related activities (e.g. Airfare, Train, Hotel & Car Rental reservations) and the reimbursement of travel expenses;

    • photos and videos of your attendance at training or similar sessions (you will be given a chance at the session to ask not to be videoed or photographed);

    • details of any disability and any accommodations we may need to make for you in the workplace; and, in some cases, we will also collect other data than only details related to disability, when we are permitted to do so by law.

Why do we use Personal Information about you?

The Company collects and processes Personal Information:

  1. To provide you with the assistance you expect, like finding you a suitable role within the Company, helping you with training, or facilitating the process of applying for new opportunities within the Company or the Adecco Group. This includes keeping you informed of future work opportunities by email, telephone, mail and/or other communication methods;

  2. to further develop and improve our systems/processes;

  3. to perform studies and statistical and analytical research;

  4. to transfer data to third parties (see below);

  5. where necessary, to comply with any legal obligation;

  6. when you start working for the Company, to perform our duties to you as your employer or customer (in the case of individual contractors); and

  7. when you start working for the Company:

    1. to comply with your contract of employment or contract for services, and all other contracts and rules that govern our employment or other contractual relationship with you;

    2. maintain and improve administration of talent generally (including for the purposes of workforce analysis);

    3. carry out other human resources activities (including work management, absence management, training/people management, expense management, and disciplinary procedures);

    4. manage shares and other assets to which you may be entitled;

    5. promote the security and protection of people, premises, systems and assets;

    6. monitor compliance with internal policies and procedures;

    7. administer communications and other systems used by the Company and the Adecco Group (including internal contact databases and intranets);

    8. investigate or respond to incidents and complaints;

    9. comply with obligations and rights and cooperate with investigations carried out by the police, government or regulators; or

    10. participate in any potential or actual purchase or sale, or joint venture, of all or part of a business or company, that any member of the Adecco Group wishes to participate in.

Why and on which basis do we use Personal Information?

We are required by law to have a ground set out in the law to process the information we hold about you. The legal grounds can be:

the performance of a contract to which the data subject is a party (purposes 1 and 6-7), processing necessary to comply with legal obligations (purposes 5-7) and/or processing necessary in the legitimate interests of Adecco in exercising its and its staff's fundamental rights to run a business (purposes 1-7). We shall only process your personal information other than on these grounds with your consent (a further processing ground).

Do you have to give us the Personal Information we ask for?

The provision of your Personal Information is a requirement necessary to enter and/or maintain our contract with you. This means that you are obliged to provide your personal information to us.

If you do not provide your Personal Information to us, we will either not be able to conduct the employment or supplier relationship with you or, at least, you may not be able to participate in certain processes such as feedback or career development (which may also not be in line with your contract with us).

Do we process information about you without any human intervention at all?

Yes, we do. The Company uses automated systems/processes and automated decision-making (like profiling) to provide you, and our clients, with the services you request from us. For example, when we or our clients are looking for coaches or consultants for candidate engagements, we can conduct a search of our lists of using automated criteria to compile a shortlist.

How long do you keep my Personal Information for?

The Company can (and, in some circumstances, must, depending on the type of data) keep your data for several years after your employment with us has ended. Generally, we retain data concerning taxes and your contract of employment, financial information (including payroll data and data relating to pay, etc.) for 7 years, and other personal information for 3 years. We retain sensitive personal data for no longer than is reasonably necessary.

Do we transfer your Personal Information to third parties?

As mentioned above, we usually disclose your data to third parties. This is done to complete the purposes set out above. We do this in the following circumstances:

  • To our suppliers. We can, for example, engage a supplier to carry out administrative and operational work in support of our relationship with you. The supplier(s) will be subject to contractual and other legal obligations to preserve the confidentiality of your data and to respect your privacy, and will only have access to the data they need to perform their functions;

  • To members of the Adecco group of companies in other countries. These are located in or outside the European Union, the United Kingdom and Switzerland; different members of the group fulfil different functions and, as a result, your information will be shared with them for different reasons;

  • To our clients: we will share your data with clients of ours who are seeking coaching or other service engagements you may be qualified to perform on behalf of the Company, or for whose employees you are performing services on behalf of the Company. They owe contractual and other confidentiality obligations in relation to your data to us, and to you;

  • We will share your data with government, police, regulators or law enforcement agencies if, at our sole discretion, we consider that we are legally obliged or authorised to do so or it would be prudent to do so; and

  • As part of due diligence relating to (or implementation of) a merger, acquisition, change in service provider or other business transaction, we can disclose your data to the prospective seller or buyer, new service provider and their advisers.

Do we transfer or store your Personal Data outside your home country?

Your Personal Data may be transferred to and processed in countries other than your home country. We will only transfer your Personal Data to countries that provide an adequate level of data protection, as defined by the European Commission, or where we have put in place appropriate safeguards to seek to preserve the privacy of your Personal Data. When we transfer your information to recipients in these countries, we will protect that information as described in this Privacy Policy and comply with applicable legal requirements.

E.U.-U.S. and Swiss-U.S. Privacy Shield

LHH uses the EU Model Clauses for personal data transferred from the European Union, the United Kingdom and Switzerland to the United States.

LHH also participates in the EU-US and Swiss-US Privacy Shield Framework regarding the collection, use and retention of personal information from European Union member countries, the United Kingdom and Switzerland, although, in light of the judgment of the Court of Justice of the EU in Case C-311/18, LHH does not rely on the EU-U.S. Privacy Shield Framework as a legal basis for transfers of Personal Data.

We have certified with the Department of Commerce that we adhere to the Privacy Shield Principles. To learn more about the Privacy Shield Principles, and to view our certification page, please visit https://www.privacyshield.gov/.

In compliance with the Principles, LHH commits to resolve complaints about our collection or use of your Personal Data. European Union (EU) and United Kingdom and/or Swiss individuals with enquiries or complaints regarding LHH’s Privacy Shield Privacy Policy should first contact LHH directly at privacy@lhh.com.

For complaints that cannot be resolved, LHH commits to cooperate with the panel established by the EU data protection authorities (DPAs) or the Swiss Federal Data Protection and Information Commissioner (FDPIC), as applicable, and to comply with the advice given by the panel or Commissioner about Personal Data transferred from the EU or Switzerland. In order to facilitate the handling of complaints, individuals in the EU can choose to contact their national DPA or use the form located at this link: http://ec.europa.eu/newsroom/document.cfm?doc_id=42962. Individuals in the United Kingdom can contact the UK Information Commissioner by visiting https://www.gov.uk/data-protection/make-a-complaint. Individuals in Switzerland can contact the Swiss Information Commissioner by visiting https://www.edoeb.admin.ch/edoeb/en/home/the-fdpic/contact.html.

This independent dispute resolution process is provided at no cost to the individual.

Under certain conditions, an individual may choose to invoke binding arbitration to resolve any residual complaints not resolved by LHH, or the DPAs or FDPIC, as appropriate. If an individual formally invokes binding arbitration, LHH will follow the terms set forth in Annex 1 of the Privacy Shield Frameworks. For more information on binding arbitration, please visit https://www.privacyshield.gov/article?id=ANNEX-I-introduction.

As explained in the Privacy Notice, we sometimes provide personal information to third parties in order to perform services on our behalf. If we transfer personal information received under the Privacy Shield to a third party, the third party's access, use and disclosure of the personal information must also be in compliance with our Privacy Shield obligations, and we will remain liable under the Privacy Shield for any failure to do so by the third party, unless we prove that we are not responsible for the event giving rise to the damage.

LHH is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC) for compliance and enforcement of the Privacy Shield and Swiss Privacy Shield. LHH is also committed to cooperating with EEA, UK and Swiss data protection authorities. We may be required to disclose personal information that we handleunder the Privacy Shield in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

What are your rights?*

Right to access and obtain a copy of your Personal Information

You are entitled to request confirmation whether we process any of your personal information. Where this is the case, you have the right to access to your personal information and to certain information about how it is processed. In some cases you can ask us to provide you with an electronic copy of your information.

Right to correct your Personal Information

If you can demonstrate that Personal Information we hold about you is not correct, you can ask that this information is updated or otherwise corrected. If there is a self-service system, we really encourage you to access it and update it yourself.

Right to delete/right to be forgotten

If we do not need to retain or process the data for any other reason, you can request that we stop processing or delete (some or all of) your personal information.

Right to restrict

In certain circumstances, you have the right to restrict the processing of your Personal Data. However, in some instances, such restriction of processing may limit the services that you can receive from us.

Right to object

As far as the Company’s processing of your data is based on the Company’s legitimate interest (and no other processing ground) or relates to direct marketing, you are entitled to object to the Company's processing of your data by reference to your particular situation.

* All requests are subject to applicable law. In accordance with applicable law, we will take steps to verify your identity and the request before processing any request, including, for example, requiring you to provide identifying information about yourself, your account, your prior interactions with us, and/or such other additional information as may be required by law.

California residents are entitled to ask us for a notice identifying the categories of Personal Information which we share with our affiliates and/or third parties for marketing purposes and providing contact information for such affiliates and/or third parties.

Please note that the Company does not rent, sell, or share in any manner, your Personal Information in personally identifiable form to anyone for marketing purposes.

If you want to exercise any of your rights, please click here.

Finally, you have the right to lodge a complaint with the data protection authority in the place where you live or work, or in the place where you think an issue in relation to your data has arisen.

Do we carry out monitoring?

To the extent permitted by law, the Company and Adecco reserves the right to audit, monitor and record the access, use and content of any data held or processed by their IT systems. We do this for the purposes 7(d)-(h) set out above, but call this point out specifically in this notice so that you are aware in particular that your use of work-related IT systems can be monitored by others.

What about data security when using the Company’s or Adecco’s systems?

You are responsible for keeping your login details to our systems safe, in particular the password that we have given you or that you have chosen. These login credentials are for your own use. You are not permitted to share your credentials or other account details with any other person(s).

How can you contact us?

If you have any questions or concerns regarding this privacy information statement or would like further information about how we protect your information (for example when we transfer it outside Europe) and/or when you want to contact the Company’s Data Privacy Lead, please click here.

How can we handle changes to the Privacy Information Statement?

The terms of this Statement may change from time to time. We shall publish any material changes to this Statement through appropriate notices either on this website or contacting you using other communication channels.

Lee Hecht Harrison

Version 20 September 2021