E.U.-U.S. Privacy Shield
Radial’s policy is to respect and protect Personal Data collected or maintained by or on behalf of the Company. In furtherance of the Company’s commitment to this Policy, Radial has certified its adherence to the Privacy Principles set forth in the EU-U.S. Privacy Shield Framework (alternatively, “Accord”) regarding Personal Data related to employees of Radial resident in the European Economic Area ("EEA") and processed in support of Radial human resources operations. Radial adheres to the Privacy Shield principles as respectively agreed to by the U.S. Department of Commerce (“DOC”) and the European Commission. With respect to Personal Data received or transferred pursuant to Privacy Shield, Radial is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission. The Company’s commitment to participate in the Privacy Shield program can be found by visiting the U.S. Department of Commerce’s Privacy Shield List [https://www.privacyshield.gov/list]. Radial has further committed to cooperate with EU data protection authorities (DPAs) with regard to unresolved Privacy Shield complaints concerning human resources data transferred from the EU in the context of the employment relationship.
This Policy sets forth the principles under which Radial manages the processing of Personal Data that it receives from its employees in the EEA in support of its human resources operations. In connection with Radial human resources operations, Radial may now and/or in the future transfer or provide access to Personal Data regarding employees of the EEA to the United States.
In accordance with the Privacy Shield framework, this Policy contains provisions relating to the following data privacy principles, all of which are described in greater detail in the “Principles” section of this Policy below and which are hereinafter referred to as the “Principles”:
- Accountability for Onward Transfer
- Data Integrity and Purpose Limitation
- Recourse, Enforcement, and Liability
This Policy outlines Radial’s general position and its practices about its commitment to implement the Principles set forth below, including the types of Personal Data Radial collects; the purpose and use of the Personal Data; the notice and choice affected Data Subjects have regarding Radial’s use of their Personal Data; Data Subjects’ ability to correct that information; and the internal contact mechanisms available to correct information, or to make inquiries and/or lodge complaints about adherence to the Principles. This Policy does not address additional local privacy requirements to which the Company may need to adhere.
This Policy applies to all Personal Data processed by Radial related to employees of Radial resident in the EEA whether in electronic or tangible format.
- Agent. “Agent” means any Third Party that processes Personal Data under the instructions of and solely for Radial or to which Radial discloses Personal Data for use on its behalf.
- Data Subject. “Data Subject” is a natural person resident in the EEA who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to his or her physical, physiological, mental, economic, cultural or social identity. For purposes of this Policy, Data Subject shall be restricted to any current and former Radial employees, including but not limited to, temporary and permanent employees, retirees, and other former employees, as well as dependents of such employees.
- Personal Data (or Personally Identifiable Data). “Personal Data” means any information or set of information in any form that relates to a Data Subject.
- Processing of Personal Data. “Processing of Personal Data” shall mean any operation or set of operations which is performed upon Personal Data, whether or not by automatic means, such as collection, recording, organization, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, blocking, erasure or destruction.
- Sensitive Personal Data. “Sensitive Personal Data” means Personal Data that reveals race, ethnic origin, political opinion, religious or philosophical beliefs, trade union membership, any information that concerns health or sex life, or information relating to the commission of a criminal offense.
- Third Party Agent. “Third Party Agent” shall mean any natural or legal person that is not a subsidiary, employee or director of Radial or its subsidiaries.
- Notice. Radial shall inform Data Subjects that it participates and subjects itself to the Principles of the Privacy Shield program, the purpose for which it collects and uses Personal Data and the types (or identity) of Third Parties to whom the Company discloses or may disclose that Personal Data. Radial will provide notice in clear and conspicuous language when Data Subjects are first asked to provide Personal Data to the Company, or as soon as practicable thereafter, and in any event before the Company uses or discloses the Personal Data for a purpose other than that for which it was originally collected.
- Choice. Radial collects Personal Data about its employees for human resources or compliance-related functions, including, without limitation, recruiting, onboarding, performance appraisals and payroll or benefit distribution. If Radial intends to use Personal Data for purposes outside of the Company’s human resources-related functions (such as marketing communications) and (1) discloses Personal Data to a Third Party, or (2) uses the Personal Data for a purpose other than the purpose for which it was originally collected or subsequently authorized by the Data Subject, the Company will offer the Data Subject the opportunity to affirmatively or explicitly consent (opt-out) to whether the Data Subject’s Personal Data is (1) disclosed to a Third Party, or (2) used for a purpose other than the purpose for which it was originally collected or subsequently authorized by the Data Subject.
- Accountability For Onward Transfers. Prior to disclosing Personal Data to a Third Party, Radial shall notify the Data Subject of such disclosure and allow the Data Subject the choice to opt-out of such disclosure unless the disclosure meets an employment requirement or is made to an Agent. Radial shall enter into contracts to ensure that any Third Party to whom Personal Data may be disclosed is aware of and adheres to the Principles or is subject to law providing the same level of privacy protection as is required by the Principles and agrees to provide an adequate level of privacy protection. The Company shall also, upon notice, take reasonable and appropriate steps to stop and remediate unauthorized processing by Third Parties and agrees to provide a summary or a representative copy of the relevant privacy provisions of its contracts with agents of the DOC upon request.
The storage by the Company of Personal Data on servers and/or on software made available or hosted by Third Party vendors shall not be considered disclosures of Personal Data to a Third Party so long as the Third Party vendor does not have direct access to the Personal Data stored or hosted. In all events, Radial shall ensure by contract that any such Third Party vendor (1) is aware of the Principles, (2) is subject to laws providing the same level of privacy protection as is required by the Principles, or (3) has contractual safeguards in place to protect the Personal Data.
Radial is responsible for the processing of personal data it receives, under the Privacy Shield Framework, and subsequent transfers to a third party acting as an agent on its behalf. Radial complies with the Privacy Shield Principles for all onward transfers of personal data from the EU, including the onward transfer liability provisions.
Radial is not required to identify the sources of Personal Data when such identification is not possible through reasonable efforts, or where the rights of persons other than the affected Data Subject would be violated. If there are compelling grounds to doubt the legitimacy of a Data Subject’s request for rectification, amendment or deletion of his or her Personal Data, Radial may require further justifications before performing the Data Subject’s request. Radial is not required to notify Third Parties to whom the Personal Data has been disclosed of any rectification, amendment or deletion when such notification involves a disproportionate effort or unreasonable burden.
- Security. Radial takes reasonable and appropriate industry-standard administrative, technical and physical measures to protect the confidentiality, integrity and availability of Personal Data, whether in electronic or tangible, hard copy form. Radial shall take reasonable steps to protect Personal Data from loss, misuse and unauthorized access, disclosure, alteration and destruction.
- Data Integrity and Purpose Limitation. Radial limits the collection, use and retention of Personal Data to that which is germane for the purposes for which it was collected or authorized by the Data Subject, or to the extent required by law, and takes reasonable steps to ensure that all Personal Data is reliable, accurate, complete and current. Radial depends on its employees to keep Personal Data reliable, accurate, complete and current and will rely on its employees to maintain the integrity of all Personal Data they provide to the Company. The Company shall also adhere to the Principles for as long as it retains such Personal Data.
- Access. Data Subjects may access their Personal Data and correct, amend or delete inaccurate information or information that is processed against the Principles, except (1) where the burden or expense of providing access would be disproportionate to the risks to the privacy of the Data Subject in the case in question, or (2) for requests which are manifestly abusive, based on unreasonable intervals or their number or repetitive or systematic nature.
- Recourse, Enforcement, and Liability. Radial uses a self-assessment approach or outside compliance review to assure compliance with this Policy and periodically verifies that the policy is accurate, comprehensive for the information intended to be covered, is disseminated to its employees, is completely implemented and accessible and is in conformity with the Principles set forth in this Policy. Radial encourages interested persons to raise any concerns using the contact information provided below and will investigate and attempt to resolve any complaints and disputes regarding use and disclosure of Personal Data in accordance with the Principles.
- In addition, Radial has agreed to cooperate with the European Data Protection Authorities [http://ec.europa.eu/justice/data-protection/article-29/structure/data-protection-authorities/index_en.htm] for the purpose of handling any unresolved complaints regarding Personal Data concerns. Data Subjects (employees) may engage their local Data Protection and/or Labor Authority concerning adherence to the Principles and the Company shall respond directly to such authorities with regard to investigations and resolution of complaints. Under certain conditions, more fully described on the Privacy Shield website [https://www.privacyshield.gov/article?id=How-to-Submit-a-Complaint], you may be entitled to invoke binding arbitration when other dispute resolution procedures have been exhausted.
Limitation on Scope of Principles.
Radial adheres to the Principles, except as required by law, to meet legal, governmental, law enforcement or national security obligations, to protect the health or safety of an individual, to prevent financial loss, or to report suspected illegal activity.
Information We Collect.
We collect and verify your contact information as well as information provided via your employment application. When necessary, we will request your consent to obtain additional information from third parties to verify your employment, credit, criminal or related background information. In these instances, we comply with applicable laws and will notify you accordingly. We also collect information to process medical, stock, bonus, and other benefits we may provide from time to time. In some instances, we may collect sensitive information in the ordinary course of your employment such as health and/or disability information, ethnic background information, details of trade union membership, and the commission of offences. We may also collect next of kin and beneficiary information provided by you during your employment. We also collect other work related information such as, but not limited to, your performance evaluations (including opinions about your performance and/or conduct), job duties, compensation, human resource files, photographs, videos etc. This information is received both directly and indirectly and is maintained in various forms such as hard and electronic copy. The information we collect relating to you is referred to as the “Personal Data” in this Policy.
Use of Personal Data.
We use the Personal Data for the purposes of human resource administration, employment, benefits administration, and general business management. We use Personal Data to process your benefits, compensation, stock option, and bonuses to the extent they are available to you. We use Personal Data to evaluate your workplace performance in the course of managing your employment and to ensure an efficient workplace and to assign the proper duties to the appropriate employees. We regularly use Personal Data to facilitate the communication between both employees and the Company. We may use Personal Data to ensure the safety of the workplace and to provide positive identification. We may also use and/or disclose Personal Data for other business-related purposes.
The Company also processes limited amounts of sensitive information and will do so only in accordance with the law. For example, health information may be processed for the purposes of: administering Company and statutory sick pay, monitoring and managing sickness absences, and complying with legal requirements.
The Company uses Personal Data to ensure that the access, use, and disclosure of information are performed in accordance with workplace policies (including the Company’s monitoring polices with regard to telephone, email, Internet and other company resources) and that the Company Codes of Conduct are followed. We may, to the extent permitted in law, monitor your activities where you use a Company owned device or computer for the Company’s legitimate business interests, such as monitoring your performance and compliance with your obligations and laws, such as: communications with users, access, use, and disclosure of customer, employee and company information. The Company may use, to the extent permitted in law, a number of manual and automated systems/processes to monitor these activities in the event of suspected inappropriate activities or on a periodic basis in order to ensure ongoing compliance.
Transfer and Sharing of Personal Data.
Personal Data may be stored in hard and electronic format locally within the office of your employment as well as in the United States and other countries in which the Company, Company subsidiaries and affiliates (including any joint ventures), agents, or contractors have a physical presence. Some of these countries (including the United States) are deemed by the European Commission to have inadequate data protection laws. Personal Data may be shared in the normal course and scope of business with other Company subsidiaries and affiliates (including any joint ventures) and employees worldwide to facilitate the uses described above. Personal Data may also be shared with third party vendors (e.g. medical benefit providers, retirement benefit providers, etc.), (within Europe and also outside Europe including the United States) whom the Company has chosen to outsource work to, in order to facilitate the uses described above. In the event that data is provided to an outsourced third party, the Company will require the third party to protect your information adequately. As permitted or required by law or requested by regulatory authorities, the Company may share Personal Data with legal and regulatory authorities to comply with an investigation or when we believe in good faith that the disclosure is necessary to: prevent imminent physical harm or financial loss; or report suspected illegal activity.
Access, Modification and Removal of Personal Data.
You have the ability to directly access and update much of the Personal Data you provided through our internal systems automatically. You may also contact your human resources representative for additional access as well as modification of your Personal Data. Upon your request, we will try to accommodate requests to remove non‐essential Personal Data in accordance with law, however the removal of essential Personal Data may affect your workplace duties, responsibilities as well as benefits. You should ensure your Personal Data is kept up-to-date if your circumstances change.
Security of Personal Data.
We use industry standard physical and procedural security standards to protect Personal Data. We deploy encryption, firewalls, access controls, and other procedures to protect Personal Data from unauthorized access. Hard copy Employee files are restricted and are available only to authorized individuals based upon department and employment responsibilities.
Changes to this Policy.
We may amend this Policy consistent with the requirements of Privacy Shield. When we do so, we will also revise the “Last Updated” date at the bottom of this document. We will request that you sign a copy of the revised Policy to confirm your acceptance of the revised terms and post an updated version internally on the Company intranet.
Contact Information for Questions or Complaints related to Personal Data.
Questions, comments, or complaints about this Policy, your Personal Data and/or Radial’s use of your Personal Data should be directed by email to email@example.com, or by regular mail to:
Privacy Manager c/o Legal Department
935 First Avenue
King of Prussia, PA 19406
Acknowledgement and Consent regarding the Processing of Personal Data.
I acknowledge that Radial has a legitimate interest in processing my personal data as described above. If I chose to receive additional services from Radial or a third party contracted by Radial (such as a healthcare insurance or financial services provider), I hereby expressly consent to the use and sharing of my personal information as necessary for Radial or such third party to provide me with such services.
I also agree that the Company may transfer my Personal Data to other undertakings of the group and to Third Parties who perform personnel-related services for the Company.
This shall also apply to the extent that a data transfer is made to countries outside of the European Economic Area.
Effective Date: October 12, 2016
Last Updated: May 2, 2019