Evaluating Business Continuity Management Software

Download Fusion's guide "Evaluating Business Continuity Management Software: A Buyer's Guide for Practitioners"

Employee and Applicant Data Protection Notice

Fusion Risk Management, Inc. (“Fusion” or “we,” “us,” or “our”) values transparency regarding use of your Personal Data. This Employee and Applicant Data Protection Notice (“Notice”) outlines our practices regarding the collection, use, storage, transfer, and other processing of personally identifiable information about Employees and Applicants (“Personal Data”).

“Employee” means any individual who currently works for or has worked for Fusion in the capacity as an employee.

“Applicant” means any internal or external job applicants, including employee referrals and applicants who have applied directly through our website here as well as through third-party agencies and recruiters on behalf of candidates.

Personal Data Collected

Fusion collects, uses, stores, transfers, and otherwise processes certain Personal Data in order to effectively run our business. We only collect Personal Data that is directly relevant to our business, required to meet our legal obligations, or otherwise permissible to collect under local laws.

The categories of data that we collect directly from you during the course of your employment include:

Identifiers (including but not limited to):

  • Personal: Name and contact details (e.g., phone number, email address, postal address, or mobile number) and username and password for the online recruitment system.
  • Family: Information about family and dependents (e.g., for relocation purposes).

Professional Information (including but not limited to):

  • Submitted: Information contained in your resume or curriculum vitae and other documents related to the application or recruitment process (e.g., cover letter, transcripts, and certifications) and other information you may choose to voluntarily submit to us in connection with your application (e.g., information disclosed in an interview or information you volunteer regarding your criminal records history, family history, or personal situation).
  • Discovered: Information from a third party, such as debarment, suspension, or related information as it relates to an award for a contract from a US federal agency or relevant licenses.

Educational Information (including but not limited to):

  • Submitted: Educational details (e.g., educational history, degrees awarded, etc.), post-degree qualifications, certifications, skills, etc.

Employment-related Information (including but not limited to):

  • Employment and Job Information: Job title and/or position and description of responsibilities/duties; job family; location; band/seniority; Employee Identifiers; department; line and sub-line of business; cost center information; employment dates; supervisor/manager/team lead name and contact information; work contact information; termination details.
  • Succession Planning Details: Reporting structure and talent management and succession planning data (including mobility preferences, date assigned to a talent pool, talent pool name and description, areas of expertise, general management experience, leadership behavior, strengths, and development needs).
  • Performance/Development Plans: Performance-related information [including assessments and ratings (results rating, behavior rating, and potential rating)], performance goals description, and key competencies description.
  • Employee Relations Case/Compliance/Legal Management: Areas for development, coaching notes, feedback from others, self-assessment description, manager review description, performance expectations, measurement criteria, action dates, manager progress notes, career development information, employment disciplinary record, activities and investigations, information pertaining to any grievances raised, and termination reason.
  • Global Mobility: Business travel information (including business visa details, travel logs, and itineraries).
  • Physical Security and Life Safety Data: Swipe card entry data; security cameras; photograph (Security ID Card); accident and incident reporting; and data required for purposes related to health and safety in the workplace.
  • Compensation: Compensation information (including base salary, market rates, incentive payment(s), stock options information, and allowances).
  • Employee Benefits Including Retirement: Benefits including family and or other dependent data and retirement information.
  • Employee Administration: Reference letters and Human Resource service center records.
  • Flexible Working Requests: Employee Engagement Survey, personal preferences for events (e.g., dietary requirements), volunteering details, and video and voice recording (e.g., townhalls).
  • Payroll: Social security number or other tax identifier number; bank account details; tax and social security contributions; payroll payments and deductions and other financial information; attendance data; shift and overtime data; and governmental forms (e.g., IRS W2).

Sensitive Personal Characteristics (including but not limited to):

  • Race or Ethnic Origin: Data for diversity or affirmative action plans, where the collection of such data is allowed by law (e.g., race, religion, ethnicity, gender, sex or sexual orientation, veteran status, and/or disabilities including health or mental health).
  • Citizenship: Citizenship confirmation or immigration information (e.g., for visa purposes, right to work information).
  • Other: Other data categories considered sensitive (e.g., trade union membership, genetic information, biometric information, etc.).

Health Information (including but not limited to):

  • Personal: Information about any health issues or disabilities (e.g., your disability status or any requests for accommodation in the application or interview process).
  • Governmental: Information about your health status including Covid-19 vaccination status, where appropriate (e.g., confirmation of your wellness prior to attending an in-person interview if permitted by law).

Internet Activity Information (including but not limited to):

  • Provided: Information you provide to our website or over our Fusion network.
  • Secured: Information about you using cookies and similar technologies when you use the recruitment system and browse our website (see our Privacy Policy for further information about how this works).

Technical Information (including but not limited to):

  • Provided: Information (including username and passwords, IP address, domain, browser type, operating system, self-service password management, click-stream data, and system logs) and electronic and non-electronic content and documents created or produced by you using Fusion’s systems or in the performance of your role within Fusion.

Data We Collect From Other Sources

We may receive Personal Data from you and from other sources, including but not limited to your previous employer, colleagues, managers, supervisors’ references, background check providers, and public sources. Such information includes:

Professional and Employment-related Information (including but not limited to):

  • Personal: Information including background check data, potentially including your criminal records history, employment history, educational history, and/or compensation history; from employment screening agencies; publicly available registers or databases; and former employers and/or educational institutions (as allowed by local laws).
  • References: Information about your performance or conduct from references, other Fusion employees, clients, customers or service providers, or former employers you work with and/or with whom you may have worked in the past who may provide feedback about you and information about you from Fusion employees who interview you and who may provide feedback about you.

Pre-employment Tests (including but not limited to):

  • Fusion: Results from CCAT and other pre-employment screenings as required by role.
  • Third Party: Results from pre-employment drug testing.

Fusion does not sell Personal Data collected from applicants and employees to other sources. Collection, use, processing, disclosure, or international transfer of Personal Data may be by automated or manual means, including by hard-copy or soft-copy documents or other appropriate technology, such as telephone interviews, email, etc.

How We Use Your Personal Data and the Basis on Which We Use It

We limit our use of your Personal Data. We aim to only collect and use your Personal Data for specific, necessary reasons, primarily for evaluating the creation of and maintenance of an employment relationship with you and aim to explain our use of your Personal Data.

For example, we use your Personal Data when:

  • Creating and managing the recruitment system, job applications, interested individuals, and leads.
  • Determining eligibility for hiring, including the verification of references and qualifications and, where permitted by law, administering background checks.
  • Sending you information about the new hire and employee experience at Fusion prior to your first day.
  • Sending, with your consent, information about other positions at Fusion.
  • Administering payroll and benefits as well as processing employee work-related claims (e.g., worker compensation, insurance claims, etc.) and leave of absence requests.
  • Establishing training and/or development requirements.
  • Reviewing work performance, determining performance requirements, or engaging in disciplinary actions or termination.
  • Establishing emergency contacts and responding to emergencies.
  • Complying with laws and regulations (e.g., labor and employment laws, health and safety, tax, and anti-discrimination laws) under judicial authorization or to exercise or defend legal rights.
  • Compiling internal directories, such as employee directories.
  • Detecting, preventing, and responding to fraud or other types of wrongdoing and illegal activities.
  • Performing IT security and administration and for other legitimate purposes reasonably required for day-to-day operations, such as accounting, financial reporting, and business planning.
  • Complying with legal obligations to which we are subject and cooperate with regulators and law enforcement bodies.
  • Responding to your inquiries and requests.

We must have a legal basis to process your Personal Data. In most cases it will be complying with one or more of the following:

  • Our contractual obligations to you or to take steps to enter into a contract with you.
  • Our legal obligations.
  • Our legitimate interests (e.g., to conduct our recruitment processes efficiently and fairly or to manage applicants effectively). When we process Personal Data to meet our legitimate interests, we put in place robust safeguards to ensure that your privacy or other fundamental rights and freedoms are not overridden by our legitimate interest to comply with our legal obligations, for example obtaining proof of your right to work status to enable us to meet relevant obligations.

You are responsible for the content of the information you provide to us and must ensure it is legal, honest, truthful, accurate, and not misleading in any way.

If you do not provide certain categories of Personal Data, we may not be able to accomplish some of the purposes outlined in this Notice, and the issue may need to be escalated to Human Resources to manage as appropriate. Furthermore, if we are required by local law to collect certain data about you, your failure to provide this data may prevent or delay the fulfillment of our legal obligations and may impact our ability to employ you.

Fusion Retention and Your Right to Access, Correct, Update, or Delete Your Data

Fusion may retain your information until the original purpose of collection has been fulfilled. We also may retain your information until lawful completion of our pursuit of legitimate interests, conducting audits, compliance with our legal obligations, resolution of disputes, and/or the enforcement of our agreements.

You may request to access, review, correct, modify, or delete any of the personal information that you have previously provided to us or that we have otherwise collected about you as described in this Notice by contacting us at compliance@fusionrm.com. Where you request that we delete your data, and Fusion complies with such request due to there being no other lawful basis to retain such data, Fusion may retain limited identifying data, such as name, company, and email address, in addition to a record of the deletion request to document our compliance and prevent future use of such data without another lawful basis.

If you are an individual subject to data protection regulations as found here or here, you have the following rights for personal information:

  • To access your Personal Data held by us (right to request and receive information we have about you);
  • To rectify inaccurate Personal Data and, taking into account the purpose of processing the Personal Data, ensure it is complete (right to correct or update inaccurate or incomplete information);
  • To erase/delete your Personal Data, to the extent permitted by applicable data protection laws (right to erasure; right to be forgotten);
  • To restrict our processing of your Personal Data, to the extent permitted by law (right to restriction of processing);
  • To transfer your Personal Data to another controller, to the extent possible (right to data portability);
  • To object to any processing of your Personal Data carried out on the basis of our legitimate interests (right to object);
  • Not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects; and
  • To the extent we base the collection, processing and sharing of your Personal Data on your consent, to withdraw your consent at any time, without affecting the lawfulness of the processing based on such consent before its withdrawal.

The General Data Protection Regulation gives you the right to file a complaint with a supervisory authority, in particular in the European Union (or European Economic Area) state where you work, normally live, or where any alleged infringement of data protection laws occurred. The supervisory authority may be found here.

Automated Decisions About You

We may process your Personal Data using solely automated means to make decisions about your candidacy. This is known as “automated decision-making” and is only permitted when we have a legal basis for this type of decision-making. This may have significant effects for you, namely that you may be rejected for the role you applied for without a recruiter ever reviewing your application. The logic involved is that if an open role is filled while you are in the first or review stage of the recruitment process, your application may not be considered. Our recruiters can reactivate candidates that have been rejected later, if necessary.

Subject to local legal requirements and limitations, you can contact us at compliance@fusionrm.com to request further information about automated decision-making, object to our use of automated decision-making, or request an automated decision to be reviewed by a human being.

Sharing Information

Fusion may share or disclose your personal information under the following circumstances:

  • Consent: We may share or disclose your information at your direction to fulfill an express request or with your express consent.
  • Legal Compliance: Notwithstanding anything to the contrary in this Notice, we may preserve or disclose your information if we believe that it is reasonably necessary to comply with a law, regulation, or a legal request; to protect the safety of any person; to address fraud, security, or technical issues; or to protect our rights or property. However, nothing in this Notice is intended to limit any legal defenses or objections that you may have to a third party’s request to disclose your information, including a government’s request for the same.
  • Change of Control: In the event that Fusion is involved in a bankruptcy, merger, acquisition, reorganization, or sale of assets, your information may be sold or transferred as part of that transaction. This Notice will apply to your information as transferred to the new entity.
  • Contracts and Liability: If you are subject to data protection regulations as outlined here or here, Fusion will not transfer your personal information to any third party except under a contract with the third party that restricts the third party’s access, use, and disclosure of personal information, and Fusion may be liable if the third party fails to meet those obligations, and we are responsible for the event giving rise to damage.

Data Storage and Access by Fusion Personnel

Fusion maintains an electronic record of the Personal Data of the employee. We maintain these records in a secure environment, including our HR Information System, other employee tracking systems, and other case management systems (background screening, physical access, incident management, etc.). Personal Data may be stored in the employee’s home jurisdiction and/or in other jurisdictions in which we operate.

Where permitted by applicable law, access to Personal Data is restricted to those individuals who need such access for legitimate purposes listed above in this Notice, including but not limited to members of the Human Resources Department and the managers in the employee’s line of business and to authorized representatives of Fusion’s internal control functions, such as Operational Risk and Compliance, Information Security, Office of the CFO, and Legal. Access may also be granted where there is a business necessity and where permitted by applicable law.

Data Security

Security is an integral part of our business model, and we put significant resources into making sure your data is protected. This involves technical measures (such as implementing security software) and organizational measures (such as only allowing staff to access your data if there is a business need to do so). These measures are aimed at ensuring the ongoing integrity and confidentiality of Personal Data. We evaluate these measures regularly to ensure the security of the processing.

Data Retention

Fusion will maintain a copy of your Personal Data for as long as we are required to do so by applicable law(s). The criteria used to determine our retention periods include:

  • As long as we have an ongoing relationship with an Employee;
  • As required by a legal obligation to which we are subject;
  • As advisable considering our legal position (such as in regard of applicable statutes of limitations, litigation, or regulatory investigations).

Fusion will maintain Applicant Data until the position you are applying for has been filled, after which we may retain your Personal Data for a period of time that allows us to:

  • Maintain business records for analysis, understanding market trends and/or audit purposes;
  • Comply with record retention requirements as required by local law or other relevant legal or regulatory requirements;
  • Defend, establish, exercise, or bring any existing or potential legal claims;
  • Ensure fraud detection and prevention;
  • Respond to any queries or complaints you may have; and/or
  • With your consent, suggest roles that may be of interest to you.

We will delete your Personal Data when it is no longer required for these purposes. If there is any Personal Data that we are unable, for technical reasons, to delete entirely from our systems, we will ensure that appropriate measures are taken to prevent any further processing or use of the Personal Data.

International Data Transfer

Because we operate in several countries, we may transfer, store, or process your Personal Data in a country different from where you reside. Your Personal Data may be processed in countries that are not subject to an adequacy decision by the European Commission or your local legislature or regulator, and that may not provide for the same level of data protection as your jurisdiction, such as the European Economic Area. In these instances, we put in place appropriate safeguards (such as the Standard Contractual Clauses) to ensure that your Personal Data is adequately protected.

Contact Us and Changes to the Employee and Applicant Policy

If you have questions or concerns regarding the way in which your Personal Data has been used or about this privacy notice, please contact us here.

We are committed to working with you to obtain a fair resolution of any complaint or concern about privacy you may have. If, however, you believe that we have not been able to assist with your complaint or concern, you have the right to file a complaint to the local data protection authority or regulatory body in the country where you reside. If you reside in a country that is a member of the European Union or that is in the European Economic Area, you may find the contact details for your appropriate data protection authority on the following website.

 

Ver.: 1.0

Ver. Date: October 1, 2021