First Orion HR privacy notice – Global
January 1, 2023
This HR Privacy Notice (the “Notice”) informs employees and prospective employees of First Orion around the world (“you” or “Employees”) about the Processing of their Personal Data by First Orion Corp. (collectively “First Orion”, “we”, “us” and “our”).
First Orion is the data controller for the processing of your Personal Data as described in this Notice.
- What is covered by this Notice
This Notice applies to the Processing of your Personal Data in the context of your recruitment and/or employment with First Orion. “Personal Data” is any information relating to you as an identified or identifiable individual and “Processing” is any operation (or set thereof) which is performed on that Personal Data.
Within the category of Personal Data, are “special categories of personal data”, which require a greater degree of protection whilst Processing. This includes data on physical and mental health, racial or ethnic origin, political opinions, trade union membership, religious beliefs, sexual life and genetic and biometric data.
- Personal Data that First Orion Processes about Employees
First Orion may collect the following categories of Personal Data, either directly from Employees, or from other sources including benefits providers, background check agencies, and third parties such as past employers:
- Contact details (business and personal), including name(s), physical address, phone number(s), email, and emergency contact information.
- Demographic information, including date and place of birth, nationality, gender, marital/ civil status, language, and citizenship/visa information.
- Family details which means information relating to Employee family members and emergency contacts.
- Identity information, including social security number, national insurance number, passport number, driver’s license number or other national ID as permitted by law.
- Recruitment information including your application form, CV, references, educational and professional qualification, previous employers, rehiring information, promotion information, lateral move information and position changes.
- Information about an employee’s roles, responsibilities and job performance, including your employment contract (and all modifications); information about previous and current duties and responsibilities; hire date; employee identification number; attendance; department; supervisor; employing entity; performance evaluation and assessments; and history of professional development (including any certifications, professional licenses and specialized training).
- Information about an employee’s compensation, reimbursement, and taxes, including salary, bonuses and additional allowances, benefits, details of bank account and pay slips, information on business travel and expenses, vacation claims and paid time off, full-time and part-time arrangements; marital status; information about parental leave (if applicable), promotions, and tax number and code.
- Information on the use of the company equipment and IT systems, including CCTV footage, security access control systems information, information on use of IT systems, and biometric information for verification purposes.
If there is a change in your information (e.g., contact details, family details, identity information, bank account information or tax number and code), it is important that you let the HR department in your country know as soon as possible so our records can be updated.
- How long we store your Personal Data
- Purpose and Legal Basis for the Data Processing
First Orion Processes Personal Data for the following purposes:
- staff administration and HR management, including to plan and administer personnel matters, salary payments and the administration and granting of benefits, complying with health & safety regulations, for social security and tax administration and all other processing related to the management of the employee contract;
- ensuring the safety and security of our premises, operations and systems, including managing admission control, ensuring the security off First Orion’s facilities and networks, managing admission control, monitoring IT use in accordance with the Employee Handbook, where allowed by applicable law, prevention of fraud and other crime to ensure the security of premises and information, business continuity and disaster recovery;
- performance review and workforce planning, management of absences, training and professional development, conduct disciplinary and grievance proceedings;
- legal and compliance purposes, including defending our position in case of a legal dispute, to comply with employment laws and prevent illegal working, ensuring compliance with company policies and requirements imposed by regulatory authorities, and conducting investigations into security and compliance concerns in cases of misconduct;
- management of our business, including undertaking business analytics and workplace planning (administrative and organizational), invoicing customers, various reporting purposes, internal communications, including the intranet, business records, address book, and internal newsletters, and communication with business partners, vendors and suppliers, performing due diligence activities as well as the administration and care of business and contact data; and
- staying in touch with you with news about happenings at First Orion.
We Process Personal Data on the basis of several legal justifications:
- For Contractual Purposes: We have obligations towards our Employees under the terms of their employment contracts and need to ensure we meet those obligations.
- For our Legitimate Interests: First Orion has a legitimate interest in conducting its business and ensuring business continuity, defending its legal position and enforcing its policies.
- To Fulfill a Legal Obligation: Certain laws and regulations may require First Orion to Process the Personal Data of Employees in order to comply with our legal or regulatory obligations.
First Orion may also Process “special categories of personal data” but only where that Processing is required by law (such as trade union membership), where it is in the public interest (such as data on race or ethnicity for equal opportunity measures) or where you have made that data manifestly available to First Orion. In limited circumstances, First Orion may seek your explicit consent to process such data. It is not, however, a condition of your contract that you agree to any such request by us.
Personal Data you provide to us about your family members will be Processed by us for a variety of reasons, including as an emergency contact, the administration of pension and/or retirement plans, insurance programs and schemes, or otherwise as part of your benefits package. It is your responsibility to inform your family about the processing of their Personal Data for these purposes and to confirm that they have given their permission.
- How we share your Personal Data
For the purposes set out in Section 4 above, First Orion may share your Personal Data with other parties, including with our affiliates and other entities within our group that are located outside your country of residence.
Other recipients of your Personal Data include our service providers who perform services on our behalf such as payroll providers, HR service providers, IT companies or service providers, cloud processors, security companies, e-learning platforms, and other service providers appointed by First Orion from time to time. Also, we share your Personal Data with government entities, always associated with the labor relation.
We may also disclose your Personal Data to third parties where it is in our legitimate interest to do so, including to a potential buyer or seller of any business or assets, and to government/ state related agencies where we are under a duty to disclose or share your Personal Data in order to comply with a legal obligation.
Your Personal Data may be transferred outside your country of residence, to countries that may not offer an equivalent level of protection. Regardless of where your Personal Data is transferred, we shall ensure that relevant safeguards are in place to afford your information adequate protection in accordance with applicable legal requirements. Where data is transferred between First Orion entities, it is on the basis of the EU Standard Contractual Clauses. Further details regarding the relevant safeguards can be obtained from us on request.
- Employees’ Personal Data Rights
Depending on your country of residence, you may have the right to:
- Request access to and receive information about the Personal Data we maintain about you, to update and correct inaccuracies in your Personal Data, to restrict or to object to the processing of your Personal Data, to have the information anonymized or deleted, as appropriate, or to exercise your right to data portability to easily transfer your Personal Data to another company. In addition, you may also have the right to lodge a complaint with a supervisory authority, including in your country of residence, place of work or where an incident took place.
- Withdraw any consent you previously provided to us regarding the processing of your Personal Data, at any time and free of charge. We will apply your preferences going forward and this will not affect the lawfulness of the processing before your consent withdrawal, unless there is any legal basis that obliges the maintenance of the consent and Personal Data.
Those rights may be limited in some circumstances by local law requirements.
You may exercise these rights at any time by contacting us as described at the top of this policy.
- Other privacy notices addressing specific state requirements in the US can be found at https://firstorion.com/ca-hr-privacy-notice/.
We maintain administrative, technical and physical safeguards designed to protect the Personal Data you provide or we collect against accidental, unlawful or unauthorized destruction, loss, alteration, access, disclosure or use.
Highlights of First Orion’s Information Security Policy are available at https://firstorion.com/first-orion-security-overview/.