Company Name: 1WorldSync Holdings, Inc. and its subsidiaries and affiliates, including 1WorldSync Inc., (“1WS” or the “Company”).
Company Address: 300 South Riverside Plaza, Suite 1400, Chicago, IL 60606, United States of America
GDPR Compliance Manager: Julio DalMonte, DPO
Contact Details: jdalmonte@1worldsync.com
The Company collects and processes personal data relating to job applicants (in so far as any sections of this privacy notice apply), current and former employees, workers, volunteers, apprentices, interns, and consultants to manage the employment or contractor relationship (“Workforce Data”).
The Company is committed to being transparent about how it collects and uses that data and to meeting its data protection obligations. To the extent that this Workforce Data includes the personal data subject to EU Regulation 2016/679 of the European Parliament and the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC, including the United Kingdom’s substantially similar law as it takes effect in the United Kingdom by virtue of the Data Protection Act 2018 (collectively the “GDPR”), this Privacy Notice summarises your rights and our responsibilities to you. Nothing in this Privacy Notice forms part of any contract, whether of employment, for services or otherwise and may be amended at any time.
The Company collects and processes a range of information about you which is likely to include (as it applies to either an employment, worker or contractor relationship) but is not limited recruitment information such as your application form and CV, references, skills, experience, qualifications, employment history, information provided by recruitment agencies, from social media, membership of any professional bodies and details of any pre-employment assessments and interview notes. Specifics may include:
The Company may collect this information in a variety of ways. For example, data might be collected through application forms, CVs or resumes; obtained from your passport or other identity documents such as your driving licence; from forms completed by you at the start of or during employment or contract; from correspondence with you; or through interviews, meetings or other assessments.
In some cases, with your consent, the Company may collect personal data about you from third parties, such as references supplied by former employers and information from criminal records checks or credit reference agencies as permitted by law. The Company will seek information from third parties only once a job or contract offer has been made to you and will inform you that it is doing so.
Data will be stored in a range of different places (as it applies to either an employment, worker or contractor relationship), including in your application record, personnel or contractor file, and electronic filing system, cloud-based HR Management systems and in other IT systems, including the Company’s email system. As well as having data stored in the UK and EU, we will also have data stored in our US HR system.
The Company needs to process data to enter into or to be in a contract with you and to meet its obligations under your employment or worker contract or your contract for services.
For example, it needs to process your data in order to receive your application for employment or a contract, and assess your suitability for the role, to provide you with the contract, to pay you in accordance with your contract and to administer benefits, pension and insurance entitlements where these are applicable.
In some cases, the Company needs to process data to ensure that it is complying with its legal obligations and to defend against legal claims. For example, it is required to check an individual’s entitlement to work in the applicable country, to deduct tax, to make reasonable workplace adjustments in the case of disability, to comply with health and safety laws and to enable employees or workers to take periods of leave to which they are entitled.
In other cases, the Company has a legitimate interest in processing personal data before, during and after the end of the employment, worker or contractor relationship.
In some cases more than one reason may apply
Processing data allows the Company to (as it applies to either an employment, worker or contractor relationship):
Within the broad range of information which can be personal data, the following are “special categories of personal data” which are subject to a greater degree of protection:
Some special categories of personal data, such as information about health or medical conditions, is processed to carry out legal obligations, such as those in relation to individuals with disabilities
In the case of information about your physical or mental health (including information contained in sickness records) this is to allow the Company to monitor sick leave, assess your working capacity, administer sickness and insurance benefits, take decisions as to an employee’s working capacity and for occupational health purposes.
We may process sensitive data relating to your criminal record where the nature of is necessary to comply with a legal or statutory obligations or under your employment contract (e.g. for insurance) or where you have consented (e.g. background check). Further information about the safeguards applied may be found in the Data Protection Policy.
Where the Company processes other special categories of personal data, such as information about ethnic origin, sexual orientation or religion or belief, this is done for the purposes of equal opportunities monitoring. Individuals are entirely free to decide whether or not to provide such data and there are no consequences of failing to do so. Equal opportunities monitoring data is usually anonymised, at which point it ceases to be personal data as no specific living individual can be identified from it.
We do not take automated decisions about you using your personal data or use profiling in relation to you.
Data may be shared internally, with HR (including payroll), your line manager, managers in the business area in which you work, those involved in the recruitment activity, and other personnel as necessary for them to carry out their role or for the conduct of our business.
The Company shares your data with third parties in order to obtain references from other employers, to obtain background and credit checks from third-party providers and to obtain necessary criminal records checks from the Disclosure and Barring Service.
We are also required by law to share personal data with statutory bodies such as, but not limited to, revenue and customs authorities, national pensions authorities, when applicable the local authority for safety or other worker injury reporting, and when requested to do so the police, court services and similar bodies.
The Company may also share your data with third parties in the context of a sale of some or all of its business. In those circumstances the data will be subject to confidentiality arrangements.
The Company also shares your data with third parties (as it applies to either an employment, worker or contractor relationship) that process data on its behalf, in connection with HR services, payroll, the provision of benefits and the provision of occupational health services as required. These may include but are not limited to:
The data that we collect from you may be transferred to, and stored at, a destination outside the EU/UK. It may also be processed by staff operating outside the EU/UK who work for one of the third parties we contract with and may be engaged in, among other things, processing of HR-related data.
If your personal data is transferred outside of the EU/UK, we do our best to ensure a similar degree of protection in respect of your personal information, as we will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with the provisions set out in the EU and UK implementations of General Data Protection Regulation and any other company policy in effect at any time during or after your employment with us. In particular, 1WS has implemented appropriate cross-border transfer solutions in accordance with the GDPR, such as European Commission Standard Contractual Clauses (also known as Model Contractual Clauses) and the UK’s International Data Transfer Addendum (UK Addendum) as the legal basis for transferring personal data to third countries, including the United States.
In respect of the transfer of personal data to 1WS in the United States, this is done under the EU-US Data Privacy Framework as set out in Commission Implementing Decision of July 10, 2023 pursuant to the GDPR on the adequate level of protection of personal data under the EU-US Data Privacy Framework.
1WS complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. 1WS has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union and the United Kingdom in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF. 1WS has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this privacy notice and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) Program, and to view our certification, please visit https://www.dataprivacyframework.gov/s/
In all cases where 1WS transfers personal information to a third party acting as a controller, 1WS will comply with the Notice and Choice Principles. 1WS. will enter into a contract with the third-party controller that provides that such data may only be processed for limited and specified purposes consistent with the consent provided by you and that the recipient will provide the same level of protection as the Principles and will notify 1WS if it makes a determination that it can no longer meet this obligation. The contract also provides that when such a determination is made the third party controller will cease processing or takes other reasonable and appropriate steps to remediate.
In all cases where 1WS transfers personal data to a third party acting as an agent (processor for GDPR purposes), 1WS will: (i) transfer such data only for limited and specified purposes; (ii) ascertain that the agent is obligated to provide at least the same level of privacy protection as is required by the Principles; (iii) take reasonable and appropriate steps to ensure that the agent effectively processes the personal information transferred in a manner consistent with the organization’s obligations under the Principles; (iv) require the agent to notify 1WS if it makes a determination that it can no longer meet its obligation to provide the same level of protection as is required by the Principles; (v) upon notice, including under (iv), take reasonable and appropriate steps to stop and remediate unauthorized processing; and (vi) provide a summary or a representative copy of the relevant privacy provisions of 1WS’ contract with that agent to the U.S. Department of Commerce upon request.
When we transfer your information to third parties we comply with the requirements of the legal protections that cover your information. For example, when we perform an onward transfer of your information protected under the GDPR, we remain responsible for the processing of your personal information. For information subject to an onward transfer by us under the Data Privacy Framework, we will remain liable under the Data Privacy Framework Principles if a recipient of your protected personal information processes such personal information in a manner inconsistent with the Principles, unless we are able to prove that we are not responsible for the event giving rise to the damage.
The Company takes the security of personal data seriously. The Company has internal policies, procedures, technologies and controls in place, from the point of collection to the point of destruction, to protect personal data against loss, malicious or accidental destruction, misuse or disclosure, and to ensure that data is not accessed, except by individuals in the proper performance of their duties.
If your application for employment is unsuccessful, the Company will hold your data on file for six months after the end of the relevant recruitment process. If you agree to allow the Company to keep your personal data on file, the Company may hold your data on file for a further six months for consideration for future employment opportunities. At the end of that period, or if you withdraw your consent earlier, your data will be deleted or destroyed.
The Company will hold your personal data for the duration of your employment or contract and thereafter for as long as necessary for the purposes for which we collected it and in accordance with the data retention periods set out in this document.
The Company shall not retain any personal data for any longer than is necessary considering the purpose(s) for which that data is collected, held, and processed.
When establishing and/or reviewing retention periods, the following shall be considered:
We are required to keep some personal data for specified time periods in order to comply with legal obligations or in order to protect the business; it is therefore our intention to retain your personal data as follows:
As a data subject, you have a number of rights – you can:
If you would like to exercise your rights under this Policy or the GDPR, or would like to lodge a complaints with respect to the implementation of this policy and our processing of your personal data, please contact:
Chicago, Illinois
Julio DalMonte
VP Technology Operations
jdalmonte@1worldsync.com
312-463-4416
Please note that we may request official identification information, such as a copy of your ID card, drivers’ license, etc. from you when you submit a complaint.
You have the right to make a compliant to: in the case of individuals habitually resident in the United Kingdom, to the Office of the Information Commissioner; for those habitually resident in EU member states to the applicable supervisory authority in the country of habitual residence; and for those habitually resident in Switzerland, to the FDPIC. This is in addition to your right to complain to the Federal Trade Commission.
Please note that we are subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC).
In respect on a complaint about 1WS and in compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, 1WorldSync Inc. commits to cooperate and comply respectively with the advice of the panel established by the EU data protection authorities (DPAs) and the UK Information Commissioner’s Office (ICO) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to unresolved complaints concerning our handling of human resources data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF in the context of the employment relationship.You may, subject to its terms, invoke binding arbitration against 1WS in accordance with Annex I of the DPF Principles:https://www.dataprivacyframework.gov/s/article/ANNEX-I-introduction-dpf?tabset-35584=2 This provides that you may invoke binding arbitration by delivering notice to 1WS and following the procedures and subject to conditions set forth in Annex I of the Principles.
Applicants for employment or a contract are under no statutory or contractual obligation to provide data to the Company during the recruitment process. However, if you do not provide the information, the Company may not be able to process your application properly or at all.
Once offered a position you have some obligations under your employment contract or contract for services to provide the Company with data. You are required to report absences from work and may be required to provide information about disciplinary or other matters under the implied duty of good faith. Failing to do so may breach the terms of your contract with the Company.
Where applicable, you may also have to provide the Company with data in order to exercise your statutory rights, such as in relation to statutory leave entitlements. Failing to provide the data may mean that you are unable to exercise your statutory rights.
Certain information, such as contact details, your right to work in the applicable EU/UK jurisdiction, and payment details, have to be provided to enable the Company to enter into a contract with you and for us to meet our legal obligations. If you do not provide this information, and update it as necessary, this will hinder the Company’s ability to administer the rights and obligations arising as a result of the employment or contractor relationship efficiently.