Available in: Polish
Effective Date: April 4, 2022
1. Like most businesses, we hold and process a wide range of information, some of which relates to individuals who work for us. This Privacy Notice explains the type of information we process, why we are processing it and how that processing may affect you.
The notice focuses on individuals who work for FourKites (including NIC GmbH), whether employed by us or not. It also covers information on former employees. Please note that for the purposes of this Privacy Notice, the relevant FourKites entity is the entity with whom you are employed or otherwise engaged by as a staff member.
This Privacy Notice is made up of this Core Notice, the Supplementary Information and the Appendices. Please read this Core Notice for a summary of the information we process, why and how we are processing it. Follow the references to the relevant sections of the Supplementary Information for more detail.
Please also read the Appendix relevant to the country in which you are employed or engaged for, where relevant, specific information as it relates to your country.
In the Supplementary Information, we explain what we mean by “Personal Data”, “processing”, “Sensitive Personal Data” and other terms used in the notice.
2. In brief, this notice explains:
3. We process your Personal Data for the purposes of our business including management, administrative, employment and legal purposes. The Supplementary Information provides more specific information on these purposes, on the type of Personal Data that may be processed and on the grounds on which we process Personal Data. See Legal grounds for processing Personal Data and Further information on the Personal Data we process and our purposes.
4. Some of the Personal Data that we process about you comes from you. For example, you tell us your contact and banking details.
Other Personal Data about you is generated in the course of your work, for example, from your managers, colleagues and customers or others outside our organization with whom you deal.
Your Personal Data will be seen internally by managers, HR and, in some circumstances, colleagues. We will also pass your data Personal Data outside the organization, for example to people you are dealing with, payroll agencies and other service providers.
Further information on this is provided in the Supplementary Information. See Where the Personal Data comes from and Who gets to see your Personal Data?
5. We do not keep your Personal Data for any specific period but will not keep it for longer than is necessary for our purposes. In general, we will keep your Personal Data for the duration of your employment and for a period afterwards.
See Retaining your Personal Data — more information in the Supplementary Information.
6. We are headquartered in the USA and also have offices in the Netherlands, Germany, Poland, Singapore and India. Our HR and finance team is based in the USA, the Netherlands, Germany and India. Therefore, in connection with our business and for employment, administrative, management and legal purposes, we will transfer your Personal Data outside the EEA to other companies in the FourKites group. We will also transfer it to our third party service providers in other countries.
Further information on these transfers and the measures taken to safeguard your Personal Data are set out in the Supplementary Information under Transfers of Personal Data outside the EEA —more information.
7. You have a right to request to receive information about the Personal Data that we process about you (known as a ‘data subject access request’). Further information on this and on other rights is in the Supplementary Information under Access to your Personal Data and other rights. We also explain how to make a complaint about our processing of your Personal Data.
8. If you are employed in the EEA, in processing your Personal Data, the entity which employs or engages you will be the data controller in relation to your Personal Data. In some cases, FourKites, Inc. will act as data controller.
If you have questions about the way in which we process your Personal Data, please contact us at [email protected].
9. This notice does not form part of your contract of employment and does not create contractual rights or obligations. It may be amended by us at any time.
1. “Personal Data” is information relating to you (or from which you may be identified) which is processed by automatic means or which is (or is intended to be) part of a structured manual filing system. It includes not only facts about you, but also intentions and opinions about you.
Personal Data “processed automatically” includes information held on, or relating to use of, a computer, laptop, mobile phone or similar device. It covers Personal Data derived from equipment such as access passes within a building, data on use of vehicles and sound and image data such as CCTV or photographs.
“Processing” means doing anything with the Personal Data. For example, it includes collecting it, holding it, disclosing it and deleting it.
Personal Data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, health, sexual orientation, sex life, trade union membership and genetic and biometric data are subject to special protection and considered by EU privacy law to be “Sensitive Personal Data“.
References in this Privacy Notice to employment, work (and similar expressions) include any arrangement we may have under which an individual provides us with work or services. By way of example, when we mention an “employment contract”, that includes a contract under which you provide us with services; when we refer to ending your employment, that includes terminating a contract for services. We use the word “you” to refer to anyone within the scope of the notice.
10. Under data protection law, there are various grounds on which we can rely when processing your Personal Data. In some contexts more than one ground applies. We have summarised these grounds as Contract, Legal obligation, Legitimate Interests and Consent and outline what those terms mean in the following table.
| Term | Ground for processing | Explanation |
|---|---|---|
| Contract | Processing necessary for performance of a contract with you or to take steps at your request prior to entering into a contract | This covers carrying out our contractual duties and exercising our contractual rights. |
| Legal obligation | Processing necessary to comply with our legal obligations | Ensuring we perform our legal and regulatory obligations. For example, providing a safe place of work and avoiding unlawful discrimination |
| Legitimate Interests | Processing necessary for our or a third party’s legitimate interests | We or a third party have legitimate interests in carrying on, managing and administering our respective businesses effectively and properly and in connection with those interests processing your Personal Data.
Your Personal Data will not be processed on this basis if our or a third party’s interests are overridden by your own interests, rights and freedoms. |
| Consent | You have given specific consent to processing your Personal Data | In general processing of your Personal Data in connection with employment is not conditional on your consent. But there may be occasions where we do specific things such as provide a reference, deduct union dues or obtain medical reports and rely on your consent to our doing so. |
11. If we process Sensitive Personal Data about you, as well as ensuring that one of the grounds for processing mentioned above applies, we will make sure that one or more of the grounds for processing Sensitive Personal Data applies. In outline, these include:
Processing being necessary for the purposes of your or our obligations and rights in relation to employment in so far as it is authorised by law or collective agreement;
Processing relating to Personal Data about you that you have made public;
Processing being necessary for the purpose of establishing, making or defending legal claims;
Processing for equality and diversity purposes to the extent permitted by law.
12. The Core Notice outlines the purposes for which we process your Personal Data. More specific information on these, examples of the Personal Data and the grounds on which we process Personal Data are in the table below.
The examples in the table cannot, of course, be exhaustive. For example, although the table does not mention Personal Data relating to criminal offences, if we were to find out that someone working for us was suspected of committing a criminal offence, we might process that information if relevant for our purposes.
| Purpose | Examples of Personal Data that may be processed | Grounds for processing |
|---|---|---|
| Recruitment | Information concerning your application and our assessment of it, your references, any checks we may make to verify information provided or background checks (if permitted by local law) and any information connected with your right to work. If relevant, we may also process information concerning your health, any disability and in connection with any adjustments to working arrangements. | Legal obligation
(Decision on entering into a) Contract Legitimate interests |
| Your employment or service contract including entering it, performing it and changing it | Information on your terms of employment or engagement from time to time including your pay and benefits, such as your participation in pension arrangements, life and medical insurance; and any bonus or share scheme | Contract
Legal obligations Legitimate interests |
| Contacting you or others on your behalf | Your address and phone number, emergency contact information and information on your next of kin | Contract
Legitimate interests |
| Payroll administration | Information on your bank account, pension contributions and on tax and national insurance
Information on attendance, holiday and other leave and sickness absence |
Contract
Legal obligation Legitimate interests |
| Supporting and managing your work and performance and any health concerns | Information connected with your work, anything you do at work and your performance including records of documents and emails created by or relating to you and information on your use of our systems including computers, laptops or other device.
Management information regarding you including notes of meetings and appraisal records. Information relating to your compliance with our policies. Information concerning disciplinary allegations, investigations and processes and relating to grievances in which you are or may be directly or indirectly involved. Information concerning your health, including self-certification forms, fit notes and medial and occupational health reports. |
Contract
Legal obligation Legitimate interests |
| Changing or ending your working arrangements | Information connected with anything that may affect your continuing employment or the terms on which you work including any proposal to promote you, to change your pay or benefits, to change your working arrangements or to end your employment | Contract
Legitimate interests |
| Physical and system security | CCTV images
Records of use of swipe and similar entry cards Records of your use of our systems including computers, phones and other devices and passwords. |
Contract
Legal obligation Legitimate interests |
| Providing references in connection with your finding new employment | Information on your working for us and on your performance | Consent
Legitimate interests |
| Providing information to third parties in connection with transactions that we contemplate or carry out | Information on your contract and other employment data that may be required by a party to a transaction such as a prospective purchaser, seller or outsourcer | Legitimate interests |
| Monitoring of diversity and equal opportunities | To the extent required or permitted by local law, information on your nationality, racial and ethnic origin, gender, sexual orientation, religion, disability and age | Consent
Legitimate interests |
| Monitoring and investigating compliance with policies and rules both generally and specifically | We expect our employees and staff to comply with our policies and rules and may monitor our systems to check compliance (.e.g. rules on accessing pornography at work). We may also have specific concerns about compliance and check system and other data to look into those concerns (e.g. log in records, records of usage and emails and documents, CCTV images). | Legitimate interests |
| Disputes and legal proceedings | Any information relevant or potentially relevant to a dispute or legal proceeding affecting us | Legitimate interests
Legal obligation |
| Trade union check off arrangements | Details of trade union membership and deductions of contributions made at source | Contract |
| Day to day business operations including marketing and customer/client relations | Information relating to the work you do for us, your role and contact details including relations with current or potential customers or clients. This may include a picture of you for internal or external use. | Contract
Legitimate interests Consent |
| Maintaining appropriate business records during and after your employment or engagement
|
Information relating to your work, anything you do at work and your performance relevant to such records. | Contract
Legal obligation Legitimate interests |
13. When you start employment with us, the initial Personal Data about you that we process is likely to come from you: for example, contact details, bank details and information on your immigration status and whether you can lawfully work. We may also require references and information to carry out background checks. In the course of employment or engagement, you may be required to provide us with information for other purposes such as sick pay and family rights (e.g. maternity and paternity leave and pay). If you do not provide information that you are required by statute or contract to give us, you may lose benefits or we may decide not to employ / engage you or to end your contract. If you have concerns about this in a particular context, you should speak to HR.
14. In the course of your work, we may receive Personal Data relating to you from others. Internally, Personal Data may be derived from your managers and other colleagues or our IT systems; externally, it may be derived from our Customers, Carriers, Service Provider or others with whom you communicate by email or other systems.
15. Your Personal Data will be disclosed to your managers, HR, finance and administrators for employment, administrative and management purposes as mentioned in this notice. We will also disclose your Personal Data to other companies in the FourKites group as necessary to administer human resources, employee compensation and benefits, as well as for other legitimate business purposes (such as IT services/security, tax and accounting purposes and general business management and planning.
16. We will only disclose your Personal Data outside the group if disclosure is consistent with a ground for processing on which we rely and doing so is lawful and fair to you.
We may disclose your Personal Data if it is necessary for our legitimate interests as an organization or the interests of a third party (but we will not do this if these interests are over-ridden by your interests and rights in particular to privacy). We may also disclose your Personal Data if you consent, where we are required to do so by law and in connection with criminal or regulatory investigations.
17. Specific circumstances in which your Personal Data may be disclosed include:
18. Although there is no specific period for which we will keep your Personal Data, we will not keep it for longer than is necessary for our purposes and as permitted by applicable law. In general, we will keep your Personal Data for the duration of your employment and for a period afterwards. In considering how long to keep it, we will take into account its relevance to our business and your employment either as a record or in the event of a legal claim.
If your Personal Data is only useful for a short period (for example, CCTV or a record of a holiday request), we will delete it once no longer needed.
19. We are headquartered in the USA and we have offices in Germany, the Netherlands, Singapore and India. Our HR and finance team is based in the USA, the Netherlands, Germany and India. Therefore, in connection with our business and for employment, administrative, management and legal purposes, we will transfer your Personal Data outside the EEA to companies of our group as well as to Service Providers. We will ensure that the transfer is lawful and that there are appropriate security arrangements.
We have entered into agreements ensuring appropriate and suitable safeguards with our group members and third party Service Providers, and those agreements incorporate the EU Standard Contractual Clauses (where appropriate). If you wish to see details of these safeguards, please email [email protected].
20We try to be as open as we reasonably can about Personal Data that we process. If you would like specific information, just ask us.
If you make a subject access request and there is any question about who you are, we may require you to provide information from which we can satisfy ourselves as to your identity.
As well as your subject access right, you may have a legal right to have your Personal Data rectified or erased, to object to its processing or to have its processing restricted. If you have provided us with Personal Data about yourself (for example your address or bank details), you have the right to be given the Personal Data in machine readable format for transmitting to another data controller. This only applies if the ground for processing is Consent or Contract.
If we have relied on consent as a ground for processing, you may withdraw consent at any time — though if you do so that will not affect the lawfulness of what we have done before you withdraw consent.
21. If you have questions about the way in which we process your Personal Data, please contact [email protected].
22. If you are employed or engaged within the EEA and you have complaints relating to our processing of your Personal Data, you may raise complaints with the statutory regulator in your jurisdiction. Contact details are available in the Appendices to this notice and, if not listed, here.
23. This notice does not form part of your contract of employment and does not create contractual rights or obligations. It may be amended by us at any time.
If you are employed or engaged by our entity in Germany (NIC GmbH), the following additional information and amendments to the Core Notice and Supplementary Information apply:
1. In addition to the legal grounds set out in the section entitled What are the grounds for processing, the following legal grounds for processing apply if you are employed by our entity in Germany:
| Term | Ground for processing | Explanation |
|---|---|---|
| Employment Contract | Processing is necessary for the decision to enter into, for carrying out and/or for termination of an employment contract. | This will usually cover the application process, all processing that is necessary for your employment relationship with us, and for any processing relating to the termination of the employment relationship. |
2. Where we reference “Contract” as the legal ground for processing in Further information on the Personal Data we process and our purposes we mean “Employment Contract”, to the extent applicable.
3. In Bavaria, Germany, the statutory regulator is the Bavarian Data Protection Authority. For contact and other details see: https://www.lda.bayern.de
If you are employed or engaged by our entity in the Netherlands (FourKites B.V.), the following additional information and amendments to the Core Notice and Supplementary Information apply:
1. In the Netherlands, the statutory regulator is the Autoriteit Persoonsgegevens. For contact and other details see: https://autoriteitpersoonsgegevens.nl
If you are employed or engaged by our entity in Poland (Borville Investments, spółka z ograniczoną odpowiedzialnością (to be renamed to FourKites Poland sp. z o.o. subject to pending registration proceedings)), the following additional information and amendments to the Core Notice and Supplementary Information apply:
1. If you are employed under an employment contract, in addition to the legal grounds set out in the section entitled What are the grounds for processing, the following will apply:
a) The legal grounds for processing your Personal Data will be mainly the provisions of the Labor Code or other specific acts in the field of labor law.
b) Consent may be the basis for processing Sensitive Personal Data about you only if you provide these data to us at your own initiative.
2. If you are employed on the basis of an employment contract, your Personal Data contained in personnel files and payrolls will be processed for a period of 10 years from the end of the employment relationship.
3. In Poland, the statutory regulator is the President of the Personal Data Protection Office. For contact and other details see: https://uodo.gov.pl/.