Data protection notice

Gelato data protection notice version 2021.04.14

Scope

This notice explains how Gelato handles the personal data of employees, applicants, interns, former employees, dependents, beneficiaries, contractors, consultants and temporary agency workers in the course of its human resources activities. We may amend this notice from time to time, should it become necessary to do so.

Collection and Use of Personal Data

We may process your personal data for legitimate business purposes to administer our employment or contractual relationship with you and to run our businesses. We may collect, use and transfer your personal data through automated and/or paper-based data processing systems such as Workable and HiBob. We have established routine processing functions (such as processing for regular payroll). We also process personal data on an occasional or ad hoc basis (such as when an employee is being considered for a particular new position or in the context of changes to its marital status for example).

In the normal course of human resources activities, we can collect the following types of personal information:

  • Personal identification information, such as your name, home address, date of birth, gender, work- related photographs, passport and mobile phone number;

  • Government-issued identification numbers, such as national ID for payroll purposes;

  • Immigration, right-to-work and residence status;

  • Family and emergency contact details;

  • Job-related information, such as years of service, work location, work record, vacation, absences, and contract data;

  • Educational and training information, such as your educational awards, certificates and licenses,

  • Recruitment and performance-related data, such as objectives, ratings, comments, feedback results, career history, work equipment, career and succession planning, skills and competencies and other work-related qualifications;

  • Information needed for compliance and risk management, such as disciplinary records,background check reports and security data; and

  • Payroll- and payment related information, such as salary and insurance information, dependents, government identifier or tax numbers, bank account details, and employment related benefits information.

We process personal information for the following purposes: (1) workforce planning, recruitment and staffing; (2) workforce administration, payroll, compensation and benefit programs; (3) performance management, learning and development; (4) advancement and succession planning; (5) legal compliance, including compliance with government authority requests for information and tax compliance; (6) workplace management, such as travel and expense programs and internal health and safety programs, (7) internal reporting, (8) audit; (9) to protect Gelato, its workforce, and the public against injury, theft, legal liability, fraud or abuse; and (10) other legal and customary Gelato Data Protection Notice v. 2021.02.25 business-related purposes.

In addition, we may process sensitive personal information if it is needed for legitimate business objectives or if it is required to comply with applicable law. Sensitive personal information will not be collected, processed or transferred, except where adequate privacy protection mechanisms are in place and after having first obtained your informed consent.

Disclosures

We may disclose your personal data for legitimate purposes in the following circumstances to:
• Other Gelato entities, joint ventures, subcontractors, vendors or suppliers who perform services on our behalf for the aforementioned purposes;
• A newly formed or acquiring organization if Gelato is involved in a merger, sale or a transfer of some or all of its business;
• Any recipient, if we are required to do so, such as by applicable court order or law;
• Any recipient, with your consent, such as for employment verification or bank loans; or
• Any recipient when reasonably necessary such as in the event of a life-threatening emergency.

Choice

We respect your right to object to any uses or disclosures of your personal data that are not (i) required by law, (ii) necessary for the fulfillment of a contractual obligation (e.g., employment contract), or (iii) required to meet a legitimate need of Gelato as an employer (such as disclosures for internal auditing and reporting purposes or other processing covered by this notice). If you do object, we will work with you to find a reasonable accommodation.

International Transfers

Your personal data may be transferred outside of the country where you work, including to countries that do not provide the same level of protection for your personal data. Gelato is committed to protecting the privacy and confidentiality of personal data when it is transferred. Where such transfers occur, we will assure that adequate protection exists either through appropriate contractual arrangements or as required by law.

Accuracy

We take reasonable steps to ensure that personal data is accurate, complete, and current. Please note that you have shared responsibility with regard to the accuracy of your personal data. Please notify Human Resources of any changes to your personal data or that of your beneficiaries or dependents.

Access

Employees may reasonably access and update the personal data pertaining to them that is in HiBob. Employees can exercise this right by updating their profile page and by contacting Human Resources or the Data Protection Officer.

Security

Gelato takes precautions to protect personal data from loss, misuse, and unauthorized access, disclosure, alteration, and destruction. We have taken appropriate technical and organizational measures to protect the information systems on which your personal data is stored and we require our suppliers and service providers to protect your personal data by contractual means.

Retention

Your personal data will be retained as long as necessary to achieve the purpose for which it was collected, usually for the duration of any contractual relationship and for any period thereafter as legally required or permitted by applicable law. For applicants and former employees, the personal data will be deleted after one year. Deletion sooner will be made upon request to HR, your Manager or to [email protected]

Handling Privacy Concerns

If you have any questions about this notice or if you believe that your personal data is not handled in accordance with the applicable law or this notice, you have several options:

  • Contact the Privacy Officer at [email protected], - Discuss the issue with your manager,

  • Contact the Human Resources department.