Privacy GDPR

 HUMAN RESOURCES DATA PRIVACY NOTICE 

  • PRIVACY NOTICE
    • This Data Privacy Notice (“Notice“) is intended to ensure that you are aware of what personal data CalAmp Corp EU subsidiaries (collectively referred to in this document as “CAEU“, “we“, “us“, “our“) holds and how it uses that data as a data controller. CAEU complies with relevant Data Protection Law, including the EU General Data Protection Regulation 2016/679 (“GDPR“) and any national implementing or supplementing legislation as amended, re-enacted or replaced and in force from time to time.
    • For the purposes of this Notice, “Group Company” means the CAEU companies, their subsidiaries and subsidiary undertakings, and any holding company or parent undertaking of CAEU and all other subsidiaries and subsidiary undertakings of any holding company or parent undertaking of CAEU, in each case, as at the date of this Notice, where “holding company”, “parent undertaking”, “subsidiary” and “subsidiary undertaking” have meanings given to them in Applicable Law .
    • Where you engage with us through our careers web pages please also see our separate Privacy Policy in connection with our use of cookies and your choices in this regard.
    • It is important that you read this Notice carefully, and any data privacy notice that we may subsequently provide to you, so that you are aware of and understand how and why we are processing your personal data.
  • SCOPE
    • This Notice applies to you, whether you are a past, current or prospective employee (including those that may be unsuccessful in the application process), worker, applicant, interview candidate, intern, agency worker, consultant, individual contractor, officer or director. It also applies to third parties whose information you provide to us in connection with our relationship with you. For example, in respect of emergency contact information or spouse and dependents (information provided to us for health insurance and life assurance policies).  Please ensure that you provide a copy of this Notice to any third parties whose personal data you provide to us.
    • This Notice applies to all personal data relating to you collected, maintained, transmitted, stored, retained, or otherwise used (i.e. processed) by us regardless of the media on which that personal data is stored.
    • Where we refer to ’employee’, ’employee personal data’ or ’employment’ in this Notice, we do so for convenience only, and this should in no way be interpreted as purporting to confer employment status on non-employees to whom this Notice also applies. This Notice does not form part of any contract of employment.
    • We may update or otherwise amend this Notice at any time and will notify you in writing of any changes and where necessary, will obtain your consent to any material changes affecting the processing of your personal data.
  • CONTROLLER
    • The following CAEU Company is responsible for the collection and processing of your personal data depending on which entity is identified to you at the point you apply for employment with us or with whom you are or have been, subject to any contract of employment.
      • CalAmp UK Limited (‘CAUK‘) – with a registered address at 5 New Street Square, London, EC4A 3TW [add email address]
      • Tracker Network (UK) Limited (‘TNUK‘) – with a registered address at 6-9 The Square, Stockley Park, Uxbridge, Middlesex, UB11 1FW. [add email address]
      • LoJack Italia srl (‘LJIT‘) – Via Novara 89 20153 Milano Italy.[add email address].
  • Your Personal Data

What is personal data?

Personal Data” is defined as any data relating to a living individual who can be identified directly from that data or indirectly in conjunction with other information. You have the right to expect that personal data (including special personal data, as described below) disclosed by you to CAEU in the course of your employment will be kept confidential. We hold some or all of the types of personal data set out in Appendix 1, in relation to you.

  • NATURE, PURPOSE & LEGAL BASIS FOR PROCESSING PERSONAL DATA
    • We will hold, process and may disclose personal data provided by you for the following purposes:
for Processing Legal Basis for Procesing
  • Recruitment/appointment, including processing and assessing your job application/appointment;
  • Providing you with building and IT access;
  • Payroll and finance including paying salary, reimbursing expenses and other payments;
  • Benefit payments and administration;
  • Performance appraisals, management of performance, work skills, certifications, licenses and competencies;
  • Administering employment termination.
  • Each of these purposes is necessary:
  • to take steps at your request in order to assess your application for a contract of employment and, where your application is successful;
  • for performance of your contract of employment with us.
  • Monitoring use of IT and communications in accordance with our IT, email and internet policy;
  • Providing references;
  • Business planning and transactions;
  • Investigating non-compliance with CAEU policies or applicable laws and dealing with legal claims;
  • Investigating and responding to complaints from personnel, clients, service providers, business partners, regulators;
  • Business Development (your name, contact details and profile, together with a photo may be placed on our internet, intranet and from time to time in trade publications including online publications); quality control purposes, and to notify clients of business contact details;
  • Training records and requirements.
Each of these purposes is necessary for our legitimate interest in managing our business including legal, personnel, administrative and management purposes provided our interests are not overridden by your interests.
  • Manage health and safety at work and report on incidents;
  • Comply with our regulatory (for example disclosing tax data) and professional requirements;
  • Keeping attendance and working time records;
  • Monitoring and promotion of equal opportunities;
  • Prevention and detection of crime;
  • Regulatory requirements.
Ø  Each of these purposes is necessary  in order for us to comply with any legal or regulatory obligations, including as applicable:

to CAUK and TNUK:

·       the Health and Safety at Work Act 1974;

·       the Income Tax (Earnings and Pensions) Act 2003;

·       the Working Time Regulations 1998;

·       the Equality Act 2010.

to LJIT:

·

 

  • We will only use your personal data for the purposes for which we collected it unless we reasonably consider that we need to use it for another purpose that is compatible with the original purpose. If we need to use your personal data for an unrelated purpose, we will notify you in advance and explain the basis upon which that is necessary.
  • Special Categories of Personal Data

What is special personal data?

  • Certain categories of your personal data are regarded as ‘special’. Special data includes information relating to an individual’s:
  • Physical or mental health;
  • Religious, philosophical or political beliefs;
  • Trade Union membership
  • Ethnic or racial origin;
  • Biometric or genetic data; and
  • Sex life or sexual orientation.

Purpose and Legal Basis for processing special personal data

  • We only process such data where necessary for the purpose of carrying out the obligations, and exercising specific rights, of CAEU or of an employee under employment law or for the assessment of your working capacity. See Appendix 1.
Purpose for Processing Legal Basis for Processing
Ø  Physical or mental health data – assessing working capacity or adjustments required as a result of a disability and administering applicable illness benefits Ø  Physical or mental health data will only be collected and used in so far as it is necessary for the purposes of carrying out an obligation in the field of employment and social security and social protection law, or exercising specific rights of CAEU, when the use is authorised by law. for example:

·        in the UK, order to comply with our obligations under the Health and Safety at Work Act 1974 and the Equality Act 2010.

·        In Italy

 

Ø  Data relating to racial or ethnic origin – employees and prospective employees are required to provide documentation in relation to their right to work in Ireland. Ø  Data in relation to an individual’s racial or ethnic origin may be collected and used in so far as it is necessary for the purposes of carrying out an obligation in the field of employment and social security and social protection law, or exercising specific rights of CAEU, when the use is authorised by law., for example:

·        in the UK in order to comply with our obligations under the Immigration, Asylum and Nationality Act 2006.

·       In Italy

  • We will only process data relating to your criminal convictions or involvement in criminal proceedings when permitted by law, or where provided voluntarily by you.
  • Consent
    • In principle, we do not rely on your consent for HR data use. We may, however, from time to time, (i) ask for your consent to use your personal data for a specific purpose; and/or (ii) process your personal data (including “special data”) in order to protect your vital interests or the interests of another. If we do so, we will provide you with full details of the data that we would like and the reason we need it. We will also inform you about the fact that you can revoke your consent at any time and how you should do that. You should be aware that withholding your consent will never have an impact on your employment with us or otherwise negatively affect you and that it is not a condition of your contract with us that you agree to any request for consent from us.
  • Where you do not provide us with your Personal Data

If you do not provide us with your personal data we may not be able to process your job application, suitability for a particular role, your pay or other benefits, comply with our legal obligations or manage our business. We will tell you when we ask for information which is a statutory or contractual requirement or needed to comply with our legal obligations. 

  • Recipients of Your Personal Data
    • Where this is relevant to their role, your line managers, members of the HR team and in some cases certain colleagues will have access to some of your personal information.
    • We may disclose your personal data to a Group Company including, without limitation, for the following reasons: in order to run global processes, carry out group wide reporting, or take decisions about hiring or promotion.
    • It may be necessary from time to time for us to disclose personal data to third parties or agents, including without limitation to the following:
  • Third parties to assist us in the administration, processing and management of certain activities pertaining to past, current and prospective employees including verification, payroll and technology support services provided by ADP LLC, (including ADP Streamline), and iCIMS Inc., Individuals or companies employed to carry out specific services, functions or consultancy work including external reference agencies and other financial institutions ADP LLC screening services;
  • Relatives or legal representatives of past, current and prospective employees;
  • Regulatory bodies to whom we are obliged or required to disclose information including Courts and Court-appointed persons;
  • Insurance or assurance companies and health insurance providers or trade unions;
  • Legal advisors
  • Medical practitioners
  • Pension providers
  • Potential purchasers or bidders;
  • Relevant Government departments and agencies; and
  • Other support service providers necessary to assist with the above.
    • We will inform you in advance if we intend to further process or disclose your personal data for a purpose other than the purposes set out above. We take all reasonable steps, as required by law, to ensure the safety, privacy and integrity of such data and information and, where appropriate, enter into contracts with such third parties to protect the privacy and integrity of such data and any information supplied.
  • Automated Decision Making and Profiling
    • Automated decision-making takes place when an electronic system uses personal information to make a decision without human intervention. We do not envisage that any decisions will be taken about you using automated means during the course of your employment or engagement with us. However we will notify you in writing if this position changes.
  • Transfer of Personal Data outside the EEA
    • The personal data that we collect from you may be transferred to, and stored at, a destination outside the European Economic Area (EEA), for the purposes described above. Due to the global nature of our business, your personal data may be processed by personnel operating outside the EEA who work for one of our suppliers who act on our behalf. Personal data processed by ADP and ICIMS are subject to the following legal safeguards for processing:
Supplier Location Legal transfer safeguard More information
ADP USA Binding Corporate Rules for Processors https://www.adp.co.uk/privacy-statement/
ICIMS USA Privacy Shield https://www.privacyshield.gov/list

Personal data may also be disclosed to our Group Companies outside the EEA, including in particular to the United States of America. Any such transfers will be subject to appropriate legal safeguards for transfers, including transfers conducted under EC approved model contractual clauses relevant to personal data transfers (https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_en) or as otherwise permitted by way of legal derogations for specific situations (such as a transfer necessary to affect a change of the terms of your employment with a different Group Company.

  • Security and Storage of Personal Data
    • We have security measures in place to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, or inappropriately altered or disclosed. In addition, we limit access to your personal information (in both electronic and paper form) to those who have a legitimate and justifiable reason to process that information. They will only process your personal information on our instructions and they are subject to a duty of confidentiality.
    • We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach as appropriate and in accordance with our legal obligations.
  • Employee responsibility
    • Each employee has a personal responsibility to ensure that any personal data in relation to employees of CAEU to which he/she has access in the course of his/her work is protected from unauthorised access or disclosure.
    • Employees should be aware that disclosure by any employee of another employee’s personal data in contravention of this Notice will be treated by us as a disciplinary offence. It should also be noted that, under Data Protection law, individuals may be fined and/or prosecuted for any improper use or unauthorised disclosure of such personal data.
  • Data Retention
    • Data will be stored for as long as required to satisfy the purpose for which the data was collected and used, unless a longer period is necessary for our legal obligations or for the exercise or defence of legal claims. Usually, we retain data relating to applications for employment for the term of the application process and for a period after a position is filled in where we would like to consider you for other employment opportunities). In the case of employees, we retain certain data relevant to the employment contract for the duration of your employment with us.
    • Statutory retention periods apply to certain records (for example, per legislation, employers are obliged to keep records of their employees’ working time for a period of up to three years) and statutory retention periods can vary depending on the type of data. Our retention practices are reviewed and updated from time to time in line with legal requirements and best practice.
  • Your Data Rights
    • You have several rights in relation to your personal data. You have a right to:
  • access a copy of your personal data held by us;
  • request rectification of your personal data if it is inaccurate or incomplete;
  • request erasure of your personal data in certain circumstances;
  • restrict our use of your personal data in certain circumstances;
  • move (or port) personal data which is automated in certain circumstances;
  • object to the processing of your data where our legal basis for processing your data is our legitimate interests;
  • not to be subject to a decision based on automated processing, including profiling which has legal or similar significant affects;
  • withdraw consent at any time without affecting the lawfulness of processing based on consent before its withdrawal; and
  • lodge a complaint with your applicable data protection authority, which for the UK will be Information Commissioner’s Office, (www.ico.org.uk) or for Italy the Garante (garanteprivacy.it)  (if you are unhappy with how your personal data is being handled).
    • However, these rights may not be exercised in certain circumstances, such as when the processing of your data is necessary to comply with a legal obligation or for the exercise or defence of legal claims. If you wish to exercise any of your rights in this regard please contact [SVP, Human Resources].. We may request proof of identification where necessary to verify your request.
  • Further Information
    • If you require any further clarification regarding this Notice, please contact: [SVP, Human Resources]

This Notice was last updated on [          ]

Appendix 1

 

General Personal Data

Depending on the nature of your engagement with us, we may process certain of the below categories of General Personal Data. In particular:

Status General Personal Data Categories
Applicants Personal, Professional,
Employees Personal, Family, Emergency Contact, Professional, Financial, Employment, Premises and IT access, Fees, remuneration and benefits, Leave, Performance management, Training and development, Disciplinary, General Correspondence/meetings, Termination, Incapacity
Past Employees Personal, Family, Financial, Fees remuneration and benefits, Leave, Disciplinary, Correspondence/meetings, Termination
  • Personal– contact/identifying details including name, address, email address, date of birth, , gender, nationality,;
  • Family – civil status,domestic partners, dependents
  • Emergency Contact – name and contact details of emergency contacts (as set out above, you must provide a copy of this Notice to any third parties whose personal data you provide to us);
  • Professional – Curriculum Vitae and/or application form, previous employment background, references from previous employers, record of interview/interview notes, selection and verification records, educational details, professional and/or academic transcripts, professional certifications, special skills including (driver) licenses, language skills, memberships of committees or other bodies;
  • Financial – salary and benefit details including bank details, National Insurance number, tax information;
  • Employment – work contact details (corporate email address and telephone number), identification number, photograph, details regarding the job function, primary work location, working hours, employment status, your terms and conditions of employment or engagement, contract of employment, signed confidentiality agreement, immigration status, work permit details, job description, history and details of current position;
  • Premises and IT access – information required to access the business systems and applications such as email account and system passwords, login and access records ,download and print records, call recordings, records of email and internet usage in accordance with our email and internet policy, CCTV images captured through the legitimate use of CCTV within the business;
  • Fees, remuneration and benefits –fees/payment and benefits package, base salary, bonus, compensation type, long term incentives, pension scheme, health insurance scheme (and any third party beneficiaries), car scheme, company credit card data, salary reviews;
  • Leave – including documentation which may be provided in connection with any statutory leave, sick leave, holiday and family related leave records, garden leave, and any other type of leave such as unpaid leave and study leave;
  • Performance management – performance assessments/meetings (including probationary assessments), colleague and manager feedback, appraisals, outputs from talent programs and formal and informal performance management processes;
  • Training and development – such as data relating to training and development needs or training received;
  • Disciplinary – such as any personal data contained in records of allegations, investigation and proceeding records and outcomes;
  • General correspondence/meetings – relating to grievance and/or disciplinary processes, misconduct or performance issues, data arising in connection with litigation and complaints, involvement in incident reporting and disclosures;
  • Termination – for example, dates and reason for leaving, termination agreements and payments, exit interviews and references;
  • Incapacity – any accommodations or adjustments in connection with any incapacity;
  • Securities trading statements including information relating to family members and other accounts under employees’ control, details of any shares of common stock or directorships;
  • Information about outside activities for employees and family members;
  • Information about gifts received/given for the employee and family members; and
  • Information about potential conflicts with your family members that impact on your role or with the Company in general.

Special Categories of Personal Data

 

Special categories of personal data will only be collected and used in so far as such is necessary for the purposes of carrying out an obligation in the field of employment/social security/social protection law, or exercising specific rights or when the use is authorized by law or for the assessment of working capacity.

 

 

  • Physical or mental health data – such as information about your physical or mental health or condition; for example, we record employees days of sickness, or workplace adjustments due to health reasons.
  • Other special categories of personal data – such as racial or ethnic origin; religious or similar beliefs; membership of a trade union; the commission or alleged commission of any offence; and any proceedings for any offence committed or alleged to have been committed, the disposal of those proceedings or the sentence of any court in those proceedings.