EMPLOYEE PRIVACY NOTICE
PURPOSE OF THIS NOTICE
XPEL and its affiliated companies are committed to maintaining the accuracy, confidentiality, and security of your personal information. This Privacy Notice describes (1) the types of personal information we collect, (2) how we collect, use, disclose, transfer, and store the information, and (3) your rights as it relates to your personal information.
If you have any questions regarding this Privacy Notice please email email@example.com or call (833) 258-2058.
PURPOSE OF COLLECTING PERSONAL INFORMATION
XPEL collects and processes your personal information to meet our legal, statutory, and contractual obligations. This information enables us to recruit, employ, pay, provide benefits, and train you in the course of your employment with XPEL. XPEL will never collect any unnecessary personal data from you and does not process your information in any way other than as specified in this notice.
USE OF PERSONAL INFORMATION
XPEL only collects and processes your personal information if we have a legal basis for doing so. In addition, XPEL complies with its obligations under applicable data privacy/protection laws by (1) keeping personal data up to date, (2) storing it securely, (3) not collecting or retaining excessive amounts of data, (4) protecting personal data from loss, misuse, unauthorized access and disclosure, and (5) ensuring that appropriate technical measures are in place to protect personal data.
The personal information collected by XPEL is used as follows:
- recruitment and pre-employment screening
- benefits administration
- administration of payment for salary, expenses, bonuses, stock options or other incentives
- performance management and career planning
- monitoring registrations with regulatory bodies
- arranging and coordinating business-related travel, transportation, and accommodation
- obtaining business-related insurance policies
- international assignment administration, including documenting assignment entitlements, obtaining relevant immigration documents, initiating vendor services, fulfilling home/host country tax filing obligations, addressing health requirements
- monitoring and ensuring compliance of employees’ ability to work in a particular country
- absence and sickness monitoring
- vacation and leave request processing
- equal opportunities monitoring
- reporting, including local, regional, company, headcount, management information, demographic and statutory reporting
- administration of termination of employment and/or assignment
- disciplinary, capability, grievance, complaint and code of conduct processes and other investigations
- providing references on your behalf when you request us to do so
- maintaining contact details for you, and your dependents in case of personal or business emergency
- administration and handling of employee claims
- validating identity of personnel
- management of XPEL’s software and hardware computer assets
- staff surveys
- facilitating electronic mail communications from your work account for purposes of conducting XPEL’s business
- whistleblowing reports
- security monitoring
In addition, XPEL may share your information with third-parties that we engage to process your personal data on our behalf. This may include:
- recruitment providers
- payroll and benefits administrators
- technology service providers,
- insurance brokers, providers, and administrators,
- financial institutions,
- travel agencies, or
- our professional service providers including legal counsel, accountants, tax advisors, and consultants.
XPEL may also disclose your personal data to related or affiliated companies where it is necessary for internal reporting, for purposes of the employment relationship and corporate management reasons. XPEL may also disclose your personal data with other business entities in connection with the relocation, assignment, merger, sale, or other transfer of all or a portion of our business or assets to such a business entity. XPEL will use reasonable efforts to ensure that any successor business entity will honor the terms of this Privacy Notice. Where required by law or to protect our legal rights, XPEL may disclose your personal data to government agencies, regulators, and law enforcement agencies.
In all instances, when the processing of personal information is carried out by a third-party data processor on our behalf, XPEL takes steps to ensure that appropriate security measures are in place to prevent unauthorized access to or use of your data.
XPEL retains your personal data no longer than is reasonably necessary for the purposes for which it was collected and processed and in accordance with XPEL’s data retention policy, except as required by applicable law or to comply with our legal obligations, resolve disputes, and enforce our agreements.
PROTECTING PERSONAL INFORMATION
In accordance with applicable data privacy/protection laws, XPEL has implemented appropriate physical, electronic, and administrative safeguards to protect your personal information from loss, misuse, unauthorized access, disclosure, alteration, destruction, or modification.
These measures are regularly reviewed, evaluated, and updated to proactively identify new or emerging security threats.
Where data processing is carried out on XPEL’s behalf by a third-party, XPEL takes steps to ensure that appropriate security measures are in place to prevent unauthorized disclosure of personal information.
TYPES OF PERSONAL DATA COLLECTED
Personal Data is defined as any information that can be used to identify an individual either on its own or when combined with other available data.
XPEL collects personal data about you from a variety of sources including information we collect from you directly. Personal data may be collected from the following sources:
- Submitted CV’s
- Job forums and recruitment agencies
- Direct from candidates for employment and employees
- Applications submitted electronically or through XPEL’s website (xpel.com)
- Enrollment applications for company-provided benefits
- From third-parties with your consent (including references and prior employers)
- Websites associated with you and social media platforms (g., LinkedIn)
- Publicly accessible sources
- Background check service providers as permitted by law
- Employee reviews, evaluations, and internal reporting processes.
The information XPEL collects includes the following categories of personal data:
- First and last name
- Curriculum vitae
- Personal email address
- Performance management reviews
- Personal phone numbers
- Birth country / location
- Marital status/ civil partnership status
- Date of birth / age
- Vacation requests
- Participation in the retirement plan
- Immigration status
- Driver’s license number
- Emergency contact
- Union membership
- Social security number or equivalent
- Employee ID
- Photo and video (for identification purposes)
- Termination date
- Bank details
- Hire date
- Business unit / Department / Job function
- Salary and compensation information
- Employment status, location, cost center
- Standard hours worked
- Disciplinary information
- Absence details
- Corporate credit card information
- Training data
- Professional accomplishments
- Assigned computers/technology
EUROPEAN UNION DATA PROTECTION RIGHTS AND ADDITIONAL INFORMATION
Employees in the European Union are afforded specific rights under the EU’s General Data Protection Regulation (“GDPR”). These rights are discussed in Appendix A to this Privacy Notice. Additional information for employees in the European Union is described in Appendix B to this Privacy Notice.
CHANGES TO THIS PRIVACY NOTICE
XPEL may change this Privacy Notice from time to time. The current version will always be available from XPEL in hard copy and on XPEL’s intranet. Changes and additions to this Privacy Notice are effective from the date they are posted to XPEL’s intranet.
If you have any questions regarding this Privacy Notice, your rights, or XPEL’s use of your personal data, please email firstname.lastname@example.org or call (833) 258-2058.
Effective Date: 08/06/2020
Last Updated: 08/19/2020
Employees in the European Union, unless otherwise provided in the GDPR, have the following rights related to your personal data:
- The right to request a copy of your personal data which the XPEL holds about you.
- The right to request that XPEL correct any personal data if it is inaccurate or out of date.
- The right to request your personal data be erased where it is no longer necessary for XPEL to retain such data.
- The right to restrict the processing of personal data.
- The right to receive the personal data you provided XPEL in a structured and commonly used format so that it can be transmitted to another data controller.
- The right object to the processing of personal data.
- If consent to process personal data was obtained by XPEL, the right to withdraw your consent to the processing at any time.
Please note that the above rights are not absolute, and XPEL may be entitled by law to refuse or limit the requests.
EXERCISING YOUR RIGHTS
You can exercise any of your rights as described in this Privacy Notice and under applicable data protection laws by contacting XPEL as provided in the Contact Information section.
Where XPEL has reasonable doubts concerning the identity of the person making the request, we may request additional information necessary to confirm your identity.
TRANSFER OF DATA ABROAD
In connection with your employment, XPEL may transfer your personal information outside of the EEA to our related or affiliated entities and our third-party service providers located outside the EEA. This includes the USA.
Where personal information is transferred to and stored in a country not determined by the European Commission as providing adequate levels of protection for personal information, XPEL takes the necessary steps to provide appropriate safeguards to protect your personal information.
If you want further information on the specific mechanism used by XPEL when transferring your personal information out of the EEA, please contact us using the contact information in the Contact Information section.
SENSITIVE CATEGORIES OF PERSONAL DATA
As your employer, XPEL has a legitimate interest and, in some instances, a legal obligation to process certain sensitive categories of data about you. This can include, but is not limited to, information about your racial or ethnic origin, health information, or union membership.
Where such information is collected, XPEL will do so in accordance with applicable law. XPEL will only request and process the minimum necessary for the specified purpose and ensure that the required protective measures and security are placed on all such sensitive categories of data.
LODGING A COMPLAINT
XPEL only processes your personal information as described in this Privacy Notice and in accordance with applicable data privacy/protection laws. If, however, you wish to raise a complaint regarding the processing of your personal data or are unsatisfied with how we have handled your information please contact us as provided in the Contact Information section.
Employees in the European Union also have the right to complain to your local Data Protection Authority. A full list of National Data Authorities can be found here: https://edpb.europa.eu/about-edpb/board/members_en.