Effective Date: May 4, 2021 — Last Reviewed: March 18, 2022
Sharethrough is committed to protecting the privacy and security of your personal information. This Employee Privacy Notice (the “Privacy Notice”) describes how Sharethrough and its subsidiaries, affiliates, and related entities (collectively, “Sharethrough,” “we,” or “us”) collect and process personal information about you during the application and recruitment process, and about you during and after your employment. This privacy notice applies to employees located in the United Kingdom (“UK”), Europe and the United States, including those in California in accordance with the California Consumer Privacy Act of 2018 (“CCPA”).
This Privacy Notice describes the categories of personal information that we collect, how we use your personal information, how we secure your personal information, when we may disclose your personal information to third parties, and when we may transfer your personal information outside of your home jurisdiction. This Privacy Notice also describes your rights regarding the personal information that we hold about you including how you can access, correct, and request erasure of your personal information.
We will only process your personal information in accordance with this Privacy Notice unless otherwise required by applicable law. We take steps to ensure that the personal information that we collect about you is adequate, relevant, not excessive, and processed for limited purposes.
Sharethrough and its subsidiaries, affiliates, and related entities are joint controllers of the personal information we hold about you before, during or after your employment. Sharethrough has appointed a Data Protection Officer (DPO) and a representative in the European Union.
Sharethrough, its Data Protection Officer, and its representative may each be contacted in any manner set forth below in the “Contact Information” Section of this Privacy Notice.
Within the context of your role as an employee or prospective employee, we will collect information that identifies, relates to, describes, references, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or device (“personal information”).
Personal information does not include certain information excluded from the applicable data privacy laws’ scope, such as:
To carry out our activities and obligations as an employer or potential employer, we may collect, store, and process the following categories of personal information which, unless otherwise noted below, we require for the purpose of administering the employment relationship with you and considering you for employment at Sharethrough:
In addition to the above, we may also receive information from background checks, phone screening, and interviews, including information from you or other third parties. This type of information may include the above categories or different categories as determined by the provider of such information.
We only process your personal information where applicable law permits or requires it, including where the processing is necessary for the performance of our employment contract with you, where the processing is necessary to comply with a legal obligation that applies to us as your employer, for our legitimate interests or the legitimate interests of third parties, to protect your vital interests, or with your consent if applicable law requires consent.
We may process your personal information for the following business or commercial purposes and for the purposes of performing the employment contract with you:
Sharethrough will not collect additional categories of personal information or use the personal information we collected for materially different, unrelated, or incompatible purposes without providing you notice. If we need to process your personal information for a different, unrelated, or incompatible purpose, we will provide notice to you and, if required by law, seek your consent. We may process your personal information without your knowledge or consent only where required by applicable law or regulation.
We will only disclose your personal information to third parties where required by law or to our employees, contractors, designated agents, or third-party service providers who require such information to assist us with administering the employment relationship with you, including third-party service providers who provide services to us or on our behalf.
Third-party service providers may include, but are not limited to, payroll processors, benefits administration providers, and data storage or hosting providers. These third-party service providers may be located outside of your home jurisdiction.
We require all our third-party service providers, by written contract, to implement appropriate security measures to protect your personal information consistent with our policies and any data security obligations applicable to us as your employer. We do not permit our third-party service providers to process your personal information for their own purposes. We only permit them to process your personal information for specified purposes in accordance with our instructions.
We maintain a list of third-party service providers to which your personal information could be transferred in the course of your employment. The list is available upon request.
We may also disclose your personal information for the following additional purposes where permitted or required by applicable law:
Where permitted by applicable law, we may transfer the personal information we collect about you to the United States, Canada and other jurisdictions that may not be deemed to provide the same level of data protection as your home country, as necessary to perform our employment contract with you and for the purposes set out in this Privacy Notice.
We have implemented appropriate privacy protection mechanisms as required by law to secure the transfer of your personal information to the United States and other jurisdictions.
We have implemented appropriate physical, technical, and organizational security measures designed to secure your personal information against accidental loss and unauthorized access, use, alteration, or disclosure.
In addition, we limit access to personal information to those employees, agents, contractors, and other third parties that have a legitimate business need for such access.
In case of a personal information breach, we will take all steps to fix it, including to report it as required by applicable laws and regulations, minimise any harmful effects on you, stop it from continuing, and prevent it from happening again.
Except as otherwise permitted or required by applicable law or regulation, we will only retain your personal information for as long as necessary to fulfill the purposes we collected it for, as required to satisfy any legal, accounting, or reporting obligations, or as necessary to resolve disputes.
Except as otherwise permitted or required by applicable law or regulation, we will only retain your personal information for as long as necessary to fulfill the purposes we collected it for, as required to satisfy any legal, accounting, or reporting obligations, or as necessary to resolve disputes. To determine the appropriate retention period for personal information, we consider our statutory obligations, the amount, nature, and sensitivity of the personal information, the potential risk of harm from unauthorized use or disclosure of your personal information, the purposes we process your personal information for, and whether we can achieve those purposes through other means.
If you are hired, we generally keep your personal information as part of your employee file for the duration of your employment plus three (3) years, unless we are otherwise required to keep it longer by law.
If you are not hired, we generally keep your information for three (3) years after the decision has been made to provide you an opportunity to seek information about the recruitment process and in case similar role becomes vacant for which you will be a fitting candidate. We may also retain your information longer so we can show, in the case of a legal claim, that we have not discriminated against candidates on prohibited grounds and that we have conducted the recruitment process in a fair and transparent way.
Under some circumstances we may anonymize your personal information so that it can no longer be associated with you. We reserve the right to use such anonymous and de-identified data for any legitimate business purpose without further notice to you or your consent. Once you are no longer an employee of the company, we will retain and securely destroy your personal information in accordance with our document retention policy and applicable laws and regulations.
It is important that the personal information we hold about you is accurate and current.
Please keep us informed if your personal information changes during the application process or your employment. You may request access to or correct the personal information that we hold about you. If you want to review, verify, or correct your personal information, please contact us at dataprotection@sharethrough.com. Any such communication must be in writing.
Applicable law may allow or require us to refuse to provide you with access to some or all of the personal information that we hold about you, or we may have destroyed, erased, or made your personal information anonymous in accordance with our record retention obligations and practices. If we cannot provide you with access to your personal information, we will inform you of the reasons why, subject to any legal or regulatory restrictions.
We reserve the right to update this Privacy Notice at any time, and we will provide you with a new Privacy Notice when we make any updates.
If we would like to use your previously collected personal information for different purposes than those we notified you about at the time of collection, we will provide you with notice and, where required by law, seek your consent, before using your personal information for a new or unrelated purpose. We may process your personal information without your knowledge or consent only where required by applicable law or regulation.
If you have any questions about our processing of your personal information or would like to make an access or other request, please contact us through your local human resources office (if you have one), or at the contact information below.
To Contact Sharethrough (Controller)
Sharethrough
5455 Gaspe Avenue, Suite 730
Montreal, Quebec, H2T 3B3
Canada
Attn: Legal & Compliance Team
Email: dataprotection@sharethrough.com
To Contact our Data Protection Officer
Chantal Bernier
99 Bank Street
Suite 1420
Ottawa, Ontario K1P 1H4
Canada
+1 (613) 783-9600
Email: chantal.bernier@dentons.com
To Contact our local EU Representative
Dr. Christian Schefold
Sharethrough Inc.
Dentons GmbH
Markgrafenstraße 33
10117 Berlin
Germany
Email: representation.sharethrough.europe@dentons.com