Securitas Security Services USA Inc.

Global Employee Privacy Notice

Last Updated:February 10, 2021

1. Introduction

Securitas USA, Inc. and its group of companies ("SUSA", "We", “Our”, or "Us") have issued this Global Employee Privacy Notice to describe how We handle personal information that We collect about Our employees (collectively referred to as "You"). The term "employee" includes employees, directors, officers and Board members of SUSA as well as those who work on a non-permanent basis, including contingent workers, temporary and contract workers, independent contractors, and interns.

We respect the privacy rights of individuals and are committed to handling personal information responsibly and in accordance with applicable law. This Notice sets out the personal information that We collect about You, the purposes of the collection, and Your related rights.

If You have any doubts regarding the applicable standards, or any comments or questions about this Notice, please contact Us as directed in the “Contact Details” section below.

2. Types of Personal Information We Collect

In the course of Your employment at SUSA, We may collect personal information about You and Your dependents, beneficiaries and other individuals whose personal information has been provided to Us in connection with your employment with Us.

The types of personal information We may collect include, but are not limited to:

• Identification data–such as Your name, gender, photograph, date of birth, employee ID.
• Contact details–such as home and business address, telephone/email addresses, emergency contact details.
• Employment details–such as job title/position, office location, employment contract, performance and disciplinary records, grievance procedures, sickness/holiday records.
• Background information–such as academic/professional qualifications, education, curriculum vitae/résumé, criminal records data (for verification purposes, where permissible and in accordance with applicable law).
• National identifiers–such as national ID/passport, immigration/visa status, social security numbers (U.S. only).
• Marital Status, and spouse, beneficiary, & dependents’ information necessary to administer benefits to You and Your beneficiaries.
• Financial information–such as banking details, tax information, payroll information, withholdings, salary, benefits, expenses, company allowances, stock and equity grants.
• IT information – information required to provide access to SUSA IT systems and networks such as IP addresses, log files, login information, and software/hardware inventories. For further information on how IT information is processed, please see Our “Monitoring” section below.
• Health information – such as information about short- or long-term disabilities or illnesses that you might share with your HR department or manager, particularly in relation to any leave of absence you may need to take.
• Other information you choose to share with us – e.g. hobbies, social preferences, etc.

Sensitive Personal Information (defined below) may be included in the above types of personal information We may collect.  Sensitive personal information includes any information that reveals Your racial or ethnic origin, religious, political or philosophical beliefs, genetic data, biometric data for the purposes of unique identification, trade union membership, or information about Your health/sexual orientation ("Sensitive Personal Information"). As a general rule, We try not to collect or process any Sensitive Personal Information about You, and this information, when collected, is generally done so on a voluntary consensual basis, and employees are not required to provide this information, unless authorized by law or where necessary to comply with applicable laws. However, in some circumstances, We may need to collect, or request on a voluntary disclosure basis, some Sensitive Personal Information for legitimate employment-related purposes: for example, information about Your racial/ethnic origin, gender and disabilities for the purposes of equal opportunities monitoring, to comply with anti-discrimination laws and for government reporting obligations; or information about Your physical or mental condition to provide work-related accommodations, health and insurance benefits to You and Your dependents and other beneficiaries, or to manage absences from work.

If You are a contingent worker, the type of personal information We collect is limited to that needed to manage Your particular work assignment with SUSA.

Most often, the personal information We collect from employees is collected from them directly. In some

cases, We may collect personal information about employees from third parties, for example, when We perform background checks that are necessary for the role to be performed by the employee. In most circumstances, We will get Your permission before We collect personal information about You from a third party.

If We ask you to provide any other personal information not described above, then the personal information We will ask you to provide, and the reasons why we ask you to provide it, will be made clear to you at the time we collect it.

3. Purposes for Collecting Personal Information

1. Employment or Work Related Purposes

We process and collect Our employees’ personal information through a universal human resources system ("HR System"), which is a tool that helps Us to administer HR and employee compensation and benefits at an international level and which allows employees to manage their own personal information in some cases. This will involve transferring Your personal information to Our servers in the United States. SUSA may host these servers or utilize third-party servers, but in either case will be responsible for the security access of personal information in the HR System.

SUSA physically and electronically monitors its offices, and use of Our IT and communications systems, for specific purposes. For example, We may monitor employees’ activity and presence in Our offices with badge readers, sign-in sheets, and surveillance cameras. We generally do these things to prevent unauthorized access to Our offices and to protect employees, authorized visitors, and Our property.

SUSA may also monitor or record activity on Our IT and communications systems and network, such as internet traffic, website filtering, email communications or systems accessed. More information about such monitoring is available in the SUSA Acceptable Usage, Electronic Communications, and Security Awareness Policy, SUSA Account Management Policy, SUSA Mobile Device Policy, SUSA IT Exceptions Policy, SUSA Logging and Monitoring Policy, and the SUSA Workstation Security Policy.

Where permitted by law, We may also carry out monitoring for other purposes such as:

• Proof of business transactions and archiving;
• Training and evaluation of employees;
• Protection of confidential information, intellectual property and other business interests;
• To investigate breaches of SUSA policies and procedures, or other unlawful or improper acts;
• For compliance with a legal obligation;
• Other legitimate purposes as permitted by applicable law.

In the process of monitoring SUSA’s offices, systems, network and work-related activities, We may come across employees’ personal information. Monitoring will be done in a manner that is proportionate and only as required or permitted by applicable law. SUSA will always strive to respect employees' reasonable privacy expectations.

Lastly, We want you to be aware that all SUSA employee work product as well as tools used to generate that work product, wherever stored, belongs to SUSA and We may review and monitor it for the purposes described above.

2. SUSA Global Directory

We maintain a global directory of employees which contains Your professional contact details (such as Your name, location, photo, job title and contact details). This information will be available to everyone in SUSA to facilitate global cooperation, communication and teamwork.

3. Other Legitimate Business

We may also collect and use personal information when it is necessary for other legitimate purposes, such as to help Us conduct Our business more effectively and efficiently – for example, for general HR resourcing on a global level, IT security/management, accounting purposes, or financial planning. We may also use Your personal information to investigate violations of law or breaches of Our own internal policies.

4. Law-Related Purposes

We also may use Your personal information where We consider it necessary for complying with laws and regulations, including collecting and disclosing employee personal information as required by law (e.g. for tax, health and safety, anti-discrimination laws), under judicial authorization, or to exercise or defend the legal rights of SUSA.

4. Who We Share Your Personal Information With

We take care to allow access to personal information only to those who require such access to perform their tasks and duties, and to third parties who have a legitimate purpose for accessing it. Whenever We permit a third party to access personal information, We will implement appropriate measures to ensure that access is appropriately limited, that the information is used in a manner consistent with this Notice and that the security and confidentiality of the information is maintained.

1. Transfers to Other Group Companies

As mentioned above, We will share Your personal information with other members of the SUSA group of companies around the world as necessary to administer human resources, employee compensation and benefits at an international level on the HR System, as well as for other legitimate business purposes such as IT services/security, tax and accounting, and general business management.

2. Transfers to Third Party Service Providers

In addition, We make certain personal information available to third parties who provide services to Us. We do so on a "need to know basis" and in accordance with applicable data privacy law.

For example, some personal information will be available to Our employee stock and benefit plans service providers and third-party companies like Oracle, AWS, ADP, Certify, and Aetna who provide Us with support for handling Our payroll, expense processing and reimbursement, medical insurance benefits, and travel management services.  

Our written agreements with these service providers prohibit them from using or disclosing the information We provide to them for any purpose other than performing the services specified in Our agreements.

3. Transfers to Other Third Parties

We may also disclose personal information to third parties on other lawful grounds, including:

• To comply with Our legal obligations, including where necessary to abide by law, regulation or contract, or to respond to a court order, administrative or judicial process, including, but not limited to, a subpoena, government audit or search warrant.
• In response to lawful requests by public authorities (including for national security or law enforcement purposes).
• As necessary to establish, exercise or defend against potential, threatened or actual litigation.
• Where necessary to protect the vital interests of another person
• In connection with the sale, assignment or other transfer of all or part of Our business.
• With Your consent.

5. Transfer of Personal Information Abroad

As We operate at a global level, We may need to transfer personal information to countries other than the ones in which the information was originally collected, including to Our headquarters in the U.S., and wherever Our affiliates and service providers may have operations. These countries may not have data protection laws that are as protective as those in Your own country.

When We export Your personal information to a different country, We will take steps to ensure that such data exports comply with applicable laws. For example, where We transfer personal information between Our European and U.S. group entities, We utilize transfer agreements which are executed between Our group entities. If You would like to obtain a copy of these standard contractual clauses, please feel free to contact Us using the contact details below. 

6. Data Retention Periods

Personal information will be stored in accordance with Our then-current Records Retention and Destruction Policy and applicable laws and kept as long as needed to carry out the purposes described in this Notice or as otherwise required by applicable law. Generally, this means Your personal information will be retained until the end or Your employment, employment application, or work relationship with Us plus a reasonable period of time thereafter to respond to employment or work-related inquiries or to deal with any legal matters (e.g., judicial or disciplinary actions), document the proper termination of Your employment or work relationship (e.g., to tax authorities), or to provide You with ongoing pensions or other benefits.

7. Security of Personal Information

We use appropriate technical and organizational security measures to protect the security of Your personal information both online and offline including the implementation of access controls, implementation of firewalls, network intrusion detection and use of anti-virus software. Please note that no system is completely secure. So, while we strive to protect Your personal information, we cannot guarantee that unauthorized access, hacking, data loss or a data breach will never occur

8. Updating and Accessing Personal Information

We offer various self-help tools that will allow You to see and/or update certain of Your personal information in Our records. It is important that the information contained in Our records is both accurate and current. If Your personal information changes during the course of your employment, please use these self-help tools to update that information, where available, or let the HR department know of those changes.

9. Updates to this Notice

This Notice may be updated periodically to reflect any necessary changes in Our privacy practices. In such cases, We will update this Notice and indicate at the top of the Notice when it was most recently updated. We encourage You to check periodically in order to be aware of the most recent version of this Notice.

10. Contact Details

Please address any questions or requests relating to this Notice to privacyrequests@securitasinc.com or You can raise any concerns with Your manager or the HR department. Alternatively, You can contact Our Data Protection Officer (DPO) at privacyrequests@securitasinc.com.