Artificial Solutions Employee Privacy Notice

ARTIFICIAL SOLUTIONS has prepared this Employee Privacy Notice (“Notice“) to be provided to its employees. In connection with your employment, we have to process your personal data. The purpose of this Notice is to give you information about how Artificial Solutions collects, processes, stores and otherwise uses information about you, and your rights in relation to that information.

When we say “Artificial Solutions”, “we” or “us” in this document, we mean your employing company, the entity with which you have an employment contract. In addition, you will see a number of references to the “Artificial Solutions Group”, which includes all other Artificial Solutions entities globally, details of these can be found in Annex 1. As with many other Artificial Solutions Group policies, this document is not part of your contract of employment, and we may update it from time to time, for example if we implement new systems or processes that involve the use of personal data. When the new purposes or processing activities require your consent, we will ask for it by notifying the new version and asking for your specific consent.

Artificial Solutions needs to process your personal data to enter into our contract of employment with you and to continue to perform crucial aspects of your contract of employment such as manage your payroll, insurance and providing you with benefits. There are also statutory requirements and other contractual requirements we have to comply with in relation to your employment as well as business and operational needs we have to meet. If we are not able to carry out the processing activities we describe in this Notice we may not be able to comply with your contract of employment, and in certain very exceptional cases, may not be able to continue your employment. Of course, we hope it would never come to that, and this is simply information we are required by law to provide to you as part of this Notice.

In certain circumstances we may need to ask for your specific consent to process your personal data in a particular way. Where we do so, you will be entitled to withdraw your consent at any time by contacting us as set out at the end of this Notice. However, in most cases we will process your personal data for the reasons set out in this Notice and it won’t be necessary for you to provide consent.

In this Notice you will see reference to “GDPR”, that refers to the European Union General Data Protection Regulation which governs the rights of residents in the EEA and EU country members in relation to personal data, and how organisations should protect it. Even if you are not a resident in any of the countries where GDPR applies, Artificial Solutions Group will take all measures to assure the same level of protection of your personal data.

What categories of personal data does Artificial Solutions Group collect about me and why does Artificial Solutions Group use it?

“Personal data” means any information relating to you. Artificial Solutions Group will collect, process and use the following categories and types of personal data about you:

  • Identification data, such as your name, signature, employee/Staff ID, your photo, payroll ID, business email address, business address, business landline, citizenship, passport/ID data, drivers’ licence information and national insurance number, visa or working permit identification.
  • Personal information, such as your date and place of birth, emergency contact details, next of kin details, gender, details of family members (in relation to health insurance).
  • Contact details, such as your home address, telephone number and email address.
  • Information about your job, such as your position, business title, employee type, management level, time type (full or part time and percentage), default weekly working hours, scheduled working hours, working time information, work location, division, department, position level, manager (name & ID), support roles, start and end date, contract status reference, job history (including position history, title history, effective dates and past pay groups), education history and qualifications, worker history (including log-files of changes in HR databases) and reason for leaving.
  • Information about your salary and benefits, such as your basic salary, bonus and commission entitlements, raise amounts and percentages, allowances, insurance benefits (including information about you and your dependants that we provide to the insurer), pension plans, tax code, your bank account details and payment dates, accrued salary information, information relating to your pension.
  • Information about your equity compensation, such as units of stock or directorships held, details of all restricted stock units or any other entitlement to shares of stock awarded, cancelled, exercised, vested, unvested or outstanding in your favour.
  • Performance and disciplinary information, such as performance reviews, evaluations and ratings, information about disciplinary allegations (including customer complaints), the disciplinary process and any disciplinary warnings, details of grievances and any outcome.
  • Absence information, such as dates of leave of absence/vacation, maternity/paternity/shared parental leave, confirmation of a birth of a child, training/educational leave, family care leave, medical leave; and
  • Organisational data including IDs for IT systems, company details, cost centre allocations and organisations.

together “Employee Data“.

We collect and use this Employee Data for a variety of reasons linked to your employment. To help clarify these we have set out below a list of reasons why we collect and use this data (the “Processing Purposes“) along with examples of some of the Employee Data used for each of the Processing Purposes:

  • Administering and providing compensation, including payroll, expenses, bonus, stock options, and other applicable incentives which involves the processing of identification data, contact details, information about your job, salary and benefits and equity compensation, performance and disciplinary information; absence information and organisational data.
  • Administering and providing applicable benefits and other work-related allowances, including reporting of benefit entitlements and take-up of benefits which involves the processing of identification data, contact details, information about your job, salary and benefits [and equity compensation, performance and disciplinary information; absence information and organisational data.
  • Administering our workforce and managing the employment relationship including managing work activities, tracking working hours, tracking internet, email and telephone usage, providing performance evaluations and promotions, producing and maintaining corporate organisation charts, entity and intra-entity staffing and team management, managing and monitoring business travel, carrying out workforce analysis, conducting talent management and career development, leave management/approvals, providing references, and administering ethics and compliance training which involves the processing of identification data, contact details, information about your job, salary and benefits and equity compensation, performance and disciplinary information; absence information; organisational data; and recruitment for other roles both during and after the end of your employment.
  • Providing IT systems and support to enable you and others to perform their work, to enable our business to operate, and to enable us to identify and resolve issues in our IT systems, and to keep our systems secure which involves processing almost all categories of Employee Data.
  • Complying with applicable laws, regulatory, and employment-related requirements along with the administration of those requirements, such as income tax, national insurance deductions, health and safety, employment and immigration laws, which involves the processing of identification data, contact details, information about your job, performance and disciplinary information; absence information and organisational data.
  • Monitoring and ensuring compliance with applicable policies and procedures and laws, including conducting internal investigations, which involves the processing of identification data, contact details, information about your job, salary and benefits and equity compensation, performance and disciplinary information; absence information and organisational data.
  • Communicating with you, other Artificial Solutions Group employees and third parties (such as existing or potential business partners, suppliers, customers, end-customers or government officials), exit interviews and future job opportunities, which involves the processing of identification data, contact details, information about your job and organisational data.
  • Communicating with your designated contacts in the case of an emergency which involves the processing of contact details, information about your job and organisational data.
  • Responding to and complying with requests and legal demands from regulators or other authorities in or outside of your home country which involves the processing of identification data, contact details, information about your job, salary and benefits and equity compensation, performance and disciplinary information; absence information and organisational data.
  • Complying with corporate financial and regulatory responsibilities, including audit requirements (both internal and external) and cost/budgeting analysis and control which involves the processing of identification data, contact details, information about your job, salary and benefits and equity compensation, performance and disciplinary information; absence information and organisational data.

In addition to the collection, processing and use of the Employee Data, Artificial Solutions Group collects, processes and uses the following special categories of personal information about you which we describe as “Sensitive Employee Data“:

  • Health and medical data, such as the number of sick days and the information contained in a doctor’s certificate/medical certificate for purposes of salary payment, workforce planning, and compliance with legal obligations; information on work-related accidents for purposes of insurance compensation, work safety and compliance with legal obligations (such as reporting obligations); information on disability for purposes of accommodating the work place and compliance with legal obligations; information on maternity leave for purposes of workforce planning and compliance with legal obligations.
  • Criminal records data, in the event that Artificial Solutions Group has conducted or received the results of criminal records background checks in relation to you, where relevant and appropriate to your role.
  • Race or ethnicity data such as information contained in your passport or other citizenship and right to work documentation or information collected for visa and immigration purposes, and information which you have voluntarily provided to Artificial Solutions Group for the purposes of our equal opportunities and diversity monitoring and initiatives.
  • Sexual orientation data such as marital status and information contained in your marriage/civil partnership certificate for the purpose of administering name changes, and where this has been provided voluntarily to Artificial Solutions for the purposes of our equal opportunities and diversity monitoring and initiatives.

Why does Artificial Solutions need to collect, process and use my Employee Data and Sensitive Employee data?

Both the Employee Data and Sensitive Employee Data are needed by Artificial Solutions to carry out a variety of activities that are linked to your employment and Artificial Solutions compliance with its obligations as a result of employing you and as a technology business.

We are required to explain to you the legal bases for our collecting, processing and use of your Employee Data and Sensitive Employee Data. We have a number of these, so please bear with us, and to make sure you have the full picture we have listed them all below:

For Employee Data, our legal bases are:

  • performance of the contract of employment with you; compliance with legal obligations, in particular in the area of labour and employment law, social security and protection law, data protection law, tax law, and corporate compliance laws; the legitimate interests of Artificial Solutions Group, affiliates or other third parties (such as existing or potential business partners, suppliers, customers, end-customers or governmental bodies or courts); your consent, where that is appropriate, meets the requirements of data protection law and has been separately obtained; protection of vital interests of you or of another individual; performance of a task carried out in the public interest or in the exercise of official authority vested in Artificial Solutions Group.

For Sensitive Employee Data, our legal bases are:

  • explicit consent as allowed by local data protection law; to carry out the obligations and to exercise the specific rights of Artificial Solutions Group or you in the field of employment and social security and social protection law as permitted by local data protection law and/or a collective agreement; to protect the vital interests of you or of another individual where you are physically or legally incapable of giving consent; public data as made public manifestly by you; to establish, exercise or defend a legal claims or whenever courts are acting in their judicial capacity; for substantial public interest as permitted by local data protection law; for assessment of the working capacity of the employee as permitted by local data protection law.

We appreciate that there is a lot of information there, and we want to be as clear with you as possible over what this means. Where we talk about legitimate interests of Artificial Solutions Group or third parties, this can include:

  • Management of employment relations including performance, disciplinary and grievance issues.
  • Assessing your suitability for other roles within Artificial Solutions Group.
  • Allocating resource and monitoring workload.
  • Protecting your health and safety in the workplace.
  • Implementation and operation of a group-wide organisational structure and group-wide information sharing.
  • Right to freedom of expression or information.
  • Customer Relationship Management and other forms of marketing;
  • Prevention of fraud, misuse of company IT systems, or money laundering.
  • Operation of a whistleblowing scheme.
  • Physical security, IT and network security.
  • Internal Investigations.
  • Proposed mergers and acquisitions.

When relying on the legitimate interests’ basis for processing your personal data, we will balance the legitimate interest pursued by us and any relevant third party with your interest and fundamental rights and freedoms in relation to the protection of your personal data to ensure it is appropriate for us to rely on legitimate interests and to identify any additional steps we need to take to achieve the right balance.

Got it – but who might Artificial Solutions share my personal information with?

As you know, we are part of the global Artificial Solutions Group, and several entities in this group are involved in the Processing Purposes. To ensure that the Processing Purposes can be completed, your information may be shared with any of the entities within the Artificial Solutions Group network. Where we do share data in this way, however, it is our policy to limit the categories of individual who have access to that personal information.

Artificial Solutions Country legal entities may transfer personal data to third parties, including to entities within and outside the Artificial Solutions Group located in any jurisdictions where Artificial Solutions Group entities are located, for the Processing Purposes as follows:

  • Within the Artificial Solutions Group.  As your Artificial Solutions employing entity is part of a wider group headquartered in Sweden with offices located across the globe, which all partially share management, human resources, legal, compliance, finance and audit responsibility, Artificial Solutions legal entities may transfer the Employee Data and Sensitive Employee Data to, or otherwise allow access to such data by other entities within the Artificial Solutions Group, which may use, transfer, and process the data for the following purposes: to maintain and improve effective administration of the workforce; to communicate information about the Artificial Solutions Group; to maintain a corporate directory; to maintain IT systems; to monitor and assure compliance with applicable policies and procedures, and applicable laws; and to respond to requests and legal demands from regulators and other authorities.
  • Communication with third parties.  As necessary in connection with business operations, work contact details and communication contact details may be transferred to existing or potential business partners, suppliers, customers, end-customers or government officials and other third parties.
  • Regulators, authorities, and other third parties.  As necessary for the Processing Purposes described above, personal information may be transferred to regulators, courts, and other authorities (e.g., tax and law enforcement authorities), independent external advisors (e.g., auditors), insurance providers, pensions and benefits providers, internal compliance and investigation teams (including external advisers appointed to conduct internal investigations).
  • Acquiring entities.  If the Artificial Solutions Country legal entities business for which you work may be sold or transferred in whole or in part (or such a sale or transfer is being contemplated), your personal data may be transferred to the new employer or potential new employer as part of the transfer itself or as part of an initial review for such transfer (i.e. due diligence), subject to any rights provided by applicable law, including jurisdictions where the new employer or potential new employer are located.

Data processors.  As necessary for the Processing Purposes described above, personal data may be shared with one or more third parties, whether affiliated or unaffiliated, to process personal information under appropriate instructions (“Data Processors“). The Data Processors may carry out instructions related to workforce administration, IT system support and maintenance, payroll and compensation, training, compliance, and other activities, and will be subject to contractual obligations to implement appropriate technical and organisational security measures to safeguard the personal information, and to process the personal information only as instructed.

Artificial Solutions GermanySaborowski-gmbh
Artificial Solutions SpainMartinez Monche (payroll provider) Cigna (health insurance) Cobee (flexible compensation) MC (labour accidents insurance)
Artificial Solutions IncADP (payroll provider) Frank Rimerman (payroll) Zenefits, Anthem and Kaiser (benefits) Guideline (401K plan) Trakstar Papaya
Artificial Solutions ScandinaviaMazars (payroll provider), Avanza Pension Plan

As you may expect, some of the recipients we may share Employee Data and Sensitive Employee Data with may be located in countries outside of Europe. In some cases, this may include countries located outside the European Union and/or European Economic Area (“EAA”), and in particular this will include countries throughout the Americas where the Artificial Solutions Group operates.

Some countries where recipients may be located already provide an adequate level of protection for this data (e.g. Canada), and transfers to other countries such as the USA may be protected under arrangements such as the EU-US Privacy Shield. Nonetheless, for transfers to Artificial Solutions Group outside of the EEA, Artificial Solutions Country legal entities will be bound by the EU Standard Contractual Clauses pursuant to Article 46(2)(c) GDPR, which the European Commission has assessed as providing an adequate level of protection for personal data, to ensure that your data is protected adequately.

If recipients are located in other countries without adequate protections for personal data, Artificial Solutions Group will take all necessary measures to ensure that transfers out of the EEA are adequately protected as required by applicable data protection law. This will include using appropriate safeguards such as the EU Standard Data Protection Clauses. You can ask for a copy of the such appropriate safeguards by contacting us as set out below (Who can I contact about this stuff?).

How long will Artificial Solutions keep my personal information for?

It is our policy not to keep personal information for longer than is necessary. We may, for example, keep your personal information for a reasonable time after you have left to ensure that Artificial Solutions Group has the records it needs in the event of a dispute or regulatory investigation and to ensure that any ongoing obligations can be complied with, such as complying with requests from regulators, and to contact you about future work opportunities at Artificial Solutions Group. Where personal information is kept, that period will be determined based on the applicable local law.  For further information, please refer to the Artificial Solutions’ Data Retention Policy or contact us as set out below to request further details on how long Artificial Solutions Group will retain different categories of personal information.

What rights do I have in respect of my personal information?

You have a number of rights in relation to your Employee Data and Sensitive Employee Data.  These can differ by country, but can be summarised in broad terms as follows:

(i) Right of access

You have the right to confirm with us whether your personal data is processed, and if it is, to request access to that personal data including the categories of personal data processed, the purpose of the processing and the recipients or categories of recipients. We do have to take into account the interests of others though.

(ii) Right to rectification

If your information is incomplete or inaccurate, please contact us. Unless we need to retain such data to comply with a legal obligation or to establish, exercise or defend legal claims. Bear in mind we cannot warranty accuracy of your personal data unless you provide us with the correct information.

(iii) Right to erasure (right to be forgotten)

If you would like us to delete your information, please contact us using the details set out below. Unless we need to retain such data to comply with a legal obligation or to establish, exercise or defend legal claims.

(iv) Right to restriction of processing

In limited circumstances, you may have the right to request that we restrict processing of your personal data, however where we process Employee Data and Sensitive Employee Data for the Processing Purposes we think that we have a legitimate interest in processing which may override a request that you make.

(v) Right to data portability

You may have the right to receive personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format and you may have the right to transmit that data to another entity.

(vi) Right to object and rights relating to automated decision-making

Under certain circumstances you may have the right to object, on grounds relating to your particular situation, at any time to the processing of your personal data, including profiling, by us and we can be required to no longer process your personal data. this may include requesting human intervention in relation to an automated decision so that you can express your view and to contest the decision.

To exercise any of these rights, please contact us as stated below (Who can I contact about this stuff?).

You also have the right to lodge a complaint with the competent data protection supervisory authority.  Please find in the link below your National Data Protection Authority contact details. http://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm

Who can I contact about this stuff?

If you have concerns or questions regarding this Notice or if you would like to exercise your rights as a data subject, you can contact us here:

LegalCompliance@artificial-solutions.com or As-Hr@artificial-solutions.com