Data Protection Policy

1. Overview

2. Objective

This Policy does not form part of any contract of employment. It may be amended or withdrawn at anytime. If we modify this Policy, modified versions will be made available upon request. We encourage you to regularly review this Policy to ensure that you are always aware of the personal information we collect in respect of you and how we use and otherwise process it.

The purpose of this Policy is to describe how Aliz collects, uses and otherwise processes personal information about you during and after your relationship with us, in accordance with the General Data Protection Regulation (‘GDPR’) and other applicable laws.

3. Scope

This Policy applies to all Aliz employees (current and former), interns and dependents, as well as job applicants, visitors, users of websites, clients, suppliers and other contractors and any individual acting on their behalf to the extent that their personal information is collected, used and otherwise processed in European countries.* When we refer to “Aliz”, “we” or “us” in this Policy, we are referring to entities within our group now and in the future.

It is important that you read this Policy, together with any other policies or notices that Aliz may provide to you when it collects or processes personal information about you, so that you are aware of how and why Aliz uses such information. In particular, if you are employed to work in a country outside of Europe, this Policy should be read in conjunction with any local policy that sets out rules concerning the use of your personal information in that country. To the extent of any inconsistency, your local policy, or privacy documentation, will prevail. We also confirm that we only process information within Europe about employees who live in non-European countries to the extent that this is permitted by local law and in accordance with the requirements of Aliz’s regulators.

*Europe includes: Austria, Belgium, Bulgaria, Czech Republic, Denmark, Finland, France, Germany, Greece, Hungary, Italy, Ireland, Jersey, Luxembourg, Monaco, Netherlands, Norway, Poland, Portugal, Romania, Slovakia, Spain, Sweden, Switzerland and United Kingdom.

4. Owner

The owner of this Policy is the CEO of Aliz.

5. Effective date

This Policy is effective from 25 May 2018.

6. Aliz will process your personal information

7. What personal information does Aliz process?

Your “Personal Information” means any information about you as an individual (that Aliz collects, uses or otherwise processes) from which you are able to be identified.

Aliz will normally obtain your Personal Information directly from you in the course of your relationship (mostly during onboarding/visiting and on or about the time that you commence your employment or other form service provision with us, but also throughout the duration of the relevant relationship). In some cases, this Personal Information may also be obtained from third parties such as from references or certain background screening information. In addition, we will receive Personal Information about you from your manager and other Aliz employees as well as our vendors and suppliers where relevant.

When you work or apply to work for Aliz in any form or you contact or visit Aliz for any reason whatsoever, we will collect a range of Personal Information about you, subject to the particular features of the relationship between you and Aliz and in accordance with any applicable local legal requirements. Aliz will at all times strive to restrict the data collection to the necessary minimum level. The data collection may cover:

  • identification and administrative information, such as identity, name, surname, date and place of birth, national identification numbers (tax and social security), Aliz identification numbers, nationality, Citizenship, gender, marital status (and spouse/dependents details where relevant), home address, mother’s maiden name, personal telephone/mobile number and personal e-mail address;
  • passport or identity card to confirm right to work, or for employees who have reasons to travel or employees who are foreign nationals, work permits or visas;
  • if there is access to a car park, vehicle license plate number and parking space number and driver's license for employees who have a company car;
  • certain financial information such as bank or other financial account number (for direct deposit of pay), company credit card activity, event registrations and business expenses and reimbursement information;
  • information on work qualifications, such as competencies, education, history of previous work experience or career at Aliz group, job appraisals and performance reviews, job succession and talent management, service anniversaries, gratitude programs, performance, professional and personal development, promotions, skills and information relevant to our learning and development offerings and platforms, and employee network membership and events;
  • information on the job held, such as date and terms of employment, employment status or type of contract, employer, business unit, management/reporting structure, probation and probation periods, business sector, work address and telephone number, position, job title, function, level, user login ID and the nature of your obligations/duties;
  • the history of the employment relationship, such as history of job evaluations, history of positions held, seniority, past sanctions or other actions that have been taken against you;
  • if permitted in the country where you work, and provided that you volunteer to provide it, certain demographic information, including gender, ethnicity, sexual orientation and disability (see section 5 for further information);
  • information concerning your performance, conduct, disciplinary issues, grievances or ethics complaints (except anonymous complaints);
  • voluntary responses to engagement surveys, voice-of-the-employee, voice-of-the-client, demographic information or other reporting avenues (where not submitted anonymously);
  • absences (specifically vacations, authorised absences, family friendly leave, days of reduced work hours, work exemptions and other absences, including: reasons, rights to be absent and the duration of absences);
  • work hours, rotas and work schedules, building access badges, badge number and validity date, times of entry and building access points; photographs for ID or building access cards where applicable and photos of employees for the directory posted on the internal IT system;
  • business calendars, which can particularly indicate the dates, places and times of work, meetings, the topics or the persons present;
  • general information that we learn about you during our relationship;
  • information concerning your behavioural characteristics should you participate in personality or behavioural tests as part of team building, learning, development, coaching or leadership programmes, such information is only used for the purposes of such initiatives;
  • information about work email/voicemail (such as address books, email addresses, individual account information) and the company Intranet (internal administrative forms, organisational flowcharts, chartrooms, information forums), including information within any emails or other communications that you or our clients send to us or that you send to other employees, which use Aliz IT systems;
  • connection data and information about usage of various information systems or hardware made available by Aliz or to which Aliz provides access and information on entitlements to software, applications or hardware;
  • when using telephone services provided by Aliz, the telephone numbers called, the service used, the operator called, the nature of the call (in the form: local, regional, national, international), its duration, the date and time the call started and ended, any billing information (number of units, volume and nature of the information exchanged but excluding its content, and the cost of the service used, except where we are required to monitor the content of telephone calls, for example, to meet our regulatory requirements under the Market Abuse Regime, or for security or disciplinary purposes);
  • information about doctor's appointments (date of appointments, medical record of fitness or examination issued by the company doctor), but not other details of those appointments, unless we specifically ask you to share this information and you consent to sharing it with us (see section 5);
  • information about your health, including any medical condition, health and sickness records, but only to the extent necessary to assess fitness for work or to process sickness related benefits/entitlements or dietary requirements for events organised by Aliz (see section 5);
  • for particular individuals certain personal and financial information including but not limited to personal trading accounts or personal transactions (where you are covered by Aliz’s policies that restrict personal trading) and outside business activities, outside directorships, advisory board memberships, investor’s councils and industry trade association memberships;
  • information about compensation and compensation history, information about participation in employee savings plans (which can include health protection, income maintenance and supplemental pension plans), participation of all or some beneficiaries in social security benefits, participation in share-based compensation programs;
  • contact information of persons to be called in case of emergency and continuity of business situations, such as next of kin;
  • work accident and commuting accident claims as well as occupational illness claims made by employees;
  • information about illness/sick leave (primarily date stopped work, date returned to work and fitness for work to the extent legally permissible);
  • data recorded by video/telephone surveillance devices for security purposes;
  • information concerning you or other employees that is relevant to the safety and security of Aliz, our employees or third parties;
  • for those countries that have unions, staff delegations, works councils or other employee representative bodies, the following information, but only to the extent permitted by local laws or regulations: information on employee representative institutions and particularly information on election results (list of persons elected, trade-union positions held, number and percentage of votes obtained, identity of employees elected and trade-union membership), record of hours of work connected with such activities, information on meetings (meeting notices, preparatory documents, minutes of meetings), information on electoral rolls (identity, age, seniority, board, nature of position sought, trade-union membership) or to collect any fees where this must be managed by Aliz;
  • information concerning any future employment collected as part of exit interview processes and reasons for leaving Aliz; and
  • regarding food services, information for managing any amounts paid for by Aliz or to determine such amounts.

While the above list is detailed, it may not be an exhaustive list of all of the Personal Information that Aliz collects, uses or otherwise processes in the context of the employment relationship which may change from time to time.

8. How Aliz will use your personal information?

We will collect, receive, use, store and otherwise process your Personal Information (manually and electronically) during the course of our relationship and afterwards to comply with legal obligations or to otherwise carry out our legitimate business interests as an employer or a buyer or a service provider as the case may be and to fulfil our business interests and strategy connected with our relationship and in order to meet our regulatory requirements. We may in certain circumstances also process your Personal Information in order to perform our obligations under your employment contract. We will process your Personal Information to pursue our legitimate business interests (subject to any applicable local legal requirements), which includes the following:

  • general human resources, particularly administrative management (management of personnel record of employees, etc.);
  • management of compensation and payroll (salary, expenses, taxation, benefits in kind, bonuses, employee savings plans, participation in equity incentive programs, etc.), including deductions, enforcement of injunctions or garnishee orders affecting payments provided to you by Aliz;
  • management of employment contracts and service contracts, management and administration of employee mobility and expatriates, management of travel (particularly expenses and reports), management of Aliz equipment provided to employees (payment card, phones, laptops, badges, etc.);
  • management of careers and competencies (evaluations, validation of skills acquired and work experience), management and follow-up of job applications or for transfers or job applications internally within Aliz;
  • facilitating communication in the workplace, including through the use and management of internal directories and organisational flow charts, collaboration technologies, management of internal projects, management of work organisation and management of work elections;
  • to offer, process and provide benefits (such as health/disability insurance, pension, medical benefits, etc) to our employees at each location that Aliz operates and to administer benefits plans either within Aliz or together with any vendors/trustees that provide benefits to Aliz and our employees;
  • conducting talent and performance reviews, managing performance and determining performance requirements and to conduct salary reviews and make compensation decisions or to put in place performance improvement plans;
  • supporting our overall business priorities, by ensuring that we have employees with the right strategic talent capabilities to meet current and future business objectives;
  • for the purposes of grievance, disciplinary, ethics and internal/external regulatory matters, including processing in connection with any investigation, hearing, decision, sanction, remedial action, outcomes or consequential activity;
  • to inform and/or consult with employee representative bodies about various issues connected with the employment of Aliz employees, such as workforce or organisational changes, transfers, substantial changes to working conditions, individual dismissals, redundancies and other matters as required by Aliz policy or local legal requirements;
  • for planning, reassignments/transfers or restructuring decisions and to implement or to make decisions about whether particular individuals will continue to perform work for Aliz or to terminate, or to make arrangements to terminate, working relationships, including reduction in force or to transfer employees internally with Aliz or to third parties;
  • in connection with processes relating to the cessation of employment for any reason, including the provision of references to third parties and determining re-hire eligibility;
  • offering and providing education, learning, talent and development requirements, including to operate Aliz’s training platforms (training requests, organisation of sessions, training completed, evaluation of knowledge and training);
  • management and administrative activities, particularly as to budget, staffing, HR management, resource allocation, Aliz’s property, anti-fraud monitoring, client servicing, staff communication, maintaining business continuity and management of finance/tax/costs related to employees and business and operations, ensuring accuracy and authorized access to the data or for overall administrative and operational efficiency and effectiveness;
  • tracking and maintenance of IT infrastructure, management of data-processing directories for defining and providing authorisations to access applications and networks, implementing devices to make sure computer applications and networks are secure and running properly, management of work e-mail, intranet management and/or monitoring how information and communication systems are used to ensure compliance with our IT policies;
  • monitoring the activity of our employees in accordance with local regulatory requirements;
  • managing mailroom services, technology provisioning and service requests, telephone equipment allocations and maintaining telephone infrastructure, which includes managing the internal telephone directory (compiling, publishing and disseminating lists of names of telephone service users), technical management of internal voicemail, or control or even reimbursement of telephone service usage expenses (voice, data and SMS messages). Aliz may also record calls made via Aliz’s telephone systems for the purposes of training, quality control and as otherwise required to ensure compliance with legal and regulatory obligations. In countries where voice recordings are retained, they are done so in a secure place and are subject to controlled access;
  • ensuring network and information security, including preventing unauthorised access to our computer and electronic communications systems and preventing malicious software distribution;
  • in countries, where we are permitted to do so, operating videos/cameras in communal areas. Their purpose is to ensure the safety and security of Aliz premises and employees, workers and visitors, deter and detect crime, and to use as evidence of any act that is the subject of any investigation or disciplinary or grievance hearing. All videos/cameras recordings are retained in a secure place, subject to controlled access. Aliz may undertake additional monitoring and recording where required, provided that it is permitted by law. In addition, Aliz may monitor access to the entrance and interior of the Aliz premises, which are subject to traffic restrictions or for safety reasons;
  • management of schedules and time at work, including through systems such as the Aliz Time Management System, and managing work status (active, on leave, etc), planned or unplanned time off work, for example, holiday, family friendly or military or sickness absence and carers leave; or in order to assess fitness for work or to comply with health and safety obligations;
  • for Government and regulatory reporting or approvals where this is required in your home country, for example, to inform authorities that you have completed military service or in connection with your approval with any authority or any other case before court and all authorities.
  • dealing with legal disputes or prospective legal disputes involving you or which you are otherwise connected to, including accidents at work;
  • for assessing any actual or perceived conflict of interest in the event that a relative of yours is offered employment or moves roles at Aliz, provided that this is permitted in the location where you and your relative work;
  • in order to conduct data analytics and studies to better understand trends in our workforce such as retention or attrition rates and other compilation of statistics and lists of employees, for example, for gender or other equal opportunities reporting;
  • information concerning gender for the purpose of furthering Aliz’s diversity and equal opportunities policies and strategies, including reporting and anti-discrimination initiatives (such as gender pay reporting or closing the gender pay gap); or in order to hold events or providing support and development opportunities;
  • for food services provided at particular Aliz locations, management of the employer’s responsibilities and services and any benefits provided to employees in connection with such services.

Aliz may also process information in connection with lawsuits or for regulatory purposes and for investigations or audits pursuant to the Code of Conduct and limited to the relevant information strictly necessary for the purpose at hand.

We have sought to be precise in providing the detailed list above. However, in case of activities as complex as those performed by Aliz you will appreciate that this list may not be exhaustive and Aliz may undertake additional processing of Personal Information in line with the purposes set out above.

Further, as an IT services provider Aliz has in particular a legitimate interest in protecting our business, reputation, resources and equipment and as part of Aliz’s overall program for information security, operates a content monitoring program to detect proprietary or confidential information or Personal Information that is being sent out in breach of applicable policies and requirements and or applicable laws and regulations from time to time.

Aliz may collect information which may be considered specially protected under applicable law, but only to the extent that this is legally permissible, properly safeguarded and with specific authorizations in place (and/or where required by local law), including ethnicity related information if, for example, required for government reporting in the individual’s country of residence on such matters as diversity, gender or employment equity (see also section 5); information as necessary to cross reference individuals against national and United Nations lists of known terrorists, criminal suspects and/or ensure compliance with insider trading and money laundering laws; information about health (physical and mental) as necessary for participation in benefits plans and leaves of absence; and union membership for countries where unions are present.

Aliz may also facilitate your participation in non-work related schemes and programs (for example, global volunteer day or other initiatives in the country where you normally work). The provision of such programs to employees means that your Personal Information and other information related to your participation in such programs may from time to time be transferred to and processed by Aliz affiliates and third parties involved in the administration and operation of such schemes, which may be located outside of Europe.

9. Automated decision-making

Automated decision-making takes place when an electronic system uses Personal Information to make a decision without human intervention, which produces legal effects that concern you.

Aliz does not have systems that use automated decision making in connection with any individual connecting Aliz.

10. What we expect from you

We expect you to be open and honest in the information that you provide. Where there is any change to your Personal Information you are required to inform Aliz as soon as reasonably possible by contacting the HR team in the country where you ordinarily work or have any other contact with Aliz.

If you are asked to provide documentation to evidence changes to your Personal Information, you must do so before we are able to make the change that has been requested.

Subject to any applicable local legal requirements, the Personal Information that Aliz will collect, receive, use, store and otherwise process about you is required for the performance of our relationship and any associated processing. Certain Personal Information, such as right to work documentation, health and safety or accident information, or tax and social security identity numbers are required in order for Aliz to meet our statutory obligations as an employer. Aliz may also require Personal Information from you in order to meet any statutory or regulatory obligations or requests. If we ask you to provide information or documents to us, and you fail to do so in a timely manner after this is requested or at all, we may not be able to carry out all of our normal activities for which this information is required. This may include, as examples only, paying you salary or providing certain benefits. If you do not provide the information required for these entitlements it may affect our ability to accomplish the purposes stated in this Policy and potentially affect your ongoing employment or other form of relationship.

Any Personal Information that you hold concerning an individual (whether a client, customer, supplier, or fellow worker) must be kept in accordance with any applicable Aliz policies and in a secure place and should not be accessible to others without your knowledge and consent, and only in pursuit of Aliz’s legitimate interests or as required by law or regulation. You must not collect, use, store or otherwise process any information about an employee’s sensitive Personal Information detailed in section 5, unless this is part of your normal day to day work activities.

If you have any questions or you are unclear about the information you may use or disclose or otherwise process, please contact your country’s Data Protection Office (if there is one).

Please be aware that employees who act in breach of this Policy may be subject to disciplinary action, which may include termination of employment if deemed by Aliz to be the appropriate sanction, in light of the nature of the breach and the relevant circumstances.

11. Former employees

It may be necessary for your Personal Information to be processed after you leave employment with Aliz for a range of different purposes, in particular: to answer requests from prospective employers for references; to handle, request or provide information relevant to pension and benefits which extend beyond your employment; in connection with your employment or the cessation of your employment; for statistical purposes or looking at trends in our workforce, such as headcount or costs; in order to assess your eligibility to be rehired by Aliz; to respond to requests from tax or other regulatory authorities who make enquiries or conduct audits or investigations that relate to your employment with us; for the purpose of distribution of shares, options or company share plans; or to defend current or prospective legal claims that may be brought by you or which you may be connected to.

12. Where we send your personal information

First and foremost your Personal Information is received by the legal entity within Aliz that is your employer/supplier/client/contractor/potential employer or a service provider you contact for any other reason whatsoever. Aliz decides the means and purpose for processing certain Personal Information about you and is therefore a data controller. However, as outlined in section 2.2, we may use your Personal Information for many reasons connected with our relationship, and in addition, because different businesses and functions work across multiple countries around the globe, your employer is not the only Aliz data controller that will have access to your Personal Information. We have set out the details of Aliz’s main data controllers in Appendix 1, together with the relevant contact details.

In order to provide you with the best possible visibility of who may receive your Personal Information, we have created a list below of persons who may have access to your Personal Information, aside from the legal entity that is your employer. All recipients will only have access to the relevant information that is necessary for performing their tasks (for example: pay slip printing companies have access only to information that is strictly necessary for preparing the pay slips and not to information about work calendars or performance, etc).

13. Who has access to your personal information

Aliz may have reason to send information to third parties with whom Aliz has business relationships or is bound by service contracts (IT service providers, etc.). Additionally Aliz may send information to local regulatory authorities when required in order to comply with local law or reporting requirements. We only disclose information that is strictly necessary to enable us to manage or administer our business and employees. For our employees this means we may provide your Personal Information to third parties to enable us to use their services or when required or permitted by laws and regulations. This includes for example, services relevant to the insurances and health benefits we provide, payroll, actuarial benefits or disclosures required for us to use third party software and applications or to obtain advice relevant to you and for the processing set out in section 2.2, to the extent we outsource any of these activities or use third party systems or technology to administer them. Where we provide your Personal Information to third parties, or we ask you to provide your Personal Information directly to particular suppliers or vendors, this is on the basis that they agree to comply with the provisions of the General Data Protection Regulation and/or any other applicable laws.

The recipients of Personal Information concerning you are limited. Subject to information transferred outside of Europe (see section 3.2), they are:

  • Aliz’s Human Resources department,to the extent relevant for particular personnel to carry out their activities in connection with the processing and utilisation of Personal Information outlined in section 2.2;
  • Pension/provident entities, trustees, mutual benefit/insurance agents and other benefits providers to the extent this is required for the administration/provision of benefits;
  • social welfare entities for taxation purposes or where such information is requested in order for you to receive benefits;
  • competent regulatory, prosecuting, tax or governmental authorities, courts or other tribunals in any jurisdiction or markets, domestic or foreign, upon their request or in accordance with or as desirable in respect of any applicable law or court/tribunal decision (for example, the immigration department or tax authority);
  • Aliz’s finance department where this is necessary for budgeting, forecasting or funding in respect of particular activities concerning employees, such as the processing of expenses;
  • printing companies (pay slips or other information that requires professional printing);
  • Banks or other financial institutions (limited to information necessary to pay you) and tax status information;
  • immediate supervisors, line managers and designated people in order for them to carry out their activities;
  • senior leadership to support business, talent and diversity strategies;
  • authorised persons of accounting, financial and technical departments or information systems teams managing the telephone or information systems as outlined in section 2.2, but only to the extent necessary in order to perform their duties and tasks and to any other accountants or professional advisers in order to perform their duties and tasks;
  • authorised persons or departments within Aliz that handle anti-fraud measures, ethics concerns, compliance, legal and regulatory affairs, risk and audit and security of premises and persons or information, but only to the extent necessary in order to perform their duties and tasks and to any other accountants or professional advisers;
  • fitness for work and occupational health service providers for the provision of these services;
  • to third parties to exercise or defend or to protect legal claims, including in relation to our contracts with our clients and in order to protect the rights, property or safety of our business, our employees, any Aliz company, our clients or others, including to legal advisors, our Regulators, government and law enforcement authorities and with other parties involved in, or contemplating, legal proceedings;
  • service providers that provide hosting services and technology service providers, business process outsourcing service providers, to the extent necessary to provide these services;
  • Affinity network committees with reference to coordinating employee network membership lists, reporting and events;
  • external providers in relation to individual nominees for award submissions;
  • external providers in respect of learning, development, coaching and diversity services as appropriate; or
  • staff representatives, trade-union and works council delegates, and other similar roles to permit them to carry out the activities in countries where such bodies exist, and only to the extent necessary and with consent in countries where consent is required.

14. Transfer of information outside of Europe

Given our global reach some information about you may be processed by or on behalf of group entities anywhere in the world – for example, payroll or IT services may be performed by one or more group entities acting on behalf of other entities in different locations. Therefore, the work that you complete and our business processes may involve transferring your Personal Information to countries outside of Europe which have different data protection standards to those which apply in Europe.

In making such transfers, Aliz conforms to this Policy and any bylaws of Aliz. Please refer to the provisions of this Policy for information on how Aliz may transfer personal data in compliance with EU law.

Aliz may also transfer Personal Information to Aliz franchises in jurisdictions which have been deemed equivalent to Europe for data protection purposes in accordance with decisions of the European Commission, or on the basis of further appropriate safeguards, including but not limited to entry by Aliz companies into “Model Contracts” for the purposes of Europe data protection laws.

In addition, data can be accessed only by group entities that are legally bound this Policy and have implemented the commitments made hereunder.

We also rely on other permitted data transfer mechanisms such as relying on the relevant third party’s Privacy Shield certification or third party corporate rules (approved by relevant data protection authorities and put in place to protect your Personal Information). You have a right to ask us for a copy of the safeguard used by contacting us as set out below.

15. Consent and existing terms and conditions (Europe only)

Aliz may have previously relied on consent in certain European countries in order to process your Personal Information. You may therefore have previously entered into an employment contract or signed forms or other terms and conditions that provide consent to Aliz to process your Personal Information. As outlined in section 2.2, Aliz processes your Personal Information in order to perform our obligations arising under our relationship with you, to comply with legal obligations or to otherwise carry out our legitimate business interests and for the purposes outlined in that section. This means that generally speaking and subject to any applicable local legal requirements we do not request your express consent (or rely on existing consent except in limited circumstances where this is specifically necessary) to use your Personal Information for these purposes.

However, Aliz may from time to time ask you to provide consent in order to process specific types of Personal Information, including the types of personal information detailed in section 5 below. If you do opt to provide consent where it is requested, you have the right to withdraw your consent for that specific processing at any time in writing. Please send such requests to your usual HR partner.

Please be aware that it is not a condition of your relationship with us that you agree to any request for consent from us. Providing consent is purely voluntary. You will not be subjected to any detriment by declining to provide your consent. This also applies to any consent that you may be asked to give as detailed in section 5.

Please note that section 4 only applies to individuals connected with Aliz in European countries.

16. Circumstances where we may rely on consent to process your personal information

17. Sensitive personal information

Sensitive Personal Information includes information that reveals: racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership. It also includes genetic data or biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation. Please note that Aliz does not ask you for information concerning political opinions, a person’s sex life, religious or philosophical beliefs or genetic/biometric data (that could be used to identify you) in European countries, unless required by law to do so.

Subject to any applicable local legal requirements/restrictions, we may process your sensitive Personal Information if it is necessary:

  • by asking you to provide your consent to the particular type of processing that we wish to complete;
  • in circumstances where we need to process your Personal Information to exercise rights or obligations in relation to your employment or social security and social protection laws in so far as this is authorised by law or collective agreement;
  • where we consider the use of your Personal Information to be in your vital interests or the vital interests of another person and you are unable to provide consent;
  • for the establishment, exercise or defence of legal rights or claims;
  • in respect of health information, to assess your fitness for work or to the extent that this is relevant for Aliz or our vendors to provide or administer health services, for you and where relevant, your dependents. For example, private medical, health or life insurance and/or payments during absences due to illness;
  • for reasons of substantial public interest, on the basis of laws in the country where you normally work, such as the investigation of ethical or regulatory matters that may concern discriminatory or other conduct that involves the processing of sensitive Personal Information about you or to protect employees who have raised ethical or other concerns;
  • in respect of diversity information (race, ethnicity or sexual orientation), where we ask you to provide this information it is on a voluntary basis and provided that you give your consent. Such data is normally only processed for the purpose of monitoring, statistical analysis or in order for Aliz to further our equal opportunities and diversity policies or as required by law in countries where it is mandated by law that Aliz must collect and report on such information. However, as outlined above, we may also process this information to investigate complaints about discrimination or other conduct.

In addition, from time to time Aliz may also offer you the opportunity to voluntarily participate in initiatives which involve the processing of sensitive Personal Information. Where Aliz does so, this will be done on the basis of your consent to participate in such initiatives.

18. Criminal convictions

During employment we will only process information concerning criminal convictions and offences (criminal history check), where this is necessary to comply with our legal or regulatory requirements, and provided that this is authorised by the laws of the country where you are employed. Such laws may require us to obtain your consent in order to process this type of Personal Information. Where this applies, this will be made clear to you and your consent may be withdrawn at any time.

19. Security

We implement technical and organisational measures that are appropriate to the risk to protect the Personal Information that we process about you. This may include:

  • 1. implementing protocols and procedures to protect Personal Information according to the sensitivity of the information;
  • 2. establishing procedures to receive and respond to complaints and inquiries (as detailed in this Policy);
  • 3. educating staff about Aliz’s policies and practices and undertaking training to aid in compliance with such policies;
  • 4. developing and disseminating clear communications that explain Aliz’s policies and procedures;
  • 5. entering into written agreements with third parties which include appropriate security measures to protect Personal Information in line with this Policy and our obligations.

Specifically, Personal Information may be protected by technical and organizational security measures appropriate to the sensitivity of the information and how it is stored. Such measures may include encryption, password protection, contractual confidentiality and data protection obligations, locked storage facilities, and/or restricted and recorded access, as applicable.

Despite all of our best efforts the security of information may be breached from time to time, for example, if a Aliz employee sends an email to the wrong recipient or leaves documents on public transport. Aliz has policies and processes, such as the Electronic Communications Policy, that all employees must be familiar with in order to ensure that our information is kept secure and confidential.

Importantly, any data breaches must be notified immediately and without delay to your Business Information Security Officer. In certain circumstances we will need to notify data protection authorities about breaches within 72 hours and it is therefore critical that you tell us straight away.

20. Data storage and retention periods

In general your Personal Information will be held and managed in accordance with the record retention periods specified in accordance with the local laws of the country in which you are connected with Aliz.

Personal Information is kept for the period of time that it is needed by Aliz in connection with your relationship. This includes for the duration of, and following, your relationship with us, until the relevant retention period expires Aliz applies the following considerations to its retention periods:

  • Personal Information collected that is necessary for exercising a right in court is kept for the applicable statute-of-limitations period. At the end of that statute-of-limitations period, it will be deleted, unless it is connected to any current or prospective litigation.
  • Personal Information collected that is necessary to meet a statutory or regulatory obligation (e.g. tax or accounting) is kept for the time necessary to fulfil the obligation in question. It is deleted when there is no further reason to justify its storage.

21. Your rights in respect of your personal information

Under certain circumstances, you have the right to:

  • Request access to your Personal Information (commonly known as making a “data subject access request”). This enables you to receive a copy of the Personal Information we hold about you.
  • Request correction of the Personal Information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected. You can always make changes to your contact information and certain other personal details and we encourage you to access our self-service page as outlined in section 2.4 above.
  • Request the erasure of your Personal Information in certain circumstances. Importantly, the information held on your personnel file is required by us to carry out a range of activities as your current or former employer, or client or service provider (see section 2.2) and in such circumstances we would be unable to delete your Personal Information. You also have the right to ask us to delete or remove your Personal Information where you have exercised your right to object to processing (see below).
  • Object to the processing of your Personal Information, to the extent that we are relying on a legitimate interest (or those of a third party) to process your Personal Information, and there is something about your particular situation which makes you want to object to processing on this ground, subject always to our compelling legitimate grounds to continue to process your Personal Information.
  • Request the restriction of the processing of your Personal Information. This enables you to ask us to suspend the processing of your Personal Information. We will only agree to stop processing your Personal Information in limited circumstances such as where ongoing processing is unlawful, or if you have objected to your Personal Information being processed and pending verification of Aliz’s assertion that its legitimate grounds in processing your Personal Information override your own.

Limitations can apply to your ability to exercise some of these rights. For example, under the General Data Protection Regulation (or other applicable laws), if you request erasure of your Personal Information, Aliz can keep the Personal Information if processing is necessary for compliance with a legal obligation or for the establishment, exercise or defence of legal claims (in addition to other grounds).

We may need to request specific information from you to help us confirm your identity and ensure your right to access the Personal Information concerning you that we hold (or to exercise any of your other rights). This is another appropriate security measure to ensure that Personal Information is not disclosed to any person who has no right to receive it and otherwise to assist us to process your request in a timely manner.

If you want to review, verify, correct or request erasure of your Personal Information, or object to the processing of your Personal Information, please contact the HR team.

Please note that Aliz will not transfer your data to a third party at the request of another individual, save as required by the General Data Protection Regulation or any other applicable laws.

22. No fee usually required

Normally you will not have to pay a fee to access your Personal Information (or to exercise any of the other rights). However, we may charge a reasonable fee based on administrative costs, if we consider your request for access to be unfounded, excessive or repetitive. Alternatively, we may refuse to comply with the request in such circumstances. In that event, we will explain to you why we have made that decision.

23. Who can I contact about how Aliz processes my personal information?

As outlined in Section 8, if you wish to review, verify, correct, erase or object to the processing of your Personal Information, please contact the HR team.

We would always encourage you to raise issues to Aliz in the first instance. In the event that you have any concerns or complaints related to our processing of your Personal Information, please contact the Operations team.

You can also contact Aliz’s Data Protection Officer who oversees Aliz’s compliance with privacy requirements including the General Data Protection Regulation.

We appreciate that you may not feel that it is possible to raise your concerns with us directly. As such, you may make a complaint at any time to the relevant Supervisory Authority in the location where you normally work.

24. Information concerning family members and dependents

In certain countries Aliz may collect information from you concerning your family members or dependents either for the purposes of providing benefits and insurance, for example, health insurance, social benefits or allowances or for contacting them in the case of an emergency or in connection with relocating certain employees as part of Aliz mobility. In certain countries we may need this information in order to assess your eligibility for certain statutory or Aliz provided entitlements, such as family friendly leave or leave in connection with you caring for an ill family member or other benefits or entitlements.

In certain countries Aliz may collect information from you concerning your family members or dependents either for the purposes of providing benefits and insurance, for example, health insurance, social benefits or allowances or for contacting them in the case of an emergency or in connection with relocating certain employees as part of Aliz mobility. In certain countries we may need this information in order to assess your eligibility for certain statutory or Aliz provided entitlements, such as family friendly leave or leave in connection with you caring for an ill family member or other benefits or entitlements.

These details will be kept solely for those purposes and will be held and retained for these reasons. To the extent applicable, sections 2 and 3.2 to 9 of this Policy apply to your family members and dependents, so please inform them about the content of this Policy.