Track record of successful GDPR implementations across industries.
Introduction and Scope
VeraSafe, LLC, along with our Affiliates (as defined below) and our associated law firm VeraSafe Legal, LLP (collectively, “VeraSafe”, “we”, “us”, our”) take the protection of your personal information (“Personal Data”) very seriously. Please read this Privacy Policy (the “Policy”) to learn what Personal Data we collect about you concerning your working relationship with us, why and how we collect and use it, and with whom we might share it.
It is essential that you read and understand this Policy. If you have questions or do not fully understand it, please seek additional information from VeraSafe’s Legal Department, which can be contacted at [email protected].
What Is Covered by this Policy?
This Policy addresses individuals associated with VeraSafe by employment or interest, which includes current, potential, and previous applicants, employees, officers, staff members, contractors (including permanent, fixed-term, and temporary staff, any third-party representatives and contractors, volunteers, interns, and agents engaged with VeraSafe); any directors and members of VeraSafe; and the emergency contacts provided by the individuals described hereto (collectively, “Team Members”).
This Policy is issued on behalf of VeraSafe and our Affiliates, so when we mention “VeraSafe”, “we”, “us” or “our” in this Policy, we are referring to the relevant company in the VeraSafe corporate group responsible for processing your specific Personal Data (typically, the entity you contracted with or submitted an application to).
This Policy covers:
- our role with respect to your personal data;
- what categories of Personal Data we collect about you;
- how we obtain your Personal Data;
- for what purposes we use your Personal Data;
- with whom we share your Personal Data;
- how long we retain your Personal Data;
- your rights with respect to the Personal Data we collect about you;
- how we protect your Personal Data; and
- how to contact us.
What Is Not Covered in this Policy?
VeraSafe professional services data.
Personal Data we collect about Data Subjects in the provision of services to our clients, as described by our Services Privacy Policy.
Business development data.
Person Data we collect about visitors to our websites or in the context of our sales and marketing initiatives, as described by our Sales, Marketing, & Outreach Privacy Policy.
Information that is not Personal Data.
Personal Data is information that identifies, relates to, describes, is reasonably capable of being associated with, or could be reasonably linked, directly or indirectly, with a particular individual.
Our Role With Respect to Your Personal Data
Within the scope of this Policy, VeraSafe acts as a data controller for the Personal Data we collect or that others collect on our behalf. This means that we are responsible for determining the purposes and means of the processing of your Personal Data – in other words, how and why we collect, use, and share it.
Basis of Processing
We may process your Personal Data on the basis of:
- the need to perform an employment contract with you or take steps at your request prior to entering into an employment contract with you;
- our legitimate interests, such as our interests in offering or negotiating a job offer and providing valuable employment benefits or on-the-job training to you;
- the need to comply with applicable laws; or
- any other ground, as required or permitted by law.
Where we receive your Personal Data as part of entering into or performing our obligations under an employment contract with you, we require such Personal Data to be able to carry out the contract. Without that necessary Personal Data, we will not be able to meet our contractual obligations as your employer.
Entities Covered by this Privacy Policy
This Privacy Policy covers VeraSafe, LLC (a Delaware limited liability company), VeraSafe Legal, LLP (a limited liability partnership organized under the laws of Washington, D.C.), and the following affiliate entities of VeraSafe, LLC (the “Affiliates”):
- VeraSafe Ireland Ltd.;
- VeraSafe Czech Republic s.r.o.;
- VeraSafe Netherlands BV;
- VeraSafe United Kingdom Ltd; and
- VeraSafe South Africa (Pty) Ltd.
What Categories of Personal Data Do We Collect?
As a VeraSafe Team Member or an applicant to a job posting listed by VeraSafe, we may process the following categories of Personal Data about you:
- Biographical and identification information, such as first name, last name, date of birth, marital status, national identification/social security number, and copies of ID cards, driver’s licenses, and passports;
- Contact and location information, such as email address, phone number, postal address, IP address, and emergency contact information;
- Professional and educational information, such as job title, position, resume, cv, employment history, certifications and degrees;
- Health information, such as information related to providing sick leave and healthcare benefits to you (or covered family members), and other such information provided by Team Member;
- Financial information, such as wages, personal or business bank account information, and corporate credit/debit card information;
- Employment information, such as information about your daily and weekly schedule, preferred or available working hours, performance reviews, employment survey information, interview logs, and information collected by VeraSafe to analyze performance, such as activity logs, or by VeraSafe’s information systems;
- Other information, such as photographs, audio and video recordings, information from background checks (which may include criminal convictions and certification/license status), and any other Personal Data provided by Team Member.
We will not collect additional categories of Personal Data without informing you.
Personal Data About Children Under the Age of 16
We do not knowingly collect Personal Data from children under 16, unless a child under 16 is the only emergency contact an individual could provide us with. In the event that you do list a child under 16 as your emergency contact, we will need to obtain the informed consent of that child’s parent or legal guardian in order to process their Personal Data.
If you believe we might have any information from or about a child under 16, please contact us by using the contact details provided here. If we learn that we have collected or received Personal Data from a child under 16 without parental consent, we will delete that Personal Data.
How Do We Obtain Your Personal Data?
As part of our human resources processes, we collect and process Personal Data relating to job applicants and our staff. We may obtain your Personal Data when:
- you submit it to us during the process of your job application, for example, when we collect Personal Data from application forms, CVs, resumes, or LinkedIn profiles, your passport or other identity documents, or through interviews or other forms of assessment, including online tests;
- your recruitment agency submits your information to us;
- you provide it to us during your working relationship with us; and we collect it in the course of job-related activities throughout the period when you work for us; and
- we obtain Personal Data from other third parties, such as former employers, authorities, government entities, social networks, or other information providers.
Subject to applicable laws, your Personal Data may be obtained through background checks, security clearances, and other similar information sources as required by law or deemed necessary due to the nature and security requirements related to the position in question.
How Do We Use Your Personal Data?
We may process your Personal Data for the purposes of:
- professional recruiting and employment application review;
- entering, performing, amending, managing, and terminating employment and service contracts, and determining the terms on which you work for VeraSafe;
- onboarding you as a VeraSafe Team Member, such as creating an email account for you, providing access to various other information systems, and generally enabling teamwide communication within VeraSafe and with VeraSafe clients;
- providing equipment to you in your capacity as a VeraSafe Team Member;
- carrying out our contractual obligations with consumers, customers, and suppliers;
- arranging trainings and professional development activities;
- providing contractually agreed-upon compensation and benefits, including healthcare benefits for you and your covered family members;
- managing the expenses of VeraSafe;
- managing your health and safety in the workplace;
- arranging work-related travel accommodations;
- reviewing and approving expenses you submit for reimbursement;
- reviewing and confirming the status of applicable professional licenses, certifications, and qualifications;
- responding to your requests or questions;
- preventing fraud or criminal activities;
- conducting criminal background checks;
- assuring network and information security, including access management to prevent unauthorized access to our systems;
- monitoring your use of our information and communication systems and other assets to assure compliance with our IT and Team Member policies;
- determining performance requirements, setting individual targets, conducting regular performance reviews, and managing performance records in accordance with VeraSafe’s policies and procedures;
- dealing with legal disputes involving you, or other employees, workers, and contactors, including work related accidents; and
- enforcing our legal rights and complying with laws and regulations applicable to VeraSafe.
With Whom Do We Share Your Personal Data?
As an international company, we may share your Personal Data with our Affiliates to operate our human resources systems, and also as part our regular reporting activities on company performance, in the context of a business reorganization or restructuring exercise, or for system maintenance support and hosting of data.
We share your Personal Data with some service providers that process Personal Data on our behalf, and who agree only to assist us in providing our Services and internal operations, or as required by law.
Our service providers may provide:
- professional employment organization (PEO) services, including payroll and benefits management services;
- cloud-based communication software, such as email, chat, VOIP, and teleconferencing software;
- cloud-based project management software;
- benefit management services;
- performance management services;
- applicant tracking system services;
- human resource information system software and services;
- social networking websites or platforms;
- cloud-based productivity software and work collaboration tools;
- cloud-based accounting software; and
- learning management systems.
We may disclose your Personal Data in the context of our marketing campaigns on social networks to service providers that process Personal Data for their own purposes, such as LinkedIn.
These service providers may be located outside of the European Economic Area (“EEA”), the United Kingdom (“UK”), or the Republic of South Africa, such as in the United States. However, we require the service provider to maintain at least the same level of privacy and security for your Personal Data as we do. We remain liable for the protection of your Personal Data that we transfer to third parties, except to the extent that we are not responsible for the event that leads to any unauthorized or improper disclosure or processing.
If you are located in the EEA, in some cases the European Commission may not have determined that the third-countries’ data protection laws provide a level of protection equivalent to EEA or European Union law. We will only transfer your Personal Data to third parties outside of these countries when there are appropriate safeguards in place. These may include the European Commission-approved standard contractual data protection clauses. If you have any questions, please contact [email protected].
Other Disclosures of Your Personal Data
We may disclose your Personal Data to the extent required by law, or if we have a good-faith belief that we need to disclose it in order to comply with official investigations or legal proceedings (whether initiated by governmental/law enforcement officials, or private parties). We may also disclose your Personal Data if we sell or transfer all or some of our company’s business interests, assets, or both, or in connection with a corporate restructuring. Finally, we may disclose your Personal Data to our Affiliates, but only for business purposes, as described in the section above.
If we have to disclose your Personal Data to governmental/law enforcement officials, we may not be able to ensure that those officials will maintain the privacy and security of your Personal Data.
Data Retention
Personal Data is retained for as long as necessary to fulfil the purposes it is collected for, unless a longer retention period is required or permitted by law, including for the purpose of satisfying any legal, accounting, or reporting requirements, or any other lawful legitimate purposes. In the case of most employee data, it is retained for the duration of your employment or contractual relationship with VeraSafe and a minimum of seven (7) years after that relationship terminates.
Your Privacy Rights: Access and Review
If we process your Personal Data, you may have the right to request access to (or to update, correct, or delete) such Personal Data. You may also have the right to ask that we limit our processing of such Personal Data, as well as the right to object to our processing of such Personal Data. You may also have the right to data portability.
You may also have the right to opt out of having your Personal Data shared with third parties and to revoke your consent to our sharing your Personal Data with third parties.
You may also have the right to opt out if your Personal Data is used for any purpose that is materially different from the purpose(s) for which it was originally collected or which you subsequently authorized.
If a request you make under one of these rights conflicts with VeraSafe’s legal obligations, VeraSafe may not be able to fulfill that request.
Requests to exercise your privacy rights should be sent to [email protected].
How Do We Protect Your Personal Data?
We are strongly committed to keeping your Personal Data safe. We have implemented and will maintain technical, administrative, and physical measures that are reasonably designed to help protect your Personal Data from unauthorized processing, including internal data security and data governance policies compliant with industry best practices and, where appropriate, encryption of data at rest and in transit. Unauthorized processing includes unauthorized access, exfiltration, theft, disclosure, alteration, or destruction.
Contact Us
If you have any questions about this Policy or our processing of your Personal Data, you can reach us at:
| Address: | General Counsel, VeraSafe 100 M Street S.E., Suite 600 Washington, D.C. 20003 USA |
| Email: | [email protected] |
| Phone: | 1-617-398-7067 |
We will respond to legitimate inquiries within 30 days of receipt.
Data Protection Representatives
European Union
VeraSafe Czech Republic s.r.o.Address: Klimentská 46, Prague 1, 11002, Czech Republic
Phone: +420 228 881 031
Contact Form: https://verasafe.com/public-resources/contact-data-protection-representative
United Kingdom
VeraSafe United Kingdom Ltd.37 Albert Embankment, London, SE1 7TL, United Kingdom
Phone: +44 (20) 4532 2003.
Contact Form: https://verasafe.com/public-resources/contact-data-protection-representative
You may also contact VeraSafe Legal, LLP or VeraSafe, LLC directly.
Changes to this Policy
If we make any material change to this Policy, we will post the revised Policy to our company website located at https://verasafe.com/legal/human-resources-privacy-policy/. We will also update the “last updated on” date.