Human Resources Privacy Policy

Effective: 2021-09-15

Introduction and Scope

VeraSafe, LLC, along with our Affiliates (as defined below) and our associated law firm VeraSafe Legal, LLP (collectively, “VeraSafe”, “we”, “us”, our”) take the protection of your personally identifiable information (“Personal Data”) very seriously. Please read this Privacy Policy (the “Policy”) to learn what Personal Data we collect about you concerning your working relationship with us, why and how we collect and use it, and with whom we might share it. 

It is essential that you read and understand this Policy. If you have questions or do not fully understand it, please seek additional information from VeraSafe’s Legal Department, which can be contacted at [email protected]

What Is Covered by this Policy?

This Policy addresses individuals who are working within VeraSafe, such as employees, officers, staff members, and contractors (including permanent, fixed-term, and temporary staff, any third-party representatives and contractors, volunteers, interns, and agents engaged with VeraSafe), any directors and members of VeraSafe (collectively, “Team Members”), and the emergency contacts that individuals covered by this Policy provide to us. This Policy also applies to the Personal Data of job applicants to VeraSafe.

This Policy is issued on behalf of VeraSafe and our Affiliates (as defined in the section “Entities Covered by this Policy” below), so when we mention “VeraSafe”, “we”, “us” or “our” in this Policy, we are referring to the relevant company in the VeraSafe corporate group responsible for processing your specific Personal Data (typically, the entity you contracted with or submitted an application to). 

This Policy tells you, among others:

What Is Not Covered in this Policy?

This Policy does not apply to Personal Data we collect in other contexts, such as the Personal Data we collect about Data Subjects in the provision of services to our clients, visitors to our websites, or in the context of our sales and marketing initiatives.  

For additional information about the manner in which VeraSafe collects Personal Data in those contexts, please see our Services Privacy Policy and our Sales, Marketing, & Outreach Privacy Policy

In addition, if VeraSafe does not maintain information in a manner that identifies, relates to, describes, is reasonably capable of being associated with, or could be reasonably linked, directly or indirectly, with a particular individual, such information is not considered as Personal Data and this Policy will not apply to our processing of that information.

Our Role With Respect to Your Personal Data

Within the scope of this Policy, VeraSafe acts as a data controller for the Personal Data we collect or that others collect on our behalf. This means that we are responsible for determining the purposes and means of the processing of your Personal Data – in other words, how we collect, use, and share it. 

Basis of Processing

We may process your Personal Data on the basis of:

  • the need to perform an employment contract with you or take steps at your request prior to entering into an employment contract with you;
  • our legitimate interests, such as our interests in offering or negotiating a job offer and providing valuable employment benefits or on-the-job training to you;
  • the need to comply with applicable laws; or
  • any other ground, as required or permitted by law. 

Where we receive your Personal Data as part of entering into or performing our obligations under an employment contract with you, we require such Personal Data to be able to carry out the contract. Without that necessary Personal Data, we will not be able to meet our contractual obligations as your employer.

Entities Covered by this Privacy Policy

This Privacy Policy covers VeraSafe, LLC (a Delaware limited liability company), VeraSafe Legal, LLP (a limited liability partnership organized under the laws of Washington, D.C.,  and the following affiliate entities of VeraSafe, LLC (the “Affiliates”):

  • VeraSafe Ireland Limited;
  • VeraSafe Czech Republic s.r.o.;
  • VeraSafe Netherlands BV; 
  • VeraSafe United Kingdom Ltd; and
  • VeraSafe South Africa (Pty) Ltd.

What Categories of Personal Data Do We Collect? 

As a VeraSafe Team Member or an applicant to a job posting listed by VeraSafe, we may process the following categories of Personal Data about you: 

  • biographical information, such as first name, last name, date of birth, and national identification/social security number;
  • photographs and audio-video recordings of you;
  • official identification information, such as copies of ID cards, driver’s licenses, and passports;
  • contact and location information, such as email address, phone number, postal address, and IP address and associated location; 
  • professional information, such as job title, position, and information about your current or former employers, as well as any other information contained in your resume or curriculum vitae;
  • education information, such as degrees acquired, courses taken, and graduation dates;  
  • payment information, such as personal or business bank account information; 
  • emergency contact information;
  • marital status;
  • information about your daily and weekly schedule, such as your preferred or available working hours; 
  • limited health information about you, such as allergies or information regarding sickness, such as how many days you could not come to work due to sickness or doctor’s notes;
  • limited health information about you and your covered family members, as necessary to provide healthcare benefits to you; 
  • in some cases, criminal conviction information; 
  • information about how you use approved VeraSafe software applications, such as activity logs; and
  • any other category of personal data submitted to us by you, including any Personal Data processed in official VeraSafe information systems.

We will not collect additional categories of Personal Data without informing you.

Personal Data About Children Under the Age of 16

We do not knowingly collect Personal Data from children under 16, unless a child under 16 is the only emergency contact an individual could provide us with. In the event that you do list a child under 16 as your emergency contact, we will need to obtain the informed consent of that child’s parent or legal guardian in order to process their Personal Data.

If you believe we might have any information from or about a child under 16, please contact us by using the contact details provided here. If we learn that we have collected or received Personal Data from a child under 16 without parental consent, we will delete that Personal Data.

How Do We Obtain Your Personal Data?

As part of our human resources processes, we collect and process Personal Data  relating to job applicants and our staff. We may obtain your Personal Data when:

  • you submit it to us during the process of your job application, for example, when we collect Personal Data from application forms, CVs, resumes, or LinkedIn profiles, your passport or other identity documents, or through interviews or other forms of assessment, including online tests;
  • your recruitment agency submits your information to us;
  • you provide it to us during your working relationship with us; and we collect it in the course of job-related activities throughout the period when you work for us; and
  • we obtain Personal Data from other third parties, such as former employers, authorities, government entities, social networks, or other information providers.

Subject to applicable laws, your Personal Data may be obtained through background checks, security clearances, and other similar information sources as required by law or deemed necessary due to the nature and security requirements related to the position in question. 

How Do We Use Your Personal Data?

We may process your Personal Data for the purposes of:

  • professional recruiting and employment application review;
  • entering, performing, amending, managing, and terminating employment and service contracts, and determining the terms on which you work for VeraSafe; 
  • onboarding you as a VeraSafe team member, such as creating an email account for you, providing access to various other information systems, and generally enabling teamwide communication within VeraSafe and with VeraSafe clients; 
  • carrying out our contractual obligations with consumers, customers, and suppliers;
  • arranging trainings and professional development activities; 
  • providing contractually agreed-upon compensation and benefits, including healthcare benefits for you and your covered family members; 
  • managing the expenses of VeraSafe;
  • managing your health and safety in the workplace; 
  • arranging work-related travel accommodations;
  • reviewing and approving expenses you submit for reimbursement;
  • reviewing and confirming the status of applicable professional licenses, certifications, and qualifications;
  • responding to your requests or questions;
  • preventing fraud or criminal activities; 
  • conducting criminal background checks;
  • assuring network and information security, including access management to prevent unauthorized access to our systems; 
  • monitoring your use of our information and communication systems and other assets to assure compliance with our IT and Team Member policies; 
  • determining performance requirements, setting individual targets, conducting regular performance reviews, and managing performance records in accordance with VeraSafe’s policies and procedures; 
  • dealing with legal disputes involving you, or other employees, workers, and contactors, including work related accidents; and
  • enforcing our legal rights and complying with laws and regulations applicable to VeraSafe.

With Whom Do We Share Your Personal Data?

As an international company, we may share your Personal Data with our Affiliates to operate our human resources systems, and also as part our regular reporting activities on company performance, in the context of a business reorganization or restructuring exercise, or for system maintenance support and hosting of data. 

We share your Personal Data with some service providers that process Personal Data on our behalf, and who agree only to assist us in providing our Services and internal operations, or as required by law. 

Our service providers may provide: 

  • professional employment organization (PEO) services, including payroll and benefits management services; 
  • cloud-based communication software, such as email, chat, VOIP, and teleconferencing software; 
  • cloud-based project management software;
  • benefit management services;
  • performance management services; 
  • applicant tracking system services; 
  • human resource information system software and services; 
  • social networking websites or platforms; 
  • cloud-based productivity software and work collaboration tools; 
  • cloud-based accounting software; and
  • learning management systems. 

We may disclose your Personal Data in the context of our marketing campaigns on social networks to service providers that process Personal Data for their own purposes, such as LinkedIn. 

These service providers may be located outside of the European Economic Area (“EEA”), the United Kingdom (“UK”), or the Republic of South Africa, such as in the United States. However, we require the service provider to maintain at least the same level of privacy and security for your Personal Data as we do. We remain liable for the protection of your Personal Data that we transfer to third parties, except to the extent that we are not responsible for the event that leads to any unauthorized or improper disclosure or processing.  

If you are located in the EEA, in some cases the European Commission may not have determined that the third-countries’ data protection laws provide a level of protection equivalent to EEA or European Union law. We will only transfer your Personal Data to third parties outside of these countries when there are appropriate safeguards in place. These may include the European Commission-approved standard contractual data protection clauses. If you have any questions, please contact [email protected]

Other Disclosures of Your Personal Data

We may disclose your Personal Data to the extent required by law, or if we have a good-faith belief that we need to disclose it in order to comply with official investigations or legal proceedings (whether initiated by governmental/law enforcement officials, or private parties). We may also disclose your Personal Data if we sell or transfer all or some of our company’s business interests, assets, or both, or in connection with a corporate restructuring. Finally, we may disclose your Personal Data to our Affiliates, but only for business purposes, as described in the section above.

If we have to disclose your Personal Data to governmental/law enforcement officials, we may not be able to ensure that those officials will maintain the privacy and security of your Personal Data.

Data Retention

Personal Data is retained for as long as necessary to fulfil the purposes it is collected for, unless a longer retention period is required or permitted by law, including for the purpose of satisfying any legal, accounting, or reporting requirements, or any other lawful legitimate purposes. In the case of most employee data, it is retained for the duration of your employment or contractual relationship with VeraSafe and a minimum of seven (7) years after that relationship terminates. 

Your Privacy Rights: Access and Review 

If we process your Personal Data, you may have the right to request access to (or to update, correct, or delete) such Personal Data. You may also have the right to ask that we limit our processing of such Personal Data, as well as the right to object to our processing of such Personal Data. You may also have the right to data portability.

You may also have the right to opt out of having your Personal Data shared with third parties and to revoke your consent to our sharing your Personal Data with third parties. 

You may also have the right to opt out if your Personal Data is used for any purpose that is materially different from the purpose(s) for which it was originally collected or which you subsequently authorized. 

If a request you make under one of these rights conflicts with VeraSafe’s legal obligations, VeraSafe may not be able to fulfill that request.

Requests to exercise your privacy rights should be sent to [email protected]

How Do We Protect Your Personal Data?

We are strongly committed to keeping your Personal Data safe. We have implemented and will maintain technical, administrative, and physical measures that are reasonably designed to help protect your Personal Data from unauthorized processing, including internal data security and data governance policies compliant with industry best practices and, where appropriate, encryption of data at rest and in transit. Unauthorized processing includes unauthorized access, exfiltration, theft, disclosure, alteration, or destruction. 

Contact Us

If you have any questions about this Policy or our processing of your Personal Data, please write to us at [email protected] or by postal mail at:

Attn: General Counsel, VeraSafe
100 M Street S.E., Suite 600
Washington, D.C. 20003
USA

You may also contact us by phone at our support number 1-888-376-1079 (or if calling from outside the U.S. dial +1-617-398-7067).

We will respond to legitimate inquiries within 30 days of receipt.

Data Protection Representative in the European Union

We have appointed our Affiliate VeraSafe Czech Republic s.r.o. (“VeraSafe Czech Republic”), as our representative in the EEA for data protection matters for each of VeraSafe’s group companies that are not established in the EEA. While you may also contact VeraSafe Legal, LLP or VeraSafe, LLC, if you are located in the EEA, you may contact VeraSafe Czech Republic on matters related to our processing of Personal Data in the EEA. To contact VeraSafe Czech Republic, please use this contact form: https://verasafe.com/public-resources/contact-data-protection-representative or call via telephone: +420 228 881 031.

Alternatively, VeraSafe Czech Republic can be contacted by mail at:

VeraSafe Czech Republic s.r.o.
Klimentská 46
Prague 1, 11002
Czech Republic

Data Protection Representative in the United Kingdom

We have appointed our Affiliate VeraSafe United Kingdom Ltd. (“VeraSafe United Kingdom”), as the representative in the UK for data protection matters for each of VeraSafe’s group companies that are not established in the UK. While you may also contact VeraSafe Legal, LLP or VeraSafe, LLC directly, if you are located in the UK, you may contact VeraSafe United Kingdom on matters related to our processing of Personal Data in the UK. To contact VeraSafe United Kingdom, please use this contact form: https://verasafe.com/public-resources/contact-data-protection-representative or call via telephone: +420 228 881 031.

Alternatively, VeraSafe United Kingdom can be contacted by mail at:

VeraSafe United Kingdom Ltd.
37 Albert Embankment
London, SE1 7TL
United Kingdom

Changes to this Policy

If we make any material change to this Policy, we will post the revised Policy to our company intranet located at https://my.verasafe.com. We will also update the “Last Updated on” date. 

Why VeraSafe?

Track record of successful GDPR implementations across industries.

Work directly with our in-house team of US and European attorneys, IT experts, and project managers.

Strategic, risked-based approach to compliance.

Fully customizable GDPR compliance program, tailored to fit your needs.

Holistic approach: We help you identify business opportunity hidden inside the GDPR.

Going beyond just EU privacy law, VeraSafe is your end-to-end partner for the entire privacy and cybersecurity domain.