PRIVACY POLICY -  EMPLOYEES

Last update: 2018-05-24 | v0.1 

1. INTRODUCTION 

Jeeves Information Systems AB, organization number 556343-4215, Kungsbron 1, 111 22 Stockholm, and Jeeves Professional Services AB, organization number 556578-0672, Första långgatan 26, 413 28 Gothenburg and the other companies of the Forterro Group,“Jeeves” collects and processes the information that the organization will need in order to perform along with the companies short respectively long term goals ("Personal Data"). This privacy notice ("Privacy Notice") sets out which Personal Data that Jeeves collect and for which purposes it is processed, as well as your rights connected to the processing of your Personal Data. 

Throughout this Privacy Notice the term "processing" is used which covers all activities involving your Personal Data, including collecting, handling, storing, sharing, accessing, using, transferring and disposing of information. 

2. PURPOSES OF THE PROCESSING OF YOUR PERSONAL DATA 

2.1. Enabling the employee to perform day to day operations 

Jeeves may process your Personal Data for the purpose of performing day to day operations as well as establish a common ground for the handling of personal data. This includes processing your Personal Data to an extent that JEEVES can fulfil daily operations along with structuring the collected data to comply with GDPR, with focus on articles 16 to 22. Personal Data processed for these purposes include: 

Individual data, such as name, date of birth, gender, nationality, preferred language, photo 

Organizational data, such as employee number, job description, place of work, business unit, department, manager, direct reports 

Contact data, such as work location, home address, email, telephone number, close relative

Employment administration data, such as employment contract and other agreements between you and JEEVES, applications or other forms regarding e.g. parental leave, information about hiring date and termination date 

Time data, such as working hours, worked time, vacation, leaves of absence (parental leave, sick leave etc.) 

Union membership data, if applicable and relevant 

Security data, such as access cards and access rights as well as the use of access cards and access rights 

Health and safety data, such as information about sick-leave, rehabilitation plans, work related incidents, health examinations 

Competence data, such as learning records and training activities 

Performance and evaluation data, such as evaluations, assessments and disciplinary records, if any 

Travel administration data, such as information on business trips, booking details, passport number, travel invoices and allowances 

IT Support, such as questions from you/your manager/HR relating to your assignment or IT-equipment or support provided to you in relation to the same 

IT-related data, such as user-ID, passwords, log-in details as well as data and logs about your use of JEEVES’s IT equipment, application or services, as per JEEVES’s IT policies, as applicable from time to time 

Your Personal Data processed in accordance with this section 2.1 is processed on the basis of performance or execution of a contract with the data subject, and for purposes of the legitimate interest of JEEVES or by a third party. 

JEEVES’s legitimate interest is normally to manage its daily operations, secure its facilities and equipment and keep internal control. To base processing of personal data on the balance of interests-basis, JEEVES makes an assessment on case-by-case basis. This could for example be that JEEVES needs to process certain personal data to enable administration of your business-related travels where JEEVES’s legitimate interest is to manage its daily operations, or JEEVES needs to process certain personal data to review the status of its IT-equipment where JEEVES’s legitimate interest is to secure its equipment. 

JEEVES will process your personal data, as exemplified above, for the general purposes stated below. Please note that the examples listed under each purpose are not exhaustive. 

Administration (normally based on contractual obligation and/or balance of interests) 

  • Enabling registration of you in JEEVES’s systems and general administration of your assignment with JEEVES 
  • Enabling proper license usage 
  • Enabling keeping an up-to-date organization chart and record of employees, including production of internal reports and statistics 
  • Enabling payment of salary, pension and other benefits to you, as well as reviews of salary, including production of internal reports and statistics 
  • Enabling follow-up on projects 

Reporting (normally based on legal obligation and/or balance of interests) 

  • Enabling keeping track of your working time/leaves of absences/vacations, for remuneration as well as invoicing purposes - Enabling reporting to authorities, as required by law, such as tax agency 

Work environment and product safety (normally based on legal obligation and/or balance of interests) 

  • Enabling fulfillment of JEEVES’s obligations related to product safety and quality 
  • Enabling fulfillment of JEEVES’s obligations to provide a safe work environment (including control and prevention of unauthorized access to JEEVES’s premises or equipment) and other work environment obligations as set out by work environment or labor laws 

Employee development and activities (normally based on legal and/or contractual obligation and/or balance of interests) 

  • Enabling and suggesting learning and training activities - Enabling activities regarding competence development 

Employee work related activities (normally based on legal and/or contractual obligation and/or legitimate interest) 

  • Enabling the performance of your work tasks, such as writing emails, establishing documents, reports, presentations etc. 
  • Enabling business travel 
  • Enabling answering questions from you/your manager/HR regarding your employment or IT-equipment/services or provision of support necessary for the performance of your work tasks 
  • Enabling follow-up of JEEVES’s policies, as applicable from time to time, to ensure that such policies are adhered to and to investigate suspected prohibited activities 

It is specifically noted that union membership and some aspects of health and safety data are regarded as Sensitive Data under the applicable data protection laws and shall be handled with extra care. It is specifically noted that Sensitive Data must only be processed in case of legal obligation, authorized by collective bargaining agreement and/or explicit consent. 

The Personal Data processed for the above mentioned purpose will be processed during the duration of the contract and for as long as necessary according to applicable local laws for the relevant administrative purpose, and then be deleted.

3. DISCLOSURE AND TRANSFER OF PERSONAL DATA 

JEEVES may disclose Personal Data processed for the purposes set forth in section 2 above to other companies within the JEEVES group. Such recipients may be located in countries outside the EU/EEA. To ensure adequate protection of your Personal Data when transferred within the JEEVES group, regardless to which country your Personal Data is transferred, both the transferring JEEVES entity and the receiving JEEVES entity have entered into the European Commission's (EC) Standard Contractual Clauses ("SCC") and a Group Compliance Agreement in relation to the data transfer or applied other adequate safe guards. 

Moreover, JEEVES may disclose Personal Data to external parties or associates, such as vendors and service providers, and lawful requests made by public authorities to meet national security or law enforcement requirements. Where such disclosure entail transfers outside the EU/EEA, JEEVES will ensure that the SCC have been entered into between the transferring JEEVES entity and the receiving external party, or ensure that adequate safeguards otherwise have been taken prior to such transfer. JEEVES is responsible for ensuring that any such information is transferred in accordance with applicable legislation, and is liable for any harm to you that may arise as a result of the transfer. 

You are entitled to, upon request, receive a copy of any documentation demonstrating that adequate safeguards have been taken in order to protect your Personal Data during a transfer outside the EU/EEA, regardless whether it is an intra-group transfer or a transfer to an external party. 

Transfers in accordance with this section 3 are based on the same legal ground as is applicable for each respective purpose set forth in section 2 above. 

The following is a list of the countries located outside EU/EEA, to which your Personal Data may be transferred: 

  • India 
  • United States of America 

JEEVES complies with the EU-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union to the United States. JEEVES has certified to the Department of Commerce that it adheres to the Privacy Shield Principles. If there is any conflict between the terms in this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov/

4. REVOCATION OF CONSENT 

You may, at any time, revoke consents that you have given to JEEVES pertaining to any such processing of Personal Data which is based on your consent. 

You may revoke your consent by contacting JEEVES on the contact details set forth below and state for which of the abovementioned purposes you wish to revoke your consent. JEEVES will cease to process your Personal Data relating to the purposes for which your consent has been revoked and you will receive verification by JEEVES that your Personal Data no longer will be processed for that purpose. You acknowledge that you, upon revocation of your consent, may in certain situations be entitled to require erasure of your Personal Data related to the purpose for which you have revoked your consent. 

5. YOUR RIGHTS 

 

5.1. Right of rectification and access 

JEEVES will take steps in accordance with the applicable legislation to keep your Personal Data accurate, complete and up-to-date. If you identify that any Personal Data related to you is inadequate, incomplete or incorrect, you are entitled to have the Personal Data corrected. 

Moreover, you also have the right to request access to the Personal Data that we store about you. Such request should be sent to privacy@jeeves.se

5.2. Right to objection 

If the processing of your personal data is based on a balancing of interests and you deem that your integrity interest overrides JEEVES's legitimate interest to process your Personal Data, you may, on grounds related to your particular situation, object to the processing by contacting JEEVES on the contact details in section 6 below, in which case JEEVES must have a compelling reason in order to continue to process the Personal Data for the relevant purpose. 

5.3 Right to erasure

Under certain circumstances, such as when you have revoked you previously given consent and there is no other legal ground available for JEEVES to process your Personal Data, you may request to have your Personal Data erased. 

5.4 Right to restriction 

You are under certain circumstances entitled to restrict the processing of your Personal Data to only comprise storage of the Personal Data, e.g. during the time when JEEVES assesses whether you are entitled to have Personal Data erased in accordance with section 5.2.2 above. 

5.5 Right to access 

You are entitled to obtain a confirmation from JEEVES as to whether your Personal Data are being processed by JEEVES and, if so, access to the Personal Data and the following information: 

i) the purposes of the processing; 

ii) the categories of Personal Data processed; 

iii) the recipients of Personal Data (in particular in countries outside EU/EEA); 

iv) the envisaged time during which the Personal Data will be processed; 

v) information about the rights stated herein; 

vi) information about the source from which the Personal Data are collected; and 

vii) the existence of automated decision-making, including profiling. 

Moreover, you are upon your request entitled to receive a copy of your Personal Data in a commonly used electronic format. 

5.6 Right to data portability 

When Personal Data is processed on the basis of your consent or on the basis that the processing is necessary in order to perform under a contract with you, and provided that the Personal Data have been provided by you, you are entitled to receive a copy of your Personal Data in a common machine-readable format. 

6. QUESTIONS AND COMPLAINTS 

You are welcome to contact our Data Protection Officer with any enquiries and complaints that you may have regarding the processing of your Personal Data, available at privacy@jeeves.se. However, you also have the right to lodge complaints pertaining to the processing of your Personal Data to an EU Data Protection Authority, and JEEVES will work with relevant Data Protection Authority to resolve such matter. You can find contact information to your relevant Data Protection Authority by following this link: https://edpb.europa.eu/about-edpb/board/members_en

Complaints relating to transfers of an EU resident’s personal data under the Privacy Shield Framework shall also be referred to the Data Protection Authorities. JEEVES Inc is also subject to the investigatory and enforcement powers of the United States Federal Trade Commission. 

A binding arbitration option is also available as a possibility to resolve complaints relating to our transfers of personal data in accordance with the Privacy Shield Framework, more information can be found here: https://www.privacyshield.gov/article?id=ANNEX-I-introduction 

7. CONTACT US 

If you have any questions or concerns regarding the processing of your Personal Data, please contact Jeeves on the contact details set forth below. 

The data controller for Personal Data is Jeeves Information Systems AB, organization number 556343-4215. 

Address: Kungsbron 1, 111 22 Stockholm 

Telephone: +46 (0)8 58709900 

Contact persons: 

Jeeves has appointed a Data Protection Officer whom can be reached at privacy@jeeves.se