EDOTCO Group Sdn Bhd, together with its subsidiaries (collectively referred to as “EDOTCO”, “us” or “we” or “our”) are committed to protecting its employees' personal data. In EDOTCO, we take Privacy seriously and all our activities are underpinned by our T.R.U.S.T principles of being Transparent, respecting your Rights, in our Use of your personal data, through robust cyber Security practices and we take due care when Transfer of data is required. This Employee Privacy Notice (“Privacy Notice”) is aimed to explain how we handle and protect our employees' personal data and what are our data protection obligations along with your rights are. “Employee” for the purpose of this Privacy Notice shall include both permanent and contractual employees and Personal data (hereinafter referred to as ‘data’) refers to any information about an identifiable individual.
1. What data do we collect?
EDOTCO may collect your data and in certain scenarios, data of your family members in electronic and/or physical form, depending upon the requirement. Such data may be stored at EDOTCO and third-party premises within IT Systems (HR Management system, e-mail, database, hard drives), document warehouses etc. Your data that we collect includes, but is not limited to:
• Identification data – such as your name, gender, photograph, date of birth, Employee identification number and biometric data.
• Contact details – such as your home address, telephone number, email addresses, beneficiaries and emergency contact details.
• Employment details – such as your job title, office location, hire date, employment contracts, performance and disciplinary records, grievance procedures, and sickness and holiday records.
• Educational and professional background – such as your academic and professional qualifications, education, CV or résumé, reference letters and interview notes, and criminal records data (only for vetting purposes, where permissible and in accordance with applicable laws).
• National identifiers – such as your social security number, national ID or passport, immigration status and documentation, visas and insurance numbers. • Mandatory policy acknowledgements (such as pay wage notice acknowledgement forms).
• Wage and payroll information, including but not limited to social security and national insurance numbers and direct deposit information.
• Benefit information and any forms related to applications for or changes to Employee health and welfare benefits (including short-term and long-term disability, medical and dental care).
• Spouse & dependent information – such as name, age and gender.
• Financial information – such as banking details, tax information, payroll information, withholdings, salary, benefits, expenses, allowances, and stock and equity grants.
• IT information – information required to provide access to EDOTCO's IT systems and networks, such as IP addresses, log files, login information, and software/hardware inventories.
• Security information -- such as access card usage (to enter EDOTCO's offices) and closed-circuit televisions (“CCTV”) footage.
• Other information that we may collect during times of crisis such as an outbreak of war/disease or a disaster.
• Medical information – such as reports in respect of your fitness to work, prepared by a healthcare professional.
With your consent, we may also collect sensitive personal data attributes such as race, ethnicity, sexual orientation, health information, disability information, etc. to help us understand the diversity of our workforce, conduct background verifications, conduct preemployment health checks, etc. If you provide us with data of other individuals, it is your responsibility to obtain consent from that individual prior to providing their data to us.
2. How do we collect your data?
Primarily, we collect your data directly from you. We may also collect your data from third parties such as Background verification vendors, hospitals/clinics, etc. We may also capture your data such as CCTV footage and other information during the course of your employment with us.
3. Who can access your data?
Following persons/entities can access your data:
• internal functions/teams of EDOTCO and those of its affiliated entities, under the terms of your employment relationship with us, or
• third parties, for legal or business purposes, or
• recipients in other countries, for legal or business purposes.
4. How do we use your data?
Your data may be utilized for various purposes, including but not limited to:
• career progression and personal development
• administration and management of salary and employment benefits
• short term and long-term incentive plan
• employment and industrial relations disputes, including but not limited to litigation
• corporate exercises undertaken by the Group
• management of performance
• application of work permits and immigration requirements
• loans, insurance and medical purposes
• disciplinary actions or terminations
• ensure health and safety in the workplace
• accounting, financial reporting and business planning
• security monitoring purposes
• organize team-building activities and other EDOTCO-hosted events
• other legitimate purposes reasonably required for day-to-day operations
• internal or external investigations
• research, salary surveys and for audit purpose
• comply with reasons as stated in your contract of employment with us.
We may also use your data for other lawful purposes that may arise and other legal requirements such as responding to notices, defending against claims, etc.
5. What are the legal bases for processing your data?
We process your data only under any of the following legal basis:
• where we have your consent to do so; or
• where we need the data to carry out our employment contract with you; or
• where we need the data to comply with our legal obligations or exercise rights in the field of employment.
6. Who do we disclose your data to?
We disclose your data to the below mentioned categories of third parties for carrying out few of the processing activities listed under the section ‘How do we use your data’:
• companies within the EDOTCO Group
• third party payroll processors
• background verification vendors
• any other third-party organizations providing administration or other services
• any third-party organizations involved in any corporate exercises undertaken by EDOTCO
• any regulatory or governmental authority or authorized bodies having jurisdiction over EDOTCO
In the event we consider it necessary or appropriate for the purpose, we may transfer personal data to a third party service or product providers within or outside the country in which we are established, which shall be done under conditions of confidentiality and similar levels of security safeguards.
7. How do we protect your data?
We shall keep and process your data in a secure manner. We endeavor, where practicable to process your data in a safe environment by preventing any unauthorized or unlawful processing of data or accidental loss or destruction of, or damage to such data. We have implemented various physical, technical and administrative security measures to protect the confidentiality, integrity and availability of your data.
8. How long do we retain your data?
We shall retain your personal data for as long as it is required for business, tax or legal purposes. Post that, we take measures to securely dispose your data.
9. Know your Rights
During and post your employment with us, as applicable, you may choose to exercise any of the following rights available to you:
• Right to access and obtain a copy of your data on request.
• Right to update / modify your data.
• Right to withdraw your consent where the processing is based on your consent.
To exercise your rights, you can reach out to us through the details under ‘Contact Us’ section given below.
10. Know your responsibilities
It is your obligation to furnish to us with data which are true and accurate. Your failure or refusal to provide data when requested, may hinder our ability to:
• process the data for the purpose(s) stated herein; and
• administer the rights and obligations under our employment relationship efficiently.
11. By submitting your data to us, you acknowledge that:
• You have read and understood this Privacy Notice and agree to the use of your data as set out herein.
• All your representations are true and correct to the best of your knowledge, and you have not knowingly omitted any related information of adverse nature.
12. Contact Us
If you have any questions or complaints about this notice, our privacy and information handling practices, or would like to exercise your rights as data subjects, kindly reach out to us via email: firstname.lastname@example.org.
13. Updates to the Privacy Notice
EDOTCO reserves the right to amend, modify, vary or update this Privacy Notice, at its sole discretion from time to time, as and when the need arises. The most recently published Privacy Notice shall prevail over any of its previous versions. EDOTCO has no obligation to inform you of any variations and you are encouraged to check this Privacy Notice from time to time to stay informed of any changes. You agree to adhere to the terms of the Privacy Notice including any variations.
14. Version Info
This notice was published on 15th October 2020 and last updated on 23rd September 2020.
EDOTCO Group Sdn Bhd