Employee Privacy Statement

Transcription

1 Deutsche Bank Data Protection Philippines Employee Privacy Statement Deutsche Bank collects employee personal data as may be required for managing or terminating an employment relationship, in connection with, among others, an employee s scope of responsibilities, for performance evaluation, as required by law or as is reasonably necessary to conduct Deutsche Bank s business. This Statement is pursuant to the requirements of Republic Act No (Data Protection Act of 2012), its Implementing Rules and Regulations and other issuances of the National Privacy Commission ( DP Law ). Additional information on how DB processes your Personal Data, where it collects them from, for what purpose/s, and to whom the Personal Data is disclosed are detailed in the Consent you signed, which forms part of your employment contract. Types of Personal Data Collected by Deutsche Bank Deutsche Bank may collect and hold personal data that may consist of or relate to the following (collectively, Personal Data ): Full name Date and place of birth Photograph or video images Mobile and residential telephone number Personal address; Residential address; Profession, occupation, job title or designation (previous or current); Information about an individual s financial and credit position or status; Personal or character references; Signature; Information considered sensitive such as information: (i) about race, ethnic origin, marital status, age, colour, and religious, philosophical or political affiliations; (ii) about his health, education, or to any proceeding for any offense committed or alleged to have been committed by him, the disposal of such proceedings, or the sentence of any court in such proceedings; (iii) issued by government agencies peculiar to him, which includes, but is not limited to, passport number, social security numbers, tax identification number, previous or current health records, licenses or its denials, suspension or revocation, and tax returns (collectively, Sensitive Personal Information ) Proof of authorisation to work, such as work visa, employment permit or work permit; Birth certificates, marriage certificates and other certificates showing one s civil status; Personal data of an employee s family members and individuals designated as beneficiaries of the employee relating to certain benefits (such as but not limited to health/medical benefits, insurance coverage). This includes the beneficiary or beneficiaries Sensitive Personal Information; 1

2 Proof of identification issued by the relevant government agencies, such as driver s license, passport, postal ID, professional license card, and such other identification cards; Data obtained from access to or usage of Deutsche Bank s, premises, facilities, computer systems, network and resources; Audio recordings of telephone conversations; and Any other information, whether recorded in material form or not, from which his identity is apparent or can be reasonably and directly ascertained by Deutsche Bank, or when put together with other information would directly and certainly identify him Deutsche Bank collects and processes Personal Data, either by itself or through its third party vendors/suppliers and their employees or representatives or their authorised contractors/subcontractors (collectively, DB Vendor ). DB Vendors, are contractually obliged to protect all DB personal data provided to them. Collection and Processing Personal Data The ways that Deutsche Bank may collect Personal Data include (without limitation): When an employee completes an employment application form or provides data via , self-service portals, a DB Vendor or directly to Deutsche Bank s employees or representatives; In connection with the performance of Deutsche Bank s duties and the exercise of its rights as an employer; In the course of an individual s employment, including during communications between employees, with Deutsche Bank s representatives or with third parties; In connection with Deutsche Bank s obligations under applicable laws and regulations in and outside of the Philippines; Through an employee s access to and use of Deutsche Bank s facilities, resources and websites (including resources that could be accessed through Deutsche Bank s intranet); When an employee provides information about himself and/or his family members and beneficiaries to avail of and use benefits provided by Deutsche Bank (e.g., HMO, insurance); and Engaging vendors to provide background screening regarding an employees suitability to work for Deutsche Bank. Purpose for which Personal Data be collected, used, disclosed, processed The Personal Data that Deutsche Bank collects and processes may be used for one or more of the following purposes ( Purposes ): To process and evaluate applications for employment, internship, apprenticeship or learnership (collectively, employment ), including background screening; For employment purposes, including all aspects of managing the employeremployee relationship, termination of employment relationship with an employee (including reporting to the relevant government offices and agencies), long-term or short-term assignments or the facilitation of an employee s job mobility within the Deutsche Bank Group; To administer and/or manage performance, compensation, discretionary awards, medical, health, insurance and all other employment benefits, including retirement 2

3 For reimbursement of expense claims and other business-related costs; To comply with banking, licensing, employment, data protection and other laws and regulations as applicable in the Philippines and elsewhere; For travel, security, business continuity, crisis and emergency contact purposes, including call tree tests; To identify, monitor, authenticate, review update, or provide support services to employees regarding the use of or access to websites, portals and other online links and services provided by or on behalf of Deutsche Bank (including but not limited to DB Group Directory, HR Connect/HR Connect, dbbuyer, Concur, dbsupportplus); To apply for or renew license, permits and other approvals from, or submit any reports required by, or register with, government authorities and regulators; To provide, facilitate or manage training sessions/courses; For licensing, registration and/or maintenance of registrations and/or memberships with professional bodies, market operators and other third parties; For internal reporting within DB for management information purposes, or for external reporting to any regulator of Deutsche Bank, whether in the Philippines or abroad; To protect and defend Deutsche Bank s rights, interests or property in any investigation or law suit; To comply with or implement the terms and conditions of any agreement entered into by or on behalf of Deutsche Bank or to which Deutsche Bank is otherwise bound or is obliged to observe; In connection with obtaining any audit, legal, tax and other professional advice or services; In connection with any investigation (including internal audits), or carrying out of disciplinary actions; In connection with managing any risks or threats to which Deutsche Bank may be exposed; To monitor, review, evaluate or provide management information on the access to or use of Deutsche Bank s, premises, facilities, computer systems, network and resources; and For data archival, retrieval and warehousing; and Where processing is necessary to pursue the legitimate interests of Deutsche Bank, or a DB Vendor to whom Personal Data is disclosed. Disclosure of Personal Data for the Purposes set out in this Statement Any company or entity within the Deutsche Bank Group; Employees within the Deutsche Bank Group; DB Vendors and their employees, representatives and agents; Agents, consultants, insurers, exchanges, depositories, central clearing parties, clearing houses, affiliated or unaffiliated providers of outsourced or other services ; Professional advisers of Deutsche Bank ; Deutsche Bank examiners, governmental, regulatory, supervisory, law enforcement, prosecuting, tax or similar authority or industry body in any jurisdiction; Trade repositories or similar facilities or institutions (and related third party service providers, including but not limited to persons who operate a system or service on behalf of or for any trade repository or similar facility or institution), whether pursuant to local or foreign legislation, regulation, supervisory directive or otherwise; Any court of competent jurisdiction, in defense of claims or enforcement of rights and/or upon competent court's order or any other ground/s allowed under applicable law; An assignee, transferee, participant, sub-participant or a proposed assignee, proposed 3

4 transferee, proposed participant, proposed sub-participant of any of Deutsche Bank s rights or obligations; and Auditors of Deutsche Bank or auditors of Deutsche Bank s clients Where Deutsche Bank transfers Personal Data outside of the Philippines, Deutsche Bank will take reasonable steps to ensure that the recipients of such Personal Data have a standard of protection and policies in place equal to or higher than those provided in the DP Law. Personal Data Retention Deutsche Bank shall not retain Personal Data longer than necessary or allowed under applicable laws and regulations. Notwithstanding the termination of the employment relationship, however, Deutsche Bank shall be entitled to retain the employee s Personal Data in accordance with Deutsche Bank s records management and data retention policies for as long as necessary and to the extent needed to: to fulfil any of the Purposes for which such Personal Data was collected; to accomplish Deutsche Bank s legitimate business purposes, i.e., to perform its obligations to clients or to allow DB Vendor to perform its obligations under the relevant contract; to comply with applicable laws and regulations, including directives and orders from regulators; and for the establishment, exercise or defense of Deutsche Bank s legal claims. Deutsche Bank shall destroy Personal Data and prevent its further processing when requested by the employee in accordance with Deutsche Bank s policy or when the necessity for processing or retaining it ceases to exist, as provided under the DP Law. Reasonable Security Measures Deutsche Bank uses appropriate organisational security, physical and technical measures and processes for safeguarding and protecting Personal Data. Deutsche Bank is committed to implement physical, electronic, and procedural safeguards to protect Personal Data against loss, misuse, damage and unauthorised processing, access, disclosures or modifications of Personal Data. Deutsche Bank continuously reviews and enhances Deutsche Bank s security policies and security measures to consistently maintain a high level of security. However, due to the nature of these techniques, processes, safeguards and measures Deutsche Bank is unable to guarantee their efficacy. Rights of the Data Subject Subject to the conditions and exemptions provided under the law or regulations, the employee is entitled to exercise his rights under the DP Law, including the right to: be informed whether Personal Data pertaining to him shall be, are being, or have been processed; object to the processing of his Personal Data; reasonable access to his Personal Data; dispute the inaccuracy or error in his Personal Data and have Deutsche Bank correct it immediately and accordingly; suspend, withdraw or order the blocking, removal or destruction of his Personal Data from Deutsche Bank s filing system; and 4

5 be indemnified for any damages sustained due to such inaccurate, incomplete, outdated, false, unlawfully obtained or unauthorised use of his Personal Data. Notification of Changes If there are any changes or amendments to this document, Deutsche Bank will post those changes on the Deutsche Bank website or intranet so that employees are always aware of what employee Personal Data is collected, how Deutsche Bank uses it, and under what circumstances Deutsche Bank may disclose it. Update of and Access to Personal Data If there is any change in an employee s Personal Data, it is the obligation of the employee to inform Deutsche Bank immediately or within the prescribed timeframe (whether through HR Online, the relevant HR Business Partner, Compliance department or appropriate channels through which the data was initially provided) to enable Deutsche Bank to update the employee s Personal Data. Where an employee requests access to his Personal Data, Deutsche Bank reserves the right to charge a reasonable administrative fee to meet its costs in providing the requested information. Queries For queries relating to Deutsche Bank s data protection processes and practices or requests to access or update your Personal Data, kindly contact the relevant Deutsche Bank s Data Protection Officer. We will make reasonable efforts to respond to such queries within 30 days of such request. Deutsche Bank AG Manila Name : Carolyn Chan Tel. No. +63(2) dpo.dbmn@list.db.com Deutsche Knowledge Services Pte Ltd. Name : Michelle Serrano Tel. No dpo.philippines@db.com 5