OTIS EMPLOYEE PRIVACY NOTICE
This Privacy Notice (“Notice”) describes how Otis Elevator Company (OTIS) may collect, process, transfer, share and retain Personal Information of employees. OTIS is committed to securing and protecting the Personal Information of all OTIS employees.
This Notice may be amended from time to time as needed to reflect any changes in OTIS’s practices and policies with regard to how it manages your personal information. If we make a change to this Notice we will update this website with the new notice and will highlight that a change has been made. This Notice is intended to cover OTIS’s employees globally, so some of the practices described in this Notice may not apply to you. We may supplement this Notice with a local notice where required by law or to reflect local or regional practices.
What Personal Information might OTIS collect from employees?
OTIS may obtain your Personal Information directly from you or indirectly, such as from prior employers, recruitment agencies, references provided by you, public records sources and other third parties. The Personal Information OTIS collects is subject to the requirements of local law and applicable employee representative agreements.
Because the list below is for all of OTIS, there may be data elements included here that do not apply to your specific situation. Please contact your HR representative if you have any questions.
- Name, including given, family, middle and any suffix (such as Junior or Senior)
- Identification numbers (in whole or in part), such as an employee identification number, tax identification number, social security/insurance number or other government-issued identification number or card, such as a national identification card, driver’s licence, visa, passport or other government-issued document
- Work contact information, including telephone numbers, facsimile number, email address, pager number, postal address and work location
- Home contact information, including home address, home phone numbers, personal mobile phone numbers and personal email addresses
- Basic identifying information, such as date of birth and gender
- Work experience, education and job history, language skills, other skill categories, licences, certifications, awards, memberships to and participation in trade associations or professional organisations, and authorisations to perform a certain job
- Information about your job, including job title, department, job function, job type, job classification/grade, employment contract and cost centre
- Information about your employer, including name of company, company location and country of incorporation
- Organisational chart information, such as your position in the company, your level, the identification of your supervisor, assistant and/or direct reports
- Information required for badges, such as a photograph and your authorisation to access certain locations
- Photos captured during company events and shared on social media internally and in some instances externally (in these events the fact that photos are being taken will be open and obvious to you and you will have an opportunity to opt out) – in the event that your photo is to be shared in marketing materials beyond social media you will be notified and have an opportunity to decline.
- Compensation and benefits information, including identification data for your beneficiaries and dependants (such as name, date of birth, gender, government identification numbers, address and other data that may be required) and information related to specific benefits programmes
- Training, continuing education and development records
- Performance review information
- Succession planning information
- Information regarding your potential and aspirations to consider your next steps in the organisation
- OTIS computer, network and communications information and logs covering the use of company phones, computers, electronic communications (such as email and electronic calendars), and other information and communication technology, including but not limited to username/login identification, passwords, answers to security questions and other information required to access OTIS applications, networks, systems and services as well as information that you store, send, submit or receive through OTIS’s networks and systems
- Access information indicating when you enter and leave the workplace
- Time collection and allocation information
- Work assignments and work product that may include a connection to you, such as but not limited to documents and files with you identified as the author and tasks assigned to you
- Visitor information, including the time, date and location of visits, information regarding a vehicle for parking purposes and information necessary to maintain visitor logs and screening
- Event registration information, such as your desire to attend an event, specific topic preferences, food preferences, travel arrangements and attendance
- Information about your work preferences, such as travel preferences (seating, airline, frequent flyer information, smoking/non-smoking), and location preferences (including your mobility for job opportunities)
- Information that you volunteer to include in a profile in electronic systems, including but not limited to a nickname, photograph and interests
- Emergency contact information, which may include information about non-employees, such as family members or friends that you choose to identify as your emergency contact
- Other data required to support human resources applications, payroll, travel and expense administration, including but not limited to bank and credit card account information
- Location information, such as for company vehicles, applications, company issued laptops, telephones and customer lifts that you may be visiting, or other devices that have or require global positioning data (also called location tracking)
Depending on local requirements and law, OTIS may also collect:
- Passport information, place of birth, citizenships held (past and present) and residency status
- Screenings required for on-boarding, such as hearing checks, medical examinations, drug screening and/or background check information
- Information regarding health and injuries, such as disability, sickness leave, maternity leave and other information that may be required to administer human resources and environmental, health and safety requirements
- Military service information
- Photographs, audio and video, or biometric information (e.g. fingerprint, iris scan or voice recognition)
- Information that may be required for security clearance or international trade compliance regulations to permit your access to certain technologies or other information related to your job, including travel history, personal and/or professional contacts, and other information that may be requested for a substantive contacts screening
- Information about family status and members, such as marital status, the name of your parents, a maiden name and information regarding your dependants
- Other information, to the extent required by local law, such as race, religion, or political party or trade/labour union affiliation
In countries that impose special protections on Sensitive Personal Information Otis will only collect, process or transfer your Sensitive Personal Information required by law, to a third party assisting Otis with its obligations (such as for payroll or insurance purposes), in circumstances where providing the data is optional, we will seek your consent.
For what purposes might Otis use your Personal Information?
- Managing your employment, including:
- Compensation and benefits, including establishment and administration of benefit plans
- Payroll administration, such as for deductions and contributions
- Career development, performance feedback and progression
- Rewards and recognition
- Time collection and allocation
- Travel and expense reimbursement, including travel and/or credit card administration
- Relocations, letters of assignment, support for expatriate employees, visas, licences and other right-to-work authorisations
- Tax reporting and withholdings
- Maintenance of employee and officer biographies, curriculum vitae and similar information
- Email systems and organisational charts
- Reporting as required to regulators including without limitation, health and safety regulators and tax authorities
- Employee engagement activities
- Staffing and succession planning
- Conducting regular business operations, including without limitation:
- recording approvals and signatures by you on corporate documents including contracts, settlements, purchase orders, reports and correspondence
- engaging in research including for the design and development of products, services and technologies
- analysing costs and expenses, including without limitation salary, travel and expense data
- sharing of information with customers and business partners
- conducting market analysis
- sharing promotional sales tools (including presentations to customers that may include such things as employee org charts that contain photos, position and contact information as may be relevant)
- Responding to situations involving a risk of health or safety, including in an emergency (this may entail data collected from wearable devices which check the well-being of lone workers and may include recording of incidents and close calls suffered by specific employees and reporting to management in order to implement corrective actions)
- Communicating with employees including on the intranet
- Conducting employee engagement surveys and charity campaigns
- Managing labour and employee relations, including grievance proceedings
- Planning and providing health and safety programmes and services, including drug screening, processing of workers’ compensation, and similar health and safety programmes
- Reporting and statistical analyses, including global enterprise headcount, demographics and reporting required by applicable law, such as right-to-work screening, workplace environment, health and safety reporting, and administration
- Managing physical security, including
- Access controls and security
- Facility access and safety
- Disaster preparedness
- Managing and securing Information Technology (“IT”) systems, such as computer networks, email, internet access, Enterprise Resource Planning (“ERP”) systems and workflows, including
- Access controls and security for computer and other systems
- Internet, intranet, email, social media and other electronic system access
- Virus, intrusion and insider threat scanning and analysis
- Creation and analysis of logs for security and helpdesk purposes
- Providing helpdesk support and system maintenance activities
- Backing up and recovering data and providing disaster recovery services
- Overseeing location tracking, duration, and other telematics of certain OTIS assets and for certain applications for management of services provided, security, safety and efficiency
- Ensuring compliance with import, export and other international trade controls, including managing registrations and authorisations, determining access to controlled technologies and/or commodities, and screening for sanctioned or restricted countries or parties
- Responding to questions or concerns
- Performing audits and compliance reviews to ensure compliance with applicable policy, regulation and law
- Evaluating and reporting conflicts of interest
- Conducting and managing internal and external investigations, including Legal, Global Ethics & Compliance and International Trade Compliance reviews and any resulting disclosures to government agencies
- Prosecuting and defending claims in litigation, arbitration, administrative or regulatory proceedings, including but not limited to pre-dispute activity, evidence collection, discovery, litigation holds and ediscovery efforts
- Responding to law enforcement and other government enquiries
- Protecting intellectual property rights, including but not limited to patent filings
- Business planning, including planning for or executing restructuring activities, mergers, acquisitions and divestitures
- Facilitating investor management activities for those employees who may have rights to OTIS stock
- As required or expressly authorised by applicable law or regulation
With whom does OTIS share the information it collects?
Internal access to employee Personal Information is provided on an as-needed basis. For example, Human Resources and Payroll professionals within the company worldwide have access to Personal Information related to their areas of responsibility. A limited number of individuals have access to all Personal Information in certain OTIS IT systems due to their responsibilities for worldwide human resources programmes. Managers and supervisors have access to work-related information about their employees.
Personal Information is used by and shared among OTIS operating companies, subsidiaries, divisions or groups worldwide for the purposes identified above. We may also share your business contact information with customers, potential customers, vendors and business partners to support regular business operations. When OTIS transfers your Personal Information among its businesses, it will do so consistent with applicable law and OTIS’s Corporate Policy Manual.
In addition,OTIS may provide access to or share Personal Information on an as-needed basis with third parties, such as trusted service providers, consultants and contractors who are granted access to OTIS facilities or systems, and with government agencies and others as required by law. OTIS will only share your Personal Information outside the OTIS group of companies to:
- Allow service providers that OTIS has retained to perform services on our behalf. In those cases, OTIS will only share the information with service providers for the purposes outlined above
- Comply with legal obligations, including but not limited to complying with tax and regulatory obligations, sharing data with labour/trade unions and works councils, and responding to a court proceeding or a legitimate legal request from law enforcement authorities or other government regulators
- Investigate suspected or actual illegal activity
- Prevent physical harm or financial loss
- Support the sale or transfer of all or a portion of our business or assets (including through bankruptcy)
Where does OTIS store your Personal Information?
OTIS is a global company with many legal entities operating in approximately 200 countries and territories. As such, we may have cause to transfer your information from one legal entity to another or from one country to another in order to accomplish the purposes listed above. We will transfer your Personal Information consistent with applicable legal requirements and only to the extent necessary for the purposes set forth above.
OTIS relies on available legal mechanisms to enable the legal transfer of Personal Information across borders. To the extent that OTIS relies on the standard contractual clauses (also called the model clauses), OTIS will comply with those requirements, including where there may be a conflict between those requirements and this Notice.
What choices do you have about how OTIS uses your Personal Information?
Your Personal Information is critical to OTIS’s human resources management worldwide. As a result, unless contrary to local law, collective bargaining or works council restrictions agreed to by OTIS, collection and use of your Personal Information as described in this notice is generally required for your employment. Your Personal Information is required to pay you, manage your employment and comply with legal obligations, such as tax laws and compliance regulations.
Depending on the location in which you work, local laws may require that you provide specific consent for the collection, use and/or disclosure of Personal Information in certain circumstances. Where required, OTIS will ask for such consent by appropriate and permitted means.
How long does OTIS retain Personal Information?
OTIS retains your human resources Personal Information for the length of your employment and for any additional period as required by applicable law or regulation, court, administrative or arbitration proceedings, or audit requirements. For more specific information about retention of your human resources information, please contact your local HR representative.
OTIS may retain data that is required for business and legal purposes, such as but not limited to data: (a) required for legitimate business purposes, for example working files or business records concerning customers, products, services, technologies, business partners and other work-related efforts that may incidentally contain information about you; (b) that you saved in shared storage areas, subject to applicable retention periods; (c) subject an active legal investigation, judicial or administrative proceeding, audit, or other legal requirement; and (d) that OTIS is required to retain under a contractual, legal, regulatory or audit obligation.
What additional information should specific employees know?
Employees from the EU and other countries with privacy laws: You may have the right to request access to and correction or erasure of your Personal Information, seek restrictions on or object to the processing of certain Personal Information and seek data portability under certain circumstances. Please contact OTIS to request access, correct, erase, object or seek restrictions or portability; please use the contact methods indicated at the end of this notice. You also have the right to lodge a complaint with your national or state data protection authority, which may also be known as a supervisory authority. You may also be provided with a supplement that provides contact information for your national or local government regulator. If you need assistance identifying your data protection authority, contact your Privacy Professional or Data Protection Officer or simply email us at firstname.lastname@example.org.
Employees from the US including Connecticut: OTIS collects Social Security Numbers where required by law, such as for tax and payroll purposes. When OTIS collects and/or uses Social Security Numbers, OTIS will take proper care by protecting confidentiality, limiting collection, ensuring access on a need-to-know basis, implementing appropriate technical safeguards and ensuring proper disposal.
Employees who provide information about family members and others: For emergency contact information, to cover dependents with available benefits, and to identify beneficiaries, you may choose to provide OTIS with information about family members and others connected to you. Before providing that information to OTIS, you must ensure that you have the legal authority to do so. To the extent that you provide information as the legal representative of minor children, your choice to provide the information represents consent that OTIS may collect, process and transfer the information for the purposes for which it was provided and as set forth in this Notice.
How can you access, correct, change, or seek deletion or a copy of your Personal Information?
Many individuals have direct access to most of their Personal Information contained in various OTIS HR systems and can access, correct, change, delete or copy their Personal Information using that direct access. Upon request, OTIS may also grant individuals reasonable access to Personal Information that is otherwise inaccessible. Those individuals who do not have direct access or who seek additional access should contact their local HR representative. For requests related to your Personal Information outside of human resources data, contact your local Ethics and Compliance Officer, your Data Protection Officer, or your Privacy Professional (see below for more details).
How can you contact OTIS?
If you have a question or concern about your Personal Information or want more information about which OTIS entities are the data controllers for your Personal Information, you should contact your local HR representative, local Ethics and Compliance liaison or your Privacy Professional or Data Protection Officer. If you are not sure who to talk to in your business – you can always reach us at 833-833-3001 or at email@example.com.
Last updated: 24/1/20
Including its business segments, units, divisions and all other operating entities wherever located – including controlled joint ventures, partnerships and other business arrangements where Otis Elevator Company has either a controlling interest or effective management control (collectively, “OTIS” or “we”)