WORKERS PRIVACY INFORMATION STATEMENT

Welcome to Spring Engineering part of the Adecco Group. We look forward to working with you to help you to further develop your career. As you’d expect, to properly perform our services, we collect and use information about you.

Spring Engineering is committed to protecting and respecting your privacy. This Privacy Information Statement describes your privacy rights in relation to the information about you that we process, as well as the steps we take to protect your privacy. We know its long, but please read this Statement carefully. There is an index below so you can go straight to the bits you want if you prefer.

Index

• Some terms to be clear about
• What personal information does the company collect and use?
• Why do we use personal information about you?
• What does the law say about this?
• Do you have to give us the personal information we ask for?
• Do we process personal information about you without any human intervention at all?
• How long do you keep my personal information for?
• Do we transfer your personal data to third parties?
• Do we transfer your data outside the European Union?
• What are your rights?
• Monitoring
• What about data security when using Roevin systems?
• How can you contact us?
• How do we handle changes to this Statement?

Some terms to be clear about

First we need to be clear about how we use some words in this statement.

It may seem obvious, but in this Statement you will be referred to as ‘You’ or ‘the Candidate’.

When we talk about ‘us’ or the ‘Company’ we mean Roevin Management Services Limited trading under “Spring Engineering” or “Spring”. The registered office is at 10 Bishops Square, London E1 6EG Spring is part of the Adecco Group, the largest HR services provider in the world. Through its various companies and business lines the Adecco Group provides several HR (Human Resources) activities like staffing, secondment, payroll services, recruitment & selection, testing solutions, career transition, talent development, training & education, outplacement and international mobility ( ‘our Activities’).

When we refer to ‘Worker’, we mean any of our Associates, Colleagues and Contractors. To carry out our Activities the Company uses several IT systems. In some cases, the Company provides a Self-Service Portal ( ‘Portal’) for its candidates/personnel. The Portal allows you to update your own records such as your contact details and bank details, and where you work for one of our clients, the hours that you have worked.

Finally, this is a statement about information about people – like you and your family. It includes facts about you, but also opinions about you and that you hold (“I’m a football fan” for example). It’s not about information about the Company (although sometimes the two overlap). This type of information is sometimes called ‘Personal information’, ‘Personally Identifiable Information’ or ‘PII’. We use the term ‘ Personal Information’ in this statement.

What personal information does the company collect and use?

Personal information that the company usually collects includes, but is not limited to

• your name, date and place of birth, contact details and qualifications (education, training courses and internships), and any other information you mentioned on your resume or CV;
• if you log on to the Portal using your LinkedIn or any other social media account: your profile data;
• if you contact us, we will keep a record of that correspondence;
• feedback about you from our staff and third parties who you work with or for, and other appraisal information; where you give feedback on others;
• your feedback about us and our services through our satisfaction surveys;
• we also collect information on your use of our systems including (but not limited to) your IP address, browser, timestamp, location, country traffic data, location data, weblogs and other communication data and the resources that you access. This information will make our systems easier to use in the future;
• when you start working for the company we shall also collect:
  • your gender, nationality, copy ID documents, proof of address and copies of documents evidencing your right to work in the locations you will work in (visas, work permits, etc.);
  • payroll information such as your bank account information, national insurance or social security number, tax codes and reference numbers, your fees, salary and benefits information and any voluntary deductions you ask us to make from your salary and fees (like trade union membership or church dues);
  • records of your attendance, time spent on projects, training, promotions, investigations and disciplinary matters;
  • information about your use of our IT systems and premises (including CCTV and door entry systems);
  • details about your dependents and next of kin;
  • travel information (travel data, credit card information, passport number, expenses incurred) for the purposes of the negotiation, arrangement and purchasing of all travel related activities (e.g. Airfare, Train, Hotel & Car Rental reservations) and the reimbursement of travel expenses;
  • photos and videos of your attendance at training or similar sessions (you will be given a chance at the session to ask not to be videoed or photographed);
  • pictures and videos for internal communication usage, such as email, announcements, news on the Global Intranet
• details of any disability and any accommodations we may need to make for you in the workplace; and

in some cases, we will also collect other sensitive data than only details related to disability, when we are permitted to do so by law.

Why do we use personal information about you?

The company collects and processes personal information:

• To provide you with the assistance you expect, like finding you suitable assignments to work on, helping you with training, or facilitating the process of applying for new assignments. This includes keeping you informed of future work opportunities by email, telephone, mail and/or other communication methods;
• to further develop and improve our systems/processes; this takes place in the context of new IT systems and processes, so that information about you will be used in the testing of those new IT systems and processes where dummy data cannot fully replicate the operation of that new IT system;
• to perform studies and statistical and analytical research, for example to compare the effectiveness of our placement of associates with clients between different business sectors and geographies and seek to identify factors that can influence any differences we identify;
• to transfer data to third parties (see below);
• where necessary, to comply with any legal obligation;
• when you start working for the Company, to perform our duties to you as your employer or customer (in the case of individual contractors); and
• when you start working for the company:
  • to comply with your contract of employment or contract for services, and all other contracts and rules that govern our employment or other contractual relationship with you;
  • maintain and improve administration of talent generally (including for the purposes of workforce analysis);
  • carry out other human resources activities (including work management, absence management, training/people management, expense management, and disciplinary procedures);
  • manage shares and other assets to which you may be entitled;
  • promote the security and protection of people, premises, systems and assets;
  • monitor compliance with internal policies and procedures;
  • administer communications and other systems used by the Spring and the Adecco Group (including internal contact databases);
  • investigate or respond to incidents and complaints;
  • in the case of photos or videos of training sessions, to report internally that the training sessions have taken place and their content (for example in internal updates) and also to market similar sessions internally and to third parties; or
  • participate in any potential or actual purchase or sale, or joint venture, of all or part of a business or company, that any member of the Adecco Group wishes to participate in.
• Photos and/or videos collected from you for the purposes of identification and right to work verification

Why and on which basis do we use personal data?

We are required by law to have a ground set out in the law to process the information we hold about you. The legal grounds can be:

• Performing a contract or taking steps prior to entering a contract When you are already working with or about to engage through Spring, our processing of personal information for all these purposes is based on processing grounds like the performance of a contract, or about to enter into a contract (purposes 1 and 67 above). These services can be such as providing you with suitable jobs to apply for or helping and assisting you with training and the application process.
• Compliance with legal obligations Sometimes the processing is necessary to comply with legal or regulatory obligations (purpose 6-). Public authorities, such as tax, finance or data protection authorities may request personal data from us and provide us with a statutory reason to disclose information about you (e.g. the prevention or detection of a crime). In these circumstances, we are forced by law to provide the authorities with your data.
• Fulfilment of our legitimate interest The processing is necessary in the legitimate interests of Spring in exercising its and its staff fundamental rights to run a business in a way which does not unduly affect your interests or fundamental rights and freedoms (purposes 1;3-5- 7 above). This means that when processing is necessary for the legitimate interests of Spring, we balance your interests or fundamental rights and freedoms against our legitimate interest in processing. This ensures that we are not processing data in a manner that your interest and fundamental rights override our interest in such processing.

We shall only process your personal information other than on these grounds with your consent, which is a further processing ground.

Do you have to give us the personal information we ask for?

The provision of your personal information is a requirement necessary to enter and/or maintain our contract with you. This means that you are obliged to provide your personal information to us.

If you do not provide your personal information to us, we will either not be able to conduct the employment or supplier relationship with you or, at least, you may not be able to participate in certain processes such as feedback or career development (which may also not be in line with your contract with us).

Do we process information about you without any human intervention at all?

Yes, we do. The Company uses automated systems/processes and automated decision-making (like profiling) to provide you, and our clients, with the services you request from us. For example, when our clients are looking for candidates for jobs, we can conduct a search of our lists of candidates using automated criteria to compile a shortlist.

How long do you keep my personal information for?

The Company can (and in some circumstances must, depending on the type of data) keep your data for several years after your employment with us has ended. Generally, we retain data concerning taxes and your contract of employment, financial information (including payroll data and data relating to pay, etc.) for 7 years, and other personal information for 2 years. We retain sensitive personal data for no longer than is reasonably necessary.

Do we transfer your personal data to third parties?

As mentioned above, we usually disclose your data to third parties. This is done to complete the purposes set out above. We do this in the following circumstances:

• To our suppliers. We can, for example, engage a supplier to carry out administrative and operational work in support of our relationship with you. The supplier(s) will be subject to contractual and other legal obligations to preserve the confidentiality of your data and to respect your privacy, and will only have access to the data they need to perform their functions; these suppliers are typically IT suppliers (who host or support our IT systems, including information about you), premises management companies (who look after physical security at our buildings, and therefore need to know about you to allow access to our buildings), HR related providers (who operate payroll or benefits provision on our behalf, such as on site catering for associates and colleagues), travel providers (who manage or organise travel for our associates and colleagues) or back office finance and accounting management providers (who need to handle details of colleagues and associates in order to process accounts payable and receivable).
• To members of the Adecco group of companies in other countries. These are located in- or outside the European Union; different members of the group fulfil different functions and as result your information will be shared with them for different reasons:
  • information is shared with members of the Adecco group that provide IT functions for the Adecco companies world-wide; those IT functions are located in France, Prague and Amsterdam
  • information is shared with the head office of the Adecco group in Switzerland for work force planning, budgeting and feedback purposes; this information is also used at head office in Switzerland to propose new opportunities to you within the Adecco group or with clients.
  • information is also shared with Adecco affiliates world-wide where you have expressed an interest in opportunities in that market, or members of the Adecco Group identify that you may have particular skills required or helpful in that market. A list of the countries in which we operate is available in the ‘choose your country’ function of our website at www.spring.com k
• To our clients/prospective employers: we will share your data with clients of ours who are offering jobs/assignments you may be interested in, or who are interested in your profile, for colleagues this includes where you are working on-site with our clients. They owe contractual and other confidentiality obligations in relation to your data to us, and to you;
• We will share your data with government, police, regulators or law enforcement agencies if, at our sole discretion, we consider that we are legally obliged or authorised to do so or it would be prudent to do so; and
• As part of due diligence relating to (or implementation of) a merger, acquisition, change in service provider or other business transaction we can disclose your data to the prospective seller or buyer, new service provider and their advisers.

Do we transfer your data outside the European Union?

Your data can be transferred and processed in one or more other countries, in- or outside the European Union. A full list of the countries in which we operate is available in the ‘choose your country’ function of our website at www.spring.com k.

We shall only transfer your data outside the EU to countries which the European Commission believes offers an adequate level of protection to you (a list of those countries is available here: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_en , or where Adecco Group has put in place appropriate safeguards to seek to preserve the privacy of your information (for which we usually use one of the forms of data transfer contracts approved by the European Commission, copies of which are available here: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_en

What are your rights?

• Right to access and obtain a copy of your personal information
  You are entitled to request confirmation whether we process any of your personal information. Where this is the case, you have the right to access to your personal information and to certain information about how it is processed. In some cases, you can ask us to provide you with an electronic copy of your information. If there is a self-service system, we really encourage you to access to it and update it yourself. In some limited circumstances, you also have the right to request portability of your personal information, which means, we will provide them to a third party upon your request
• Right to correct your personal information
  If you can demonstrate that personal information we hold about you is not correct, you can ask that this information is updated or otherwise corrected. If there is a self-service system, we really encourage you to access to it and update it yourself.
• Right to delete/right to be forgotten
  If we do not need to retain or process the data for any other reason, you can request that we stop or restrict the processing or delete (some or all of) your personal information.
• Right to restrict
  In certain circumstances, you have the right to restrict the processing of your Personal Data. However, in some instances such restriction of processing may limit the Services that you can receive from us.
• Right to object
  As far as the company’s processing of your data is based on the company’s legitimate interest (and no other processing ground) or relates to direct marketing, you are entitled to object to the Company processing your data by reference to your particular situation.

If you want to exercise any of your rights, please log into our self-service Portal (here ) so that we may action your instruction as soon as possible.

Finally, you have the right to lodge a complaint with the data protection authority in the place where you live or work, or in the place where you think an issue in relation to your data has arisen.

Do we carry out any monitoring?

To the extent permitted by law, Spring reserves the right to audit, monitor and record the access, use and content of any data held or processed by its IT systems. We do this for the purposes (d)-(h) set out above but call this point out specifically in this notice so that you are aware in particular that your use of work-related IT systems can be monitored by others.

What about data security when using Roevin systems?

You are responsible for keeping your login details to Spring systems safe, in particular the password that we have given you or that you have chosen. These login credentials are for your own use. You are not permitted to share your credentials or other account details with any other person(s).

How can you contact us?

If you have any questions or concerns regarding this privacy information statement would like further information about how we protect your information, or want to contact the company’s Data Protection Officer (DPO) or Local Privacy Lead, please email us at adecco.globalprivacy@adecco.com or privacy@adecco.co.uk.

How do we handle changes to the privacy information statement?

The terms of this Statement may change from time to time. We shall publish any material changes to this Statement through appropriate notices either on this website or contacting you using other communication channels.

The Spring team