Privacy Policy - Wytcote

WHAT DOES THIS PRIVACY NOTICE COVER?

WytCote, Inc. respects your right to privacy. This Privacy Notice explains who we are, how we collect, share and use personal information about you, the user of the WytCote web site acting on behalf of yourself or the business entity you represent (“You”, “Your”, or “Yourself”), and how You can exercise Your privacy rights. This Privacy Notice covers WytCote, Inc. and its corporate affiliates and subsidiaries (collectively, “WytCote” or “We”). For a full list of our global operating companies, please click here. This Privacy Notice only applies to personal information that We collect through our website at WytCotei.com (“Site”), from Your use of WytCote’s systems, applications, and services (the “Services”), from You at sales or promotional events or from third parties for marketing purposes. If You have any questions or concerns about our use of Your personal information, please contact us using the contact details provided at the bottom of this Privacy Notice.

GDPR READINESS

Data protection has always been a fundamental priority at WytCote and safeguarding the personal information entrusted to us on behalf of our customers and employees is at the core of what we do.

WHAT DOES WytCote DO?

WytCote is a leading business support solutions provider and trusted partner, offering business support solutions, resource management, customer experience and digital reporting solutions. WytCote is headquartered in the United States. For more information about WytCote, Inc., please see the “About” section of this Site.

WHAT PERSONAL INFORMATION DOES WytCote COLLECT?

Personal information means information that identifies You or allows us to contact You, like Your name or email address. The personal information that we may collect about You, or have collected about you in the past 12 months, broadly falls into the following categories:

Information that You provide voluntarily

Certain parts of our Site or certain Services that You use may ask You to provide personal information voluntarily: for example, we may ask You to provide Your contact details in order to subscribe to marketing communications from us, and/or to submit inquiries to us. We may also ask You to provide feedback or a testimonial which we may display on our website or in other promotional materials, with Your agreement. The personal information that You are asked to provide, and the reasons why You are asked to provide it, will be made clear to You at the point we ask You to provide Your personal information.

Information that we collect automatically

When You visit our Site or use our Services, we may collect certain information automatically from Your device. In some countries, including countries in the European Union and/or European Economic Area (“EU/EEA”), this information may be considered personal information under applicable data protection laws.

Specifically, the information we collect automatically may include information like Your IP address, device type, unique device identification numbers, browser-type, geographic location, and other technical information. We may also collect information about how Your device has interacted with our Site or our Services, including the pages accessed and links clicked.

Collecting this information enables us to better understand the visitors who come to our Site or use our Services, where they come from, and what content on our Site or connected to our Services is of interest to them. We use this information for our internal analytics purposes and to improve the quality and relevance of our Site and our Services to our visitors and customers.

Some of this information may be collected using cookies and similar tracking technology, as explained further in our upcoming Cookie Notice.

Information that we obtain from third party sources

From time to time, we may receive personal information about You from third party sources (including from companies that provide marketing lead information), but only where we have checked that these third parties either have Your consent or are otherwise legally permitted or required to disclose Your personal information to us.

The types of information we collect from third parties include Your name and contact information and we use the information we receive from these third parties to provide You with information regarding our products and services, our industry insights and for other direct marketing purposes.

WHAT DOES WYTCOTE USE THE PERSONAL INFORMATION FOR?

We use the information collected about You for a variety of reasons, including for the following purposes, as applicable:

To respond to Your requests or provide You with information requested by You.
To communicate with You about the Services.
To provide, support, personalize, maintain and enhance the Services.
To comply with and enforce applicable legal requirements, agreements and policies.
To prevent, detect, identify, investigate, respond and protect against potential or actual claims, liabilities, prohibited behavior and criminal activity.
To allow businesses or third-party websites we’re affiliated with, who may sell or provide products or services to You through or in connection with the Services (either alone or jointly with us).
For other business purposes such as data analysis, identifying usage trends, determining the effectiveness of our Services and to enhance, customize and improve our features, products and Services.
To perform other activities consistent with this Notice.

PERSONAL INFORMATION SHARING

We may disclose, or in the past 12 months have disclosed, Your personal information to the following categories of recipients:

Affiliated Companies. We may share personal information with companies that are affiliated with us (for example companies that control, are controlled by, or are under common control with us). We may also share information that is collected between websites that we, or our affiliates, control.
Service Providers. We may share Your personal information with companies that perform services for us, such as fulfilling orders, delivering packages, sending postal mail and e-mails, facilitating electronic communication with you, analyzing customer data, providing marketing assistance, investigating fraudulent activity, conducting customer surveys, and providing customer service.
Behavioral Advertisers. We may permit third party behavioral advertisers to use technology to collect information about Your use of our Site so that they can provide advertising about products and services tailored to Your interest. That advertising may appear either on our Site, or on other websites.
Potential Buyers. We may share Your personal information if we sell all, or part, of our business, sell all, or part, of our business assets, or are otherwise involved in a merger or business acquisition.
Any other parties to comply with a legal obligation; to protect the legal rights of (or otherwise participate in a legal process pertaining to) our company, our employees, our agents, our clients, and our affiliates, to protect the safety and security of our visitors, or to protect against fraud; or with Your consent.

LEGAL BASIS FOR PROCESSING PERSONAL INFORMATION (EU/EEA VISITORS ONLY)

If You are a visitor from the EU/EEA, our legal basis for collecting and using the personal information described above will depend on the personal information concerned and the specific context in which we collect it.

However, we will normally collect personal information from You only where we have Your consent to do so, where we need the personal information to perform a contract with You or where the processing is in our legitimate interests and not overridden by Your data protection interests or fundamental rights and freedoms.

If You have questions about or need further information concerning the legal basis on which we collect and use Your personal information, please contact us using the contact details provided under the “How to contact us” heading below.

HOW DOES WYTCOTE KEEP MY PERSONAL INFORMATION SECURE?

We use appropriate technical and organizational measures to protect the personal information that we collect and process about You. The measures we use are designed to provide a level of security appropriate to the risk of processing Your personal information.

INTERNATIONAL DATA TRANSFERS

Your personal information may be transferred to, and processed in, countries other than the country in which You live. These countries may have data protection laws that are different to the laws of Your country. Specifically, while our Site servers are located in the United States, our affiliated companies and third-party service providers and partners operate around the world. This means that when we collect Your personal information we may process it in any of these countries.

However, we have taken appropriate safeguards to require that Your personal information will remain protected in accordance with this Privacy Notice.

If we transmit personal information across national boundaries, we make reasonable efforts in compliance with any national laws that govern the cross-border transfer of information. For example, we have taken several steps to facilitate the transfer of personal information that we receive about residents of the European Union and Switzerland. These include self-certifying under the EU-U.S. Privacy Shield Framework, the Swiss–U.S. Privacy Shield Framework, and entering into appropriate standard contractual clauses.

Our standard contractual clauses can be provided to EU/EEA residents on request. We have implemented similar appropriate safeguards with our third-party service providers and partners and further details can be provided upon request.

DATA RETENTION

We retain personal information we collect from You where we have an ongoing legitimate business need to do so or to comply with applicable legal requirements.

When we have no ongoing legitimate business need to process Your personal information, we will either delete or anonymize it or, if this is not possible (for example, because Your personal information has been stored in backup archives), then we will securely store Your personal information and isolate it from any further processing until deletion is possible.

YOUR DATA PROTECTION RIGHTS (EU/EEA DATA SUBJECTS ONLY, INCLUDING FORMER WytCote EMPLOYEES)

You have the following data protection rights:

If You wish to access, correct, update or request deletion of Your personal information, You can do so at any time by contacting us by contacting us here.
In addition, You can object to processing of Your personal information, ask us to restrict processing of Your personal information or request portability of Your personal information. Again, You can exercise these rights by contacting us here.
You have the right to opt-out of marketing communications we send You at any time. You can exercise this right by clicking on the “unsubscribe” or “opt-out” link in the marketing e-mails we send You. To opt-out of other forms of marketing (such as postal marketing or telemarketing), then please contact us here.
Similarly, if we have collected and process Your personal information with Your consent, then You can withdraw Your consent at any time. Withdrawing Your consent will not affect the lawfulness of any processing we conducted prior to Your withdrawal, nor will it affect processing of Your personal information conducted in reliance on lawful processing grounds other than consent.
You have the right to complain to a data protection authority about our collection and use of Your personal information. For more information, please contact Your local data protection authority. (Contact details for data protection authorities in the EU are available here.)

We respond to all requests we receive from individuals wishing to exercise their data protection rights in accordance with applicable data protection laws.

Your data protection rights (CALIFORNIA RESIDENTS only)

The California Consumer Privacy Act of 2018 (“CCPA”) provides consumers (California residents) with specific rights regarding their personal information. This section describes Your CCPA rights and explains how to exercise those rights.

Access to Specific Information and Data Portability Rights

You have the right to request that We disclose certain information to You about our collection and use of Your personal information over the past 12 months. Once We receive and confirm Your verifiable consumer request, We will disclose to You:

The categories of personal information We collected about You.
The categories of sources for the personal information We collected about You.
Our business or commercial purpose for collecting that personal information.
The categories of third parties with whom We share that personal information.
The specific pieces of personal information We collected about You (also called a data portability request).

Deletion Request Rights

You have the right to request that We delete any of Your personal information that We collected from You and retained, subject to certain exceptions. Once We receive and confirm Your verifiable consumer request, We will delete (and direct our service providers to delete) Your personal information from our records, unless an exception applies.

We may deny Your deletion request if retaining the information is necessary for us or our service provider(s) to:

Complete the transaction for which We collected the personal information, provide a good or service that You requested, take actions reasonably anticipated within the context of our ongoing business relationship with You, or otherwise perform our contract with You.
Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.
Debug products to identify and repair errors that impair existing intended functionality.
Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law.
Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 et. seq.).
Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information’s deletion may likely render impossible or seriously impair the research’s achievement, if You previously provided informed consent.
Enable solely internal uses that are reasonably aligned with consumer expectations based on Your relationship with us.
Comply with a legal obligation.
Make other internal and lawful uses of that information that are compatible with the context in which You provided it.

Exercising Access, Data Portability, and Deletion Rights

You may learn more about these rights or exercise these rights by going to How to Contact Us section below.

Only You, or a person registered with the California Secretary of State that You authorize to act on Your behalf, may make a verifiable consumer request related to Your personal information. You may also make a verifiable consumer request on behalf of Your minor child.

You may only make a verifiable consumer request for access or data portability twice within a 12-month period. The verifiable consumer request must:

Provide sufficient information that allows us to reasonably verify You are the person about whom We collected personal information or an authorized representative.
Describe Your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.

We cannot respond to Your request or provide You with personal information if We cannot verify Your identity or authority to make the request and confirm the personal information relates to You. We will only use personal information provided in a verifiable consumer request to verify the requestor’s identity or authority to make the request.

Response Timing and Format

We endeavor to respond to a verifiable consumer request within forty-five (45) days of its receipt. If We require more time We will inform You of the reason and extension period in writing. We will deliver our written response by mail or electronically, at Your option. Any disclosures We provide will only cover the 12-month period preceding the verifiable consumer request’s receipt. The response We provide will also explain the reasons We cannot comply with a request, if applicable. For data portability requests, We will select a format to provide Your personal information that is readily useable and should allow You to transmit the information from one entity to another entity without hindrance, specifically by electronic mail communication.

We do not charge a fee to process or respond to Your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If We determine that the request warrants a fee, We will tell You why We made that decision and provide You with a cost estimate before completing Your request.

HOW TO CONTACT US

If You have any questions or concerns about our use of Your personal information, please contact our Executive Director of Global Privacy, PJ Haarsma at: Info@WytCote.com.

INFORMATION RELATED TO CHILDREN

We do not knowingly collect or solicit personal information from anyone under the age of 16. If You are under 16, please do not use the Site or send any personal information about Yourself to us. If We learn that We have collected personal information from a child under age 16, We will delete that information as quickly as possible. If You believe that a child under 16 may have provided us personal information, please go to Info@WytCote.com.

UPDATES TO THIS PRIVACY NOTICE

We may update this Privacy Notice from time to time in response to changing legal, technical or business developments. When We update our Privacy Notice, We will take appropriate measures to inform You, consistent with the significance of the changes We make. We will obtain Your consent to any material Privacy Notice changes if and where this is required by applicable data protection laws.

You can see when this Privacy Notice was last updated by checking the “last updated” date displayed at the top of this Privacy Notice.

JOB APPLICANT DATA PRIVACY NOTICE

WytCote Inc. and its affiliates (EU/EEA applicants, please see list of EU employers in Annex A) (“WytCote”) care about the privacy of our job applicants (“You” or “Your”) during the recruitment and application process. WytCote is committed to processing Your individually identifiable information (“personal data”) in accordance with fair information practices and applicable data protection and data privacy laws.

SCOPE

This notice (“Notice”) explains how WytCote collects, uses, and processes the personal data of job applicants. (EU/EEA applicants, for a list of WytCote entities in the EU who may be the prospective employer for the position for which You are applying, please see Annex A.) We may amend this Notice from time to time, should it become necessary to do so. This Notice may also be supplemented by other statements, as needed, to comply with local requirements in the country where You live.

COLLECTION AND USE OF PERSONAL DATA

Types of Personal Data We Collect About Job Applicants

In the normal course of the recruitment and application process, We may collect the following types of personal data:

Personal Details: Name; birth date; national identification number; education and qualification details; professional work details; and passwords;
Contact details: E-mail address; telephone number(s); and home address; and
Qualifications and Talent Management Information: Details contained in letters of application and resume/CV; previous employment or work background; education history; professional qualifications; background check reports; and language and other relevant skills.

There may also be situations where We collect information that reveals information about Your health, which is considered by EU data protection law as “sensitive personal data”. For example, You may need to provide us with information about Your physical or mental condition so that We can provide work-related accommodations or to assess Your fitness for a particular position.

For EU/EEA Applicants Only

WytCote will rely on the following legal grounds for the collection and processing of sensitive personal data:

Express consent, as permitted by local data protection law;
Carrying out the obligations and exercising the specific rights of WytCote or You in the field of employment and social security and social protection law as permitted by EU or local data protection law or by a collective agreement;
Establishing, exercising, or defending legal claims or as required whenever courts are acting in their judicial capacity; and
For assessment of Your working capacity, as permitted by local data protection law.

The provision of personal data as described in this Notice is partly a statutory requirement and partly a requirement necessary in order to carry out the potential employment relationship with You. In general, You are required to provide the personal data, except in limited instances when We indicate that the provision of certain information is voluntary. Not providing personal data may prevent WytCote from carrying out the potential employment relationship with You.

If You are accepted for a job at WytCote, the information collected during the recruitment process will form part of Your ongoing employment record. You will be asked to provide additional information at the time in accordance with our applicable Data Privacy Notice.

If You are not successful, You can choose for us to keep Your information on file for any future job openings. In such cases, We will retain Your application information for one year. You can opt out of this at any time.

Sources of Personal Data

Usually You will have provided the information We hold about You but there may be situations where We collect personal data from other sources, such as references supplied by former employers and background check reports. We will seek this information only after the job offer has been made and We will inform You that We are seeking this information from other sources.

Purposes for Processing Personal Data and Legal Basis

WytCote may collect and use Your personal data for the following purposes:

Management and Administration of Job Applicants: Strategic planning; making business travel arrangements; maintaining records relating to business activities; budgeting, financial management and reporting; communications; and monitoring activities if and as permitted by applicable law (including the monitoring telephone, email, Internet and other resources within the WytCote group of companies);
Planning and Allocating Work: Allocating assets and human resources within the WytCote group of companies;
Human Resources Management: Managing and administering the job application process; and operating and managing the IT and communications systems; and
Compliance: Complying with applicable legal and other requirements, such as recordkeeping and reporting obligations; conducting audits; administration of the WytCote compliance hotline; compliance with law enforcement and similar requests in accordance with applicable law; pursuing legal rights and remedies; defending litigation and managing any internal complaints or claims; and complying with internal policies and procedures.

For EU/EEA Applicants Only

WytCote will rely on the following legal grounds for the collection and processing of personal data:

In order to take steps to enter into the employment contract with You;
Legitimate interest of WytCote, WytCote’s affiliates or other third parties (such as existing or potential business partners, vendors, customers, governmental bodies, or courts) where the legitimate interest could be in particular:
- Implementation and operation of a group-wide matrix structure and group-wide information sharing,
- Prevention of fraud, misuse of WytCote IT system, or money laundering,
- Operation of a whistleblowing/compliance hotline,
- Addressing physical security, IT and network security,
- Conducting internal investigations,
Consent, as permitted by applicable law;
Compliance with legal obligations, in particular in the area of labor and employment law, social security and protection law, data protection law, tax law, and corporate compliance laws;
Protection of Your vital interests or of another individual;
Adherence to WytCote contractual obligations; and
Performance of a task carried out in the public interest or in the exercise of official authority vested in WytCote.

If WytCote is relying on Your consent to process Your personal data, You have the right to withdraw Your consent at any time by contacting us as described in Section J below. This will not hoWever affect the lawfulness of the processing before Your consent has been withdrawn.

Recipients of Personal Data

WytCote takes care to allow access to personal data only to those who require such access to perform their tasks and duties, and to third parties who have a legitimate purpose for accessing it. Whenever We permit a third party to access personal data, We will implement appropriate measures to ensure the information is used in a manner consistent with this Notice and that the confidentiality and integrity of the information is maintained.

We will share Your personal data with other members of the WytCote group of companies around the world for the purposes described in Section C above, in particular to manage and administer the job application process, as Well as for other legitimate business purposes (such as IT services/security, tax and accounting purposes, general business management, and communicating with You, other WytCote staff, and third parties).
We make certain personal data available to third parties who provide services to us. We do so on a “need to know basis” and in accordance with applicable data protection law. For example, some personal data will be available to our employee benefit plans service providers and other third parties who provide us with services such as: job application administration, recruitment or executive search administration, background check administration, travel management, expenses reporting, and IT hosting and support.
We make certain personal data available to existing or potential business partners, suppliers, independent external advisors (such as auditors), banks, insurance carriers, and other third parties to operate the business.

We may also disclose personal data to other third parties on other lawful grounds, including:

To comply with our legal obligations, including where necessary to abide by law, regulation or contract, or to respond to a court order, administrative or judicial process, or to meet national security or law enforcement requests, including, but not limited to, a subpoena or search warrant;
With Your consent;
As necessary to establish, exercise or defend against potential, threatened or actual litigation;
Where necessary to protect the vital interests of another person; and
In connection with the sale, assignment or other transfer of all or part of our business.

Transfer of Your Personal Data

WytCote is a global group of companies headquartered in the United States. As WytCote operates at a global level, We may need to transfer personal data to other countries outside of Your home country, in particular to our parent company for management purposes. Transfers may also need to be made to other countries where We operate in order to communicate with Your potential manager or other staff members regarding Your potential employment relationship with WytCote.

When We export Your personal data to a different country, We will take necessary steps to ensure that such data exports comply with applicable laws and legislation. For example, for transfers of personal data from the European Economic Area (“EEA”) to other affiliates within the WytCote group of companies located outside of the EEA, We have implemented intra-group Standard Contractual Clauses approved by the European Commission to enable the transfer of the personal data. For transfers from the EEA and Switzerland to the WytCote locations in the United States, WytCote has also joined the EU-U.S. Privacy Shield Framework, as further described in section F of this Notice. The Privacy Shield certification provides the primary legal basis for our internal transfers of personal data from our EEA or Swiss operations to our U.S. operations.

Where applicable, when We transfer Your personal data to third parties outside of the EEA, We ensure that such transfers to countries not providing an adequate level of data protection are based on appropriate safeguards such as Standard Contractual Clauses approved by the European Commission, approved codes of conduct together with binding and enforceable commitments of the recipient, or approved certification mechanisms together with binding and enforceable commitments of the recipient.

You can request a copy of the appropriate safeguards by contacting us as set out in Section J, Questions and Comments, below.

Types of Personal Data Received and Purposes of Use

The types of personal data that WytCote US may receive in the United States include all categories listed in section A above. WytCote US may collect and use Your personal data for the purposes listed in section C above.

Choice, Onward Transfer, and Disclosures Required or Permitted by Law

WytCote US may share personal data to third parties as described in section E of this Notice. WytCote US will exercise appropriate due diligence in the selection of such third parties and require that such third parties maintain reasonable precautions to protect and otherwise process personal data only as instructed by WytCote US and for no other purposes. Moreover, WytCote US is generally responsible for any harm to You resulting from WytCote US’s disclosure of personal data to its third parties. WytCote US intends to use personal data for the purposes for which it was originally collected and does not otherwise use personal data in a manner that is subject to choice requirements under the Privacy Shield. Regardless of any other provisions in this Notice, WytCote US may disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements or as may be otherwise permitted by the Privacy Shield.

Access, Recourse, Enforcement, and Liability

You are entitled to access, review, and update Your personal data as further described in Section H below. For any inquiries or complaints that cannot be resolved by contacting WytCote as described in Section J, Questions and Comments, below, WytCote US has committed to cooperate with the panel established by the EU Supervisory Authorities to serve as independent dispute resolution bodies for the Privacy Shield. WytCote US is also subject to the investigatory and enforcement poWers of the Federal Trade Commission with respect to the Privacy Shield. In addition, under certain conditions more fully described on the Privacy Shield Website, You may invoke binding arbitration for non-monetary issues when other dispute resolution procedures have been exhausted.

Data Retention Periods

Personal data will be stored only as long as is necessary to carry out the purposes described in this Notice or as otherwise required by contractual agreements with third parties, law or other WytCote policies. When WytCote no longer needs to use Your personal data, We will remove it from our systems and records and/or take steps to properly render it unintelligible so that You can no longer be identified from it.

(EU/EEA Applicants Only) Your Data Protection Rights

You have data protection rights provided under applicable laws (“Data Subject Rights”), which You may exercise by making a request to WytCote. The Data Subject Rights are:

Right to access personal data;
Right to rectify personal data;
Right to erasure of personal data (this right is also referred to as the ‘right to be forgotten‘);
Right to restrict the processing of their personal data;
Right to port personal data;
Right to object to processing of personal data;
Right not to be subject to automated decision making; and
Right not to be sent direct marketing with Your express consent.

You may learn more about these rights or exercise these rights by going to the WytCote Data Rights Request Portal or by contacting us as set out in Section J, Questions and Comments, below. Please note that these rights might be limited under the national data protection law in Your home country.

Updates to This Notice

This Notice may be updated periodically to reflect any necessary changes in our privacy practices. Where such changes will materially affect Your privacy rights, We will inform You through the job application portal and indicate at the top of the Notice when it was most recently updated. We encourage You to check back on this Notice periodically so that You are aware of the most recent version of it.

Questions and Comments

You can address any questions or comments relating to this Notice and our privacy practices, including our participation in the Privacy Shield, to Info@WytCote.com. You have a right to lodge any complaints with the appropriate data protection supervisory authority although We ask that You raise Your objections directly with WytCote in the first instance.