Have questions? Ask us!

Shield GEO Data Privacy Policy and the GDPR legislation

The impact of General Data Protection Regulation (GDPR) on Shield GEO

GDPR will take effect on 28th May 2018. The penalties for non-compliance with GDPR are severe – up to 4% of annual global turnover for a breach.

As an Employer of Record Shield GEO collects and processes personal data on our GEO employees, many of whom are EU citizens with the resultant protections of the GDPR. Shield GEO acts as both a data processor, because we are handling data given to us by the employee or end client, and a data controller, because we are passing data on to the end client or to our local partners in the host country.

Our responsibilities under the GDPR legislation include: ensuring we only process data when we have the right to do so; notifying individuals within 72 hours of any breach; and complying with the employee’s right to have their data amended or deleted unless this is prevented by other legislation. To this end we ensure that the employee or client provides us with permission before we collect personal data and we inform the recipient of their responsibilities before we share personal data with them. We also maintain a detailed record of all data processing activities that we carry out.

Shield GEO has created a Data Privacy Policy to ensure we are compliant with all relevant legislation concerning the personal data of our clients and employees. In the policy below, which forms part of our framework agreement, Shield GEO is the “Local Supplier”, the employee is the “Consultant” and the end client is the “Company”. This policy was updated to address our responsibilities under the European Union’s General Data Protection Regulation (GDPR). 

Shield GEO Data Privacy Policy 

In the performance of its services, the Local Supplier may need to collect and process personal data about a Consultant and their spouse/partner/dependents that is considered confidential. The Local Supplier acknowledges that this information will only be gathered with the consent of the individual whose data is being shared and processed. Where the client shares data with the Local Supplier, the client acknowledges that it has the right to share that data. The personal data of employees will be processed in accordance with the relevant data privacy regulations, such as the General Data Protection Regulation which applies to the processing of personal data of European Union citizens.

Such personal data may include, though may not be limited to: Name, Age, Nationality, Passport Number, Photo Identification, Email Addresses, National Insurance/Social Security Number, Driver’s License Number, Job Description and Title, Visa and Immigration Status, Compensation (base salary, bonuses, commissions, incremental pay raises), Benefits, Tax Status, Health Issues, Living Expenses, Spouse/Partner Career Data, Insurance Coverage, Computer IP Address, Bank Account Details.

The Local Supplier understands and subscribes to the Company’s policy of ‘Least Privilege’. This means that the Local Supplier will only share the personal data of employees with parties, such as those in third countries or international organisation, that absolutely must have it to perform their functional responsibility in the provision of services to the Company and the Consultant. The personal data may only be collected by the Local Supplier for processing with the employee’s consent, and/or where the processing is necessary for the performance of a contract to which the employee is party, and/or if the processing is necessary for compliance with a legal obligation to which the Local Supplier is subject. Furthermore, the Local Supplier is prohibited from using this personal information for any purpose other than to fulfil the service requirement for which the Company has engaged the Local Supplier.

The Local Supplier agrees to use appropriate technical and organisational measures for the processing and protection of the data. All persons authorised to process the personal data have committed themselves to confidentiality, or are under an appropriate statutory obligation of confidentiality. Moreover, the Local Supplier guarantees the removal or return of all personal data to the client at the end of the provision of services relating to processing, as per the client’s discretion, unless the law requires storage of the personal data.

The Company or the Consultant may inquire at any time concerning the information that the Local Supplier has stored about each party. They may ask for that information to be corrected and/or updated at any time. If incorrect information has been transferred to the Company, the Company will contact that third party, or permit the Local Supplier to do so, to correct the inaccurate information in that party’s hands.

Both the Company and the Local Supplier are obligated to maintain a record of processing activities carried out. The record must include: (1) the name and contact details of the controller and processor, and where applicable, their representatives and data protection officers; (2) the purposes of the processing; (3) a description of the categories of data subjects and of the categories of personal data; (4) the categories of recipients to whom the personal data have been or will be disclosed including recipients in third countries or international organisations; (5) where applicable, transfers of personal data to a third country or an international organisation, including the identification of that third country or international organisation; (6) where possible, the envisaged time limits for erasure of the different categories of data; and (7) where possible, a general description of the technical and organisational security measures in place to secure data processing activities.

 

Shield GEO Employee Data Processing Policy

1. Shield GEO Services Ltd (“Shield GEO”) may process the personal data of employees. This processing of personal data will only occur with the employee’s consent, and/or where the processing is necessary for the performance of a contract to which the employee is party, and/or if the processing is necessary for compliance with a legal obligation to which Shield GEO is subject. Shield GEO may function as both the recipient (“processor”) and the distributor (“controller”) of this data. Shield GEO may receive and share personal data with the Employee, Client and Local Partner (the in-country employer).

Shield GEO subscribes to a policy of ‘Least Privilege’. This means that Shield GEO will only share the personal data of employees with parties, such as those in third countries or international organisations, that absolutely must have it to perform their functional responsibility in the provision of services to the Client and the Employee. The personal data may only be collected by Shield GEO for processing with the employee’s consent, and/or where the processing is necessary for the performance of a contract to which the employee is party, and/or if the processing is necessary for compliance with a legal obligation to which Shield GEO is subject. Furthermore, Shield GEO is prohibited from using this personal information for any purpose other than to fulfil the service requirement for which the Client has engaged Shield GEO.
1.1. Personal data that may be collected includes, but is not limited to: Name, Age, Nationality, Passport Number, Photo Identification, Email Addresses, National Insurance/Social Security Number, Driver’s License Number, Job Description and Title, Visa and Immigration Status, Compensation (base salary, bonuses, commissions, incremental pay raises), Benefits, Tax Status, Health Issues, Living Expenses, Spouse/Partner Career Data, Insurance Coverage, Computer IP Address, Bank Account Details.
1.2. This personal data will be processed in accordance with the relevant data privacy regulations, such as the General Data Protection Regulation which applies to the processing of personal data of European Union citizens.
1.3. In processing the personal data of employees, Shield GEO guarantees:
1.3.1. The processing of data, including transfers of personal data to a third country or an international organisation, will only occur in order to fulfil our service obligations.
1.3.2. Persons authorised to process the personal data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality. Shield GEO agrees to use appropriate technical and organisational measures for the processing and protection of the data.
1.3.3. The removal or return of all personal data to the employee at the end of the provision of services relating to processing, as per the employee’s discretion, unless the law requires storage of the personal data.
1.4. Shield GEO shall maintain a record of all categories of processing activities carried out on behalf of the employee. This includes all the following:
1.4.1. The name and contact details of the processor or processors and of the controller on behalf of which the processor is acting, and, where applicable, of the controller’s or processor’s representative, and the data protection officer;
1.4.2. The categories of processing carried out;
1.4.3. Where applicable, transfers of personal data to a third country or an international organisation, including the identification of that third country;
1.4.4. Where possible, a general description of the technical and organisational security measures utilised.
2. Shield GEO is obligated to provide the employee about whom it has stored or processed personal data (obtained from the Local Partner or Employee or Client) with the following:
2.1. The identity and contact details of the controller and, where applicable, of the controller’s representative;
2.2. The purposes of the processing for which the personal data are intended as well as the legal basis for the processing;
2.3. The categories of personal data concerned;
2.4. The recipients or categories of recipients of the personal data, if any;
2.5. Where applicable, that the controller intends to transfer personal data to a recipient in a third country or international organisation.

Related Articles

Join over 2,000 professionals!

Subscribe to our monthly Global Mobility newsletter