PERSONNEL PRIVACY NOTICE
(A) This Notice
|This Notice explains how we Process Personal Data. This Notice may be amended or updated from time to time, so please check it regularly for updates.|
This Notice is provided by Placell group on behalf of itself, its subsidiaries and its affiliates (together, “Supercell”, “Placell” “we”, “us” and “our”), and is addressed to our current, former and prospective directors, officers, consultants, employees, temporary staff, individual contractors, interns, secondees and other personnel (together, “Personnel” or “you”). Defined terms used in this Notice are explained in Section (P) below.
For the purposes of this Notice, the Controller is the Placell group entity that has employed you or has engaged your services.
This Notice may be amended or updated from time to time to reflect changes in our practices with respect to the Processing of Personal Data, or changes in applicable law. We encourage you to read this Notice carefully, and to regularly check this page to review any changes we might make in accordance with the terms of this Notice.
This Notice was last updated on 16 June 2023.
(B) Collection of Personal Data
|We collect or obtain Personal Data for example when you provide those data to us; in the ordinary course of our working relationship with you; when you are an applicant; or when Personal Data are provided to us by third parties.|
We may collect your Personal Data from the following sources, for example:
Data provided to us: We may obtain your Personal Data when you provide those data to us (e.g., when you submit a job application).
Relationship data: We may collect your Personal Data in the ordinary course of your work relationship with us, or work for us.
Third party information: We may receive your Personal Data from third parties who provide those data to us (e.g., past employers; referees; and law enforcement agencies).
(C) Creation of Personal Data
|We create Personal Data about you (e.g., records of your interactions with us).|
We may also create Personal Data about you, such as your job title, compensation details and performance reviews. This Personal Data helps us to conduct our operations and manage our workforce. If you do not provide certain Personal Data, we may not be able to achieve some of the aims outlined in this Notice.
(D) Categories of Personal Data we Process
|We Process your personal details; contact details; professional details; demographic data; internal communication records; compensation details; communications; consent records; employment records; personnel training and evaluation details; compliance and disciplinary records; security data and other necessary data submitted by you.|
The categories of Personal Data about you that we Process are:
Personal details such as name, photographs and ID numbers.
Contact details such as home address, telephone number and email address.
Professional details such as your CV and records of your expertise.
Demographic information such as gender and nationality.
Internal communication records such as information concerning the use of, and Personal Data transmitted through, internal IT systems (e.g., emails, telephone records).
Compensation details such as salary, benefits and bank account information.
Communications records of any communications or correspondence between you and us.
Consent records, such as records of any consents you have given.
Employment records such as employment percentage and working hours.
Personnel training and evaluation such as Personnel learning objectives, progress and results.
Compliance and disciplinary records such as reports of violations of internal policies and codes of conduct.
Security data such as login details, login records and evidence relating to any actual or suspected breach of any Placell policy, or applicable law.
Other necessary data submitted by you.
(E) Sensitive Personal Data
|We do not seek to collect or otherwise Process Sensitive Personal Data in the ordinary course of business. Where we need to Process Sensitive Personal Data for a legitimate purpose, we do so in accordance with applicable law.|
(F) Purposes of Processing and legal bases for Processing
|We Process Personal Data e.g. for the following purposes: recruitment and job applications; HR management; business management; training; compensation; communications and IT operations; health and safety; fitness to work; management of systems and operations; financial management; future planning; compliance and disciplinary procedures; establishment, exercise and defence of legal claims; personnel monitoring; conducting investigations where necessary; and fraud prevention.|
The purposes for which we Process the categories of Personal Data identified in Section (D) above, subject to applicable law, and the legal bases on which we perform such Processing, are complying with a legal obligation, and/or it is necessary in connection with your contract of employment or engagement, and/or we have a legitimate interest in carrying out the Processing, and/or we have obtained your prior consent to the Processing. With your explicit consent we may also Process your Personal Data for other purposes than listed here in this Notice.
(G) Disclosure of Personal Data to third parties
|We may disclose Personal Data to other entities within the Supercell Group, for legitimate business purposes, in accordance with applicable law. Further, we may also disclose Personal Data for example to legal and regulatory authorities; our external advisors; our Processors; any party as necessary in connection with legal proceedings; any party as necessary for investigating, detecting or preventing criminal offences; and any purchaser of our business.|
If we engage a third-party Processor to Process your Personal Data, the Processor will be subject to binding contractual obligations to: (i) only Process the Personal Data in accordance with our prior written instructions; and (ii) use measures to protect the confidentiality and security of the Personal Data; together with any additional requirements under applicable law.
(H) International transfer of Personal Data
|Because of the international nature of our business, we transfer Personal Data to recipients in other countries. Because different countries may have different data protection laws than your own country, we take steps to ensure adequate safeguards are in place to protect your data as explained in this Notice. Adequate safeguards that we may use include Standard Contractual Clauses approved by EU Commission and other lawful safeguards.|
(I) Data Security
|We implement appropriate technical and organisational security measures to protect your Personal Data against e.g. accidental or unlawful destruction, loss and unauthorised forms of Processing. Please ensure that any Personal Data that you send to us are sent securely.|
(J) Data Accuracy
|We take every reasonable step to ensure that your Personal Data are kept accurate and up-to-date and are erased or rectified if we become aware of inaccuracies.|
(K) Data Minimisation
|We take every reasonable step to limit the volume of your Personal Data that we Process to what is necessary.|
(L) Data Retention
|We take every reasonable step to ensure that your Personal Data are only retained for as long as they are needed in connection with a lawful purpose.|
We take every reasonable step to ensure that your Personal Data are only Processed for the minimum period necessary for the purposes set out in this Notice. The criteria for determining the duration for which we will retain your Personal Data are as follows:
|(1) we will retain Personal Data in a form that permits identification only for as long as:|
|(a) we maintain an ongoing relationship with you (e.g., for the duration of the period for which you are employed or engaged by us); or|
|(b) your Personal Data are necessary in connection with the lawful purposes set out in this Notice, for which we have a valid legal basis (e.g., where your Personal Data are included in a contract with one of our customers, and we have a legitimate interest in Processing those Personal Data for the purposes of operating our business and fulfilling our obligations under that contract; or where we have a legal obligation to retain your Personal Data),|
|(2) the duration of:|
|(a) any applicable limitation period under applicable law (i.e., any period during which any person could bring a legal claim against us in connection with your Personal Data, or to which your Personal Data may be relevant); and|
|(b) an additional two (2) month period following the end of such applicable limitation period (so that, if a person brings a claim at the end of the limitation period, we are still afforded a reasonable amount of time in which to identify any Personal Data that are relevant to that claim),|
|(3) in addition, if any relevant legal claims are brought, we may continue to Process your Personal Data for such additional periods as are necessary in connection with that claim.|
During the periods noted in paragraphs (2)(a) and (2)(b) above, we will restrict our Processing of your Personal Data to storage of, and maintaining the security of, those data, except to the extent that those data need to be reviewed in connection with any legal claim, or any obligation under applicable law.
Once the periods in paragraphs (1), (2) and (3) above, each to the extent applicable, have concluded, we will either:
permanently delete or destroy the Relevant Personal Data; or
anonymize the Relevant Personal Data.
(M) Your legal rights
|Subject to applicable law, you may have a number of rights, including the right not to provide your Personal Data to us; the right of access to your Personal Data; the right to request rectification of inaccuracies; the right to request the erasure, or restriction of Processing, of your Personal Data; the right to object to the Processing of your Personal Data; the right to have your Personal Data transferred to another Controller; the right to withdraw consent; and the right to lodge complaints with Data Protection Authorities. In some cases it will be necessary to provide evidence of your identity before we can give effect to these rights.|
Subject to applicable law, you may also have the following additional right regarding the Processing of your Relevant Personal Data:
the right to object, on grounds relating to your particular situation, to the Processing of your Relevant Personal Data by us or on our behalf, where such processing is based on Articles 6(1)(e) (public interest) or 6(1)(f) (legitimate interests) of the UK GDPR.
This does not affect your statutory rights.
(N) Your obligations
|You must adhere to our policies, standards and procedures regarding the Processing of Personal Data, and abide by applicable law at all times.|
It is important that you are aware of your data protection compliance obligations, and that you fulfil those obligations. This means that you must adhere to Placell’s policies, standards and procedures regarding the Processing of Personal Data to which you have access in the course of your duties. In particular:
you must familiarise yourself with this Notice and follow the directions given to you regarding Processing Personal Data;
you must abide by applicable law at all times when Processing Personal Data;
you must not access or otherwise Process any Personal Data beyond the extent necessary for your work with Placell; and
you must keep all Personal Data that you Process strictly confidential. This obligation of confidentiality continues after termination of your professional relationship with Placell.
(O) Contact details
|If you have any comments, questions or concerns about any of the information in this Notice, or any other issues relating to the Processing of Personal Data by us, please contact People Team at Supercell .|
The contact details of our Data Protection Officer are: firstname.lastname@example.org.
“Controller” means the entity that decides how and why Personal Data are Processed. In many jurisdictions, the Controller has primary responsibility for complying with applicable data protection laws.
“Data Protection Authority” means an independent public authority that is legally tasked with overseeing compliance with applicable data protection laws.
“GDPR” means the General Data Protection Regulation (EU) 2016/679.
“Personal Data” means information that is about any individual, or from which any individual is directly or indirectly identifiable, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that individual.
“Process”, “Processing” or “Processed” means anything that is done with any Personal Data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
“Processor” means any person or entity that Processes Personal Data on behalf of the Controller (other than employees of the Controller).
“Relevant Personal Data” means Personal Data in respect of which we are the Controller.
“Sensitive Personal Data” means Personal Data about race or ethnicity, political opinions, religious or philosophical beliefs, trade union membership, biometric data, physical or mental health, sexual life, any actual or alleged criminal offences or penalties, national identification number, or any other information that are deemed to be sensitive under applicable law.
“Standard Contractual Clauses” means template transfer clauses adopted by the European Commission or adopted by a Data Protection Authority and approved by the European Commission.
“UK GDPR” means the GDPR as it forms part of the laws applicable in the UK by virtue of section 3 of the European Union (Withdrawal) Act 2018, and as applied and modified by Schedule 2 of the Data Protection, Privacy and Electronic Communications (Amendments etc) (EU Exit) Regulations 2019 (SI 2019/419) or as modified from time to time by other laws applicable in the UK).