Data protection notice

Gelato data protection notice version 2018.05.25

Scope

This notice explains how Gelato handles the personal data of employees, applicants, interns, former employees, dependents, beneficiaries, contractors, consultants and temporary agency workers in the course of its human resources activities. We may amend this notice from time to time, should it become necessary to do so.

Collection and Use of Personal Data

We may process your personal data for legitimate business purposes to administer our employment or contractual relationship with you and to run our businesses. We may collect, use and transfer your personal data through automated and/or paper-based data processing systems such as Workable and KIN. We have established routine processing functions (such as processing for regular payroll). We also process personal data on an occasional or ad hoc basis (such as when an employee is being considered for a particular new position or in the context of changes to its marital status for example).

In the normal course of human resources activities, we can collect the following types of personal information:

We process personal information for the following purposes: (1) workforce planning, recruitment and staffing; (2) workforce administration, payroll, compensation and benefit programs; (3) performance management, learning and development; (4) advancement and succession planning; (5) legal compliance, including compliance with government authority requests for information and tax compliance; (6) workplace management, such as travel and expense programs and internal health and safety programs, (7) internal reporting, (8) audit; (9) to protect Gelato, its workforce, and the public against injury, theft, legal liability, fraud or abuse; and (10) other legal and customary business-related purposes.
In addition, we may process sensitive personal information if it is needed for legitimate business objectives or if it is required to comply with applicable law. Sensitive personal information will not be collected, processed or transferred, except where adequate privacy protection mechanisms are in place and after having first obtained your informed consent.

Disclosures

We may disclose your personal data for legitimate purposes in the following circumstances to:

Choice

We respect your right to object to any uses or disclosures of your personal data that are not (i) required by law, (ii) necessary for the fulfillment of a contractual obligation (e.g., employment contract), or (iii) required to meet a legitimate need of Gelato as an employer (such as disclosures for internal auditing and reporting purposes or other processing covered by this notice). If you do object, we will work with you to find a reasonable accommodation.

International Transfers

Your personal data may be transferred outside of the country where you work, including to countries that do not provide the same level of protection for your personal data. Gelato is committed to protecting the privacy and confidentiality of personal data when it is transferred. Where such transfers occur, we will assure that adequate protection exists either through appropriate contractual arrangements or as required by law.

Accuracy

We take reasonable steps to ensure that personal data is accurate, complete, and current. Please note that you have shared responsibility with regard to the accuracy of your personal data. Please notify Human Resources of any changes to your personal data or that of your beneficiaries or dependents.

Access

Employees may reasonably access and update the personal data pertaining to them that is in KIN. Employees can exercise this right by updating their profile page and by contacting Human Resources or the Data Protection Officer.

Security

Gelato takes precautions to protect personal data from loss, misuse, and unauthorized access, disclosure, alteration, and destruction. We have taken appropriate technical and organizational measures to protect the information systems on which your personal data is stored and we require our suppliers and service providers to protect your personal data by contractual means.

Retention

Your personal data will be retained as long as necessary to achieve the purpose for which it was collected, usually for the duration of any contractual relationship and for any period thereafter as legally required or permitted by applicable law. For applicants, the personal data will be deleted after one years.

Handling Privacy Concerns

If you have any questions about this notice or if you believe that your personal data is not handled in accordance with the applicable law or this notice, you have several options: