Types of employee data we collect
The types of Personal Data that Ubiquity collects include the following:
- Personal information, including name, address, telephone number, email address, date of birth, gender, national identification number, social insurance number or other tax identification number, and bank account information.
- Employment related information, including job title, office location, work contact information, email address, department, supervisor, job responsibilities, accounting information, compensation information (including, but not necessarily limited to, base salary information, commissions, or bonuses and severance), pension information, benefit eligibility and elections, employment history, job application, interview evaluation, key dates (e.g., hire, rehire, service, termination, next review), incentive data (e.g., ratings and payment amounts), and performance information. Ubiquity also may receive Personal Data regarding an employee’s spouse, family members, or other dependents for emergency contact purposes. In addition, Ubiquity may receive Personal Data that is “sensitive” in a few instances. In particular, where permitted by applicable law, Ubiquity may receive information regarding criminal records and health or medical data for purposes of insurance claims resolution, payment of claims, and insurance underwriting purposes.
Use and processing of employee personal data
- Annual compensation risk assessment;
- Maintenance of employee directory and global email system;
- Performance management;
- Coordination of annual succession planning and talent management review;
- Internal audits;
- Record-keeping and internal reporting;
- Maintenance of corporate insurance programs;
- Compensation, including administration and analysis;
- Payroll processing;
- Pension plan administration;
- Succession planning;
- Benefits and personnel administration; and
- Monitoring and enforcing compliance with company policies and procedures.
Sharing of employee personal data
- Affiliates and Acquisitions.Ubiquity may share your Personal Data with our corporate affiliates (e.g., parent company, sister companies, subsidiaries, joint ventures, or other companies under common control). If another company acquires Ubiquity, or its assets, Ubiquity will also share your Personal Data with that company.
- Other Disclosures without Your Consent.Ubiquity may disclose employee personal data in response to subpoenas, warrants, or court orders, or in connection with any legal process, or to comply with relevant laws. This may include disclosing your information as part of a lawful request by a public authority in a country different from your residence. Such authorities may request your information for the purpose of national security. Ubiquity may also share employee Personal Data in order to establish or exercise our rights, to defend against a legal claim, to investigate, prevent, or take action regarding possible illegal activities, suspected fraud, safety of person or property, or a violation of our policies.
- Service Providers.Ubiquity may share employee personal data with service providers. Among other things, service providers may help us to administer payroll, perform human relations functions, and provide technical support or infrastructure.
Ubiquity will maintain the information you share with us for a period of time (up to a maximum of 1 year), and shall not exceed local data privacy requirements.
Types of non-employee individual data we collect
The types of non-employee individual Personal Data that Ubiquity collects may include the following:
- name, address, telephone number, email address, date of birth, gender, national identification number, and social insurance number or tax identification number.
Use and processing of non-employee individual data
Ubiquity uses and otherwise processes non-employee individual Personal Data based upon the consent of data subjects to perform contractual obligations with those individuals, to comply with legal requirements, and for its legitimate business interests. Among other things, information may be used for the following specific purposes:
- Providing call center and other outsourced services to its customers;
- Backing up data;
- Internal audits;
- Record-keeping and internal reporting;
- Employment application processing;
- Identification of website visitors;
- Conducting analytics;
- Monitoring and enforcing compliance with company policies and procedures; and
- To provide information concerning products or services that may be of interest to our business client or prospective business clients.
Sharing of non-employee individual data
- Affiliates and Acquisitions.Ubiquity may share your Personal Data with our corporate affiliates (e.g., parent company, sister companies, subsidiaries, joint ventures, or other companies under common control). If another company acquires Ubiquity, or its assets, Ubiquity may also share your Personal Data with that company.
- Other Disclosures without Your Consent.Ubiquity may disclose Personal Data in response to subpoenas, warrants, or court orders, or in connection with any legal process, or to comply with relevant laws. This may include disclosing your information as part of a lawful request by a public authority in a country different from your residence. Such authorities may request your information for the purpose of national security. Ubiquity may also share Personal Data in order to establish or exercise our rights, to defend against a legal claim, to investigate, to prevent, or to take action regarding possible illegal activities, suspected fraud, safety of person or property, or a violation of our policies.
- Service Providers.Ubiquity may share Personal Data with service providers. Among other things service providers may help us to administer our services, conduct analytics, and aid customer request fulfillment.
Sale of personal data
Ubiquity does not sell your Personal Data.
Ubiquity may, with your consent, track cookies to assist in your usage of the website by delivering tailored content to you, collect anonymous statistics, and maintain log-in sessions;
Cross site tracking
We may, with your consent, allow third parties’ collection of Personal Data over time and across different websites, including our own.
Data security and integrity
Ubiquity maintains reasonable security measures to safeguard Personal Data from loss, misuse, unauthorized access, disclosure, alteration, or destruction. Ubiquity also maintains reasonable procedures to help ensure that such data is reliable for its intended use and is accurate, complete, and current. In the event we are required by law to inform you of any unauthorized access to your personal information, we may notify you electronically, in writing, or by telephone, if permitted to do so by law.
Cross border data transfers
We are a company with operational sites around the world, and may transfer Personal Data concerning you throughout our sites and data centers in a variety of countries for the purposes described within this Privacy Notice. Safeguards are put in place and routinely tested under applicable data protection laws to ensure the safe transfer of data between regions. You can find a list of our locations at https://ubiquity.com/company/locations. By submitting your Personal Data to Ubiquity, you agree to the transfer, storage, and processing of your Personal Data in the region(s) selected by Ubiquity.
Ubiquity adheres to the US/EU Privacy Shield Privacy Principles published by the US Department of Commerce (referred to as “Privacy Shield” or “framework”), with respect to Protected EU Data that it receives in the United States from the EU. Ubiquity is responsible for the processing of Personal Data it receives, under the Privacy Shield Framework, and subsequently transfers to a third party acting as an agent on its behalf. We comply with the Privacy Shield Principles for all onward transfers of Personal Data from the EU, including the onward transfer liability provisions. For purposes of enforcing compliance with the framework, Ubiquity is subject to the investigatory and enforcement powers of the Federal Trade Commission and/or the United States Department of Commerce. For more information about the framework, please refer to the Privacy Shield website at https://www.privacyshield.gov/.
For EU data transmitted to a Ubiquity site, we rely on Standard Contractual Clauses issued by the European Commission as the appropriate safeguards and lawful data transfer mechanism for transfers of Customer data containing EU Personal Data.
Children’s privacy statement
To help ensure the safety and privacy of children, we comply with the Children’s Online Privacy Protection Act of 1998. We do not knowingly allow children under the age of 13 to publicly post or otherwise distribute personally identifiable contact information through our website. The website is not intended to solicit information of any kind from children under 13, and we have designed it to block our knowing acceptance of information from children under 13 whenever age-related information is requested.
Links to other websites
Security of information
We believe that keeping Personally Identifiable Information (“PII”) secure is one of our most significant responsibilities. Unfortunately, no data transmission over the Internet or any wireless network can be guaranteed to be 100% secure. As a result, while we strive to protect your PII, you acknowledge that: (a) there are security and privacy limitations of the Internet which are beyond our control; (b) the security, integrity, and privacy of any and all information and data exchanged between you and us through our Site cannot be guaranteed; and (c) any such information and data may be viewed or tampered with in transit by a third party.
Your data rights
Individuals may have the ability to access, review, and update their own Personal Data in accordance with applicable law.
Making a Request
Employees should transmit requests for access to their own Employee Personal Data, in writing (an email message using a work email address is acceptable), to the Human Resources department and/or to the Ubiquity Privacy Contact identified below. All other individuals should transmit requests for access to their own Individual Data to the Ubiquity Privacy Contact identified below.
Corrections and Modifications
If an individual is aware of changes or inaccuracies in his or her Personal Data, that individual is responsible for informing the Ubiquity Privacy Contact (or, in the case of Ubiquity employees, the local Human Resources department) of such changes so that the Personal Data may be updated or corrected.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of personal data, the purposes for which we process the personal data and whether we can achieve those purposes through other means, and the applicable legal requirements. For more information on where and how long your Personal Data is stored, contact the Ubiquity Privacy Contact.
Ubiquity may delete your data if it believes that the data is incomplete, inaccurate, or that our continued use and storage are contrary to our obligations to other individuals or third parties.. When we delete Personal Data, it will be removed from our active database, but it may remain in archives where it is not practical or possible to be deleted. In addition, we may retain your Personal Data as needed to comply with our legal obligations, resolve disputes, and/or enforce any of our agreements.
You have the right to request that we delete any of your personal information that we collected from you and retained, subject to certain exceptions. All requests must be directed to the Ubiquity Privacy Contact below. Please note, deletion requests should: (i) Provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative; and (ii) Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it. Please note we will be limited in our ability to respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you. Once we receive and confirm your verifiable consumer request, we will proceed with deleting your personal information from our records, unless an exception applies.
Ubiquity relies on the processing of Personal Data that you have provided. If you revoke your consent for the processing of Personal Data then we may no longer be able to provide you services. In some cases, Ubiquity may limit or deny your request to revoke consent if the law permits or requires us to do so, or if we are unable to adequately verify your identity.
California Privacy Rights
Note that only you, or a person registered with the California Secretary of State that you authorize to act on your behalf, may make a verifiable consumer request. We cannot respond to your request if we cannot verify your identity and confirm the personal information relates to you.
If you have a concern, question, or request about your privacy, please reach out directly to our Ubiquity Privacy Contact, Data Protection Officer using the contact information below. In all instances, you have the right to make a complaint at any time to your local authority, however we would appreciate the chance to address with your concerns and encourage you to contact us directly.
If you have an unresolved concern about EU Personal Data that we have not addressed satisfactorily, we have committed to cooperate with the panel established by the EU Data Protection Authorities to serve as our independent dispute resolution body. You may also contact your local data protection authority. Contact information for each authority can be found at https://edpb.europa.eu/about-edpb/about-edpb/members_en. Non-employees may also be able to invoke binding arbitration as set forth in Annex I of the Privacy Shield, provided that such individual has invoked binding arbitration by delivering notice to the Ubiquity Privacy Contact in accordance with the procedures and subject to the limitations set forth in Annex I of the Privacy Shield. In particular, an individual who decides to invoke this arbitration option must first: 1) raise the claimed violation directly with Ubiquity and afford the Ubiquity an opportunity to resolve the issue within the timeframe set forth in Section III.11(d)(i) of the Privacy Shield; 2) make use of the independent recourse mechanism under the Privacy Shield; and 3) raise the issue through their Data Protection Authority to the Department of Commerce and afford the Department of Commerce an opportunity to use best efforts to resolve the issue within the timeframes set forth in the Letter from the International Trade Administration of the Department of Commerce.
If you are subject to the UK General Data Protection Regulation (GDPR), Ubiquity has appointed EDPO UK Ltd as its UK GDPR representative in the UK pursuant to Article 27 of the UK GDPR. You can contact EDPO UK regarding matters pertaining to the UK GDPR by using EDPO UK’s online request form at https://edpo.com/uk-gdpr-data-request/ or by writing to EDPO UK at 8 Northumberland Avenue, London WC2N 5BY, United Kingdom.
Ubiquity has appointed an internal Data Protection Officer (DPO) for you to contact if you have any questions or concerns about our personal data policies or practices. The DPO can be contacted via email or postal mail as follows:
Mail: Ubiquity Global Services, Inc.
Attn: Data Protection Officer
1140 Avenue of the Americas, Suite 1601
New York, NY 10036