California Privacy Rights Act of 2020

Privacy Notice for our Staff Members and Job Applicants

Published: June 2023
‍Updated: June 2023

1. Introduction

TSIA ("we" or "us" or "our" or "TSIA") has issued this Privacy Notice ("Notice") to describe how we handle Personal Data we collect and process about our job applicants and staff members (collectively referred to as "you" or "your") applying for a job or working for TSIA. The term "staff member" includes employees and those who work on a non-permanent basis (contingent workers, contractors, temporary workers, and interns).

We respect the privacy rights of individuals and are committed to handling Personal Data responsibly and in accordance with applicable law. This Notice describes the Personal Data we collect and process about you, the purposes of the processing, and your rights.

This Notice should be reviewed along with our other corporate policies and procedures. When appropriate, we will provide notices to address additional processing activities not mentioned in this Notice. If you are a California resident, please see the CCPA Addendum for additional disclosures regarding the information we collect and any rights you may have under California law.

2. Types of Personal Data We Collect

In the course of your employment at TSIA, or when submitting an application for employment, we may process Personal Data about you and your dependents, beneficiaries and other individuals whose Personal Data has been provided to us.

We use the term "Personal Data" (also called "personal information" or "personally identifiable information" in the laws of some jurisdictions) to refer to information that reasonably identifies, relates to, describes, or can be associated with you. Data that has been de–identified, anonymized, or aggregated, or that otherwise cannot reasonably be related back to a specific person is not considered Personal Data. The precise definition of Personal Data may vary depending on your state, province, or country of residence, but we take the same approach to protect your privacy. As a general rule, we try not to collect or process any Personal Data about you, unless authorized by law or where necessary to comply with applicable laws or to provide benefits. We do not sell Personal Data collected under this Notice.

The types of Personal Data we may process include, but are not limited to:

Identification data – including name, gender, photograph, date of birth.
Contact details – including home and business address, telephone/email addresses, emergency contact details.
Employment details – including job title/position, office location, employment contract, performance and disciplinary records, grievance procedures, sickness/time-off records.
Background information – including academic/professional qualifications, education, résumé/CV, criminal records data (for vetting purposes, where permissible and in accordance with applicable law).
Government identifiers – including government issued ID/passport, immigration/visa status, social security or national insurance numbers.
Information on your spouse/partner and/or dependents – including marital status, identification and contact data about them, and information relevant to any TSIA benefits extended to them.
Financial information – including banking details, tax information, withholdings, salary, benefits, expenses, company allowances, stock and equity grants.
IT information – including information required to provide access to company IT systems and networks (and information collected by/through those systems such as IP addresses, log files and login information).

We may also process certain types of sensitive Personal Data relating to you (and your spouse/partner and dependents). Sensitive Personal Data includes any information that reveals your racial or ethnic origin, criminal convictions, for the purposes of unique identification, information about your health. In the United States, Sensitive Personal Data also includes government identifiers (including social security, driver's license, state identification card, or passport number), citizenship or immigration status, and precise geolocation data. As a general rule, we try not to collect or process any Sensitive Personal Data about you, unless authorized by law or where necessary to comply with applicable laws or to provide benefits. We do not sell Sensitive Personal Data collected under this Notice.

In some circumstances, we may need to collect, or request on a voluntary disclosure basis, some Sensitive Personal Data for legitimate employment-related purposes. For example, information about your racial/ethnic origin, gender and disabilities for the purposes of equal opportunities (on the basis that it is in the public interest and in accordance with applicable law), monitoring, to comply with anti-discrimination laws and for government reporting obligations; or information about your physical or mental condition to provide work-related accommodations, health and insurance benefits to you and your dependents, or to manage absences from work.

3. Sources of Personal Data

Typically, you will have provided the information we store about you, but there may be situations where we collect Personal Data or Sensitive Personal Data from other sources. For example, we may collect the following:

Certain background and other information from recruitment agencies, academic institutions, agencies providing background checks, and other third parties during your recruitment.
Certain information on your performance, conduct or other information relevant to formal internal procedures (e.g. disciplinary or whistleblowing procedures), from customers or other organizations.
Information on your training and development from external training partners and information about your experience.
Impressions of TSIA through external survey providers.
Information about your health, including your fitness to carry out work, and any accommodations or adjustments to be considered from your doctor, other specialist medical adviser or TSIA appointed medical expert.
Information on accidents or incidents from TSIA insurance brokers, insurers and their appointed agents.
Information on tax payable from local tax authorities and TSIA payroll agents and tax/financial advisers.
Information collected through TSIA IT systems and other devices as described in Section 2.
Information about your entitlement to participate in, or receive payments or benefits under, any insurance or pension scheme provided by TSIA, from the relevant benefit provider or its appointed agent.
Information from publicly available sources (for example, news sources and social media platforms) in connection with any investigation or formal procedure concerning the same (for example, the investigation of an allegation that a staff member has breached our rules on social media use or conduct).

4. Processing Purposes of your Personal Data

If you are applying for a position at TSIA, we collect and use your Personal Data primarily for recruitment purposes (specifically, to determine your qualifications for employment and to reach a hiring decision). This includes assessing your skills, qualifications and background for a particular role, verifying your information, carrying out reference checks or background checks (where applicable) and to manage the overall hiring process and communicate to you regarding it.

If you are accepted for a position at TSIA, the information collected during the recruitment process will form part of your ongoing staff member record.

If you are not successful, we may still keep your application for internal reporting, and to allow us to consider you for other suitable openings within TSIA in the future.

Once you become a TSIA staff member, we collect and use your Personal Data for the purpose of managing our employment and working relationship with you. For example, we may collect the following:

Your employment records and contract information to manage our employment relationship with you.
Your bank account and salary details (for your paycheck).
Your equity grants (for stock and benefits plans administration).
Details of your spouse and dependents (for emergency contact and benefits purposes).

We process our staff member Personal Data through our human resources system ("HR System"), which provides tools that help us to administer HR and staff member compensation and benefits, and allows staff members to manage their own Personal Data in some cases. This will involve transferring your Personal Data to our HR System provider's servers. TSIA may host these servers or utilize third party servers, but in either case will be responsible for the secure access of Personal Data on the HR System servers.

We maintain a directory of staff members which contain your professional contact details (such as your name, location, photo, job title and contact details). This information will be available to everyone in TSIA to facilitate cooperation, communication and teamwork.

We may also collect and use Personal Data when it is necessary for other purposes, including:

To help us conduct our business more effectively and efficiently – for example, for general HR resourcing, reporting or analytics, IT security/management, business continuity purposes, accounting purposes, or financial planning.
To investigate violations of law or breaches of our own internal policies and more generally to protect the rights and interests of TSIA, our staff members, applicants and business partners. For instance, we may monitor your browsing or communications activity or location when using our devices or systems, if we suspect that you have been involved in phishing scams, fraudulent activity or activities in competition with or inconsistent with your work for TSIA (for more information, refer to the Employee Policy Manual).
To help secure our networks and systems from unauthorized access, scams, and malicious code. For instance, we may monitor and review electronic mail communications sent or received using TSIA issued devices or accounts, or stored on or using such a device or account. We may also monitor and record each website visit, each chat session, newsgroup post, e-mail message, and each file transfer into and out of our systems and networks. TSIA may monitor this activity at any time, and, to the extent permitted by laws, users of our networks and systems should not expect privacy when using these systems and devices.
In accordance with any policies pertaining to the use of personal devices for work purposes. For instance, we may deploy security software on your personal device that monitors URLs for phishing risks and other security threats.
To foster diversity, inclusion, and an open and welcoming work culture.

TSIA also uses video cameras and recording equipment for its premises and offices, and stores information captured by this equipment, in order to secure its networks, systems, and property, and may monitor access and use of its systems using this equipment.

TSIA may also request or require you to enable your device used for work, whether personal or issued by TSIA, to recognize facial or fingerprint IDs. Your biometric information will be stored on the device itself, and TSIA will never transfer this data to its servers or to any third party. With respect to your personal device, this means that TSIA will never collect or possess your biometric information. For company issued devices, we will only store biometric information on the device itself and only with your explicit consent, and only for the period of time that such device is issued to you. TSIA will adhere to any obligation it has under law to notify and negotiate with the applicable representative before imposing such a requirement on represented employees.

We also may retain and use your Personal Data where we consider it necessary for complying with laws and regulations, including collecting and disclosing staff member Personal Data as required (e.g. for tax, health and safety, anti-discrimination and other employment laws), under judicial authorization, to protect your vital interests (or those of another person), or to exercise or defend the legal rights of TSIA.

5. Sharing Your Personal Data

We take care to allow access to Personal Data to only those who require such access to perform their tasks and duties, and to third parties who have a legitimate business purpose or other lawful reason for its access. Whenever we permit a third party to access Personal Data, we will implement appropriate measures to ensure the information is used in a manner consistent with this Notice, and that the security and confidentiality of the information is maintained.

We will share your Personal Data with other members of TSIA in order to administer human resources and staff member compensation at an international level on the HR System, as well as for other legitimate business purposes such as IT services/security, tax and accounting, and general business management.

In addition, we make certain Personal Data available to third parties who provide services to us. We do so on a need-to-know basis and in accordance with applicable data privacy laws.

For example, some of this information will be made available to:

Our benefit/reward plans service providers (including retirement plan and medical insurance providers).
Service providers who provide us with payroll, tax and expense administration support services.
Providers of our HR Platform, including our recruitment platform.
Service providers who provide, support and maintain our IT, security, and communications infrastructure (including for data storage purposes) and/or provide business continuity services.
Service providers who assist in the coordination and provision of relocation, travel and/or travel permit services (in connection with work-related travel).
Service providers who provide staff training services and/or qualifications and staff surveys.
Auditors, advisors, legal representatives and similar agents in connection with the advisory services they provide to us for legitimate business purposes and under a contractual prohibition of using the Personal Data for any other purpose.

We may also disclose Personal Data to third parties on other lawful grounds, including:

Where you have provided your consent.
To comply with our legal obligations, including where necessary to abide by law, regulation or contract, or to respond to a court order, administrative or judicial process, including, but not limited to, a subpoena, government audit or search warrant.
In response to lawful requests by public authorities (including for tax, immigration, health and safety, national security or law enforcement purposes).
As necessary to establish, exercise or defend against potential, threatened or actual legal claims.
Where necessary to protect your vital interests or those of another person.
In connection with the sale, assignment or other transfer of all or part of our business.

We never sell the Personal Data we collect from and about you.

6. Legal Basis for Processing Personal Data (Europe only)

If you are a job applicant or staff member in the United Kingdom, European Economic Area, or Switzerland (collectively, "Europe"), our legal basis for collecting and using the Personal Data described above will depend on the Personal Data concerned and the specific context in which we collect it.

However, we will normally collect Personal Data from you only where:

It is in our legitimate interests (which are not overridden by your rights, particularly taking into consideration the safeguards that we put in place).
We need the Personal Data to perform a contract with you (i.e. to administer an employment or work relationship with us).
To comply with applicable immigration and/or employment laws and regulations.
We have your consent to do so.
To protect your vital interests or those of another person.
To protect the rights and interests of TSIA, our employees, applicants and others, as required and permitted by applicable law.

Where we have requested your consent to process your personal data, you have the right to withdraw your consent at any time.

When we collect Sensitive Personal Data, we normally do so only:

In circumstances where you have made the data public.
In circumstances where you have given your explicit consent by providing it voluntarily.
To comply with applicable employment, social security, and social protection laws and regulations.
For the assessment of your working capacity.
To protect your vital interests or those of another person.
To establish, exercise or defend legal claims.
For reasons of substantial public interest in accordance with relevant law.

If you have questions about or need further information concerning the legal basis on which we collect and use your Personal Data, please contact us using the contact details provided at privacy@tsia.com.

Where we request Personal Data or Sensitive Personal Data from you, you can choose not to provide it to us. However, unless otherwise indicated, the information we request from you is required in order to enter into our employment relationship with you or in order to comply with our legal obligations. Failure to provide your data in such circumstances prevents us from effectively administering our employment relationship with you (including any related employment benefits) and/or complying, which may mean we are unable to offer you, or to continue your employment.

7. Transfer of Personal Data abroad (Europe Only)

As TSIA operates at a global level, we may need to transfer Personal Data to countries other than the ones in which the information was originally collected. Our recruitment and staff data is hosted in the United States. When we export your Personal Data to a different country, we will take steps to ensure that such data exports comply with applicable laws. For example, if we transfer Personal Data from Europe to a country outside it, such as the United States, we will implement an appropriate data export solution such as entering into standard contractual clauses (SCC) with the data importer, or taking other measures to provide an adequate level of data protection under European law. In all cases, we have taken appropriate safeguards to require that your Personal Data will remain protected in accordance with this Notice.

8. Data Retention Periods

Personal Data will be stored in accordance with applicable laws and kept as long as TSIA has an ongoing legitimate business need to carry out the purposes described in this Notice or as otherwise required by applicable law. Generally this means your Personal Data will be retained until the end or your employment, employment application, or work relationship with us plus a reasonable period of time thereafter to respond to employment or work-related inquiries, comply with regulatory obligations, or to deal with any legal matters (e.g. judicial or disciplinary actions), document the proper deductions during and on termination of your employment or work relationship (e.g. to tax authorities), or to provide you with ongoing pensions or other benefits.

9. Your Data Privacy Rights (Europe Only)

If you are in Europe, you may exercise the rights available to you under applicable European data protection laws as follows:

If you wish to access, correct, update or request deletion of your Personal Data, you can do so at any time by contacting us at privacy@tsia.com
In addition, you can object to processing of your Personal Data, ask us to restrict processing of your Personal Data or request portability of your Personal Data. You can exercise these rights by contacting us at privacy@tsia.com.
If we have collected and processed your Personal Data with your consent, you can withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your Personal Data conducted in reliance on lawful processing grounds other than consent.
You have the right to complain to a data protection authority about our collection and use of your Personal Data. For more information, please contact your local data protection authority. (Contact details for data protection authorities in the European Economic Area, Switzerland and certain non-European countries are available here.)

We respond to all requests we receive from individuals in Europe wishing to exercise their data protection rights in accordance with applicable European data protection laws. TSIA will need to verify your identity consistent with applicable data protection laws before processing any such request. This may require you to provide additional information to verify your request.

10. Updates to this Notice

This Notice may be updated periodically to reflect changes in our privacy practices. In such cases, we will indicate at the top of the Notice when it was most recently updated, and if we make a material change, we will inform you, for example, on our intranet or by company-wide email. We encourage you to check back periodically to ensure you are aware of the most recent version of this Notice. Please note that TSIA does not discriminate or retaliate against those who exercise their rights under applicable data protection laws.

11. Contact Details

Please address any questions or requests relating to this Notice to privacy@tsia.com or alternatively, you can contact your manager or HR. If you have disabilities, you may access this notice in an alternative format by contacting hr@tsia.com.

If you are located in Europe and wish to speak with our Data Privacy Officer, please contact privacy@tsia.com

CALIFORNIA CONSUMER PRIVACY ACT ADDENDUM

These provisions apply only to California consumers and supplement the Privacy Notice for Staff and Job Applicants. The California Consumer Privacy Act of 2018 ("CCPA"), including the California Privacy Rights Act ("CPRA") of 2020 and any regulations put into effect thereunder, provides California consumers with specific rights regarding their Information. This CCPA Addendum describes your rights, explains how you may exercise your rights, and provides an overview on the types of Personal Information TSIA collects.

General information regarding our collection, use, and disclosure of your data is detailed in the Notice above.

Our Personal Information Collection Practices

The CCPA defines "Personal Information" as information that identifies, relates to, describes, references, or is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household. To help consumers make informed privacy decisions, the CCPA classifies Personal Information into defined categories, and our practices regarding Personal Information are outlined in the below table. Please note that some types of Personal Information may apply to multiple categories.

TSIA collects some or all of the categories of Personal Information described below, which describes the business or commercial purpose(s) for which the Personal Information was collected and the entities to whom such information can be disclosed.

Category	Examples	Purposes	Disclosed To
Identifiers	Name, alias, home and business address, unique personal identifier, online identifier, internet protocol (IP) address, device, browser, email address, account name, or other similar identifiers.	Recruitment; employment or work-related purposes; inclusion in the TSIA directory; other business purposes set forth above in the Notice.	TSIA; service providers; public or governmental authorities.
Customer records information	Name, signature, physical characteristics or description, address, telephone number, insurance policy number, education, employment, employment history, or other similar information (some personal information included in this category may overlap with other categories).	Recruitment; employment or work-related purposes; inclusion in the TSIA directory; other business purposes set forth in Section 4 of the Notice.	TSIA; service providers; public or governmental authorities.
Characteristics of protected classifications under California or federal law	Age, race, color, ancestry, national origin, citizenship, marital or familial status, medical condition, physical or mental disability, sex, veteran or military status, and other similar information	Recruitment; employment or work-related purposes.	TSIA; service providers; public or governmental authorities.
Biometric information**	Fingerprints, facial or hand imagery, or voice recordings.	**We may at a later date collect facial or fingerprint IDs from you on TSIA devices and/or personal devices used for work purposes, and we would do so strictly for security and fraud prevention purposes (however, we have not collected this information from employees within the past 12 months).	N/A
Internet or other similar network activity information	Browsing history, search history, information regarding consumer's interaction with a website, application, or advertisement.	Security and fraud prevention.	TSIA; service providers.
Sensory data	Audio, electronic, visual, or similar information.	Security and fraud prevention; inclusion in the TSIA directory.	TSIA; service providers.
Professional or employment-related information	Employer, employment history, resumes and CVs, background checks, and other employment-related information.	Recruitment; employment or work-related purposes; inclusion in the TSIA directory; other business purposes set forth in Section 4 of the Notice.	TSIA; service providers; public or governmental authorities.
Education information	Records maintained by an educational agency or institution that pertain to a student, such as grades and transcripts.	Recruitment.	TSIA; service providers.
Sensitive personal information	Social Security, driver's license, state ID, or passport number; biometric information; personal information concerning health.	Recruitment; employment or work-related purposes.	TSIA; service providers.

The Personal Information described in the table above is collected directly from you, or from the sources set forth in the Notice under "Sources of Personal Data." In addition to the parties described above, we may disclose your Personal Information to other third parties for legal, security, or safety purposes; to regulatory authorities, courts, and government agencies if required by applicable law; or with a third party in the event of any reorganization, merger, sale, joint venture, assignment, transfer or other disposition of all or any portion of our business, brands, affiliates, subsidiaries, or other assets.

We never sell your Personal Information, nor do we share it with third parties for the purposes of behavioral advertising. However, we may use de–identified, anonymized, or aggregated versions of your Personal Information for any purpose.

Rights to Your Information

Right to Know

As a California consumer, you have the right to request that we disclose certain information to you about our collection, use, disclosure, or sale of your personal information over the past 12 months. Once we receive and confirm your verifiable consumer request, and subject to certain limitations that we describe below, we will disclose such information. You have the right to request any or all of the following:

The categories of Personal Information that we have collected about you.
The categories of sources from which the Personal Information is collected.
Our business or commercial purpose for collection, use, or disclosure of that Personal Information.
The categories of third parties with whom we sell or share that personal information.

Right to Data Portability

You have the right to request a copy of Personal Information collected and maintained about you in the past 12 months. The CCPA allows you to request this information from us up to twice during a 12–month period. We will provide our response in a readily usable (in most cases, electronic) format.

Right to Delete

You have the right to request that we delete any of your Personal Information that we collected from you and retained, subject to certain exceptions. Once we receive and confirm your verifiable consumer request, we will delete (and direct our service providers to delete) your Personal Information from our records unless an exception applies. For example, we may deny your deletion request if retention of the Personal Information is:

Necessary to detect security incidents; protect against malicious, deceptive, fraudulent, or illegal activity; or prosecute those responsible for said activity;
Reasonably anticipated within the context of your employment or application for employment with TSIA;
Needed for solely internal uses that are reasonably aligned with your expectations based on your relationship with TSIA;
Necessary to comply with a legal obligation; or
Otherwise necessary for internal use in a lawful manner that is compatible with the context in which you provided the Personal Information.

Right to Correct

You have the right to request the correction of any Personal Information we maintain about you.

Right to Limit the Use or Disclosure of Sensitive Personal Information

You have the right to limit the use or disclosure of your Sensitive Personal Information ("SPI") if we are using it beyond what is reasonable and proportionate within the context of your relationship with us as an employee or job applicant. You can make a request for us to limit the use or disclosure of your SPI by emailing us at privacy@tsia.com.

Right to Nondiscrimination

You will not receive discriminatory treatment by TSIA for exercising your CCPA privacy rights.

Exercising Your Rights

To exercise the rights described above, please submit a request to privacy@tsia.com.

After submitting a request, we will take steps to verify your identity in order for us to properly respond and/or confirm that it is not a fraudulent request. In order to verify your identity, we will request, at a minimum, that you provide your name, email address, mailing address, and relationship to us, so that we can seek to match this information with the information existing in our systems. When providing us this information, you represent and affirm that all information provided is true and accurate. If we are unable to verify that the consumer submitting the request is the same individual about whom we have collected personal information, we may contact you for more information, or we may not be able to meet your request.

Only you, or an agent legally authorized to act on your behalf, may make a verifiable request related to your Personal Information. If you are making a request as the authorized agent of a consumer, we will ask you also submit reliable and verifiable proof that you have been authorized in writing by the consumer to act on such consumer's behalf.

We will make every effort to respond to your request within 60 days from when you contacted us. If you have a complex request, the CCPA allows us up to 90 days to respond. We may contact you within 60 days from the date you contacted us to inform you if we need more time to respond.

Contact

If you have any questions, comments, or complaints about how we use your information, or would like to exercise any rights that you may have under the CCPA, please reach out to at privacy@tsia.com.