Attendance of the employee - Cord Blood Center Group

This Privacy Statement applies to you and your personal data because you are a (temporary) employee of an entity within the CBC Group. CBC is an international company with many different companies in different countries. For the purpose of this Privacy Statement, the CBC Group entity with whom you have a contract of employment (as an Controller) is responsible for protecting your personal data. This statement explains how we will use personal information that we obtain from you or from third parties during the duration of your employment relationship with CBC.

We may update this statement from time to time without notice, so please review it regularly, but in particular if you provide us with your personal information. This version of the Privacy Statement was released on April 1, 2018.

Types of personal dataWe process the following data:
Personal contact information. For example, your name, address, email address, phone number.
Work contact information. For example, business address, business email address, and phone number.
Personal information. For example, marital status, date of birth, nationality and birth number (national identification number).
Contract data. For example, the content of the employment contract.
Information about family members and family members. For example emergency contact.
Payment information. For example bank account number and request for reimbursement of expenses and payments.
Details of your position. For example position title, department, assignment, and responsibility.
Information on remuneration, pension benefits and other benefits. For example, your wages, agreed bonuses, a corporate vehicle, and a retirement plan.
Details of working hours, holidays and (medical) leave, sickness absence (SA). For example your work schedule, holiday entitlement, absence due to SA.
Information on education, training and career development. This includes your previous education and background, any courses or training you have completed, obtained certifications.
Performance and evaluation. For example, the content of your performance ratings and the numbers related to your work performance.
Asset trusted. Information about the property of the company that you have been given for use, business phone or laptop.
Correspondence and communication data. For example email correspondence, internet data and IP address.
Access rights. Your access rights to various applications within CBC’s IT infrastructure.
Safety information. For example your access card number, information on whether you are in the building and CCTV records (closed TV).

We will only process data from a special category for purposes strictly related to the proper performance of our duties as your employer and to the extent permitted or required by applicable law. We will process these types of sensitive personal information:

Your health information
Purpose of the data processingThe Controller will process your data for the following purposes:
HR administration. We keep personal records of all our employees. Based on the analysis of our HR records, we also make strategic decisions about our HR guidelines.
HR management. We deal with day-to-day HR management issues, ensuring proper positioning.
Adaptation. We process your personal information upon your arrival to us to ensure that you are properly trained and equipped for your position.
Payroll and retirement benefits and other benefits. We process your data so that we can pay you salary, contribute to retirement, and provide you with additional benefits (performance-related).
Taxes and social insurance. In order to fulfill our obligations under the Tax Act and other social security and insurance regulations, we are obliged to process certain personal data.
Risk and liability insurance. We assure many of the risks that may arise in our business, against any claims related to work-related accidents or travel insurance for employees who travel on behalf of CBC. We can also provide a collective health insurance program. Depending on your type of insurance, we may need to process your personal information, e.g. when processing a claim. on the claim.
Securing communications and information technologies. We provide you with the IT equipment and services you need to perform your CBC duties, a corporate mobile phone or email account. To do so, we need to process your personal information.
Communication / IT monitoring. We will monitor communication and network use to secure our IT environment and network infrastructure, and also to ensure that our employees use these facilities in a manner consistent with applicable laws and regulations.
Performance and education management. In order to ensure your reasonable performance, we perform performance ratings. In addition, we also strive to support the growth of our employees by providing or proposing courses and trainings.
Creating a healthy and safe workplace. We want our employees to be healthy and feel safe. That is why we can process the personal data of our employees so that we can analyze how to improve the quality of their work and reduce any potentially unhealthy impacts. We also apply security measures, such as CCTV cameras to ensure the safety of our employees, visitors and property.
Recruitment of employees. We process your information when you apply for a CBC job position. We can also go through employees’ records to see if we have people in our organization who are fit to fill a job. For more details, please read our Privacy Statement on Employee Recognition.
Dispute resolution and infringement investigations. We may process personal data for the purpose of resolving disputes, complaints or legal procedures, or if we suspect the offense that we would like to investigate further.
Compliance with the law. We may need to process your personal information to comply with the law (eg match your name with names on the so-called designated lists and comply with the law on money laundering) or to comply with a court order.
Parties that may have access to your data
Controller may share your data with third parties in the following circumstances:
We may share your personal information with other third parties acting on our behalf, such as a service provider as an intermediary. In such cases, these third parties may use your personal information only for the purposes described above and only in accordance with our instructions;
Our employees will have access to personal data. In such a case, access shall be granted only if it is necessary for the abovementioned purposes and only if the employee is bound by the obligation of confidentiality;
If required by law or court order, we may share your personal information with, for example, our suppliers or clients, tax authorities, social security authorities, law enforcement agencies or other governmental authorities.
Location of your personal information
Our employees will have access to your personal data within the European Economic Area while in our care. Access to your data will also be available in Switzerland, which has laws guaranteeing a level of data protection similar to that of the European Union.
Storing personal data
We keep your personal data for a limited time, and these data will be deleted when they are no longer needed for processing, and other valid legislation does not require you to archive the data for a longer period of time. In most cases, this means that we will store your data for the duration of your contract. As far as possible, we will delete the data as long as your contract is in force as soon as it is no longer necessary. In any case, we will erase your personal records within 24 months after the termination of the contractual relationship, unless local legislation requires them to be retained.We may process your personal information for a longer period of time after termination of the relationship in the event of a continuing legal dispute or if you have granted us permission to store your personal data for a long time.
Legal basis for processing your data
In most cases, we process your personal information on the basis that the processing is necessary for the purposes of the legitimate interest we are pursuing, on a contractual basis or on the basis of your consent as the data subject or by law as a separate regulation. In many cases, we will also need to process your personal information on a legal basis. In the case of consent processing, you always have the option to cancel your consent.
Your rights under the General Data Protection
RegulationAccording to the GDPR, you have certain rights.Right of access by the Data SubjectYou are entitled to a copy of the personal information we have about you as well as some details on how we use it.

Your personal information will normally be provided to you in writing, unless otherwise requested, or if you have requested it by electronic means, the information will be provided electronically if possible.

Right to rectification

We take reasonable steps to ensure the accuracy and completeness of the information we have about you. However, if you do not think so, you can ask us to update or supplement this information.

Right to erasure

Under certain circumstances, you have the right to ask us to delete your personal information, for example, when the personal data we have obtained is no longer necessary for the original purpose or when you withdraw consent. However, this will need to be balanced with other factors. For example, we may have legal and regulatory obligations, which means we will not be able to meet your request.

Right to restriction of processing

Under certain circumstances, you are entitled to ask us to discontinue your personal information, for example, when you believe that the personal information we have about you may be inaccurate or if you believe that we no longer need your personal data to be used.

Right to data portability

Under certain circumstances, you have the right to ask us to transfer the personal data you have provided us to another third party of your choice.

The right to object

You have a right to object to data processing that is based on our legitimate interests, as is the case here. If we do not have a valid legitimate reason for processing when you file an objection, we will not process your personal data further. However, please note that we may not be able to provide certain services or benefits unless we are able to process the necessary personal data for that purpose.

Rights related to automated decision making

You have the right to refuse automated decision-making, including profiling, which has a significant legal or similar effect on you. Group companies typically do not use automated decision making or profiling, but if you were the subject of an automated decision and you disagree with the result, you can contact us through the contact details below and ask us to review the decision.

Right to cancel consent

In most cases, we do not process your personal information with your consent. However, it may happen that we ask for your consent in specific cases. Where we do, you have the right to withdraw your consent to the further use of your personal information.
Contact details
If you would like to contact our Data Protection Officer (DPO), please send an email to dataprotection@cordbloodcenter.com.

Cookie	Duration	Description
cookielawinfo-checkbox-advertisement	1 year	Set by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the "Advertisement" category .
cookielawinfo-checkbox-analytics	1 year	Set by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the "Analytics" category .
cookielawinfo-checkbox-necessary	1 year	Set by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the "Necessary" category .
cookielawinfo-checkbox-necessary-cookies	1 year	Set by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the "Necessary" category .
CookieLawInfoConsent	1 year	Records the default button state of the corresponding category & the status of CCPA. It works only in coordination with the primary cookie.

Cookie	Duration	Description
_ga	2 years	The _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors.
_gat_gtag_UA_26524997_1	1 minute	Set by Google to distinguish users.
_gid	1 day	Installed by Google Analytics, _gid cookie stores information on how visitors use a website, while also creating an analytics report of the website's performance. Some of the data that are collected include the number of visitors, their source, and the pages they visit anonymously.

Cookie	Duration	Description
fr	3 months	Facebook sets this cookie to show relevant advertisements to users by tracking user behaviour across the web, on sites that have Facebook pixel or Facebook social plugin.
_fbp	3 months	This cookie is set by Facebook to display advertisements when either on Facebook or on a digital platform powered by Facebook advertising, after visiting the website.