Randstad Canada’s Privacy Policy, updated June 30, 2016

 

Policy Owner:  Lara Speirs, General Counsel, has been appointed as Chief Privacy Officer.

 

Purpose:

Randstad Interim Inc. (“Randstad Canada”) is committed to take all reasonable steps to preserve the confidentiality of all Personal Information it collects in order to manage its business and maintain the employment relationship in a manner consistent with applicable law.

 

The purpose of this Privacy Policy (“this Policy”) is to provide Randstad Canada with a framework to ensure that we handle Personal Information with a view to managing our privacy-related risks and complying with applicable law. It governs the collection, use, disclosure, retention and destruction of Personal Information in the course of our commercial activity. 

 

The Policy sets a minimum standard for handling Personal Information and sets out guidance for the handling of Personal Information.  This policy is consistent with and supportive of Randstad’s Business Principles, namely principles 1, 4, 9 and 15:

1.         We know and comply with the laws that govern our business, international human rights principles and Randstad’s internal policies and procedures;

4.         We ensure that our records (including those containing Personal Information) are created, used, stored and destroyed in accordance with law;

9.         We respect the right to privacy, ensure that confidential information is kept confidential and we do not abuse the confidential information of others; and

15.        We maintain and provide full, fair, timely, accurate and understandable contracts, records and financial information.

 

Scope/Applicability

This Policy applies to all Randstad Canada’s internal employees, temporary workers, assigned resources, applicants, candidates, Coop students, interns, volunteers and independent contractors (“Individuals”).

 

This Policy is a local Canadian adaptation of Randstad Holding’s Data Protection Group Policy, as found at: https://www.Randstadatwork.com/corporate-information/values-policies/corporate-policies.  This policy has been adapted to comply with local Canadian laws and regulations.  In the event of a conflict between these two policies, it is this local Canadian Policy that shall prevail.

For specific questions about Randstad Canada’s Data Security & E-Communication Policies and practices, please contact Chief Information Security Officer, Gabe Mazzarolo.

 

Personal Information- definition

"Personal Information" includes factual or subjective information about an identifiable individual.  An individual’s personal information includes his or her name, when combined with other unique identifying information such as HR ID, salary, amount of bonus received, SIN number, home address or individual performance rating.  However, it excludes business contact information, such as information disclosed on a business card.

 

Randstad’s Duty to Notify

In accordance with applicable legislation, Randstad Canada shall provide notification to the affected individual(s) and the applicable Privacy Regulators of any breach of its security measures involving personal information under its control if it is reasonable in the circumstances to believe that the breach creates a real risk of significant harm to an individual.  Where applicable, the term “significant harm” is defined to include, among other things, “bodily harm, humiliation, damage to reputation or relationships, loss of employment, business or professional opportunities, financial loss, identity theft, negative effects on the credit record and damage to or loss of property”.

Such notice shall be made as soon as feasible after Randstad Canada determines that the breach has occurred.

 

Fair Information Principles

 

In accordance with applicable law, Individuals and others who collect, use and disclose personal information on Randstad Canada’s behalf must comply with the following 10 Fair Information Principles. 

 

Principle 1 – Accountability

Randstad Canada is responsible for personal information under its control and shall designate an individual or individuals who are accountable for the organization’s compliance with the following principles.

 

Principle 2 – Identifying Purposes

The purposes for which personal information is collected shall be identified by Randstad Canada at or before the time the information is collected.

 

Principle 3 – Consent

The knowledge and consent of the individual are required for the collection, use, or disclosure of personal information, except where inappropriate.

 

Principle 4 – Limiting Collection

The collection of personal information shall be limited to that which is necessary for the purposes identified by Randstad Canada. Information shall be collected by fair and lawful means.

 

Principle 5 – Limiting Use, Disclosure, and Retention

Personal information shall not be used or disclosed for purposes other than those for which it was collected, except with the consent of the individual or as required by law. Personal information shall be retained only as long as necessary for the fulfillment of those purposes.

 

Principle 6 – Accuracy

Personal information shall be as accurate, complete, and up-to-date as is necessary for the purposes for which it is to be used.

 

Principle 7 – Safeguards

Personal information shall be protected by security safeguards appropriate to the sensitivity of the information.

 

Principle 8 – Openness

Randstad Canada shall make readily available to individuals specific information about its policies and practices relating to the management of personal information.

 

Principle 9 – Individual Access

In accordance with applicable law, upon request, an individual shall be informed of the existence, use, and disclosure of his or her personal information and shall be given access to that information. An individual shall be able to challenge the accuracy and completeness of the information and have it amended as appropriate.

 

Principle 10 – Challenging Compliance

An individual shall be able to address a challenge concerning compliance with the above principles to the designated individual or individuals accountable for the organization’s compliance.

 

Each of these principles is described in more detail in the following sections.

 

1.   Accountability: Fair, Lawful and Authorized manner

 

This Policy allows Randstad Canada to collect, use and disclose personal information for its legitimate purposes provided it does so in a fair and lawful manner. 

Randstad Canada should ordinarily identify itself as accountable for the Personal Information it collects and should ordinarily identify anyone to whom it will routinely disclose or transfer Personal Information, including other companies within the Randstad Group.

Resolution Process

Individuals with questions or concerns about this Policy should follow the escalation process outlined as follows:

1.    Privacy Ambassadors

For internal employees, as a first point of contact, a Privacy Ambassador has been assigned for each branch or corporate head office for day-to-day privacy questions or concerns as well as compliance issues involving your particular branch.  Please contact your direct supervisor or Branch Manager to find out the name of your particular Privacy Ambassador. For all other individuals, please contact the Privacy Officer directly by email at: privacyofficer@randstad.ca.

 

2.    Privacy Officer- Matthew Gdyczynski, Human Resources

If your matter cannot be resolved by your Privacy Ambassador, please contact Randstad Canada’s Privacy Officer who is responsible for addressing all inquiries and complaints and ensuring compliance with this policy and applicable privacy legislation.   Privacy Officer may be reached by email at:  privacyofficer@randstad.ca.

 

3.    Chief Privacy Officer- Lara Speirs, General Counsel

In the event your matter is still not resolved to your satisfaction, please contact the Chief Privacy Officer, Lara Speirs.

 

4.    Chief Information Security Officer - Gabe Mazzarolo, CIO

If your concern involves data security, your matter shall be referred to Chief Information Security Officer, Gabe Mazzarolo.

 

Transferring Personal Information to Service Provides (Within or Outside Canada)

Randstad Canada only transfers Personal Information to service providers, whether within the Randstad Group or outside it (“Service Providers”), if the transfer complies with the principles and the other rules set out in this policy and with applicable privacy legislation.  These Service Providers will be required to collect, use, disclose and retain Personal Information in a manner that is consistent with this Policy and applicable law.

 

When using Service Providers, Randstad Canada (i) employs due diligence in selecting Service Providers to process Personal Information on its behalf, (ii) imposes reasonable contractual terms on such organizations with a view to maintaining comparable data security and (iii) oversees such organizations with a view to maintaining comparable data security.

For Service Providers located outside of Canada, transfers of Personal Information may be made subject to additional notification and other requirements under applicable legislation.

 

2.   Identifying Purposes

 

The purposes for which Personal Information is collected shall be identified by Randstad Canada at or before the time the information is collected.

 

In the course of its commercial activities, Randstad Canada ordinarily collects, uses and discloses Personal Information for the following reasonable business purposes:  to provide HR services, staffing & professional services, search & selection, recruitment and Managed Service Provider (MSP) and In-house services.

 

As an employer, Randstad Canada collects, uses and discloses Personal Information for the purpose of establishing, managing or terminating its employment relationships and managing and auditing its operations. These purposes include preventing and responding to work-related misconduct, breaches of law and other activities that may harm Randstad Canada’s interests.

 

Examples of the types of Personal Information Randstad Canada may collect at the various stages of the employment relationship include, but not limited to:

Name, date of birth, gender, marital status, beneficiaries, identification numbers, including social insurance number and other identifying information, such as photographs;
Background information, including education, training, work history and reference information, professional or other designations, and results from credit information and criminal record checks;
Contract information, such as personal address, telephone number, cellular phone number, email address and emergency contact information;
Health and medical information, including personal, emergency contact, health  information of Individual’s, their spouses and dependents; and
Randstad Canada work history, experience, training, compensation information and employment performance/disciplinary matters.
 

3.   Consent

 

The knowledge and consent of the individual are required for the collection, use, or disclosure of Personal Information, except where inappropriate or otherwise permissible by law.

Randstad Canada ordinarily collects, uses and discloses Personal Information based on informed consent. Being informed means understanding the nature, purpose and consequence of the collection, use or disclosure of Personal Information.  This commitment entails:

Informing the Individual in a meaningful way of the purposes for the collection, use or disclosure of personal data; and
Obtaining the Individual's consent before or at the time of collection, as well as when a new use of their Personal Information is identified.
Randstad Canada only relies on implied consent when appropriate in light of the sensitivity of Personal Information and individuals’ reasonable expectations.  In particular, it relies on implied consent to collect, use and disclose the Personal Information of Individual s for the purpose of establishing, managing or terminating its employment relationships.

 

Exceptions to the Consent Principle

There are a number of specific exceptions to the requirements to obtain knowledge and consent for the collection, use or disclosure of Personal Information.  Examples include, but are not limited to:

Randstad Canada may collect & use Personal Information without the individual's knowledge or consent only:

if it is clearly in the individual's interests and consent is not available in a timely way;
if knowledge and consent would compromise the availability or accuracy of the information and collection is required to investigate a breach of an agreement or contravention of applicable law.
Randstad Canada may use & disclose Personal Information without the individual's knowledge or consent only:

if  reasonable grounds to believe the information could be useful when investigating a contravention of applicable law and the information is used for that investigation;
for an emergency that threatens an individual's life, health or security;
for statistical or scholarly study or research ( but must notify the Privacy Commissioner of Canada before using the information).
 

Randstad Canada may disclose Personal Information without the Individual's knowledge or consent only:

to a lawyer representing Randstad Canada;
to collect a debt the Individual owes to Randstad Canada;
to comply with a subpoena, a warrant or an order made by a court or other body with appropriate jurisdiction;
to a government institution that has identified its lawful authority to obtain the information, and indicates that disclosure is for the purpose of enforcing, carrying out an investigation;
to an investigative body for the purposes related to the investigation of a breach of an agreement or a contravention of applicable law;
20 years after the Individual 's death or 100 years after the record was created; or
if required by law.
 

4.    Limiting Collection  for reasonable and specified purposes

 

The collection of Personal Information shall be limited to that which is necessary for the purposes    identified by Randstad Canada.  Randstad Canada shall limit the amount and type of the information gathered to what is necessary for the identified purposes, as listed above.

 

Randstad Canada shall only collect Personal Information for reasonable business purposes that it identifies to Individual s at the time of collection except as permitted or required by law.

 

Randstad Canada refrains from collecting Personal Information for one purpose and then using it for another without consent except as permitted or required by law.

 

5.    Limiting Use, Disclosure and Retention Only As Reasonably Necessary

 

Personal Information shall not be used or disclosed for purposes other than those for which it was collected, except with the consent of the Individual or as required by law.

 

Randstad Canada maintains record retention schedules to ensure that personal Information shall be retained only as long as reasonably necessary for the fulfillment of those purposes.    

 

For Randstad’s internal employees:  To see further information regarding Randstad Canada’s record retention schedule and its related policy, please refer to its Document Management Policy and its related Document Retention Schedule (Appendix A), which can be found at Randstad Canada’s intranet site at:

https://central.randstadgroup.ca/ec/Pages/Policies.aspx. This Document Management Policy ensures that Randstad Canada does not retain Personal Information longer than necessary for the purposes it was collected unless required by law.

 

6. Accuracy

 

Randstad Canada employs reasonable measures to ensure that Personal Information is kept as accurate as required for its purposes.

 

Requests for correction of Personal Information are handled in accordance with rights granted under applicable legislation and good recordkeeping practices.

 

7.  Safeguards: Data Security & E-Communication Policy

 

For specific questions about Randstad Canada’s Data Security & E-Communication Policies and practices, please contact Chief Information Security Officer, Gabe Mazzarolo.

 

Randstad Canada takes reasonable safeguards and security measures to protect Personal Information against unlawful or unauthorized access, disclosure, copying, use or modification. This also includes safeguarding information from loss, theft and damage.

 

Randstad Canada maintains policies, procedures and technologies to maintain the security of Personal Information from the point of collection to the point of destruction, as outlined in its E-Communications Policy, which can be found on Randstad Canada’s intranet site at: https://central.randstadgroup.ca/ec/Pages/Policies.aspx

 

For specific questions about Randstad Canada’s Data Security & E-Communication Policies and practices, please contact Chief Information Security Officer, Gabe Mazzarolo.

 

 

Individual’s Duty to Report & Promoting compliance

If an Individual  becomes aware of any loss of, unauthorized access to, significant security lapses or unauthorized disclosure of Personal Information, whether or not he or she has caused the loss, unauthorized access or unauthorized disclosure, the Individual  should must immediately raise the matter with his/her line manager or with our Privacy Officer at:  privacyofficer@randstad.ca.

 

The reporting duty to above is an essential element of Randstad Canada’s privacy and data protection program. Randstad Canada will protect Individuals who report from reprisal and treat any failure to report as a significant employment offence.

 

Individuals who are contacted by a privacy regulator should promptly notify our Chief Privacy Officer.

 

8.   Openness

 

Randstad Canada shall make readily available to Individuals its policies and practices to relating to the management of Personal Information. 

 

·         For internal employees: this Privacy Policy is available on its intranet site in the “Employee Centre” section at https://central.randstadgroup.ca/ec/Pages/Policies.aspx

 

·         For others: Randstad’s Privacy Policy can be found on Randstad’s internet site at: http://www.randstad.ca/about/privacy.aspx

 

9.   Individual Access and correction

 

In accordance with applicable law, Randstad Canada provides Individual s with access to Personal Information and a means of correcting Personal Information in accordance with applicable privacy legislation. An Individual shall be able to challenge the accuracy and completeness of the information and have it amended as appropriate.

 

All requests for copies of Personal Information must be made in writing and directed to the Randstad Canada Privacy Officer (privacyofficer@randstad.ca).

  

 10.        Recourses Available

 

All complaints, questions or concerns should be brought to the local Privacy Officer at privacyofficer@randstad.ca and shall be handled in an expeditious and timely manner.

 

If your matter has not been resolved to your satisfaction, please see the above Resolution Process section of this policy.

 

Discipline

Given the serious prejudice, damage and penalties that a breach of this Policy may cause Randstad Canada, in the event an Individual is found in breach of this Policy, disciplinary action up to and including termination of employment without notice, in addition to possible civil, criminal or regulatory action may be imposed.   Breach of this policy may also impact an Individual ’s performance assessment and compensation.

 

Maintenance & Review

This Policy is effective immediately and supersedes all prior versions. The next review is scheduled for September, 2018.

 

Randstad Canada reserves the right to interpret this Policy at its sole discretion and to make changes as it deems appropriate from time to time without the requirement of advance notice.

 

Links

For internal employees: All Randstad Canada policies, including this Privacy Policy, are available on its intranet site in the “Employee Centre” section at: https://central.randstadgroup.ca/ec/Pages/Policies.aspx

 

For others: Randstad’s Privacy Policy can be found on Randstad’s internet site at: http://www.randstad.ca/about/privacy.aspx