Employment Privacy Notice

 

Last Updated: July 15, 2020

This Privacy Policy applies to BrainStorm, Inc., (“BrainStorm”, “we”, “us” and “our”) and the collection, processing, and storage of Personal Information related to employees.

WHO WE ARE

BrainStorm is a leader in software and services for change management, assisting clients to gain maximum value from their workplace technology investment. BrainStorm provides learning solutions for its clients’ employees to promote optimal effectiveness in the client’s adoption of business and other application software through training, webinars, help service, tips, progress tracking, and adoption reports. BrainStorm’s change management and learning solutions include its online, cloud-based QuickHelp™ software application and electronic instructional content, instructor-led training (“ILT”) and immersive cloud-based training and facilitator bootcamp (“CIE”). BrainStorm is a U.S.-based corporation with a history of providing exceptional software and services for clients around the world.

BrainStorm is sensitive to privacy issues, and it is important to us to protect the Personal Information of our employees. The BrainStorm Employee Privacy Notice details the privacy practices of BrainStorm that apply to your employment and operates as an extension of our general privacy policy, which can be found at https://www.brainstorminc.com/legal#privacy-policy. BrainStorm provides this notice to inform you about our privacy practices with respect to employment, the kinds of information we may collect, how we intend to use and share that information, how you can correct or update such information, and privacy rights that may apply.

 

DEFINITION OF PERSONAL INFORMATION

 

“Personal Information” means any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. Under specific laws, personal information may include any information relating to a household.

 

INFORMATION WE COLLECT

 

BrainStorm collects different types of Personal Information for employment purposes in accordance with applicable law. We collect and process Personal Information through the onboarding, employment, exit, and post-employment phases. We categorize the Personal Information as: (a) Contact Information; (b) Job Applicant Information; (c) Employment Information; (d) Employment Benefits Information; (e) Medical Information; (f) Payment Information; and (g) Employee Stock Information. Examples of actual data collected is provided below for each of these categories:

 

(a) Contact Information. Full name, physical address, personal phone number, work phone number, personal email address, work email address, workplace address, social media account information, photograph, emergency contact information.

 

(b) Job Applicant Information. All information related to a job application such as resume, portfolio, education, experience, background, preferences, attributes, references, licenses, certificates, ethnicity, race, gender, residency status, work permit status and other similar information becomes part of your employment file when you are hired.

 

(c) Employment Information. Employee name, job title, position within the company, wage, salary, bonuses, rewards, awards, performance ratings, performance reports, complaints, investigative reports, disciplinary actions, achievements, promotional considerations, job progress, protected class, military status, work permit status, residency status, driver's license number, social security number, individual tax identification number, residency number, passport number, visa number, insurance number, citizenship certificate or papers, information in forms such as the I-9 and W-4, other tax information, workplace address, voicemails, emails, correspondence, documents, other work product and communications, information captured on security systems and key card entry systems, policy acknowledgments, time entry records, sick pay, paid time off, information about employee spouse, partner and dependents (including birthdate, phone number, social security number, tax identification number). Where permitted by law and applicable, this information may include the results of credit and criminal background checks, driving license number, vehicle registration, driving history, and other verifications.

 

(d) Employee Benefits Information. Medical insurance information, dental insurance information, retirement account information, life insurance information, name, phone number, social security number, birthdate, bank information, account number, routing number, information about employee spouse, partner and dependents (including birthdate, phone number, social security number, tax identification number)

 

(e) Medical and Disability Information. Medical records, health statistics, medical conditions, disabilities, health assessment results, medical information about employee spouse, partner, and dependents. Please note BrainStorm complies with applicable law, including the Health Insurance Portability and Accountability Act (“HIPAA”), in the collection, processing and storage of medical and disability information.

 

(f) Payments Information. Applies to employees issued with a corporate credit card – name, address, birthdate, social security number, salary deduction authorization, bank information, account number, routing number, transaction history, card balance, card limit.

 

(g) Employee Stock Information. Applies to employees with stock ownership - stock options, ownership of company, distributions.

 

California Consumer Privacy Act of 2018.

The categories of personal information we have collected about consumers (i.e. employees) in the preceding 12 months are:

  • Identifiers such as a real name, alias, postal address, email address, unique personal or online identifier, internet protocol address; account name; social security number; driver’s license or passport number; and other similar identifiers;
  • Categories of personal information described in subdivision (e) of Section 1798.80, such as signature; physical characteristics; state identification card; insurance policy number; education; employment or employment history; bank account number; credit card number (if issued a corporate credit card); medical information or health insurance information; driver’s license or passport number; and other similar identifiers;
  • Characteristics of protected classifications under California or federal law;
  • Internet or other electronic network activity information, including browsing history; search history; and information regarding an employee’s interaction with an Internet website or application;
  • Professional or employment-related information;
  • Inferences drawn from any of the information identified in this subdivision to create a profile about a consumer reflecting the consumer’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.

 

For information on our use of cookies and tracking technologies on our website please read our privacy policy at https://www.brainstorminc.com/legal#privacy-policy.

 

HOW WE USE COLLECTED INFORMATION

 

We collect and process Personal Information for all aspects of employment and categorize these purposes as follows: (a) Employee profile; (b) Payroll; (c) Benefits; (d) Performance; and (e) Business operations.

(a) Employee profile. We maintain an employee profile for each of our employees. This profile includes Personal Information such as your name, address, phone number, email address, job title, job role, and reporting lines. This information is included in the company directory and readily available to all employees. We may maintain an employee bio, which we may provide to our business partners, as an example. We maintain Personal Information such as emergency contacts in your profile for the purpose of communicating to a designated third person in the event of a medical emergency, natural disaster, or other event.

(b) Payroll. In order to process payroll, we collect and use your bank account information, including the account name, name of your financial institution, routing number and account number. We use your social security number, or other tax identification number, to process the required withholding tax, payroll tax, and any other relevant taxes associated with your payroll. We process other information such as medical insurance account details and other pre-tax benefit deductions made as part of the payroll process. We also may be required to honor other deductions such as court-ordered wage garnishments or other payroll deductions determined by regulation. We generate payroll documents such as pay-stubs, pay statements, tax statements, and letters relating to required deductions as part of the payroll process. Your Personal Information is used extensively in this payroll process.

(c) Benefits. BrainStorm offers employee benefits, including medical, dental, vision, retirement, and insurance benefits, and processes your Personal Information in order to provide those benefits. Core benefits are offered through third-party service providers. Your Personal Information is collected and passed onto third-party administrators per benefit needs. You are also given access to employee portals administered by the third-parties for direct access to general information, benefit details, transactions history, balances, and statements.

(d) Performance. BrainStorm processes Personal Information to record achievements and employment progress, determine performance ratings, bonuses, and awards, and to identify individuals for promotional consideration. As part of the human resources function, Personal Information will also be processed in the event of an investigation and any resulting action.

(e) Business operations. Your job role will largely determine how your Personal Information will be used. Where you are a BrainStorm representative e.g. sales or customer service, your business contact information may be shared as part of your interactions with customer representatives and third-party service providers. Where required, we may use your Personal Information for registration with events, conferences, software licenses, travel, or for corporate credit card requirements.

  1. HOW YOUR PERSONAL INFORMATION IS SHARED

We share your personal information with the following types of recipients:

 

  • Other employees. Your Personal Information, e.g. name, email, phone number, job title, is published in a directory and shared with other employees. Your Personal Information is also shared with other employees for workplace purposes such as line reporting, team projects, and role integrations. Your Personal Information is also shared with human resources for payroll, compensation, performance assessments, promotions, and other business functions. Appropriate access to your Personal Information is restricted based upon job role.

 

  • Business customers and third-party service providers. BrainStorm’s customers and third-party service providers are key to its business operations. Personal Information, e.g. business contact information, of BrainStorm representatives is shared with our business partners, vendors, and third-party service providers.

 

  • Other Third-party service providers. We use third-party service providers to administer payroll, benefits, and other human resource functions and share your Personal Information with these service providers. For benefits such as medical insurance and retirement, your Personal Information is provided directly by you to the third-party service provider. We also use third-party service providers for services like cloud hosting, analytics or other technical tools. These service providers only process your Personal Information as directed by us. We do not sell your personal information to third parties.

 

  • Regulatory bodies and authorities. Your Personal Information is shared with the relevant tax authorities. In addition, your Personal Information may be shared with law enforcement, courts of law, government agencies, regulatory authorities, or other third parties as required by law or in order to meet our regulatory or contractual obligations.

 

  • Entities associated with mergers, acquisitions and other business transfers. BrainStorm may be part of a merger, acquisition, or other business transfer and as such, may disclose your Personal Information as part of this process. BrainStorm will endeavor to implement protective measures to protect your Personal Information in these circumstances.

 

California Consumer Privacy Act of 2018.

The categories of personal information we have disclosed about consumers (i.e. employees) for a business purpose in the preceding 12 months are:

  • Identifiers such as a real name, alias, postal address, email address, unique personal or online identifier, Internet Protocol address; account name; social security number; driver’s license or passport number; and other similar identifiers;
  • Categories of personal information described in subdivision (e) of Section 1798.80, such as signature; physical characteristics; state identification card; insurance policy number; education; employment or employment history; bank account number; credit card number (if issued a corporate credit card); medical information or health insurance information; driver’s license or passport number; and other similar identifiers;
  • Characteristics of protected classifications under California or federal law;
  • Internet or other electronic network activity information, including browsing history; search history; and information regarding an employee’s interaction with an Internet Website or application;
  • Professional or employment-related information;
  • Inferences drawn from any of the information identified in this subdivision to create a profile about a consumer reflecting the consumer’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.

STORAGE OF PERSONAL INFORMATION AND DATA TRANSFERS

All Personal Information sent or collected via or by BrainStorm may be stored anywhere in the world, including but not limited to, the United States, in the cloud, our servers, the servers of our affiliates or the servers of our service providers. Your Personal Information may be accessible to law enforcement or other authorities pursuant to a lawful request. 

In the case of transfers of data out of Europe, we have committed to comply with the EU-U.S. Privacy Shield Framework and Swiss-U.S. Privacy Shield Framework. We endeavor to utilize third-party service providers from the United States that have certified with the EU-U.S. Privacy Shield Framework or alternatively provide adequate protections that are compliant with the EU General Data Protection Regulation such as implementing Standard Data Protection Clauses.

 

PRIVACY RIGHTS

We rely upon you to ensure we have accurate and up-to-date Personal Information on file. If you need to make a change to your Personal Information, please do so through the relevant portal or software, or alternatively, contact your representative in human resources for assistance. Where you have personal needs and/or concerns on the use and public availability of your Personal Information, we will endeavour to accommodate a request to limit the use of your Personal Information in this way.

 

In certain jurisdictions, individuals have rights in relation to Personal Information. Individuals in the European Economic Area (“EEA”) and United Kingdom have certain rights which may be subject to limitations and/or restrictions. These rights include the right to: (i) request access to and rectification or erasure of their personal data; (ii) obtain restriction of processing or to object to processing of their personal data; (iii) ask for a copy of their personal data to be provided to them, or a third party, in a digital format; and (iv) lodge a complaint about the processing of their personal data with their local data protection authority.

 

Please direct all inquiries relating to your Personal Information to the Human Resources Department or through the contact details provided at the end of this policy.

 

DATA RETENTION

The retention of Personal Information varies greatly depending upon the purpose of collection, who controls the Personal Information, and regulatory requirements. To better describe how retention may apply to your Personal Information, we categorize your Personal Information by purpose as follows: (a) Employee profile; (b) Payroll; (c) Benefits; (d) Performance; and (e) Business operations.

 

(a) Employee profile. Your Personal Information is retained as part of your employee profile for the duration of your employment with BrainStorm. Your employee profile includes information such as your name, address, phone number, email address, job title, job role, and reporting lines. This information is included in the company directory and readily available to all employees. At the end of your employment, we retain your employee profile in its entirety until the close of the tax year following your employment end. We then maintain a limited profile and retain this information for an appropriate time period.

(b) Payroll. Your Personal Information, including financial account information is used to process your salary. Personal Information associated with your profile necessary for operating payroll, such as your financial account information, social security number or tax identification number, is retained for the duration of your employment. At the end of your employment, we retain all relevant information until the close of the tax year following your employment end. Personal Information utilized in each payroll transaction is retained indefinitely as part of that payroll transaction. Pay-stubs, pay statements, and tax statements are retained for an appropriate time period.

(c) Benefits. BrainStorm uses third-party service providers to administer employee benefits. While BrainStorm selects the third-party service providers for benefits such as medical, retirement, and life insurance, each employee will be registered with the third-party service provider independently. These third-party service providers determine the retention of Personal Information processed for their respective services. Employees will be required to contact the relevant service provider for inquiries related to the use and retention of their Personal Information.

(d) Performance. For the duration of your employment, BrainStorm processes and retains information related to your job performance, including, achievements, performance reports, performance ratings, complaints, investigations, disciplinary actions, bonuses, awards, and promotional considerations.

(e) Business operations. As an employee, depending upon your job role, your business contact information may be shared with our customers and third-party service providers. Personal Information may also be published on our website. Your Personal Information will be retained in alignment with the retention practice for each specific business operation; the following are examples:

  • Email communication: Personal Information used in email communication is retained until the email is deleted by the individual or per our standard email deletion process.
  • Employee badge: Your Personal Information is used to issue an employee badge for security and identification purposes. At the end of your employment, the employee badge is returned to us and the badge is physically destroyed. Your employment status on your employee profile is updated and retained as part of a limited employee profile for ten years.
  • Non-employee information: Employees can store non-employee information on workplace laptops and devices. As an employee, you are responsible for complying with our policies on use of workplace laptops and devices. You may have chosen to store Personal Information that is unrelated to work on workplace laptops and devices. While BrainStorm reserves the right to monitor the use of all workplace laptops and devices, it allows the storage of non-workplace data that complies with its policies. At the end of employment, BrainStorm expects the employee to remove any non-workplace data from the workplace laptops and devices and then return the equipment. BrainStorm then performs its standard data cleanse process, removing and destroying personal data and resetting the workplace laptops and devices for future business use.
  • Personal items: BrainStorm allows its employees to decorate their workstation and employees frequently choose to do so with personal items that include Personal Information. At the end of employment, the employee is expected to clean their work station and remove any personal items. Any items left behind and not claimed within a reasonable time period (3 working days) that include Personal Information will be destroyed.

SECURITY OF YOUR PERSONAL INFORMATION

BrainStorm uses technical and organizational measures to protect the Personal Information that we store, transmit, or otherwise process against accidental or unlawful destruction, loss, alteration, unauthorized disclosure or access.  We regularly consider appropriate new security technology and methods as we maintain and develop our software and systems.

EFFECTIVE DATE AND AMENDMENTS

This document is effective as of the date indicated at the top of this Privacy Policy under “Last Updated”. This document may be amended from time to time.

CONTACT INFORMATION

Inquiries may be made by contacting us through any of the following means:

Directly: Your Human Resource representative

Email: security@brainstorminc.com

Mailing Address:
Attn: Data Protection Officer
BrainStorm, Inc.
Ten South Center Street

American Fork, UT 84003