Last Updated: July 15, 2020
This Privacy Policy applies to BrainStorm, Inc., (“BrainStorm”, “we”, “us” and “our”) and the collection, processing, and storage of Personal Information related to employees.
WHO WE ARE
BrainStorm is a leader in software and services for change management, assisting clients to gain maximum value from their workplace technology investment. BrainStorm provides learning solutions for its clients’ employees to promote optimal effectiveness in the client’s adoption of business and other application software through training, webinars, help service, tips, progress tracking, and adoption reports. BrainStorm’s change management and learning solutions include its online, cloud-based QuickHelp™ software application and electronic instructional content, instructor-led training (“ILT”) and immersive cloud-based training and facilitator bootcamp (“CIE”). BrainStorm is a U.S.-based corporation with a history of providing exceptional software and services for clients around the world.
BrainStorm is sensitive to privacy issues, and it is important to us to protect the Personal Information of our employees. The BrainStorm Employee Privacy Notice details the privacy practices of BrainStorm that apply to your employment and operates as an extension of our general privacy policy, which can be found at https://www.brainstorminc.com/legal#privacy-policy. BrainStorm provides this notice to inform you about our privacy practices with respect to employment, the kinds of information we may collect, how we intend to use and share that information, how you can correct or update such information, and privacy rights that may apply.
DEFINITION OF PERSONAL INFORMATION
“Personal Information” means any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. Under specific laws, personal information may include any information relating to a household.
INFORMATION WE COLLECT
BrainStorm collects different types of Personal Information for employment purposes in accordance with applicable law. We collect and process Personal Information through the onboarding, employment, exit, and post-employment phases. We categorize the Personal Information as: (a) Contact Information; (b) Job Applicant Information; (c) Employment Information; (d) Employment Benefits Information; (e) Medical Information; (f) Payment Information; and (g) Employee Stock Information. Examples of actual data collected is provided below for each of these categories:
(a) Contact Information. Full name, physical address, personal phone number, work phone number, personal email address, work email address, workplace address, social media account information, photograph, emergency contact information.
(b) Job Applicant Information. All information related to a job application such as resume, portfolio, education, experience, background, preferences, attributes, references, licenses, certificates, ethnicity, race, gender, residency status, work permit status and other similar information becomes part of your employment file when you are hired.
(c) Employment Information. Employee name, job title, position within the company, wage, salary, bonuses, rewards, awards, performance ratings, performance reports, complaints, investigative reports, disciplinary actions, achievements, promotional considerations, job progress, protected class, military status, work permit status, residency status, driver's license number, social security number, individual tax identification number, residency number, passport number, visa number, insurance number, citizenship certificate or papers, information in forms such as the I-9 and W-4, other tax information, workplace address, voicemails, emails, correspondence, documents, other work product and communications, information captured on security systems and key card entry systems, policy acknowledgments, time entry records, sick pay, paid time off, information about employee spouse, partner and dependents (including birthdate, phone number, social security number, tax identification number). Where permitted by law and applicable, this information may include the results of credit and criminal background checks, driving license number, vehicle registration, driving history, and other verifications.
(d) Employee Benefits Information. Medical insurance information, dental insurance information, retirement account information, life insurance information, name, phone number, social security number, birthdate, bank information, account number, routing number, information about employee spouse, partner and dependents (including birthdate, phone number, social security number, tax identification number)
(e) Medical and Disability Information. Medical records, health statistics, medical conditions, disabilities, health assessment results, medical information about employee spouse, partner, and dependents. Please note BrainStorm complies with applicable law, including the Health Insurance Portability and Accountability Act (“HIPAA”), in the collection, processing and storage of medical and disability information.
(f) Payments Information. Applies to employees issued with a corporate credit card – name, address, birthdate, social security number, salary deduction authorization, bank information, account number, routing number, transaction history, card balance, card limit.
(g) Employee Stock Information. Applies to employees with stock ownership - stock options, ownership of company, distributions.
California Consumer Privacy Act of 2018.
The categories of personal information we have collected about consumers (i.e. employees) in the preceding 12 months are:
For information on our use of cookies and tracking technologies on our website please read our privacy policy at https://www.brainstorminc.com/legal#privacy-policy.
HOW WE USE COLLECTED INFORMATION
We collect and process Personal Information for all aspects of employment and categorize these purposes as follows: (a) Employee profile; (b) Payroll; (c) Benefits; (d) Performance; and (e) Business operations.
(a) Employee profile. We maintain an employee profile for each of our employees. This profile includes Personal Information such as your name, address, phone number, email address, job title, job role, and reporting lines. This information is included in the company directory and readily available to all employees. We may maintain an employee bio, which we may provide to our business partners, as an example. We maintain Personal Information such as emergency contacts in your profile for the purpose of communicating to a designated third person in the event of a medical emergency, natural disaster, or other event.
(b) Payroll. In order to process payroll, we collect and use your bank account information, including the account name, name of your financial institution, routing number and account number. We use your social security number, or other tax identification number, to process the required withholding tax, payroll tax, and any other relevant taxes associated with your payroll. We process other information such as medical insurance account details and other pre-tax benefit deductions made as part of the payroll process. We also may be required to honor other deductions such as court-ordered wage garnishments or other payroll deductions determined by regulation. We generate payroll documents such as pay-stubs, pay statements, tax statements, and letters relating to required deductions as part of the payroll process. Your Personal Information is used extensively in this payroll process.
(c) Benefits. BrainStorm offers employee benefits, including medical, dental, vision, retirement, and insurance benefits, and processes your Personal Information in order to provide those benefits. Core benefits are offered through third-party service providers. Your Personal Information is collected and passed onto third-party administrators per benefit needs. You are also given access to employee portals administered by the third-parties for direct access to general information, benefit details, transactions history, balances, and statements.
(d) Performance. BrainStorm processes Personal Information to record achievements and employment progress, determine performance ratings, bonuses, and awards, and to identify individuals for promotional consideration. As part of the human resources function, Personal Information will also be processed in the event of an investigation and any resulting action.
(e) Business operations. Your job role will largely determine how your Personal Information will be used. Where you are a BrainStorm representative e.g. sales or customer service, your business contact information may be shared as part of your interactions with customer representatives and third-party service providers. Where required, we may use your Personal Information for registration with events, conferences, software licenses, travel, or for corporate credit card requirements.
We share your personal information with the following types of recipients:
California Consumer Privacy Act of 2018.
The categories of personal information we have disclosed about consumers (i.e. employees) for a business purpose in the preceding 12 months are:
STORAGE OF PERSONAL INFORMATION AND DATA TRANSFERS
All Personal Information sent or collected via or by BrainStorm may be stored anywhere in the world, including but not limited to, the United States, in the cloud, our servers, the servers of our affiliates or the servers of our service providers. Your Personal Information may be accessible to law enforcement or other authorities pursuant to a lawful request.
In the case of transfers of data out of Europe, we have committed to comply with the EU-U.S. Privacy Shield Framework and Swiss-U.S. Privacy Shield Framework. We endeavor to utilize third-party service providers from the United States that have certified with the EU-U.S. Privacy Shield Framework or alternatively provide adequate protections that are compliant with the EU General Data Protection Regulation such as implementing Standard Data Protection Clauses.
PRIVACY RIGHTS
We rely upon you to ensure we have accurate and up-to-date Personal Information on file. If you need to make a change to your Personal Information, please do so through the relevant portal or software, or alternatively, contact your representative in human resources for assistance. Where you have personal needs and/or concerns on the use and public availability of your Personal Information, we will endeavour to accommodate a request to limit the use of your Personal Information in this way.
In certain jurisdictions, individuals have rights in relation to Personal Information. Individuals in the European Economic Area (“EEA”) and United Kingdom have certain rights which may be subject to limitations and/or restrictions. These rights include the right to: (i) request access to and rectification or erasure of their personal data; (ii) obtain restriction of processing or to object to processing of their personal data; (iii) ask for a copy of their personal data to be provided to them, or a third party, in a digital format; and (iv) lodge a complaint about the processing of their personal data with their local data protection authority.
Please direct all inquiries relating to your Personal Information to the Human Resources Department or through the contact details provided at the end of this policy.
DATA RETENTION
The retention of Personal Information varies greatly depending upon the purpose of collection, who controls the Personal Information, and regulatory requirements. To better describe how retention may apply to your Personal Information, we categorize your Personal Information by purpose as follows: (a) Employee profile; (b) Payroll; (c) Benefits; (d) Performance; and (e) Business operations.
(a) Employee profile. Your Personal Information is retained as part of your employee profile for the duration of your employment with BrainStorm. Your employee profile includes information such as your name, address, phone number, email address, job title, job role, and reporting lines. This information is included in the company directory and readily available to all employees. At the end of your employment, we retain your employee profile in its entirety until the close of the tax year following your employment end. We then maintain a limited profile and retain this information for an appropriate time period.
(b) Payroll. Your Personal Information, including financial account information is used to process your salary. Personal Information associated with your profile necessary for operating payroll, such as your financial account information, social security number or tax identification number, is retained for the duration of your employment. At the end of your employment, we retain all relevant information until the close of the tax year following your employment end. Personal Information utilized in each payroll transaction is retained indefinitely as part of that payroll transaction. Pay-stubs, pay statements, and tax statements are retained for an appropriate time period.
(c) Benefits. BrainStorm uses third-party service providers to administer employee benefits. While BrainStorm selects the third-party service providers for benefits such as medical, retirement, and life insurance, each employee will be registered with the third-party service provider independently. These third-party service providers determine the retention of Personal Information processed for their respective services. Employees will be required to contact the relevant service provider for inquiries related to the use and retention of their Personal Information.
(d) Performance. For the duration of your employment, BrainStorm processes and retains information related to your job performance, including, achievements, performance reports, performance ratings, complaints, investigations, disciplinary actions, bonuses, awards, and promotional considerations.
(e) Business operations. As an employee, depending upon your job role, your business contact information may be shared with our customers and third-party service providers. Personal Information may also be published on our website. Your Personal Information will be retained in alignment with the retention practice for each specific business operation; the following are examples:
SECURITY OF YOUR PERSONAL INFORMATION
BrainStorm uses technical and organizational measures to protect the Personal Information that we store, transmit, or otherwise process against accidental or unlawful destruction, loss, alteration, unauthorized disclosure or access. We regularly consider appropriate new security technology and methods as we maintain and develop our software and systems.
EFFECTIVE DATE AND AMENDMENTS
This document is effective as of the date indicated at the top of this Privacy Policy under “Last Updated”. This document may be amended from time to time.
CONTACT INFORMATION
Inquiries may be made by contacting us through any of the following means:
Directly: Your Human Resource representative
Email: security@brainstorminc.com
Mailing Address:
Attn: Data Protection Officer
BrainStorm, Inc.
Ten South Center Street
American Fork, UT 84003
Copyright © BrainStorm, Inc All rights reserved
