Worker and Applicant Global Privacy Notice

Last Updated: January 1, 2025

Troutman Pepper Locke LLP
WORKER AND APPLICANT GLOBAL PRIVACY NOTICE

1)      SCOPE

This Privacy Notice applies to partners, employees, contractors, interns, contingent workers, and other personnel (collectively, “Workers”) and applicants and prospective Workers (collectively, “Applicants”) whose personal data Troutman Pepper Locke may collect and process in the employment context, including from submission of an application, throughout the course of an individual’s tenure with Troutman Pepper Locke, and following such employment or services (collectively, the “Human Resources Operations”).

This Privacy Notice explains the types of personal data we may collect, how we intend to use and share that information, and the rights you may have related to these processing activities. As used in this Privacy Notice, “personal data” has the meaning given to it under the laws where an Applicant or Worker lives (also referred to as “you”), but typically refers to information that can be used to identify you as an individual.  Please also note that any activities we take with respect to your personal data are referred to as “processing” or “processing activities.”

“Troutman Pepper Locke,” “we,” “us,” and “our” means Troutman Pepper Locke LLP, together with its wholly owned subsidiaries and affiliated entities, including Troutman Pepper Locke (UK) LLP. Unless otherwise indicated in a specific context in a Worker or Applicant’s experience with us, Troutman Pepper Locke is the sole controller of and is accountable for the personal data of Workers and Applicants. For Applicants and Workers of Troutman Pepper Locke (UK) LLP, it is a joint controller.

If we process personal data about you as an Applicant or Worker, we are required to comply with applicable laws to protect the security and privacy of personal data. These laws include but are not limited to: (i) the California Consumer Privacy Act (the “CCPA”); (ii) the EU General Data Protection Regulation 2016/679 (the “EU GDPR”), and (iii) the EU GDPR as it forms part of retained EU law in the UK pursuant to the European Union Withdrawal Act 2018 (the “UK GDPR”) and the UK Data Protection Act 2018. Throughout this Notice, the term “GDPR” is used to refer to the EU GDPR and the UK GDPR, to the extent each applies.

Depending on where you live and the Troutman Pepper Locke entity that controls your personal data, applicable privacy laws may require us to explain the legal reason(s) that justify our of your personal data. We generally rely on the following legal bases to justify our processing: (i) to comply with our employment contracts and maintain our relationship as an employer with our Workers (“Contract Justification”); (ii) to comply with our legal obligations (“Legal Obligation Justification”), and (iii) to pursue our legitimate interests when they are not overridden by your interests or fundamental rights and freedoms (“Legitimate Interest Justification”). If you are a resident of the EU or UK, please also review the Supplemental Disclosures for Specific Jurisdictions for additional details.

A Few Important Notes: This Privacy Notice only applies to data that we collect and process when interacting with you in your capacity as a Worker or an Applicant. Unless otherwise indicated on a specific website page or form, this Privacy Notice does not apply to any of the personal data that we process through your use of our public-facing websites, applications, or other services that are subject to our Global Privacy Notice or other agreements. This Privacy Notice is not intended to, and shall not, constitute a contract with any Worker or Applicant.

2)      PERSONAL DATA WE COLLECT

Troutman Pepper Locke collects personal data about Workers and Applicants (and your family and dependents if you provide this information to us). In the past twelve months, we have collected or processed, and expect to collect and process in the future, the information described below.

Personal Data We Collect from You Directly. We may process the following categories of personal data that you provide to us:

  • Profile/Demographic Information such as your name, work address, work and personal telephone numbers, government-issued identification numbers, work and personal email addresses, home address, citizenship, passport data or immigration data and status, nationality, birth date, country of birth, national insurance number, tax reference, emergency contact details, CV data, bank and credit card account(s), and information on prior employers, family members, and family status.
  • Worker-Related Data such as application and recruitment records, education information, your job title, assigned practice group, work location, language(s) spoken and written, employment contract (if applicable), working time, attendance and leave (as applicable and allowed or required by law), business travel data, data about completion of required training, professional qualifications or certifications, bar number, information related to talent management, start and end date, reason for leaving, and similar job-related data.
  • Sensitive Personal Data / Special Category Data such as details of health and disability, including medical information, health insurance information, mental health, medical leave, marriage leave, and parental leaves (maternal, paternal, adoption); information about residency, citizenship, or immigration status; information about sex life or sexual orientation, gender identity or affinity, race, ethnicity, veteran status, political opinions, religious or philosophical beliefs, union membership, and data relating to criminal convictions and offenses.
  • Communications with Us such as personal contact information when you communicate with us, for example to inquire about worker benefits.
  • Feedback such as your opinions and responses to surveys or polls we may publish from time to time. If you decide to participate, you may be asked to provide certain information which may include personal data.
  • Elective Social Activities such as personal data to enable us to administer an elective social activity, award prizes, or provide other types of awards for the benefit of its Workers.

Information from Other Sources. We may collect, receive, and process information about Applicants and Workers from other sources, including through third-party services and organizations to supplement information provided by you. For example, where relevant to the role in question and as permitted by law, we may collect, receive, and process information from third parties such as regulators, government agencies, recruiters, educational establishments, employment agencies, screening and credit check companies, references from former employers, or from publicly available sources, such as publicly accessible websites, including social media, containing content you directly or indirectly control.

Personal Data Generated through Applicant and Worker Relationships. We may collect, generate, or compile information about you based on the nature and tenure of our relationship.

  • Compensation-Related Data such as basic salary, bonus and commission entitlements, insurance benefits (including partner, dependent, and beneficiary details), birth date and other information about you and your dependents required by our insurer or benefits vendors, tax information, accrued salary information, information relating to any applicable retirement plan or pension program, firm-backed credit cards, expenses, and similar forms of compensation or benefits.
  • Job-Related Data such as Worker attendance, working hours and overtime, timesheets, holiday records, performance reviews, evaluations and ratings, training records, disciplinary allegations, disciplinary process and disciplinary warnings, details of grievances and other internal processes, and any outcome, and similar data about or related to Worker performance, conduct, and capability.
  • Location-Based Data such as presence in an office based on the use and activation of an assigned access card or a firm-issued laptop. Depending on location, role and job responsibilities, Workers may also elect to useTroutman Pepper Locke’s mobile device management application (“MDM”) to access firm resources from a personal device. Workers who have opted to install the MDM on their devices may delete the application at any time. The MDM terms of service set out the vendor’s use of personal data.
  • Intra-Group Communications. Troutman Pepper Locke may offer, enable, or require Workers to utilize Troutman Pepper Locke’s intra-company accessible sites, video-enabled meetings, pages, messaging channels, apps, blogs, or group forums (“Intra-Company Communication Channels”). Troutman Pepper Locke and other individuals who use the Intra-Company Communication Channels may collect personal data and other information you submit or make available when using or participating in the Intra-Company Communication Channels. Personal data collected or generated about you when using Intra-Company Communication Channels may be considered “public” and may not be subject to the same privacy protections set forth herein. The terms of service of the vendor of the application or resource will set out the vendor’s use of personal data.
  • Miscellaneous Information. We may receive or collect other miscellaneous personal data (for example, information an Applicant chooses to disclose during the interview process), whether in oral or written form, and opinions generated by other Workers during the interview process.

Personal Data We Collect Automatically:

  • Worker Use of Troutman Pepper Locke Information Technology Systems and Networks. Troutman Pepper Locke may collect certain information automatically through the course of its Workers’ employment or services, such as Internet protocol (IP) address, inferred location based on IP address or activities, device identifiers associated with a computer or device (whether owned or authorized by us), mobile carrier and related information, activity logs, and other information about activities Workers may engage in on Troutman Pepper Locke property, equipment, accounts, systems, and networks. Troutman Pepper Locke may monitor and review Workers’ uses of Troutman Pepper Locke equipment, accounts, information technology systems, phone networks, computer networks, including those used to access the Internet, videoconferencing systems, and other Intra-Company Communications Channels. Troutman Pepper Locke may access and review Workers’ video-recordings, transcripts, electronic files, chat and other forms of real-time messages, and emails sent or stored on its information technology systems, including accounts, computers, and devices provided to Workers, or on Workers’ devices on which Troutman Pepper Locke systems or tools are enabled subject to Troutman Pepper Locke’s internal IT terms and policies and applicable law.
  • CCTV Footage. Where and as permitted by law, Troutman Pepper Locke may monitor its premises using CCTV cameras.

NOTE: WORKERS SHOULD HAVE NO EXPECTATION OF PRIVACY WHILE ON TROUTMAN PEPPER LOCKE PREMISES OR USING TROUTMAN PEPPER LOCKE INFORMATION TECHNOLOGY SYSTEMS, DEVICES, NETWORKS, AND ELECTRONIC COMMUNICATION TOOLS REGARDLESS OF LOCATION, SUBJECT TO APPLICABLE LAW. THIS PRIVACY NOTICE DOES NOT ESTABLISH THAT ALL WORKERS WILL HAVE ACCESS TO, OR WILL PARTICIPATE IN, THE SYSTEMS, NETWORKS, DATA, PROGRAMS, AND OTHER BUSINESS ACTIVITIES DESCRIBED IN THIS PRIVACY NOTICE.

We do not collect biometric data, nor do we use automated decision-making technology. While you can use facial or fingerprint biometrics for authentication when signing on to Troutman Pepper Locke-issued equipment, using this is optional, and other methods are available. As you, rather than the firm, choose whether to utilize these facilities, Troutman Pepper Locke does not determine the method of processing, is not considered a data controller in this respect, and has no access to any such biometric data you may choose to utilize.

3)      HOW WE USE YOUR PERSONAL DATA

We process personal data to the extent permitted or required under applicable law for a variety of business purposes, including those listed below. We will not process your personal data for a purpose other than that for which it was collected unless we have provided further information about this to you before that processing takes place. Please see the Supplemental Notice for Workers and Applicants in the UK or EU for a table of legal bases that explains how we process your personal data under the GDPR.

Applicants

  • To assess your suitability, aptitude, skills, qualifications, and interests for employment with or provision of services to Troutman Pepper Locke;
  • To communicate with you about the application process and/or your application; and
  • To take steps at your request prior to entering a relationship with you (for example, after we have sent you an offer, to process certain personal data to enter and commence employment).

Workers

  • To assist you with a job-related relocation, or to obtain an immigration visa or work permit (where required and requested by you);
  • To manage workflow, including assigning, managing, and administering projects;
  • To conduct job grading activities;
  • To administer Human Resources Operations and communicate with Workers and Applicants;
  • To administer payroll, tax/social security, and benefits;
  • To determine and administer compensation-related activities, including calculating and analyzing salary, profit share, and bonuses;
  • To monitor overtime, ensure Troutman Pepper Locke’s compliance with labor laws, and operate Worker recognition programs;
  • To ensure the safety, integrity, and security of our business and its assets, such as security and fraud prevention activities, Worker monitoring for safety or management, internal investigations, and research purposes;
  • To manage Worker performance and development;
  • To conduct internal processes, including disciplinary, grievance, and performance management;
  • To manage vacation and statutory leave rights and entitlements;
  • To manage religious, disability, and other accommodations;
  • To manage health-related issues and any associated absence;
  • To undertake organizational development and succession planning exercises;
  • To manage Worker attendance and absences;
  • To operate helpdesk and IT support services;
  • To run, enable, or cooperate with internal and/or external or governmental compliance investigations;
  • To operate, enable, or cooperate with internal or external audits;
  • To support inclusion initiatives;
  • To support the organization and Workers during corporate restructuring events (including acquisitions, divestitures, and integrations);
  • To protect Worker safety, including by administering emergency services;
  • To establish, exercise, or defend our legal rights;
  • To comply with our legal obligations, including to support any claim or defense before any court, administrative agency, or arbitration or mediation panel and to cooperate with, or to inform, law enforcement or relevant regulatory authorities to the extent required by law in or outside of your country; and
  • To process Worker expenses and travel charges and operate reimbursement programs.

4)      HOW WE DISCLOSE YOUR PERSONAL DATA

We may disclose personal data as described in this Privacy Notice to the following categories of businesses or individuals. The legal basis is also set out below:

Service Providers. Troutman Pepper Locke may disclose personal data we receive pursuant to this Privacy Notice with its service providers. The types of service providers to whom we entrust personal data include, for example and without limitation, service providers that help us: (i) operate company programs to enable Workers to perform their job functions such as corporate travel services, expense reimbursement programs, and administration of job-related stipends, if and as applicable; (ii)  maintain our Human Resources Operations; (iii) provide IT and related services, and (iv) provide specialized external advice (e.g., outside law firms and auditors). This is disclosed based on Legitimate Interest Justification (e.g., to provide IT and related services to allow you to do your job) or Contract Justification (e.g., to operate payroll).

Group Members. Troutman Pepper Locke may share personal data with our subsidiaries and affiliated entities (“group members”) as permitted by applicable law, to pursue our legitimate interests in connection with the following purposes: to facilitate internal communication and task management to other group companies; groupwide HR planning and administration (including staffing, succession planning, forecasting and budgeting, investment decisions, training, and performance management); and to be able to fulfil the employment relationship within our global structure (i.e., to facilitate global cooperation and Worker transfers within the group). Certain group members – other than the group member that is your employer – may function as a data controller for certain purposes (typically this would include any group member that makes its own decisions concerning some of the purposes above (e.g., Worker transfers)). This is disclosed based on Legitimate Interest Justification (e.g., to allow us to manage and operate our business) or Contract Justification (e.g., to fulfil obligations under a contract).

Troutman Pepper Locke Workers. If Workers elect to share personal data or other information through Intra-Company Communication Channels, other Workers may be able to see some or all this information. In addition, Worker name and photo may be available through the Intra-Company Communication Channels to facilitate collaboration and workplace communications. This is disclosed based on Legitimate Interest Justification (e.g., to allow us to manage and operate our business and to provide our professional services to clients).

Relevant Governmental, Judicial, Legal, and Advisory Entities. We may and/or other group members may transfer personal data to government agencies and regulators (e.g., tax authorities), social insurance carriers, courts, government authorities, legal counsel hired to defend claims made against the firm and other parties involved in any such suits, and other professional advisors, in accordance with applicable law where we and they believe doing so is required or appropriate to: (i) comply with law enforcement or national security requests and legal processes, such as court orders, subpoenas, or regulatory investigations; (ii) protect your, our, or others’ rights, property, or safety; (iii) enforce our policies or contracts; (iv) collect amounts owed to us; (v) assist with an investigation or prosecution of suspected or actual illegal activity; (vi) defend against claims made against the firm or its personnel; or (vi) in the course of providing our professional services to or on behalf of clients, such as to opposing counsel, courts and regulatory and quasi-judicial authorities, experts, arbitrators, mediators and others involved in the judicial system. This is disclosed based on Legitimate Interest Justification (e.g., to allow us to manage and operate our business), Contract Justification (e.g., to fulfil obligations under a contract such as insurance provision), or Legal Obligation Justification (e.g., to make reports to applicable tax authorities).

Merger, Sale, or Other Asset Transfers. If we participate in an actual or proposed merger, acquisition, financing, reorganization, bankruptcy, receivership, sale of firm assets, or transition of service to another firm, we may transfer your information as part of such a transaction as permitted by law and/or contract. This is disclosed based on Legitimate Interest Justification (e.g., to allow us to evaluate, engage in, and execute corporate activity).

5)      INTERNATIONAL DATA TRANSFERS

In conducting our Human Resources Operations, we may transfer, process, and store all information collected via or by Troutman Pepper Locke anywhere in the world, including, but not limited to, the United States. To the extent personal data is transferred from the United Kingdom (“UK”) or European Union (“EU”) to the United States or other jurisdictions that require valid safeguards to be in place, and unless an exemption applies, Troutman Pepper Locke will adopt sufficient legal safeguards such as standard contractual clauses and will conduct relevant transfer impact assessments when applicable. We take commercially reasonable measures to safeguard personal data consistent with the requirements of applicable laws and will not transfer sensitive personal data / special category data outside of your country unless permitted by applicable law. If you are a resident of the UK or EU, you may request information or to see a copy of any data transfer agreement(s) to the extent Troutman Pepper Locke has relied on them to transfer of your personal data by Contacting Us.

6)      INDIVIDUAL PRIVACY RIGHTS

To the extent permitted under applicable law, you may have the right to:

  • Obtain access to and portability of your personal data, including: (i) confirming whether and how we are processing your personal data; (ii) obtaining access to or a copy of your personal data; (iii) receiving an electronic copy of personal data that you have provided to us, or asking us to send that information to another company (the “right of data portability”).
  • Request correction of your personal data where it is inaccurate or incomplete. In some cases, we may provide self-service tools that enable you to update your personal data, or we may refer you to the controller of your personal data who is able to make the correction.
  • Request deletion of your personal data, in cases where Troutman Pepper Locke is not required to retain such personal data and subject to other legal requirements and exceptions prescribed by law.
  • Request restriction of or object to our processing of your personal data, if and as applicable, and where such requests are permitted by law, including the right to (i) withdraw your consent to processing, (ii) object to, or restrict, processing of your sensitive personal data for certain purposes, or (iii) opt out of profiling in furtherance of decisions that produce legal or similarly significant effects concerning you.
  • Lodge a complaint with your data protection supervisory authority. If you reside in the UK, this is the Information Commissioner’s Office (“ICO”). If you are located in the EU, information about your national supervisory authority can be found here.

If you would like to exercise any of these rights, please Contact Us. We will process such requests in accordance with applicable laws. To protect your privacy, Troutman Pepper Locke may take measures to verify your identity before fulfilling your request. You may authorize an agent to may make a verifiable request on your behalf. To authorize an agent to exercise a privacy right on your behalf, you may be required to provide us with written authorization. Please Contact Us for additional instructions. We will not discriminate or retaliate against anyone exercising their privacy rights.

7)      DATA RETENTION

Troutman Pepper Locke retains the personal data we receive as described in this Privacy Notice for as long as necessary to fulfill the purpose(s) for which it was collected, carry out our Human Resources Operations, resolve disputes, establish legal claims or defenses, conduct audits, pursue legitimate business purposes, enforce our agreements, comply with applicable laws, or based upon other criteria, including, but not limited to, the sensitivity and volume of such data. Additionally, we endeavor to retain all such personal data in accordance with legal requirements.

8)      SECURITY OF YOUR PERSONAL DATA

We employ reasonable safeguards designed to protect the Personal Data we collect. However, security risk is inherent in all internet and information technologies, and we cannot guarantee the security of your Personal Data.

9)      THIRD-PARTY WEBSITES/APPLICATIONS

Various resources and sites at Troutman Pepper Locke may contain links to third party websites/applications, and other websites/applications may reference or link to Troutman Pepper Locke. We do not control these third-party services. We encourage Applicants and Workers to read the privacy policies of each website and application with which they interact. We do not endorse, screen, or approve, and are not responsible for, the privacy practices or content of such other websites or applications. Visiting these other websites or applications is at your own risk.

10)  CHANGES TO OUR PRIVACY NOTICE AND PRACTICES

We may revise this Privacy Notice from time to time at our sole discretion. If there are any material changes to this Privacy Notice, we will notify you as required by applicable law.

11)  CONTACT US

If you wish to exercise any of your privacy rights or have any questions about our privacy practices or this Privacy Notice, please contact us at privacy@troutman.com.

12)  SUPPLEMENTAL NOTICE FOR CALIFORNIA RESIDENTS

Categories of Personal Data Collected and Sources. The Personal Data We Collect section identifies the categories of personal data that we may have collected in the preceding 12 months, and the sources from which we obtain such information. 

Purposes For Collections. We collect and use personal data for the business and commercial purposes described in the How We Use Your Personal Data section of this Privacy Notice.

Categories of Personal Data Closed and Categories of Recipients. We may have disclosed any personal data collected in the preceding 12 months for purposes consistent with this Privacy Notice, as described in the How We Use Your Personal Data section of this Privacy Notice and as further illustrated in the table below. We do not “sell” or “share” (for purposes of targeted advertising) your personal data.

Category of Personal Data CollectedCategories of Third Parties to Whom the Personal Data May Be Disclosed
Identifiers

For example, a real name, alias, postal address, unique personal identifier, Internet Protocol address, email address, or other similar identifiers.
– Service Providers
– Group Members
– Troutman Pepper Locke Workers
– Relevant Governmental, Judicial, Legal, and Advisory Entities
– Third Parties Involved in Business Transactions
Personal Information Categories Listed in the California Customer Records statute (Cal. Civ. Code § 1798.80I)

For example, a name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver’s license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information.
– Service Providers
– Group Members
– Troutman Pepper Locke Workers
– Relevant Governmental, Judicial, Legal, and Advisory Entities
– Third Parties Involved in Business Transactions 
Sensitive Personal Data

For example, a Social Security number, driver’s license, state identification card, or passport number, financial account, debit card or credit card number in combination with any required security or access code, password, or credentials allowing access to an account, precise geolocation, racial or ethnic origin, citizen or immigration status, religious or philosophical beliefs, or union membership.
– Service Providers
– Group Members
– Relevant Governmental, Judicial, Legal, and Advisory Entities
– Third Parties Involved in Business Transactions 
Protected Classification Characteristics Under California or Federal Law

For example, age, race, color, national origin, citizenship, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, and veteran or military status.
– Service Providers
– Group Members
– Relevant Governmental, Judicial, Legal, and Advisory Entities
– Third Parties Involved in Business Transactions 
Sensory Data

For example, audio, electronic, or visual information.
– Service Providers
– Group Members
– Troutman Pepper Locke Workers
– Relevant Governmental, Judicial, Legal, and Advisory Entities
– Third Parties Involved in Business Transactions 
Professional or Employment-Related Information

For example, current or past job history or performance evaluations.
– Service Providers
– Group Members
– Relevant Governmental, Judicial, Legal, and Advisory Entities
– Third Parties Involved in Business Transactions 
Education Information

For examples, the colleges or universities you have attended along with your graduation dates.
– Service Providers
– Group Members
– Troutman Pepper Locke Workers
– Relevant Governmental, Judicial, Legal, and Advisory Entities
– Third Parties Involved in Business Transactions 
Internet or Other Electronic Network Activity Information

For example, your IP address, inferred location, device identifiers, activity logs, and other information about activities on Troutman Pepper Locke property, equipment, accounts, systems, and networks.
– Service Providers
– Group Members
– Relevant Governmental, Judicial, Legal, and Advisory Entities
– Third Parties Involved in Business Transactions 

Data Retention. The Data Retention section above outlines the criteria we utilize for determining how long to retain data.

Processing of Sensitive Personal Data. We process sensitive personal data exclusively for the purposes outlined above, and only to the extent permitted under law. We do not use sensitive personal data to infer any characteristics about you.

SUPPLEMENTAL NOTICE FOR WORKERS AND APPLICANTS IN THE UK OR EU

We rely on the following legal bases for the processing of your personal data. Where we process special category data, we will only do so when we have both a legal basis for doing, where one of the additional conditions under the GDPR applies, and we have completed and retained an appropriate policy document and a record of processing activity.

FOR THE PROCESSING OF WORKER AND APPLICANT DATA
Processing PurposesCategories of personal dataLegal basis
Compensation-related Purposes– Contact and Identifying Data
– Job Data
– Salary Data
– Equity Compensation Data
– Performance and Disciplinary Data
– Contract Justification;
– Legal Obligation Justification; or
– Legitimate Interest Justification (e.g., to operate and manage our business)
Benefit-related Purposes– Contact and Identifying Data
– Job Data
– Salary Data
– Performance and Disciplinary Data
– Contract Justification; or
– Legitimate Interest Justification (e.g., to operate and manage our business)
Workforce Management-related Purposes– Contact and Identifying Data
– Job Data
– Salary Data
– Communications Data
– Performance and Disciplinary Data
– Contract Justification; or
– Legitimate Interest Justification (e.g., to operate and manage our business)
Regulatory-related Purposes– Contact and Identifying Data
– Job Data
– Salary Data
– Equity Compensation Data
– Performance and Disciplinary Data
– Legal Obligation Justification; or
– Legitimate Interest Justification (e.g., to operate and manage our business)
Internal Compliance-related Purposes– Contact and Identifying Data
– Job Data
– Salary Data
– Monitoring Data
– Communication Data
– Performance and Disciplinary Data
– Contract Justification;
– Legal Obligation Justification; or
– Legitimate Interest Justification (e.g., to operate and manage our business)
Communication-related Purposes– Contact and Identifying Data
– Job Data
– Communication Data
– Contract Justification;
– Legal Obligation Justification; or
– Legitimate Interest Justification (e.g., to operate and manage our business)
Emergency Contact-related Purposes– Contact and Identifying Data  – Legitimate Interest Justification (e.g., to allow us to contact a friend/relative/partner/spouse in the event of an emergency).
– The processing is necessary in order to protect your vital interests or those of another natural person (GDPR Art. 6(1)(d)).
Authority-related Purposes– Contact and Identifying Data
– Job Data
– Salary Data
– Equity Compensation Data
– Monitoring Data
– Communication Data
– Performance and Disciplinary Data
– Legal Obligation Justification
Security and Fraud Prevention-related Purposes– Contact and Identifying Data
– Job Data
– Monitoring Data
– Communication Data
– Performance and Disciplinary Data
– Legal Obligation Justification; or
– Legitimate Interest Justification (e.g., to ensure the confidentiality, availability, security integrity of our business and its IT and communications systems and to prevent and detect unlawful acts) 
Finance and Audit-related Purposes– Contact and Identifying Data
– Job Data
– Salary Data
– Equity Compensation Data
– Monitoring Data
– Communication Data
– Performance and Disciplinary Data
– Legal Obligation Justification; or
– Legitimate Interest Justification (e.g., to operate and manage our business) 
Litigation-related Purposes– Contact and Identifying Data
– Job Data
– Salary Data
– Equity Compensation Data
– Monitoring Data
– Communication Data
– Performance and Disciplinary Data
– Legitimate Interest Justification (e.g., to allow us to establish, exercise or defend our or other’s legal rights and obligations) 
FOR THE PROCESSING OF SENSITIVE/SPECIAL CATEGORY PERSONAL INFORMATION
Processing PurposesCategories of Sensitive Employee Data involvedLegal basis
Compensation-related Purposes– Number of sick days
– Information on parental leave
– Information on work-related accidents
– Information on disability
The processing is necessary for:

(i) carrying out the obligations and exercising our or your specific rights in the field of employment and social security and social protection law (GDPR Art. 9(2)(b) and the corresponding provisions under local data protection law);

(ii) protecting your vital interests as a data subject (e.g. in the case of a workplace accident) (GDPR Art. 9(2)(c) and the corresponding provisions under local data protection law);

(iii) assessing the working capacity of an employee or the provision of health or social care or treatment (GDPR Art. 9(2)(h) and the corresponding provisions under local data protection law), as applicable; and

(iv) processing for reasons of substantial public interest (GDPR Art. 9(2)(g) and the corresponding provisions under local data protection law), as applicable, in particular, preventing or detecting unlawful acts; protecting the public; regulatory requirements; preventing fraud; suspicion of terrorist financing or money laundering and support for individuals with a particular disability or medical condition.
Workforce Management-related Purposes– Number of sick days
– Information on parental leave
– Information on maternity leave
– Information on the marriage leave
– Information on work-related accidents
– Information on disability
Regulatory-related Purposes– Number of sick days
– Information on parental leave
– Information on maternity leave
– Information on work-related accidents
– Information on disability
– Criminal convictions and offences
Benefit-related Purposes– Number of sick days
– Information on parental leave
– Information on maternity leave
– Information on work-related accidents
– Information on disability
Litigation-related Purposes– Number of sick days
– Information on parental leave
– Information on maternity leave
– Information on work-related accidents
– Information on disability
– Criminal convictions and offences
The processing is necessary for the establishment, exercise, or defense of legal claims (GDPR Art. 9(2)(f) and the corresponding provisions under local data protection law).