Close

Register now for the #1 employee experience conference, Unite 24. Join the largest gathering of enterprise EX leaders!
Navigation

US Careers Privacy Notice

Unily Inc. Employee and Recruitment Privacy Notice

Unily Inc. (“Unily”) is committed to safeguarding the privacy and security of your personal information and upholding the privacy rights of individuals worldwide. Regardless of the existence of local data protection or privacy laws where Unily operates, our privacy framework applies globally and adheres to the high standards set by the General Data Protection Regulation (‘GDPR’).

This privacy notice applies to all current, former, and prospective employees, workers, and contractors of Unily. It outlines how we collect and use your personal information before, during, and after your employment or engagement with us.

It is essential to read this notice along with any other privacy notice we provide on specific occasions when we collect or process your personal information so that you are aware of how and why we use it.

Our privacy notice is regularly reviewed to maintain transparency and accuracy. We encourage you to check it frequently for updates, and we will notify all staff of any significant changes.

Please note that this notice does not form part of any employment or service contract.

Our privacy principles

We are committed to ensuring that your personal information is:

  1. Used lawfully, fairly and in a transparent way.
  2. Collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes.
  3. Relevant to the purposes we have told you about and limited only to those purposes.
  4. Accurate and kept up to date.
  5. Kept only as long as necessary for the purposes we have told you about.
  6. Kept securely.

The kind of information we hold about you

Personal information, also known as “personal data”, means any information about an individual from which that person can be identified. It does not include data where a person’s identity has been removed (“anonymous data”).
We also recognise that certain types of personal information are considered more sensitive and therefore require a higher level of protection (“sensitive personal information”).

We may collect, store, and use the following categories of personal information:

  • Contact details, including name, address, telephone number and personal e-mail address, as well as next of kin details;
    Information and references collected during the recruitment process, relating to your education and employment history;
  • Information about your right to work in the US and copies of proof of right to work documentation, such as your passport, visa, birth certificate or other identity documentation;
  • Details of terms and conditions of employment, including pay and benefits;
  • Payroll, tax, pension and SSN information;
  • Performance information;
  • Details of grades and job duties;
  • Absence, self-certification forms and holiday records;
  • Details of disciplinary investigations and proceedings;
  • Details of grievance investigations and proceedings;
  • Minutes from meetings attended;
  • Details of expenses and travel;
  • Training records;
  • Details of your correspondence with the Unily and other information provided by you to Unily during the course of your employment;
  • Details of websites visited using company-provided internet access, emails and messages sent and received and other correspondence, and details of work-related social media, e.g. LinkedIn;
  • Data generated in relation to your location, use of electronic devices and travelling;
  • Photographs and pictures of you from events and on-site CCTV footage at Unily office locations;

We may also collect, store and use the following sensitive personal information:

  • Regarding an employee’s health, for the purpose of compliance with our health and safety and our occupational health obligations (including details on testing and vaccination data where this is required in connection with public health laws or regulations on limiting potential infections or pandemics or other applicable requirements imposed on Unily). To assist with management decisions relating to whether an employee’s health affects their ability to do their job, whether reasonable adjustments are necessary to assist employees with a disability;
  • Related to Unily’s monitoring programmes to ensure equality of opportunity and diversity with regard to personal characteristics protected under applicable anti-discrimination laws. This may include (where permitted by law and provided voluntarily) information about an employee’s race and ethnic origin. For the purpose of insurance, pension, sick pay and other related benefits in force from time to time;
  • In connection with necessary employment background checks, including criminal records checks to enable Unily to assess an employee’s suitability for employment.

How your personal information is collected

We typically collect personal information about employees, workers and contactors through the application, recruitment and on-boarding process, either directly from candidates or sometimes from an employment agency. We will also collect additional information from third parties including former employers and background check agencies.

We will collect additional personal information in the course of job-related activities throughout the period of you working for us. This will include your information from your line manager (for example, in respect of performance reviews) or, from time to time, from other managers or colleagues (for instance, in the course of conducting an investigation).

We may also receive personal information from other third parties, for example clients, tax authorities, benefit providers, brokers and regulatory bodies to the extent permitted by applicable laws

Use of CCTV

We use CCTV in and around our buildings to maintain the security of property, premises, and staff, and for the prevention and detection of crime. For these reasons, personal information may be collected through the means of CCTV, including visual images, and information revealing personal appearance or behaviours.

How we will use information about you

We will only use your personal information where we have a legitimate reason for doing so. Most commonly, we will use your personal information in the following circumstances:

  1. Where it is necessary for the performance of a contract we have entered with you, or to take steps to enter into a contract (such as your contract of employment);
  2. Where we need to comply with a legal obligation;
  3. Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests;

We may also use your personal information in the following situations, which are likely to be rare:

  1. Where we need to protect your interests (or someone else’s interests);
  2. Where it is needed in the public interest or for official purposes;

Situations in which we will use your personal information

We need all the categories of personal information in the list above (see The kind of information we hold about you) primarily to allow us to perform our employment contract with you and to enable us to comply with legal obligations. We also use your personal information to pursue legitimate interests of our own or those of third parties, provided your interests and fundamental rights do not override those interests.

The situations in which we will process your personal information are listed below. As demonstrated, there may be several grounds which justify our use of your personal information.

Purpose

Justification

Recruitment and selection, including but not limited to processing of the personal information included in CVs, references, interview sheets, pre-employment forms, and results from assessment tests.

The processing is necessary for the purpose of the legitimate interests pursued by Unily, in ensuring that only suitable and appropriate candidates are assessed, shortlisted and selected.

Appropriate vetting and background checks for recruitment and team allocation including, right to work verification, relevant employment or engagement history, academic/education checks and professional qualifications and bringing you on-board and creating an employment record.

The processing is necessary for the compliance with legal obligations to which Unily is subject.

 

The processing is also necessary to take steps at the applicant's request to enter a contract of employment.

Providing and administering remuneration, bonus and pension schemes, benefits and incentive schemes and reimbursement of business costs and expenses and making appropriate pension, tax and social security deductions and contributions;

The processing is necessary to perform the contract between you and Unily and necessary for compliance with legal obligations.

General employee management, including:

  • allocating and managing duties and responsibilities and the business activities to which they relate;
  • planning and allocating work and measuring working hours;
  • providing and managing annual leave and business travel;
  • managing flexible working/part-time arrangements/time sheets/attendance records of employees;
  • maintaining emergency contact and beneficiary details;
  • managing health and safety at work and investigate and report on incidents/accidents.

The processing is necessary to perform the contract between you and Unily and, where necessary, for compliance with legal obligations.

 

The processing is also necessary for the purpose of the legitimate interests pursued by Unily. Unily considers that it has a legitimate interest in managing its workforce and ensuring that each employee undertakes appropriate duties, are properly trained and undertake their roles correctly and in accordance with appropriate procedures.

Identifying and communicating effectively with employees, including managing internal directories to facilitate contact and effective working and communication;

The processing is necessary for the purpose of the legitimate interests pursued by Unily.  Unily considers that it has a legitimate interest in undertaking normal business operations and maintaining a dialogue with employees to ensure effective management and job satisfaction.

Managing and operating appraisal, conduct, performance, capability, behavioural, absence and grievance related reviews, allegations, complaints, investigations and processes and other informal and formal HR and legal compliance processes and making related management decisions;

The processing is necessary to perform the contract between you and Unily and for the compliance with legal obligations to which Unily is subject.

 

The processing is also necessary for the purpose of the legitimate interests pursued by Unily.  Unily considers that it has a legitimate interest in addressing employee related concerns and issues and resolving the same and complying with applicable laws and regulations.

Training, development, promotion, career and succession planning and business contingency planning;

The processing is necessary to perform the contract between you and Unily.

 

The processing is also necessary for the purpose of the legitimate interests pursued by Unily.  Unily considers that it has a legitimate interest in effective employee management to support its long-term business goals and outcomes to ensure it continues to retain as well as attract high calibre employees.

Processing information about absence or medical information regarding physical or mental health or condition in order to:

  • assess eligibility for incapacity or permanent disability related remuneration or benefits;
  • determine fitness for work;
  • facilitate a return to work;
  • make reasonable adjustments or accommodations to duties or the workplace;
  • make management decisions regarding employment or engagement or continued employment or engagement or redeployment;
  • and conduct related management processes;

The processing is necessary for the compliance with legal obligations to which Unily is subject.

 

The processing is also necessary for the purpose of the legitimate interests pursued by Unily.  Unily considers that it has a legitimate interest in ensuring that employee undertakes appropriate duties, are properly trained, supported by management and undertake their roles correctly and in accordance with appropriate procedures.

Complying with reference requests where Unily is named by the individual as a referee;

This processing is necessary for the purpose of the legitimate interests pursued by Unily. Unily considers that it is in the legitimate interests of a new employer to receive confirmation of employment or engagement details from Unily for the purposes of confirming the former employee's employment or engagement history.

Operating email, IT, internet, social media, HR related and other company policies and procedures.  To the extent permitted by applicable laws, Unily carries out monitoring of Unily’s IT systems to protect and maintain the integrity of Unily’s IT systems and infrastructure; to ensure compliance with Unily’s IT policies and to locate information through searches where needed for a legitimate business purpose;

The processing is necessary to perform the contract between you and Unily and for the compliance with legal obligations to which Unily is subject.

 

The processing is also necessary for the purpose of the legitimate interests pursued by Unily. Unily considers that it has a legitimate interest in managing its workforce and operating its business through IT systems.  The HR IT function is essential to ensuring that this can be carried out in the most effective way.

Protecting the private, confidential and proprietary information of Unily, its employees, clients and third parties and protecting the security of our sites, systems, employees and visitors e.g. through the use of CCTV;

The processing is necessary for the compliance with legal obligations to which Unily is subject.

 

The processing is also necessary for the purpose of the legitimate interests pursued by Unily. Unily considers that it has a legitimate interest in ensuring that its business, clients, employees and systems are protected.  This includes protecting our assets and the integrity of our systems; and detecting and preventing loss of our confidential information and proprietary information.

Complying with applicable laws and regulations (for example, maternity or parental leave legislation, working time and health and safety legislation, taxation rules, worker consultation requirements, other employment laws and regulations);

The processing is necessary for the compliance with legal obligations to which Unily is subject.

Planning, due diligence and implementation in relation to a commercial transaction or service transfer involving Unily that impacts on your relationship with Unily for example mergers and acquisitions or a transfer of your employment under applicable automatic transfer rules;

The processing is necessary for the compliance with legal obligations to which Unily is subject.

 

This processing is also necessary for the purpose of the legitimate interests pursued by Unily.  Unily needs to make decisions relating to the future of its business in order to preserve its business operations or grow its business.

Where relevant, for publishing (including via social media in appropriate circumstances) internal or external communications or publicity material;

The processing is necessary for the purpose of the legitimate interests pursued by Unily.  Unily considers that it has a legitimate interest to support its long-term business goals and outcomes and Unily wishes to maintain its reputation.

Note: employees’ will be provided with the opportunity to opt out.

To support HR administration and management and maintaining and processing general records necessary to manage the employment, employees or other relationship and operate the contract of employment or engagement;

The processing is necessary to perform the contract between you and Unily and for the compliance with legal obligations to which Unily is subject.

 

The processing is also necessary for the purpose of the legitimate interests pursued by Unily.  Unily considers that it has a legitimate interest in effective employee management to support its long-term business goals and outcomes.

To enforce our legal rights and obligations, and for any purposes in connection with any legal claims, reports of violations or allegations made by, against or otherwise involving you.

The processing is necessary for the purpose of the legitimate interests pursued by Unily. Unily considers that it has a legitimate interest in protecting its organisation from breaches of legal obligations owed to it and defending itself against litigation.  This is needed to ensure that Unily’s legal rights and interests are protected appropriately, to protect Unily’s reputation and to protect Unily from other damage or loss. 

 

The processing is also necessary for the compliance with legal obligations to which Unily is subject.

To monitor the existence or absence of equality of opportunity or treatment for Unily’s employees regardless of gender and ethnic or racial origin, with a view to enabling such equality to be promoted or maintained.

The processing is necessary for the purpose of the legitimate interests pursued by Unily. Unily considers that it has a legitimate interest in monitoring and promoting equal opportunities in the recruitment process and workplace. This also helps Unily to ensure compliance with its legal obligations in this regard.

The use of employee photographs for internal business purposes, to generate employee engagement within the workplace.

The processing is necessary for the purpose of the legitimate interests pursued by Unily. Unily considers that it has a legitimate interest in generating employee engagement within the workplace as part its efforts to maintain employee motivation, satisfaction, and retention levels.

Note: employees’ will be provided with the opportunity to opt out.

Please note that this not an exhaustive list and we may process your data for other purposes that are consistent with the justification on which we process your personal information. Further, additional information regarding specific processing of personal information may be notified to you locally or as set out in applicable policies.

If you fail to provide personal information

If you fail to provide certain information when requested, we may not be able to perform the contract we have entered into with you (such as paying you or providing a benefit), or we may be prevented from complying with our legal obligations (such as to ensure the health and safety of our workers). Where we ask you to provide personal information to us on a mandatory basis, we will inform you of this at the time of collection and in the event that particular information is required by the contract or statute this will be indicated.

How we use sensitive personal information

We recognise that sensitive personal information requires a higher level of protection. As such, we will only process this type of personal information where it is strictly necessary for us to collect, store, and use it. For example, we may process sensitive personal information in the following circumstances:

  1. Where we need to carry out our legal obligations, such as those in connection with employment, social security, and social protection law.
  2. Where it is needed to assess your working capacity on health grounds, subject to appropriate confidentiality safeguards.

Less commonly, we may process this type of information where it is needed in relation to legal claims or where it is needed to protect your interests (or someone else’s interests), or where you have already made the information public.

Our obligations as an employer

We will use sensitive personal information in the following ways:

  • We will use information relating to leaves of absence, which may include sickness absence or family related leaves, to comply with employment and other laws.
  • We will use information about your physical or mental health, or disability status, to ensure your health and safety in the workplace and to assess your fitness to work, to provide appropriate workplace adjustments, to monitor and manage sickness absence and to administer benefits.
  • We will use information about isolation notices, testing results and vaccination records to ensure health and safety in the workplace and to monitor and limit the chance of infection, where permitted to do so by law.
  • We will use information about your race or national or ethnic origin (combined with information about your gender) to ensure meaningful equal opportunity monitoring and reporting.

Do we need your consent?

We do not need your consent if we use sensitive personal information in accordance with our legal obligations or exercise specific rights in the field of employment law. In limited circumstances, we may approach you for your written consent to allow us to process certain particularly sensitive data. If we do so, we will provide you with full details of the information that we would like and the reason we need it, so that you can carefully consider whether you wish to consent. You should be aware that it is not a condition of your contract with us that you agree to any request for consent from us.

Information about criminal convictions

We only use information relating to criminal convictions where it is strictly necessary for us to do so. This will usually be where such processing is necessary to carry out our legal obligations in connection with employment law.

Less commonly, we may use information relating to criminal convictions where it is necessary in relation to legal claims, where it is necessary to protect your interests (or someone else’s interests) and you are not capable of giving your consent, or where you have already made the information public.

  • We will use information in connection with any criminal convictions or offences to enable Unily to assess your suitability for employment. We will also process and share such data with relevant authorities should any criminal activity take place in connection within the workplace.

Data sharing

We will share your data with third parties, including third-party service providers and other entities in the group.

We require third parties to respect the security of your personal information and to treat it in accordance with the law.

We may transfer your personal information outside the US.

If we do, we will take steps to ensure that your personal information is adequately protected.

Why might you share my personal information with third parties?

We may share your personal information with third parties (i) where required by law, regulation or legal process (such as a court order or subpoena); (ii) where it is necessary to administer the working relationship with you; (iii) in response to lawful requests by government agencies; or (iii) where we have another legitimate interest in doing so.

What sort of third-parties might my personal information be shared with?

The following are examples of third-parties with whom personal information about you may to be shared with:

  • US state and federal government departments such as the Internal Revenue Service or Occupational Health and Safety Administration, to meet statutory obligations;
  • Background check providers;
  • Employment-related benefits providers and other third parties in connection with your benefits (such as your pension, health insurance provider etc.);
  • Payroll/tax providers;
  • Law enforcement agencies for the prevention or detection of crime;
  • External auditors, insurers, investors and lenders;
  • Medical/occupational health professionals;
  • Consultants and other professional advisors (such as lawyers, accountants etc.),
  • Emergency response services as necessary to protect your vital interests or those of another person;
  • IT service providers, such as those responsible for hosting, supporting and maintaining the framework of Unily’s information systems (including our HR systems);
  • Landlords and office access providers;
  • Social media and marketing suppliers;
  • Employee learning and development providers.

How secure is my personal information with third-party service providers and other entities in our group?

All our third-party service providers and other entities in the group are required to take appropriate security measures to protect your personal information in line with our policies. We do not allow our third-party service providers to use your personal information for their own purposes. We only permit them to process your personal information for specified purposes and in accordance with our instructions.

When might you share my personal information with other entities in the group?

We will share your personal information with other entities in our group, including Unily Pty Ltd (Australia) and Unily Group Ltd (UK) where required to, for example, run global processes, carry out group wide reporting, and assist with workforce planning.

Transferring information outside the US

The global nature of our business means that your personal information will routinely be shared with other entities in our group outside of the US, including in the UK and Australia. Unily has an intra-group data transfer agreement in place which regulates cross-border transfers of your personal information within the group.

We may also use international suppliers and service providers, whose personnel or systems may be located outside of the US, resulting in the transfer of your personal information to third countries. In these cases, we will take steps to ensure that your personal information receives an adequate level of protection by entering into appropriate third-party data sharing agreements.

Data security

We have put in place measures to protect the security of your personal information. Details of these measures are available upon request.
Third parties will only process your personal information on our instructions and where they have agreed to treat the information confidentially and to keep it secure.

We have implemented appropriate security measures to prevent unauthorised access, alteration, disclosure, or accidental loss of your personal information. Only authorised employees, agents, contractors, and third parties with a business need to know will have access to your personal information, and they are subject to a duty of confidentiality.

We have an Incident Management Policy that outlines the process for investigating, managing, and resolving incidents, which are monitored by the Information Security Manager and the Data Protection Officer.

Data retention

How long will you keep my personal information for?

We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. To determine the appropriate retention period for personal information, we consider the amount, nature, and sensitivity of the personal information, the potential risk of harm from unauthorised use or disclosure of your personal information, the purposes for which we process your personal information and whether we can achieve those purposes through other means, and the applicable legal requirements.

Retention periods can vary depending on why we need your data, as set out below:

Record Type

Retention Period

HR records

7 years post-employment

Medical and benefits data

6 years post-plan termination  

I-9 forms  

3 years post-employment

Recruitment data – successful candidates

2 years post-hiring date  

Recruitment data – unsuccessful candidates

6 months post-campaign

In some circumstances we may anonymise your personal information so that it can no longer be associated with you, in which case we may use such information without further notice to you.

Duty to inform us of changes

It is important that the personal information we hold about you is accurate and current. Please keep us informed if your personal information changes during your working relationship with us.

Data protection officer

We have appointed a Data Protection Officer to oversee Unily’s data protection compliance. If you have any questions about this privacy notice or how we handle your personal information, the Data Protection Officer and wider Data Protection Team can be contacted at privacy@unily.com.

Changes to this privacy notice

We reserve the right to update this privacy notice at any time, and we will provide you with a new privacy notice when we make any substantial updates. We may also notify you in other ways from time to time about the processing of your personal information.

Issue

Description of Change

Approval

Date of Issue

Review Date

 

1.0

Initial Issue

Data Protection Officer

March 2023

March 2024

Classification: Public

Insights to your inbox

The list that everyone wants to get on. Subscribe to receive the latest insights, upcoming events, and inside scoops.