Employee Privacy Notice
1. Introduction
This Employee Privacy Notice ("Notice") applies to the ABB Group of companies, which means ABB Ltd and each entity in which ABB Ltd, directly or indirectly, has a majority holding or owns or controls the majority of voting rights.
The ABB company that is your employer (referred to as "ABB" or "we") is responsible for the processing of your personal data and controls how it is used, in accordance with this Notice and in accordance with the applicable laws of your jurisdiction (including without limitation the Personal Data Protection Act and the subordinated legislatures enacted and amended thereafter).
At ABB respecting your data protection rights is a top priority. This Notice explains how ABB use personal data about you and what rights you have regarding your personal data.
2. Who is responsible for the processing of your personal data?
ABB Ltd and its subsidiary companies are responsible for your personal data. For applicable privacy and data protection laws, the primary controller of your data is the ABB (Thailand) Company Limited – the ABB Group subsidiary company which is your current (or former) employer. Other subsidiary companies of ABB may also receive and process your personal data, either in the capacity of controller or processor, and this Notice applies equally to them.
3. The types of personal data ABB collect and use?
Sources of your Personal Data. ABB may obtain Your personal data: (a) directly from the recruitment/onboarding / employment process, directly from your job performance and other communication that ABB may have with You; (b) in some cases, ABB will also process Your personal data indirectly from third parties, including without limitation the administration services providers and the subsidiary or affiliates; and (c) in some cases, ABB will create and collect your personal data through the performance evaluation or assessment made by ABB and its personnel.
ABB collect and use personal data that concerns You in connection with your employment at ABB, including the following categories of personal data:
- Personal details and identification data such as name, personal and business address, personal and business telephone number, personal and business email address or any other contact details, date and country of birth;
- Personal data related to family and social circumstances such as gender, age, marital and family status (including also the name and contact details of the next of kin); provided that in case the personal data of the third-party data subject being shared with ABB, ABB shall deem that You represent and warrant your right to disclose those personal data to ABB to process under this Notice;
- Employment related personal data such as employee number, signature, employment status, social security and tax numbers, insurance number, country of residence, nationality, photo, emergency contacts and passport information, work and residence permit, immigration status and travel visa information; and any other information required in the employment onboarding document or the government forms to be submitted to the relevant authority to register your employment;
- Qualificationssuch as qualifications and certifications including current and previous positions, education and training courses, resume/CV, records of education and work achievements, in some cases: contact details of referees and results of capability assessments and interview assessment/feedback.
- Job information and work metricssuch as position, title, employment contract, payroll ID, line manager, job band, performance history, employment status, leave of absence information, working time logging, training records, performance targets and development goals. In some cases, ABB may also record results of capability assessments, safety reports and incidents, professional feedback;
- Compensation, allowances, benefits and expense related informationsuch as salary data, payroll data, pension plan number and contributions, non-salary benefits, bonus, compensation, share options, dependents, beneficiaries or health benefit nomination, bank statements, expense claims and receipts, bank account details, credit card data, phone expenses and insurance data;
- Electronic identification data and information (where employee has access or is affected by such systems or applications) such as access logs, IT and internet usage, device identifiers (mobile device ID, PC ID etc.), registration and login credentials, IP address, tracking and analytics data, recordings (e.g. voice mail/call recordings), posts on corporate platforms (e.g. Yammer), password recovery data, information obtained via IT security tools;
- Financial and other details such as account information, credit checks, payment details and transactions, investigation information and disciplinary history.
- Other personal data (which may include special categories of information as mentioned below)namely where you may register these data on or in ABB systems, programs and application such as business documents containing personal information (e.g. queries, questions, complaints, orders and related records; emails; reports; contracts; presentations, minutes; work products), photos, images and/or videos.
Sensitive personal data (as defined under Personal Data Protection Act) that will only be collected and processed, if at all, with Your consent in accordance with applicable personal data protection laws namely health and medical information, including disability status, special working conditions (such as use of a standing desk) and medical devices needed on the premises, work related injury and illness information, data for travel emergency support (blood type, medical history, allergies).
4. Why ABB use your personal data?
The use of Your personal data provided during the employment will be limited to a need basis and shared only with the employees and third parties that are directly involved in the employment processes and the performance of the rights and obligations of ABB and You under the employment agreement. All of the personal data ABB being collected and defined under this Notice will be used for the following purposes and the following lawful basis:
- ABB processes your personal data for the fulfillment of obligations in your employment contractand similar collective employment agreements or as part of pre-contractual measures to establish employment and related contracts, including without limitation for the following activities:
- to manage salary payment; to assess, supervise and/or evaluate your performance in order to provide rewards or benefits to you or to enforce any sanction against you in case of violation of the employment agreement or other labor regulations under which ABB is entitled to take relevant action legitimately as an employer under employment agreement;
- to manage and/or supervise the provision of the employment benefits, to manage the verification of your right and your benefit as defined under the employment agreement, i.e., insurance rights and/or claims for compensation, management of health checks (either for yourself or family member or your related person in accordance with the conditions provided by ABB) and to monitor sickness and other leave and vacations management;
- to contact and coordinate with you for the purpose of supervising and/or managing the relationship between you and ABB or in emergency cases;
- to support, manage, and/or control your demands relating to health, medical, security, and benefits that ABB may consider providing to you; and
- to organize ABB events and documentation of such events, including managing and organizing internal non-marketing related campaigns, events and meetings, travel and expenses management and organization of business trips, including monitoring of travelers to provide support during security or medical emergencies; providing travel security, health and safety training and on voluntary basis assistance in giving security support during emergencies;
- In some cases, ABB processes your personal data on the basis of statutory requirements, for example, on the basis of labor and social security law, allowances, tax, and accounting or reporting obligations, cooperation obligations with authorities in order to carry out our contractual responsibilities as an employer;
- In some cases, ABB relies on our legitimate intereststo process your personal data insofar as this is not overridden by your own privacy interests. Such interests may include:
- monitoring (for example, through IT systems), investigating and ensuring compliance with legal, regulatory, standard, and ABB internal requirements and policies;
- prevention of fraud and criminal activity, including investigations of such activity, misuse of ABB assets, products, and services, and as strictly necessary and proportionate for ensuring network and information security;
- transmitting personal data within the ABB group for internal administrative purposes as necessary, for example, to provide centralized services;
- undergoing human resources management including organization and personal administration, working hours management, talent management and acquisition, learning and development management including certifications, training staff, and performing assessments and satisfaction surveys from you as the employee;
- improving and maintaining effective staff administration, internal workforce analysis, reporting and planning; monitoring staff transfer management from different affiliates and succession planning; and planning reorganization, acquisition, and sale of activities, business units, and companies;
- planning internal health and safety programs including health and safety and accident records or reporting and managing process quality;
- internal and external communication of ABB’s organization and representation of ABB including commercial register and assigning powers of attorney;
- managing ABB assets including pictures and videos depicting employees or other individuals available for download on the ABB intranet, ABB website, etc.;
- business reporting, statistics and analytics;
- maintaining and protecting the security of products, facilities, services, systems, networks, computers and information, preventing and detecting security threats, fraud or other criminal or malicious activities, and ensuring business continuity;
- managing IT resources, including infrastructure management including data back-up, information systems’ support and service operations for application management, end user support, testing, maintenance, security (incident response, risk, vulnerability, breach response), master data and workplace including user accounts management, software licenses assignment, security and performance testing and business continuity; and
- maintaining the employee tracking record and registrar, including in particular the record of all the former employee who leaves ABB for whatever reasons, including but not limited to being terminated, resigning or being separated, for the purpose that ABB can recheck such record in such employee re-apply for any position with ABB; provided that access control measures shall be implemented to ensure such information can only be shared on the necessary basis.
- In exceptional circumstances, ABB may ask your consentat the time of collecting the personal data, for example, photos for the use in communications materials and events; or the disclosure of your personal data to any third party that may not relate directly to the employee benefit defined under the employment contract. If ABB ask you for consent in order to use your personal data for a particular purpose, ABB will remind you that you are free to withdraw your consent at any time.
- With regard to sensitive personal data, ABB will only process such data in accordance with applicable law: in particular
- with your explicit consent for specific activities in accordance with applicable law;
- when necessary for exercising rights based on employment, social security or social protection law or as authorized by collective agreement, or for preventive and occupational medicine or and evaluation of working abilities; or
- where necessary for establishment, exercise and defense of legal claims.
In addition to your personal data, certain personal data may be collected from you relates to your next of kin, other related persons and emergency contacts. In these cases, you are requested to inform such persons about this Notice.
5. How long do ABB process and keep your personal data?
ABB acknowledge that applicable data protection laws require that we do not keep personal data in an identifiable form for any longer than is necessary for the purpose for which the personal data is being processed. Through the setting of IT applications and policies we ensure that your personal data is deleted when we no longer need it. The general retention framework that ABB will comply is defined as follows:
- Based on mandatory legislation (i.e., taxes, accounting, labor protection, or social security), ABB must keep certain personal data for a minimum period of time. For example, employment contracts, information about salary payments and reimbursements need to be kept for a minimum period based on local corporate and tax legislation;
- ABB would need to retain your personal data throughout the employment terms and for the period of time that would be necessary for ABB to exercise our rights to claim against you in case of any dispute as defined in our Records Management Directive GD/LI-44or your local records management directive;
- in case any personal data being used in the advertisement and public relation materials, ABB reserve the right to process and retain your Personal Data for the period of time that is necessary for such Company’s business
After an applicable retention period has lapsed, we will securely delete or anonymize your personal data, unless there are specific circumstances that require us to keep such personal data, such as legal or regulatory obligations or to resolve potential disputes.
For more information regarding specific retention periods that apply to your personal data, please submit a request at www.abb.com/privacy.
In case you are working at a third-party site (for example ABB customer location or facility), such third party may need to process your personal data for their purposes acting as a data controller. In these cases, you will receive or may request a separate privacy notice from the relevant data controller.
6. What happens if you do not provide us with the information ABB have requested?
Where it concerns processing operations related to your employment (as described above), ABB will not be able to adequately employ You without certain personal data and you may not be able to exercise your employee rights if you do not provide the personal data requested. Although ABB cannot mandate you to share your personal data with us, please note that this then may have consequences which could affect your employment in a negative manner, such as not being able to exercise your statutory rights or even to continue your employment. Whenever you are asked to provide us with any personal data related to you, we will indicate which personal data is required, and which personal data may be provided voluntarily.
7. Parties ABB share your personal data with (in and outside the EU and EEA or outside the country where your employer is located)
ABB only share your personal data with other ABB affiliates or third parties as necessary for the purposes described below to the extent only necessary to fulfill the relevant purposes defiined under the scope of the data processing agreement to be entered into between ABB and the relevant third parties:
- ABB affiliates (inside or outside of Europe) who provide human resource management, talent management, and organizing internal training and events for the purpose of ABB and you as the employee;
- ABB customers, distributors, agents, and business partners for the purpose of project placements, carrying out audits, reviews and regulatory checks, customer relationship management, and travel and expense management;
- Other service providers being engaged by ABB to provide IT services, HR and training, payroll and payment processors, insurance company and pension fund, and professional and advisory services, including accountants, auditors, lawyers, insurers, bankers, recruiters, travel agents, and other advisors working on ABB’s behalf;
- Potential or actual acquirers of ABB businesses or assets for the purpose of the business assets evaluation; and
- Government authorities that ABB is obliged under the applicable laws or the government order/judgment to disclose or share the relevant data subject to such authority.
Where ABB share your personal data with an affiliate or third party so that it transfers to or becomes accessible from outside the European Union (“EU”) and European Economic Area ("EEA") or outside the country where your employer is located, ABB always put adequate safeguards in place to protect your personal data. Examples of these safeguards are an adequacy decision of the European Commission (read more here), Standard Contractual Clauses (read more here), Privacy Shield certification (read more here), and the Binding Corporate Rules that some of our suppliers have adopted (read more here). ABB have taken additional measures for the transfer of data from within to outside the EU, EEA and outside the country where your employer is located to protect your personal data. If you would like an overview of the safeguards which are in place, please submit a request at www.abb.com/privacy.
8. Security and monitoring of ABB systems and sites
ABB undertakes to implement appropriate personal data security measures to prevent any unauthorized and unlawful access, modification, amendment, or disclosure of personal data and to maintain the confidentiality and security of the personal data. ABB commits to review these measures on a regular basis to ensure their compatibility with the standards and to the relevant laws.
ABB sees securing the security of Personal Data under ABB’s posession as a shared responsibility, where it takes the necessary steps to secure such data, we expects our staff members to do the same. You can read more about our security measures and your responsibilities End User Security Policy.
For business reasons, and in order to maintain IT security measures, information about the use of ABB's systems including telephone (mobile and fixed) and computer systems (including email and internet access), and any personal use of them, is collected and monitored, and used when necessary for the security of ABB’s system and compliance with ABB security group policies and in accordance with the applicable law.
- If you access services by the use of passwords and login names on ABB's IT and communication systems, this might mean that your access details can be seen by ABB.
- Monitoring is only carried out if and to the extent permitted or as required by law and as necessary and justifiable for business purposes. The resulting log files will be kept for a minimum period in accordance with section 7. This is required so that instances of attempted misuse and other security events can be detected, and that information is available to support any subsequent investigation and follow up actions. To the extent permitted by law and internal policies, action may be taken under the disciplinary procedure.
- If necessary such information may be handed to the police or other law enforcement agencies. Investigations and disclosure of information to the relevant authorities shall be carried out only to the extent permitted by law.
9. Which data protection rights do you have with regards to your personal data?
ABB respects your statutory rights under the applicable laws that You may have over your personal data as follows: (a) the right to correct any error in your personal data or update it; (b) the right to access your personal data and receive a copy of your personal data that ABB hold, (c) the right to delete your personal data that ABB no longer have a lawful ground to use; (d) the right to port your personal data to a new data processor (if applicable); (e) the right to object to the processing of your personal data based on the legitimate interests grounds; (f) the right to suspend the use of your personal by ABB whilst a complaint or during your right to object or delete is being investigated, or (g) the right to withdraw consent, whenever ABB have asked for your consent for processing of your personal data.Please note that the rights described above are not absolute, and that your request cannot always be met entirely. If you want to know more about your data protection rights as well as the conditions and restrictions under which they are available to you, you may want to refer to the Annex to this Notice.
You may request to enforce any of your data protection rights at www.abb.com/privacy.
10. Contact and further information
If you want to access your personal data, make use of any of your other rights mentioned above or if you have any questions or concerns about how ABB processes your personal data, please contact our Group Data Protection Officer at privacy@abb.com, or submit your complaint at www.abb.com/privacy. Should you not be satisfied with our response or believe we are processing your personal data against the law, you have the right to file a complaint with the Data Protection Authority in your country of residence or work, or seek a remedy through the courts where you believe an infringement of data protection laws (and your rights) may have taken place.