P&G values the trust and loyalty of our Employees and has designed this Global Employee Privacy Policy to meet both the business needs of the Company and the security and protection of P&G Employees' Personal Information. This policy informs you of how The Procter & Gamble Company, its subsidiaries and/or affiliates ("P&G" or the "Company") will collect and manage Employee Personal Information. It also describes the Company's expectations for those who collect and manage Employees' Personal Information.
This Policy is in line with P&G's Purpose,Values, and Principles. In addition,many countrieshave specific legal requirements governing the use of Personal Information, including Employee Personal Information. The Company will comply with all such laws and regulations, including local data protection and co- determination laws, and it will implement additional procedures, standards, and policies wherever needed to meet these requirements.
If you have any questions about this policy, please consult the Policy Contact listed above, your local Legal or HR representative, or the Ethics & Compliance Office at compliance.im@pg.com
Employee Personal Information should only be handled by individuals who have been authorized to do so by the Company. All such individuals must abide by this policy.
The Company expects its Employees and any P&G contractors, suppliers, agencies, temporary workers, or any other parties acting on P&G's behalf (collectively, "External Parties") who collect or manage Employee Personal Information to follow this policy, whether they are utilizing P&G's and/or their own electronic systems and data management tools. Employees are responsible for ensuring that any External Parties they work with in support of P&G operations comply with this policy.
Failure by Employees to comply with this policy can result in disciplinary action which may include termination. All disciplinary action will be applied in a manner consistent with local law. For External Parties collecting or managing Employee Personal Information on P&G's behalf, failure to comply with this policy can lead to negative business consequences, up to and including termination of the business relationship, referrals to regulatory authorities, and/or claims for damages.
The Company makes every reasonable effort to ensure that Employee Personal Information is accurate and up to date for its intended use. Employees are equally responsible for updating and checking the accuracy of the information provided to P&G. If you provide Personal Information of others (e.g., of your beneficiaries and family members), you have the obligation to ensure they have granted consent to provide such Personal Information to the Company. Employees are also responsible for pro tecting the privacy and security of their and other employees' Personal Information by complying with the Company's "Security Fit" guidelines and policies, which can be reviewed at http://security.pg.com
Each P&G business unit shall perform its own self-assessments of compliance with this policy. In addition, P&G Global Internal Audit will periodically assess whether Employees and relevant third parties comply with this policy and related Company standards and procedures when they handle Employee Personal Information. Appropriate follow-up measures, if necessary, are enforced.
P&G respects your privacy. This policy describes how we process Employee Personal Information, the types of information we collect, for what purposes we use it, with whom we share it, and the choices you can make about our use of Employee Personal Information. We also describe the measures we take to protect the security of Employee Personal Information and how you can contact us about our privacy practices.
The types of Personal Information the Company may collect from or about you include, but are not limited to:
The Company may use Employee Personal Information for legitimate business purposes, including, but not limited to the following services and/or activities:
Whenever reasonably possible and consistent with P&G's legitimate business interest, your consent, the Company's legal obligations, and/or to comply with the Company's contractual obligations, P&G will inform you about the Personal Information that is collected about you and how it will be used. We will ask for your consent when you choose to use voluntary services we offer to our Employees from time to time, such as internal or external social networking platforms or other online tools.
P&G will only share Employee Personal Information with those who have a legitimate business interest to know.
P&G may share your information with External Parties who perform P&G business operations on our behalf. The Company requires that External Parties provide equivalent levels of protection as applied by the Company when handling Employee Personal Information. We contractually require data processors operating as our vendors to process Employee Personal Data solely in accordance with our instructions and to use appropriate administrative, technical, and physical security methods to protect such data. These data processors may not otherwise use or disclose the information, except as authorized by P&G, and/or to comply with legal requirements.
There are certain situations where you will be asked to share personal information directly with providers connected to P&G's employee services, where P&G does not control how your data is processed (e.g., pension providers). In those situations, please ensure you read and understand the privacy policies and practices of such providers.
Employee Personal Information may be shared with our headquarters and affiliates globally as necessary and appropriate to fulfill business-related purposes, including providing necessary benefits and payments to you. You can find information on how we protect Employee Personal Information in such a situation in Section 4.5 of this policy.
We may also disclose Employee Personal Information to respond to required legal processes; to enforce or protect the rights and policies of P&G; or to assist in the investigation of suspected or actual illegal activity. We may also share Employee Personal Information in the context of a business transaction involving part or all P&G business operations,such as a merger or acquisition. Following such a business transaction, you may contact the entity to which we transferred your Employee Personal Information with any inquiries concerning the use of that information.
You have the right to contact us and request to access the Employee Personal Information that we process and use about you. You may request that inaccurate, outdated or no longer necessary information be corrected, erased or restricted. Where required by applicable law, you may ask P&G to provide your data in a format that allows you to transfer your data to a service provider as appropriate in the circumstances. Where the processing of Employee Personal Information is based on consent, you have the right to withdraw your consent at any time.
When exercising these rights, we encourage you to first visit the "My Personal Information" section within "Life & Career" to verify your Employee Personal Information, update it and download it as needed. For any additional requests, please contact your Employee Care Team (contact details available on Life & Career) or a Human Resources representative in your country. If you are not happy with our response to your requests, you may lodge a complaint with the data protection authority in your country.
Employee Personal Information may be transferred to other countries. P&G is a global business and has employees in many countries. Employee Personal Information may be stored in systems in the United States or elsewhere, accessed from other P&G affiliates worldwide, including their service providers, or transferred to other countries of the world as necessary to conduct the relevant business operations. This means that your Employee Personal Information may be transferred to countries outside the country in which you work. When your information is transferred to or accessed from countries outside your home country, we implement appropriate safeguards as well as any legally required contractual requirements to protect your information.
We implement appropriate physical, administrative and technical measures, such as pseudonymizing, encryption and access controls, designed to protect Employee Personal Information against accidental, unlawful or unauthorized destruction, loss, alteration, disclosure, access or use, and all other unlawful forms of processing.
We keep Employee Personal Information for as long as necessary to fulfill business-related purposes, unless a longer retention period is required or permitted by applicable law. In some cases, we may need to retain Employee Personal Information for a period of time after the termination of your relationship with P&G in order to comply with legal or contractual obligations.
The Company monitors some network and device usage. P&G has an obligation to protect its employees, assets, and facilities. To that end, P&G has created an Electronic Network and Device Monitoring Policy [https://pgone.sharepoint.com/sites/PrivacyCentral/Pages/devicepolicy.aspx] to help meet our legal obligations and to help employees understand how this monitoring activity protects them and the Company. Under this policy, P&G monitors its networks and devices for two purposes: (i) to protect the security of P&G people, data, network, assets, facilities, reputation and competitive interests; and (ii) to investigate suspected or confirmed misconduct under P&G policy or violations of law (including in support of litigation). This monitoring is consistently handled in compliance with relevant laws and Company policies.
P&G acknowledges that certain types of data are more sensitive than others. Privacy laws around the world often use differing terminology in naming these categories of sensitive data, and also set varied compliance requirements for companies to follow in their processing of this data. No matter the terminology and requirements set by local laws, P&G ensures that it meets the relevant compliance elements in its processing of these more sensitive categories of personal data. In addition, P&G has, for purposes of some countries' laws, labelled some categories of higher sensitivity data as "Sensitive Personal Information" or "SPI." P&G defines SPI to be any information relating to an identifiable person that includes or implies race, ethnicity, political views, religion, health, sexual orientation, genetic or biometric data, and information about criminal convictions and offenses.
To limit P&G's potential to access your Sensitive Personal Information in the course of running its business operations, your personal use of SPI is prohibited on P&G networks and devices. This means that an employee may not use Company devices (e.g., computers, Company provisioned tablets, CorporateMobile, etc.) or Company networks (P&G wireless internet connections, telephony networks, and LAN) for personal purposes involving SPI. For example, employees should not visit websites that strongly imply SPI such as medical specialists' webpages or webpages for houses of worship. This means that employees may NOT use functionality like email/calendar/web browsing for any personal activity that uses or implies SPI data. To be clear, P&G will not monitor SPI (or any data for that matter) on personal employee devices that do not connect to P&G networks.
Related to the previous paragraph, the only permitted use of SPI is Company-related. For Company-related purposes, P&G processes and uses your SPI in only in two, specific ways: (1) as required for business and employment purposes (e.g., providing you with health benefits, recording work disabilities or injuries, etc.) and (2) based on your consent when you participate in Company-approved groups (as examples, GABLE and AALN) or use Company-sponsored applications that might gather SPI (for example, a Company health and wellness app).
Given the above, P&G will only process Sensitive Personal Information to provide you with a Company benefit, fulfill an obligation under employment law, and/or to protect your data from cybersecurity threats. If you have more questions about what is SPI and/or how P&G handles such data, please contact the corporate privacy team, at the email address provided in Section 6.0 below.
The P&G entity with which you have your employment relationship is your employer and therefore the controller of your Employee Personal Information. If you have questions about your Personal Information, contact the HR representative in your country or email us at [corporateprivacy.im@pg.com]. Please also see Section 4.4 above for information about how to exercise any of your rights under applicable data protection laws. For contact information specific to certain countries, see Addendum A to this Notice. If you have concerns about a potential data breach of your Employee Personal Information or any personal information being handled by P&G, please email us at securityincident@pg.com.
Resources: Resources available to you are listed on Privacy Central [http://privacy.pg.com], including the P&G-designated country-level Data Protection Officers (see Appendix A).
Questions About Use of Your Employee Personal Information: If you are asked to provide Personal Information about yourself or your family members and you question the business relevancy of the request or if you have other questions or concerns regarding your Employee Personal Information, please contact your HR representative.
Reporting Potential Policy Violations: If you feel this policy has been violated, you have many resources available to help you, including your immediate manager, your HR representative, the Company's Global Privacy Officer, a member of the P&G Legal Division, WBCM Helpline (where applicable) and/or your Data Protection Officer (where applicable). We will follow the Company's Incident Response Guidelines for any reported violation.
Future Modifications of This Policy: P&G reserves the right to modify this policy as needed, for example, to comply with changes in laws, regulations, Company practices and procedures, or to respond to new threats or new requirements imposed by data protection authorities. Where such changes materially affect our processing of your Employee Personal Information, we will accordingly notify you.
Employee: For the purposes of thi spolicy,the term Employee includes current and former P&G employees and retirees.
Personal Information: Any information relating to an identified or identifiable individual.
The Company or P&G: For purposes of this policy, the Company or P&G refers to The Procter & Gamble Company and/or its subsidiaries and affiliates.