Stoneridge Global Employee Privacy Policy

Protecting the privacy of Stoneridge’s employees and prospective employees is an essential part of our privacy program and of our relationship with our employees. We are committed to the proper handling of the Personal Information we collect and use in connection with your employment relationship with us. This Employee Privacy Policy (“Policy”) describes the information the Stoneridge Group of companies (“Stoneridge) gathers and uses in connection with your employment or potential employment by Stoneridge, and describes the purposes for which Stoneridge collects, uses, and shares Personal Information in connection with your employment relationship with Stoneridge. This Policy complies with the General Data Protection Regulation (EU) 2016/679 (“GDPR”) and the UK GDPR where applicable, as well as other relevant data protection laws in jurisdictions where Stoneridge operates. The Stoneridge Group of companies includes all entities held by Stoneridge, Inc., including but not limited to Stoneridge Electronics, Ltd. and Orlaco. This Policy is applicable to current and former employees, our contracted external workforce, and candidates for employment and their respective dependents (collectively, “Employees”). For purposes of this Policy, Personal Information includes information that identifies, relates to, describes or is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly to, a particular Employee (or potential Employee) or their household.

1. Data Controller

Stoneridge is the data controller under the data protection laws applicable to our business with regard to the information regarding our Employees that we gather and process in the ordinary course of our business. For cross-border processing, Stoneridge acts as a joint controller with its EU affiliates. Stoneridge is responsible for processing Employee’s Personal Information in compliance with this Policy and with those laws.

The primary contact person for privacy matters in employment is:

Stoneridge.
Data Privacy Manager
39675 MacKenzie Drive, Suite 400
Novi, Michigan, USA 48377
privacy@stoneridge.com
001 248 419 0407

Alternatively, inquiries can be made to the appropriate local Stoneridge Human Resources contact.

2. Legal Basis and Purpose of Processing Personal Information

2.1 Recruitment

Stoneridge collects and processes Personal Information for the purpose of recruitment. Stoneridge processes Personal Information of job applicants in order to recruit new employees or reassign current employees and manage other administrative duties related to the recruitment process. The legal basis for processing Personal Information related to recruitment is the pre-contractual necessity to review qualifications of candidates, enable communication about candidates, and take other applicable recruitment steps prior to entering into an employment relationship.

2.2 Management of Your Employment Relationship

The primary legal bases for processing Employees’ Personal Information are the contractual necessity and legal obligation regarding the management of your employment relationship with Stoneridge and Stoneridge’s compliance with its related legal obligations. Stoneridge may process special categories of personal data, such as health or union membership information, only where permitted under Article 9(2) GDPR, for example, to comply with employment, social security, or social protection laws, or with your explicit consent when required. Stoneridge processes Employee Personal Information for the purpose of managing Stoneridge’s Human Resources (“HR”) function and its employment matters and to enforce Stoneridge’s legal and contractual rights and obligations and all actions related thereto, including:

to determine content and terms of employment;
to evaluate job applicants and candidates for employment;
to obtain and verify background checks;
to support Employee training, education, and professional development;
to monitor security at our facilities;
to engage in corporate transactions requiring the review of employee records;
to obtain and manage insurance coverage;
to pay wages, salaries, and benefits;
to administer and maintain benefit plans, including group health insurance;
to manage employee performance in their job duties, including promotions and discipline and termination;
to process payroll;
to track time and attendance;
to manage workers’ compensation claims;
to organize occupational health care where applicable;
to manage work-related travel and reimbursement; and
to administer and maintain retirement programs.

2.3 Providing IT-related services

Stoneridge provides some employees with access to company email and other electronic communications systems solely for the purpose of furthering Stoneridge’s business. Such access is subject to Stoneridge’s policies with regard to appropriate use of its systems.

2.4 Administering the Employee Helpline

Stoneridge provides a third-party Helpline in order for Employees to ask questions or make reports of potential violations of Stoneridge’s Code of Conduct, Compliance Policies, or the law. The Helpline is a means of reporting that is confidential and anonymous, where permitted by local law and unless disclosure of communications to the Helpline is required by applicable law or other legal requirements.

2.5 Processing of Personal Information internally within Stoneridge

Employee Personal Information may be processed among the Stoneridge Group of companies. Processing of Personal Information is based on the legitimate interest to organize and manage internal administrative matters within Stoneridge in an appropriate and practical way. Such processing may occur outside of your country of residence or physical employment, including in the United States of America.

3. Collection of Data

Stoneridge collects the following types of Personal Information regarding Employees:

3.1 Necessary Personal Information for recruitment purposes, such as:

Basic Personal Information, such as name, postal and email address, phone number, and date of birth;
Current job description, such as tasks, title, part-time, or full-time employment;
Recommendations from references;
Interview results and analyses;
National identification number;
Current education, examination, language proficiency, and other qualifications;
Aptitude tests and security clearances, where applicable;
Information obtained through background checks; and
Job application, CV, other relevant qualifications or certificates

This Personal Information typically is collected directly from job applicants. References also may be collected from previous employers when named in the application and from service providers that perform background checks on our behalf. If recruitment is outsourced to a third-party service provider, Personal Information related to an applicant’s professional qualifications may be provided by that party.

3.2 Necessary Personal Information for the performance of the employment contract

Stoneridge’s business requirements and its contractual and legal rights and obligations related to the employment relationship require collection of certain Personal Information, which may include:

Basic Personal Information, such as employee name, postal address, personal email address, date of birth, gender, personal identity code, national identification number, and nationality;
Sensitive personal information such as gender, age, race, religion, national origin, health and medical conditions (including information about sick leaves and medical certificates), citizenship, immigration, and marital status;
Passport and work permit (if needed);
Work-related contact information, such as Employee number and ID, work email, phone number and address, photograph;
Information relating to work-related communications devices provided by Stoneridge, such as cellular phones and the use of those devices, as well as Internet or network activity information;
Information concerning employment relationship and qualifications, such as job description, title, employment history at Stoneridge, employment, start and end date;
Education, examination, language proficiency, other qualification, aptitude tests;
Payroll information, such as salary, benefits, bank account details, data for calculations and payment, travelling expenses, bank related data, tax class;
Leave, attendance, and absence records, such as working hours, annual leaves, family leaves;
Data concerning Union and Work Council membership;
Information concerning professional development, such as assessment records, competence development data, talent planning data;
Information concerning disciplinary matters, reason for end of employment;
Records about work-related accidents;
Emergency contact details, such as name, address, and phone

Stoneridge may process sensitive data if required by applicable law or necessary to meet the above listed purposes.

As a rule, Employee Personal Information is collected directly from Employees. However, Personal Information related to Employee’s professional development, work performance, and potential disciplinary matters may be collected from other sources, such as from the immediate superior, other employees, and witnesses.

3.3 Necessary Personal Information for the purpose of security, such as:

Information needed for managing access to Stoneridge’s premises, systems, and facilities, such as user ID, password, authentication data, and access rights;
Security camera footage at Stoneridge’s premises; and
Technical data related to use of work systems, facilities, and devices, such as log, access, and usage data and IP

3.4 Other data

In addition, Stoneridge may also collect other Personal Information when Employee voluntarily consents and provides the data to Stoneridge.

4. Sharing of Personal Information

Stoneridge may disclose Employee Personal Information to third parties:

When permitted or required by law, such as to tax authorities, insurance companies, pension institutions, occupational health care institutions, and other equivalent authorities;
To trusted services providers, such as outsourced payroll processor, benefits management firms, global travel agency, legal and financial advisors, insurers and insurance brokers, and IT and other service providers, for the purposes listed above. However, at all times, the trusted service providers act on Stoneridge’s behalf and Stoneridge will be responsible for their use of Personal Information;
If Stoneridge is involved in a merger, acquisition, or sale of all or a portion of its assets;
When Stoneridge believes in good faith that disclosure is necessary to protect Stoneridge’s rights, protect Employee safety or the safety of others, investigate fraud, or respond to a government request; and
When compelled by applicable law or legal process.

5. Transfer of Personal Information Outside UK/EU/EEA

Stoneridge may transfer Employee Personal Information outside the United Kingdom and the EU/EEA under the following circumstances:

5.1 Intra-company transfers

As some of the Stoneridge group of companies are located outside of the United Kingdom and the EU/EEA, Personal Information may be transferred outside of United Kingdom and the EU/EEA, including to the United States of America. Stoneridge personnel also may have role-based access to Employee Personal Information from one of the Stoneridge companies located outside the United Kingdom and the EU/EEA. In such instances, these persons are required to access Employee Personal Information because of their legitimate work-related duties, and access to Personal Information is managed with limited access rights, meaning that only personnel with a need to access the Personal Information will be able to do so.

Stoneridge provides appropriate safeguard mechanisms for international data transfers as required by applicable data protection laws. For intra-company transfers, Stoneridge ensures appropriate safeguards for the protection of Personal Information by using approved Standard Contractual Clauses. Employees may request a copy of these safeguards by contacting privacy@stoneridge.com.

5.2 Trusted service providers located outside of United Kingdom and the EU/EEA

Stoneridge’s trusted service providers may process Employees’ Personal Information outside of the United Kingdom and the EU/EEA, including in the United States of America. To the extent Personal Information is transferred to a country outside of the United Kingdom and the EU/EEA, Stoneridge will use the required established mechanisms that allow the transfer to service providers in those thirds countries, such as the Data Protection Agreements and, where necessary, Standard Contractual Clauses approved by the European Commission.

6. Retention of Personal Information

Stoneridge retains Employee Personal Information as follows:

6.1 Recruitment

Personal Information related to applicants we do not hire shall be retained as long as necessary after the announcement of recruitment decision to record and manage the potential employment or to maintain records of prior applicants, unless a different retention period is required by applicable law, in which case, Stoneridge will follow the legal requirements. We also may retain applicants’ Personal Information for a longer period if they request that we do so, for example in the event they again are considered for employment. When Personal Information is no longer required by law or rights or obligations by either party, Stoneridge will dispose of it.

In some instances, Stoneridge may retain Personal Information for a longer period if Stoneridge has a legitimate reason or an obligation to retain such data for the purposes of criminal investigation or corresponding reason.

6.2 Employment relationship

Personal Information related to the employment relationship will be retained only for as long as necessary to fulfill the purposes defined in this Policy. Most employment-related data will be retained during the course of employment or as required by retention periods as required by per applicable law. When the retention of Personal Information no longer is required by law or rights or obligations by either party, Stoneridge may dispose of it.

7. Privacy Rights

Employees may have a right to access Personal Information Stoneridge holds about them, depending on the law applicable to our relationship with them. Where we are required by applicable law or regulation to honor such requests, Employees may update, correct, or ask us to delete their Personal Information. However, please note that certain information is strictly necessary in order to fulfil the purposes defined in this Policy and may also be required by law, such as certain Personal Information relating to the employment relationship. Therefore, the deletion of such data may not be allowed or required by applicable law, which prescribes mandatory retention periods, or may not be possible because of our need to retain the information. A request to delete Personal Information during a recruitment process may result in the termination of the recruitment process.

Employees may have a right to object for processing that is based on Stoneridge’s legitimate interest, depending on the law applicable to our relationship with them and provided that they can demonstrate compelling legitimate grounds. To the extent required by applicable data protection law, employees have a right to restrict data processing.

Employees may have a right to data portability, that is, the right to receive non-confidential Personal Information in a structured, commonly used machine-readable format and transmit the Personal Information to another data controller, to the extent required by applicable law.

Please send requests to:

Stoneridge
Data Privacy Manager
39675 MacKenzie Drive, Suite 400
Novi, Michigan, USA 48377
privacy@stoneridge.com
001 248 419 0407

Alternatively, inquiries can be made to the appropriate local Stoneridge Human Resources contact.

Employees may have a right to make inquiries or file a complaint with national or local data protection authorities.

8. Security

Stoneridge maintains reasonable security measures, including physical, electronic, and procedural measures, to protect Personal Information from loss, destruction, misuse, and unauthorized access or disclosure. Stoneridge uses access control and camera monitoring at premises for the purposes of protecting Stoneridge’s property, preventing unauthorized access to premises, and increasing safety of Employees and visitors. Stoneridge has the legitimate interest to ensure the safety of Stoneridge’s premises and Employees.

Stoneridge maintains information technology (“IT”) security measures to safeguard business information and business assets, avoid criminal activities, and ensure availability of the IT services. For example, Stoneridge limits access to this information to authorized employees and contractors who need to know that information in the course of their job description as well as third-party service providers who may only process data in accordance with Stoneridge’s instructions. Stoneridge has the legitimate interest to ensure network and information security and to safeguard Stoneridge’s important business information and assets. The information security measures are not used for the sole purpose of monitoring of individual employees.

Please be aware that, although Stoneridge endeavors to provide reasonable security measures for Personal Information, no security system can prevent all potential security breaches. In the event of a data breach, Stoneridge will take all appropriate response measures as required by law and Stoneridge policy.

9. Updates to this Policy

This Policy will be reviewed regularly and updated to reflect changes in legislation or Stoneridge’s processing activities. Employees will be informed of any material changes.

10. Contact Stoneridge

For inquiries regarding our Employee Privacy Policy or regarding the Employee Personal Information Stoneridge holds, please contact:

Stoneridge, Inc.
Data Privacy Manager

39675 MacKenzie Drive, Suite 400
Novi, Michigan, USA 48377
privacy@stoneridge.com
001 248 419 0407

Alternatively, inquiries can be made to the appropriate local Stoneridge Human Resources contact.