Sherritt International Corporation
This policy ("Policy") summarizes how Sherritt International Corporation ("SIC") and its affiliates and subsidiaries, together with such joint venture entities, as may be applicable from time to time (collectively, the "Company" or "Sherritt"), may collect, use and disclose an employee's personal information.
This Policy is designed to ensure that Sherritt's employees' personal information is collected, secured, used, disclosed and retained only as may be reasonable and in accordance with applicable laws. Sherritt strives to balance its employee's rights to privacy with the Company's need to utilise personal information to manage the employment relationship and conduct its business.
For the purposes of this Policy:
"personal information" means written, visual or oral information about an identifiable individual which is reasonably required to establish, manage or terminate an employment or volunteer relationship. It does not include the name, title, business address or telephone number of an employee of Sherritt.
"employee" means a potential, current or former employee, Director, or co op/summer student of Sherritt.
The Company is responsible for protecting all personal information in its possession or custody, including information that has been transferred to a third party. Whenever possible, Sherritt will use contractual or other means to provide a comparable level of protection to employees whose personal information has been disclosed to a third party; however, Sherritt is not responsible for the subsequent uses or disclosure of the information by the third party recipient, such as government agencies.
It is the Company's policy to comply with the applicable laws within each jurisdiction in which it operates. Sometimes the applicable laws and/or an individual's right to privacy are different from one jurisdiction to another. Not all jurisdictions in which the Company operates require or permit the Company to treat personal information as described under this Policy.
This Policy is intended to apply to full-time and part-time employees in Canada and expatriate employees who are employed outside of Canada. It is not intended to cover contractors and other persons who may, directly or indirectly, perform work for the Company.
Responsibility for ensuring compliance with the provisions of this Policy rests with senior management of the Company even though other individuals within the Company may be responsible for the day-to-day collection and processing of personal information. Senior management shall designate at least one person to act as Chief Privacy Officer and the Chief Privacy Officer may, from time to time, designate one or more individuals within the Company to act on his or her behalf.
If you are unsure if or how this Policy applies to you, or, for more information on the Company's privacy practices, please contact:
Adam Segal, Sr. Legal Counsel and Chief Privacy Officer
3.0. IDENTIFYING PURPOSES
The Company may collect and maintain under this Policy different types of personal information, including, without limitation:
- resumes and/or applications;
- references and interview notes;
- photographic and video images related to your employment (e.g., security badges and surveillance video);
- letters of offer and acceptance of employment;
- mandatory policy acknowledgement sign-off sheets;
- payroll, wage and benefit information (e.g. social insurance numbers, direct deposit information, group RRSP investment instructions, medical and dental claims, and short and long term disability claims); and
- beneficiary and emergency contact information.
The Company will collect, use and disclose personal information for the following purposes
- eligibility for initial employment, including verification of references and qualifications;
- to administer pay and benefits;
- to process employee work-related claims (e.g. worker's compensation, insurance claims, etc.);
- to establish training, development and/or succession planning requirements;
- to conduct performance reviews and determine performance requirements;
- to assess qualifications for a particular job or task;
- to gather evidence for disciplinary action or termination;
- to ensure company safety and security, including the security of company-held information;
- to protect the Company against an employee's error, omission, or fraud;
- to comply with legally binding collective agreements;
- to compile employee directories (including, amongst other things, personal and emergency contact information and photographs);
- in the case of an employee's image, for inclusion in Company related publications such as corporate newsletters, annual reports, etc.;
- where specifically authorized by an employee or permitted by law, to provide credit or employment references to third parties; and
- to comply with applicable laws and regulations, as well as the policies and procedures of regulatory authorities.
Individuals responsible for collecting personal information on behalf of the Company will collect such information in compliance with this Policy.
Privacy laws do not generally require that the Company obtain an employee's consent for the collection, use or disclosure of personal information. In addition, the Company may collect, use or disclose personal information without an employee's knowledge or consent where it is permitted or required to do so under applicable laws or regulatory requirements.
If consent is required by law, the Company will obtain express written consent where appropriate and may rely on implied consent in situations where the intended uses or disclosures are obvious from the context and the Company can reasonably assume a certain understanding, knowledge or acceptance on the employee's part.
Where required, the form for granting express written consent shall be provided by the Human Resources Department. This will typically occur upon commencement of employment with Sherritt or at such other times as the Company may determine.
The Company will make a reasonable effort to ensure that an employee is advised of the purposes for which personal information will be collected, used or disclosed in a manner that the employee can reasonably understand, and will consider the reasonable expectations of the employee in obtaining his or her consent.
Where an employee's consent is legally required, an employee may withdraw their consent at any time, subject to legal or contractual restrictions and reasonable notice, by contacting the Chief Privacy Officer. Prior to withdrawing consent, Sherritt will inform employees of the implications of such action.
5.0 LIMITING COLLECTION
Sherritt will not collect information indiscriminately and will only collect information that is reasonably necessary to carry out the purposes identified in section 3.0 of this policy or, upon notice to employees, such other reasonable purposes as the Company may determine from time to time.
6.0. LIMITING USE AND DISCLOSURE
The Company will never use or disclose personal information for purposes other than those for which it was collected, except with the consent of the employee or as permitted or required by law or regulatory requirements. In the case of there being a new purpose for using or disclosing personal information, Sherritt will document such new purpose and, where required by law, will notify an employee and obtain his or her consent prior to using or disclosing their personal information for such new purpose.
6.1. Internal Disclosure
An employee's direct supervisor, the supervisor's respective manager, or a member of senior management may request access to select personal or job related information (e.g. home phone, address, education, years experience, salary, job history, performance appraisals). Determination of appropriate personal information to disclose and approval of the request will reside with the local head of human resources.
6.2. External Disclosure Requests
Employees may, in writing, authorize the release of personal information, for purposes of loans and mortgage requirements, medical and/or accident claims, etc. The written request must specify exactly what information is requested for disclosure and to whom it should be addressed.
6.3. Records Retention
The Company will keep personal information so long as it is reasonably required for business or legal purposes. Personal information that is no longer necessary or relevant for the identified purposes, or required by law to be retained, will be destroyed after allowing a reasonable amount of time for an employee to access the information prior to its destruction.
Personal information used by the Company shall be sufficiently accurate, complete and up-to-date to minimize the possibility that inappropriate information may be used to make a decision about the employee.
When a change in personal information occurs (e.g. change of address, marital status, etc.), it is the responsibility of the employee to notify the appropriate record keeper of the change (e.g. HR, RSP/Pension carrier, supervisor). When in doubt, the employee should consult with Human Resources as to the appropriate contact.
The Company will ensure that reasonable security safeguards are in place to protect personal information against loss or theft, as well as unauthorized access, disclosure, copying, use or modification. The nature of the safeguards will vary depending on the sensitivity of the information that has been collected, the format, amount, and distribution of the information, and the method of storage.
All active Sherritt employees shall be made aware of the importance of maintaining the confidentiality of personal information and may be required to execute a confidentiality agreement acknowledging their obligation to keep Company information, including personal information, confidential.
The work output of the Company's employees, whether in paper record, computer files or in any other storage format, belongs to the Company and that work output, and any tools used to generate that output, are always subject to review and monitoring by the Company.
In the course of conducting its business, the Company may monitor employee activities and the Company's premises and property. For safety and security needs, some of the Company's facilities are equipped with video surveillance cameras. Similarly, as outlined in the Company's Internet and Security Usage Policy (SPM-402), the Company may monitor internet and computer usage.
10.0. INDIVIDUAL ACCESS
An employee may make a written request to his/her local Human Resources Department in order to view the employee's personal information. The local Human Resources Department will respond to such request as soon as practicable, and in any event not more than 30 days after receiving the request.
In accordance with applicable law, the Company may deny the employee access to all or part of the requested information and advise them as to the reasons for not providing the information.
Upon written request, the Company will provide an account of how personal information has or will be used and to which third parties information has been disclosed.
Under no circumstances will an employee be allowed to remove, in whole or in part, their employee record. They may request that a copy be made of select information for their own personal records. Computerized records shall only be accessed by trained Human Resources staff and will be periodically backed-up to protect against data loss.
When an employee demonstrates the inaccuracy or incompleteness of any personal information held by the Company, the Company will update the information as required.
11.0. RESOLVING CONCERNS
For more information on Sherritt's privacy practices or to elevate any unresolved privacy issues or concerns, please contact:
Adam Segal, Sr. Legal Counsel and Chief Privacy Officer
All complaints made will be investigated, and upon completion of a complaint review, the Company will take appropriate measures to rectify matters if the complaint is found to be justified. If the employee is not satisfied with the review's findings, the Company will provide information on other complaint procedures that may be available to the employee.