I. POLICY STATEMENT
Bank of America (the "company") has prepared this Employment Applicant Data Protection Notice (the "Notice") to outline its practices regarding the collection, use, storage, transfer and other processing of individually identifiable information about employment applicants ("Personal Data"). If an employment applicant is hired by the company, he/she will be provided with the Associate Data Protection Policy and Procedures, which outlines the company's practices regarding Personal Data once an employment applicant becomes a company Associate.
II. PERSONAL DATA COLLECTION AND PURPOSES OF USE
Good employment practices and the effective running of our business require the company to collect, use, store, transfer and otherwise process certain Personal Data to process an employment applicant's application for employment.
A. PERSONAL DATA COLLECTION
The company collects Personal Data that is directly relevant to its business, required to meet its legal obligations, or otherwise permissible to collect under local laws. In particular, the company may collect the following categories of Personal Data necessary to process an employment application, except where restricted by local law: name; contact details (including home address, home and mobile telephone numbers, personal email address, personal fax number, proof of address); citizenship; date of birth; gender; social insurance or tax identifier number (or equivalent); credentials and qualifications (including languages spoken, special skills and memberships in professional organizations); competency test results; education/training; interview/assessment notes; prior work experience (e.g., background training and prior positions); work certificates, licenses and permits/authorizations; driver's license number; passport or other photo identification; personal contacts within the company; marital status and other information provided in the employment applicant's curriculum vitae or employment application. The company may also collect sensitive Personal Data, including information about health or medical conditions, disabilities and criminal convictions to the extent permitted by applicable law. Also, where the company needs to obtain criminal history or other sensitive data about employment applicants from third parties, such data collections will be addressed separately in accordance with local law.
B. PERSONAL DATA USE AND PROCESSING
The company may use the Personal Data listed above for the following purposes, except where restricted by local law: to make current hiring decisions; to make future hiring decisions (e.g, applicant information is retained for purposes of future job openings unless an applicant indicates otherwise); and to comply with legal obligations, including regarding hiring and diversity of workforce.
Access to Personal Data is restricted to company personnel on a need-to-know basis and for the purposes listed above or where required by law. All company personnel with access to Personal Data are bound by the requirements of this Notice.
III. DISCLOSURE AND INTERNATIONAL TRANSFERS OF PERSONAL DATA
If necessary and in accordance with applicable law, the company may disclose Personal Data to its auditors and other outside professional advisers and to other parties that provide products or services to the company, including third party suppliers, IT systems providers and consulting firms. Where the processing of Personal Data is delegated to a third party data processor, such as those listed above, the company will delegate such processing in writing, will choose a data processor that provides sufficient guarantees with respect to technical and organizational security measures governing the relevant processing and will ensure that the processor acts on the company's behalf and under the company's instructions. In addition, the company will impose in writing appropriate data protection and information security requirements on such third party data processors.
A. INTERNATIONAL TRANSFERS OF PERSONAL DATA
Given the global nature of the company's activities, the company may transmit Personal Data to other Bank of America affiliates or operations located in the United States or other jurisdictions where data protection laws may not provide an equivalent level of protection to the laws in the employment applicant's home jurisdiction. The affiliates belonging to the Bank of America, N.A. group are listed at: http://legal.bankofamerica.com/client/lines_business/cso_subsidiary_listings.asp?which=A. Such Personal Data may be transferred where necessary or appropriate for the purposes as they are listed in Article II, Section B, Personal Data Use and Processing.
As explained above, the company will take steps (and will memorialize such steps in writing) to ensure that these affiliates or operations provide sufficient guarantees with respect to technical and organizational security measures governing the relevant processing. In addition, the company will impose in writing appropriate data protection and information security requirements on these parties.
B. ADDITIONAL DISCLOSURES OF PERSONAL DATA
Personal Data also may be disclosed, where permitted by applicable law, in connection with a corporate restructuring, sale, or assignment of assets, merger, divestiture, or other changes of the financial status of the company or any of its subsidiary or affiliated companies. Personal Data also may be released to protect the vital interests of employment applicants, to protect the legitimate interests of the company (unless this would prejudice the rights and freedoms or interests of the employment applicant), or in the company's judgment to comply with applicable law. The recipients of these disclosures may be located in the United States or other countries where data protection laws may not provide an equivalent level of protection to the laws in the employment applicant's home jurisdiction, and in such cases, the company will require the recipient to provide appropriate protection for the Personal Data disclosed to it.
IV. SECURITY
The company maintains appropriate technical and organizational measures to protect against unauthorized or unlawful processing of Personal Data and/or against accidental loss, alteration, disclosure or access, or accidental or unlawful destruction of or damage to Personal Data.
V. ACCURACY OF AND ACCESS TO PERSONAL DATA
Employment applicants are entitled to access Personal Data held about them (with the exception of any documents that are subject to legal privilege, that provide Personal Data about other individuals, or that otherwise are not subject to employment applicant access rights). In addition to the extent required by applicable law, employment applicants have the right to have inaccurate data corrected or removed and also have the right to object to the processing of their Personal Data as described in this Notice for legitimate purposes (at no charge to the employment applicant and at any time).
The company will maintain Personal Data for as long as it is required to do so by applicable law(s) or for as long as necessary for the purpose(s) for which it was collected. The company will delete Personal Data when it is no longer needed and, in any case, upon expiration of the maximum storage term set forth by applicable law.
|
|
