Privacy Policy
Hastings Manufacturing Company 325 N. Hanover St., Hastings, MI 49058 USA (269) 945-2491 www.hastingsmfg.com
HMC Employee Record Privacy Policy- Effective 07/02/18
Updated 08/13/12
HMC and its Human Resources Department have established these privacy guidelines for the collection and storage of employment records. The purpose of this policy is secure storage of our records and regulatory compliance.
Data Collection and Storage
• As an employer, we will collect data as it relates to the employee’s employment and benefit administration.
• Hard copies of employee records will be stored in Human Resources. During non-business hours, the offices and record storage areas will be locked to ensure the security of these records.
• Employees should assume that any document – electronic and on paper – as it relates to their employment with the Company will become part of their records. This may include their employment application, employment forms and other employment documents (i.e. performance reviews, warnings, performance discussion notes, awards and training.)
• The Company will maintain two separate files for each employee • Personnel (ex. routine employee information – application, performance reviews or discipline)
• Medical (ex. drug screen, doctor slips).
Unless otherwise noted below, the Human Resources staff will limit access to the employee’s complete employment file to Human Resources staff only. Human Resources will limit employee records access only to those persons with a legitimate business need to know. IE. Supervisor will be provided a copy of their employee’s prior year performance review.
• The Human Resources department is responsible to verify that third parties who handle employee information have data storage, collection and data purge policies that meet the requirements of this policy and the Privacy Shield.
• Our Human Resources and IS departments are committed to ensure that all data gathered within our electronic systems and that of our service providers are secure.
• Where HMC transfers or receives a transfer of personal information collected in the context of the employment relationship concerning its EU employees (past or present), our participation in the Privacy Shield ensures all our employees enjoy the benefits of the Privacy Shield. In such cases, the collection of the information and its processing prior to transfer, will have been subject to the laws of the EU country where it was collected, and any conditions for or restrictions on its transfer according to those laws will be respected. HMC complies with the Privacy Shield Principles for all onward transfers of personal data from the EU, including the onward transfer liability provisions
Privacy
Every reasonable precaution will be taken by Company representatives to assure the privacy and confidentiality of employee information.
• Human Resources and IS will work together to ensure that only designated employees and agents have access to personal electronic records. Types and levels of access will be based on information needed by the user to perform work-related duties.
Electronic records access will be reviewed and updated regularly by Human Resources and IS.
All personal employee information will be regarded as confidential and careful consideration will be given to ensuring this confidentiality.
………………………………………..
Hastings Manufacturing Company 325 N. Hanover St., Hastings, MI 49058 USA (269) 945-2491 www.hastingsmfg.com
• Statistical reporting relying on aggregate employment data and containing no personal data or the use of anonymized data does not raise privacy concerns.
• A copy of this policy will be made available on the Company website at the online application link.
Employee Information Release
• ALL requests for information about current or past employees must be referred to Human Resources for a response. This includes ALL employment verifications.
• The following information may be released by Human Resources without authorization: name, position or job title, verification of current or past employment dates, department, Company mailing address, Company telephone number, and Company email address.
• The Company will comply with all requirements to disclose personal information in response to lawful requests by authorities, including national security or law enforcement requirements.
• Computerized listings of employee salary and personal information will not be provided outside of the Company except as required by law or to Human Resources service providers.
• Employees can request that their data not be shared. If an employee makes such a written request, HMC reserves the right to share information to process payroll, with Human Resources service providers (ex. agents and insurance companies) and as needed to conduct business.
• Individuals must have access to personal information about them that an organization holds and be able to correct, amend, or delete that information where it is inaccurate, or has been processed in violation of the Principles, except where the burden or expense of providing access would be disproportionate to the risks to the individual’s privacy in the case in question, or where the rights of persons other than the individual would be violated.
• Computerized listings of employee information will NOT be provided to individuals or organizations for soliciting business or promoting commercial products or commercial services, unless required by law. • Confidentiality of social security numbers held by the Company.
• Social security numbers will be used in the ordinary course of business.
• Social security numbers will not be disclosed to those outside of the Company, except as authorized by the Social Security Number Privacy Act.
• Access to information or documents that contain social security numbers will be limited to those requiring access.
• More than four sequential digits of a social security number will not be publicly displayed; used as an account number, password, or identifier; or included in or on any document sent outside the Company unless applicable law requires, permits, or authorizes that the social security number appear in the document.
Michigan Social Security Number Privacy Act
In response to the above-named Michigan Act, HMC recognizes the importance and sensitivity of an individual’s social security number. In response to the Act, HMC will ensure, to the extent practicable,
• Documents that are no longer needed that contain social security numbers will be shredded.
Employees who violate the Michigan Social Security Number Privacy Act, under the act, also may be subject to fines and imprisonment. Hastings Manufacturing Company 325 N. Hanover St., Hastings, MI 49058 USA (269) 945-2491 www.hastingsmfg.com
Procedures
• An employee may request to review his or her official personnel file, by appointment, with notice of at least one workday.
• The Company can provide a copy of the employee’s file to the employee within a reasonable time as determined by the Company. The per page cost of providing a copy of the file will be determined by the Company and provided to the employee prior to a copy being made. If file is to be mailed, this cost will also be passed along to the requestor.
• All inquiries and complaints regarding incorrect data, how data is collected and/or stored should be directed to the Human Resources department.
• The Company encourages employees to provide immediate correction where bad information is found.
• If a breach is found of an employee’s data please notify the Human Resources department immediately. We pledge to identify the nature, scope, impact and origin of the data breach and isolate gaps and flaws in security structures.
• This policy and its contents will be audited annually. Verification will be completed once a year through current internal audit procedures. Any necessary updates will be made by the Human Resources department through the CAR process.
• This policy will be reviewed with all new hires during new hire orientation. Human Resources will provide this training.
• Annually the Quality Department will be responsible to issue this policy and require a training signoff of all employees through the current training documentation system. Ex AS400 training system.
• Human Resources will follow current, up to date record retention practices.
• We will use hiring and termination checklists to ensure we are retaining employee records for a legitimate reason and for the proper amount of time.
• In regards to the covered employee data received from European partners, we agree to cooperate with the EU data protection authorities and comply with the advice given by such authorities with respect to this data.
• Violation of this policy may result in discipline, up to and including dismissal.
Conclusion
Hastings Manufacturing Co. complies with the EU-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union to the United States. Hastings Manufacturing Co. has certified to the Department of Commerce that it adheres to the Privacy Shield Principles. If there is any conflict between the terms in this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov/
In compliance with the Privacy Shield Principles, HMC commits to resolve complaints about our collection or use of your personal information. Under certain conditions, more fully described on the Privacy Shield website, you may invoke binding arbitration when other dispute resolution procedures have been exhausted. EU individuals with inquiries or complaints regarding our Privacy Shield policy should first contact HMC at:
Human Resources Department
325 N Hanover Street, Hastings, MI 49058
Phone 269-945-2491 ex 1240 HMC has further committed to cooperate with the panel established by the EU data protection authorities (DPAs) with regard to unresolved Privacy Shield complaints concerning human resources data transferred from the EU in the context of the employment relationship. The Federal Trade Commission (FTC) has jurisdiction over Hastings Manufacturing’s compliance with Privacy Shield.
