Employees - Jumeirah International LLC

Privacy Notice for Jumeirah International LLC (Employees and Contractors)

Last updated
 
August 16, 2024
Introduction
Who we are

The Jumeirah entity (“we” or “us”) that you work for is committed to protecting the privacy and security of the personal data of its employees (“you”). By employees, we mean current and former employees, staff, workers and contractors. If you belong to any of these groups, this Employee Privacy Notice (“this Notice”) applies to you.

We have prepared this Notice to outline your rights in accordance with the applicable data protection laws, in relation to how and why we collect and process your personal data, how we use it, how long we store it for, as well as whom we share it with. However, you should be aware that this Notice does not form part of your contract of employment.

You can access a ‘Data Controller List’ here, which sets out all of our different entities and their contact details. This will enable you to identify the relevant entity that holds, processes, and secures your personal data and is the data controller in relation to your personal data.

The Data Controller list refers to the entities or individuals who are responsible for determining the purposes and means of data processing.

Information covered by this notice
Our use of cookies
What personal data do we collect from you?

Personal data is any information relating to you from which you can be identified. We may process different categories of personal data whilst adhering to the data minimization and purpose limitation principles in accordance with the applicable data protection law. As described below:

  • Identification data:
    Includes but is not limited to name, employee ID, your photo, payroll ID, business email address, business address, business landline, citizenship, nationality, passport data, Visa information, drivers' licence information, the resident country`s ID, marriage certificate, birth certificate and education certificates, national/social insurance number (if applicable), health insurance, government retirement plan information and tax reference/ID (if applicable);
  • Other personal data:
    Includes but is not limited to date and place of birth, emergency contact details (if applicable), and gender; marital status, pre-existing medical conditions, electronic signature, device information (including operating system/version, hardware model and unique device identifiers such as MAC address);
  • Sensitive data:
    This includes data that reveals the following about a data subject: racial or ethnic origin, political opinions, religious and philosophical beliefs, trade union membership, genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health;
  • Contact details:
    Home address, home / personal mobile number and personal email address, emergency contact number;
  • Dependents’ information:
    Includes but is not limited to  name, telephone number, date of birth, email address;
  • Employment history and education:
    Includes but is not limited to your position, business title, employee type, management level, time type (full or part time and percentage), default weekly working hours, scheduled weekly working hours, working time information, work location, division, department, position level, manager (name and employee ID), support roles, start and end date, CV details, contract status reference, job history (including position history, title history, effective dates and past pay groups), worker history (including log-files of changes in our Human Resources databases) and reason/s for leaving, reference information, qualifications, formal certifications and Grades;
  • Information about your salary and benefits/fees:
    Includes but is not limited to basic salary, bonus and commission entitlements, raise amounts and percentages, insurance benefits (including information about you and your dependants that we provide to the insurer), pension plans, fees paid to you in return for your services, your bank account details and payment dates, and accrued salary and fee information;
  • Time, and systems/buildings access monitoring information:
    Includes but is not limited to CCTV, swipe card access, time recording software, internet, email and telephone usage data, personal vehicle information, like number plate, car registration, and colour details;
  • Performance and disciplinary information:
    Includes but is not limited to performance reviews, evaluations and ratings, reviews of alignment to policies and procedures, information about disciplinary allegations, the disciplinary process and any disciplinary warnings, details of grievances and any outcome, termination of services agreements;
  • Absence information:
    Includes but is not limited to dates of leave of absence/vacation, maternity/paternity/shared parental leave, training/educational leave, national/reserve leave, family care leave/ compassionate leave, medical leave; and
  • Organisational data:
    Includes but is not limited to training records, IDs for IT systems, system permissions, web browsing history, company details, cost centre allocations, and organisations.
How do we use your personal data?

We collect, use and process your personal data for a variety of reasons linked to your employment or engagement.To help clarify these the below is a list of why personal data is collected, used and processed (the "Processing Purposes") along with examples where personal data is used for each of the Processing Purposes. Your personal data will not be kept longer than necessary to meet the purposes outlined below. The criteria that we use to determine how long we will keep your personal data includes the period of time during which we have an ongoing relationship with you, and whether we have a legal obligation to store it beyond our working relationship (for example, for accounting purposes or for litigation, or regulatory investigations purposes).

We are required under the Kingdom of Saudi Arabia's Personal Data Protection Law to inform you that where the law applies, collecting and processing your personal data is mandatory in order for us to guarantee your rights as our employee/contractor and provide you with a suitable working environment. Where we are required by applicable laws or professional standards to collect personal data and you fail to provide that data when requested, you may not be able to enter into an employment contract or a contracting relationship with us.

Personal data usage
Employees
Contractors
Processing purpose We will use your personal data to: Categories of personal data What types of personal data is processed for this purpose? Lawful basis What is the legal basis that we rely on to process your information in this way? Storage Period
1. Perform Talent Acquisition activities:
Administer and job applications, including future and current vacancies Identification data Contact details Reference information Employment history and Education Legitimate interest: administering your job application 6 years
Conduct psychometric testing and/or profiling to evaluate applicants. Identification data Individual test results, including preferred style of working, verbal, logical and numerical reasoning abilities; and situational judgment scenarios Legitimate interest: assessing your suitability for the position 6 years
Conduct background checks (including criminal, right to work and, reference checks and identification of applicants), that are required either by law, or are necessary to assess applicants' suitability for a role Identification data, including your passport and visa details Contact details Curriculum Vitae Legitimate interest: assessing your suitability for the position, and identifying you appropriately. For right to work checks: Complying with our legal obligations 2 years
Interact with applicants, including interviewing, providing information on the application, providing feedback and responding to queries or complaints Contact details Interview responses Interview notes Passport information (for interviews requiring international travel) Legitimate interest: assessing your suitability for the position; administering your job application 6 years
Assess Jumeirah's strategic direction and resourcing needs through feedback and monitoring to improve the recruitment process Contact details Your feedback Legitimate interest: reviewing and improving the recruitment process 6 years
Make necessary adjustments to carry out the interview process (including disability or dietary requirements) Sensitive Data Explicit consent 6 years
On-boarding employees, including issuing job offers, entering employment contracts and making necessary work adjustments To undertake general employee on boarding, we process data such as your: Identification data, for instance your passport and visa details Contact details Family details Emergency contact number Information about your salary and benefits Information about your job, such as your employment history, and your CV Formal qualifications including certifications/ course results from tertiary institutions Signed letter of intent and contract of employment Hire date Performance of our contract of employment with you Legitimate interest: processing your personal data to pay you and to issue individual and family benefits, including medical insurance coverage, flights, and Visa sponsorship For sensitive data: explicit consent 6 years
2. Perform Talent Development activities:
Training Information about your job, such as your position, grade and department Performance information Legitimate interest: to plan, design and deliver training to you to meet our business needs. 6 years
Manage employee talent development & succession planning Information about your job, such as your position, grade and department Performance details Legitimate interest: conducting effective talent development processes. Suitability for other roles in the company including promotions or vertical movements. 6 years
3. Perform HR Operations activities:
Maintain Jumeirah's security including people identification and authentication, as well as security relating to our premises, assets, systems, website and platforms Systems/buildings access monitoring information, including CCTV Sensitive data Legitimate interest: Physical security, IT and network security, including misuse of company IT systems; protecting your health and safety in the workplace; managing access to our premises and IT equipment For sensitive data: explicit consent 6 years
Comply with applicable laws, policies and procedures including responding to regulators, to binding and non-binding requests, adhere to industry guidance and best practices and monitor compliance Identification data Contact details Information about your job Organisational data Legitimate interest: Operation of a whistleblowing scheme; prevention of fraud, misuse of company IT systems or money laundering; enforcing or defending ourselves against legal claims. Complying with our legal obligations 6 years
Report and monitor equal opportunities Your personal data, such as your gender Sensitive data Complying with our legal obligation (where we are under an obligation to report and monitor equal opportunities) For sensitive data: explicit consent. 6 years
Communicate HR related matters with employees and relevant third parties Your Contact details Organisational data Legitimate interest: communicating important information to our employees and conducting engagement activities, such as employee satisfaction surveys 6 years
Process employees' personal data in relation to the sale, transfer, acquisition or merger of Jumeirah or its assets Information about your job, such as your salary details, and employment history Legitimate interest: planning and managing proposed mergers and acquisitions, implementation and operation of a group-wide organisational structure and group-wide information sharing 2 years
Process employees' personal data for audit purposes and to manage business operations, including accounting requirements Information about your job, such as your salary and benefits Organisational data Legitimate interest: implementation and operation of a group-wide organisational structure and group-wide information sharing, as well as conducting audits to demonstrate compliance to procedures. 6 years
Process employees' personal data in relation to the usage of Jumeirah's hotel Wi-Fi (applicable for employees or applicants asked to attend hotels or resorts for interviews/meetings) We may process your information such as device information (including operating system/version, hardware model and unique device identifiers such as MAC address) for the purposes of providing Wi-Fi at our hotels Legitimate interest: providing a Wi-Fi service at our properties. 6 years
4. Perform activities related to Employee Relations:
Identify, record and communicate with employees' emergency contact/s Contact details Emergency contact information Legitimate interests: ensuring that we are able to communicate with your emergency contact in case of emergency. It may also be necessary to process this data in order to protect your vital interests. 6 years
Administer and provide employee benefits and allowances Identification data Contact details Information about your job Information about your benefits Organisational data Performance of our contract of employment with you. Legitimate interests: ensuring that you can access and use employee benefits, applying changes to your benefits and allowances and communicating these to you. 6 years
Administer payroll including employee compensations, salary, incentives and trade union subscriptions Identification data Contact details Information about your job Information about your salary, including allowances and benefits Performance and disciplinary information Organisational data Sensitive data Performance of our contract of employment with you. For sensitive data: explicit consent. 6 years
Administer and manage the employment relationship, including leave (sick, paternity, absence, etc.), disability accommodation and dietary requirements Disciplinary information Absence information Sensitive data Performance of our contract of employment with you Complying with our legal obligations. Legitimate interest: administering and managing the employment relationship. For sensitive data: explicit consent 6 years
Manage employees' performance evaluation, including talent review and colleagues' feedback Information relating to your job, such as your position and grade Performance information, including 360 feedback Legitimate interest: ensuring that we conduct an effective performance evaluation process. 6 years
Conduct market benchmark surveys on employee positions Information relating to your job, such as your job grade and job description Information about salary and benefits including basic salary Performance of our contract of employment with you Legitimate interest: ensuring that, where appropriate, we have sufficient information to conduct market benchmarking. 6 years
Manage employees' complaints or grievance procedure Information about your job Information about your specific complaint or grievance Legitimate interest: managing any grievance and complaints process, following the applicable Human Resources Policy in the respective region. 6 years
Off-board employees, including managing ex-employee personal data if required Contact details Identification details Specific details relating to UAE departure where relevant Performance of our contract of employment with you Legitimate interest: assisting you in your departure from Jumeirah as an employee, including family repatriation and benefits 6 years
Processing purpose We will use your personal data to: Categories of personal data What types of personal data is processed for this purpose? Lawful basis What is the legal basis that we rely on to process your information in this way? Storage Period
1. Perform consultant engagement activities:
Engagement - obtain final documentation to enter into a services agreement with the consultant: We obtain the required starting documentation to initiate the process to engage the consultant. Identification data Contact details Other personal data Complying with the legal obligation related to engagement. 6 years
Engagement - Visa application (if required): To obtain appropriate Government approval and issuance of entry. Identification data Where this processing is required by law, we do so for compliance with our legal obligations. 6 years
Talent acquisition - Background checks: Conduct background checks (including criminal, right to work and, reference checks and identification of applicants), that are required either by law, or are necessary to assess consultant's suitability for a role. Identification data Other peronal data Contact details Employment history and education Information about your fees and benefits Legitimate interest: assessing your suitability for the position, and identifying you appropriately. Complying with our legal obligations: For checks required by law. 2 years
Talent acquisition - consultant applications: Interact with applicants, including interviewing, providing information on the application, providing feedback and responding to queries or complaints. Identification data Other personal data Employment history and education Sensitive data Information about your fees Contact details Legitimate interest: assessing your suitability for the position; administering your application. 6 years
Talent Acquisition - Pre-Hire: Assess Jumeirah's strategic direction and resourcing needs through feedback and monitoring to improve the recruitment process. Identification data Other personal data Employment history and education Legitimate interest: reviewing and improving the hiring process. 6 years
Talent acquisition - Facilitating interviews: Make necessary adjustments to carry out the interview process (including disability or dietary requirements). Identification data Other personal data Employment history and education Sensitive data Information about your fees Contact details Where this processing is required by law, we do so for compliance with our legal obligations. Where such adjustments are not required by law, we process your persona data because in our legitimate interests to do so. For sensitive data which we are not required to process by law, we do so because we have obtained your explicit consent. 6 years
Talent Acquisition - Security: Maintaining the Groups' security including people identification and authentication, premises, assets, systems, website and platforms. Identification data Other personal data Employment history and education Contact details Legitimate interest: To maintain security and allow only authorized access to individuals. 6 years
Talent Acquisition - On-Boarding to systems Including Security: Registering the candidate in relevant systems and creating a 'Pending Worker' status to initiate the collection of joiner documentation. Identification data Other personal data Employment history and education Dependents' information Complying with the legal obligation related to contract. 6 years
2. Perform contract operations activities:
Contract Operations Relations - Auditing and Fee management: Process consultants' personal data for audit purposes and to manage business operations, including accounting requirements. Identification data Other personal data Employment history and education Sensitive data Information about your salary and benefits Dependents' information Contact details Legitimate interests: implementation and operation of a group-wide organisational structure and group-wide information sharing, as well as conducting audits to demonstrate compliance to procedures 6 years
Rewards and Performance - Payroll and Rewards: Administer payroll including fees, benefits, incentives, and trade union subscriptions where applicable. Identification data Other personal data Employment history and education Sensitive data Information about your fees Dependents' information Contact details Performance of our contract with you. For sensitive data: explicit consent. 6 years
Contract Operations Relations - Leave: Administer and manage the contractual relationship, including leave (sick, paternity, absence, etc.), disability accommodation and dietary requirements. Identification data Other personal data Employment history and education Sensitive data Information about your fees Dependents' information Contact details Performance of our contract with you. 6 years
Contract Operations Relations - Complaints Handling: Manage consultants' complaints or grievance procedure. Identification data Other personal data Employment history and education Sensitive data Information about your fees Dependents' information Contact details Legitimate interest: managing any grievance and complaints process, following the applicable Human Resources Policy in the respective region. 6 years
How long do we keep your personal data?
Who do we share your personal data with?

As you know, we are part of the Dubai Holding Group, and several entities in this group are involved in the Processing Purposes. To ensure that the Processing Purposes are completed, your personal data may be shared with any of the entities within the Dubai Holding Group (the “Company Group”) or to third party entities outside of the Company Group. When we share your personal data in this way, it is our policy to limit the categories of individuals who have access to your personal data.

We may share and transfer your personal data to third party entities for Processing Purposes. This includes entities within and outside the European Union, to our own Company Group entities, or affiliated entities located in any jurisdictions where those third party entities are located, as follows:

  • Within the Company Group. As your employing/engaging entity is part of a wider group with offices and locations across the globe, we may transfer your personal and sensitive data to, or otherwise allow access to such data, by other Company Group entities, which may use, transfer, and process the data. The following circumstances may require personal data sharing:
    • To maintain and improve effective administration of the employees and/or staff
    • To facilitate movement of staff into other Company Group entities, including secondments
    • To communicate information about the Company Group; to maintain a corporate directory
    • To maintain IT systems
    • To monitor and assure compliance with applicable policies and procedures, and applicable laws
    • To respond to requests and legal demands from regulators and other authorities.
  • With Third Parties. As necessary in connection with business operations, work contact details and contact details may need to be transferred to existing or potential business partners, suppliers (e.g. suppliers providing employee benefits), customers, end-customers (for instance, where customer issues have been escalated to you) or government officials and other third parties (e.g. our external advisors) for communication purposes.
  • Regulators, authorities, and other third parties. As necessary for Processing Purposes described above, personal data may be transferred to regulators, courts, and other authorities (e.g., tax and law enforcement authorities), independent external advisors (e.g., auditors), Directors within the Company Group, insurance providers, pensions and benefits providers, internal compliance and investigation teams (including external advisers appointed to conduct internal investigations).
  • Acquiring entities. If the Company Group business for which you work is sold or transferred in whole or in part (or such a sale or transfer is being contemplated), your personal data may be transferred to the new employer or potential new employer as part of the transfer itself or as part of an initial review for such transfer (i.e. due diligence), subject to any rights provided by applicable law, including jurisdictions where the new employer or potential new employer are located.
  • Data processors. As necessary for the Processing Purposes described above, personal data may be shared with one or more third parties, whether affiliated or unaffiliated, to process personal data under appropriate instructions ("Data Processors"). The Data Processors that we engage with fall into the following categories: suppliers who support us in relation to employee and staff administration, IT system support, payroll and compensation, training, compliance, and other activities. Data Processors will be subject to contractual obligations to implement appropriate technical and organisational security measures to safeguard the personal data and to process the personal data only as instructed.
How do we protect your personal data?
Artificial Intelligence and Machine Learning
Profiling
Specific details about profiling and automated decisions involving candidates
Where we store/transfer your personal data?

We may transfer personal data to recipients in countries outside of the country you work in. In this case, we will put in place appropriate measure to protect the security and confidentiality of your personal data.

For transfers of personal data from the UK and European Economic Area (“EEA”) we will only transfer personal data to countries where recipients are located that already provide an adequate level of protection for personal data, or we otherwise have a lawful basis to transfer the personal data (in compliance with European data protection laws).

Typically, we will transfer personal data to entities outside the European EEA, under the EU Standard Data Protection Clauses, which the European Commission has assessed as providing an adequate level of protection for personal data, to ensure that your data is protected adequately. The majority of personal data we collect is stored in the United Arab Emirates, where the appropriate data protection measures are in place.

Security of your personal data
Third party websites and apps
Your rights

You may have certain rights relating to your personal data. However, these rights can differ depending upon the country in which you are located. That country’s law will determine which rights apply and in what instances.

Right to Withdraw Consent: Where you have provided your consent to us, you will always have the right to withdraw this at any time. You can do this by either following the information provided at the time you provided your consent, or by contacting us using the following email address privacyoffice@jumeirah.com. The withdrawal of consent will not affect any processing that was based on consent before its withdrawal.

Right to Request Correction of Your Personal Data: You will always have the right to request that we correct or update any personal data that we process about you that is inaccurate or incomplete. You can do this by contacting us at privacyoffice@jumeirah.com.

Right to Restrict the Processing of Your Personal Data: You have the right to ask us to restrict, suspend, or stop the processing of your data. You can do this by contacting us at privacyoffice@jumeirah.com.

Right to Request Deletion of Your Personal Data: You have the right to request your personal data to be deleted. You can do this by contacting us at privacyoffice@jumeirah.com.

Right to Object to the Processing of Your Personal Data: You have the right to object to our processing of your personal data. You can do this by contacting us at privacyoffice@jumeirah.com.

Right to Obtain a Copy of Your Personal Data: You have the right to obtain a copy of your personal data in a commonly used and machine-readable format. You can do this by contacting us at privacyoffice@jumeirah.com.

Right to Lodge a Complaint: You have the right to lodge a complaint with the supervisory authority in your country of residence, place of work, or the country in which an alleged infringement of data protection law has occurred.

It is important to understand that these rights are not absolute (e.g., their application may depend upon the lawful basis we rely upon to process your personal data) and that we may require further information from you (e.g., to confirm your identity) in order to action your request.

AI Implications

Artificial Intelligence (AI) Systems:

Dubai Holding use AI Systems that process personal data to enable us to improve our services and user experiences. We remains vigilant when using AI to protect personal data, ensuring Employee and Contractor privacy, and preventing unauthorized or fraudulent activity. Our Employee, Contractors and stakeholders shall remain confident that personal data is adequately protected with us, especially in cases where AI is used to deliver the product or service, as this may infer heightened protection where AI is deployed.

How we use AI Systems

This notice gives you information on how we protect your personal data in our use of the AI System.

Personal data may be processed within our AI Systems. We remain the data controller for your personal data when it is processed while using our AI Systems. We process personal data in accordance with the relevant data protection laws. In the case where we have engaged a processor, we have mandated contracts that uphold our standards in compliance with the relevant data protection laws.

We will sometimes process Employee and Contractor personal data when using AI Systems. We have regulated the use of AI internally, weighed the opportunities and risks in advance of our use of AI and ensure appropriate human supervision where important matters are concerned. Where we offer dialogues with an AI, we will make this evident and, if necessary, point out potential errors.

Personal Data Processed by AI Systems

We may collect personal data either directly from you, third parties or public sources. We process your personal data using AI Systems to improve the efficiency, quality, and speed of our business processes and for the purpose of providing services. In using AI Systems, we may process different types of personal data. For more information, please refer to the section titled "What do we collect from you and how do we use it?". In limited circumstances, we may process sensitive data through the AI System, but we will ensure that we have the necessary lawful basis in place before doing so.

Where we process your existing personal data we will continue to rely on the appropriate lawful basis for that processing activity. In certain instances, we engage data processors; however, they are unable to access any of your personal data entered in the AI Systems. We have mandated contracts with data processors to ensure that your personal data is protected.

Contact us

If you have any questions regarding this Notice or if you would like to exercise any of your rights as a data subject, please contact the Data Protection Officer at privacyoffice@jumeirah.com:

Employees employed and based in Germany can also contact Germany’s Data Protection Officer:

Sven Meyzis

Frankfurt Hotel DPO

Tel: + 49 40 / 2109 1514

Mobile: + 49 176 / 20835488

Email: S.Meyzis@ITDSB.de

Changes to this Notice