PRIVACY POLICY FOR EMPLOYEES AND SERVICE PROVIDERS
1. OBJETIVE
This policy explains and regulates how ENESA ENGENHARIA S.A. treats and protects Personal Data related to its Employees.
2. DEFINITIONS
- Collaborator: includes apprentices, interns, employees hired under an employment contract and under the Consolidation of Labor Laws regime, administrators, directors, temporary employees, as well as outsourced service providers from ENESA ENGENHARIA A.
- Personal Data: any information related to an identified or identifiable natural person, including Sensitive Personal Data.
- Sensitive Personal Data: Personal Data about racial or ethnic origin, medical information or health status; biometric data (such as facial features, fingerprints or retinal images); information related to sexual life; religious conviction; political opinion, information on membership of a trade union or organization of a religious, philosophical or political nature; and genetic information, always when related to a person.
- DPO: Data Officer or Data Protection Officer.
- LGPD: General Data Protection Law (Law nº 709 of 08/14/2018.
3. PERSONAL DATA COLLECTED BY ENESA ENGENHARIA S.A.
To manage Employees, ENESA ENGENHARIA S.A. processes various types of Employee Personal Data, such as: name, nationality, place of birth, age, gender, CPF, PIS number, ID, marital status, country, telephone number and WhatsApp, address, education, name of dependents and spouse, ID and CPF of dependents and spouse, birth certificate of dependent children, vaccination card of dependent children, 3×4 photo for registration at the company’s premises entrance, own vehicle license plates and driver’s license ( when necessary to perform specific functions), professional email, bank details, working time records, vacation requests, date of hire, date of termination of the contract with ENESA ENGENHARIA S.A., information related to payroll and taxes , information for and about benefits related to the contract with ENESA ENGENHARIA S.A., information related to insurance and payroll loans, current and previous position description; supervisor(s), direct reports, Employee identification number, information system identification number(s), work schedule and professional status, working conditions, employment contract, professional and educational history, eligibility for promotions, details contained in CVs, remuneration, and other relevant skills, performance review information – including goals and evaluations, training and disciplinary events.
When it is relevant to your professional relationship, ENESA ENGENHARIA S.A. processes Sensitive Personal Data, such as gender (which will be sensitive when it includes information that indicates sexual orientation or health data, such as transgender or cisgender); biometric data for time control; health data and working conditions; information about union membership; medical information, including medical certificates or and race information. ENESA ENGENHARIA S.A. processes Sensitive Personal Data only when permitted or required by applicable law.
When we are in front of (i) minors; or (ii) dependents of our Employees, ENESA ENGENHARIA S.A. may process Personal Data of minors. In this case, the processing will only be carried out when permitted or required by applicable law.
4. ORIGIN OF PERSONAL DATA COLLECTED BY ENESA ENGENHARIA S.A.
ENESA ENGENHARIA S.A. collects Personal Data from four main sources:
Of the Employee himself: when he provides his Personal Data directly, generally, by filling out contracts, forms, terms, and requests, including when this data is provided by the Employee through internal management systems of ENESA ENGENHARIA A.. This occurs , for example, when the Employee provides Personal Data to start or continue the working relationship with ENESA ENGENHARIA S.A..
From third parties: for example, in the case of admission, periodic, return from leave, or dismissal medical examinations, in accordance with current legislation.
From publicly available sources: We may generally collect publicly accessible data such as professional social media verification during processes.
By ENESA ENGENHARIA S.A.: generally include video recordings or photographs taken by ENESA ENGENHARIA S.A.; data related to or arising from the Employee’s relationship with ENESA ENGENHARIA S.A., such as performance reports, supervisor evaluations and history of equipment use; and data entered by the Employee into ENESA ENGENHARIA S.A. systems and equipment.
5. PURPOSES OF THE PROCESSING OF PERSONAL DATA BY ENESA ENGENHARIA S.A.
ENESA ENGENHARIA S.A. processes Personal Data for several reasons, such as:
- Employee Management, which includes, among others;
- Management of Employees’ work activities, including hiring and dismissals; performance reviews, promotions succession planning; administration and processing of salaries, fees, stipends, benefits, deductions and reimbursement of expenses; disciplinary actions; allocation of Employees; work management; and business travel planning;
- Management of vacation requests, occupational health and safety programs and promotion of Employee well-being;
- Administration of professional and technical training, including internships and apprenticeships, and professional development of Employees, including training, seminars and awareness programs;
- Administration of benefits and advantages, including savings plans, retirement plans, concessions/attributions of shares, concessions of loans, prizes, bonuses, agreements with service or commercial providers, insurance or other benefit programs for Employees, identified in policies or forms specific;
- Compliance / Compliance, which includes:
- Conducting internal investigations, receiving and managing ethics complaints and reports (which may include reports of internal irregularities), analysis and proposals for disciplinary actions and measures;
- Verification of compliance with legal and contractual obligations for holding certain positions;
- Compliance with policies, regulatory instruments arising from collective bargaining and other legal standards, including those relating to deductions; record-keeping and reporting obligations (including on health benefits and non-discrimination standards), conducting audits; obtaining, processing and submitting information to eSocial; collaborating, as required by law, with government oversight and inspections and other government requests or other competent public authorities, obtaining and processing information for presentation in legal and administrative processes and managing internal or external complaints;
- Representation of ENESA ENGENHARIA S.A. which includes, when applicable, as defined in the applicable representation documents and according to the position held by the Employee, representation of ENESA ENGEHNARIA S.A. in legal acts and negotiations of documents and contracts, before public bodies, towards the market in general and in serving consumers, partners, suppliers and others.
- Communications and emergencies, which includes: facilitating communication in the workplace, at home and when Employees are traveling for work, aiming to protect the health and safety of Employees and third parties; ensuring business continuity; and safeguarding the property of ENESA ENGENHARIA A.;
- Supply and management of ENESA ENGENHARIA S,A technological resources, which includes: use of information technology resources, such as telephones and electronic devices, software applications, access to global directories, electronic files, electronic communications and printed materials and other resources technology, technical or commercial aspects of Employees, including monitoring equipment and Systems to correct errors and incidents, identifying misconduct and illicit acts and controlling data storage of ENESA ENGENHARIA S.A. equipment and systems;
- Financial management and budgeting, which includes: analysis of costs and revenues, preparation of financial projections, carrying out audits, measuring and comparing compensation and benefits values, withholding and paying taxes, structuring business operations and involvement in management activities. financial management arising from the management of Employees;
- Marketing initiatives, which include: promoting ENESA ENGENHARIA S.A to its customers and third parties, through promotional photographs and audiovisual recordings that include Employees;
- Electronic and/or in-person monitoring of work activities, which includes: limiting, monitoring and restricting the use of technological resources and/or physical work areas, work processes and movement of people, information and products through technology or human interaction ( including badge access security controls, video or audio capture technology, biometric recording, use of personal passwords, access reporting), where and to the extent permitted by applicable law;
- Security, which includes monitoring the assets and technical resources of ENESA ENGENHARIA A. and their use by Employees; management and safeguarding of security and physical access (through access cards, passwords, biometrics, access reports and records, and surveillance cameras) to infrastructure, facilities, tangible and intangible assets and equipment at ENESA’s manufacturing facilities and offices ENGENHARIA S.A., including for the prevention of criminal activities;
- Enablement of commercial strategies, which includes: negotiating and obtaining investments, negotiating and implementing mergers, acquisitions, disposals and formation of joint ventures, consortia and associations.
6. LEGAL BASIS FOR THE PROCESSING OF EMPLOYEES’ PERSONAL DATA
ENESA ENGENHARIA S.A. processes Employee Data based on:
- In the execution of contracts, when the data is necessary to guarantee compliance with obligations assumed between the Employee and ENESA ENGENHARIA S.A. (for example, bank details used to pay salaries, fees, scholarships and provide benefits, preparation and updating of programs occupational health and safety; working hours control -when applicable- among others);
- In the legitimate interests of ENESA ENGENHARIA S.A when Personal Data is necessary to support or promote the activities of ENESA ENGENHARIA S.A. (for example, dissemination of photos of Employees for marketing purposes, collection of photos and videos by security cameras);
- In compliance with legal obligations (for example, use of Employee information to comply with regulatory, tax, labor, social security and audit obligations;
- In the regular exercise of rights, when the use of Personal Data is necessary so that ENESA ENGENHARIA S.A. can defend its rights, in judicial, administrative or arbitration proceedings (for example, storage of Employee data after their departure from ENESA ENGENHARIA S.A.);
- In the need to prevent fraud and Employee security, in the processes of identification and authentication of registration in electronic systems (for example, collection of biometrics for access to ENESA ENGENHARIA S.A. establishments); and
- In consent, in exceptional situations, in which other legal bases are not applicable and where there is effectively a free expression of will, by signing a specific document that regulates this treatment.
7. SHARING OF EMPLOYEES’ PERSONAL DATA WITH THIRD PARTIES
In some situations, ENESA ENGENHARIA S.A. shares Personal Data of Employees with third parties for the purposes described in this Policy, in the following situations:
With clients/partners or potential clients/partners, in the following situations: (a) when audited; (b) in sales prospecting situations, partnerships and other types of commercial relationships, for example, when ENESA ENGENHARIA A. schedules meetings or commercial phone calls; and (c) in the provision of services, such as when Employees allocated to the SAC provide assistance to users.
With public bodies, courts or other public authorities where necessary to comply with the law, respond to a court order, administrative or judicial process or any other lawful request of public authorities (including for national security or law enforcement purposes).
8. SECURITY AND STORAGE
ENESA ENGENHARIA S.A. will do everything possible to keep Personal Data safe at all times and will even adopt security and protection, technical and administrative measures, compatible with the nature of the data collected, used and stored and appropriate market practices. However, ENESA ENGENHARIA S.A. cannot guarantee that such security measures are error-free or that they are not subject to interference from third parties (hackers, among others). By its nature, despite the best efforts of ENESA ENGENHARIA S.A., any security measure may fail and any data may become public. ENESA ENGENHARIA S.A. WILL NOT BE RESPONSIBLE FOR SUCH TYPE OF DATA LEAKAGE, within the limits of the law.
ENESA ENGENHARIA S.A. may store your Personal Data on servers outside Brazil and/or use service providers that are not located in Brazilian territory. In these cases, the
ENESA ENGENHARIA S.A. will observe the legal requirements for such international transfers, ensuring the same level of security applied to treatments carried out in Brazilian territory.
9. RETENTION TIME OF PERSONAL DATA OF EMPLOYEES AND FORMER EMPLOYEES
ENESA ENGENHARIA S.A. stores Employee Personal Data in accordance with local data retention policies, as required by applicable laws and/or in accordance with other internal policies. ENESA ENGENHARIA S.A. retains Personal Data for a reasonable period of time after the end of the employment relationship to comply with legal custody obligations (some labor rules may require the retention of some data on payment of charges, for example, for several years ), to answer questions from the Employee or related to the activities provided in favor of ENESA ENGENHARIA S.A. or to deal with any legal issues (for example, legal or disciplinary actions), to document the appropriate termination of the contract or the relationship maintained between the Employee and ENESA ENGENHARIA S.A. and/or provide you with other ongoing benefits and confirm your professional history with ENESA ENGENHARIA S.A.
10. EMPLOYEES’ RIGHTS AND OPTIONS IN RELATION TO THEIR PERSONAL DATA
ENESA ENGENHARIA S.A. strives to comply with all rights granted to data subjects in accordance with relevant and applicable laws. To the extent determined by applicable law and except for the legitimate interest and legal obligation of ENESA ENGENHARIA S.A., Employees have the following rights as holders of Personal Data:
- Right to confirm the existence of Personal Data processing and to request access to Personal Data;
- Right to correct, update or request the deletion of your Personal Data when it is incorrect or when it is excessive or unnecessary;
- Right to oppose the processing of your Personal Data and request that ENESA ENGENHARIA S.A. block the processing of your Personal Data when this is illegitimate;
- Right to portability;
- Right to request information about entities with which ENESA ENGENHARIA S.A. shared the Personal Data of its Employees;
- Right to withdraw your consent in relation to data processing carried out based on the Withdrawal of consent will not affect the legality of any processing that ENESA ENGENHARIA S.A. carried out before its withdrawal, nor the processing of Personal Data carried out on other legal bases.
- Right to complain to a data protection authority about the collection and processing of Personal Data carried out by ENESA ENGENHARIA A., if carried out in violation of current legislation.
Under the law, especially in relation to the rights in items (ii) and (iii), ENESA ENGENHARIA S.A. has the right not to comply with the Employee’s request if the retention or processing of the data is necessary to comply with legal obligations or when it is legally permitted to retain Personal Data.
If the specific situation does not allow the Employee’s request to be met, in whole or in part, ENESA ENGENHARIA S.A. will justify its refusal, in a clear and transparent manner.
11. CONTACT DETAILS
ENESA ENGENHARIA S.A. has provided the following contact channels to submit requests and clarify doubts:
- DPO/Data Officer: Itamar Rodrigues Barbosa;
- E-mail: encarregado@enesa.com.br
12. ACCEPTANCE AND CODE OF CONDUCT and ETHICS
This document appears as an annex and is an integral part of the Enesa Engenharia S.A. Code of Ethics and Conduct, the content of which is known and upon acceptance, characterizes the application of the aforementioned rules.
Questions and requests for data deletion should be sent by email to:
Itamar Rodrigues Barbosa
Data Manager: