PEOPLE PRIVACY STATEMENT

Effective Date: June 10, 2021

For all employees, freelancers and workers residing in the State of California and engaged by a VICE Media Group owned and operated company.

The VICE Media Group together with its parents, affiliates, and/or subsidiaries (“VMG”, “we,” “our” or “us“) wants to make sure that the personal information we collect about you is managed in accordance with the California Consumer Privacy Act (the “CCPA”). This People Privacy Statement (the “Privacy Statement”) aims to explain how we collect, use and share your personal information during and after your working relationship with us.

LET’S START WITH A LEGAL BIT…

Your personal information is collected by the VMG company that entered into an offer letter or employment contract, relationship or a contract for services with you (contact details for your appropriate VMG company are set out at Schedule 1 to this Privacy Statement). The purpose of this notice is to fully inform you about the ways in which we process your personal information.

We need you to read this notice (together with any amendments to this Privacy Statement in the future), so that you’re aware of what we’re doing with your personal information and why we’re doing it.

This Privacy Statement is not an employment contract nor offer of employment, and nothing in this Privacy Statement should be construed as a promise of continued employment or employment for a defined period of time. This Privacy Statement may be updated by VMG at any time. Should we change our approach to data protection, you will be informed of these changes or made aware that we have updated this Privacy Statement.

This Privacy Statement applies to all employees, freelancers and workers residing in the State of California and engaged by a VICE Media Group company. The Privacy Statement was last updated and reviewed in June 2021.

SO YOU WANT TO KNOW WHAT VMG IS DOING WITH YOUR PERSONAL INFORMATION?

What type of personal information do we collect about you and process?

“Personal information” means any information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular individual or household. Your personal information is collected by the VMG company that entered into an offer letter or employment contract, relationship, or a contract for services with you. Your personal information may need to be processed by other VMG companies, for their own independent purposes. We collect the following categories of personal information:

  • Identifiers, such as a real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, Social Security number, driver’s license number, passport number, or other similar identifiers
    • SOURCE(S): Directly from you
    • HOW WE USE IT: For administrative employment purposes (see below)
    • HOW WE SHARE IT: Third party service providers who help us perform administrative employment services
  • Personal information categories listed in the California Customer Records statute (Cal. Civ. Code §1798.80(e)), such as name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver’s license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information
    • SOURCE(S): Directly from you, From third parties, such as tax authorities and benefits providers
    • HOW WE USE IT: For administrative employment purposes (see below)
    • HOW WE SHARE IT: Third party service providers who help us perform administrative employment services
  • Protected classification characteristics under California or federal law, such as age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), breastfeeding, sexual orientation, veteran or military status, genetic information (including familial genetic information)
    • SOURCE(S): Directly from you, From third parties, such as medical reports from external professionals or benefits providers
    • HOW WE USE IT: For administrative employment purposes (see below)
    • HOW WE SHARE IT: Third party service providers who help us perform administrative employment services
  • Internet or other similar network activity, such as browsing history, search history, information on a consumer’s interaction with a website, application or advertisement
    • SOURCE(S): Indirectly from you
    • HOW WE USE IT: For administrative employment purposes (see below)
    • HOW WE SHARE IT: Third party service providers who help us perform administrative employment services
  • Geolocation data, such as physical location or movements
    • SOURCE(S): Directly from you
    • HOW WE USE IT: For administrative employment purposes (see below)
    • HOW WE SHARE IT: Third party service providers who help us perform administrative employment services
  • Professional or employment- related information, such as current or past job history or performance evaluations
    • SOURCE(S): Directly from you, From third parties, such as previous employer(s), information from third parties acting on your behalf (e.g. recruitment/employment agencies), LinkedIn, or the results of a background check (where permitted by applicable law)
    • HOW WE USE IT: For administrative employment purposes (see below)
    • HOW WE SHARE IT: Third party service providers who help us perform administrative employment services
  • Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. § 1232g, 34 C.F.R. Part
    99)),
    such as education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records

    • SOURCE(S): Directly from you, From third parties, such as LinkedIn, or the results of a background check (where permitted by applicable law)
    • HOW WE USE IT: For administrative employment purposes (see below)
    • HOW WE SHARE IT: Third party service providers who help us perform administrative employment services
  • Inferences drawn from other personal information, such as a profile reflecting a person’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes
    • SOURCE(S): Indirectly from you
    • HOW WE USE IT: For administrative employment purposes (see below)
    • HOW WE SHARE IT: Third party service providers who help us perform administrative employment services
  • Sensory data, (such as audio, electronic, visual, thermal, olfactory or similar information)
    • SOURCE(S): Directly from you
    • HOW WE USE IT: For administrative employment purposes (see below)
    • HOW WE SHARE IT: Third party service providers who help us perform administrative employment services

How is your personal information collected?

We collect personal information from you as described in this policy or as may be notified to you by VMG from time to time. Please note that if you do not provide certain information when requested or if you ask that we stop processing your personal information, we may not be able to perform the offer of employment or contract we have entered into with you (such as paying you or providing you with a benefit as applicable), or we may be prevented from complying with our legal obligations (such as to ensure the health and safety of our personnel).

It may be mandatory for us to collect certain personal information about you. This will be the case where the law or a contract between you and the VMG company requires that your personal information is obtained. It will also be the case where collection of 5 your personal information is necessary for the VMG company to enter into an offer or employment or contract with you.

You provide personal information about yourself and others

For instance, personal information that you provide to your local HR team, enter into the Employee Reporting Hotline, or enter directly into Workday or other human resources information system (“HRIS”). Certain information, such as your banking details, are important – without this kind of information, the VMG company cannot fulfill its obligations to you under an offer letter, employment contract or contract for services.

You may also provide us with personal information about others, notably your dependents and other family members. This tends to happen for HR administration and management reasons. For example, the information may be needed for the administration of benefits or because we need to contact your next-of-kin in an emergency situation that occurs while you’re working with VMG. Before you provide us with the personal information of others, please make sure that you have permission to share their personal information with VMG.

We may collect personal information from other organizations

We may obtain information about you from other organizations. For example, we may gather: references from your previous employer(s); information from third parties acting on your behalf (e.g. recruitment/employment agencies or labor unions); medical reports from external professionals; information from tax authorities and benefits providers; details of your professional career from publicly available sources such as LinkedIn; and, the results of a background check (where permitted by applicable law).

How do we use your personal information?

Personal information

We may collect and further process your personal information for various purposes subject to local law. We’ve listed such purposes below. Please note, however, that this is not an exhaustive list of the purposes for which we process personal information.

FOR RECRUITMENT AND HUMAN RESOURCES PURPOSES

  • Recruitment, training, development, promotion, career and succession planning;
  • Appropriate vetting for recruitment and team allocation including, where relevant and appropriate, right to work verification, criminal record checks (where permitted by law), relevant employment history, relevant professional qualifications;
  • Managing conduct, performance, capability, absence and grievance related reviews, allegations, complaints, investigations and processes and other informal and formal HR processes and making related management decisions;
  • To support HR administration and management. This includes maintaining and processing general records necessary for the management of personnel and to operate the offer letter or employment contract or contract for services between you and the VMG company;
  • Administration, consultations or negotiations with labor unions and their representatives;
  • Processing information about absence or (where required or permitted by applicable law) medical information regarding physical or mental health or condition in order to: assess eligibility for incapacity or permanent disability related remuneration or benefits; determine fitness for work; facilitate a return to work; make accommodations to duties or the workplace; administers leaves of absences; and make management decisions regarding employment or engagement (and the terms and conditions which will apply), or continued employment or engagement, or redeployment, and conduct-related processes;
  • Complying with reference requests from potential employers where VMG is named as a referee;
  • To centralize HR administration and management processing operations in an efficient manner for the benefit of our personnel;
  • To provide support and maintenance for the HRIS; and
  • Conducting surveys for benchmarking and identifying improved ways of working, personnel relations and engagement at work. These will often be anonymous but may include profiling data such as age to support any analysis of the results.

FOR FINANCE AND PAYROLL PURPOSES

  • Providing and administering remuneration, benefits and stock option plans, processing wage garnishments and making appropriate tax, social security deductions and contributions in accordance with applicable local laws.

FOR BUSINESS OPERATIONS PURPOSES

  • Allocating and managing duties and responsibilities and the business activities to which they relate;
  • To develop, produce and exploit any digital or television content created by VMG that you may work on or appear in including both video and editorial content;
  • Communications between personnel, suppliers and clients who VMG works with;
  • For planning, managing and carrying out restructuring or redundancies or other change programs including appropriate consultation, selection, alternative employment searches and related management decisions;
  • Operating email, IT, internet, social media, HR-related and other company policies and procedures. The company carries out monitoring of VMG IT systems to protect and maintain the systems; to ensure compliance with VMG policies and to locate information through searches where needed for a legitimate business purpose;
  • Planning, due diligence and implementation in relation to a commercial transaction or service transfer that impacts your relationship with VMG. For example, mergers and acquisitions or a transfer of your employment under automatic transfer rules if applicable under local laws;
  • For business operational and reporting documentation;
  • To operate the relationships with customers and suppliers. This may include the disclosure to customers of your contact details, curriculum vitae information, or photographic images. Disclosure of personal information to suppliers may also be necessary;
  • Where relevant for publishing appropriate internal or external communications or publicity material including via social media in appropriate circumstances; and
  • To change access permissions to VMG operated workplaces and internal technology systems.

FOR LEGAL AND OTHER PURPOSES

  • Complying with applicable laws and regulation (for example, sick leave or parental leave legislation, working time and health and safety legislation, taxation rules, other employment laws and regulations to which VMG is subject);
  • Where required or permitted by applicable law, monitoring and review programs to ensure equality of opportunity, pay and diversity with regard to personal characteristics protected under local anti-discrimination laws and job descriptions, and implementing any changes required as a result of such programs;
  • To enforce our legal rights and obligations, and for any purposes in connection with any legal claims made by, against or otherwise involving you;
  • To comply with lawful requests by public authorities (including without limitation to meet national security or law enforcement requirements), discovery requests, or where otherwise required or permitted by applicable laws, court orders, government regulations, or regulatory authorities (including without limitation matters relating to data protection, tax and employment), whether within or outside your country; and
  • Together with any other related purposes permitted by applicable privacy and data protection legislation including legitimate interests pursued by VMG where this is not overridden by the interests or fundamental rights and freedoms of personnel.

What are your obligations with respect to data protection?

As well as having certain rights over your personal information, you must also comply with applicable data protection laws when processing personal information. It may be that as part of your job, you process personal information about employees or about other individuals you work with or who are associated with our company, or are asked to disclose personal information by others. Even if you do not have direct involvement with personal information as part of your job, there may be times when you are asked by others to supply personal information. At all times you should be mindful of your obligations with regards to data protection. Any breach of applicable data protection laws or this notice may lead to disciplinary procedures, up to and including termination.

ONLY THOSE THAT SHOULD KNOW, KNOW.

Who has access to your personal information?

When we share your personal information within VMG

We keep your personal information within VMG on our secure servers. This means that your personal information may be shared with other VMG companies. The following people and teams within VMG may be granted—on a need-to-know basis— access to your personal information:

  • local, regional and global HR managers and HR team members;
  • local, regional and executive management responsible for managing or making decisions in connection with your relationship with VMG, or when involved in an HR process concerning your relationship with VMG;
  • internal system administrators; and
  • where necessary for the performance of specific tasks or system maintenance, teams such as the Legal, Finance, IT Department and the Global HRIS support team.

Basic personal information, such as your name, location, job title, contact information, any published skills and experience profile, as well as any photo that you upload to the HRIS, may be accessible to all personnel for business purposes via the HRIS and local intranets.

When we share your personal information outside of VMG

We may need to grant organizations outside of VMG access to your personal information. To help you understand who these organizations are, here is a non- exhaustive list of the categories of organizations with whom we may share your personal information:

  • Organizations (and their subcontractors) that provide technology solutions and/or support for the benefit of VMG. For example:
    • Organizations such as Google and Amazon Web Services who we instruct to provide systems and technologies which are used to support internal business operation and day-to-day communications only (for example the G-Suite products like Google hangouts and Gmail).
    • Organizations such as Workday that have been engaged by VMG to host, support and otherwise maintain the HRIS.
    • Organizations that provide VMG with systems which interconnect with the HRIS. These systems include expenses management software from Concur, SAP and/or the applicable enterprise resource planning (“ERP”) system, local payroll and benefits systems.
    • Organizations such as Lighthouse and Tequitable who provide and manage employment relations services such as VMG’s whistleblowing and compliance hotlines and ombudsman service.
  • VMG’s professional advisers, as may be necessary from time to time. For example, insurers, bankers, investors and business partners, IT administrators, lawyers, auditors, consultants, payroll providers and administrators of VMG’s benefits programs.
  • Authority, agency or other body with jurisdiction.

When we share personal information with organizations outside of VMG, we require those organizations to treat the information in accordance with applicable law, including laws about data confidentiality and security. And, where we engage those organizations (such as our payroll providers) to process personal information on our behalf, we will require that information is treated consistently with this Privacy Statement.

For further details of the organizations outside of VMG that have access to your personal information please email employmentlegal@vice.com.

Is your personal information sent to other countries or territories?

As mentioned in the section entitled Who has access to your personal information,? your personal information may be shared with other VMG companies as well as organizations outside of VMG. These organizations may be located in various locations worldwide. This means that your personal information may be transferred to a country or territory that is outside of the country in which you work.

How long do we keep your personal information?

In general, we keep your personal information for as long as it is required bearing in mind the purpose(s) for which it was collected. We only keep your information for as long as is reasonably necessary for the purposes set out in this Privacy Statement. What this means in practice will vary between different types of information, and when we consider our approach, we take into account any ongoing need for the information, as well as our legal obligations for example in relation to tax, health and safety, employment rights and potential or actual disputes or investigations.

WHO’S GOT RIGHTS? YOU’VE GOT RIGHTS!

By law, you have a number of rights when it comes to your personal information. We’ve detailed these rights below. For further information regarding your rights, or to exercise any of your rights, please contact employmentlegal@vice.com.

  • The right to be informed
    • You have the right to be informed as to the categories of personal information collected by us and the purposes for which the categories of personal information is used. This is why we’re providing you with the information in this Privacy Statement.
  • The right of access
    • You may ask to see the personal information we hold about you, but know there are instances where applicable law or regulatory requirements allow or require us to refuse to provide some or all of the personal information that we hold about you. Please note that a large amount of information we hold about you is accessible via Workday (or the applicable HRIS program), and you’re encouraged to access this information via the HRIS yourselves before requesting access from your HR Business Partner.
  • The right to rectification
    • You may request that any inaccuracies in your personal information are corrected. We aim to ensure that all personal information is correct and up-to-date. You also have a responsibility to notify us of any changes to your personal circumstances that may render your information inaccurate – for example, any change of address or bank account.
      You can update most of the personal information that we hold about you by logging into Workday. Certain information can only be amended with the help of your local HR Business Partner, so please contact them if necessary.

 

How will we handle a request to exercise your rights?

We’ll respond as soon as we can. Generally, this will be within 45 days from when we receive your request but, if the request is going to take longer to handle, we’ll come back to you and let you know.

We usually act on requests and provide information free of charge, but may charge a reasonable fee to cover our administrative costs of providing the information for:

  • excessive/repeated requests, or
  • further copies of the same information.

Alternatively, the law may allow us to refuse to act on the request.

How do we keep your personal information safe and secure?

Taking into account state of the art measures and the cost of implementing them, VICE uses a variety of technical and organizational methods to secure your personal information in accordance with applicable laws.

We are committed to protecting the security of the personal information you share with us. In support of this commitment, we have implemented appropriate technical and organizational measures to help to protect your personal information against:

  • unauthorized or accidental destruction, alteration and/or disclosure;
  • theft and accidental loss, and/or unauthorized access;
  • misuse;
  • damage; and/or
  • any other form of unauthorized processing.

VICE implements the following precautions:

  • Servers: VMG uses servers that are up to date with both virus scanning and intrusion protection. VMG or trusted partners ensure that steps are taken to help keep the information saved on them safe and secure.
  • Firewalls
  • File transmission: VMG employs multiple security layers in file delivery. All files are hashed and encrypted before delivery. They will only allow delivery to servers that have been certified by VMG.
  • File Access: All files require credentials for access. Data is monitored, and file moves logged to ensure that data cannot be migrated without VMG’s knowledge.

Unfortunately, we cannot guarantee the security of your personal information as no security measures are perfect and there is always some risk of security incidents occurring. But we will use our best efforts to mitigate any damage caused as a result of a breach of these data security measures in accordance with all applicable data protection laws.

What should you do if you believe there has been a breach of data protection principles?

It is the responsibility of everyone within the business to protect personal information and deploy reasonable industry standard measures to prevent data breaches from occurring. If you believe that this Privacy Statement or data protection laws have not been followed in respect of personal information about yourself or others, then you should raise the matter immediately with employmentlegal@vice.com. Any breach of applicable data protection laws or this notice will be taken seriously and may result in disciplinary action, up to and including termination of employment.

SO, GOT QUESTIONS?

If you have any questions about the way in which we process your personal information or if you believe your data protection rights have been violated, please email employmentlegal@vice.com.