MOXA Inc.
Statement of Understanding & Privacy notice
Statement of Understanding
“I understand that the hiring decision will not depend solely on the information submitted herein. I hereby guarantee that the information submitted herein is true and complete in every respect. I understand that providing false information will result in immediate withdrawal of any offer of employment or, if already hired, immediate termination.“
Privacy notice
Protecting the personal privacy of every job applicant is a crucial part of gaining and keeping the trust of potential talent. We hope that the data privacy notice (this “Notice”) outlined below serves as an indication of our commitment to protecting the security and privacy of your personal data.
Please read this Notice carefully. We know that the fact that we’ll need to use your personal data may be quite obvious to you. However, the purpose of this Notice is to give you information about how we collect, process, store and otherwise use information about you, and your rights in relation to that information. If you are a resident of the state of California, please see our Supplemental California Privacy Information Notice.
Your personal data – what is it?
Personal data relates to a living individual who can be identified from that data. Identification can be by the data alone or in conjunction with any other data in the data controller’s possession or likely to come into such possession. The processing of your personal data is governed by applicable privacy laws.
What roles do we play in processing your data?
We are the data controller with respect to processing your data (contact details below). This means that we decide how your personal data is processed and for what purposes. We know that you care how data about you is used and shared, and we appreciate your trust that we will do so carefully and sensibly.
When are your personal data collected?
Your data will be collected by us whenever you apply to become our employee and whenever you fill in forms that we send to you.
Our collection and processing of personal data
The personal data we collect include any and all data you provide to us when you apply to a position or enter on our website, provide us information, update or add information about you, or give us in any other way. You can choose not to provide data to us, but we may then not be able to service you where such services require processing such data. We use the data that you provide for purposes administering your use of our services, such as communicating with you and responding to your requests. We may communicate with you by mail, email or telephone. We will collect, process and use the following data:
•identification data, such as name (In local language and in English), citizenship, nationality, resume or CV, educational records, background check information, and application form;
•contact details, such as your e-mail address, address (current and mailing), phone number;
•information about your current and previous job, such as position, business title, employee type, management level, time type (full or part time and percentage), work location, division, department, manager (name, title & contact information), other supporting or project roles, start and end date, job history (including position history, title history, promotion history, and effective dates, compensation related information), your education history and qualifications (including publications, patents, inventions, professional licenses, additional special honors or awards, and membership in professional associations), extracurricular activities, what do you like most/least about your jobs, your preference to business travel, your willingness for relocation nationally or internationally, your preferred on board date, expected salary, and reason for leaving;
•IDs for Moxa recruiting website.
All the data we collect from you are routinely backed up to prevent loss of your data in case of a server breakdown or human error. However, all such copies of your data in our backup database will be retained only for as long as our data retention policy permits (see “How long do we keep your personal data?” below).
How do we process your personal data?
We comply with our obligations under applicable privacy laws by keeping personal data up to date; by storing and destroying it securely; by collecting and retaining only the necessary data that we need to service you; by protecting personal data from loss, misuse, unauthorized access and disclosure and by ensuring that appropriate technical measures are in place to protect personal data. The processing operations we perform on your data covers automated and non-automated means of collecting, recording, organizing, structuring, storing, altering, retrieving, using, transmitting, disseminating or otherwise making available, aligning or combining, restricting, and/or erasing your data. We use your personal data for the following purposes:
•To review your application to become our employee.
•To share your contact details with our affiliate offices around the world within our group companies, for the purposes of internal administration and back-office support.
•To provide IT system and support.
•To detect and investigate data breaches, illegal activities, and fraud.
•To respond to and comply with requests and legal demands from competent authorities.
What is our lawful basis for processing your personal data?
In general, the lawful bases for us to process your personal data for the various types of processing performed on your data (please refer to “How do we process your personal data?” section of this Notice) is, as applicable, processing based on your consent or to pursue the legitimate interest of our Company or of third parties. We will collect, process and use the personal data supplied by you only for the purposes communicated to you and will not disclose your data to third parties except under the circumstances of data disclosure described in the “Sharing your personal data” section below. Where we talk about our legitimate interest or third parties, this can include:
•Assessing your suitability for roles within the Company;
•Implementation and operation of a group-wide organizational structure and group-wide information sharing;
•Right to freedom of expression or information, including in the media and the arts;
•Prevention of fraud, misuse of company IT systems, or money laundering;
•Operation of a whistleblowing scheme;
•Physical security, IT and network security;
•Proposed mergers and acquisitions
Necessity to provide us data
You are not under any obligation to provide us any personal data. As noted below, the choice is yours. However, please note that without certain data from you, we may not able to enter the process of evaluating your application. Of course, we hope it would never come to that, and this is simply information we are obliged to provide to you as part of this Notice.
Sharing your personal data
Your personal data will be treated as strictly confidential, and will be shared only with the categories of data recipients listed below. We will only share your data with third parties outside of the Company to the following entities:
•our affiliated entities within our global group of companies worldwide for internal administration purposes, to detect and deal with data breaches, illegal activities, and fraud, and to maintain the integrity of our information technology systems.
•third party service providers whom we sub-contract to work on our behalf or for us and therefore may have access to your data only for purposes of performing these tasks on our behalf and under obligations similar to those in this Notice, who perform functions such as data processing, auditing, managing and enhancing data, informational systems technical support, to assist us in detecting and dealing with data breaches, illegal activities, and fraud.
•government, courts, or law enforcement agencies, to comply with our obligations under relevant laws and regulations, enforce or defend our policies, respond to claims, or in response to a verified request relating to a government or criminal investigation or suspected fraud or illegal activity that may expose us or you to legal liability; provided that, if any law enforcement agency requests your data, we will attempt to redirect the law enforcement agency to request that data directly from you, and in such event, we may provide your basic contact information to the law enforcement agency.
•third parties involved in a legal proceeding, if they provide us with a court order or substantially similar legal procedure requiring us to do so.
How long do we keep your personal data?
We keep your personal data for no longer than reasonably necessary for the given purpose for which your data is processed. If you will provide us, or have provided us, consent for us to process your data, we will process your data for no longer than your consent is effective. Notwithstanding the above, we may retain your personal data as required by applicable laws and regulations, as necessary to assist with any government and judicial investigations, to initiate or defend legal claims or for the purpose of civil, criminal or administrative proceedings. If none of the above grounds for us to keep your data apply, we will delete and dispose of your data in a secure manner according to our data protection policy.
Your rights and your personal data
Unless subject to an exemption under applicable privacy laws, you have the following rights with respect to your personal data:
•The right to request a copy of your personal data which we hold about you.
•The right to request that we correct any personal data if it is found to be inaccurate or out of date.
•The right to request to erase your personal data where it is no longer necessary for us to retain such data, except we are not obliged to do so if we need to retain such data in order to comply with a legal obligation or to establish, exercise or defend legal claims.
•The right to withdraw your consent to the processing at any time, where we rely on your consent to process your data.
•The right to request that we provide you with your data and where possible, to transmit that data directly to another data controller, where the processing is automated and is based on your consent.
•The right to restrict our processing of your personal data where you believe such data to be inaccurate, our processing is unlawful; or that we no longer need to process such data for a particular purpose unless we are not able to delete the data due to a legal or other obligation or because you do not wish for us to delete it.
•The right to object to us using your personal data, where the legal justification for our processing of your personal data is our legitimate interest. We will abide by your request unless we have compelling legitimate grounds for the processing which override your interests and rights, or if we need to continue to process the data for the establishment, exercise or defense of legal claims.
•The right to lodge a complaint regarding our processing of your data, with the competent authority where you reside or in which your data is processed.
If you would like to exercise any of the above rights, please do so by providing your request to the contact window set forth in the “Contact Us” section. After receiving your request, we will evaluate your request and inform you how we intend to proceed on your request. Under certain circumstances in accordance with applicable privacy laws and regulations, we may withhold access to your data, or decline to modify, erase, port, or restrict the processing of your data. Please be advised that if you exercise the rights to erase data, restrict or object to our processing, or to withdraw your consent, we may not be able to continue our services to you if the necessary data is missing for processing.
Transfer of Data Abroad
As a globally operating company, we must be able to transmit your data to other countries within our global group of companies, for the reasons set forth above. We will be transferring your personal data to the countries and jurisdictions in which our affiliate companies are located. In making such data transfers, we make sure to protect your personal data by applying the level of security required by applicable privacy laws. Where we transfer your data to a country or jurisdiction that cannot guarantee the required level of protection, we have enhanced our IT security measures and have entered into Standard Contractual Clauses with the transferee to require security obligations on the transferee, both of which are intended to increase the protection of your personal data. Standard Contractual Clauses are one of a number of "appropriate safeguards" under the applicable privacy laws that enable the transfer of personal data concerning data subjects within the European Union to jurisdictions that have not been designated by the European Commission as possessing an adequate level of data protection. You may request a copy of such Standard Contractual Clauses from us by providing your request to the contact window set forth in the “Contact Us” section.
Further processing
If we wish to use your personal data for a new purpose not covered by this Notice, then we will provide you with a new notice explaining this new use prior to commencing such further processing for a new purpose, setting out the relevant new purpose and processing conditions. In such case, we will find a lawful basis for further processing, and whenever necessary we will seek your prior written consent to such further processing.
Security
We protect your data using technical measures to minimize the risks of misuse, unauthorized access, unauthorized disclosure, loss or theft, and loss of access. Some of the safeguards we use are data pseudonymization, data encryption, firewalls, and data access authorization controls. We take our data security very seriously. Therefore the security mechanisms used to protect your data are checked and updated regularly to provide effective protection against abuse. The website through which we collect your information are usually encoded using the encryption module of your browser, and are certified for international encryption technique. If necessary, we use SSL (Secure Socket Layers) encryption to protect your personal information. Moreover, we have put in place additional and comprehensive state-of-the-art security measures when your data are accessed via the internet. Firewalls prevent unauthorized access. Diverse encryption and identification layers protect your data from intrusion or disclosure to third parties during data transfer. Furthermore, we internally use sophisticated encoding methods in order to prevent de-coding by unauthorized persons. Moreover, an electronic identifier is generated during data transfer to safeguard your information. If you believe that the security of your data has been compromised, or if you like more information on the measures we use to protect your data, please place your request or inquiry with the contact window set forth in the “Contact Us” section.
Whom should I contact?
If you have any question about this Notice, or if you would like to exercise any of your rights, or if you have any complaints that you would like to discuss with us, please in the first instance send us your signed and dated request, together with a copy of your identity card. Please be as accurate as possible: by post to
Moxa Inc.
Data Protection Committee
Xinzhuang Dist., New Taipei City, Taiwan, R.O.C.
or
by e-mail to privacy@moxa.com
In case of disagreements relating to our processing of your personal data, you can submit a request for mediation or other administrative action to the data protection supervisory authority with the competent authority where you reside or in which your data is processed. Please click here for a list of local data protection authorities in EEA countries:http://ec.europa.eu/newsroom/article29/item-detail.cfm?item_id=612080.
