Pro Mach, Inc. Data Processing Notice for Employees and New Hires

Pro Mach, Inc. including our related subsidiaries and affiliates, (collectively “ProMach”) is committed to protecting the privacy and security of your Personal Information. As part of the employee enrollment process and in connection with your employment with ProMach, you may be asked to provide, and ProMach will need to retain and process, certain Personal Information about you and other third-parties. We want you to know that we respect your privacy, and place great importance on maintaining the security of Personal Information that you provide to us. This Data Processing Notice (“Notice”) describes how ProMach collects, discloses, and uses your Personal Information, your responsibilities and obligations to ProMach and others, and the data privacy rights afforded to you under certain data protection laws, statutes, and regulations (“Data Protection Laws”). Please read this Notice carefully.

This Notice does not form part of any contract of employment or other agreement to provide services, and nothing in this Notice shall be construed to (in any way) terminate, supersede, undermine, or otherwise modify the status of the employment or professional relationship between you and ProMach, pursuant to which ProMach may terminate the employment or professional relationship at any time, with or without cause, and with or without notice. This Notice imposes no independent obligation on ProMach to proceed with any business transaction or agreement, and does not create any employment or professional relationship between you and ProMach. ProMach may amend or update this Notice from time to time and we will, when necessary and appropriate, notify you of such amendments and updates.

Definitions: For purposes of this Notice, the following terms are defined as followed:

The term “Personal Information” means any information that can be used to distinguish or trace an individual’s identity, either alone or when combined with other personal or identifying information, that is linked or linkable to a specific individual, and that is subject to, or otherwise afforded protection under, any Data Protection Laws.

The term “Sensitive Personal Information” means any Personal Information that poses a risk of financial, reputational, or other harm to an individual if compromised, or that reveals race or ethnicity, political opinions, religious or philosophical beliefs, membership in a trade union, processing of genetic data and biometric data for the purpose of uniquely identifying a natural person, data concerning health, data concerning a natural person’s sex life and sexual orientation and criminal records. For illustrative purposes only, the term Sensitive Personal Information may include, but is not limited to, the following: a national identification number (e.g., Social Security/Insurance Number), driver’s license number, bank account number, credit or debit card number, passport number and date of birth (when in combination with other data that can subject an individual to risk of identity theft), and user names and passwords for online accounts.

Categories/Types of Personal Information: ProMach collects Personal Information for identified and appropriate business purposes, or as may otherwise be required or permitted by law. In particular, the Personal Information that ProMach may collect and process about employees includes: personal and business contact information (including name, home address, work address or location, phone number, and email address); financial information (including bank account and salary details); emergency contact information; beneficiary information; recruitment, pre-employment and employment information including background checks, employment history, educational history, career profiles, attendance records, performance appraisals, corrective actions, benefits-related information and information concerning retirement, resignation, and other types of termination, job title and description, date of hire, working status, employment hours and any written agreements between the employee and ProMach; information relating to work-related claims, internal investigations and disciplinary proceedings; information held for employment law and health and safety purposes; communications data and other data stored on, or transmitted through, ProMach’s information resources (including phone call logs, emails, and internet browsing history); photographs and visual images; driver’s license information; business travel and expense reporting information; Sensitive Personal Information; and other similar information.

Purposes of Data Processing: ProMach collects and uses Personal Information about, or related to, our employees and others for a broad range of routine legal, business and human resource management purposes, including the following: staffing and organizational planning (including recruitment, retention, and succession planning); personnel management and administration; background checks and verification of references and qualifications; processing payroll, withholding taxes (or addressing other income tax matters), administering other required withholdings, or complying with various reporting or disclosure obligations under applicable law; designing, evaluating, or administering compensation and benefits (such as salary, bonuses, pensions, medical benefits, insurance policies, vacation, and leaves of absence or other leave entitlements) or other human resources programs; designing, evaluating, or implementing employment-related education and training programs; facilitating, monitoring, or evaluating employee conduct, attendance, and performance; facilitating business communications, negotiations, transactions, conferences and travel; preparing for, facilitating, executing, or otherwise supporting any transaction or potential transaction involving all or a portion of the business; facilitating employee investigations (including suspected misconduct or non-performance of duties); maintaining and improving workplace and employee safety, health, and security (including security systems); monitoring compliance with company policies, procedures, and processes; facilitating compliance with contractual and legal obligations; facilitating diversity objectives and compliance with diversity requirements; authorizing, granting, administering, monitoring, improving, and terminating access to, use of, or the efficiency of ProMach’s electronic systems, information resources, facilities, records, property and infrastructure to the extent permitted and in compliance with law; budget planning and administration; protecting ProMach’s assets, including and, in connection with, internal investigations, through the (a) monitoring and review of email, communications, and information on ProMach’s information resources to the extent permitted by, and in compliance with, law; (b) backup or storage of information on ProMach’s desktops/laptops and other ProMach’s information resources; and (c) authentication of employees’ identities and the implementation of security measures; facilitating decision-making with regard to employees to the extent permitted and in compliance with law; maintaining global employee directories, emergency contact information and beneficiary details; preparing for, defending, or participating in litigation or potential litigation; understanding and improving business operations; facilitating and providing services for the relocation and movement of employees and family members; conducting auditing, accounting, financial, or economic analyses; maintaining and/or retaining current and former employees’ and job candidates’ business and employment records; when relevant to the job function of the employee, supplying business contact information, including names, images, and other business contact information by means of website posting, business cards, brochures, or other promotional media to ProMach’s current and potential employees, customers, suppliers, contractors, joint venture partners, teammates, or other business associates; complying with applicable law and other legal requirements; and other reasons permitted or required by law.

In the event that our data processing will occur for reasons outside of those detailed in this Notice, additional notification of that processing will, if required by Data Protection Law, be provided. ProMach does not undertake any decision-making concerning its employment activities solely by automated means and without any human involvement.

Disclosure of Personal Information: When appropriate to support ProMach’s management and administration, or to comply with legal or regulatory obligations, ProMach may disclose, transfer, or otherwise share Personal Information with authorized third-parties, such as any ProMach affiliate or subsidiary, or third-party vendors and service providers. For example, as part of our data sharing practices, we may provide Personal Information to regulatory and law enforcement authorities, or ProMach’s outside legal counsel, auditors, and other professional advisors when required by law or to further our business interests. We may also disclose your Personal Information to third-party service providers, such as the payroll company we use to facilitate payment obligations, the administrator of our group pension plan, brokers who we use to obtain insurance for your benefit, our private medical care provider, our private dental care provider, providers of online training services, external training providers, employment screening and verification support services, and other types of service providers (e.g., our cloud storage providers). ProMach may also share your Personal Information with potential acquirers or investors of ProMach, or the business area in which you work. We may share your Personal Information in the event of a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of ProMach’s practice or assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which Personal Information held by ProMach, in any form or format, is among the assets transferred.

Data Retention: The Personal Information you provide to ProMach may be stored electronically, and/or in hard copy. ProMach implements appropriate technical and organizational measures, commensurate with the nature, scope, context, purposes, and risks of processing, associated costs, and business resources, during its data processing activities, including protections to mitigate the risk of unauthorized or unlawful processing and accidental loss, destruction, or damage. These measures include password protections for online information systems, anonymization of data in certain circumstances, and restricted access to Personal Information, such as when Personal Information is processed by ProMach’s Human Resources Department. ProMach employees and authorized third-parties that have access to your Personal Information are bound by confidentiality obligations, and are required to treat your Personal Information in accordance with applicable legal requirements. ProMach will only retain your Personal Information so long as it is necessary to perform a function for which it was originally collected, which may include the management and administration of pre-, current, and post-employment relationships.

If you are offered, and accept, an employment position with ProMach, we will retain the information you provided during the employment application and recruitment process in accordance with our employee records schedule, to which you will have access upon your start of employment. If you are not provided, or accept, an employment offer, ProMach will retain your personal information in accordance with our internal retention management process, which is designed to ensure that records no longer necessary for legal, regulatory, administrative or business purposes may be disposed of in a timely manner.

International Data Transfers: ProMach is a global corporation and located in jurisdictions across the world. The Personal Information that ProMach collects, uses, and retains may be stored in United States and other countries in which we, or our service providers, have locations. Please be aware that your Personal Information may be retained in a country that does not provide the same level of protections as the laws in your country of residence or location. In addition, ProMach does not participate in the U.S. Privacy Shield program. To the extent we transfer your Personal Information outside the jurisdiction in which you reside, we will do so using appropriate and suitable safeguards in compliance with applicable Data Protection Laws.

Your Data Rights and Responsibilities: Depending on the jurisdiction in which you reside, or where ProMach conducts its data processing activities, you may be afforded additional rights or privileges under applicable Data Protection Laws. Schedule 1 sets forth those additional data protection rights or privileges.

To the extent your provide ProMach with Personal Information, including the Personal Information on a third-party, you must (i) ensure, on a continuing basis, the accuracy, reliability, and relevancy of such Personal Information, (ii) only collect and provide to ProMach such Personal Information in accordance with all applicable Data Protection Laws, including when applicable, in accordance with all data processing notice and consent requirements, and (iii) inform the third-parties whose Personal Information you provide to ProMach, or who the third-party directly provides ProMach to facilitate or engage in a personal, non-business, related function with you, that the ProMach will collect and retain such Personal Information in accordance with our website privacy policy, which may be amended from time to time. Without limiting the foregoing, you must, promptly and without delay, notify ProMach (preferably in writing) of any amendments that need to be made to your Personal Information to ensure its accuracy, reliability, and relevancy. If you choose not to provide us with the Personal Information identified herein, then ProMach may not be able to satisfy our own contractual or legal obligations, and, in such circumstances, continued employment with ProMach may not be permissible. You acknowledge and agree that ProMach shall not be held liable for any consequence directly resulting from these circumstances. For general information about ProMach’s consumer privacy practices, please visit https://www.promachbuilt.com/privacy/.

Contact Information: If you have questions, concerns, or comments related to how ProMach processes your Personal Information, including whether you would like to exercise the rights and privileges described herein, please email Privacy@ProMachBuilt.com. In the alternative, you can write to us at the following:

Pro Mach, Inc.
ATTN: Privacy Request
50 East Rivercenter Blvd., Suite 1800
Covington, KY 41011 U.S.

SCHEDULE 1

JURISDICTION SPECIFIC DATA PROTECTION LAWS

If your Personal Information is subject to, or afforded protection under, any of the following Data Protection Laws, then you are entitled to receive notice of the following:

The European Union (“EU”), General Data Protection Regulation (“GDPR”)

To the extent permitted by the EU GDPR or an EU Member State law, you may request the following: access to the Personal Information we hold about you; that inaccurate, outdated, or no longer necessary Personal Information be corrected, erased, or restricted; and, we provide your Personal Information in a format that allows you to transfer it to another entity. You also may withdraw your consent at any time if, and only if, we are solely relying on your consent for processing your Personal Information. You may object to, or seek to restrict, our processing of your Personal Information. We process your Personal Information in accordance with the legal bases set forth in the GDPR. For example, our processing of Personal Information (as described herein) is justified based on the following statutory grounds, which may overlap: (1) processing is based on your consent; (2) processing is necessary for our legitimate business interests as set out herein; (3) processing is necessary for the performance of a contract to which you are a party; and (4) processing is required to comply with a legal or statutory obligation in the EU or in an EU Member State. Any issues, concerns, or complaints you have regarding how ProMach processes your Personal Information can be raised to the applicable supervisory authority: https://edpb.europa.eu/about-edpb/board/members_en.

The California Consumer Privacy Act of 2018

The California Consumer Privacy Act of 2018, as amended, (“CCPA”) requires certain businesses that collect Personal Information on California “consumers” (as defined in the CCPA) to, at, or before the point of collection, inform consumer as to the categories of Personal Information to be collected and the purposes for which the categories of Personal Information shall be used. The types of Personal Information that ProMach collects from its employees, workers, contractors, and agents, and the purposes for which such Personal Information is used, is set forth in this Notice. We do not sell or rent Personal Information that we have collected or retain about you to any other third-party for any purpose. Accordingly, we do not offer individuals the ability to “opt-out” of the selling or renting of Personal Information because we do not engage in those practices.