Effective date: January 30, 2015
Omnicom Group Inc. and its subsidiaries Omnicom Management Inc. and Omnicom Capital Inc. (collectively, “Omnicom”) respect your concerns about privacy. Omnicom has certified that it abides by the Safe Harbor privacy principles as set forth by the U.S. Department of Commerce regarding the collection, storage, use, transfer and other processing of human resources (“HR”) and Suppliers’ (as defined below) representatives Personal Data (as defined below) transferred from the European Economic Area (“EEA”) or Switzerlandto the United States. This Policy describes how we implement the Safe Harbor privacy principles with respect to the relevant Personal Data.
For purposes of this policy:
“Employee” means any current, former or prospective employee, temporary worker, intern or other non-permanent employee of any subsidiary or affiliate of Omnicom who is located in the EEA or Switzerland.
“Personal Data” means any information, including Sensitive Personal Data, that (i) is transferred to Omnicom in the U.S. from the EEA or Switzerland, (ii) is recorded in any form, (iii) relates to an identified or identifiable Employee or Supplier’s representative, and (iv) can be linked to that Employee or Supplier’s representative.
“Sensitive Personal Data” means Personal Data specifying medical or health conditions, racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, sex life, the commission or alleged commission of any offense, any proceedings for any offense committed or alleged to have been committed by the individual or the disposal of such proceedings, or the sentence of any court in such proceedings.
“Supplier” means any supplier, vendor or other third party located in the EEA or Switzerland that provides services or products to Omnicom.
Omnicom’s Safe Harbor certification can be found at https://safeharbor.export.gov/list.aspx. For more information about the Safe Harbor principles, please visit http://www.export.gov/safeharbor.
Omnicom may obtain and process certain Personal Data about Employees in connection with their employmentor other working relationshipwith Omnicom. This Personal Data includes information such as:
- Contact information
- Date of birth
- Government-issued identification information, passport or visa information
- Educational history
- Employment history
- Information about job performance and compensation, and
- Financial account information.
Omnicom processes this Employee Personal Data when carrying out and supporting HR functions and activities, including:
- Recruiting and hiring job applicants
- Managing Employee communications and relations
- Providing compensation and benefits
- Administering payroll
- Processing corporate expenses and reimbursements
- Managing Employee participation in human resources plans and programs
- Carrying out obligations under employment contracts
- Managing Employee performance
- Conducting training and talent development
- Facilitating Employee relocations and international assignments
- Managing Employee headcount and office allocation
- Managing the Employee termination process
- Managing information technology and communications systems, such as the corporate email system and company directory
- Conducting ethics and disciplinary investigations
- Administering Employee grievances and claims
- Managing audit and compliance matters
- Complying with applicable legal obligations, including government reporting and specific local law requirements, and
- For other general human resources purposes.
Omnicom also may obtain and process Personal Data about Employees’ emergency contacts and other individuals (such as spouse, family members, dependents and beneficiaries) to the extent our Employees provide the information to us. We process this information to comply with our legal obligations and for benefits administration and other internal administrative purposes.
In addition, Omnicom obtains Personal Data associated with its Suppliers’ representatives. This information may include contact information and financial account information of the Suppliers’ representatives. Omnicom uses this information to manage its relationships with its Suppliers, process payments, expenses and reimbursements, and carry out Omnicom’s obligations under its contracts with the Suppliers.
Omnicom’s practices regarding the collection, storage, use, transfer, and other processing of Personal Data comply, as appropriate, with the Safe Harbor principles of notice, choice, onward transfer, access, security, data integrity, and enforcement and oversight.
Relevant information also may be found in privacy notices pertaining to specific data processing activities.
Omnicom may disclose Personal Data without offering an opportunity to opt out (i) to service providers the company has retained to perform services on its behalf, (ii) to other Omnicom group companies performing services on its behalf, (iii) if it is required to do so by law or legal process, (iv) to law enforcement or other government authorities, or (v) when Omnicom believes disclosure is necessary to prevent physical harm or financial loss, or in connection with an investigation of suspected or actual illegal activity. Omnicom also reserves the right to transfer Personal Data in the event it sells or transfers all or a portion of its business or assets (including in the event of a reorganization, dissolution or liquidation). Omnicom uses Personal Data only for the purposes indicated in this Policy unless it has a legal basis, such as consent, to use it for other purposes. To the extent required by law, Omnicom obtains prior opt-in consent at the time of collection from Employees for the processing of Sensitive Personal Data.
Onward Transfer of Personal Data
Omnicom may share Personal Data with third parties as indicated in the “Choice” section above. Except as permitted or required by applicable law, Omnicom requires third partiesto whom it discloses Personal Data and who are not subject to the European Union Data Protection Directive 95/46 or an adequacy finding to either (i) subscribe to the relevant Safe Harbor principles or (ii) contractually agree to provide at least the same level of protection for Personal Data as is required by the relevant Safe Harbor principles.
Where appropriate, Omnicom provides Employees and Suppliers’ representatives with reasonable access to the Personal Data Omnicom maintains about them. Omnicom also provides a reasonable opportunity for Employees and Suppliers’ representatives to correct, amend or delete that information where it is inaccurate, as appropriate. Omnicom may limit or deny access to Personal Data where providing such access is unreasonably burdensome or expensive under the circumstances, or as otherwise permitted by the Safe Harbor principles. The right to access Personal Data also may be limited in some circumstances by local law requirements.
Omnicom takes reasonable precautions to protect Personal Data from loss, misuse and unauthorized access, disclosure, alteration and destruction.
Omnicom takes reasonable steps to ensure that the Personal Data the company processes is (i) relevant for the purposes for which the Personal Data is to be used,(ii) reliable for its intended use, and (iii) accurate, complete and current. In this regard, Omnicom depends on Employees and Suppliers’ representatives to update and correct their Personal Data to the extent necessary for the purposes for which the information was collected or subsequently authorized by the individuals.
Enforcement and Oversight
Omnicom has established procedures for periodically verifying implementation of and compliance with the Safe Harbor principles. Omnicom conducts an annual self-assessment of its Personal Data practices to verify that the attestations and assertions the company makes about its privacy practices are true and that the company’s privacy practices have been implemented as represented.
Employees and Suppliers’ representatives may file a complaint concerning Omnicom’s processing of their Personal Data with the Corporate Legal Department, whose contact information is below. Omnicom will take steps to remedy any issues arising out of a failure to comply with the Safe Harbor principles.
If an Employee’s complaint cannot be resolved through Omnicom’s internal processes, Omnicom will cooperate with the relevant EEA or Swiss data protection authority, as appropriate.
If a Supplier’s representative complaint cannot be resolved through Omnicom’s internal processes, Omnicom will cooperate with JAMS in accordance with the JAMS Safe Harbor Program, which is described on the JAMS website at http://www.jamsadr.com/safeharbor/. JAMS or the Supplier’s representative may also refer the matter to the U.S. Federal Trade Commission, which has Safe Harbor enforcement jurisdiction over Omnicom.
How to Contact Omnicom
Omnicom Group Inc.
Attention: Corporate Legal Department
437 Madison Ave.
New York, NY 10022