Privacy Notice

Recruitment Privacy Notice for Lutech Resources

1. INTRODUCTION AND SCOPE

Lutech Resources (the “Company”) is committed to upholding the principles of privacy and data protection. Like most global organizations, we hold and Process (as defined in Annex 1 – Supplementary Information) a wide range of personal information and data, some of which relates to individuals who apply to work for us (“Applicant Data”). The Company provides this Recruitment Privacy Notice to explain our practices regarding the collection, use, and other Processing activities of certain Applicant Data, as described in more detail below.

This Notice is made up of this notice (the “Core Notice”); Annex 1, which contains supplementary information to the Core Notice; and Annex 2, which contains information relevant to specific jurisdictions, including contact information. The notice focuses on individuals who are applying to work for us and the data we process as part of that process. We have a separate notice that applies to our current and former employees.

In brief, this Notice explains:

  • what Applicant Data we hold and why we Process it;
    • the legal grounds which allow us to Process your Applicant Data;
    • where the Applicant Data comes from, who the recipients are, and how long we keep it;
    • when there may be transfers of Applicant Data outside of the EEA/UK;
  • how to access your Applicant Data and other rights; and
    • how to contact the Company or express concerns.

This Notice applies to individuals who are applying to work for us and involved in the Processing of Applicant Data and/or otherwise subject to the General Data Protection Regulation (GDPR) and the UK GDPR. This includes all employees, officers, consultants, independent contractors, volunteers, interns, casual workers, agency workers and those engaged by third party companies or personnel services/contract labor companies performing work for our business. When we use the terms ‘employment’ or ‘employee,’ we mean all of these categories of workers. However, nothing in this Notice is intended to create an employment relationship between the Company and any non-employee providing services to us.

2. APPLICANT DATA – WHAT WE HOLD AND WHY WE PROCESS IT

We process Applicant Data for the purposes of our business, including recruitment, management, administrative, employment, and legal purposes.

The Supplementary Information Annex attached provides more specific information on these purposes, including the types of data that may be processed and our legal grounds for processing this data. Please see “Categories of Applicant Data” and “Legal Grounds for Processing Applicant Data.

3.  WHERE THE APPLICANT DATA COMES FROM AND WHO GETS TO SEE IT

Some Applicant Data will be provided directly from applicants. For example, when you tell us your contact details and work history. If you are joining us, you may provide your banking details.

Other personal data may come from third parties such as recruiters acting on your behalf or from your references.

Your Applicant Data may be seen internally by managers, HR and, in some circumstances (if you join us), colleagues. We may, where necessary and as detailed further in this Privacy Notice, also pass your data outside the organisation, for example to third party vendors or consultants (such as payroll agencies) that we retain to support the business.

Further information is provided in the Supplementary Information Annex. See “Where the Applicant Data comes from” and “Who sees Applicant Data?.

4. HOW LONG DO WE KEEP APPLICANT DATA

Although there is no specific period for which the Company will keep your Applicant Data, the Company will not keep it for longer than is necessary for its purposes. In general, if you become employed by us, the Company will keep your Applicant Data for the duration of your employment and for a period afterwards. If you are unsuccessful in gaining employment with us, we will likely keep your personal data for a short period after informing you that you were unsuccessful. In each instance, we will also follow applicable data protection laws in regard to how long we keep your personal data.

See “How long do we keep Applicant Data – more information” in the Supplementary Information Annex.

5. TRANSFERS OF APPLICANT DATA OUTSIDE THE UK OR EEA [FOR THOSE APPLICANTS APPLYING FROM UK/EEA]

We may, where necessary and as set out in this Privacy Notice, transfer your Applicant Data outside the UK or EEA to members of our Company group and other processors as necessary.

Further information on these transfers, and the measures taken to safeguard your data are set out in the Supplementary Information Annex under “Transfers of Applicant Data outside the UK or EEA – more information.”

6. APPLICANT RIGHTS

Applicants have rights in relation to the data we process about them. For example, Applicants have a right to make a subject access request to receive information about the data we process about them.

Further information on this and on the other data subject rights available to Applicants is provided in the Supplementary Information Annex under “Access to your Applicant Data and other rights.” Here, we also explain how to make a complaint about our processing of Applicant Data.

7. QUESTIONS

Applicants who have any questions or complaints about this Notice should contact their recruiter, local HR manager or area compliance representative in the first instance or the contact person set out in Annex 2. You may also raise complaints with your statutory regulator, the contact details of which are set out in Annex 2.

Please note that generally the data controller of your Applicant Data will be your employing/engaging entity (or the employing/engaging entity that you apply to work for) but also entities within the Company with which we share data for business administration purposes.

8. STATUS OF THIS NOTICE

This Notice does not form part of any contract of employment you might enter into and does not create contractual rights or obligations. It may be amended by us at any time. Nothing in this Notice is intended to create an employment relationship between the Company and any non-employee providing services to us.

ANNEX 1 – SUPPLEMENTARY INFORMATION

1. WHAT DO WE MEAN BY “APPLICANT DATA” AND “PROCESSING”?

“Applicant Data” is information relating to you (or from which you may be identified) which is Processed by any means including automatic means or which is (or is intended to be) part of a structured manual or electronic filing system. It includes not only facts about you, but also intentions and opinions about you in relation to the potential workplace or potential employer-employee relationship.

“Processing” means any action to do with data, e.g. collecting it, handling it, disclosing it and deleting it.

2. CATEGORIES OF APPLICANT DATA

The Company may collect and Process the following categories of Applicant Data or employee data (if you are hired), including but not limited to:

  • Personal information: name, gender, and contact information (home and host country addresses, phone number(s), photograph (optional), and emergency contact information), date of birth, government identification numbers, nationality, citizenship/residency, language(s) spoken, personal status (marital status, dependents, military status, veteran status), passport/visa information, and other such data as permitted or required by local law;
    • Employee status: full-time, part-time, permanent, fixed term, active, leave of absence, and employment termination data;
    • Organization information: work contact information, job title, department, employer, cost center, location, hire date and any previous hire or service dates, employee identification number, employee badge number, supervisor, and job function;
    • Compensation information: current base salary and differentials, annual salary, pay scale and range, pay grade, type of employee, average hours worked, incentive information, equity and other compensation program participation, insurance and medical benefits, severance payments, and salary history and terms of employment contract (if any);
    • Payroll information: bank information, tax information, garnishments and deductions, time worked, attendance, vacation information, and other paid time off information;
    • Monitoring information: computer usage information related to your use of company equipment, systems, and other resources;
    • Communication information: email content, business letter content, business documents, and chat content;
    • Performance and talent information: qualifications, evaluations, performance ratings, mentoring information, developmental planning, and other talent management and team-based assessments;
    • Background information: education, training, application and employment background, and other background information commonly used for security screenings; and
    • Employment application information: any information which you provide to us during the application process, including your name, address, contact details, details of previous roles, and details of references.

Applicant Data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, health, trade union membership and genetic and biometric data are subject to special protection(s) and considered by certain applicable privacy law to be “Sensitive or Special Applicant Data.”

If you are hired, the Company may also collect, Process and use the following categories of Sensitive Applicant Data about you from you or from authorized third parties (e.g., your supervisor, public authorities

or public resources) in connection with your employment for specific purposes identified in the tables further outlined below:

  • Sick day information for purposes of administering and providing compensation, administering the workforce (e.g., workforce planning), and compliance with applicable laws and employment-related requirements (e.g., statutory wage tracking);
  • Work-related Fit for Duty/Work Related accidents information for purposes of administering and providing compensation (e.g., insurance compensation), and compliance with applicable laws and employment-related requirements (e.g., work safety, reporting obligations);
  • Disability information (if provided voluntarily) for purposes of administering the workforce (e.g., accommodating the workplace) and compliance with applicable laws and employment-related requirements;
  • Parental leave information for purposes of administering the workforce (e.g., workforce planning), and compliance with applicable laws and employment-related requirements;
  • Religion for purposes of processing visa or other work permits but only to the extent such information is required by the issuing country law and/or agency;
  • Ethnicity for purposes of compliance with applicable laws and employment-related requirements (e.g., EEO 1 reporting in the US);
  • Drug test results for the purposes of ensuring safety within the workplace where the role requires it, and always in compliance with any applicable legislation.

We will only Process your Sensitive Applicant Data if we have a legal ground to do so and if one of the following conditions are met:

  • The Processing is necessary for the purposes of your or our obligations and rights in relation to employment in so far as it is authorized by law or collective agreement;
    • The Processing relates to data about you that you have manifestly made public;
    • The Processing is necessary for the purpose of establishing, making or defending legal claims;
    • The Processing is necessary for provision of health care or treatment, medical diagnosis, and assessment of your working capacity;
    • The Processing is required for equality and diversity purposes to the extent permitted by law.

The provision of Applicant Data and Sensitive Applicant Data as described in this Recruitment Privacy Notice is partly a statutory requirement, partly a contractual requirement under your employment contract or conditions, and partly a requirement to carry out the employment relationship with you. In general, you are obliged to provide the Applicant Data and Sensitive Applicant Data, except in limited instances when we indicate that certain information is voluntary (e.g., in connection with employee satisfaction surveys). In some cases, not providing certain Applicant Data that is essential to your job (for instance where we, for regulatory or legal reasons, are required to verify your legal right to work) may prevent the Company from offering you employment and may impact on our ability to continue your engagement with us.

3.  LEGAL GROUNDS FOR PROCESSING APPLICANT DATA

Under the data protection laws the Company is subject to, there are various grounds on which we can rely when Processing your Applicant Data. In some contexts, more than one ground applies. We have summarized these grounds as Contract, Legal Obligation, Legitimate Interests and Consent and outline what those terms mean in the following table:

TermGround for ProcessingExplanation
ContractProcessing necessary for performance of a contract with you or to take steps at your request to enter a contractThis covers carrying out our contractual duties and exercising our contractual rights directly or via a collective agreement or works council, if applicable.
Legal ObligationProcessing necessary to comply with our legal obligationsEnsuring we perform our legal and regulatory obligations. For example, providing a safe place of work and avoiding unlawful discrimination.
Legitimate InterestsProcessing necessary for our or a third party’s legitimate interestsWe or a third party have legitimate interests in carrying on, managing and administering our respective businesses effectively and properly and in connection with those interests Processing your data.   Your data will not be Processed on this basis if our or a third party’s interests are overridden by your own interests, rights and freedoms.
ConsentYou have given specific consent to Processing your dataIn general Processing of your data in connection with employment is not conditional on your consent. But there may be occasions where we do specific things such as getting a criminal record check for a role which is regulated and rely on your consent to our doing so.

In addition to the main purposes set out earlier in this Notice, more specific information on our purposes and the legal grounds for Processing are set out in the table below.

The examples in the table cannot, of course, be exhaustive. For example, although the table does not mention data relating to criminal offences, if we were to find out that someone working for us was suspected of committing a criminal offence, we will Process that information if necessary for our purposes. If necessary we will also require criminal background checks for certain roles – for example those working in financial roles or working with minors, subject to applicable law.

PurposeExamples of Applicant Data that may be ProcessedGrounds for Processing
RecruitmentStandard data related to your identity (e.g. your name, address, email address, ID information and documents, telephone numbers, place of birth, nationality, citizenship/residency, contact details, professional experience and education (including university degrees, academic    records,    professional  licenses, memberships and certifications, awards  andIt is necessary for us to use Applicant Data to perform our obligations in accordance with any contract we may enter into with the prospective candidate, as well as a legal obligation on us as a company to be able to verify your identity and
PurposeExamples of Applicant Data that may be ProcessedGrounds for Processing
 achievements, and current and previous employment details), financial information (including current salary information) language skills, and any other Applicant Data that you present us with as part of your application related to the fulfilment of the role.conduct any background checks necessary as mentioned below, as well as to make the necessary working adjustments for candidates with disabilities or accessibility needs.
Information concerning your application and our assessment of it, your references, any checks we may make to verify information provided or background checks and any information connected with your right to work.It is also in our legitimate interest to use Applicant Data in this way so that we can carry out informed decisions in relation to your overall application.
If necessary, we will also Process information concerning your health, any disability and in connection with any adjustments to working arrangements. 
Your employment terms or contract including entering it, performing it and changing it (if you are hired by us)Information on your terms or contract of employment from time to time including your hours and working patterns and your pay and benefits, such as your participation in pension arrangements, life and medical insurance, and any bonus or share schemes.It is necessary for us to process Applicant Data to perform our obligations in relation to any employment terms or contract we enter into with you, as well as our legal obligation to govern the employer employee relationship with a written contract.
  It is also in our legitimate interest to have an accurate record of your employment contract for its performance and in the case of variation.
Contacting you or others on your behalfYour address and phone number, emergency contact information and information on your next of kin.It is necessary for us to process Applicant Data to contact you or others on your behalf to fulfill our contractual obligations under our employer contract, as well our legal obligations as an employer.
  It is also in our legitimate interest to have the ability to
PurposeExamples of Applicant Data that may be ProcessedGrounds for Processing
  contact you, or others on your behalf in an emergency.
Payroll administration (if you are hired by us)Information on your bank account, pension contributions and on tax and national or social insurance. Your national or social insurance number or other government issued identifier.It is necessary for us to process Applicant Data to undertake payroll administration to comply with our contractual and legal obligations.
 Information on attendance, holiday and other leave and sickness absence.It is also in our legitimate interest to have the ability to carry out payroll, general HR and business administration in an efficient manner, and to plan around your absence where necessary.
Financial budgetingplanningandInformation such as your salary and (if applicable) bonus levels.It is in our legitimate interest to have the ability to carry out effective financial planning and budgeting for our company.
Supporting and managing your work and performance and any health concerns (if you are hired by us)Information connected with your work, anything you do at work and your performance including records of documents and emails created by or relating to you and information on your use of our systems including computers, laptops or other device.It is necessary for us to process your data to be able to support and manage your work and performance to fulfill our contractual and legal obligations.
 Management information regarding you including notes of meetings and appraisal records, including information you or our managers enter onto our training or appraisal platforms.   Information relating to your compliance with our policies.   Information concerning disciplinary allegations, investigations and processes and relating to grievances or complaints in which you are or may be directly or indirectly involved.It is also in our legitimate interest to have the ability to support our workforce and help career development, ensure compliance with our policies, and the investigation of grievances where this becomes necessary.
PurposeExamples of Applicant Data that may be ProcessedGrounds for Processing
 General information concerning your health, including return to work plans, as permitted or required by local law. 
Changing or ending  your working arrangementsInformation connected with anything that may affect your continuing employment or the terms on which you work including any proposal to promote you, to change your pay or benefits, to change your working arrangements or to end your employment.It is necessary for us to process your data to change or end your working arrangements as part of our contractual obligations.   It is also in our legitimate interest to have the ability to change or end your working arrangements.
Physical and system securityClosed Circuit TV images.   Your IT account and directory information.   Records of use of swipe and similar entry or access cards.   Records of your use of our systems including computers, phones and other devices and passwords.It is our legal obligation to ensure that our premises are safe and secure for the safety of our staff.   It is also in our legitimate interest to keep our locations secure and provide a safe environment for our personnel.
Improving efficiency of IT and business systems and device useRecords of your use of IT and business systems and Company devices.   For example, we may collect information on the number of minutes and amount of data used on Company mobile phones to ensure employees are on the most cost-effective tariff for their usage.   We will, where necessary, and as set out in this Privacy Notice also contract with third parties so you can use third party applications on your Company devices which may assist with your work (for example an application allowing ‘one-click’ dial in to conference calls). Such applications will Process your Applicant Data. The third party’s privacy notices will make clear precisely what information  will  be  collected.  We  may be provided with  information  on  the usage ofIt is in our legitimate interest to ensure and improve efficiency of IT and business systems and device use to enable all our staff to be able to carry out their work effectively.
PurposeExamples of Applicant Data that may be ProcessedGrounds for Processing
 such applications, for example for the purpose of troubleshooting or assessing overall usage and whether to continue to provide them. 
Providing references in connection with your finding new employmentInformation on your working for us and on your performance.To process your data relating to providing you with references to find new employment, you give us your consent to perform this processing activity.   It is also in our legitimate interest to maintain good performance and to provide accurate references.
Providing information to third parties in connection with transactions that we contemplate or carry outInformation on your contract and other employment data that may be required by a party to a transaction such as a prospective purchaser, seller or outsourcer.It is in our legitimate interests to provide information to third parties in connection with transactions related to our business that we contemplate or carry out to ensure that any such transactions go smoothly.
Monitoring of diversity and fair employment opportunitiesInformation on your nationality, citizenship/residency, racial and ethnic origin, gender, religion, disability and age as part of compliance with diversity and fair employment initiatives. Please note we may share aggregated and anonymised diversity statistics with regulators if formally required / requested.It is our legal obligation to ensure our workplace offers fair employment opportunities and promotes diversity within the workplace.   It is also in our legitimate interest to ensure that we have an equal and diverse workforce. This type of processing is also necessary for reasons of substantial public interest under Article 9(2) of the UK GDPR.
PurposeExamples of Applicant Data that may be ProcessedGrounds for Processing
Monitoring and investigating suspicions of misconduct, compliance with policies and rules – both generally and specificallyWe expect our employees and workers to comply with our policies and rules and may monitor our systems to check compliance (e.g. rules on accessing pornography at work). We will where necessary and as set out in this Privacy Notice check system and other data to look into those concerns (e.g. log in records, records of usage and emails and documents, Closed Circuit TV images). In appropriate cases if we have suspicions of serious wrongdoing, we may make targeted records (e.g. video or sound) available in connection with an investigation.It is our legal obligation to ensure that employees are complying with our policies and rules to ensure that we are maintaining a safe and effective workplace.   It is also in our legitimate interest to ensure that our employees are complying with such policies and rules as they are in place to ensure that sensible working practices are followed.
Disputes and legal proceedingsAny information relevant or potentially relevant to a dispute or legal proceeding affecting us.It is our legal obligation to process any information either relevant or potentially relevant to a dispute or legal proceedings affecting us.   It is also in our legitimate interest to have the ability to respond to and defend against legal claims.
Trade union check off arrangements and Works Council administrationDetails of trade union membership and deductions of contributions made at source.   Information relating to Works Council participation, including any communication you send to us if acting for the Works Council (if applicable).It is our contractual and legal obligation to process Applicant Data for this purpose.
Day to day business operations including marketing and customer/client relations and travel on our behalfInformation relating to the work you do for us, your role and contact details including relations with current or potential customers or clients. This may include a picture of you for internal or external use.   Information regarding your travel arrangements and location.It is in our legitimate interests to process this kind of data to allow the effective operation of day to day business, marketing and investor relations, and travel.
Maintaining appropriate business records during and after your employmentInformation relating to your work, anything you do at work and your performance relevant to such records.It is our contractual and legal obligation to process Applicant Data for this purpose to enable us to document what work you are
PurposeExamples of Applicant Data that may be ProcessedGrounds for Processing
  doing and monitor your performance. It is also in our legitimate interests to maintain these records before and after your employment.

Where we rely on legitimate interests, we have set out above the purposes for processing such data and why such processing is necessary. This Privacy Notice sets out the steps that we take to keep your data safe, and as such we have adequately balanced your data subject rights, with the needs of the business to process this data. This Privacy Notice also serves as our legitimate interests assessment.

Please note that if you accept an offer from us, the business will Process further information as part of the employment relationship. We will provide you with our full Employee Privacy Notice as part of the on-boarding process.

4.  WHERE THE APPLICANT DATA COMES FROM

When you apply for employment with us, the initial data about you that we process is likely to come from you: for example, contact details, bank details and information on your immigration status and whether you can lawfully work. We will where necessary and as set out in this Privacy Notice also require references and information to carry out background checks. If you are hired and in the course of employment, you may be required to provide us with information for other purposes such as sick pay (including any statutory right to sick pay) and family rights (e.g. maternity and paternity leave and pay). If you do not provide information that you are required by statute or contract to give us, you may lose benefits or we may decide not to employ you or to end your contract. If you have concerns about this in a particular context, you should speak to your recruiter or local HR.

Please note we may also receive data from third party recruiters, agents and similar organizations as a part of the recruitment process.

5. WHO SEES APPLICANT DATA?

The Company may transfer your Applicant Data, including any Sensitive Applicant Data as necessary, to third parties for the Processing purposes as follows:

  • Within the Lutech Group of Companies: As part of our global structure, your hiring manager or certain regional or global departments may be located within other Lutech group entities in other jurisdictions. Therefore, our parent entity, McDermott International, Ltd in the United States and other entities within the global Lutech affiliated group of companies may receive your Applicant Data as necessary for the Processing purposes, in particular to administer the workforce, monitor and ensure compliance with applicable Lutech procedures, and respond to and comply with requests and legal demands. In order to provide adequate protection for such data transfers (especially to jurisdictions that the European Union (EU)/United Kingdom (UK) do not generally consider to have adequate data protection safeguards, such as the USA), the Company has put in place appropriate data transfer agreements based on – and conforming to – the EU/UK standard contractual clauses.
  • With certain third parties: Existing or potential business partners including joint venture or consortium partners, suppliers, customers, independent external advisors (e.g., auditors), banks, insurance carriers, benefits providers, and other third parties may also receive your Applicant Data as necessary in connection with our business operations, in particular to carry out our contractual relationships with such third parties, and if hired, to administer and provide compensation, administer and provide applicable benefits and other work-related allowances, administer the workforce, comply with applicable laws and employment-related requirements, communicate with you and third parties, to comply with corporate financial responsibilities, and respond to and comply with requests and legal demands.
  • With certain acquiring or acquired entities: If the Company business for which you work is sold or transferred in whole or in part or if the Company is acquiring and integrating another entity into the business for which you work (or any similar transaction is being contemplated), your Applicant Data may be transferred to the other entity (e.g., the new employer, potential new employer, the new acquired entity, or potential new acquired entity) prior to the transaction (e.g., during the diligence phase) or after the transaction, subject to any rights provided by applicable law, including jurisdictions where the other entity is located.
  • Law Enforcement Agencies or Government Authorities: The Company may disclose Applicant Data to respond to law enforcement agency requests or where required by applicable laws, pursuant to court orders, or arbitral or tribunal orders or rules of procedure, or to government regulations departments or agencies or regulatory bodies (including disclosures to tax and employment authorities), employment and any other regulatory bodies). The Company may also disclose your Applicant Data as required or permitted by applicable law to governmental authorities, courts, external advisors, and similar third parties.
  • Advisers: The Company may disclose your Applicant Data on a confidential basis to our advisers for example to our lawyers for the purposes of seeking legal advice or to further the Company’s interests in legal proceedings and to our accountants for auditing purposes.
  • Insurers: Your Applicant Data may be transferred to our insurers for the purposes of making an insurance claim.
  • IT service providers: For the purposes of assessing efficiency of IT or business system device usage, your Applicant Data may be transferred to our IT service providers.

Certain third parties, whether affiliated or unaffiliated, may receive your Applicant Data to Process such data under appropriate instructions (“Data Processors“) as necessary to support and facilitate the Processing purposes. The Data Processors will be subject to contractual obligations to implement appropriate technical and organizational security measures to safeguard the Applicant Data, and to Process the Applicant Data only as instructed.

The recipients of your Applicant Data might be located in countries which do not adduce an adequate level of protection from a European or UK data protection law perspective. The Company will take all necessary measures to ensure that transfers out of the EEA/UK are adequately protected as required by applicable data protection law. With respect to transfers to countries not providing an adequate level of data protection, we may base the transfer on appropriate safeguards, such as standard data protection clauses adopted by the European Commission, UK government or by a supervisory authority, approved code of conducts together with binding and enforceable commitments of the recipient, or approved certification mechanisms together with binding and enforceable commitments of the recipient. You can request a copy of the appropriate safeguards by contacting us as set out under “Questions” below.

Any access to your Applicant Data is restricted to those individuals that have a need to know in order to fulfill their job responsibilities.

6. HOW LONG DO WE KEEP APPLICANT DATA – MORE INFORMATION

Your Applicant Data is stored by the Company and/or our service providers, strictly for the time necessary to achieve the purposes for which the information is collected, in accordance with applicable data protection laws and based on our record retention guidelines. When the Company no longer needs to use your Applicant Data, we will remove it from our systems and records and/or take steps to properly anonymize it so that you can no longer be identified from it (unless we need to keep your information to comply with legal or regulatory obligations to which the Company is subject).

In considering how long to keep it, we will take into account its relevance to our business and your potential employment, our record retention guidelines and applicable data protection laws and regulations. Certain special circumstances may require a longer retention period (e.g. in the event of a legal claim). For the retention periods applying to specific types of documents, please see the Company Retention Policy in Unifi.

7. TRANSFERS OF APPLICANT DATA OUTSIDE THE UK OR EEA – MORE INFORMATION

In connection with our business and for employment, administrative, management and legal purposes, we will, where necessary and as set out in this Privacy Notice, transfer your Applicant Data outside the UK or EEA to members of our group and on occasion other jurisdictions in which we are established. We will ensure that any transfer is lawful and that there are appropriate security arrangements.

In relation to intra-group transfers, the Company has entered into an Intra-company Data Transfer Agreement, which sets out the minimum security controls and obligations in place on the signatories when transferring data to another member of the Group, and incorporates the Standard Contractual Clauses as a transfer mechanism.

8. ACCESS TO YOUR APPLICANT DATA AND OTHER RIGHTS

If we have relied on your consent regarding certain types of Processing activities, you can withdraw this consent at any time with future effect. Such a withdrawal will not affect the lawfulness of the Processing prior to the consent withdrawal. In general, the Processing of your data in connection with employment is not conditional on your consent and the Company relies on other grounds to Process your Applicant Data.

Pursuant to applicable data protection law, you may have the right to: (i) request access to your Applicant Data; (ii) request rectification of your Applicant Data; (iii) request erasure of your Applicant Data; (iv) request restriction of Processing of your Applicant Data; (v) request data portability; (vi) object to the Processing of your Applicant Data. Any such requests should be made through your local HR Representative. Please note that these aforementioned rights might be limited under the applicable national data protection law.

  • Right of access: You may have the right to obtain from us confirmation as to whether or not Applicant Data concerning you is Processed, and, where that is the case, to request access to the Applicant Data. The access information includes, among other things, the purposes of the Processing, the categories of Applicant Data concerned, and the recipients or categories of recipients to whom the Applicant Data have been or will be disclosed. However, this is not an absolute right and the interests of other individuals may restrict your right of access.

You may have the right to obtain a copy of the Applicant Data undergoing Processing. For further copies requested by you, we may charge a reasonable fee based on administrative costs.

  • Right to rectification: You may have the right to obtain from us the rectification of inaccurate Applicant Data concerning you. Depending on the purposes of the Processing, you may have the right to have incomplete Applicant Data completed, including by means of providing a supplementary statement.
  • Right to erasure (right to be forgotten): Under certain circumstances, you may have the right to obtain from us the erasure of Applicant Data concerning you and we may be obliged to erase such Applicant Data.
  • Right to restriction of Processing: Under certain circumstances, you may have the right to obtain from us restriction of Processing your Applicant Data. In this case, the respective data will be marked and may only be Processed by us for certain purposes.
  • Right to data portability: Under certain circumstances, you may have the right to receive the Applicant Data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format and you may have the right to transmit those data to another entity without hindrance from us.
  • Right to object: Under certain circumstances, you may have the right to object, on grounds relating to your particular situation, at any time to the Processing of your Applicant Data by us and we can be required to no longer Process your Applicant Data.

To exercise your rights, please contact us as stated in the “Questions” section above.

You also have the right to lodge a complaint with the competent data protection supervisory authority. Please see the section “Questions” above for further information.

ANNEX 2 – INFORMATION SPECIFIC TO EU/UK JURISDICTIONS

Czech Republic

If you are employed, engaged or otherwise in the Czech Republic, the following additional information applies.

Data controller/Employer(s)Address
Lutech Resources Czech Republic s.r.o.Holandská 874/8; Štýřice Brno, Czech Republic, 63900 Czech Republic
Contact PersonE-mail address
Denisa Janda – Lutech Contactdenisa.janda@lutechresources.com

Statutory Regulator Information

You can find an overview and contact information of the relevant data protection supervisory authorities for the EU (including those for Czech Republic) under http://ec.europa.eu/justice/article-29/structure/data- protection-authorities/index_en.htm

The Netherlands

If you are employed, engaged or otherwise in the Netherlands, the following additional information applies.

Data controller/EmployerAddress
Lutech Resources B.V.Prinses Beatrixlaan 35 The Hague 2595 AK The Netherlands
Contact PersonE-mail address
Laetan Gaspard – Lutech ContactLGaspard@lutechresources.com

Statutory Regulator Information

You can find an overview and contact information of the relevant data protection supervisory authorities for the EU (including those for The Netherlands) under http://ec.europa.eu/justice/article-29/structure/data- protection-authorities/index_en.htm

United Kingdom

If you are employed, engaged or otherwise in the UK, the following additional information applies.

Data controllerAddress
Lutech Resources Limited2 New Square Bedfont Lakes Business Park Feltham, Middlesex TW14 8HA United Kingdom
Contact PersonE-mail address
Anastasia Lisyutina – Lutechalisyutina@lutechresources.com

Please note that this Privacy Notice, along with other related Lutech policies and/or protocols, shall form Lutech’s policy for procuring special data as required by the UK Data Protection Bill 2018 (Schedule 1 Part IV).

Statutory Regulator Information

You can find an overview and contact information of the relevant data protection supervisory authorities for the EU (inclusive of those for the UK) under http://ec.europa.eu/justice/article-29/structure/data-protection- authorities/index_en.htm


Employee Privacy Notice for Employees in the EEA/UK

1. INTRODUCTION

Lutech (the “Company”) is committed to upholding the principles of privacy and data protection. Like most global organizations, we hold and Process (as defined in Annex 1 – Supplementary Information) a wide range of personal information and data, some of which relates to our employees and other personnel (“Employee Data”). As your employer, the Company provides this Employee Privacy Notice to explain our practices regarding the collection, use, and other Processing activities of certain Employee Data, as described in more detail below.

This Notice is made up of this notice (the “Core Notice”); Annex 1, which contains supplementary information to the Core Notice; and Annex 2, which contains information relevant to specific jurisdictions, including contact information.

In brief, this Notice explains:

  • what Employee Data we hold and why we Process it;
    • the legal grounds which allow us to Process your Employee Data;
    • where the Employee Data comes from, who the recipients are, and how long we keep it;
    • when there may be transfers of Employee Data outside of the EEA/UK;
    • how to access your Employee Data and other rights; and
    • how to contact the Company or express concerns.

This Notice applies to anyone working for or engaged by the Company and involved in the Processing of Employee Data in the European Economic Area (EEA)/United Kingdom (UK) and/or otherwise subject to the General Data Protection Regulation (GDPR) and the UK GDPR. This includes all employees, officers, consultants, independent contractors, volunteers, interns, casual workers, agency workers and those engaged by third party companies or personnel services/contract labor companies performing work for our business. When we use the terms ‘employment’ or ‘employee,’ we mean all of these categories of workers. However, nothing in this Notice is intended to create an employment relationship between the Company and any non-employee providing services to us.

2. EMPLOYEE DATA – WHAT WE HOLD AND WHY WE PROCESS IT

We process Employee Data for the purposes of our business, including management, administrative, Employment, and legal purposes.

The Supplementary Information Annex attached provides more specific information on these purposes, including the types of data that may be processed and our legal grounds for processing this data. Please see “Categories of Employee Data” and “Legal Grounds for Processing Employee Data.

3. WHERE THE EMPLOYEE DATA COMES FROM AND WHO GETS TO SEE IT

Some Employee Data will be provided directly from employees. For example, when you tell us your contact and banking details.

Other Employee Data will be collected through the activities of employees in the course of their employment, from Company HR personnel, or from third parties (including references, former employees, former employers, recruitment agencies, or governmental authorities), subject to the requirements of applicable law.

Your Employee Data may be seen internally by managers, HR and, in some circumstances, colleagues. We may, where necessary and as detailed further in this Privacy Notice, also pass your data outside the organisation, for example to third party vendors or consultants (such as payroll agencies) that we retain to support the business.

Further information is provided in the Supplementary Information Annex. See “Where the Employee Data comes from” and “Who sees Employee Data?.

4. HOW LONG DO WE KEEP EMPLOYEE DATA

Although there is no specific period for which the Company will keep your Employee Data, the Company will not keep it for longer than is necessary for its purposes. In general, the Company will keep your Employee Data for the duration of your employment and for a period afterwards.

See “How long do we keep employee data – more information” in the Supplementary Information Annex.

5. TRANSFERS OF EMPLOYEE DATA OUTSIDE THE UK OR EEA

We may, where necessary and as set out in this Privacy Notice, transfer your Employee Data outside the UK or EEA to members of our Company group and other processors as necessary.

Further information on these transfers, and the measures taken to safeguard your data are set out in the Supplementary Information Annex under “Transfers of Employee Data outside the UK or EEA – more information.”

6. EMPLOYEE RIGHTS

Employees have rights in relation to the data we process about them. For example, employees have a right to make a subject access request to receive information about the data we process about them.

Further information on this and on the other data subject rights available to Employees is provided in the Supplementary Information Annex under “Access to your Employee Data and other rights.” Here, we also explain how to make a complaint about our processing of Employee Data.

7. QUESTIONS

Employees who have any questions or complaints about this Notice should contact their local HR manager or area compliance representative in the first instance or the contact person set out in Annex 2. You may also raise complaints with your statutory regulator, the contact details of which are set out in Annex 2.

Please note that generally the data controller of your Employee Data will be your employing/engaging entity but also entities within the Company with which we share data for business administration purposes.

8. STATUS OF THIS NOTICE

This Notice does not form part of your contract of employment and does not create contractual rights or obligations. It may be amended by us at any time. Nothing in this Notice is intended to create an employment relationship between the Company and any non-employee providing services to us.

ANNEX 1 – SUPPLEMENTARY INFORMATION

  1. WHAT DO WE MEAN BY “EMPLOYEE DATA” AND “PROCESSING”?

Employee Data” is information relating to you (or from which you may be identified) which is Processed by any means including automatic means or which is (or is intended to be) part of a structured manual or electronic filing system. It includes not only facts about you, but also intentions and opinions about you in relation to the workplace or employer-employee relationship.

Processing” means any action to do with data, e.g. collecting it, handling it, disclosing it, and deleting it.

2.   CATEGORIES OF EMPLOYEE DATA

The Company collects and Processes the following categories of Employee Data, including but not limited to:

  • Personal information: name, gender, and contact information (home and host country addresses, phone number(s), photograph (optional), and emergency contact information), date of birth, government identification numbers, nationality, citizenship/residency, language(s) spoken, personal status (marital status, dependents, military status, veteran status), passport/visa information, and other such data as permitted or required by local law;
    • Employee status: full-time, part-time, permanent, fixed term, active, leave of absence, and employment termination data;
    • Organization information: work contact information, job title, department, employer, cost center, location, hire date and any previous hire or service dates, employee identification number, employee badge number, supervisor, and job function;
    • Compensation information: current base salary and differentials, annual salary, pay scale and range, pay grade, type of employee, average hours worked, incentive information, equity and other compensation program participation, insurance and medical benefits, severance payments, and salary history and terms of employment contract (if any);
    • Payroll information: bank information, tax information, garnishments and deductions, time worked, attendance, vacation information, and other paid time off information;
    • Monitoring information: computer usage information related to your use of company equipment, systems, and other resources;
    • Communication information: email content, business letter content, business documents, and chat content;
    • Performance and talent information: qualifications, evaluations, performance ratings, mentoring information, developmental planning, and other talent management and team-based assessments;
    • Background information: education, training, application and employment background, and other background information commonly used for security screenings; and
    • Employment application information: any information which you provide to us during the application process, including your name, address, contact details, details of previous roles, and details of references.

Employee Data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, health, trade union membership and genetic and biometric data are subject to special protection(s) and considered by EU/UK privacy law to be “Sensitive or Special Employee Data.”

The Company may also collect, Process and use the following categories of Sensitive Employee Data about you, from you or from authorized third parties (e.g., your supervisor, public authorities or public resources) in connection with your employment for specific purposes identified in the tables further outlined below:

  • Sick day information for purposes of administering and providing compensation, administering the workforce (e.g., workforce planning), and compliance with applicable laws and employment-related requirements (e.g., statutory wage tracking);
  • Work-related Fit for Duty/Work Related accidents information for purposes of administering and providing compensation (e.g., insurance compensation), and compliance with applicable laws and employment-related requirements (e.g., work safety, reporting obligations);
  • Disability information (if provided voluntarily) for purposes of administering the workforce (e.g., accommodating the workplace) and compliance with applicable laws and employment-related requirements;
  • Parental leave information for purposes of administering the workforce (e.g., workforce planning), and compliance with applicable laws and employment-related requirements;
  • Religion for purposes of processing visa or other work permits but only to the extent such information is required by the issuing country law and/or agency;
  • Ethnicity for purposes of compliance with applicable laws and employment-related requirements (e.g. EEO 1 reporting in the US);
  • Drug test results for the purposes of ensuring safety within the workplace where the role requires it, and always in compliance with any applicable legislation;

We will only Process your Sensitive Employee Data if we have a legal ground to do so and if one of the following conditions are met:

  • The Processing is necessary for the purposes of your, or our obligations and rights in relation to employment in so far as it is authorized by law or collective agreement;
  • The Processing relates to data about you that you have manifestly made public;
  • The Processing is necessary for the purpose of establishing, making or defending legal claims;
  • The Processing is necessary for provision of health care or treatment, medical diagnosis, and assessment of your working capacity;
  • The Processing is required for equality and diversity purposes to the extent permitted by law.

The provision of Employee Data and Sensitive Employee Data as described in this Employee Privacy Notice is partly a statutory requirement, partly a contractual requirement under your employment contract or conditions, and partly a requirement to carry out the employment relationship with you. In general, you are obliged to provide the Employee Data and Sensitive Employee Data, except in limited instances when we indicate that certain information is voluntary (e.g., in connection with employee satisfaction surveys). In some cases, not providing certain Employee Data that is essential to your job (for instance where we, for regulatory or legal reasons, are required to verify your legal right to work) may prevent the Company from offering you employment and may impact on our ability to continue your engagement with us.

3.   LEGAL GROUNDS FOR PROCESSING EMPLOYEE DATA

Under the data protection laws Lutech is subject to, namely the EU and UK GDPR, there are various grounds on which we can rely when Processing your Employee Data. In some contexts, more than one ground applies. We have summarized these grounds as Contract, Legal Obligation, Legitimate Interests and Consent and outline what those terms mean in the following table:

TermGrounds for ProcessingExplanation
ContractProcessing necessary for performance of a contract with you or to take steps at your request to enter a contractThis covers carrying out our contractual duties and exercising our contractual rights directly or via a collective agreement or works council, if applicable.
Legal ObligationProcessing necessary to comply with our legal obligationsEnsuring we perform our legal and regulatory obligations. For example, providing a safe place of work and avoiding unlawful discrimination.
Legitimate InterestsProcessing necessary for our or a third party’s legitimate interestsWe or a third party have legitimate interests in carrying on, managing and administering our respective businesses effectively and properly and in connection with those interests Processing your data. Your data will not be Processed on this basis if our or a third party’s interests are overridden by your own interests, rights and freedoms.
ConsentYou have given specific consent to Processing your dataIn general, Processing of your data in connection with employment is not conditional on your consent. But there may be occasions where we do specific things such as getting a criminal record check for a role which is regulated and rely on your consent to our doing so.

In addition to the main purposes set out earlier in this Notice, more specific information on our purposes and the legal grounds for Processing are set out in the table below.

The examples in the table cannot, of course, be exhaustive. For example, although the table does not mention data relating to criminal offences, if we were to find out that someone working for us was suspected of committing a criminal offence, we will Process that information, if necessary, for our purposes. If necessary, we will also require criminal background checks for certain roles – for example those working in financial roles or working with minors, subject to applicable law.

PurposeExamples of Employee Data that may be ProcessedGrounds for Processing
RecruitmentStandard data related to your identity (e.g. your name, address, email address, ID information and documents, telephone numbers, place of birth, nationality, citizenship/residency, contact details, professional experience and education (including university degrees, academic records, professional licenses, memberships and certifications, awards and achievements, and current and previous employment details), financial information (including current salary information), language skills, and any other Employee Data that you present us with as part of your application related to the fulfilment of the role. Information concerning your application and our assessment of it, your references, any checks we may make to verify information provided or background checks and any information connected with your right to work. If necessary, we will also Process information concerning your health, any disability and in connection with any adjustments to working arrangements.It is necessary for us to use Employee Data to perform our obligations in accordance with any contract we may enter into with the prospective candidate, as well as a legal obligation on us as a company to be able to verify your identity and conduct any background checks necessary as mentioned below, as well as to make the necessary working adjustments for candidates with disabilities or accessibility needs.   It is also in our legitimate interest to use Employee Data in this way so that we can carry out informed decisions in relation to your overall application.
PurposeExamples of Employee Data that may be ProcessedGrounds for Processing
Your employment terms or contract including entering it, performing it and changing itInformation on your terms or contract of employment from time to time including your hours and working patterns and your pay and benefits, such as your participation in pension arrangements, life and medical insurance, and any bonus or share schemes.It is necessary for us to process Employee Data to perform our obligations in relation to any employment terms or contract we enter into with you, as well as our legal obligation to govern the employer employee relationship with a written contract. It is also in our legitimate interest to have an accurate record of your employment contract for its performance and in the case of variation.
Contacting you or others on your behalfYour address and phone number, emergency contact information and information on your next of kin.It is necessary for us to process Employee Data to contact you or others on your behalf to fulfill our contractual obligations under our employer contract, as well our legal obligations as an employer. It is also in our legitimate interest to have the ability to contact you, or others on your behalf in an emergency.
Payroll administrationInformation on your bank account, pension contributions and on tax and national or social insurance. Your national or social insurance number or other government issued identifier. Information on attendance, holiday and other leave and sickness absence.It is necessary for us to process Employee Data to undertake payroll administration to comply with our contractual and legal obligations. It is also in our legitimate interest to have the ability to carry out payroll, general HR and business administration in an efficient manner, and to plan around your absence where necessary.
Financial     planning     and budgetingInformation such as your salary and (if applicable) bonus levels.It is in our legitimate  interest to have the ability to carry out effective financial planning and budgeting for our company.
Supporting and managing your work and performance and any health concernsInformation connected with your work, anything you do at work and your performance including records of documents and emails created by or relating to you and information on your use of our systems including computers, laptops or other device.It is necessary for us to process Employee Data to be able to support and manage your work and performance to fulfill our contractual and legal obligations.
PurposeExamples of Employee Data that may be ProcessedGrounds for Processing
 Management information regarding you including notes of meetings and appraisal records, including information you or our managers enter onto our training or appraisal platforms. Information relating to your compliance with our policies. Information concerning disciplinary allegations, investigations and processes and relating to grievances or complaints in which you are or may be directly or indirectly involved. General information concerning your health, including return to work plans, as permitted or required by local law.It is also in our legitimate interest to have the ability to support our workforce and help career development, ensure compliance with our policies, and the investigation of grievances where this becomes necessary.
Changing or ending your working arrangementsInformation connected with anything that may affect your continuing employment or the terms on which you work including any proposal to promote you, to change your pay or benefits, to change your working arrangements or to end your employment.It is necessary for us to process Employee Data to change or end your working arrangements as part of our contractual obligations. It is also in our legitimate interest to have the ability to change or end your working arrangements.
Physical and system securityClosed Circuit TV images. Your IT account and directory information. Records of use of swipe and similar entry or access cards. Records of your use of our systems including computers, phones and other devices and passwords.It is our legal obligation to ensure that our premises are safe and secure for the safety of our staff. It is also in our legitimate interest to keep our locations secure and provide a safe environment for our personnel.
Improving efficiency of IT and business systems and device useRecords of your use of IT and business systems and Company devices. For example, we may collect information on the number of minutes and amount of data used on Company mobile phones to ensure employees are on the most cost-effective tariff for their usage. We will, where necessary, and as set out in this Privacy Notice also contract with third parties so you can use third party applications on your Company devices which may assist with your work (for example an application allowing ‘one-click’ dial in to conference calls). Such applications will Process your Employee Data. The third party’s privacy notices will make clear precisely what information  will  be  collected.  We  may be provided with  information  on  the usage ofIt is in our legitimate interest to ensure and improve efficiency of IT and business systems and device use to enable all our staff to be able to carry out their work effectively.
PurposeExamples of Employee Data that may be ProcessedGrounds for Processing
 such applications, for example for the purpose of troubleshooting or assessing overall usage and whether to continue to provide them. 
Providing references in connection with your finding new employmentInformation on your working for us and on your performance.To process Employee Data relating to providing you with references to find new employment, you give us your consent to perform this processing activity. It is also in our legitimate interest to maintain good performance and to provide accurate references.
Providing information to third parties in connection with transactions that we contemplate or carry outInformation on your contract and other employment data that may be required by a party to a transaction such as a prospective purchaser, seller or outsourcer.It is in our legitimate interests to provide information to third parties in connection with transactions related to our business that we contemplate or carry out to ensure that any such transactions go smoothly.
Monitoring of diversity and fair employment opportunitiesInformation on your nationality, citizenship/residency, racial and ethnic origin, gender, religion, disability and age as part of compliance with diversity and fair employment initiatives. Please note we may share aggregated and anonymised diversity statistics with regulators if formally required / requested.It is our legal obligation to ensure our workplace offers fair employment opportunities and promotes diversity within the workplace. It is also in our legitimate interest to ensure that we have an equal and diverse workforce. This type of processing is also necessary for reasons of substantial public interest under Article 9(2) of the UK GDPR.
Monitoring and investigating suspicions of misconduct, compliance with policies and rules – both generally and specificallyWe expect our employees and workers to comply with our policies and rules and may monitor our systems to check compliance (e.g., rules on accessing pornography at work). We will, where necessary and as set out in this Privacy Notice, check system and other data to look into those concerns (e.g., log in records, records of usage and emails and documents, Closed Circuit TV images). In appropriate cases if we have suspicions of serious wrongdoing, we may make targeted records (e.g. video or sound) available in connection with an investigation.It is our legal obligation to ensure that employees are complying with our policies and rules to ensure that we are maintaining a safe and effective workplace. It is also in our legitimate interest to ensure that our employees are complying with such policies and rules as they are in place to ensure that sensible working practices are followed.
Disputes         and         legal proceedingsAny information relevant or potentially relevant to a dispute or legal proceeding affecting us.It  is  our  legal  obligation  to process any information either relevant or potentially
PurposeExamples of Employee Data that may be ProcessedGrounds for Processing
  relevant to a dispute or legal proceedings affecting us. It is also in our legitimate interest to have the ability to respond to and defend against legal claims.
Trade union check off arrangements and Works Council administrationDetails of trade union membership and deductions of contributions made at source. Information relating to Works Council participation, including any communication you send to us if acting for the Works Council (if applicable).It is our contractual and legal obligation to process Employee Data for this purpose.
Day to day business operations including marketing and customer/client relations and travel on our behalfInformation relating to the work you do for us, your role and contact details including relations with current or potential customers or clients. This may include a picture of you for internal or external use. Information regarding your travel arrangements and location.It is in our legitimate interests to process this kind of data to allow the effective operation of day to day business, marketing and investor relations, and travel.
Maintaining appropriate business records during and after your employmentInformation relating to your work, anything you do at work and your performance relevant to such records.It is our contractual and legal obligation to process Employee Data for this purpose to enable us to document what work you are doing and monitor your performance. It is also in our legitimate interests to maintain these records before and after your employment.

Where we rely on legitimate interests, we have set out above the purposes for processing such data and why such processing is necessary. This Privacy Notice sets out the steps that we take to keep your data safe, and as such we have adequately balanced your data subject rights, with the needs of the business to process this data. This Privacy Notice also serves as our legitimate interests assessment.

4.   WHERE THE EMPLOYEE DATA COMES FROM

When you start employment with us, the initial data about you that we process is likely to come from you: for example, contact details, bank details and information on your immigration status and whether you can lawfully work. We will where necessary and as set out in this Privacy Notice also require references and information to carry out background checks. In the course of employment, you may be required to provide us with information for other purposes such as sick pay (including any statutory right to sick pay) and family rights (e.g. maternity and paternity leave and pay). If you do not provide information that you are required by statute or contract to give us, you may lose benefits or we may decide not to employ you or to end your contract. If you have concerns about this in a particular context, you should speak to HR.

In the course of your work, we may receive Employee Data relating to you from others. Internally, Employee Data may be derived from your managers and other colleagues or our IT systems; externally, it may be derived from our customers or those with whom you communicate by email or other systems.

5.   WHO SEES EMPLOYEE DATA?

The Company may transfer your Employee Data, including any Sensitive Employee Data as necessary, to third parties for the Processing purposes as follows:

  • Within the Lutech Group of Companies: As part of our global structure, your manager or certain regional or global departments may be located within other Lutech group entities in other jurisdictions. Therefore, our parent entity, McDermott International, Ltd in the United States and other entities within the global Lutech affiliated group of companies may receive your Employee Data as necessary for the Processing purposes, in particular to administer the workforce, monitor and ensure compliance with applicable Lutech procedures, and respond to and comply with requests and legal demands. In order to provide adequate protection for such data transfers (especially to jurisdictions that the EU/UK do not generally consider to have adequate data protection safeguards, such as the USA), the Company has put in place appropriate data transfer agreements based on – and conforming to – the EU/UK standard contractual clauses.
  • With certain third parties: Existing or potential business partners including joint venture or consortium partners, suppliers, customers, independent external advisors (e.g., auditors), banks, insurance carriers, benefits providers, and other third parties may also receive your Employee Data as necessary in connection with our business operations, in particular to carry out our contractual relationships with such third parties, to administer and provide compensation, administer and provide applicable benefits and other work-related allowances, administer the workforce, comply with applicable laws and employment-related requirements, communicate with you and third parties, to comply with corporate financial responsibilities, and respond to and comply with requests and legal demands.
  • With certain acquiring or acquired entities: If the Company business for which you work is sold or transferred in whole or in part or if the Company is acquiring and integrating another entity into the business for which you work (or any similar transaction is being contemplated), your Employee Data may be transferred to the other entity (e.g., the new employer, potential new employer, the new acquired entity, or potential new acquired entity) prior to the transaction (e.g., during the diligence phase) or after the transaction, subject to any rights provided by applicable law, including jurisdictions where the other entity is located.
  • Law Enforcement Agencies or Government Authorities: The Company may disclose Employee Data to respond to law enforcement agency requests or where required by applicable laws, pursuant to court orders, or arbitral or tribunal orders or rules of procedure, or to government regulations departments or agencies or regulatory bodies (including disclosures to tax and employment authorities), employment and any other regulatory bodies). The Company may also disclose your Employee Data as required or permitted by applicable law to governmental authorities, courts, external advisors, and similar third parties.
  • Advisers: The Company may disclose your Employee Data on a confidential basis to our advisers, for example to our lawyers, for the purposes of seeking legal advice or to further the Company’s interests in legal proceedings and to our accountants for auditing purposes.
  • Insurers: Your Employee Data may be transferred to our insurers for the purposes of making an insurance claim.
  • IT service providers: For the purposes of assessing efficiency of IT or business system device usage, your Employee Data may be transferred to our IT service providers.

Certain third parties, whether affiliated or unaffiliated, may receive your Employee Data to Process such data under appropriate instructions (“Data Processors“) as necessary to support and facilitate the Processing purposes. The Data Processors will be subject to contractual obligations to implement appropriate technical and organizational security measures to safeguard the Employee Data, and to Process the Employee Data only as instructed.

The recipients of your Employee Data might be located in countries which do not adduce an adequate level of protection from a European or UK data protection law perspective. The Company will take all necessary measures to ensure that transfers out of the EEA/UK are adequately protected as required by applicable data protection law. With respect to transfers to countries not providing an adequate level of data protection, we may base the transfer on appropriate safeguards, such as standard data protection clauses adopted by the European

Commission or UK government/supervisory authority, approved code of conducts together with binding and enforceable commitments of the recipient, or approved certification mechanisms together with binding and enforceable commitments of the recipient. You can request a copy of the appropriate safeguards by contacting us as set out under “Questions” below.

Any access to your Employee Data is restricted to those individuals that have a need to know in order to fulfill their job responsibilities.

6.  HOW LONG DO WE KEEP EMPLOYEE DATA – MORE INFORMATION

Your Employee Data is stored by the Company and/or our service providers, strictly for the time necessary to achieve the purposes for which the information is collected, in accordance with applicable data protection laws and based on our record retention guidelines. When the Company no longer needs to use your Employee Data, we will remove it from our systems and records and/or take steps to properly anonymize it so that you can no longer be identified from it (unless we need to keep your information to comply with legal or regulatory obligations to which the Company is subject).

In considering how long to keep it, we will take into account its relevance to our business and your employment, our record retention guidelines and applicable data protection laws and regulations. Certain special circumstances may require a longer retention period (e.g. in the event of a legal claim). For the retention periods applying to specific types of documents, please see the Company Retention Policy in Unifi.

7.  TRANSFERS OF EMPLOYEE DATA OUTSIDE THE UK OR EEA – MORE INFORMATION

In connection with our business and for employment, administrative, management and legal purposes, we will, where necessary and as set out in this Privacy Notice, transfer your Employee Data outside the UK or EEA to members of our group and on occasion other jurisdictions in which we are established. We will ensure that any transfer is lawful and that there are appropriate security arrangements.

In relation to intra-group transfers, the Company has entered into an Intra-company Data Transfer Agreement, which sets out the minimum security controls and obligations in place on the signatories when transferring data to another member of the Group, and incorporates the Standard Contractual Clauses as a transfer mechanism.

8.  ACCESS TO YOUR EMPLOYEE DATA AND OTHER RIGHTS

If we have relied on your consent regarding certain types of Processing activities, you can withdraw this consent at any time with future effect. Such a withdrawal will not affect the lawfulness of the Processing prior to the consent withdrawal. In general, the Processing of your data in connection with employment is not conditional on your consent and the Company relies on other grounds to Process your Employee Data.

Pursuant to applicable data protection law, you may have the right to: (i) request access to your Employee Data;

(ii) request rectification of your Employee Data; (iii) request erasure of your Employee Data; (iv) request restriction of Processing of your Employee Data; (v) request data portability; (vi) object to the Processing of your Employee Data. Any such requests should be made through your local HR Representative. Please note that these aforementioned rights might be limited under the applicable national data protection law.

  • Right of access: You may have the right to obtain from us confirmation as to whether or not Employee Data concerning you is Processed, and, where that is the case, to request access to the Employee Data. The access information includes, among other things, the purposes of the Processing, the categories of Employee Data concerned, and the recipients or categories of recipients to whom the Employee Data have been or will be disclosed. However, this is not an absolute right and the interests of other individuals may restrict your right of access.

You may have the right to obtain a copy of the Employee Data undergoing Processing. For further copies requested by you, we may charge a reasonable fee based on administrative costs.

  • Right to rectification: You may have the right to obtain from us the rectification of inaccurate Employee Data concerning you. Depending on the purposes of the Processing, you may have the right to have incomplete Employee Data completed, including by means of providing a supplementary statement.
  • Right to erasure (right to be forgotten): Under certain circumstances, you may have the right to obtain from us the erasure of Employee Data concerning you and we may be obliged to erase such Employee Data.
  • Right to restriction of Processing: Under certain circumstances, you may have the right to obtain from us restriction of Processing your Employee Data. In this case, the respective data will be marked and may only be Processed by us for certain purposes.
  • Right to data portability: Under certain circumstances, you may have the right to receive the Employee Data concerning you, which you have provided to us, in a structured, commonly used and machine- readable format and you may have the right to transmit those data to another entity without hindrance from us.
  • Right to object: Under certain circumstances, you may have the right to object, on grounds relating to your particular situation, at any time to the Processing of your Employee Data by us and we can be required to no longer Process your Employee Data.

To exercise your rights, please contact us as stated in the “Questions” section above.

You also have the right to lodge a complaint with the competent data protection supervisory authority. Please see the section “Questions” above for further information.

ANNEX 2 – INFORMATION SPECIFIC TO JURISDICTIONS

Czech Republic

If you are employed, engaged or otherwise in the Czech Republic, the following additional information applies.

Data controller/Employer(s)Address
Lutech Resources Czech Republic s.r.o.Holandská 874/8; Štýřice Brno, Czech Republic, 63900 Czech Republic
Contact PersonE-mail address
Denisa Janda – Lutech Contactdenisa.janda@lutechresources.com

Statutory Regulator Information

You can find an overview and contact information of the relevant data protection supervisory authorities for the EU (including those for Czech Republic) under http://ec.europa.eu/justice/article-29/structure/data- protection-authorities/index_en.htm

The Netherlands

If you are employed, engaged or otherwise in the Netherlands, the following additional information applies.

Data controller/EmployerAddress
Lutech Resources B.V.Prinses Beatrixlaan 35 The Hague 2595 AK The Netherlands
Contact PersonE-mail address
Laetan Gaspard – Lutech ContactLGaspard@lutechresources.com

Statutory Regulator Information

You can find an overview and contact information of the relevant data protection supervisory authorities for the EU (including those for The Netherlands) under http://ec.europa.eu/justice/article-29/structure/data- protection-authorities/index_en.htm

United Kingdom

If you are employed, engaged or otherwise in the UK, the following additional information applies.

Data controllerAddress
Lutech Resources Limited2 New Square Bedfont Lakes Business Park Feltham, Middlesex TW14 8HA United Kingdom
Contact PersonE-mail address
Anastasia Lisyutina – Lutechalisyutina@lutechresources.com

Please note that this Privacy Notice, along with other related Lutech policies and/or protocols, shall form Lutech’s policy for procuring special data as required by the UK Data Protection Bill 2018 (Schedule 1 Part IV).

Statutory Regulator Information

You can find an overview and contact information of the relevant data protection supervisory authorities for the EU (inclusive of those for the UK) under http://ec.europa.eu/justice/article-29/structure/data-protection- authorities/index_en.htm