Employee Privacy Notice
About this notice
Public Library of Science (“PLOS”, “we” or “us”) values the privacy of those who provide personal data to us. Please read this Privacy Notice carefully to understand how we handle your personal data.
This Privacy Notice describes:
- who this notice applies to;
- what personal data we collect about our employees and potential employees, contractors and contractor candidates;
- how we use and otherwise process personal data;
- the basis upon which we process personal data;
- with whom personal data is shared;
- how personal data is stored; and
- other important topics relating to data privacy.
Effective Date: October 23, 2023
Who does this notice apply to?
This Privacy Notice applies to all PLOS employees and contractors. This Privacy Notice also applies to prospective employees and contractors. Where indicated, certain provisions apply only to citizens and/or residents of the UK and the European Economic Area (“EEA”).
It applies to all of your personal data that we process in the context of your employment, prospective employment, engagement or prospective engagement.
Data protection principles
We will comply with applicable data protection and privacy laws. These provide that the personal data we hold about you must be:
- Used lawfully, fairly and in a transparent way;
- Collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes;
- Relevant to the purposes we have told you about and limited only to those purposes;
- Accurate and kept up to date;
- Kept only as long as necessary for the purposes we have told you about; and
- Kept securely
The data that we hold about you
We collect, store and use the following categories of data about you, and we refer to this as “personal data” throughout this Privacy Notice:
- Your personal details: name and title, gender, birth date, national identification number/social security number, home address and home/personal phone number and email address and proof of identification (such as passport) and address and marital status.
- Name, telephone number (landline and/or mobile), email and address of your emergency contact, as well as your relationship to them.
- Names telephone number and e-mail addresses of dependents, beneficiaries, as well as your relationship to them. In the future, PLOS may need to collect social security number or national identification numbers of dependants and beneficiaries and we will notify you of such requests.
- Documentation required under immigration laws: citizenship details, national identification number, copies of your passport, visa, work permit and other documents required to show your right to live in your current country and to work for PLOS in that country.
- Employment/compensation records and information:
- current and any former titles and positions held with us (and information about such positions, including start date, how long in position, location of position/place of work, employee identification number, promotions, training records, overall work history, disciplinary actions, grievances, retirement eligibility, transfers);
- identification or verification search results, including employment searches, and references (subject to applicable law);
- current and historic compensation or terms with or provided/offered by us, base salary, bonus, pension contributions, commissions, benefits, sales compensation plans and information relating to any such plans or benefits; work contact information (phone number, postal address, mailing address, email address);
- your photo;
- performance reviews and information (including any career development plans), conduct and capability information, training records, outcomes, including applied sanctions of any disciplinary, grievance or capability policy;
- workplace accident information, sickness absence information and medical or health information (relevant to your employment and/or provided by you to us, for example, medical assessments and occupational health reports), records of any disabilities;
- work hours/pattern, annual leave information (including overtime and shift work, hours worked, breaks and department standard hours), applications for part-time working, maternity/paternity or parental leave;
- absence information and details of any leave taken (for any reason); for US employees, this includes leave of absence claims, short term and long-term disability claims, and records of state or insurance disability payments;
- travel bookings, expense related claims, records and information;
- details regarding the termination of your employment or engagement, including the leaving date and reason for leaving and exit interviews; and
- electronic and written communications, including written summaries of phone conversations between you and People & Culture and your line manager
- Payroll data: bank details, working time records, current compensation, tax and social security information, IDs related to payroll processing and student loan information (where applicable).
- System and application access data: information required to access company systems and applications (such as system ID).
- Entrance and exit key card data and registration information for PLOS’s offices.
- Trade Union Membership for US employees.
- Talent management and CV/resume information: when you apply for a job or work with us, we need to collect and hold details contained in an application and CV/resume or otherwise provided to or obtained by us, including personal and contact details, previous employment background, professional qualifications and memberships, references. We may also collect and hold career development and skills analysis, training, education, departmental changes, performance and calibration details.
- Miscellaneous information: information that you submit or input into our systems through completion of forms, information about your use of our email and IT systems (including system IDs, device IDs and log on data), information obtained through electronic means.
How is your personal data collected?
We will receive most of this personal data from you directly (including through the application and recruitment process). We may also receive some of this data from third parties, such as recruitment agencies, social media (including LinkedIn), training providers, medical professionals or occupational health providers, former employers or public agencies. We will collect additional personal data in the course of job-related activities throughout the period of you working for us.
We may collect this data in a variety of ways. For example, data might be collected through application forms, CVs/resumes, obtained from your passport or other identity documents such as your driving licence, from forms completed by you at the start of or during employment/engagement (such as benefit nomination forms), from correspondence with you, or through interviews, meetings or other assessments.
Use of your personal data
We collect, use and store your personal data for a number of purposes, including those set out in ‘Appendix 1- Lawful Grounds for Processing Personal Data’ of this Privacy Notice.
Your family and emergency contact information: Separately, we may process personal data about your family, next of kin, emergency contacts or nominated beneficiaries, for the provision of benefits or so that we can contact them in an emergency type situation. If you disclose information about your family to us or include it in written, electronic or phone communications, we may also have access to this in our systems. If you share personal data with us that relates to other people (for example, former employees or your next of kin), you will need to ask that person if they find it acceptable for you to share it with us, and for us to use it in accordance with this Privacy Notice.
What is sensitive personal data and why we collect and use it
In the United States, several state laws have defined “sensitive data” to be personal data revealing racial or ethnic origin, religious beliefs, a mental or physical health condition or diagnosis, sex life or sexual orientation, or citizenship or citizenship status; genetic or biometric data; or personal data from a known child.
The UK and EEA have a slightly different definition of sensitive data and refer to this as “special categories” of personal data relating to racial or ethnic origins; political opinions; religious and philosophical beliefs; trade union membership; genetic data; biometric data; health data; sex life or sexual orientation.
In Singapore, there is no specific definition for “sensitive data” or “special categories” but there are certain types of personal data that are typically considered more sensitive in nature, such as: an individual’s national identification numbers (e.g. National Registration Identity Card and passport numbers); personal data of a financial nature (e.g. bank account details, Central Depository account details, securities holdings, transaction and payment summaries); insurance information (e.g. names of the policyholder’s dependents or beneficiaries, sum insured under the insurance policy, the premium amount and type of coverage); an individual’s personal history involving drug use and infidelity; sensitive medical conditions; and personal data of minors.
We may collect and process special categories of personal data in the following general circumstances:
- In limited circumstances, with your explicit written consent.
- Where we need to carry out our legal obligations and/or exercise rights conferred on us by law and in line with our data protection and information handling policy.
- Where it is needed in the public interest, such as, in some circumstances, for equal opportunities monitoring, diversity equity and inclusion programs or in relation to an occupational pension scheme, and in line with our data protection and information handling policy.
- Where it is needed to assess your working capacity on health grounds, subject to appropriate confidentiality safeguards.
- Less commonly, we may process this type of information where it is needed in relation to legal claims or where it is needed to protect your (or someone else’s) interests and you are not capable of giving your consent, or where you have already made the information public.
We will use sensitive personal data in the following ways:
- We will use information relating to leaves of absence, which may include sickness absence or family related leaves, to comply with employment and other laws and to administer benefits including statutory maternity pay, statutory sick pay, pensions and health insurance. We will use information about your physical or mental health, or disability status, to ensure your health and safety in the workplace and to assess your fitness to work, to provide appropriate workplace adjustments, to monitor and manage sickness absence and to administer benefits including statutory maternity pay, statutory sick pay, pensions and permanent health insurance.
- We will use the information to help PLOS in its equal opportunities monitoring and diversity, equity and inclusion initiatives.
We do not need your consent if we use special categories of your personal data to carry out our legal obligations or to exercise specific rights in the field of employment law. Any other use of the special categories of personal data will be done in compliance with any applicable data privacy law.
In limited circumstances, we may ask you for your written consent to allow us to process certain particularly sensitive data. If we do so, we will provide you with details of the information that we would like and the reason we need it, so that you can carefully consider whether you wish to consent. You should be aware that it is not a condition of your employment with PLOS that you agree to any request for consent from us for the processing of your personal information or special categories of personal data. Consent may be withdrawn at any time by contacting askp-c@plos.org or privacy@plos.org.
Information about criminal convictions
As part of the recruitment process, we may engage a third-party provider to carry out such background checks on our behalf relating to criminal convictions (DBS checks); education history; prior employment history and global sanctions and enforcement. We rely upon your explicit consent as the appropriate ground and condition for processing of such data.
For US based candidates: we collect information about criminal convictions as part of the recruitment process or we may be notified of such information directly by you in the course of you working for us.
For UK, Germany and Singapore based candidates: we may collect information about criminal convictions as part of the recruitment process where it is appropriate to do so given the nature of the role, if the role requires you to have access to sensitive information including financial details of third parties. We will only use information relating to criminal convictions where the law allows us to do so. This will usually be where such processing is necessary in the course of our legitimate business interests to carry out our obligations, where it is necessary in relation to legal claims, to protect your interests (or someone else’s interests) or where you have made the information public and provided we do with appropriate safeguards in place and in line with our data security practices.
Monitoring
We reserve the right to monitor, audit, copy, store or delete any network traffic over our systems. This includes a right to retrieve or access the contents of messages, inboxes or to undertake searches of our email systems for the purposes of monitoring or investigating wrongful acts, to comply with any of our legal or regulatory obligations, or, occasionally to ensure the effective operation of our business (for example in the event of unexpected absence and where access to business emails is required). All monitoring activities will be undertaken in accordance with PLOS policies and the laws that apply to us.
How we share your personal data (and who with)
We may have to share your data with third parties, including third-party service providers and other PLOS entities. We require third parties to respect the security of your data and to treat it in accordance with the applicable country and local laws. For UK and EEA Residents, please see section below titled “Transfers of information”.
Disclosure within PLOS
- Your business-related information will be made available to other PLOS employees, temporary staff and contractors and with customers, suppliers and agencies in the course of administering your employment or providing our services. This includes your name, work contact details, and position related information.
- Your personal information may be shared with any PLOS entity, where it is in our legitimate interests to do so for internal administrative purposes, to effectively operate the employment relationship with you and/or the workforce generally, for management purposes, corporate strategy, auditing and monitoring, system maintenance support and hosting of data and/or research and development. Access to your personal data is limited to those employees who need to know the personal data, and may include your managers and their designees, as well as employees in People & Culture, corporate services, legal, information technology, and finance departments.
• We may also share your personal data with any PLOS entity where they provide products and services to us, such as IT systems, data hosting, HR services, legal support, payroll and benefits administration and recruitment.
Disclosure to other third parties
We will share your personal data with third parties where required by law, where it is necessary to administer the working relationship with you or where we have another legitimate interest in doing so. We will share your personal data with the following categories of third parties:
- legal and regulatory authorities, such as government departments and agencies and, such as: His Majesty’s Revenue and Customs in the UK, the US Internal Revenue Service, the Federal Central Tax Office in Germany or the Inland Revenue Authority of Singapore;
- trade union if you are represented by a union or consent to such disclosure;
- accountants, auditors, lawyers and other outside professional advisors;
- customers, clients or suppliers (to the extent they need it) – this will usually just be your business contact details and related information; and
- companies that provide products and services to us, such as
- payroll providers and our bank;
- benefits and pension providers/administrators;
- insurance companies, including those providing medical insurance and group income protection (and our insurance brokers);
- training providers and travel/hotel/venue providers;
- parties requesting an employment reference for you;
- HR services, such as external advisors, applicant tracking providers/systems;
- third party providers who conduct audits on our behalf;
- third party providers who carry out background checks on our behalf;
- cloud storage providers;
- police and immigration authorities;
- occupational health assessment providers and medical professionals; and/or
- IT systems suppliers and support, including providers of HR systems and benefits management, email archiving, telecommunications suppliers, back-up and disaster recovery and cyber security services; and other outsourcing providers, such as contract lease management, and off-site storage providers.
- other third-party providers of various services.
We will also disclose your personal data to third parties in some other circumstances:
- if we sell or buy any business or assets, we may disclose your personal data to the prospective seller or buyer of such business or assets;
- if PLOS or substantially all of its assets are acquired by a third party, in which case personal data held by PLOS will be one of the transferred assets;
- if we are under a duty to disclose or share your personal data in order to comply with any legal obligation, any lawful request from government or law enforcement officials and as may be required to meet national security or law enforcement requirements or prevent illegal activity;
- to enforce our contract with you, to respond to any claims, to protect our rights or rights of a third party, to protect the safety of any person or to prevent any illegal activity; and/or
- to protect the rights, property or safety of PLOS, our employees or other persons.
Restrictions on use of your personal data by those we share it with
Any third parties with whom we share your personal data are limited (by law and/or by contract) in their ability to use your personal data and the purposes for which they use it. We will always ensure that any third parties with whom we share your personal data are subject to privacy and security obligations consistent with this Privacy Notice and applicable laws. In respect of third-party service providers who are processing data on our behalf, we only permit them to process personal data for specified purposes and in accordance with our instructions.
Other than as we have set out in this Privacy Notice, we will not share your personal data to any third party without notifying you and/or obtaining your consent. Where our actions are based on you having given your consent for us to use your data in a particular way, but you later change your mind, you should contact us at askp-c@plos.org or privacy@plos.org to notify us of this and we will stop doing so.
Change of purpose
We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
Keeping us updated
It is important that the personal data we hold about you is accurate and current. Please keep your personal data up to date in Dayforce or inform the People and Culture Department if your personal data changes during your working relationship with us. PLOS will also update and keep your data accurate and current to the extent it receives such updates.
Security
PLOS is committed to protecting personal data from loss, misuse, disclosure, alteration, unauthorised access and destruction and takes all appropriate precautions to safeguard the confidentiality of personal data. Although we make every effort to protect the personal data which you provide to us, the transmission of data over the internet is not completely secure. Once we have received your personal data, we will use strict procedures and security features to prevent unauthorised access.
Where we have given you (or where you have chosen) a password which enables you to access any account with us, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.
Automated decision-making
Automated decision-making takes place when an electronic system uses personal information to make a decision without human intervention. We will make sure to comply with any laws that apply to the use of such systems, including transparency requirements and will notify you if we plan on using any automated decision-making systems in connection with your personal data.
Third party websites
You may, from time to time, during your employment, access links to or other websites operated by third parties (e.g. training providers, industry news sources and bulletins). Please note that this Privacy Notice only applies to the personal data that we collect from or about you. While we require that all vendors comply with applicable data protection laws and have security measures in place, you should note that third party websites have their own terms and conditions and privacy policies, and you should read these carefully before you submit any personal data to these websites. We do not endorse or otherwise accept any responsibility or liability for the content of such third-party websites or third-party terms and conditions or policies.
Changes to our Privacy Notice
This Privacy Notice does not form part of any employee’s contract of employment or appointment or engagement agreement/terms and we may amend it from time to time. Any significant changes we make to our Privacy Notice in the future will be notified to you in writing via email, Slack or similar form of internal communication. Please check back frequently to see any updates or changes.
ADDITIONAL TERMS FOR UK AND EUROPEAN ECONOMIC AREA RESIDENTS
Our legal basis for using your personal data
We have set out more detail about the legal bases we rely on to process your data in ‘Appendix 1- Lawful Grounds for Processing Personal Data’. We consider that in nearly all cases, our legal basis will be one or more of the following:
- our use of your personal data is necessary for the performance of our obligations under our employment relationship with you (for example, to pay you, communicate with you or to confer a benefit under the terms of your employment contract); or
- our use of your personal data is necessary for complying with our legal obligations, particularly as your employer/engager (or prospective employer/engager) (for example, in the UK, this would include providing employee personal information to His Majesty’s Revenue & Customs, health and safety at work or conducting legally required checks on your right to work in the UK); or
- where our use of your personal data is not necessary for the performance of our contractual obligations, or compliance with our legal obligations, it is necessary for the purposes of our legitimate interests or the legitimate interests of a third party (for example, to enable us to centralize our People & Culture systems and to use dedicated third party systems, to ensure a safe working environment, to ensure the reliability of our employees or to maintain adequate personnel records).
Some of the above grounds for processing will overlap and there may be several grounds which justify our use of your personal information. For example, the grounds for processing your data when liaising with your pension provider include both: (1) Necessary for performance of the employment relationship or employment contract; and (2) Compliance with our legal obligations. Additional examples are set forth in Appendix 1.
Transfers of information
As set out above, personal data may be processed by staff operating outside of the UK or EEA, other PLOS entities outside of the UK and EEA or third parties outside of the UK or EEA for the purposes mentioned in the section “How we share your personal data (and who with)”. Please be aware that countries which are outside the UK and EEA may not offer the same level of protection for personal information as in the UK or EEA, although our collection, storage and use of your personal information will continue to be governed by this Privacy Notice.
When transferring personal information outside the UK or EEA, we will:
- ensure that the country in which your personal information will be processed has been deemed “adequate” by the relevant UK and EEA authorities under Article 45 of the UK GDPR; or
- include the standard contractual data protection clauses approved by relevant authorities in the UK and EEA for transferring personal information outside the UK or EEA, into our contracts with other members of our group or third parties.
Your rights
You have certain rights in relation to your personal data. In certain circumstances, you have the right to request that we:
- provide you with a copy of any personal data which we hold about you;
- update any of your personal data which is out of date or incorrect or incomplete;
- delete any personal data which we hold about you if it is no longer necessary in relation to the purposes for which it was collected or processed (or, in some instances, where you have withdrawn your consent or objected to the processing);
- restrict the way that we process your personal data;
- provide your personal data to a third party;
- consider any valid objections which you have to our use of your personal data (where we are relying on our legitimate interests (or those of a third party) as the basis for the processing or that the processing is in the public interest); and
- provide a copy of any agreement under which your personal data is transferred outside of the EEA/UK.
We will consider all such requests and provide our response within the time period stated by applicable law. Please note, however, that certain personal data may be exempt from such requests in certain circumstances, which may include if we need to keep processing your personal data for our legitimate interests or to comply with a legal obligation. There will be certain circumstances where the right does not apply to you under law, and we will review this when we consider a request.
We may request you provide us with information necessary to confirm your identity and ensure your right to access the data (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal data is not disclosed to any person who has no right to receive it.
You generally will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.
Right to withdraw consent
In the limited circumstances where our processing is based on your having provided consent to the collection, processing and transfer of your personal data for a specific purpose, you have the right to withdraw your consent for that specific processing at any time.
To withdraw your consent, please contact askp-c@plos.org and privacy@plos.org. Where these circumstances apply, once we have received notification that you have withdrawn your consent, we will no longer process your data for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law.
Further questions or making a complaint
If you have any questions or complaints about this Privacy Notice, our collection, use or storage of your personal data, or if you wish to exercise any of your rights in relation to your personal information, please contact askp-c@plos.org and privacy@plos.org. We will investigate and attempt to resolve any such complaint or dispute regarding the use or disclosure of your personal data.
You may also make a complaint to the local data protection supervisory authority. Alternatively, you may seek a remedy through local courts if you believe your rights have been breached.
Appendix 1 - Lawful Grounds for processing Personal Data
| Reason for Processing | Types of P&C Personal Data | Basis for Processing |
| Making a decision about your recruitment or appointment. | Your personal details (including name, address, contact information); covering letters; CV/resume data*; references in; passport; visa; interview notes; suitability assessments | Legitimate interests: recruitment decisions |
| Using information about criminal convictions to make a decision about your recruitment or appointment in the US and in certain cases in the UK. | Information about criminal convictions | Compliance with a legal obligation Legitimate interests: public interest, protecting our business and people, network and information security, preventing improper use of systems, protecting workforce Explicit consent |
| Determining the terms on which you work for us | References; CV/resume data*; interview notes; recruitment records; tax information; location, (potential) job title | Necessary for performance of the contract Legitimate interests: attracting and retaining staff |
| Checking you are legally entitled to work in a specific country. | Documentation required under immigration law; meeting/interview notes | Compliance with a legal obligation: right to work |
| Administering the employment relationship or employment contract we have entered into with you and operating our working relationship with you. | Name; bank account details; compensation information; social security number; tax information; benefits and expenses records; details of next of kin and benefits beneficiaries; time and attendance records; contact details for next of kin/emergency contact; US trade union membership | Necessary for performance of the employment relationship or employment contract Legitimate interests: operation of the employment relationship/engagement |
| Paying you and, if you are an employee, deducting tax, National Insurance contributions and other costs. | Name; IDs relating to payroll processing; bank account details; compensation information; social security number; benefits and expenses records; tax information; student loan information; US trade union membership | Compliance with a legal obligation Necessary for performance of the employment relationship or employment contract |
| Providing benefits to you | Name; bank account details and financial information; social security number; benefits and expenses records; date of birth; contact details for next of kin and benefits beneficiaries; tax information | Necessary for performance of the employment relationship or employment contract |
| Liaising with your pension provider | Name; bank account details of UK employees; financial information; social security number; contact details for next of kin and benefits beneficiaries | Necessary for performance of the employment relationship or employment contract Compliance with a legal obligation |
| Business management and planning, including accounting and auditing. | Financial information; benefits and expenses records | Legitimate interests: business management and controls Compliance with legal obligation |
| Conducting performance reviews, managing performance and determining performance requirements, performance awards | Appraisal forms; interview and meeting notes; performance and development records; time and attendance records | Necessary for performance of the employment relationship or employment contract Legitimate interests: attracting and retaining talent; effective business operations |
| Making decisions about salary reviews and compensation | Name; pay details; appraisal forms; bank details and financial information; benefits and expenses records; interview or meeting notes; performance and development records; time and attendance records | Necessary for performance of the employment relationship or employment contract |
| Assessing qualifications for a particular job or task, including decisions about promotions | Name; CV/Resume data*; performance reviews; interview or meeting notes; performance and development records; time and attendance records | Necessary for performance of the employment relationship or employment contract |
| In connection with grievance, disciplinary or capability hearings. | Time and attendance records; performance reviews; disciplinary records; appraisal forms; interview notes; performance and development records; disciplinary and grievance records; time and attendance records; US trade union membership. | Legitimate interests: dealing with internal processes; management of workforce |
| Making decisions about your continued employment or engagement | Time and attendance records; performance reviews; disciplinary and grievance records; appraisal forms; court, tribunal or inquiry proceedings; interview or meeting notes; performance and development records; time and attendance records; US trade union membership | Legitimate interests: management of workforce and effective business operations |
| Making arrangements for the termination of our working relationship | Name; pay details; bank details and financial information; benefits and expenses records; interview or meeting notes/references out | Legitimate interests: management of workforce and effective business operations |
| Education, training and development requirements (including quality improvement) | Appraisal forms; interview or meeting notes; performance and development records; disciplinary and grievance records; training records | Legitimate interests: Staff training and development; effective business operations |
| Dealing with legal disputes involving you, or other staff or third parties, including accidents at work | Names; medical and health related information; checks; occupational health data; accident records; appraisal forms; court, tribunal or inquiry proceedings; interview notes; performance and development records; disciplinary and grievance records; time and attendance records; US trade union membership | Legitimate interests: Responding to and defending legal disputes/claims; managing our risks |
| Ascertaining your fitness to work and occupational health | Names; medical and health related information; checks; occupational health data; accident records; interview or meeting notes; time and attendance records; US trade union membership | Compliance with a legal obligation: health and safety Performance of contract Legitimate interests: management of workforce and effective business operations |
| Managing sickness absence | Names; medical and health related information; checks; occupational health data; accident records; interview or meeting notes; time and attendance records | Compliance with a legal obligation Performance of employment contract Legitimate interests: management of absent employees/dealing with capability issues |
| Paying sick pay | Names; medical and health related information; checks; occupational health data; accident records; bank details and financial information; time and attendance records; tax information | Compliance with a legal obligation: payment and administration of sick pay Performance of employment contract |
| Arrangements relating to family related leave (for example: maternity, paternity, adoption, shared parental leave) | Names; dependents’ details; service period; financial information; bank details; medical and health related information; co-parent’s details | Compliance with a legal obligation: payment and administration of family related leave Performance of employment contract and compliance with internal policies |
| Complying with health and safety obligations and health and safety records and management | Medical and health related information; medical checks; occupational health data; accident records; interview notes; time and attendance records | Compliance with a legal obligation |
| Expenses reimbursement | Travel and expenses records | Necessary for performance of the contract and compliance with internal policies |
| To prevent fraud | Bank details and financial information; benefits and expenses records | Compliance with a legal obligation Legitimate interests: fraud prevention and proper conduct of our business |
| To monitor your use of our information and communication systems to ensure compliance with our IT policies | Emails in and out; recorded telephone calls when using PLOS in-office phones | Compliance with a legal obligation Legitimate interests: network and information security, preventing improper use of systems, protecting workforce |
| To ensure network and information security, including preventing unauthorised access to our computer and electronic communications systems and preventing malicious software distribution | E-mails in and out; network use | Legitimate interests: ensuring system and data security |
| Whistleblowing procedures | Meeting notes; hearing records; investigation records | Legal obligations Legitimate interests: public interest, protecting our business and people |
| Maintaining internal organizational charts and personnel/contact databases and contact details | Name, job title, department, start date, and location | Legitimate interests: operation of our business |
| Employee profiles / quotes for marketing purposes | Photo, name, department, and job title | Legitimate interests: attracting and retaining talent; operation of our business Explicit consent |
| To help PLOS in its equal opportunities monitoring | Collection of sensitive personal information in Human Resource Information System, which may include gender, racial and ethnic origin personal data Responses to diversity & inclusion questionnaires, which may include sensitive personal data (referred to as “special categories” of personal data under European privacy law), including personal data relating to racial or ethnic origins; political opinions; religious and philosophical beliefs; trade union membership; genetic data; biometric data; health data; sex life or sexual orientation | Legitimate interests: public interest/equal opportunities monitoring Public interest condition of “equality of opportunity or treatment” |
*CV/Resume data may include name, personal address, personal telephone, e-mail address, date of birth, age, government I.D, citizenship status, academic record or qualifications/skills/accreditations/career history.