Skip to Main Content

Simon & Schuster Workplace Privacy Notice

Last Modified: April 10, 2024

 

Simon & Schuster, LLC collects information on individuals who are currently or formerly a part of our workforce — such as employees, applicants, officers and directors, interns, contractors, and other individuals who perform work for us, whether employed by us or not, and their dependents, beneficiaries, and emergency contacts. We also collect information on individuals who we have contracted to work for us or on our third parties’ productions. We refer to this broader group of individuals as ‘workers’ for ease.

 

Nothing in this notice is intended to create an employment relationship between Simon & Schuster and any non-employee and it does not create any contractual rights or obligations.   While this notice is global in nature, our goal is to meet the requirements in each country where our workforce is located.   

 

Third parties involved in a production may independently collect your personal information directly from you and may use it in accordance with their own privacy policies, with which you should familiarize yourself.   Additional notices about our information practices and choices, such as for certain production activities, may apply to you, and will be made available to you depending on the context of your relationship with us. We invite you to read this notice together with any other applicable privacy notices.  

 

This notice does not apply to information collected when you interact with our services as a consumer or visitor to Simon & Schuster products and services. To learn about our information practices when you are a consumer, you can review our privacy policies available on Simon & Schuster branded properties.  

 

Trust is a cornerstone of our mission at Simon & Schuster. We are committed to gaining and maintaining your trust by following a core set of privacy principles: 

  • Transparency – We will tell you what information we collect about you and how we use it. 
  • Access – When possible, and when required by law, we will provide you with access to the information that we collect about you. 
  • Security – We will protect your information with reasonable security measures. 
  • Accountability – We will take responsibility for the secure processing of your information and do our best to address any concerns or questions that you have about how we process your information.

WHAT PERSONAL INFORMATION WE COLLECT ABOUT YOU & WHY WE USE IT

Simon & Schuster collects a variety of information about you, which we use to support our human resources and other legitimate business and commercial purposes, including establishing, maintaining, and terminating your employment or other service relationship. For purposes of this notice, we refer to this information as “personal information” or “personal data” (each as defined under applicable law). Below, we list categories of the personal information we may collect and the purposes for which we may use it.   

  • Contact Information (such as your name, telephone number, photo, email address, physical address, and the name, telephone, email address and physical address of your designated emergency contact) in order to contact you with relevant information, to contact you or others on your behalf for all the purposes identified in this notice, to facilitate communication and collaboration among workers, to confirm worker eligibility under applicable union agreements, and to notify you or your next of kin in the event of an emergency, work-related accident or illness. 
  • Payroll and Benefits Information (such as bank account details, payroll records and information about your compensation, name and date of birth for compliance check purposes, tax status information, pension and other retirement benefits information, social security numbers, tax identification number or other government-issued identification number of you, your spouse/domestic partner, or other family member, information on attendance, vacation, medical, parental/family, or other leave) in order to administer aspects of your employment, salary, and compensation; paying and administering your salary, bonus, incentive plans, family leave pay, sick pay, insurance, and other benefits, and reviewing or making decisions about your employment. 
  • Identity Verification Information (such as your name, date of birth, address, social security number) in order to administer aspects of your employment or engagement and to comply with legal obligations and/or company policies, including preventing corruption and crimes and confirming your legal work status. 
  • Background Check Information (such as your job history, qualifications and previous renumeration as well as credit, criminal record, social media and adverse media checks, subject to local law) in order to verify information provided and to evaluate your suitability for a role, information used in connection with your right to work, and other information necessary for your role, such as event credentialing.    
  • Demographic Information and/or Protected Classifications (such as your age, gender, race, ethnicity, national origin, religion, sexual orientation, political opinions, trade union membership, veteran status, criminal convictions and offenses in accordance with applicable law, disability status and related information, and pregnancy) in order to comply with legal obligations and/or company policies, including record-keeping and reporting required by law and/or company policy, ensuring meaningful equal opportunity monitoring and reporting and support diversity initiatives, and benefits administration. 
  • Security and Compliance Information, Records of IT and Systems Use (such as CCTV footage, virtual meeting video and audio recordings,  information about your use of our IT, business systems, collaboration tools, company networks, and devices (whether owned by Simon & Schuster or through a service provider, such as a cloud computing company), your communications on our systems, passwords, records of swipe and similar building entry cards, and, in limited cases our networks, systems and other tools, to comply with legal obligations and/or company policies, to monitor use of IT systems and other electronic resources, to conduct internal investigations or audits, to maintain  improve, verify or maintain the quality, safety, security and integrity of our IT, business systems, networks, and devices and improve or upgrade them, to facilitate remote working, and to maintain and improve cybersecurity and physical security. 
  • Performance Management Information (such as performance appraisal information submitted about or by you, information about your compliance with Simon & Schuster policies, information about disciplinary allegations, and investigations and processes relating to grievances and complaints in which you may be directly or indirectly involved) in order to manage certain aspects of your employment performance and development.  
  • Information Relating to Your Employment Relationship and Terms (such as information about the terms and dates of your employment, details of union representation, and deductions of contributions) in order to assist with legal compliance, payroll administration, benefits administration, and providing references in connection with your finding new employment.  
  • Information Relating to the Work you Do for Us (such as information about your role, your travel arrangements, audio/video recordings for performers, and emails or other documents created by you or relating to you) for our day-to-day business operations, compliance with legal obligations or company policies.  
  • Health Information  (such as information about your medical condition, workplace injuries, or disabilities) to the extent necessary to comply with our legal obligations, such as to accommodate disabilities, to assess risks to health and safety in accordance with applicable law, for purposes of workers’ compensation, for occupational health surveillance, compliance, and record-keeping as required by law, to conduct fitness-for-duty examinations as legally permitted, to administer leaves of absence and sick time, and to respond to your medical emergency.
  • Information relating to pandemics and other health emergencies (such as information about your health-related status, vaccination status, and exposure to illness) to help us provide a safe workplace and/or comply with legal obligations or company policies, managing employee leave and accommodations, including record-keeping required by law or company policy, for insurance claims (which may involve disclosures to insurers and others), and for use in decisions about staffing needs. We may do the following in relation to Covid-19 (or similar health emergencies): 
    • request information about whether you have had symptoms of the virus, close contact with confirmed cases or traveled to high-risk areas, and whether you would be considered clinically vulnerable or clinically extremely vulnerable;
    • conduct temperature checks before allowing entrance to our premises; 
    • ask you to be tested for the virus before allowing entrance to our premises; and/or 
    • request information about vaccination status. 
  • Any Other Information You Provide Us in the context of your work for us in order to administer aspects of your employment or other relationship with us, including by way of employee surveys, or to comply with legal obligations and/or company policies including without limitation reviewing and managing your performance.  

In the course of employment, you may be required to provide us with information for other purposes such as sick pay and family rights (e.g. parental leave and pay) or in order to carry out your job role (such as for credentialing purposes).  If you do not provide information that you are required by law or contract to give us, you may lose benefits or we may decide not to employ you or end your contract, subject to applicable law or the terms of such contract.  If you have concerns about this in a particular context, you should speak to HR or your Simon & Schuster business contact.    

 

We may also use your information for other legitimate business purposes, such as: assessing or executing mergers, acquisitions, divestitures, or business transfers, and managing potential and actual claims, disputes, disciplinary proceedings and other investigations. 

WHERE THE PERSONAL INFORMATION COMES FROM

We collect information about you in a variety of ways. Your information comes from you or your representatives, third parties (such as job references, business partners, professional organizations, staffing agencies, insurance companies), public internet sources (such as public social media profile), public records, service providers, your manager or other colleagues, affiliated or acquired companies, or our IT systems or through automated technologies on our electronic resources, surveillance/recording technologies (such as video surveillance, voicemail technologies and audio recording technologies with consent to the extent required by law), collective bargaining processes, and government or administrative agencies.

RETAINING YOUR PERSONAL INFORMATION

We retain your personal information for the time period necessary to achieve the purposes described in this notice, unless a longer retention period is required or permitted by applicable law, taking into account applicable statutes of limitation and our records retention requirements and policies.  In general, we will keep your information for the duration of your employment and for a period afterwards.   

WHO WE SHARE YOUR PERSONAL INFORMATION WITH & WHY

We may share your personal information within the Simon & Schuster family of companies.  We may share your information with the Simon & Schuster family of companies and Simon & Schuster personnel for the purposes described in this notice. This includes to your managers, HR and other administrators for employment, administrative and management purposes as mentioned herein.   

 

We may share your personal information in connection with a corporate transaction.  As noted above, we may disclose or transfer your personal information as part of, or during negotiations for, any purchase, sale, lease, merger, or any other type of acquisition, disposal, or financing involving a Simon & Schuster entity or brand. Any sharing of personal information in connection with a corporate transaction will always be subject to a customary confidentiality agreement between the parties. 

 

We may share your personal information with service providers and contractors who perform services on our behalf or that are necessary for our business purposes.  We may share your personal information with service providers and contractors that provide us with professional advice, business support, perform services on our behalf or in connection with carrying out our business— such as payroll and benefit service providers; insurers; vendors; information technology providers;   professional advisors such as lawyers and accountants; occupational health and medical service providers; background check providers; and  in connection with productions, production companies and their staff; marketing partners and campaigns; and to provide you with appropriate credit.  These service providers and contractors are allowed to use your information to help in connection with your employment or service for us and not for any other purpose.

 

We sometimes share your personal information with business partners or other third parties. We may disclose your information to a business partner, such as a distribution partner of a new product or service with which you will be working, or other third parties, such as a professional organization for award recognition.

 

We may share your information with government or administrative agencies.  We may disclose your information to government or administrative agencies as required or permitted by law.  For example, we may provide your information to labor agencies to respond to unemployment or disability insurance claims.

 

In some cases, we may disclose your information to the public. We disclose information to the public in accordance with industry practice and applicable law. For example, credits for a publication are publicly posted.

 

We may share your information with labor unions.  We may disclose your information to a union or other similar organization that collectively represents workers if it represents you or with your consent.

 

We may share your information if we think we have to in order to comply with the law or to protect ourselves. For example, we will share your information when it is necessary for us to comply with applicable law or legal process, to respond to legal claims, or to protect our rights or the property or personal safety of our workers, users or the public. 

 

We may share your information for reasons not described in this notice. We will tell you before we do this if reasonably practicable. 

PROTECTING YOUR INFORMATION

We use reasonable security measures. We have adopted commercially reasonable technical, administrative, and physical security procedures to help protect your information from loss, misuse, unauthorized access, and alteration.  

CHANGES TO THIS NOTICE

From time to time, we may change this notice to accommodate new technologies, industry practices, regulatory requirements, or for other purposes. We will provide notice to you if these changes are material and, where required by applicable law, we will obtain your consent. Notice may be by email to you at the last email address you provided us, by posting notice of such changes on our intranet, or by other means, consistent with applicable law.

If you have any questions about this notice, you may contact us by visiting our Data Privacy Webform, completing the relevant form and selecting ‘General Privacy Request’.

ADDITIONAL INFORMATION FOR WORKERS WHO ARE CALIFORNIA RESIDENTS

If you are a resident of California, the following additional information applies to you.

 

Personal Information Collected About California Residents

The following are categories of personal information that we may collect (and may have collected during the 12-month period prior to the Last Modified date of this notice) about you, your dependents or beneficiaries, or your emergency contacts, as well as examples of the types of personal information that may be collected (or may have been collected):

 

Identifiers, including:

  • Names and Aliases
  • Physical Address
  • Phone Number
  • E-Mail Address
  • Postal address
  • Signature
  • Social Security number
  • Driver’s License
  • State identification card
  • Passport number

 

Legally Protected Characteristics, including

  • Gender identity
  • Age
  • Race/Ethnicity/National Origin
  • Disability
  • Veteran status
  • Medical condition
  • Pregnancy / childbirth / breastfeeding and related medical conditions (as necessary to comply with applicable leave laws and accommodation)
  • Marital and familial status
  • Sexual Orientation
  • Religion

 

Commercial Information, including:

  • Business travel
  • Expense records

 

Financial Information

  • Bank account number

 

Health Information, including:

  • Vaccination status
  • Health screenings
  • On-the-job injuries
  • Leave-related information

Preferences, including:

  • Information such as your hobbies or membership in charitable or public organizations.
  • Information related to your preferences regarding work tools, travel, hours, or food choices.

 

Geolocation, including:

  • Information related to your location, including your IP address

 

Professional/Employment Related Information, including:

  • Professional experience and education (including university degrees, academic records, professional licenses, memberships and certifications, awards and achievements, and current and previous employment details
  • Union representation
  • Compensation
  • Benefits enrollment, including information regarding beneficiaries and dependents
  • Non-public educational information

 

Internet/ Electronic Activity, including:

  • IP Address
  • Information collected through tracking tools, such as browser cookies and web beacons
  • Publicly available social media activity
  • Passwords
  • Login credentials
  • Device attributes

Sensory/Audio/Visual Information, including:

  • Photos
  • Voicemails
  • Video conference recordings
  • Footage from security cameras

 

Information described under § 1798.80, including:

  • Insurance policy number

 

We may have collected data from the following sources:

  • Directly from you (e.g., in your application, assessments, surveys, or during your relationship with us)
  • Services providers (e.g., law firms)
  • Third Parties (e.g., job references, business partners, professional organizations, staffing agencies, insurance companies)
  • Affiliated Companies
  • Public Internet Sources
  • Public Records
  • Automated Technologies
  • Surveillance/recording technologies installed by Simon & Schuster (e.g., video surveillance in common areas of Simon & Schuster’s facilities, voicemail technologies and audio recording technologies with consent to the extent required by law)
  • Labor processes
  • Union agreements
  • Government or administrative agencies
  • Acquired company

We may use your personal information for the purposes described in “What Information We Collect About You & Why We Use It” section of this notice.

 

 

Personal Information Disclosed for a Business Purpose to Third Parties

The categories of personal information listed above may be disclosed for a business purpose to the categories of third parties listed above in the section titled “Who We Share Your Information With & Why”.

 

Retention

We retain your personal information as described in “Retaining Your Information” section of this notice.

YOUR PRIVACY RIGHTS AND HOW TO EXERCISE THEM

If you are a resident of California, you have certain rights regarding your personal information, which include: 

  • Right to Know. You have the right to submit a verifiable request for specific pieces of your personal information we obtained from you.  In addition, you have the right to know the categories of personal information collected about you, the categories of sources from which we collected your personal information, the categories of third parties to whom your personal information is disclosed, and the categories of personal information we disclosed for a business purpose and the categories of persons to whom it was disclosed for a business purpose.
  • Right to Delete. You have the right to submit a verifiable request for the deletion of personal information you have provided to us.
  • Right to Correct. You have the right to submit a verifiable request for the correction of inaccurate personal information maintained by us, considering the nature of the personal information and the purposes of processing the personal information.
  • Non-discrimination. We will not unlawfully discriminate or retaliate against you for exercising your rights described above.

 

Sensitive Personal Information. We use sensitive personal information as necessary for the direct purposes relating to your employment or other service relationship, as applicable. We do not collect or process sensitive personal information for purposes of inferring characteristics about individuals.

 

Sale and Sharing of Personal Information. We do not sell your personal information nor disclose your personal information for cross-context behavioral advertising.

 

Deidentified Information. To the extent we process deidentified information, we will maintain and use the information in deidentified form and will not attempt to reidentify the information unless permitted by applicable law.

 

How to Exercise Your Rights. You or your authorized agent may submit a request to exercise any of the above rights by visiting our Data Privacy Webform and completing the form relevant to your request or by calling us at +1-800-223-2336. If you are currently a member of our workforce with access to Simon & Schuster corporate applications, you may have self-service tools available to you to exercise any of the above rights. If you have questions about exercising any of the above rights, you may contact us at PrivacyAdministrator@simonandschuster.com.

 

How We Will Verify Your Request. We may require additional information to verify your identity or to verify that your authorized agent has the authority to make the request on your behalf.  The verification process may differ depending on the nature and type of request that is submitted. If we cannot verify your identity or your authorized agent’s authority to a sufficient level of certainty to respond to your request, we will let you know promptly and explain why we cannot complete your request.

ADDITIONAL INFORMATION FOR WORKERS LOCATED OUTSIDE OF THE UNITED STATES

If you are located outside the US, including in the United Kingdom (the UK), the following additional information applies to you, except as otherwise noted in the INTERNATIONAL SUPPLEMENTS.   

 

Who is the Data Controller of Your Personal Data 

The entity set out in the International Supplement for your jurisdiction will be a data controller of your personal data (as defined under applicable law). In many cases our US and UK entities will also be data controllers of your personal data, as well as other Simon & Schuster entities with whom your personal data is shared from time to time, and as set out in this notice.   

 

Legal Grounds for Processing Personal Data 

Under applicable data protection law, there are various grounds on which we can rely when processing your personal data.  In some contexts, more than one ground applies.  The grounds for processing are as follows: 

  • Contract: this is processing necessary for performance of a contract with you or to take steps at your request to enter a contract. This covers carrying out our contractual duties and exercising our contractual rights. 
  • Legal Obligation: this is processing necessary to comply with our legal obligations. The processing is necessary for ensuring we perform our legal and regulatory obligations.  For example, providing a safe place of work, complying with health and safety laws, or avoiding unlawful discrimination. 
  • Legitimate Interest: this is processing necessary for our or a third party’s legitimate interests. We or a third party have legitimate interests in carrying on, managing, and administering our respective businesses effectively and properly and in connection with those interests processing your data.  Where we rely on legitimate interests, we consider: 
    • what our legitimate interest is – these are set out in the table below; 
    • whether the processing is necessary to achieve it (i.e., whether it is proportionate); and 
    • whether it can be balanced against individuals’ interests, rights, and freedoms (via the protections described in this notice).   
    • Where this test is not met, we do not rely on legitimate interest. This notice serves as a record of our legitimate interest assessment. 
  • Consent: this is where you have given specific consent to processing your personal data. In the UK, processing of your data in connection with employment is generally not conditional on your consent.  But there may be occasions where we do specific things for which we require your consent. In certain jurisdictions we will ask for consent as the basis for processing certain of your personal data.  

Additional legal bases may apply in your jurisdiction.   

 

Processing Special Personal Data 

Where necessary in your jurisdiction, if we process special personal data about you (for example, storing your health records to assist us in ensuring that we provide you with a healthy and safe workplace, or processing personal data relating to diversity monitoring) we will also make sure that one or more of the grounds for processing special personal data applies. Personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, health, sexual orientation, sex life, trade union membership and genetic and biometric data are subject to special protection and considered by certain privacy law, including UK privacy law, to be “special” or “sensitive” personal data. Data relating to criminal records or offences is treated in a similar way and, for purposes of this notice, included in this definition.  In some jurisdictions a different term may be used to describe data warranting special protection. However, the remainder of this notice uses the term “special” personal data for ease.   

 In outline, these additional grounds for processing include:   

  • Processing being necessary for the purposes of your or our obligations and rights in relation to employment in so far as it is authorised by law or collective agreement;  
  • Processing relating to personal data about you that you have made public; 
  • Processing being necessary for the purpose of establishing, making or defending legal claims; 
  • Processing being necessary for provision of health care or treatment, medical diagnosis, and assessment of your working capacity; and 
  • Processing based on us having received your explicit consent (although please note as set out above that, in general, processing of your personal data in connection with employment is not conditional on your consent in the UK).  
Further Information on the Personal Data We Process and Our Purposes

Examples of the personal data and the grounds on which we process your personal data are described in the table below. Although these examples represent a comprehensive description of the processing we engage in, this list is not exhaustive.  

 

Purpose
Examples of personal data that may be processed
Grounds for processing
Recruitment 
Standard personal data related to your identity (e.g. your name, address, email address, ID information and documents, telephone numbers, place of birth, nationality, contact details, professional experience and education (including university degrees, academic records, professional licenses, memberships and certifications, awards and achievements, and current and previous employment details), financial information (including current salary information, provided permitted by applicable law), language skills, and any other personal data that you present us with as part of your application related to the fulfilment of the role.  We may also collect and process information concerning your application and our assessment of it including any background checks we may make to verify information provided and any information connected with your right to work. This may include as necessary for your role (and subject to legislation in your jurisdiction) checks verifying your job history, qualifications and previous renumeration as well as credit, criminal record, social media and adverse media checks.  Such data processing will be subject to applicable local law.     If necessary, we will also process information concerning your health, any disability and any proposed adjustments to the recruitment process or working arrangements.
  • Contract 
  • Legal obligation 
  • Legitimate interest: recruitment and the fair promotion of our employees
Your employment contract including entering it, performing it and changing it 
Information on your terms of employment including your hours and working patterns, your pay and benefits such as your participation in pension arrangements, any life and medical insurance, and any bonus or share schemes.
  • Contract 
  • Legal obligation 
  • Legitimate interest: to have an accurate record of your employment contract for its performance and variation
Contacting you and/or others on your behalf 
Your address, email address and phone number, emergency contact information and information on your next of kin. 
  • Contract 
  • Legitimate interest: the ability to contact you, and others on your behalf in an emergency
Payroll & benefits administration 
Information on your bank account, pension contributions (if relevant) and on tax and social insurance, including tax contribution rate; your social insurance number or other government issued identifier; information on attendance, holiday and other leave and sickness absence; name and date of birth for compliance check purposes. 
  • Contract 
  • Legal obligation 
  • Legitimate interest: the ability to carry out payroll, general HR and business administration in an efficient manner, and to plan around your absence where necessary
Financial planning and budgeting  
Information such as your salary and (if applicable) bonus levels. 
  • Legitimate interest: the ability to carry out effective financial planning and budgeting for our business 
Supporting and managing your work and performance and any health concerns 
Information connected with your work, anything you do at work and your performance including records of documents and emails created by or relating to you and information on your use of our systems including computers, laptops or other devices (and any related monitoring will always be undertaken in a proportionate and as minimally invasive manner as possible); performance management information regarding you, including notes of meetings and appraisal records, and information you or our managers enter onto our training or appraisal platforms; information relating to your compliance with company policies; information concerning disciplinary allegations, investigations and processes and relating to grievances or complaints in which you are or may be directly or indirectly involved; information concerning your health, including medical or doctors’ notes, return to work plans, and medical and occupational health reports. 
  • Contract 
  • Legal obligation 
  • Legitimate interest: the ability to support our workforce and help career development, ensure compliance with our policies, and the investigation of grievances or disciplinary concerns where this becomes necessary.
Meeting our duty of care and health and safety responsibilities in relation to Covid-19 (or similar health pandemic) 
We have a duty of care to ensure a safe place of work, as well as a duty of care to employees. For this reason, where reasonable and necessary, we may do one or more of the following in relation to Covid-19 (or similar health pandemic): 
  • request information about whether you have had symptoms of the virus, close contact with confirmed cases or travelled to high risk areas, whether you would be considered clinically vulnerable or clinically extremely vulnerable, and whether you have been vaccinated; 
  • conduct temperature checks before allowing entrance to our premises; and 
  • ask you to be PCR or Antibody tested before allowing entrance to our premises.   Such data processing will be subject to applicable local law.
  • Consent
  • Legal obligation 
  • Legitimate interest: to ensure a safe place of work and the safety of our employees
Changing or ending your working arrangements 
Information connected with anything that may affect your continuing employment or the terms on which you work including any proposal to promote you, to change your pay or benefits, to change your working arrangements or to end your employment. 
  • Contract 
  • Legitimate interest: the ability to change or end your working arrangements "
Physical and worksite security 
CCTV images; in limited cases, output of facial recognition technology or fingerprint identification for entry; records of use of swipe and similar entry cards.   In exceptional circumstances, we may monitor covertly (i.e., without notice) for other purposes.  This will normally only be in circumstances where we reasonably believe covert monitoring is necessary for the detection of criminal or other sufficiently serious activity and which is consistent with the monitoring described in any existing privacy impact assessment. In the event covert monitoring beyond the scope of our privacy impact assessment is required, we will normally conduct an additional assessment. In addition, prior authorisation will normally be sought from the Privacy Office.  Such monitoring will be subject to applicable local law.
  • Legal obligation 
  • Legitimate interest: the ability to keep our locations secure, and provide a safe environment for our personnel; pursuant to any potential disciplinary actions or grievances, or any potential legal and/or insurance claims
Monitoring use of our IT systems 
We may monitor and log access to our IT systems including computers, phones and other devices and passwords.  We may also monitor, access, examine, capture or otherwise intercept (by human or automated means where permitted by applicable law) communications or personal data transmitted through our systems. This may take place for several reasons, including to: 
  • maintain the security of our systems;  
  • identify and deter system security threats;  
  • protect personal data; 
  • locate deleted messages or messages lost due to system failure; 
  • manage and redistribute the work on an absent employee as needed. 

In exceptional circumstances, we may monitor covertly (i.e., without notice) for other purposes.  This will normally only be in circumstances where we reasonably believe covert monitoring is necessary for the detection of criminal or other sufficiently serious activity and which is consistent with the monitoring described in any existing privacy impact assessment. In the event covert monitoring beyond the scope of our privacy impact assessment is required, we will normally conduct an additional assessment. In addition, prior authorization will normally be sought from the Privacy Office.  Such monitoring will be subject to applicable local law.
  • Legitimate interest: to maintain the security and integrity of our systems, enable work continuity, and to monitor compliance with our policies 
Assisting you with remote work, and improving efficiency of IT, business systems and device use 
 
This includes records of your use of IT and business systems and company devices; live and/or recorded video or photographic images of you or your voice; details about participations in and use of video conferencing tools.   We will where necessary and as set out in this notice also contract with third parties so you can use third party applications on your company devices which may assist with your work (for example an application allowing ‘one-click’ dial in to conference calls or applications for video conferencing). Such applications will process your personal data. The third-party privacy notices will make clear precisely what information will be collected.   We may be provided with information on the usage of such applications, for example for the purpose of troubleshooting or assessing overall usage and whether to continue to provide them. For example, we may collect information on the number of minutes and amount of personal data used on company mobile phones to ensure employees are on the most cost-effective tariff for their usage.  We may also process your personal address and/or personal contact information to facilitate delivery of work-related items to your residence.
  • Legitimate interest: to facilitate effective home and remote working; to ensure and improve efficiency of IT, business systems and device use  
Providing references in connection with your finding new employment 
Information on your working for us and on your performance.  
  • Consent 
  • Legitimate interest: to provide references where requested.
Monitoring of diversity and equal opportunities 
Information on your nationality, racial and ethnic origin, gender, sexual orientation, religion, disability and age as part of diversity monitoring initiatives, including by way of employee engagement surveys. Such personal data will, where possible, be aggregated and used for equality of opportunity monitoring purposes. Please note we may share aggregated and anonymised diversity statistics with regulators if formally required / requested.   Such monitoring will be subject to applicable local law.  More information would typically be provided at the start of the diversity monitoring exercise in question.
  • Legal obligation 
  • Legitimate interest: to promote diversity and inclusion
Monitoring and investigating suspicions of misconduct, compliance with policies and rules – both generally and specifically – but always in a proportionate and as minimally invasive manner as possible 
We expect our employees and workers to comply with our policies and rules and may monitor our systems to check compliance (e.g., rules on accessing pornography at work).  We will where necessary and as set out in this notice check system and other personal data to investigate those concerns (e.g. log-in records, records of usage and emails and documents, CCTV images).  In appropriate cases, if we have suspicions of serious wrongdoing, we may make targeted records (e.g., video or sound) in connection with an investigation.   In exceptional circumstances, we may monitor covertly (i.e., without notice) for other purposes.  This will normally only be in circumstances where we reasonably believe covert monitoring is necessary for the detection of criminal or other sufficiently serious activity and which is consistent with the monitoring described in any existing privacy impact assessment. In the event covert monitoring beyond the scope of our privacy impact assessment is required, we will normally conduct an additional assessment. In addition, prior authorisation will normally be sought from the Privacy Office.  Such monitoring will be subject to applicable local law. 
  • Legitimate interest: to ensure that our employees comply with our policies and rules 
Disputes and legal proceedings 
Any information relevant or potentially relevant to a potential or actual dispute or legal proceeding affecting us  
  • Legal obligation 
  • Legitimate interest: the ability to respond to and defend against legal claims 
Legal, regulatory and compliance purposes 
Information we process for legal or regulatory purposes (including upholding your data rights under privacy legislation). 
  • Legal obligation 
  • Legitimate interest: the ability to comply with relevant law and regulatory guidance 
Trade union check off arrangements and Works Council administration 
Where applicable, details of trade union membership and deductions of contributions made at source; information relating to Works Council (or similar body) participation, including any communication you send to us if acting for the Works Council (if applicable). 
  • Contract 
  • Legal Obligation  
Day to day business operations including marketing and customer/client relations and travel on our behalf 
Information relating to the work you do for us, your role and contact details including relations with current or potential customers or clients.  This may include a picture of you for internal or external use; information regarding your travel arrangements and location.  
  • Legitimate interests: to allow the effective operation of day to day business, marketing and investor relations and travel 
Maintaining appropriate business records during and after your employment  
Information relating to your work, anything you do at work and your performance relevant to such records.   
  • Contract 
  • Legal obligation 
  • Legitimate interest: to maintain appropriate business records during and after your employment 

 

SHARING YOUR PERSONAL DATA OUTSIDE THE GROUP COMPANIES

We will only disclose your personal data outside our group companies if disclosure is consistent with a ground for processing on which we rely and doing so is lawful and fair to you.   

We will disclose your personal data if it is necessary for our legitimate interests as an organization or the interests of a third party (but we will not do this if these interests are over-ridden by your interests and rights in particular to privacy).  We may will also disclose your personal data if you consent, where we are required to do so by law and in connection with criminal or regulatory investigations.

ACCESS TO YOUR PERSONAL DATA AND OTHER RIGHTS

You may have certain rights regarding your personal data, which may include: 

  • The right to request access to and/or a copy of the personal data we hold about you, including details as to how we process this personal data; 
  • The right to object to or restrict our processing of your personal data; 
  • The right to request that your personal data be erased from further use; 
  • The right to correct, amend, or update personal data you have given us (in some instances, such as on our internal employee portals, you can also do this by logging in and updating your personal data); 
  • The right of portability, which allows you to request that we share your personal data with others;  
  • The right not to be subject to automated decision making, i.e. a decision made solely by automated processing; and 
  • If we have relied on consent as a ground for processing, the right to withdraw consent at any time – though if you do so that will not affect the lawfulness of what we have done before you withdraw consent. If you withdraw your consent, we will provide you with an assessment of how such withdrawal will impact our ability to reasonably support your employment. 

 

To make a request, complete the relevant form on our Data Privacy Webform. If you are currently a member of our workforce with access to Simon & Schuster corporate applications, you may have the ability to use self-service tools in those applications to exercise some of your privacy rights when available in your jurisdiction. The regulator in your jurisdiction may have produced forms to assist you in making a request – where this is the case you can attach these to your request.   We may require you to provide information from which we can confirm your identity. Please note that, while we will carefully assess every request we receive, your rights may differ according to your place of residence and we may not always be required to comply. If we do not comply with your request, we will explain why. 

 

If you have any unresolved privacy concerns that we have not addressed satisfactorily after contacting us, you may have the right to contact your local data protection authority.  

JOURNALISTIC EXEMPTION (IN RELATION TO LITERARY EXPRESSION)

Please note that as a result of the nature of the work that you do for us), on some occasions Simon & Schuster and our group companies or third parties will rely on exemptions to data protection rules in relation to journalistic freedom, the right to artistic expression or more generally, the right to freedom of expression (as mentioned in Article 85 of the General Data Protection Regulation and in various jurisdictions’ data protection rules). This can mean that certain parts of the GDPR (including data subjects’ rights) do not apply.  We will rely on similar provisions where applicable in other jurisdictions.  

INTERNATIONAL TRANSFERS

In connection with our business and for employment, administrative, management and legal purposes, we will where necessary transfer your personal data across country borders in accordance with applicable law. Such transfers include to members of our group of companies and third-party service providers, including in the US and in other jurisdictions in which we are established. For example, some of the systems that we use in connection with our business and your employment (such as our HR Information system) are hosted in the US.  We will ensure that any transfer is lawful, including putting in place legal safeguards and ensuring that there are appropriate security arrangements. More specifically, (i) for transfers outside the UK, this includes entering into the relevant official UK Standard Contractual Clauses for transfers to third countries with Simon & Schuster group entities and third parties located outside the UK and, where necessary, implementing further measures to ensure the information is subject to equivalent local protection and (ii) for transfers outside of certain other jurisdictions, where required by applicable law, we apply the substantive requirements of the official UK Standard Contractual Clauses.  

 

If you want further details of any of these safeguards or agreements, please contact us at the email address listed in the “Contact Us” section.  

 

Australia

If you are employed, engaged, or reside in Australia or are in Australia when your personal data is collected by us, or, regardless of your location, and if your personal data is collected by any of the local Data Controllers listed below, the following additional information applies.

 

The local regulator is the Office of the Australian Information Commissioner (OAIC).

The local Data Controllers are the entities listed below and their affiliates: Address:
Simon & Schuster (Australia) Pty Limited
  1. Suite 19 A, Level 1, Building C, 450 Miller St, Cammeray NSW 2062
  2. Hub Collins Street, Level 3, 162 Collins Street, Melbourne VIC 3000 

Special personal data

Not all of the grounds for processing special personal data described in the section of this Notice entitled “PROCESSING SPECIAL PERSONAL DATA” apply to your special personal data. As such, we will only process your special personal data as permitted by law, for example where we have received your consent to do so or the collection is required by law.

 

Journalistic exemption

The section “Journalistic exemption” does not apply.

 

Complaints

If we receive a complaint from you in relation to our processing of your personal data, we will investigate the complaint and determine whether a breach of this Notice or the Privacy Act has occurred and what action, if any, to take. Simon & Schuster will take any privacy complaint seriously and will aim to resolve any such complaint in a timely and efficient manner, and our target response time is one month unless your query is complex. Simon & Schuster expects our procedures will deal fairly and promptly with your complaint. However, if you remain dissatisfied, you can also make a formal complaint with the OAIC:

 

Office of the Australian Information Commissioner (OAIC)

1300 363 992

Director of Compliance

Office of the Australian

Information Commissioner

GPO Box 5218

Sydney NSW 2001

www.oaic.gov.au

 

Complaints to the OAIC must be made in writing.

 

 

Canada

If you are employed, engaged, or reside in Canada, the following additional information applies.

 

The statutory regulator in British Columbia is the Information and Privacy Commissioner.

 

 

The local Data Controllers are the entities listed below and their affiliates: Address:
Simon & Schuster Canada ULC 166 King Street E, Toronto, Ontario, Canada, M5A 4S4

In addition:

If you send us a request (to the email address provided in this Notice) to access or correct your personal data, we will contact you within 30 days (although it may take us longer to fully respond to your request).

 

 

India

If you are employed, engaged, or reside in India, the following additional information applies.

The local Data Controllers are the entities listed below and their affiliates: Address:
Simon & Schuster Publishers India Private Limited

163, 6th Floor, Tower A

The Corenthum

A-41, Sector-62

Noida – 201301 INDIA

We make reasonable efforts to notify you of the purposes for which personal information will be used or disclosed and if the initial purpose changes. Residents of India have additional rights with respect to certain categories of personal information defined under Indian law as “sensitive personal information”, including information relating to passwords; financial information (such as debit or credit card numbers); physical, physiological or mental health condition; sexual orientation; medical history and records; and biometric information. To the extent we may collect any such information from you, you may withdraw consent at any time (subject to legal or contractual restrictions and reasonable notice). Subject to certain limits set out in the applicable laws, Indian residents also have the right to review the personal information that we collect and to update or correct personal information if it is inaccurate.

 

If you are an Indian resident and would like to submit a request to review or correct your personal information, or to withdraw consent to the processing of your sensitive personal information, or to make a complaint about our processing of your sensitive personal information, you must submit your request to our Grievance Officer by emailing Roxanne.Miller@simonandschuster.com.

 

 

United Kingdom

If you are employed, engaged, or reside in the United Kingdom, the following additional information applies.

 

The local regulator is the Information Commissioner’s Office (ICO).  You have the right to seek information and assistance or lodge a complaint about our data collection and processing actions with the ICO here:  https://ico.org.uk/

 

The local Data Controllers are the entities listed below and their affiliates: Address:
Simon & Schuster (UK) Limited

1st Floor

222 Gray's Inn Road

London WC1X8HB

United Kingdom

In addition:

When processing special personal data for diversity and inclusion purposes we will typically rely on Schedule 1(8) Data Protection Act 2018 as the legal basis for processing, rather than consent. However, in practice this sort of processing would normally still be voluntary. This Notice, along with other related Simon & Schuster policies and/or protocols, shall form Simon & Schuster's policy for processing special personal data as required by the UK Data Protection Act 2018 (Schedule 1 Part IV).

 

Additional Information if You Are Located in Countries Outside the US, UK, Canada, Australia, or India

In certain jurisdictions with relevant data protection laws, including (without limitation) the Philippines, we may require your consent or authorization to use or share your personal information for the purposes described in this Workplace Privacy Notice. By providing your personal information to us, you expressly provide such consent or authorization to the extent it is required. In addition, you may have additional privacy rights under the law of your country of residence, typically including the rights to access, correct, delete, object to further processing of your Personal Data, and lodging a complaint. We handle requests to exercise such rights similarly to requests from EU residents under the EU GDPR, as described above.

 

For the purposes of this Notice, “Simon & Schuster”, “we”, “us” and “our” refer to (i) for U.S. based employees, Simon & Schuster, and/or, (iii) for employees based outside the U.S., the local Data Controller(s) set out in the International Supplements, and other group companies with whom the data is shared (as outlined in this Notice).