Data Privacy Policy

1. Policy Statement

CleanMark Group Inc. (CleanMark) is committed to protecting the privacy and confidentiality of Personal Information of its employees, customers, and vendors. CleanMark’s policies support this commitment to protecting Personal Information. Ensuring data protection is the foundation of trustworthy business relationships and the reputation of CleanMark as an attractive employer. Each employee bears a personal responsibility for complying with this Policy in the fulfillment of their responsibilities at CleanMark. Breach of this Policy by an employee can result in discipline up to and including termination of employment.

2. Scope

This Policy sets the minimum standard and shall guide all CleanMark employees and Agents even if local law is less restrictive.

3. Policy Details

3.1 CleanMark respects the privacy of its employees and third parties such as customers, certified service providers, suppliers, former employees and candidates for employment and recognizes the need for appropriate protection and management of Personal Information. CleanMark is guided by the following principles in Processing Personal Information:
• Notice
• Choice
• Accountability for onward transfer
• Security
• Data integrity and purpose limitation
• Access
• Recourse, Enforcement and Liability

3.2 Notice. When collecting Personal Information directly from individuals, CleanMark strives to provide clear and appropriate notice about the:
• Purposes for which it collects and uses their Personal Information,
• Types of non-Agent third parties to which CleanMark may disclose that information, and
• Choices and means, if any, CleanMark offers individuals for limiting the use and disclosure of their Personal Information.

3.3 Choice. Generally, CleanMark offers individuals a choice regarding how we Process Personal Information, including the opportunity to choose to opt-out of further Processing or, in certain circumstances, to opt-in. Explicit consent from individuals is not required when Processing Personal Information for:
• Purposes consistent with the purpose for which it was originally collected or subsequently authorized by the individual,
• Purposes necessary to carry out a transaction relationship,
• Purposes necessary to comply with legal requirements, or
• Disclosure to an Agent.

3.4 Accountability for Onward Transfer. In regard to the transfer of Personal Information to either an Agent or Controller, CleanMark strives to take reasonable and appropriate steps to:
• Transfer such Personal Information only for specified purposes and limit the Agent or Controller’s use of that information for those specified purposes,
• Obligate the Agent or Controller to provide at least the same level of privacy protection as is required by this Policy,
• Help ensure that the Agent or Controller effectively processes the Personal Information in a manner consistent with its obligations under this Policy,
• Require the Agent or Controller to notify CleanMark if the Agent or Controller determines it can no longer meet its obligation to provide the same level of protection as is required by this Policy, and
• Upon notice from the Agent or Controller, take further steps to help stop and remediate any unauthorized Processing.

3.5 Security. CleanMark takes reasonable and appropriate measures to protect Personal Information from loss, misuse and unauthorized access, disclosure, alteration and destruction, taking into due account the risks involved in the Processing and the nature of the Personal Information.

3.6 Data Integrity and Purpose Limitation. CleanMark will only Process Personal Information in a way that is compatible with the purpose for which it has been collected or subsequently authorized by the individual. CleanMark shall take steps to help ensure that Personal Information is accurate, reliable, current and relevant to its intended use.

3.7 Access. CleanMark provides individuals with reasonable access to their Personal Information for purposes of correcting, amending or deleting that information where it is inaccurate or has been Processed in violation of the CleanMark data privacy principles.

3.8 Recourse, Enforcement and Liability. Violation of this Policy by an employee or contractor of CleanMark will result in appropriate discipline up to and including termination. Violation by an Agent, Controller or other third party of this Policy or CleanMark’s privacy requirements will result in the exercise of appropriate legal remedies available at law or in equity including termination for material breach of contract.

4. Purpose of Collecting and Use of Personal Information

CleanMark collects Human Resources Data in connection with administration of its Human Resources programs and functions and for the purpose of communicating with its employees. These programs and functions may include compensation and benefit programs, employee development planning and review, performance appraisals, training, identification cards, access to CleanMark facilities and computer networks, employee profiles, internal employee directories, Human Resource record keeping, and other employment related purposes. CleanMark also collects and uses Personal Information to consider candidates for employment opportunities within CleanMark. Human Resources Data may be shared with third party vendors and service providers for the purpose of enabling the vendor or service provider to provide service and/or support to CleanMark in connection with these Human Resources programs and functions. CleanMark will not share Human Resources Data with third parties for non-employment related purposes. CleanMark requires third parties receiving Personal Information to apply the same level of privacy protection as contained in this Policy and as required by applicable law.

5. Administration

5.1 Roles and Responsibilities. Responsibility for compliance with this Policy rests with the heads of the individual functions, business units and departments together with any individual employees collecting, using or otherwise Processing Personal Information. Business unit, function and department heads, in coordination with legal consultation are responsible for implementing further standards, guidelines and procedures that uphold this Policy, and for assigning day-to-day responsibilities for privacy protection to specific personnel for enforcement and monitoring.

5.2 Implementation. This Policy is meant to be implemented in conjunction with supplementary data privacy policies specific to a region, country or department, if required. These supplementary data privacy policies will account for differences in data protection requirements by jurisdiction or function and will specify individual roles and responsibilities. CleanMark business units, functions or facilities will implement supplementary data privacy policies as required to be in compliance with applicable laws.

5.3 Interpretation. In the event of any conflict between this Policy and any supplemental data privacy policy, this Policy will supersede the supplemental data privacy policy to the extent that the supplemental data privacy policy is less restrictive. Local data privacy policies may provide for stricter data privacy and protection standards than are set forth in this Policy. In the event local data privacy law provides for stricter data privacy and protection than this Policy, the local data privacy law will supersede this Policy in that jurisdiction to the extent necessary to comply with stricter local law.

6. Confidentiality

Personal data is subject to data secrecy. Any unauthorized collection, processing, or use of such data by employees is prohibited. Employees are forbidden to use personal data for private or commercial purposes, to disclose it to unauthorized persons, or to make it available in any other way. Supervisors must inform their employees at the start of the employment relationship about the obligation to protect data secrecy. This obligation shall remain in force even after employment has ended.

7. Data Protection Incidents

All employees must inform their supervisor, and/or the Data Privacy Officer immediately about cases of violations against this Data Protection Policy or other regulations on the protection of personal data. The manager responsible for the function of this unit is required to inform the Data Privacy Officer immediately about data protection incidents.

In cases of:
• Improper transmission of personal data to third parties
• Improper access by third parties to personal data, or
• Loss of personal data

The required company reports must be made immediately so that any reporting duties under national law can be complied with.

8. Changes to this Data Privacy Policy

Cleanmark may occasionally update this Policy. When we do, we will revise the “Revised” date at the bottom of the Policy. You should revisit this page periodically to become aware of the most recent privacy terms; your use of the site after such changes have been posted constitutes your agreement to such changes.

9. Definitions

“Agent” means any third party that collects and/or uses Personal Information provided by CleanMark to perform tasks on behalf of and under the instructions of CleanMark.

“CleanMark” is CleanMark Group Inc. and all of its subsidiaries and affiliates globally.
“Controller” means a person or organization which, alone or jointly with others, determines the purposes and means of the Processing of Personal Information.

“Human Resource Data” means Personal information concerning CleanMark employees or prospective employees.
An “Identified” or “Identifiable” individual is one who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to the person’s physical, physiological, mental, economic, cultural or social identity.

“Personal Information” is information or data about an “Identified” or “Identifiable” (see definition above) individual. It does not include information that is anonymous, aggregated or in circumstances where the individual is not readily identifiable.

“Policy” means this Data Privacy Policy, as revised.

“Processing” or “Process” means any operation or set of operations which is performed on Personal Information or on sets of Personal Information, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

For More Information

For any questions related to this data breach, please contact Peter Androutsos, Ph.D., CleanMark’s, Privacy Officer at 461-364-0677, Extension 2105 between the hours of 10am and 4pm (Eastern).

Revised: April 27, 2019