The ADP Privacy Code for Client Data Processing Services handles the processing of personal data of client personnel by ADP in the provision of customer services as a data manager for personal data: 3. Criminal data (including data relating to criminal behaviour, criminal records or procedures relating to criminal or illegal conduct). ADP may, where appropriate, process criminal data in order to perform due diligence for individuals and in relation to security and compliance activities, where necessary to protect the interests of the ADP. Third-party subprocessors can only process customer data under a subprocessing contract. The subcontract imposes data protection processing conditions on the subprocessing contract that are no less protective than those imposed by the service contract and the ADP privacy code for customer data processing services. 4. Physical or mental health data. ADP can process physical or mental health data as needed, to meet the needs of a person with a disability or nutrition, to meet health needs in emergencies or in similar circumstances. Specific categories of data may be treated for other legitimate purposes if ADP obtains the person`s prior express consent. ADP may transfer personal data to third parties and internal subcontractors, as long as it is necessary to achieve existing business objectives. ADP only transfers personal data to third parties or an internal subcontractor if a written contract has been entered into with ADP Group Company to ensure that the same level of data protection is applied as described in ADP`s Business Data Privacy Code.
ADP processes personal data (including specific categories of data) about customer staff, as required, in order to provide after-sales services, customer support activities, in accordance with applicable EEA legislation and for the following additional purposes: In addition to the rights already mentioned in this Statement of Data in accordance with Section 8, you also have the right to portability of the data as well as the right to be informed of decision-making or automated profiling in relation to your personal data. A data protection delegate for the European Economic Area has been appointed and can DataProtectionOfficer.ADPEMEA@adp.com You can contact the data protection delegate by mail at the address below. The ADP privacy code for business data is based on a set of data protection principles described below. ADP took over as head of data binding Corporate Rules (BCR). BCRs are legally binding rules recognised by The European Union (EU) data protection authorities to ensure a coherent approach to privacy and data protection in all companies in the group with the same parent company, including those outside the EU. Personal data under the RGPD is literally all information that could identify any aspect of a person`s personal, public or professional life. Examples: name, address, phone number, email address, IP address, cultural, economic and biometric information. There is a need for a legal mechanism for transferring personal data from the EU. In order to transmit personal data outside the EU, companies must implement one of the following mechanisms; Compelling business rules, standard contractual clauses, individual consent or sending data to a company established in an “appropriate” country.