Contact Us
Careers

GDI GROUP OF COMPANIES
PRIVACY POLICY

1. OUR ORGANIZATION
GDI Integrated Facility Services Inc. and its subsidiaries (hereinafter referred to as “GDIGC”), is a leading integrated commercial facility services provider offering its clients a full range of services, including commercial janitorial, building maintenance, installation, maintenance and repair of HVAC, mechanical, electrical and building automation systems, as well as other complementary services such as janitorial equipment distribution, products manufacturing and energy performance optimization.
2. INTRODUCTION

This Policy sets out how GDIGC collects, stores, uses and safeguards all Personal Information, including Personal Information related to its employees, independent contractor staff, and job applicants. This Policy applies in addition to any and all applicable laws regulating Personal Information. The information in this policy is correct as of the date of publication.

3. WHAT CONSTITUTES PERSONAL INFORMATION?

“Personal Information” refers to any information directly or indirectly related to an individual and that allows the individual to be identified.

4. THE TYPES OF PERSONAL INFORMATION WE COLLECT

In summary: We mostly collect Personal Information necessary to process applications and employment within GDIGC.

GDIGC collects Personal Information as necessary or as appropriate, for the purposes of human resources management, recordkeeping, and legal compliance. The Personal Information collected depends on the nature of the interaction between the individual and GDIGC. GDIGC collects and uses Personal Information only to the extent required for the purpose for which it was disclosed, and as permitted by applicable laws. For instance, GDIGC may collect Personal Information:

  • During the job application process, such as from applications, recruiting services, and background check services;
  • During the term of employment, to maintain personnel records related to position, compensation, training, performance, work hours, and time off;
  • Through voluntary communications, access, and tracking tools (such as mobile applications), subject to obtaining the employee’s specific consent;
  • Remitted by a participant for contests;
  • Through electronic monitoring, such as retention and review of enterprise email systems, electronic communications, and network activity using GDIGC system resources.

 

Personal Information collected by GDIGC may include:

  • Name;
  • Address;
  • Phone number;
  • E-mail address;
  • Government-issued identification number (such as driver’s license, passport, Social Security Number (SSN), or Social Insurance Number (SIN));
  • Online identifier (such as username and password to access an online account);
  • Banking information for direct deposit of payroll;
  • Medical or health information required for employment-related purposes;
  • Resume;
  • Tax documents or forms;
  • Date of birth, preferred language, and level of education;
  • Work eligibility, including residency, visa, and work permit status;
  • Personal records, such as criminal records; and
  • Information used for specific purposes, obtained either by express consent or by “opting in” to a voluntary program.
5. HOW WE USE YOUR PERSONAL INFORMATION

In summary:

Purpose

Candidate

Employee

To analyze your application, to facilitate the hiring process or, with your consent, to contact references or to inform you of future offers

 

To communicate with you

To administer monetary benefits related to your employment

 

To comply with our policies

To protect our interests

To meet our business objectives

  • To facilitate the hiring process: This includes checking references provided by you, conducting background checks, and performing screening or pre-employment assessments reasonably required to complete the hiring process.
  • To communicate with you: This includes facilitating communication with you. For GDIGC’s employees, it may also include facilitating contact with family members in the event of medical emergencies or other situations that may require communication.
  • To administer monetary benefits related to employment: This includes compiling hours worked and rate of pay or salary for the purpose of determining base pay. It also includes communicating with third parties such as payroll, benefit service providers, insurers, and government departments as required by law, as well as administering internal benefit plans.
  • To comply with our policies: This includes complying with all policies in effect within GDIGC, which may require communication of Personal Information within the organization or when required by law.
  • To protect our interests: This includes handling and communicating Personal Information in order to protect GDIGC against any legal liability. It also applies to situations where the law requires the communication of Personal Information to a government agency.
  • To meet our business objectives: This includes using Personal Information to achieve better internal processes, transferring information or allowing access to affiliates, agents, or contractors, and fulfilling our legitimate business objectives.
6. PROTECTION OF PERSONAL INFORMATION
In summary: GDIGC uses physical, technical, and organizational security measures in order to protect Personal Information we have under our control, against accidental or intentional manipulation, loss, destruction or against access by unauthorized persons.
GDIGC makes all commercially reasonable efforts to ensure that Personal Information in its possession is protected against loss and unauthorized access. Access to Personal Information is restricted to selected GDIGC employees and representatives. In addition, GDIGC employs generally accepted information security techniques, such as firewalls, access control procedures and cryptography, to protect Personal Information against loss and unauthorized access.
Despite the measures outlined above, no method of information transmission or information storage is perfectly secure or error-free. Consequently, we cannot guarantee absolute security. If you have reason to believe that your interaction with us is no longer secure (for example, if you feel that the security of any information that you provided to us has been compromised), please contact the Data Privacy Officer immediately using the contact information provided below.
7. STORAGE AND DESTRUCTION OF PERSONAL INFORMATION
In summary: We keep your Personal Information for as long as we require, in order to fulfill the purpose for which it was collected. Your Personal Information may be stored with a secure data center provider or a cloud service provider in any country where we have commercial activity or in which we engage third party service providers.
In summary: We keep your Personal Information for as long as we require, in order to fulfill the purpose for which it was coGDIGC will store the Personal Information for no longer than necessary, for the performance of GDIGC’s obligations or to achieve the purposes for which the information was collected. For Personal Information collected in the context of employment, GDIGC will retain said information for the duration of employment and for any additional time, in order to meet legal requirements and handle post-employment matters. To determine the appropriate retention period, GDIGC will consider: llected. Your Personal Information may be stored with a secure data center provider or a cloud service provider in any country where we have commercial activity or in which we engage third party service providers.
  • The amount, nature, and sensitivity of the Personal Information;
  • The potential risk of harm from unauthorized use or disclosure of the Personal Information ;
  • The purpose for which GDIGC possesses the Personal Information and whether GDIGC can achieve those purposes through other means;
  • The applicable legal requirements.

When the specific purpose for which the Personal Information was collected or stored is achieved, GDIGC will destroy, or anonymize it to use for serious and legitimate purposes, subject to any preservation period provided by applicable laws.

8. THIRD PARTY ACCESS TO PERSONAL INFORMATION
GDIGC will permit third parties to access Personal Information as necessary or as appropriate, for the purposes described in this Privacy Policy. GDIGC may disclose Personal Information:
  • Within GDIGC;
  • To third-party service providers in order to perform services on its behalf. If and when we do, we only provide these service providers with Personal Information necessary to perform the required services.
  • Categories of service providers that may be handling your Personal Information include, but is not limited to, the following: outsourced payroll, technology,
     database management, premise security, system management and security, application hosting, travel administration, insurers, insurance brokers, benefit providers, claim administrators, retirement plan administrators, testing companies, lawyers, and accountants.
GDIGC will use contractual engagements, privacy impact assessments or other means to provide a comparable and adequate level of security when Personal Information is processed by a third party. Third parties are not permitted to use Personal Information for their own commercial purposes, to sell Personal Information, or to use said Information for any purposes except on behalf of GDIGC, unless otherwise authorized by the individual concerned or by law.
Access to GDIGC’s employees Personal Information will generally be limited to those individuals with a relevant responsibility, such as Human Resources personnel, payroll department, department supervisors and managers, and the legal team. Some Personal Information such as the name, the e-mail or the phone number of the employee will be made available within the organization, for example, on the corporate directory, intranet and telecommunications platforms, in order to facilitate communication and cooperation among employees.
GDIGC will disclose Personal Information as necessary or as appropriate under applicable laws, including to:
  • respond to requests from governmental and regulatory authorities;
  • comply with court orders;
  • answer or institute litigation procedures or other legal processes;
  • obtain legal remedies or defend legal rights;
  • protect the operations of GDIGC; and
  • protect the rights, safety and property of GDIGC employees, customers and others.

GDIGC may disclose Personal Information to a third party in connection with a reorganization, merger, sale, joint venture, assignment or other disposition of all or part of our business, brands, affiliates, subsidiaries or other assets. However, if such a transaction is completed, Personal Information will continue to be protected under applicable privacy laws. If such a transaction is not completed, we will require the other party to refrain from using or disclosing your Personal Information in any manner and to destroy it completely.

9. RIGHTS TO PERSONAL INFORMATION

At the written request of the individual and with proof of identity of the individual to whom Personal Information relates, individuals have the following rights:

  • Right of access and rectification In compliance with applicable privacy laws, you may request access to a copy of the Personal Information GDIGC has about you. You may request that we correct, update or limit the processing of your Personal Information. In some cases, limiting the processing of your Personal Information may mean that we will no longer be able to process your application or maintain the employment relationship.If you request that we correct your Personal Information, we will perform the necessary corrections, provided that your request is reasonable. If we consider that your request is not reasonable, we will add a note to your file indicating that a correction was requested, however, could not be made. You may also request information concerning how we collected your Personal Information or how it has been used, as well as the names of the individuals and organizations who have access to your information within GDIGC and details about how long we store it.
  • Right to consent withdrawal You may withdraw your consent to the disclosure or use of the Personal Information collected. However, before we accept your request, we may require proof of your identity. In some cases, withdrawal of your consent may mean that we will no longer be able to process your application or maintain the employment relationship.
  • Request If a request is denied, GDIGC will provide arguments supporting its refusal, inform the person concerned of the remedies available thereafter, if any, and the time limit for exercising them. Any request regarding Personal Information must be addressed in writing to the Data Privacy Officer (contact information below). The Data Privacy Officer will reply to any request promptly but no later than thirty (30) days following the date the request is received.
10. EMPLOYEE RESPONSIBILITIES
Vigilance and compliance with GDIGC’s security policies and practices represent an important line of defense against attacks and potential mistakes which may leave Personal Information vulnerable to unauthorized access. It is essential for all employees and others with access to Personal Information, to abide by security procedures, use strong passwords, not share the aforementioned and report any suspicious activity involving GDIGC systems or data, to the Data Privacy Officer.
All employees who have access to Personal Information are expected to handle it with care, in order to protect the privacy of their colleagues. In doing so, employees are helping to ensure that Personal Information is:
  • Collected, retained, and disclosed only for legitimate business purposes.
  • Protected throughout the information lifecycle from collection, transmission, storage, to deletion or destruction.
  • Accessible only on a need-to-know basis.
  • Retained and securely deleted or destroyed in accordance with retention timeframes and procedures.
11. COMPLAINTS ABOUT PROTECTION OF PERSONAL INFORMATION
Any complaints related to Personal Information must be addressed to the Data Privacy Officer (contact information below). After receipt of a complaint, the Data Privacy Officer will promptly meet with the stakeholders in order determine the appropriate course of action. The course of action will vary depending on the seriousness of the complaint, in compliance with all applicable laws. After complete evaluation of the complaint, the complainant will receive a written response to the complaint, listing the corrective measures taken, if any, and supporting arguments.
12. CONTACT GDIGC ABOUT THIS POLICY AND TO MAKE A REQUEST ABOUT YOUR RIGHTS

If you have any questions or suggestions about this Privacy Policy or would like to make a request to exercise rights related to your Personal Information, please contact the Data Privacy Officer:

Charles Duech, Data Privacy Officer
Telephone: 263-993-3642
E-mail: [email protected]