Employee Privacy Statement North America

Our goal in this Employee Privacy Statement is to provide clear and transparent information about how we handle the processing of your Personal Data [1], including Sensitive Personal Data.

If this Statement contradicts with any national, local, or state law, legislation, or guidance in the USA, Mexico, or Canada, the latter law, legislation, or guidance will supersede.

When you enter employment with Rabo AgriFinance LLC, Coöperatieve Rabobank U.A., New York Branch, the U.S. and Mexico representative offices Coöperatieve Rabobank U.A., Rabobank Canada,  Rabo Diversified Services LLC, Rabo Securities USA, Inc., Rabo Securities Canada, Inc., St. Louis Agency Office or any other affiliated entities operating in North America, (hereinafter collectively and individually referred to as ”Rabobank”), and throughout your employment with us, certain employee data pertaining to you will be processed. For purposes this statement, an “Employee” includes any or all of the following: current employees, former employees, and temporary workers, i.e., contractors. Rabobank will adhere to the law, regulations, and internal guidelines including the Rabobank Global Employee Privacy Code, as may be modified, adopted, or altered within our local region.

1. What types of Personal Data, including Sensitive Personal Data does Rabobank process?

Privacy is a precious commodity, and the privacy issues that are all around us in today’s society are of acute concern to us all. We are confident that within Rabobank, the privacy of our employees is well secured. Our goal in this Employee Privacy Statement is to provide clear and transparent information about how we handle the processing of your data.

If this Statement contradicts with any national, local, or state law, legislation, or guidance in the USA, Mexico, or Canada, the latter law, legislation, or guidance will supersede.

When you enter employment with Rabo AgriFinance LLC, Coöperatieve Rabobank U.A., New York Branch, the U.S. and Mexico representative offices Coöperatieve Rabobank U.A., Rabobank Canada,  Rabo Diversified Services LLC, Rabo Securities USA, Inc., Rabo Securities Canada, Inc., St. Louis Agency Office or any other affiliated entities operating in North America, (hereinafter collectively and individually referred to as ”Rabobank”), and throughout your employment with us, certain employee data pertaining to you will be processed. For purposes this statement, an “Employee” includes any or all of the following: current employees, former employees, and temporary workers, i.e., contractors. Employee data also falls under the definition of ‘personal data’ if that data can be traced back to you personally (either directly or indirectly). That data includes, but is not limited to, your name, address, or personnel number. In the processing of your Personal Data/Sensitive Personal Data, Rabobank will adhere to the law, regulations, and internal guidelines including the Rabobank Global Employee Privacy Code, as may be modified, adopted, or altered within our local region.

Generally, we may collect the below categories of Personal Data from employees:

 

Category	Examples	Collected
A. Identifiers.	A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, Social Security number, driver’s license number, passport number, or other similar identifiers.	[YES]
B. Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)).	A name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver’s license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, or any other financial information, medical information, or health insurance information. Some Personal Information included in this category may overlap with other categories.	[YES]
C. Protected classification characteristics under California or federal law, or Sensitive Data.	Age, race, color, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status.	[YES]
D. Internet or other similar network activity.	Browsing history, search history, information on a consumer’s interaction with a website, application, or advertisement.	[YES]
E. Geolocation data.	Physical location or movements.	[YES]
F. Professional or employment-related information.	Current or past job history or performance evaluations.	[YES]
G. Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99)).	Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records.	[YES]

 

Rabobank will only process Sensitive Personal Data where necessary for the applicable business purposes as defined in the Privacy Policy Employee Data. The information below shows, for each category of Sensitive Personal Data, when this data is processed and for what purpose:

Race or ethnic background: This may apply, for example, to images of you. Rabobank processes this data for various reasons, including demographic reporting to the government (as required by law) and physical security (as observable through video surveillance).

 

• Photos and video images may qualify as racial or ethnic data. In the United States, photos are used for security reasons, e.g., issuance of building and floor badges for site access and recording of activity at workplace entrances to secure the premises;
• Demographic reporting under applicable anti-discrimination laws;
•  Communication facilities;
•  Verifying and confirming advice provided by the Member Entity (e.g., when Employees participate in video conferencing which is recorded); and
• For inclusion in Employee directories (as observable through images).

 

Personal Data/Sensitive Personal Data pertaining to criminal convictions: This refers to data concerning any criminal activity or previous record or pending prosecution for criminal or unlawful activities. This data is necessary to protect the interests of Rabobank, its employees and its customers, including safeguarding the security and integrity of the financial sector. This data is used for screening employees prior to and during employment and alert systems for the financial sector.

Physical or Mental Health: Processing of data concerning your health may be necessary when you are not at work for medical reasons. However, Rabobank does have to register that you are out ill, and in that event is obliged to make efforts for your reintegration and/or to support you in your recovery. If there are health problems or disabilities that must be addressed by the provision of certain facilities in the workplace, this will also involve the processing of Personal Data/Sensitive Personal Data concerning your health. This may include, for example, modification of your workspace.

In addition, there are, other cases in which data concerning your health will be processed, such as the performance of your pension, healthcare, or welfare regulations, when you take parental leave, or whenever you wish to make a claim against systems that provide for claims that are based on your health status.

Sexual orientation: Rabobank will only process data pertaining to your sexual orientation (including data concerning employee partners) in the event of performance of pension commitments or payment of other benefits.

Religion or philosophy of life: This data may be processed for the purposes of accommodating religious or philosophical practices, dietary wishes, or religious holidays.

Citizenship: This data is used to determine if Rabobank needs to provide work sponsorship for you to work legally in the United States. This may involve obtaining information on the country or countries where you maintain citizenship.

Social Security number, driver’s license, state identification card, or passport number: This data may be processed for the purposes of verifying.

At Rabobank you can voluntarily provide certain characteristics about yourself which help us in analyzing our workforce and trying to design interventions to ensure discrimination has no role within the organization. The characteristics contain, among others, sexual orientation, race, disability status, and veteran status.

It will be the responsibility of the Employee to inform a Rabobank Entity regarding any changes in his or her Personal Data/Sensitive Personal Data in order to keep it accurate, complete, and up-to-date.

Individuals should inform the Member Entity regarding any changes. The term “Member Entity” is defined within the Information Sheet of the Privacy Policy Employee Data.

 

2. Description of the Purpose and Grounds for processing employee Personal Data, including Sensitive Personal Data

Your data will only be processed for properly specified, explicitly defined and justified purposes and where there is a legitimate basis for the processing.

2.1 Purposes for processing

Rabobank may process your data for the following business purposes:

• Human Resources and personnel management;
• Business process operations and internal management;
• Health, safety, security, and integrity;
• Company reports and analysis and development of the organization;
• Legal obligations;
• Protection of your vital interests.

2.2Ground for processing

The reason for processing your data must be to achieve one or more of the purposes described in this section. There must also be a legal basis for the processing.

Your data will only be processed if:

a)   the data processing is necessary for the performance of:

-  your employment by Rabobank;

-  an employment contract to which you may be a party; or

-  in the performance of pre-contractual measures resulting from a request by you and which are necessary for entering into employment or a contract such as your employment contract, upon screening and for assessment purposes;

b)   the data processing is necessary in order to comply with a statutory obligation borne by Rabobank, such as required disability administration in the event of a long-term period of occupational disability;

c)   the data processing is necessary to secure a vital interest of yours (such as emergency contact information for your family in the event of an emergency);

d)   the data processing is required to further the legitimate interests of Rabobank or a third party to which the data is provided, unless an interest of yours or your fundamental rights and freedoms prevail over Rabobank’s interests.

 

2.3  Human Resources and personnel policy

This processing is necessary to perform employment activities required to maintain an employment relationship with you, or the processing required to take the steps necessary prior to entering into an employment relationship at your request, or for the management and administration of recruiting and outplacement activities, assessments, deploy-ability, leave and other absences, remunerations and benefits (including pension), payments, tax matters, career and talent development, talent management, global mobility, performance management, HR analyses, emoluments, training, travel arrangements and expense reimbursements, insourcing of external employees, and the communication with you as employee. The data will always be treated as confidential.

2.4  Business operations and internal management

This purpose comprises activities such as drafting work schedules, setting work times, managing operating resources, availability of central processing facilities for maximum efficiency, performing internal audits and investigations, implementing measures in the context of business management and the management and use of employee address files, archiving and insurance purposes, legal or business consulting, preparing or being involved in dispute resolution, and authorization management. For example, we establish what systems you must have access to in order to perform your job, but also log your visit at reception.

2.5  Health, safety, security, and integrity, including guaranteeing the security and integrity of the financial sector

This comprises activities such as the protection of the interests of Rabobank and its employees and customers. This includes guarantees for the security and integrity of the financial sector, and specifically uncovering, preventing, investigating, and combating criminal or reprehensible conduct or attempted conduct of such nature directed against Rabobank or its employees and customers. We screen employees prior to, and if applicable, during, the employment. Activities pertaining to health and safety in the workplace. The protection of Rabobank, employees, and the property of customers, as well as employee authentication. For example, certain positions are subject to logging requirements. If this applies to you, you will be informed in advance. For example, if you work with investment products, we may be legally obliged to log all conversations, because they may potentially serve as evidence at a later stage.

Rabobank has a standard protocol for logging audio, video, and chats.

2.6  Analysis and development of the organization, company reports, and acquisitions and divestments

This purpose comprises activities like taking surveys of employees, managing mergers, acquisitions and divestments, and processing employee data for company reports and analyses, such as those processed by HR Analytics. This includes, for example, conducting employee satisfaction surveys.

2.7  Legal Obligations

This purpose comprises the processing of employee data where necessary for the performance of tasks for the fulfilment of statutory obligations or recommendations for the sector that are binding on Rabobank, including tasks for the purposes of preventing money laundering, the financing of terrorism and other crimes, and to that end disclosing Personal Data/Sensitive Personal Data to government institutions and regulatory authorities, including the tax authorities.

2.8  Protecting the vital interests of employees

This purpose comprises processing necessary to protect the vital interests of an employee. A vital interest is an interest that is essential to a person’s life or health, in a situation in which we cannot ask for the person’s consent, for example if there is an acute threat but a person is unconscious or not mentally capable of granting consent.

3. Does Rabobank sell or share your Personal Data/Sensitive Personal Data?

At Rabobank, we do not sell your Personal Data/Sensitive Personal Data to any person or to third parties nor do we share the information for the purpose of cross-contextual behavioral advertising to you. This also includes the sale or sharing of the information of minors. As such, you are not able to opt-out of selling or sharing of your Personal Data/Sensitive Personal Data, since it does not occur.

4. Retention periods of personnel file and managers’ file

Human Resources retains employee documents in multiple electronic systems. Within each of those systems, data points are assigned a retention time frame consistent with local legislation. Certain files are retained in paper form, maintained in a secure location and assigned a retention time frame consistent with local legislation. Electronic data and paper files are retained based on the North America Record Keeping Policy requirements. You can find the North America Record Keeping Policy here (only accessible for employees).

5. Who is responsible for the processing of employee data?

Rabobank is responsible for processing your Personal Data/Sensitive Personal Data as described in this Privacy Statement.

Additionally, the following are the service providers we use to process your data and the categories of your Personal Data/Sensitive Personal Data disclosed to those providers (using data categories from above, in section 1):

 

• Payroll Service Providers
  • Receive Personal Data/Sensitive Personal Data in Categories A, B, & C
• Core Employee Benefit Providers
  • Receive Personal Data/Sensitive Personal Data in Categories A, B, & C
• Additional Employee Benefit Providers
  • Receive Personal Data/Sensitive Personal Data in Categories A & B
• Professional Development/Learning Providers
  • Receive Personal Data in Categories A & B
• Legal & Regulatory Reporting/Verification Providers
  • Receive Personal Data/Sensitive Personal Data in Categories A, B, C, D, E, F & G
• Employee Rewards & Recognition Provider
  • Receive Personal Data in Categories A & B
• Charitable Giving Facilitator
  • Receive Personal Data in Categories A & B
• Employee Travel Arrangement Provider
  • Receive Personal Data/Sensitive Personal Data in Categories A, B, & C
• Employee Engagement
  • Receive Personal Data in Categories A & B
• Security Software for Mobile Devices
  • Receive Personal Data in Categories D & E
• Telecommunications Providers
  • Receive Personal Data in Categories A & B
• Corporate Credit Card Provider
  • Receive Personal Data in Categories A & B
• Emergency Notification Provider
  • Receive Personal Data in Categories A & B
• Record Storage Provider
  • Receive Personal Data in Categories A, B, C, D, F & G

6.How does Rabobank receive your Personal Data, including Sensitive Personal Data?

Your Personal Data is obtained in one of two ways. It is information you provide to us, or data we obtain and process through another source.

Your data is saved in various systems. Below, we explain the differences between the major systems used for data processing.

Workday: This system is used primarily for the employment-law information such as name and address

details and salary information. This system contains data needed to perform, process, and manage your employment status. There may also be a legal obligation to retain Personal Data/Sensitive Personal Data, for example a copy of your proof of identity for the tax authorities. This system is used for employee expense reporting, as well as mandatory and required training.

 

GROW!: This is the performance management system that revolves around growth and performance. It is for all employees and is focused on enhancing your own control of your performance and versatility and increasing your personal leadership. The GROW! system also saves certain employee data.

Other system vendor categories, including those of third parties, are identified below to allow you to see the business purposes for which we use those third parties.

• Payroll Service Providers
• Core Employee Benefit Providers
• Additional Employee Benefit Providers
• Professional Development/Learning Providers
• Legal & Regulatory Reporting/Verification Providers
• Employee Rewards & Recognition Provider
• Charitable Giving Facilitators
• Employee Travel Arrangement Providers
• Employee Engagement
• Corporate Credit Card Provider

7.    What rights do employees have?

As an employee, you have certain rights with respect to the processing of your data. Among them are the right to review your data and the right to correct your data. For a complete list of all rights and the way in which you can exercise them, see section 11.

8. Is employee information transferred abroad?

Possible situations within the Rabobank Group:

Your employee data may be exchanged between different affiliates or divisions of the Rabobank in certain situations, for example in Global systems such as Workday, or if you are to perform activities and/or work for foreign Rabobank branches (whether temporarily or permanently). These Rabobank affiliates or divisions may potentially be located in countries outside North America. Transfer of your data to countries within the EU is generally permitted if there is a purpose and a basis for doing so.

As a Binding Corporate Rule, the Rabobank Employee Privacy Code guarantees an appropriate level of protection of Personal Data/Sensitive Personal Data within the divisions of the Rabobank. Data is shared between the divisions of the Rabobank on the assumption of this guarantee.

Possible situations outside the Rabobank Group:

If we forward your data ourselves to other parties outside Rabobank we evaluate on a case-by-case basis how the data will be processed and what the appropriate measures to adequately protect your data must be. This may include an analysis of whether the country where the data is being transferred is considered a “Non-Adequate Country” per the European Commission.

9. What are the tasks of a Local Privacy Officer?

Rabobank has designated a Local Privacy Officer. The task of a Local Privacy Officer is to monitor compliance with the local privacy laws and the Privacy Code for Employee Data and perform other related tasks. The Local Privacy Officer can be reached through emailing RaboPrivacyOffice@rabobank.com.

10. Principles in the processing of employee Personal Data, including Sensitive Personal Data

Your data may only be processed for properly specified, explicitly determined and justified purposes, as stated in section 2.1, and there must be legitimate grounds for doing so, as stated in section 2.2. This section sets out the principles that Rabobank must observe in the processing of your data.

10.1  Lawfulness, fairness, and transparency

We are required to process your data in accordance with the law and in an appropriate manner. Transparency is an important principle in the protection of privacy and of Rabobank. This privacy statement informs you of what data about you is processed and why.

10.2  Necessary and proportional

Rabobank processes your data insofar as your data is adequate, relevant, and necessary for the purposes (proportionality). We always look at the minimum data/Personal Data/Sensitive Personal Data required.

10.3 Limited access and confidentiality

Other employees of Rabobank are only authorized to view/process your data where necessary for the performance of their work (for example, to pay your salary).

10.4 Security

Rabobank takes appropriate technical and organizational measures to prevent your data from being lost or improperly processed. The measures will also be aimed at preventing the unnecessary accumulation and further processing of your data.

10.5 Further processing must be compatible

Your data may only be further processed to achieve justifiable company objectives other than the original objective if that original objective and the new objective are closely connected. The sensitivity of the employee data and the possible negative consequences for the employee concerned will be decisive in whether or not the data can be used for other objectives or whether or not further measures must be taken. We will not collect, use, retain, and/or share your Personal Data/Sensitive Personal Data for any purpose that is unrelated or incompatible with the purpose(s) for which the Personal Data/Sensitive Personal Data was originally collected or processed.  We will request explicit consent and provide a new notice if we intend to collect, use, retain, and/or share your Personal Data/Sensitive Personal Data for any purpose that is unrelated or incompatible with the purpose(s) for which the Personal Data/Sensitive Personal Data was originally collected or processed.

10.6 Further processing in context of internal employment market

Your data can be exchanged between divisions of the Rabobank under the preconditions stated in sections 2 and 3 of this Employee Privacy Statement.

10.7Processing of Personal Data/Sensitive Personal Data of minors

Processing of Personal Data/Sensitive Personal Data of family members younger than 18 can only be done with either consent or authorization to grant consent from legal representatives in the place of the data subject. Personal Data/Sensitive Personal Data of a data subject of 18 years of age or older may be processed legitimately (i.e., without consent or authorization for consent of the legal representative).

10.8 Storing data

Your data should not be stored in a way that allows you to be identified for any longer than is necessary to achieve the relevant company objectives. Aspects include, for example, that we anonymize application information so that we can conduct analyses to allow us to perform directed search campaigns to fill vacancies.

10.9 Data breaches and Privacy Incidents

Data Breaches and Privacy Incidents are security incidents by which the data of one or more employees becomes accessible or available to an unauthorized person.

Examples include:

• someone gains unauthorized access to employee data as a result of erroneous authorization/abuse of authorization;
• a letter with salary data is misaddressed, as a result of which it is delivered to the wrong address;
• an e-mail containing employee data is sent to the wrong internal recipient.

If such a Data Breach or Privacy Incident is discovered, this must be reported immediately within the Privacy Incident Reporting Tool found on the Report Now on Rabohub North America. The report is then evaluated internally.

11. Employee rights

This chapter covers your rights as an employee. All requests can be directed to the HR department handling these. You can contact them via fm.am.WorkdaySupport@rabobank.com, or phone via (855) 886 9005 or +1-314-317-8175 for areas outside the USA. If you are viewing this Privacy Statement online, you may click here to be taken to a form where you may begin the process of exercising your rights. If you are not viewing this Privacy statement online, you may visit us online to fill out a webform or contact us by email or phone, as listed above.

11.1 Right to transparency of information

As previously discussed, Rabobank processes employee data. This data also includes Personal Data/Sensitive Personal Data. You are entitled to clear and transparent information about the processing of this data, when allowed by law. Sometimes we give you more or different information, for example, if Rabobank documents your data in its incident registers. If this happens, Rabobank will inform you separately (where permitted to do so). Likewise, if there are other reasons to inform you further to this privacy statement, we will do so, for example by e-mail or another channel.

11.2 Right to Know

You have the right to ask for the data about you that Rabobank processes. The list of data will contain information concerning the source, type, purposes, and categories of recipients of the employee data in question, when allowed by law.

11.3 Right to Rectification

If you believe that your personal information has been processed incorrectly or incompletely, or if you believe that such processing was unnecessary, then you may file a request for editing, supplementation or removal of your personal information with the Rabobank using the one of the two methods and guidance provided earlier in this section titled “Employee Rights”.

11.4 Right to Restriction

You may request that we temporarily restrict the Personal Data/Sensitive Personal Data relating to you that we process. This means that we will temporarily process less Personal Data/Sensitive Personal Data relating to you.

Please be aware that if we are able to restrict the Personal Data/Sensitive Personal Data you are requesting, it will only be done within the terms of any agreement we have in place with you.

11.5Right to Data Deletion

You can ask for the data registered about you to be deleted if you object to the processing of that data. An example is if the processing is not legitimate or no longer necessary for the purposes for which the data was collected.

 

11.6 Right to Opt-Out of Personal Information Sold

An individual has the right to instruct a business that sells personal information not to sell the consumer’s personal information – also known as the Right to Opt-Out. Once a consumer opts out, the business must honor the opt-out request for at least 12 months, but subsequently may sell the consumer’s personal information if the consumer provides his or her “express authorization”. At Rabobank, we do not sell your personal information to any person or to third parties nor do we share the information for the purpose of cross-contextual behavioral advertising to you. This also includes the sale or sharing of the information of minors.

11.7 Right to Non-Discrimination for the Exercise of a Consumer’s Privacy Rights (Equal Service and Price)

You have the right not to receive discriminatory treatment for the exercise of the privacy rights conferred by the California Consumer Privacy Act, which we have extended by Policy to all Rabobank North America employees.

11.8 Right to Data Portability

As part of your options for receiving a copy of the specific personal information we retain about you, it includes an electronic format that is in a readily usable format.

11.9 The right to not be subject to fully automated decision-making

Automated decisions are decisions about you that are made by computers and not/no longer by people. Rabobank is legally entitled to make use of automated decision-making including profiling. However, this is subject to certain rules. Does a decision have legal consequences on you, or could you be disadvantaged by it? If so, then we would not be allowed to make an automatic decision on you. At present, Rabobank does not permit automated decision-making with regard to employees.

11.10 Right to objection

We process your data because we as employer have a justified interest in doing so. However, you can object to this processing, in which case we will make a new determination of whether your data should no longer be used for this purpose. We will stop the processing if your interest outweighs our interest. We will inform you of our decision, stating the reasons.

 

11.11Procedure

If you have made one of the requests described above, we will acknowledge your request within 10 business days. Your question will be answered within 45 calendar days of receipt. That period may be extended by another 45 calendar day period where necessary and upon notification to you of an extension, taking into account the complexity and number of the requests. In that event, we will keep you informed of the progress on your request. If the provision of the data involves the data of third parties, these third parties can be asked in advance whether they have objections to the provision. A request for review or rectification will be at no cost to you. You may be asked to further specify your request. We may then ask for identification, because we need to know for certain whether we are issuing the data to the right person. In some cases, we will not be able to comply with your request. We may, for example, not be required to delete the data if Rabobank is legally obliged to retain it.

11.12 To whom should I direct a question or complaint concerning Personal Data/Sensitive Personal Data?

For questions about the processing of Personal Data/Sensitive Personal Data, you can contact the Rabobank division that processes your data or the Local Privacy Officer, who can be reached at: RaboPrivacyOffice@rabobank.com.

For complaints about the processing of Personal Data/Sensitive Personal Data, you can contact the Local Privacy Officer, who can be reached at: RaboPrivacyOffice@rabobank.com or the Rabobank division that processes your Personal Data. If the response is unsatisfactory, you may submit this to fm.am.WorkdaySupport@rabobank.com.

12. Other provisions with regard to the Employee Privacy Statement

12.1 Appendices

Any appendices to this Employee Privacy Statement make up part of this Employee Privacy Statement and would appear here if any were necessary.

12.2 Grounds for restrictions

In observance of the provisions of applicable law, after prior consultation with the Local Privacy Officer in certain situations Rabobank’s obligations or the rights of the employee can be declared inapplicable.

12.3Amendment of the Employee Privacy Statement

Rabobank has the right to change or supplement this Employee Privacy Statement, with prior notice to the employees’ representatives. This Statement is v3.0 and has been updated on May 30, 2024.

12.4 Extraordinary circumstances

In circumstances not covered by this Employee Privacy Statement, or in circumstances where compliance with the stipulations in this Statement cannot reasonably be met, the Local Privacy Officer will decide.

[1] “Personal Data” means information that identifies, relates to, describes, is capable of being associated with or could reasonably be linked, directly or indirectly, with a particular natural person or household.