Employee Information Privacy Policy

1. Employee Information We Collect (collectively “Employee Information”).

Control4 Corporation, including our subsidiaries and affiliates (collectively “we” or the “Company”), collect and verify your contact information as well as other information provided via your employment application or otherwise. When necessary, we will request your consent to obtain additional information from third parties to verify your credit, criminal or related background information. In these instances, we comply with applicable laws and will notify you accordingly. We also collect information that is necessary to process stock, bonus, and other benefits we may voluntarily provide. We also collect other work-related information such as, but not limited to, your performance evaluations, job duties, compensation, human resource files, photographs, etc. This information is received both directly and indirectly and is maintained in various forms such as hard and electronic copy .Note that some of this information is time limited and will be destroyed after a period of time.

2. Use of Employee Information.

We use the Employee Information we collect for the purposes of human resource administration, employment, benefits administration, and general business management. We use Employee Information to process your benefits, compensation, equity awards, and bonuses to the extent they are available to you. We use Employee Information to evaluate your workplace performance to ensure an efficient workplace, to assign the proper duties to the appropriate employees, and to monitor compliance with our Company policies. We regularly use Employee Information to facilitate the communication between both employees and the Company. We may use Employee Information to ensure the safety of the workplace and to provide positive identification.

The Company also processes limited amounts of sensitive personal information and will do so only in accordance with the law. For example, health information may be processed for the purposes of administering Company and statutory sick pay, monitoring and managing sickness or disability absences or other leave required by statute, and complying with legal requirements.

The Company uses Employee Information to ensure that the access, use, and disclosure of information are performed in accordance with workplace policies (including the Company’s monitoring polices with regard to telephone, email, Internet, and other company resources), and that the Company policies are followed. We may monitor activities such as communications with users, as well as the access, use, and disclosure of customer, employee, and Company information. The Company may use a number of manual and automated systems/processes to monitor these activities in the event of suspected inappropriate activities or on a periodic basis in order to ensure ongoing compliance.

3. Transferring and Sharing of Employee Information.

Employee Information may be stored in hard and electronic format locally within the office of your employment, as well as in other locations in which the Company or its agents or contractors have a physical presence. Employee Information may be shared in the normal course and scope of business with other Company employees worldwide, but only as necessary to facilitate the uses described above. Employee Information may also be shared with third-party vendors (for example, medical benefit providers, stock brokerages, retirement benefit providers, etc.) that the Company has chosen to outsource work to, in order to facilitate the uses described above. In the event that data is provided to an outsourced third-party, the Company will maintain its right to ownership of information and ensure that adequate privacy precautions are taken.

However, Company assumes liability for the onward transfer of Employee Information received from employees located in the EU to third parties that are not in accordance with the Privacy Shield Framework. The Company further agrees to adhere to applicable privacy regulations including but not limited to the European Union’s General Data Protection Regulation (“GDPR”) and the Privacy Shield Principles (a copy is available at www.privacyshield.gov), and as such, will cooperate with the applicable European Union Data Protection Authority to resolve any complaint with respect to any personal data collected in the European Union. The Company will at times be required to disclose Employee Information in response to lawful requests by public authorities and to meet national security or law enforcement requirements.

4. Access, Modification, and Removal of Employee Information.

You have the ability to directly access and modify much of your Employee Information through our internal systems automatically. In addition, you may also contact Human Resources for additional access as well as modification of your Employee Information. Upon your request, we will try to accommodate requests to correct factually-inaccurate information or remove nonessential Employee Information in accordance with applicable law; however, the removal of essential Employee Information may affect your workplace duties, responsibilities and benefits. In addition, certain items of data may be exempt from disclosure and will not be available for employees to see. These include, for example, the name and address of individuals giving a reference to the Company or other information where another party’s rights may be implicated.

5. Protection of Employee Information.

We use industry-standard physical and procedural security standards to protect Employee Information. We deploy encryption, firewalls, access controls, and other procedures to protect Employee Information from unauthorized access. Hard copy Employee files are restricted and are available only to authorized individuals based upon department and employment responsibilities.

6. Enforcement

With respect to Employee Information transferred pursuant to the Privacy Shield Framework, Company is subject to the investigatory and enforcement power of the Federal Trade Commission. Effected Employees may invoke binding arbitration if the following steps have been taken prior to initiating an arbitration claim:

  1. Raise the claimed violation directly with Company and afford Company an opportunity to resolve the issue within the appropriate timeframe;
  2. Make use of the independent recourse mechanism under the Privacy Shield Principles (which is at no cost to the individual); and
  3. Raise the issue through the Data Protection Authority to the Department of Commerce and afford the Department of Commerce an opportunity to use best efforts to resolve the issue within the appropriate timeframe (at no cost to the individual).

7. Questions Related to Employee Information.

If you have any questions about this policy, the use of Employee Information, or your Employee Information, you should contact our Data Protection Officer at dpo@control4.com.

8. Notices and Changes.

This policy may change from time to time, but we will not reduce the level of protection of your personal information collected pursuant to a previous version of this policy without your consent. We will post any changes to this policy on this page and change the effective date. All revisions to this policy shall be effective within 30 days after posting. You may have the opportunity to reject revisions; however, such rejection may affect your workplace duties, responsibilities and benefits.