Open Menu icon

EEA/UK Employee Privacy Notice

GDPR Privacy Notice

This notice provides information under the General Data Protection Regulation, the UK Data Protection Act, and the Swiss Federal Act on Data Protection (collectively, “European Privacy Laws”) for Fox Factory, Inc. employees in the European Economic Area (EEA) or United Kingdom (UK). The terms used have the same meaning as in the GDPR.

Personal data we collect from you

We collect personal data from you, including Name, Email address, Postal address, Telephone number, Passport number, Tax ID number, Bank or other financial account number, General location data, Photos, Age, Sex, gender, or gender identity, National origin, Citizenship or immigration status, Familial status, Marital status, Disability, Professional information, and Employment-related information.

Information from other sources

We may collect personal information about you from third-party sources, including Background Check Provider, Recruitment & Applicant Tracking System, and Recruitment Service.

Personal data disclosed to processors

We use third party vendors to assist us with employment functions, such as the administration of benefits. We may disclose your personal data to the following categories of processors: Background Check Provider, Employee Time-Tracking Software, Governance, Risk & Compliance Software, Learning & Performance Management Software, Payroll & Benefits Management Software, Recruitment & Applicant Tracking System, and Workforce Management Software.

Legitimate Interests

We process your personal data on the lawful basis of our legitimate interests, and specifically for purposes of employment.

How Long We Keep Your Data

Employee data is subject to various retention periods based on data type. Employee benefit data is retained between three to ten years as required by law. For example, employee records with information on pay rate or compensation are retained only three years, payroll deduction authorizations are retained after four years, but benefit plan records are retained 10 years after review of any legal obligations.

International Data Transfers

We may send the personal data of individuals in the EEA/UK/CH to third countries, including the United States, where it may be stored or processed, for example on our service providers’ cloud servers. When we transfer personal data, we endeavor to do so on the basis of Adequacy Decisions as adopted by the European Commission (EC), the UK Information Commissioner's Office (ICO), or the Swiss Federal Data Protection and Information Commissioner (FDPIC), the EU-US Data Privacy Framework, UK-US Data Bridge, and Swiss-U.S. Data Privacy Framework agreements, Standard Contractual Clauses (SCCs) issued by the EC or the FDPIC, International Data Transfer Agreements (IDTAs) approved by the ICO, and as otherwise allowed by law. Data protection authorities have determined that the SCCs and IDTAs provide sufficient safeguards to protect personal data transferred outside the EEA/UK/CH. To request copies of our international data transfer safeguards, please contact us at moc.xofedir@ycavirp. You may read more about international data transfer mechanisms at the following links:

Privacy Rights

Individuals in the EEA/UK/CH have the following rights regarding their personal data. Make a Privacy Request by clicking here. Once you submit a request, we will verify your identity and process your request in most cases within 30 days.

Right to access. You have the right to request a copy of the personal data we hold about you.

Right of portability. You have the right to ask us to transfer your data to another party.

Right to rectification. You have the right to request that we rectify any incorrect information we have about you.

Right of erasure. You have the right to request that we erase (delete) any personal information we hold about you.

Right to lodge a complaint with a supervisory authority. You have a right to lodge a complaint with a supervisory authority. For more information, you can visit the Information Commissioner’s Office website at https://ico.org.uk/, the Federal Data Protection and Information Commissioner’s website at https://www.edoeb.admin.ch/, or see a list of EU Data Protection Authorities at https://www.gdprregister.eu/gdpr/dpa-gdpr/.

Inquiries

Controller contact information

Fox Factory, Inc.

moc.xofedir@ycavirp

Data Protection Officer information

Director of Compliance

moc.xofedir@ycavirp

Powered byTrueVault logo