This notice provides information under the General Data Protection Regulation, the UK Data Protection Act, and the Swiss Federal Act on Data Protection (collectively, “European Privacy Laws”) for Fox Factory, Inc. employees in the European Economic Area (EEA) or United Kingdom (UK). The terms used have the same meaning as in the GDPR.
We collect personal data from you, including Name, Email address, Postal address, Telephone number, Passport number, Tax ID number, Bank or other financial account number, General location data, Photos, Age, Sex, gender, or gender identity, National origin, Citizenship or immigration status, Familial status, Marital status, Disability, Professional information, and Employment-related information.
We may collect personal information about you from third-party sources, including Background Check Provider, Recruitment & Applicant Tracking System, and Recruitment Service.
We use third party vendors to assist us with employment functions, such as the administration of benefits. We may disclose your personal data to the following categories of processors: Background Check Provider, Employee Time-Tracking Software, Governance, Risk & Compliance Software, Learning & Performance Management Software, Payroll & Benefits Management Software, Recruitment & Applicant Tracking System, and Workforce Management Software.
We process your personal data on the lawful basis of our legitimate interests, and specifically for purposes of employment.
We may send the personal data of individuals in the EEA/UK/CH to third countries, including the United States, where it may be stored or processed, for example on our service providers’ cloud servers. When we transfer personal data, we endeavor to do so on the basis of Adequacy Decisions as adopted by the European Commission (EC), the UK Information Commissioner's Office (ICO), or the Swiss Federal Data Protection and Information Commissioner (FDPIC), the EU-US Data Privacy Framework, UK-US Data Bridge, and Swiss-U.S. Data Privacy Framework agreements, Standard Contractual Clauses (SCCs) issued by the EC or the FDPIC, International Data Transfer Agreements (IDTAs) approved by the ICO, and as otherwise allowed by law. Data protection authorities have determined that the SCCs and IDTAs provide sufficient safeguards to protect personal data transferred outside the EEA/UK/CH. To request copies of our international data transfer safeguards, please contact us at moc.xofedir@ycavirp. You may read more about international data transfer mechanisms at the following links:
Individuals in the EEA/UK/CH have the following rights regarding their personal data. Make a Privacy Request by clicking here. Once you submit a request, we will verify your identity and process your request in most cases within 30 days.
Right to access. You have the right to request a copy of the personal data we hold about you.
Right of portability. You have the right to ask us to transfer your data to another party.
Right to rectification. You have the right to request that we rectify any incorrect information we have about you.
Right of erasure. You have the right to request that we erase (delete) any personal information we hold about you.
Right to lodge a complaint with a supervisory authority. You have a right to lodge a complaint with a supervisory authority. For more information, you can visit the Information Commissioner’s Office website at https://ico.org.uk/, the Federal Data Protection and Information Commissioner’s website at https://www.edoeb.admin.ch/, or see a list of EU Data Protection Authorities at https://www.gdprregister.eu/gdpr/dpa-gdpr/.
Fox Factory, Inc.
Director of Compliance