California employees, California independent contractors, California job applicants, and remote workers who perform work for our California locations, can submit inquiries and requests pertaining to the California Privacy Rights Act (CPRA) to our company at CPRA_employee@guardiansc.com or contact Human Resources at (949) 656-8910.
Guardian Storage Centers & StorAmerica Employee and Non-Employee Worker Personal Information Privacy Notice
1. Introduction
Guardian Storage Centers, LLC; StorAmerica; parent companies; subsidiaries; National Storage Affiliates, partners, and affiliated entities (“GSC” “we,” or “us”) value the trust of our workforce and are committed to handling Personal Information appropriately in accordance with applicable law. This Employee and Non-Employee Worker Personal Information Privacy Notice (the “Notice”) also applies to Independent Contractors, and other workers that are not employed by GSC but have access to GSC facilities and/or corporate networks and systems (hereinafter, “Employee” and “Non-Employee Worker,” respectively). The purpose of this Notice is to explain what Personal Information we collect, access, use, store, transfer and disclose (together, “process”), and why, in connection with your employment or engagement by us. As used in this Notice, “Personal Information” refers to information about you and other individuals (for example, your partner or other members of your family), and from which you or they are identifiable. This Notice may be supplemented by other privacy notices that are specific to certain jurisdictions, uses of your Personal Information, summaries or for other reasons detailed in such supplemental notices.
2. Personal Information We Process
In the course of your employment or engagement we process Personal Information about you and/or Personal Information of other individuals that you may provide to us. The type and volume of Personal Information will vary depending on your relationship with GSC and the jurisdiction in which you work, but may include the following:
| Category of Personal Information | Examples |
|---|---|
| 1. Personal Details | Name, employee or other worker identification number, work and home contact details (email, phone numbers, physical address), language(s) spoken, date and place of birth, national identification number (if permitted by applicable local law), social security number, driver’s license information, other government issued identification or registration numbers, gender, marital/civil partnership status, domestic partners, dependents, emergency contact information, and photographs and videos, and in some instances, personal details of other individuals (such as your family members |
| 2. Immigration Related Details | Citizenship, passport data, details of residency and work permit |
| 3. Compensation, Payroll, and Expenses | Base salary, bonus, benefits, information related to insurance policy when provided by GSC, compensation type, changes in compensation, details on stock options, stock grants and other awards, currency, pay frequency, effective date of then-current compensation, salary reviews, banking details, working time records (including vacation and other absence records, leave status, hours worked and department standard hours), pay data, expenses and invoices, card/account number and the card/account use information, and termination date |
| 4. Position | Description of position(s), job title, corporate status, management category, job code, salary plan, pay grade or level, job function(s) and subfunction(s), company name and code (legal employer entity), branch/unit/department, location, employment status and type (including if you are a Non-Employee Worker), full-time/part-time, terms of employment or engagement, contractual terms, work history, hire/re-hire and termination date(s) and reason, length of service, retirement eligibility, promotions and disciplinary records, date of transfers, and reporting manager(s) information. |
| 5. Talent Management Information | Details contained in letters of application and resume/CV (previous employment background, education history, professional qualifications, language and other relevant skills, certification(s), certification expiration dates), information necessary to complete a background check (including credit check) (as further detailed in Section A (Managing and Administering the Workforce) in the table below under “How and Why We Process Personal Information” and to the extent permitted in your jurisdiction), details on performance management ratings, skills and experience, development programs planned and attended, e-learning programs, performance and development reviews and discussion ratings and comments, including dates for the foregoing, willingness to relocate, feedback expressed about you, and information that you have shared with us to populate employee biographies or to respond to surveys and questionnaires, unless specifically gathered anonymously |
| 6. Corporate Shareholdings and Positions | Details of any shares of common stock or directorships. |
| 7. Benefit and 401k Records | Details of your membership of any 401k or retirement plan, payments made in connection with the plan, financial information relating to the plan and details of beneficiaries of the plan. |
| 8. Data Related to System, Device, and Application Usage | Information to access company systems or applications such as IT system ID, LAN ID, email account, instant messaging account, mainframe ID, previous employee ID, previous manager employee ID, system passwords, employee status reason, branch information, previous company details, previous branch details, previous department details, audio or video recordings of you, and electronic content produced by you using GSC IT systems |
3. Sensitive Personal Information and Where Your Personal Information Comes From
We may also collect certain Personal Information that is deemed “sensitive” under local law, such as information about health, medical information, disability status, financial information, religious beliefs, ethnicity, political opinions or trade union membership, sexual life and orientation, biometric information, passwords or information about criminal records or civil litigation history. As with any Personal Information, GSC will only process Sensitive Personal Information where permitted by applicable governing law. This Personal Information is obtained from a variety of sources, including:
• your communications with us;
• forms you complete as part of your employment or engagement (including during the recruitment process);
• third parties who undertake background checks on our behalf (both at recruitment stage and, in some instances, on an ongoing basis);
• any websites, intranet sites and online portals made available by us for use on or through computers or mobile devices, which you access and use in the course of your employment or engagement;
• the software applications made available by us for use on or through computers and mobile devices, which you access and use in the course of your employment or engagement, including wearable devices; and
• our social media content, tools, and applications, which you access and use in the course of your employment or engagement.
With the exception of certain information that is necessary to fulfill the employment or engagement contract, required by law or important to the performance of our business, your decision to provide Personal Information to GSC is voluntary. However, if you do not provide certain information, GSC may not be able to accomplish some of the purposes outlined in this Notice.
4. How and Why We Process Personal Information
We will process your Personal Information for a variety of different purposes during the course of your employment or engagement, and after you have ceased to be employed or engaged by us. The purposes for which we process Personal Information are set out in the table below:
| Description of Purpose | Examples |
|---|---|
| A. Managing and Administering the Workforce | Managing work activities and personnel generally, including recruitment, appraisals, performance management, promotions and succession planning, rehiring, administering salary, payment administration and reviews, wages and other awards such as stock options, stock grants and bonuses, healthcare where permitted by applicable governing law, 401k, retirement and savings plans, training, leave, managing sickness leave, transfers, secondments, honoring other contractual benefits, providing employment references, loans, performing workforce analysis and planning, performing Employee and Non- Employee worker surveys, performing background checks (including using your Personal Information, where permitted by applicable governing law, to undertake: ID checks, address verification, education and/or professional qualification verification, employment history verification, criminal or conduct checks, credit/bankruptcy/financial integrity checks, adverse media search, directorship search, regulatory checks (e.g. bribery and anti- corruption compliance), sanctions screening against sanction lists to identify criminal or fraudulent activity, terrorist watch-list search) investigating and managing disciplinary matters (including non-compliance with the Employee Handbook in the case of employees) and fraud, grievances and terminations, reviewing employment decisions, making business travel arrangements, managing business expenses and reimbursements, planning and monitoring of training requirements and career development activities and skills, administering apprenticeship schemes, creating and maintaining one or more internal Employee and Non-Employee Worker directories, and promoting diversity and preventing discrimination. |
| B. Maintaining Business Continuity | Ensuring business continuity (including contacting you using your personal contact details (e.g. personal email addresses or mobile phone numbers)), facilitating communication with you at an GSC office, when travelling, during working from home absent an emergency, protecting the health and safety of employees and others, safeguarding IT infrastructure, office equipment and other property, and facilitating communication with you and your nominated contacts in an emergency via any means we deem necessary to reduce any risk to you or others (for example by contacting you using your personal contact details by calling or sending SMS text messages) |
| C. Managing and Improving Our Business and Operations | Operating and managing IT and communications systems, managing product and service development, improving products and services, managing and securing company premises and other assets, allocating company assets and human resources, strategic planning, project management, business continuity, compilation of audit trails and other reporting tools, maintaining records relating to business activities, budgeting, financial management and reporting, communications, managing mergers, acquisitions, sales, re- organizations or disposals and integration with purchasers |
| D. Complying with Legal, Regulatory Requirements, and Internal Policies and Procedures | Complying with legal and other requirements, such as income tax and national insurance deductions, record-keeping and reporting obligations, performing background checks (as detailed above in section A (Managing and Administering the Workforce) above), conducting audits, compliance with government inspections and other requests from government or other public authorities, complying with guidance issued by regulators, and responding to legal process i.e., subpoenas. |
| E. Defending Legal Rights | Pursuing legal rights and remedies, defending litigation, and managing any internal complaints or claims, conducting investigations, and enforcing with internal policies and procedures |
| F. Monitoring Workers and Systems | Monitoring – which includes the systematic and repetitive surveillance, tracking, analyzing, observing and/or reviewing an individual – designed to ensure compliance with internal policies, laws and for fraud and crime prevention including monitoring of (i) electronic and verbal communications, including telephone, email, instant messaging, and other electronic messages, (ii) use of and access to information systems and technology made accessible by GSC, including internet usage and activity, IT hardware and software content, and other company resources, and (iii) GSC premises, including via Closed Circuit Television and building access logs. For more information about how and why GSC monitors individuals, please review GSC’s Global Monitoring Notice |
| G. Administering 401k & Retirements | Administrators of any 401k or retirement plan of which you are a member (if applicable) will process your Personal Information for management and administration of the plans (where applicable), to make decisions about the plans (i.e., to process transfer requests or to make decisions about the payment of benefits) and to carry out duties pertaining to the same. |
GSC will not process Personal Information for any other purpose incompatible with the purposes described in this Notice, unless it is required or authorized by law, authorized by you, or is in your own vital interest (i.e., in the case of a medical emergency).
5. Who Personal Information Is Shared With
From time to time, we sometimes need to make Personal Information available to GSC group companies and other unaffiliated parties for the purposes set forth above. We have set out below a list of the categories of parties who we share your Personal Information with.
| Other GSC Group Companies and Departments | Access to Personal Information within GSC is required by to be limited to those who have a need to know the information for the purposes described above, and may include managers, their designees, HR, IT, Compliance, Legal, Finance and Accounting and Internal Audit. All Employees and Non-Employee Workers will have access to your name, position and (i) business contact information, such as work telephone number, office address and work email address and (ii) personal contact information, such as personal cell phone number, home address and home email address to the extent you make such information generally available. |
| Professional Advisors | Accountants, auditors, actuaries and administrators, lawyers, insurers, bankers, administrators or managers of provident fund schemes and other outside professional advisors in all of the countries in which GSC operates or seeks to operate. |
| Service Providers | Companies that provide products and services to GSC such as payroll, 401k, retirement plan and benefits providers; human resources services, background check providers (and those background check providers may in turn share Personal Information with other third parties, such as former employers, education institutions, etc.), performance management, training, expense management, IT systems suppliers and support; fraud prevention and similar agencies; third parties assisting with equity compensation programs, credit card companies, medical or health practitioners, trade bodies and associations, and other service providers. |
| NSA REIT & REIT Partners | Companies that we provide or promote products and services to. |
| Insurance and Insurance Distribution Parties, and Other Business Partners | Other insurers, reinsurers, insurance and reinsurance brokers, other intermediaries and agents, appointed representatives, distributors, affinity marketing partners and financial institutions, securities firms, and other business partners. |
| Public and Governmental Authorities | Entities that regulate or have jurisdiction over GSC such as regulatory authorities, law enforcement, public bodies, and judicial bodies. |
| Other Third Parties | In connection with any proposed or actual reorganization, merger, sale, joint venture, assignment, transfer or other disposition of all or any portion of GSC business, assets or stock (including in connection with any bankruptcy or similar proceedings), or any other third party to whom you authorize us to share your Personal Information. |
6. Where We Process Your Personal Information
Due to the nature of our business activities, for the purposes set out above (see section above ‘How and Why We Process Personal Information’) we may transfer Personal Information to parties located in states other than where you reside. When making these transfers, we will take steps designed to ensure that your Personal Information is adequately protected and transferred in accordance with the requirements of data protection law, including by putting in place appropriate data transfer mechanisms (such as contractual clauses).
7. How We Secure Personal Information and Maintain Data Integrity
GSC will take appropriate measures to protect Personal Information that are consistent with applicable privacy and data security laws and regulations. We use appropriate technical, physical, legal, and 7 organizational security measures which comply with data protection laws to keep Personal Information secure. When GSC engages a third party (including service providers) to collect or otherwise process Personal Information on our behalf, the third party is required by GSC to undergo a review of their security measures and enter an agreement that requires use of appropriate security measures to protect the confidentiality and security of Personal Information.
GSC will take reasonable steps designed to ensure that the Personal Information processed is reliable for its intended use and is accurate and complete for carrying out the purposes described in this Notice.
8. Personal Information You Provide About Other People
If you provide us with Personal Information about another person, we will process that information in accordance with this Notice. Before providing Personal Information about another person to us, you must (unless we agree otherwise) (a) inform the individual about the content of this Notice and any other applicable GSC privacy notice provided to you; and (b) obtain their permission (where possible) to share their Personal Information with us in accordance with this Notice and other applicable privacy notices.
This Notice, the rights, and policies herein, also apply to the beneficiaries of your employment benefits, such as the individuals who are on your health plan and the beneficiaries of your retirement accounts, as well as your emergency contacts. It is your responsibility to inform any such individuals and ensure that you have the right to provide their personal information to us.
9. Your Personal Information Rights
The following is a summary of the data protection rights which are available to you in connection with your Personal Information. However, these rights only apply in certain circumstances and are subject to certain legal exemptions.
| Right | Description |
|---|---|
| Right of access to Personal Information | The right to receive a copy of the Personal Information we hold about you and information about how we use it. |
| Right to rectification of Personal Information | The right to ask us to correct Personal Information we hold about you where it is incorrect or incomplete. |
| Right to erasure of Personal Information | This right is sometimes referred to as 'the right to be forgotten'. This is the right to request that your Personal Information be deleted or removed from our systems and records. However, this right only applies in certain circumstances. |
| Right to restrict processing of Personal Information | The right to request that we suspend our use of your Personal Information. This right only applies in certain circumstances. Where we suspend our use of your Personal Information, we will still be permitted to store your Personal Information, but any other use of this information while our use is suspended will require your consent, subject to certain exemptions. |
| Right to information about possibility of denying or withdrawing consent & the consequences of such denial or withdrawal | Where we have relied upon your consent to process your Personal Information, you have the right to information if you choose to deny or withdraw your consent. |
| Right to complain to the relevant data protection authority | If you think that we have processed your Personal Information in a manner that is not in accordance with data protection law, in accordance with applicable law, you may be able to complain to the data protection regulator where either the alleged infringement took place, or where you live or work. |
| Rights relating to automated decision making and profiling | The right not to be subject to a decision which is based solely on automated processing (without human involvement) where that decision produces a legal effect or otherwise significantly affects you. However, this right only applies in certain circumstances. |
10. How Long We Keep Your Personal Information
We will keep your Personal Information only for as long as necessary given the reasons we collect and hold it. Please note that retention periods may be extended in response to litigation, investigations, or similar proceedings.
11. How You Can Contact Us
If you would like to get in touch with us, have questions, or wish to exercise any of the rights stated herein, please email CPRA_employee@guardiansc.com or contact Human Resources at (949) 656-8910.
12. Future Notices
We review this Notice regularly and reserve the right to make changes at any time to take account of changes in our business activities and legal requirements, and the manner in which we process Personal Information. Where appropriate, we will give reasonable notice of any changes.