LongTail Ad Solutions, Inc., d/b/a JW Player

Privacy Notice for Staff and Applicants

1. Introduction

1.1. LongTail Ad Solutions, Inc., d/b/a JW Player, including its subsidiaries, JW Player UK Ltd., JW Player Netherlands BV, Vualto Ltd., JW Player Singapore PTE Ltd., and Inpleer Hub Dooel Skopje, (the “Company“, “we” or “us“) has issued this Privacy Notice (this “Notice“) to describe how we handle personal information that we hold about our staff members and job applicants (collectively referred to as “you“). The term “staff member” includes those who work on a non-permanent basis, including contingent workers, temporary and contract workers, independent contractors, consultants, professional advisors, secondees, interns and other third parties engaged to carry out work for us and who have access to our premises or our internal systems. This categorisation is used for the purpose of convenience in this Notice and does not demonstrate any particular employee, worker or other status.

1.2. We respect the privacy rights of individuals and are committed to handling personal information responsibly and in accordance with applicable law. This Notice sets out the personal information that we collect and process about you, the purposes of the processing and the rights that you have in connection with it.

1.3. If you are in any doubt regarding the applicable standards, or have any comments or questions about this Notice, please contact us at the contact details in Section 11 below.

2. Types of personal information we collect

2.1. In the course of your employment at the Company, or when making an application for employment, we may process personal information about you and your dependents, beneficiaries and other individuals whose personal information has been provided to us.

2.2. The types of personal information we may process include, but are not limited to:

  1. Identification data – such as your name, gender, photograph, date of birth, staff member IDs;
  2. Contact details – such as home and business address, telephone/email addresses, emergency contact details;
  3. Employment details – such as job title/position, office location, employment contract, performance and disciplinary records, grievance procedures, sickness/holiday records;
  4. Background information – such as academic/professional qualifications, education, CV/résumé, criminal records data (for vetting purposes, where permissible and in accordance with applicable law);
  5. National identifiers – such as national ID/passport, immigration/visa status, social security or national insurance numbers;

2.3. Furthermore, if you are a staff member of the Company, we may also collect the following types of information, for employment and work-related purposes as described in section 4 below:

  1. Information on your spouse / partner and/or dependents – such as your marital status, identification data on them and information relevant to any company benefits extended to such people;
  2. Financial information – such as bank details, tax information, withholdings, salary, benefits, expenses, company allowances, stock and equity grants; and
  3. IT information – information required to provide access to company IT systems and networks (and information collected by / through those systems) such as IP addresses, log files and login information.

2.4. We may also process sensitive personal information relating to you (and your spouse / partner and/or dependents). Sensitive personal information includes any information that reveals your racial or ethnic origin, religious, political or philosophical beliefs, genetic data, biometric data for the purposes of unique identification, trade union membership, or information about your health/sex life (“Sensitive Personal Information“). As a general rule, we try not to collect or process any Sensitive Personal Information about you, unless authorised by law or where necessary to comply with applicable laws.

2.5. However, in some circumstances, we may need to collect, or request on a voluntary disclosure basis, some Sensitive Personal Information for legitimate employment-related purposes: for example, information about your racial/ethnic origin, gender and disabilities for the purposes of equal opportunities monitoring, to comply with anti-discrimination laws and for government reporting obligations; or information about your physical or mental condition to provide work-related accommodations, health and insurance benefits to you and your dependents, or to manage absences from work.

2.6. We may obtain data from third parties or public sources. These may include, but are not limited to:

  1. Social media
  2. Background checking agencies
  3. Recruitment agencies
  4. Previous employers
  5. Educational establishments
  6. Training partners
  7. Medical practitioners

The types of data collected through these sources may include:

  1. Identification data
  2. Contact details
  3. Employment details
  4. Background information
  5. Information on your spouse or partner and/or dependents
  6. Sensitive Personal Information

3. Monitoring

3.1. The Company may undertake some kinds of monitoring. More detail on this is provided below. However, these kinds of activities will always be proportionate, for legitimate purposes and as required or permitted by applicable law. Before undertaking any monitoring activities, we will consider your reasonable expectations of privacy and assess whether there are any less invasive options.

3.2. The Company has in place on its IT and communications systems automated tools such as anti-malware software, website filtering and spam filtering. In addition, there are alerts in place for when network issues arise. We will also carry out monitoring of its physical premises, for example by using badge scans. While the offices themselves do not have CCTV, the buildings in which our offices are located may use CCTV. While we don’t have access to this footage generally, it may be possible for us to access it in certain exceptional circumstances – for instance, if a staff member or applicant claimed that an issue arose with another staff member or applicant in the lobby of the building. These particular monitoring activities are likely to be continuous and ongoing. The primary purpose of this monitoring is to protect the Company, its employees, customers and business partners, for example:

  1. for general network operation and security, including in particular the security of the Company’s IT systems and assets, and the optimal operation of its network and devices;
  2. for the protection of confidential information and intellectual property;
  3. for investigating breaches of internal policies, fraud or other unlawful or wrongful activity, or to respond to a particular personnel or company incident; and
  4. for business continuity (such as avoiding and remedying network outages); and
  5. for physical security of its premises.

3.3. You should be aware that any messages, files, data, documents, social media posts or instant message communications, or any other types of information transmitted to or from, received or printed from, or created, stored or recorded on our IT and communications systems and assets are presumed to be business-related and may be monitored by us in accordance with applicable law. In particular, we may require certain staff members (in particular Executives, Finance, HR, Legal, and other key personnel) to install continuous backup software. However, these particular kinds of monitoring activities are not likely to be continuous or ongoing. Instead, we keep these records as archives, to be able to consult them in particular circumstances and for specific purposes. The primary purpose of this monitoring is to protect the Company, its staff members, customers and business partners, for example, for the purposes listed under section 3.2, as well as:

  1. for proof of business transactions and archiving; and
  2. for business continuity (such as monitoring business-related emails following a staff member’s departure).

3.4. For many staff members, communication is a key part of their role. Furthermore, some meetings may constitute training sessions which may be used to train future staff members. Where this is the case, the Company may record telephone conversations and meetings. You will be informed if this is the case, and these recordings will be used for coaching, training, and evaluation of staff members. If you take issue with any such recording, please let us or your manager know.

3.5. You must clearly identify private emails and messages by adding the term “private & confidential” in the email or message’s subject line, and/or storing those emails/messages/files in a separate folder marked “private & confidential”. Where we must access content that is clearly identifiable as being private, we will do so only if there is a particular risk or threat to the company, or person, or we have been legally authorised to do so, for example by a court order.

4. Purposes for processing personal information

Recruitment purposes

4.1. If you are applying for a role at the Company, then we collect and use your personal information primarily for recruitment purposes – in particular, to determine your qualifications for employment and to reach a hiring decision. This includes assessing your skills, qualifications and background for a particular role, verifying your information, carrying our reference checks or background checks (where applicable) and to generally manage the hiring process and communicate with you about it.

4.2. If you are accepted for a role at the Company, the information collected during the recruitment process will form part of your ongoing staff member record.

4.3. If you are not successful, we may still keep your application to allow us to consider you for other suitable openings within the Company in the future. It will be kept for no longer than 36 months, unless you expressly opt-in to letting us keep it for longer, in case other suitable positions become available within the Company.

Employment or work-related purposes

4.4. Once you become a staff member at the Company, we collect and use your personal information for the purpose of managing our employment or working relationship with you – for example, your employment records and contract information (so we can manage our employment relationship with you), your bank account and salary details (so we can pay you), your equity grants (for stock and benefits plans administration) and details of your spouse and dependents (for emergency contact and benefits purposes).

4.5. We process our staff members’ personal information through a tool that helps us to administer HR and staff member compensation and benefits and which allows staff members to manage their own personal information in some cases (the “HR System”). This may involve transferring your personal information to our HR System provider’s servers, which may not be in the country in which you live or work.

The Company’s global directory

4.6. We maintain a global directory of staff members which contain your professional contact details (such as your name, location, photo, job title and contact details). This information will be available to everyone in the Company group, including LongTail Ad Solutions, Inc. and its subsidiaries, to facilitate global cooperation, communication and teamwork.

Other legitimate business purposes

4.7. We may also collect and use personal information when it is necessary for other legitimate purposes, such as:

  1. to help us conduct our business more effectively and efficiently – for example, for general HR resourcing, IT security/management, accounting purposes, or financial planning; and
  2. to investigate violations of law or breaches of our own internal policies – whether by you or any other staff member. For instance, we may monitor your browsing or communications activity or location when using our devices or systems, if we suspect that you have been involved in phishing scams, fraudulent activity or activities in competition with or inconsistent with your work for the Company.

Law-related and other purposes

4.8. We also may use your personal information where we consider it necessary for complying with laws and regulations, including collecting and disclosing staff member personal information as required by law (e.g. for tax, health and safety, anti-discrimination and other employment laws), under judicial authorisation, to protect your vital interests (or those of another person), or to exercise or defend the legal rights of the Company.

Consent

4.9. In some limited circumstances, we may use your personal and sensitive personal information where we have obtained your consent to do so. Where we seek your consent, you will always have an opportunity to refuse.

5. Who we share your personal information with

5.1. We take care to allow access to personal information to only those who require such access to perform their tasks and duties, and to third parties who have a legitimate purpose for accessing it. Whenever we permit a third party to access personal information, we will implement appropriate measures to ensure the information is used in a manner consistent with this Notice and that the security and confidentiality of the information is maintained.

Transfers to other group companies

5.2. As mentioned above, we will share your personal information with other members of the Company’s group around the world, including in the US, in order to administer human resources, staff member compensation and benefits at an international level on the HR System, as well as for other legitimate business purposes such as IT services/security, tax and accounting, and general business management.

Transfers to third-party service providers

5.3. In addition, we make certain personal information available to third parties who provide services to us. We do so on a “need to know basis” and in accordance with applicable data privacy law.

5.4. For example, some personal information will be available to our staff member stock and benefit plans service providers and third-party companies who provide us with payroll support services, relocation, tax and travel management services, as well as the providers of our HR System.

5.5. If you wish to see a complete list of the third-party service providers to whom we have transferred your data, please reach out to privacy@jwplayer.com.

Transfers to other third parties

5.6. We may also disclose personal information to third parties on other lawful grounds, including:

  1. To comply with our legal obligations, including where necessary to abide by law, regulation or contract, or to respond to a court order, administrative or judicial process, including, but not limited to, a subpoena, government audit or search warrant;
  2. In response to lawful requests by public authorities (including for national security or law enforcement purposes);
  3. As necessary to establish, exercise or defend against potential, threatened or actual litigation;
  4. Where necessary to protect the vital interests of you or another person;
  5. In connection with the sale, assignment or other transfer of all or part of our business; and/or
  6. With your consent.

6. Legal basis for processing personal information

6.1. Our legal bases for collecting and using the personal information described above will depend on the personal information concerned and the specific context in which we collect it. Some of the bases we rely on are set out above.

6.2. However, we will normally collect personal information from you only where either:

  1. we have your consent to do so;
  2. where we need the personal information to perform a contract with you (i.e. to administer an employment or work relationship with us); or
  3. where the processing is in our legitimate interests and not overridden by your data protection interests or fundamental rights and freedoms.

6.3. In some cases, we may also have a legal obligation to collect personal information from you or may otherwise need the personal information to protect your vital interests or those of another person.

6.4. If you have questions about or need further information concerning the legal basis on which we collect and use your personal information, please contact us using the contact details provided at Section 11 below.

7. Transfer of personal information abroad

7.1. As we operate at a global level, we may need to transfer personal information to countries other than the ones in which the information was originally collected. When we export your personal information to a different country, we will take steps to ensure that such data exports comply with applicable laws. For example, if we transfer personal information from the European Economic Area to a third-party service provider in a country outside it, we will implement an appropriate data export solution such as entering into EU standard contractual clauses with the data importer, or taking other measures to provide an adequate level of data protection under EU law. In particular, please note that our HR System is located in the United States, and we have signed the Standard Contractual Clauses with that third-party provider.

7.2. We may transfer data collected in the European Economic Area to our subsidiaries in the UK and Netherlands (JW Player UK Ltd. and Vualto Ltd. in the UK and JW Player Netherlands BV in the Netherlands), and to our parent company located in the United States, LongTail Ad Solutions, Inc., d/b/a JW Player, which is Privacy Shield certified. You can see this certification by searching “longtail” at the following link: 

www.privacyshield.gov/participant_search. More details about what this means for you if you are an EEA or Swiss resident are provided below:

  1. JW Player complies with the EU-US Privacy Shield Framework and the Swiss-US Privacy Shield Framework as set forth by the US Department of Commerce regarding the collection, use, and retention of Personal Data transferred from the European Union and Switzerland to the United States, respectively. JW Player has certified to the Department of Commerce that it adheres to the Privacy Shield Principles. JW Player is subject to the investigatory and enforcement powers of the FTC with respect to our adherence to Privacy Shield. If there is any conflict between the terms in this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification, please visit www.privacyshield.gov.
  2. In compliance with the EU-US and Swiss-US Privacy Shield Principles, JW Player commits to resolve complaints about your privacy and our collection or use of your Personal Data. In the hope that we can resolve any complaints or questions that you have in a fair an amicable way, we ask that European Union and Swiss individuals with inquiries or complaints regarding this privacy policy first contact us via email at: privacy@jwplayer.com.
  3. JW Player has further committed to refer unresolved privacy complaints under the EU-US and Swiss-US Privacy Shield Principles to an independent dispute resolution mechanism, the BBB EU PRIVACY SHIELD, a non-profit alternative dispute resolution provider located in the United States and operated by the Council of Better Business Bureaus. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit www.bbb.org/EU-privacy-shield/for-eu-consumers/ for more information and to file a complaint.
  4. Please note that if your complaint is not resolved through these channels, under limited circumstances, a binding arbitration option may be available before a Privacy Shield Panel.

8. Data retention periods

8.1. Personal information will be stored in accordance with applicable laws and kept as long as needed to carry out the purposes described in this Notice or as otherwise required by applicable law. Generally, in the case of employment, this means your personal information will be retained until the end or your employment (or as applicable your employment application or work relationship) with us plus a reasonable period of time thereafter to respond to employment or work-related inquiries or to deal with any legal matters (e.g. judicial or disciplinary actions), document the proper deductions during and on termination of your employment or work relationship (e.g. to tax authorities), or to provide you with ongoing pensions or other benefits. In the case of recruitment, if your application is unsuccessful, it will be kept for no longer than 36 months, unless you expressly opt-in to letting us keep it for longer (in case other suitable positions become available within the Company).

9. Your data privacy rights if you are a European Economic Area or Swiss resident

9.1. If you are a European Economic Area or Swiss resident, you may exercise the rights available to you under applicable data protection laws as follows:

  1. If you wish to access, correct, update or request deletion of your personal information, you can do so at any time by contacting us using the contact details provided at Section 11 below.
  2. In addition, you can object to processing of your personal information, ask us to restrict processing of your personal information or request portability of your personal information. Again, you can exercise these rights by contacting us using the contact details provided at Section 11 below.
  3. If we have collected and processed your personal information with your consent, then you can withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your personal information conducted in reliance on lawful processing grounds other than consent.
  4. You have the right to complain to a data protection authority about our collection and use of your personal information. For more information, please contact your local data protection authority. However, we hope that you will first consult with us, so that we may work with you to resolve any complaint or concern you might have. We respond to all requests we receive from individuals wishing to exercise their data protection rights in accordance with applicable data protection laws.

9.2. We respond to all requests we receive from individuals wishing to exercise their data protection rights in accordance with applicable data protection laws.

10. Updates to this Notice

This Notice may be updated periodically to reflect any necessary changes in our privacy practices. In such cases, we will inform you by company-wide email and indicate at the top of the Notice when it was most recently updated. We encourage you to check back periodically in order to ensure you are aware of the most recent version of this Notice.

11. Contact details

11.1. Please address any questions or requests relating to this Notice to hr@jwplayer.com or privacy@jwplayer.com.

Last updated: April 24, 2024