Welcome to Phoenix Labs!
It is important to Phoenix Labs that you are aware of personal information that we collect, how we use that information, and how you are empowered to exercise choice with respect to your personal information.
This Privacy Notice applies to all applicants and prospective employees (collectively, “Applicants”) and current and former employees, officers, directors, contractors, agents contingent and other personnel (collectively, “Workers”) of Phoenix Labs, and their emergency contracts and beneficiaries, whose personal information we collect and process in the course of our business. The terms “Phoenix Labs,” “we,” “us,” and “our” in this Notice apply to all companies in the Phoenix Labs family of companies, which includes Phoenix Labs, Inc., its affiliates, and subsidiaries.
We are committed to complying with all data privacy laws in the jurisdictions in which we collect personal information of Applicants and Workers. Applicants, Workers, emergency contacts or beneficiaries with disabilities may access this notice in an alternative format by contacting dpo@phxlabs.ca.
What information Phoenix Labs collects
The personal information we collect directly from Workers and Applicants may include:
- General HR information. This might include your name, alias, postal address, phone number, unique personal identifier, online identifier, email address, date of birth, age, passport number, driver’s license number, Social Security number or other government-issued identification number, employment history, education information and records, professional qualifications, salary information, financial information related to credit checks, bank account number, routing number, and other details required for payroll, information that may be recorded on a resume/CV or application form (such as education history, education records such as grades and transcripts, and employment history), language abilities, links to social media, business or professional licenses, and contact information of third parties in case of an emergency.
- Demographic and Health information. Where required to run our business and ensure the safety of our Workers, we may also collect sensitive personal information such as details of health and disability, including allergies/medical conditions, details regarding your COVID-19 tests, health insurance information, mental health, medical leave, and parental leave, national origin, or immigration status. Where permitted by law, we may also ask Applicants and Workers for optional information like race, disability, marital status, sex, ethnicity, gender, or military and veteran status to help us achieve our diversity goals.
- Performance Information. We may also receive or collect other information to help evaluate your application or your performance, such as information you choose to disclose during the interview process (as an Applicant) or provided by you during performance reviews (as a Worker). From Workers, we may also collect job assignments, work schedule, hours worked, accomplishments and awards, training and development information, discipline and counseling information, opinions, evaluations, and information provided to us from other Workers as part of this review process.
- Your Communications with Us. If you contact us, for example to inquire about benefits, that information will be collected. This includes both the information you provide in that communication and your contact information, such as your email address or phone number.
- Posting on Intra-Company Sites. We offer intra-company accessible sites, pages, messaging channels, blogs, or forums for Workers to communicate and collaborate with each other, like Confluence and Slack (“Intra-Company Sites”). We and other individuals who use the Intra-Company Sites may collect the information you submit or make available through these sites. If you choose to make content available on any public area of the Intra-Company Sites, such content will be visible to other Workers and not subject to the privacy protections set forth here in this notice.
- Surveys and Promotions. From time to time, we may ask Workers or Applicants to participate in optional surveys to help inform our decision-making and to ensure that your views are represented and considered. If you decide to participate, you may be asked to provide certain information, which may include personal information. We also sometimes run optional Worker promotions and contests. It is possible that you may be asked to provide certain information to participate, which may include personal information.
- Legal Information. We also collect contractual information, such as the information necessary to comply with legal and contractual obligations, exercise legal and contractual rights, and initiate or respond to legal claims.
- Personal Information about Dependents or Other Family Members. We may collect information about your dependents under the age of eighteen or other family information if you voluntarily provide such information in connection with the enrollment and administration of benefits, or for other human resource purposes involving such dependents.
Apart from information you offer, Phoenix Labs also collects information automatically from you or from others. For example:
- Device Information. Like most companies, we receive data like your internet protocol (IP) address, your location based on your IP address or activities, identifiers associated with your computer or device, cell phone-related information, activity logs, browsing history, search history, information regarding your interaction with a website, and other information about activities you engage in while working with us, and on our equipment, accounts, systems, and networks.
- System Monitoring. To ensure that our hardware and software is working optimally, we may monitor and review the use of Phoenix Labs equipment, accounts, information technology systems and networks to both ensure they are used appropriately and to determine what IT upgrades may be necessary. Should it become necessary, Phoenix Labs can also access and review electronic files, messages, and emails sent or stored on its information technology systems and hardware. To underscore this point, Workers should know that they may not have access to every file, network, and program – this is because we need to maintain confidentiality and protect our team members. Any message, files, data, document, or communications, or any other types of information transmitted to, through or from, received or printed from, or created, stored or recorded on our IT and communications systems and assets (included via the use of personal devices accessing corporate IT systems), are presumed to be business-related and may be monitored or accessed by us in accordance with applicable law, and subject to our own policies on access to and uses of such data.
- Studio Monitoring. Phoenix Labs may monitor its premises using CCTV cameras and may collect data regarding keycard entry systems.
- Audiovisual or Other Sensory Data. We may collect audio and visual information such as photographs used for identification purposes, and we might also use those photos to promote Phoenix Labs. We may also collect audio and video recordings of training sessions or other Phoenix Labs meetings.
- Information from Other Sources. We may collect or receive information about you from other sources, including through third-party services and organizations to supplement information provided by you. For example, where permitted by law, we may conduct background and credit checks on you prior to your employment with Phoenix Labs.
Legal basis for processing personal information
Phoenix Labs processes Workers’ Personal Information in accordance with applicable law. For Workers in the European Economic Area, the United Kingdom and Switzerland, Phoenix Labs’ lawful bases for collecting and processing Personal Information described above will depend on the Personal Information concerned and the specific context in which we collect it.
However, we may collect Personal Information from you only when:
- Processing is necessary for the legitimate interests pursued by Phoenix Labs or third parties in providing employment related functions, and not overridden by your data protection interests or fundamental rights and freedoms.
- Processing is necessary for the performance of a contract to which the Worker is a party or in order to take steps at the request of the Worker prior to entering into a contract.
- Processing is necessary for compliance with a legal obligation to which Phoenix Labs is a subject, or protection of your vital interests or those of another person.
- The Worker has given consent to the processing of their Personal Information for one or more specific purposes.
If you have questions about or need further information concerning the legal basis on which we collect and use your Personal Information, please contact us as set forth in “Contact Us” below.
How Phoenix Labs uses your personal information
We process personal information for a variety of business purposes. This may include:
- To assist you with obtaining an immigration visa or work permit (where required and requested by you);
- To take steps at your request prior to entering into an employment relationship with you (for example, after we have sent you an offer, we need to process certain personal information in order to enter into and then commence employment);
- Workflow management, including assigning, managing, and administering projects;
- Human resources operations administration and communication;
- Payroll and the provision of benefits;
- Compensation, including bonuses and long-term incentive administration, stock plan administration, compensation analysis, including monitoring overtime and compliance with labor laws, and company recognition programs;
- To pursue our legitimate interests such as fraud prevention, network and information security, disclosure to affiliated organizations for administrative tasks, Worker monitoring for safety or management, whistleblowing schemes, enforcement of legal claims, and research purposes;
- Job grading activities;
- Performance and Worker development management;
- Organizational development and succession planning;
- Benefits and personnel administration;
- Absence management;
- Helpdesk and IT support services;
- Internal and/or external or governmental compliance investigations;
- Internal or external audits;
- Where it is necessary for the establishment, exercise, or defense of legal claims;
- Diversity and inclusion initiatives;
- Restructuring and relocation;
- Emergency contacts and services;
- Worker safety;
- To comply with our legal obligations;
- Processing of Worker expenses and travel charges;
- Acquisitions, divestitures, and integrations; and
- As you otherwise agree or consent.
How we disclose your personal information
We may share your personal information as described in this Privacy Notice or with your permission.
- Vendors and Service Providers. We may share any information we receive with vendors and service providers. The types of service providers to whom we entrust personal information include service providers for: (i) maintaining our human resources operations; and (ii) the provision of IT and related services.
- Customers and Business Partners. Your personal information may be shared with Phoenix Labs’ customers and business partners in order to facilitate the development, operation, and maintenance of Phoenix Labs’ business.
- Building Management and Security. In some cases, we are required to share your personal information with building management and/or security at Phoenix Labs properties to facilitate your access to the building.
- Affiliates. Phoenix Labs may share personal information with our affiliates (including outside of your home jurisdiction) for the purpose set out in this Privacy Notice, and our internal business purposes.
- Displaying to Other Individuals. When you post content to the Intra- Phoenix Labs Site(s), other individuals may be able to see some information about you, such as your name and/or picture in addition to the content you post.
- Disclosures to Protect Us or Others. We may access, preserve, and disclose your personal information if we believe doing so is required or appropriate to: (i) comply with law enforcement or national security requests and legal processes, such as court orders or subpoenas; (ii) protect your, our, or others’ rights, property, or safety; (iii) enforce our policies or contracts; (iv) collect amounts owed to us; or (v) assist with an investigation or prosecution of suspected or actual illegal activity.
- Merger, Sale, or Other Asset Transfers. If we are involved in a merger, acquisition, financing due diligence, reorganization, bankruptcy, receivership, sale of Phoenix Labs assets, or transition of service to another entity, through which your personal information may be transferred as part of such a transaction as permitted by law and/or contract.
International data transfers
All personal information collected via or by Phoenix Labs may be transferred, processed, and stored anywhere in the world, including, but not limited to, the United States and other countries, in order to carry out our human resources operations. We endeavor to safeguard your information consistent with the requirements of applicable laws.
If we transfer personal information which originates in the European Economic Area, Switzerland, and/or the United Kingdom to a country that has not been found to provide an adequate level of protection under applicable data protection laws, one of the safeguards we may use to support such transfer is the EU Standard Contractual Clauses.
For more information about the safeguards, we use for international transfers of your personal information, please contact us as set forth in “Contact Us” below..
Your choices
In some instances, you may have the ability to opt out of certain uses and disclosures of your personal information.
For more information on the choices you may have and how to exercise them, please contact us as set forth in “Contact Us” below..
Individual rights in personal information
In accordance with applicable law, you may have the right to:
- Access Personal Information about you, including: (i) confirming whether we are processing your personal information; (ii) obtaining access to or a copy of your personal information in a structured, commonly used, and machine readable format; and (iii) receiving an electronic copy of personal information that you have provided to us, or asking us to send that information to another company in a structured, commonly used, and machine readable format (the “right of data portability”);
- Request Correction of your personal information where it is inaccurate or incomplete. In some cases, we may provide self-service tools that enable you to update your personal information;
- Request Deletion of your personal information;
- Request Restriction of or Object to our processing of your personal information; and
- Withdraw your Consent to our processing of your personal information.
If you would like to exercise any of these rights, please contact us as set forth in “Contact Us” below. We will process such requests in accordance with applicable laws.
If you are a Worker whose personal information is subject to the applicable data protection laws of the European Economic Area, Switzerland, and/or the United Kingdom, you have the right to lodge a complaint with a supervisory authority if you believe our processing of your personal information violates applicable law.
Retention of personal information
Phoenix Labs retains the personal information we receive as described in this Privacy Notice for as long as necessary to fulfill the purpose(s) for which it was collected, carry out our human resources operations, resolve disputes, establish legal defenses, conduct audits, pursue legitimate business purposes, enforce our agreements, and comply with applicable laws.
If you are offered and accept employment with Phoenix Labs, the personal data we collected during the application and recruitment process will become part of your employment record and we may use it in connection with your employment consistent with our employee personal data use and privacy policies.
If you do not become an employee, or, once you are no longer an employee of Phoenix Labs, we will retain and securely destroy your personal data in accordance with our retention policy and any applicable laws and regulations.
Supplemental notice for California residents
This Supplemental Notice for California Residents only applies to our processing of Worker personal information that is subject to the California Consumer Privacy Act of 2018 (“CCPA”). The CCPA provides California residents with the right to know what categories of personal information Phoenix Labs has collected about them, and whether Phoenix Labs disclosed that personal information for a business purpose (e.g., to a service provider) in the preceding twelve months. California residents can find this information below:
Categories of personal information collected by Phoenix Labs:
- Identifiers
- Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e))
- Protected classification characteristics under California or federal law.
- Commercial information
- Internet or other electronic network activity
- Sensory data
- Professional or employment-related information
- Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Sec. 1232g, 34 C.F.R. Part 99))
- Personal information that reveals a consumer’s social security, driver’s license, state identification card, or passport number
- Personal information that reveals a consumer’s account log-in, financial account, debit card, or credit card number in combination with any required security or access code, password, or credentials allowing access to an account
- Personal information that reveals a consumer’s account log-in, financial account, debit card, or credit card number in combination with any required security or access code, password, or credentials allowing access to an account
- Personal information that reveals a consumer’s racial or ethnic origin, religious or philosophical beliefs, or union membership
- Personal information that reveals the contents of a consumer’s mail, email, and text messages unless Phoenix Labs is the intended recipient of the communication
- Personal information collected and analyzed concerning a consumer’s health
- Personal information collected and analyzed concerning a consumer’s sex life or sexual orientation
Categories of third parties personal information is disclosed to for a business purpose:
- Identifiers:
- Vendors and Service Providers
- Customers and Business Partners
- Building Management and Security
- Other Individuals You Share or Interact With
- Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)):
- Vendors and Service Providers
- Customers and Business Partners
- Building Management and Security
- Other Individuals You Share or Interact With
- Protected classification characteristics under California or federal law:
- Vendors and Service Providers
- Customers and Business Partners
- Building Management and Security
- Other Individuals You Share or Interact With
- Commercial information:
- Service Providers
- Internet or other electronic network activity:
- Vendors and Service Providers
- Other Individuals You Share or Interact With
- Sensory data:
- Vendors and Service Providers
- Customers and Business Partners
- Building Management and Security
- Other Individuals You Share or Interact With
- Professional or employment-related information:
- Vendors and Service Providers
- Customers and Business Partners
- Building Management and Security
- Other Individuals You Share or Interact With
- Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Sec. 1232g, 34 C.F.R. Part 99)):
- Vendors and Service Providers
- Personal information that reveals a consumer’s social security, driver’s license, state identification card, or passport number:
- Vendors and Service Providers
- Customers and Business Partners
- Building Management and Security
- Personal information that reveals a consumer’s account log-in, financial account, debit card, or credit card number in combination with any required security or access code, password, or credentials allowing access to an account:
- Vendors and Service Providers
- Personal information that reveals a consumer’s account log-in, financial account, debit card, or credit card number in combination with any required security or access code, password, or credentials allowing access to an account:
- Vendors and Service Providers
- Personal information that reveals a consumer’s racial or ethnic origin, religious or philosophical beliefs, or union membership:
- Vendors and Service Providers
- Customers and Business Partners
- Building Management and Security
- Other Individuals You Share or Interact With
- Personal information that reveals the contents of a consumer’s mail, email, and text messages unless Phoenix Labs is the intended recipient of the communication:
- Vendors and Service Providers
- Customers and Business Partners
- Building Management and Security
- Other Individuals You Share or Interact With
- Personal information collected and analyzed concerning a consumer’s health:
- Vendors and Service Providers
- Other Individuals You Share or Interact With
- Personal information collected and analyzed concerning a consumer’s sex life or sexual orientation:
- Vendors and Service Providers
- Other Individuals You Share or Interact With
The categories of sources from which we collect personal information and our business and commercial purposes for using personal information are set forth in “What Information Phoenix Labs Collects” and “How Phoenix Labs Uses Your Personal Information” above, respectively. We will retain personal information in accordance with the time periods set forth in “Retention of Personal Information.”
Additional Privacy Rights for California Residents
- “Sales” of Personal Information under the CCPA. For purposes of the CCPA, Phoenix Labs does not “sell” personal information, nor do we have actual knowledge of any “sale” of personal information of minors under 16 years of age.
- Cross-Context Behavioral Advertising under the CCPA. California residents may have the right to opt out of the “sharing” of their personal information for “cross-context behavioral advertising.” Phoenix Labs does not “share” personal information that is collected under this privacy notice for “cross-context behavioral advertising.”
- Disclosure Regarding Sensitive Personal Information. Unless otherwise stated, Phoenix Labs only uses and discloses sensitive personal information for the following purposes:
- To perform the HR functions set forth in our Privacy Notice.
- To prevent, detect, and investigate security incidents that compromise the availability, authenticity, integrity, and or confidentiality of stored or transmitted personal information.
- To resist malicious, deceptive, fraudulent, or illegal actions directed at Phoenix Labs and to prosecute those responsible for those actions.
- To ensure the physical safety of natural persons.
- To verify or maintain the quality or safety of Phoenix Labs products, services, or devices, and to improve, upgrade, or enhance Phoenix Labs’ services or devices.
- For purposes that do not infer characteristics about individuals
- Non-Discrimination. California residents have the right not to receive discriminatory treatment by us for the exercise of their rights conferred by the CCPA.
- Authorized Agent. Only you, or someone legally authorized to act on your behalf, may make a verifiable consumer request related to your personal information. You may also make a verifiable consumer request on behalf of your minor child. To authorize an agent, provide written authorization signed by you and your designated agent and contact us as set forth in “Contact Us” below for additional instructions.
- Verification. To protect your privacy, we will take steps to verify your identity before fulfilling your request. These steps may involve asking you to provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative. Examples of our verification process may include asking you to provide the email address or phone number we have associated with you, opening a link sent to the contact information provided, and following the instructions on the website you are taken to.
If you are a California resident and would like to exercise any of your rights under the CCPA, please contact us as set forth in “Contact Us” below. We will process such requests in accordance with applicable laws.
- De-Identified Information. If we create or receive de-identified information, we will not attempt to reidentify such information, except to comply with applicable law.
- Disclosure Regarding Opt-Out Preference Signals. Phoenix Labs does not “sell” personal information or “share” personal information for “cross-context behavioral advertising” so it does not respond to opt-out preference signals.
What should i know about information security?
We take steps to ensure that your personal information is kept secure and in accordance with this Privacy Notice. That said, despite our efforts, there exists the possibility of unauthorized access, use, disclosure, and/or loss. If that does happen, we will work with you and help you be consistent with our legal obligations, but to the fullest extent permitted by applicable law, we do not accept liability for unauthorized access, use, disclosure, or loss.
Supplemental notice for workers in the EEA, the UK, and Switzerland
Phoenix Labs has policies and procedures in place to identify data processing activities that may result in high risk to Workers’ rights and freedoms (including under GDPR Article 35), and as necessary, assess such activities either to prevent them altogether or otherwise ensure that appropriate technical and organizational protective measures are in place in order to proceed in accordance with GDPR and other applicable laws. When advisable or required under GPDR, Phoenix Labs will contact the competent supervisory authority to obtain relevant advice and recommendations (e.g., under GDPR Article 36).
Third-party websites/applications
Various resources and sites at Phoenix Labs may contain links to third party websites/applications and other websites/applications may reference or link to Phoenix Labs. These third-party services are not controlled by us. We encourage Applicants and Workers to read the privacy policies of each website and application with which they interact. We do not endorse, screen, or approve, and are not responsible for the privacy practices or content of such other websites or applications. Visiting these other websites or applications is at your own risk.
Changes to this privacy notice
We may revise this Privacy Notice from time to time in our sole discretion. If there are any material changes to this Privacy Notice, we will notify you as required by applicable law. You understand and agree that you will be deemed to have accepted the updated Privacy Notice if you continue your employment with or services to Phoenix Labs after the new Privacy Notice takes effect. If at any point you do not agree to any portion of the Privacy Notice in effect, you must immediately contact Human Resources.
Contact us
Phoenix Labs is the controller of the personal information we process under this Privacy Notice. If you have any questions about our practices or this Privacy Notice, please contact our Human Resources Department or:
Phoenix Labs, Inc.
PO Box 21544 RPO Little Italy
Vancouver, BC
Canada V5L 5G2
You may also email Phoenix Labs’ Data Protection Officer at dpo@phxlabs.ca.