最近更新日期:2020年6月12日
Last update: June 12, 2020
1. 序言
Preamble
索迪斯集团致力于按照《中华人民共和国网络安全法》和任何其他适用法律的规定处理个人信息,并将迅速有效地处理有关索迪斯实体的个人信息处理的任何查询作为其目标。
Sodexo Group is committed to handling Personal Information in compliance with the Cyber Security Law of the PRC and any other applicable law and aims to deal promptly and efficiently with any queries relating to the Sodexo entities’ processing of Personal Information.
在某些情况下,索迪斯实体可能代表客户充当处理者;而此时客户将负责处理数据主体所提出的与遵守相关法律法规和数据主体的个人信息相关的请求。
In some cases, Sodexo entities may act as a Processor on behalf of a Client. In this instance the Client is responsible for handling Data subject Requests relating to compliance with relevant laws and regulations and the Data subject’s Personal Information.
2. 定义
Definitions
- 客户系指要求索迪斯为他们的员工/现场人员提供服务的组织或公司(此类员工/现场人员即上述服务的最终用户)。
- Client means organizations or corporations that ask Sodexo to perform services on their behalf for their employees / Onsite personnel that are the end-users of these services
- 投诉系指数据主体在认为其根据《中华人民共和国网络安全法》和任何其他适用法律的规定所享有的权利受到侵犯的情况下向监管当局或法院提出的投诉。
- Complaint means the complaint lodged by a Data subject with a Supervisory Authority or a court of justice if the Data subject considers his or her rights under Cyber Security Law of the PRC and any other applicable law
- 数据主体系指其个人信息因在索迪斯集团内处理而使与之相关的身份已被识别或可识别的个人,包括索迪斯当前、过去和潜在的求职者、员工、客户、消费者/受益人、供应商/供货商、承包商/分包商、股东或任何第三方。
- Data subject means an identified or identifiable individual whose Personal Information is concerned by processing within Sodexo, including the Personal Information of Sodexo’s current, past and prospective applicants, employees, clients, consumers/beneficiaries, suppliers/vendors, contractors/subcontractors, shareholders or any third parties.
- 集团数据保护官系指索迪斯集团执行委员会任命和认可的负责监督索迪斯集团数据保护问题、定义和管理索迪斯数据保护合规性计划及与数据保护相关的良好规范,并确保其按第20号准则实施的人员。
- Group Data Protection Officer means the person appointed and endorsed by the Sodexo Group Executive Committee to oversee data protection issues at the Sodexo Group level, to define and administer the Sodexo data protection compliance program and good practices relating to data protection and to ensure their implementation as set out in Rule 20.
- 本地唯一数据保护联络点系指某一索迪斯实体任命的负责处理本地数据保护问题的个人。在某些情况下,根据适用的数据保护法的要求,可将本地唯一数据保护联络点指定为本地数据保护官。
- Local Single Data Protection Point of Contact means the individual appointed by a Sodexo entity, in charge of handling local data protection issues. In some cases, the Local Single Data Protection Point of Contact can be appointed as Local Data Protection Officer where required by applicable data protection law.
- 个人信息系指以电子或者其他方式记录的能够单独或者与其他信息结合识别自然人个人身份的各种信息,包括但不限于自然人的姓名、出生日期、身份证号码、个人生物识别信息、住址、电话号码等。
- Personal Information means various information which is recorded in electronic or any other form and used alone or in combination with other information to recognize the identity of a natural person, including but not limited to name, data of birth, ID number, personal biological identification information, address, and telephone number of the natural person.
- 处理或个人信息处理系指对个人信息或个人信息集执行的任何操作或一组操作,无论其是否通过自动化方式进行,例如收集、记录、组织、结构化、存储、改编或更改、检索、查阅、使用、通过传送披露、传播或其他方式提供、匹配齐或组合、限制、删除或销毁。
- Processing or Personal Information Processing means any operation or set of operations which is performed on Personal Information or on sets of Personal Information, whether or not by automated means, such as collection, recording, organization, structuring, storage adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
- 请求系指相关数据保护法律法规向个人提供的一种机制,使个人能够行使自己的权利(例如访问权、更正权、删除权等)。 个人可向处理其个人信息的任何实体提出请求。
- Request means one of the mechanisms provided by relevant data laws and regulations to individuals to allow them to exercise their rights (such as the right of access, to rectification, to erasure etc.). An individual may make a Request against any entity which processes its Personal Information.
- 索迪斯实体系指不时被接纳为索迪斯集团成员的任何公司、合伙企业或其他实体或组织,统称为“索迪斯”。
- Sodexo entity or Sodexo entities means any corporation, partnership or other entity or organization which is admitted from time to time as a member of the Sodexo Group. Collectively ‘Sodexo’.
3. 范围
Scope
本政策适用于适用于索迪斯中国区各法人公司(以下简称为“索迪斯”)。
This policy applies to all Sodexo entities in Mainland China (hereinafter designated as “Sodexo”).
本政策适用于索迪斯直接或间接从所有个人处所收集的个人信息的处理,上述个人包括但不限于索迪斯当前、过去或潜在的求职者、员工、客户、消费者、儿童、供应商/供货商、承包商/分包商、股东或任何第三方;“个人信息”的定义是与其身份已被识别或可识别的个人或其身份可通过有合理可能使用的方式被识别的人员相关的任何数据。
This policy applies to the Processing of Personal Information collected by Sodexo, directly or indirectly, from all individuals including, but not limited to Sodexo’s current, past or prospective job applicants, employees, clients, consumers, children, suppliers/vendors, contractors/subcontractors, shareholders or any third parties, with “Personal Information” being defined as any data that relates to an identified or identifiable individual or a person who may be identified by means reasonably likely to be used.
在本政策中,“您”和“您的”系指涉及的个人。 “我们”、 “我们的”和“索迪斯”系指索迪斯实体。
In this policy, “you” and “your” means any covered individual. “We”, “us”, “our” and “Sodexo” means the Sodexo entities.
4. 您根据相关法律规定所享有的权利
Your rights under relevant laws
如索迪斯出于自身目的处理您的个人信息,则请查阅我们的《索迪斯中国数据保护政策》中的“您的权利”部分。
Where Sodexo processes your Personal Information for its own purposes, please consult the Section “Your Rights” of our Sodexo China Data Protection Policy.
如索迪斯代表客户处理个人信息,则索迪斯会将收到的任何数据主体的请求通知客户。 索迪斯将在法律允许的范围内就请求配合客户并为客户提供帮助。
Where Sodexo processes Personal Information on behalf of a Client, Sodexo will notify the Client of any Data subject’s Request received. Sodexo will cooperate and provide the Client with assistance in relation to the Request, to the extent legally permitted.
5. 我们的团队在收到请求后将采取的行动
What our teams will do if they receive a Request?
我们的方法是积极参与并以令人满意的方式解决您的请求,使您不必向当地法院或相关数据保护监管当局提出投诉。
Our approach is to engage positively and resolve your Request in a satisfactory manner without you having to file a complaint to the local Court or the relevant Data Protection Supervisory Authority.
如您对您的个人信息的处理有任何疑问,请随时向索迪斯提出查询。为帮助我们处理您的请求,请填写下文的相关请求表,以对您的查询进行完整的书面说明。
If you have any queries with the Processing of your Personal Information, you should not hesitate to raise your query to Sodexo. To help us to deal with your Request, please provide a full written explanation of your query by completing the Request Form below.
索迪斯应将数据主体提出的任何请求尽快通知其客户。 客户将负责处理此类请求,而索迪斯将协助客户响应数据主体的请求。索迪斯仅在与客户达成协议后,或客户在法律上消失、不复存在或破产的情况下才直接处理请求。 在所有其他情况下,索迪斯将协助客户响应数据主体的请求。
Sodexo shall inform its Client of any Request made by a Data subject as soon as possible. The Client will be in charge of handling such Request and Sodexo will assist the Client in responding to Data subject Requests. Sodexo will directly handle Requests only when it is agreed with the Client or if the Client disappeared or cease to exist in law or became insolvent. In all other cases, Sodexo will assist the Client in responding to Data subject Requests.
6. 处理请求
Handling Requests
在起草您的请求之时,同时也为了确保索迪斯能以最有效的方式迅速处理您的请求,请您遵循以下步骤:
At the time of drafting your Request and to allow Sodexo to deal promptly with your Request in the most efficient manner, you are invited to follow these steps:
第1步:通过电子邮件填写并提交请求表,并将其发送至在收集您的个人信息之时向您发出的信息通知和/或隐私政策中所提供的通用电子邮箱和/或本地数据保护联络点的以下电子邮箱:dpo.china @sodexo.com。
STEP 1: Complete and submit the Request Form by email to the generic email address as indicated in the information notices and/or the privacy policies provided to you at the time of the collection of your Personal Information and/or to the Local Data Protection Point of Contact at the following email address: dpo.china @sodexo.com.
第2步:我们将对您的请求进行保密,并在必要时进行全面调查。在此过程中,您可能会从相关的索迪斯本地唯一数据保护联络点和/或索迪斯全球数据保护办公室收到对您所关注的问题进行询问的其他通信。如果您在请求中未提供足够的信息,我们将让您知道我们需要何种信息以处理您的请求。
STEP 2: Your Request will be treated confidentially and fully investigated where necessary. During this process, you may receive additional communication from the relevant Sodexo’s Local Single Data Protection Point of Contact and/or Sodexo’s Global Data Protection Office to investigate your concern. If you have not provided sufficient information in your Request, we will let you know what further information is needed to process your Request.
第3步:如与您的请求相关的信息比较完整,我们将在十五(15)个工作日内与您取得联系,向您给予答复。在某些情况下,此期限可根据请求的性质延长。
STEP 3: Once the information related to your Request is complete, we will contact you within fifteen (15) working days to provide you with an answer. This deadline may be extended in certain circumstances, depending on the nature of the Request.
第4步:请注意,无论您是否遭受个人信息方面的损害赔偿,您可选择向您的惯常居住地、工作地点或涉嫌侵权地点所在的国家/地区的数据保护监管机构提出投诉。
STEP 4: Please note that you can choose to lodge a complaint with the Data Protection Supervisory Authority in the country of your habitual residence, place of work or place of the alleged infringement, regardless of whether you have suffered damages. Personal Information