Política de Privacidad - Bristol-Myers Squibb
Política de tratamiento de datos personales Colombia
1. Presentación |
2. Obligatoriedad |
3. Identificación del responsable |
4. Generalidades legales |
5. Marco Legal |
6. Principios |
7. Protegiendo Su Información Personal. |
8. Definiciones |
9. Recolección de Datos |
10. Finalidad del Tratamiento de Datos |
11. Seguridad y Confidencialidad |
12. Derechos del Titular de la información |
13. Deberes de la Compañía como responsable del Tratamiento de Datos Personales |
14. Transferencia y transmisión internacional de Datos Personales por parte de la Compañía |
15. Actualización, rectificación y supresión de Datos Personales |
16. Otras políticas concordantes |
17. Video-vigilancia |
18. Entrada en vigencia y plazo |
BMS Global Employee Privacy Notice
If you are an applicant, you can read more details here: https://www.bms.com/privacy-policy.html#job.
For questions about this notice or data protection as a worker, please refer to the contact us section.
Click here to download or print a copy of this BMS employee privacy notice.
What You Will Learn in This Notice |
This notice is specific to the use of your personal data by Bristol Myers Squibb (“BMS”, “we”, “us”, “our”) if you are or were part of our workforce. It explains what personal data processing activities are conducted at BMS worldwide covering BMS direct employees, consultants, contractors, interns and third parties as defined in this Notice – collectively called ‘workers’ or ‘employees’ (or “you”, “your”, “yours”) in this notice (“Employee Notice” or “Notice”). We use the term “processing activities” or “use” to refer to accessing, collecting, storing, transferring or any other use of your personal data.
Click on the icons or text below to find out more about how, why, and where BMS uses your data:
1. INTRODUCTION – HOW TO READ THIS NOTICE |
In this Notice, we provide you with an overview of how and why we collect your personal data - also known as personal information. We also inform you about your privacy rights related to our use of your data.
You should read this Employee Notice in combination with the BMS General Privacy Notice which explains the collective privacy standards and commitments that apply to all processing of personal data at BMS. It is available on the footer of our corporate www.bms.com websites for markets where we have a presence or operate.
Who it applies to and our other notices |
2. WHO IS THE CONTROLLER OF YOUR DATA |
A controller decides why and how to process your personal data. However, central teams at BMS located in another country (for example, teams in the US and support services provided by our authorized business partners) may also access and process your personal data as described in this notice. For each activity, Bristol-Myers Squibb Company and its affiliates will act as controller together or jointly for using your data.
Note: If you have an employment contract, the BMS legal entity who is your employer, or who has the contract with your employer, is the controller of your personal data. If you are a consultant, contractor, intern or independent worker), then the entity listed in your employer’s contract with BMS is the controller. |
3. CATEGORIES – WHAT TYPE OF DATA BMS PROCESSES ABOUT YOU |
This section describes the type of personal data we collect for our processing activities, which may vary depending on your role at BMS.
We describe this personal data as “Work-Related Data” or “Sensitive Work-Related Data” that BMS needs for the creation of your work contracts and to run our day-to-day work activities. Remember, depending on where you live, the relevant data protection law in your jurisdiction may define personal data differently from the descriptions used in this notice.
We use the categories of personal data in the following context:
Onboarding & HR day-to-day
Compensation, benefits & performance
Security, IT, devices, training
Surveys, events, images, videos
Sensitive data
Environmental, health & safety
Data for legal & compliance
Family & your relatives’ data
Roles & positions, relocation, leaving
Note: Most data we use about you is necessary for our day-to-day operations. In certain cases, you might decide to participate in activities that are not mandatory, such as attending events, accessing benefits, apply to internal jobs, responding to surveys or sharing your image or video recordings with BMS. In this case, we will let you know what your options are before processing your data. |
You can learn more about our purposes and why we use your data in section 4.
The categories of Work-Related Data |
The categories of Sensitive Work-Related Data |
4. PURPOSES – WHY WE PROCESS YOUR DATA AND IN WHAT CONTEXT |
This section describes the main types of activities where BMS processes your personal data and the context in which BMS uses it. Our main processing activities consist in:
- handling your data for day-to-day operations, such as for onboarding you as a new hire or worker, handling your payroll, requests, enabling access to our systems and intranet and BMS social media platforms to interact with other colleagues, for internal interactions, and, if applicable, performance reviews;
- offering benefits such as learning, career development programs, fitness, rebates on goods, wellbeing programs, BMS or external events or initiatives that you can access or participate in depending on your role;
- implementing appropriate security measures and infrastructures that prevent data losses, ensure compliance with applicable laws, maintain whistleblowing hotlines and channels to report misconducts, conflict of interest or unlawful behaviors which may require preserving information as evidence to comply with applicable employment legislation; and,
- processing in the context of our working culture and environment as a multinational company, such as participating in diversity and inclusion groups, activities or discussions or responding to surveys about the working environment.
Details about the context in which we use your data |
5. ENTERPRISE PLATFORMS & DEVICES – HOW WE USE YOUR DATA |
As a BMS Worker, there are many times when we need to process or share your data using digital means. In most cases, your online connection to BMS systems is securely managed through the BMS single sign-on (SSO) process or through our VPN (virtual private network). You may access other systems, such as Outlook or Workday using double factor authentication.
For more information about how we collect personal data from visitors to our websites or users of our products and services, please review our General Privacy Notice.
Online information that we may collect when you use our sites |
6. DATA SOURCES – HOW DO WE OBTAIN AND SHARE DATA ABOUT YOU |
BMS collects personal data directly from you for most of our processing activities, although sometimes we obtain personal data automatically via certain internal BMS sites or indirectly from alternative sources.
For example: we collect personal data indirectly from service providers (such as recruitment agents and background checking services), online platforms, government bodies (criminal records, wage garnishments) or authorities where required by law (such as tax authorities) to manage your work relationship with us. |
We also collect information about you automatically, through physical or online security, systems monitoring (for example through video (CCTV) recording) or building access control logs when you enter the workplace or in other similar contexts. BMS will always strive to make you aware of this type of processing before collection of your personal information takes place.
7. DATA TRANSFERS – WHO WE SHARE YOUR DATA WITH AND WHO CAN ACCESS IT |
Only limited BMS teams and approved third parties or authorities who need to manage or obtain your information may access Work-Related Data. When your personal data is more sensitive, BMS will apply more restrictions and protections to protect it. For details on our cross-border transfer mechanisms, please see the relevant section in our General Privacy Notice available on all bms.com websites.
Work-Related Data we share inside the BMS group |
Work-Related Data we share outside the BMS group |
8. OUR LEGAL BASES FOR PROCESSING YOUR PERSONAL DATA |
In this section, we describe our legal justifications (commonly referred to as “legal basis”) for the use of your data related to each of purpose for using it. We will use the legal basis that is most appropriate for the purpose and circumstances related to such processing. Below, we have explained which legal bases we may choose or have to use when using your personal information.
Note: Depending on the country or State where you reside, the law of your country may not require that BMS justifies how it uses your data (such as in the US or Hong-Kong). This applies to ordinary use of your data, transfers outside of your residence, or when sharing or disclosing your Work-Related Data with a third party. If you are from a jurisdiction or a State that requires a legal basis for processing personal data (such as China, the EEA, UK, or Brazil), our legal basis will depend on the personal data concerned and the context in which we collect it. Where required by applicable law, BMS will obtain your prior consent for certain processing activities – for example, using cookies or trackers, when using your images or recording materials, disclosing your personal data outside of your country of residence or disclosing it with BMS-approved third parties. |
Specific examples of usual legal bases |
9. DO WE USE ARTIFICIAL INTELLIGENCE (AI) OR SIMILAR TECHNOLOGIES? |
BMS has developed internal policies and guidance on responsible use of AI. When using AI tools involving Work-Related Data, we will apply globally recognized data privacy & protection principles. When using third party technology, we ensure to apply:
(i) BMS principles on responsible use of AI;
(ii) appropriate technical and security measures;
(iii) contractual arrangement to protect your personal data.
BMS will provide you with more detailed information in a privacy notice, and if required, obtain your prior consent before using such technologies. You can read more information about your rights, including your right to object or to request human intervention, in section 10.
More information and examples of our use of digital technologies |
10. INDIVIDUAL CHOICES – RIGHTS AND ACCESS TO YOUR DATA |
This section describes the rights you may have and the potential actions you can take in relation to how BMS processes your personal data.
You have several privacy rights in relation to the processing of your personal data at BMS, but these will depend on the country where you reside and on the legal basis that we used to process your personal data. Exercising your rights is usually free of charge, except if your request is excessive or requires disproportionate efforts, in which case we may ask you for a reasonable fee.
BMS assesses every request received based on who you are and the jurisdiction or State in which you are based. If we cannot comply with your request, we will let you know the reasons why. You can always contact BMS at dpo@bms.com to find out more about your rights and how you can exercise them.
The rights described below are not absolute and will only apply in certain circumstances. This means that we may be unable (for example, due to legal requirements) or not obligated to act on your request. In some cases, we may need to collect additional personal data from you to verify your identity before we provide access or delete your information, for example a copy of your government-issued identification.
You can read more about your individual rights |
Actions you can take about your personal data |
11. DATA SECURITY – HOW WE PROTECT YOUR PERSONAL DATA |
BMS uses appropriate technical and organizational measures to protect your personal data online and offline. We do this to prevent unauthorised processing, loss of data, disclosure, use, alteration, or destruction of your personal data. The measures that we deploy are dependent on the sensitivity of the personal data and the most recent advancements made in security technology. Where appropriate, we use encryption, pseudonymisation (such as key coding), de-identification and other technologies that can assist us in securing your data, including measures to restore access to your data. We also require our service providers to comply with reasonable and recognized data privacy and security requirements.
The measures we use to protect your data |
12. DATA RETENTION – HOW LONG BMS RETAINS YOUR PERSONAL DATA |
Data retention schedules
BMS will only retain your personal data for as long as necessary for the processing purposes listed in section 4. When retaining and storing data about you in our systems, we have put in place specific data retention schedules in accordance with our company policy and in compliance with applicable data protection and local employment laws.
More information on our retention periods |
13. LEAVING BMS – WHAT HAPPENS TO MY DATA |
After you end your employment with, BMS we will need to retain certain information about you, including your contact details, to fulfil certain business obligations, to administer or manage retirement plans, payment for outplacement services, respond to queries from your new employer.
Information about why we may retain your data after you leave BMS |
14. ADDITIONAL PRIVACY RIGHTS |
This section contains additional information for jurisdictions that give additional privacy rights in the context of work with BMS. Note that these rights will depend on the nature of your contract or relationship with BMS, your residency, jurisdiction, State from which you originate or the BMS entity that you work for. BMS will not discriminate against you for exercising your rights but may not be able to provide you with services or programs that you have requested if we are not able to use your personal data. Please refer to section 10 for general information about your privacy rights.
Information about additional applicable privacy rights |
15. TRANSFER OF CONTROL |
Data sharing in connection with a transfer of control
Circumstances may arise where we decide to reorganize or divest part (or all) of our business or a line of our business (or any portion of our assets). This can include our information databases and websites, through a sale, divestiture, merger, acquisition, in the event of a bankruptcy, or other means of transfer.
In such circumstances, your personal data may be shared with, sold, transferred, rented, licensed, or otherwise provided or made available by us or on our behalf to actual or potential parties to, and in connection with, the contemplated transaction (without your consent or any further notice to you). In such circumstances, we will seek written assurances that your personal data will be protected appropriately.
16. CHANGES TO THIS NOTICE |
BMS may update its privacy notices from time to time. If there are any important revisions which might impact the way we process your personal data, BMS will notify you to inform you of these changes either directly or through our internal communication channels.
17. CONTACT US |
If you have questions about this notice, or you want to obtain more information about our use of your personal data as a BMS Worker, you can ask a question by raising a ticket on myBMS. For current and previous employees, you can also contact us by email at eudpo@bms.com for the EU/EEA, Switzerland and the UK. If you are located elsewhere, please email the team at dpo@bms.com or by post at the contact details as described on the relevant footer of our corporate websites that applies in your own language under the contact section.
More information about data protection in your market |
Privacy notice versions
Current | Comprehensive update in the layout and content to harmonise transparency across all BMS markets |
2023 |
Esta Política de Privacidad fue actualizada por última vez el 01/12/2017.