As a current or former candidate, employee, or contractor for ContextLogic Inc., or a company under common ownership or control with ContextLogic Inc. ("Affiliate") (collectively, “ContextLogic”), we may collect, process, store, and sometimes transfer personal data about you and your family members to third parties when necessary to support your work for ContextLogic or to protect our rights. This personal data use notice (“Notice”) sets out how and why we do that and rights you may have. We may update and re-send this Notice from time to time, for example if we start to use new systems or processes that use your personal data.
ContextLogic is headquartered in the United States, with operations around the world. When we say “ContextLogic,” “we,” “us” or “our” in this Notice, we are referring to your actual, potential, or former employing entity (or the company to which you provide your services if you are a contractor), which will be the data controller responsible for the use of your personal data. When we say “you” or “your” we are referring to the individuals that are recruited, apply for, or are placed into employment or an engagement with ContextLogic.
More simply put: Because you work, worked, or seek to work for ContextLogic (or previously worked for ContextLogic), we have to process some data about you. This Notice is intended to help you understand what data we process and why, and the rights you have (if any). We might update this document now and then.
I. Data We Collect
"Personal data" means any information relating to an identified or identifiable natural person (like you!). We usually collect personal data directly from you, but sometimes we collect it automatically, including from your device(s), when you interact with our office, network and systems. We may also collect your personal data from other sources, including third parties, even before your employment or engagement begins, such as through a background check.
We call all of this "Employee Data." Employee Data includes, but is not limited to:
Data You Provide
Automatically Collected Data
We also obtain data collected or contained on devices used to access online tools and services or ContextLogic-owned equipment or ContextLogic-approved devices, such as: device identifiers, including device fingerprints, MAC Addresses, Ad IDs, IP Address, information about your browsing history or logs of your use of ContextLogic or connected networks and systems (in compliance with local law). Please read below for more information on monitoring that may be conducted when ContextLogic systems and devices are used.
Data from Other Sources and Third Parties
We also obtain the above data from other sources, which we often combine with personal data we collect either automatically or directly from you. For example, we receive personal data from our background check providers, our technology service providers, and sometimes from social media (such as LinkedIn) and other publicly available sources.
Sensitive Employee Data
Some Employee Data described here may be more sensitive than others, including (where legally permitted), information about your ethnic or racial origins, religious beliefs or other beliefs of a similar nature, trade union membership, physical or mental health data, sex life or sexual orientation, and the commission or alleged commission of any criminal offence or the sentence in relation to any such offence. We call this sort of data "Sensitive Employee Data."
If you provide ContextLogic with personal data about members of your family or other dependents, such as information for health and other benefits that you or they may obtain through us, it is your responsibility to inform them how and why we process that personal data as set out in this Notice.
II. Our Use of Employee Data
We collect, use, and disclose (“Process”) Employee Data for a variety of reasons, most of which are required to facilitate your employment or service to ContextLogic. Some specific examples of how we use Employee Data are:
- Evaluate and select candidates for employment
- Administer compensation and benefits programs
- Facilitate communication and collaboration, such as with employee directories, org charts, and seat finders
- Monitor use of ContextLogic systems and devices
- Investigate and resolve employee relations issues
- Comply with legal obligations, such as payroll deductions, government reporting, and leaves of absence
Where required by law, such as in the European Economic Area, we Process your Employee Data only if we have a valid legal basis for doing so, and we are required to explain the various legal bases that we rely on to you. The table in Annex 1 sets out the purposes for why we use your data and the legal basis we rely on for each purpose.
Similarly, we collect and process Sensitive Employee Data for a variety of reasons, and only if we have a valid justification for doing so. We are required to explain the various reasons and justifications that we rely on to you. The table in Annex 2 sets out the purposes for why we use your Sensitive Employee Data and the legal justification for each.
Depending on where you live, certain laws require that you provide specific consent for us to Process your personal data. Under these circumstances the provision of your Employee Data is voluntary and failure to provide such data shall not affect your employment relationship and contract with ContextLogic.
If you grant consent for ContextLogic to Process your Employee Data, you can request to withdraw your consent by contacting firstname.lastname@example.org. Please note, withdrawing consent is forward-looking: it does not change the lawfulness of any processing that occurred before you withdrew your consent.
More simply put: There are lots of reasons why we need to process your data to make your employment or engagement at ContextLogic work. Typically, we won’t ask you for specific consent to process your data for these reasons. But where its legally required, we won’t process your Employee Data unless you give us specific consent to do so. Those circumstances are laid out in the Annexes below.
III. Your Data Protection Rights
Depending on your location, you may have rights in relation to your Employee Data. These rights differ by country, but can be summarized as follows:
To exercise any of these rights, please contact us as stated below. If we do not have a legal obligation to honor certain rights, or circumstances make doing so in a timely way difficult, we will let you know that.
IV. Data Sharing and Transfers
A. Affiliates and Third Parties
In order to use Employee Data as described above, we may share it with Affiliates and third parties, like service providers. Such sharing may require transfers of Employee Data to other countries, including countries where data protection laws and regulations may differ from those in your country. In particular, data may be transferred to and from ContextLogic in the United States.
Likewise, ContextLogic may also transfer personal data, including to third parties. For example:
- Governmental and regulatory bodies includes tax and labor authorities as well as law enforcement agencies, which we will share data with when required by applicable laws, to prevent and detect crime or in connection with a corporate restructuring or transaction.
- Our service providers includes those that provide products or services to ContextLogic, such as technology suppliers, medical practitioners, relocation services and private health companies.
- Corporate business transactions may include transfers to potential purchasers of or investors in part or all of ContextLogic, its business, or any or part of any affiliated entity.
For more information regarding ContextLogic Affiliates and third parties that we may share your data with, please contact us as set out below.
B. International Data Transfers
Those who get access to Employee Data may be outside of your country (the most common places being within the USA), where data protection laws and regulations may differ from those in your jurisdiction. For example, personal data in the internal employee directory may be accessed, within and outside your country, by employees of ContextLogic or an Affiliate, as well as by authorized third parties.
For transfers of your data to Affiliates outside of European Economic Area (“EEA”), ContextLogic will be bound by the EU’s Standard Contractual Clauses. The European Commission has assessed these Clauses as providing an adequate level of protection for personal data, and you can ask for a copy of the safeguards by contacting us as set out below.
Transfers to other entities outside of the EEA need to be protected. ContextLogic will work to ensure that transfers are adequately protected as required by law, such as by the EU’s Standard Contractual Clauses. You can ask for a copy of such Clauses by contacting us as set out below. In other cases, we may transfer your data to countries that the European Commission has deemed to adequately safeguard personal data.
More simply put: ContextLogic has several different companies in different countries, and we might need to transfer your data outside of your home country in order to process it. Sometimes, we also need to share your data with third parties. We’ve listed some of the circumstances where this could become necessary, but you can contact us for the full list. If we transfer your data out of the EEA, we will take the appropriate steps to make sure your data is protected during the transfer. If you want to know what those steps are, just ask!
V. How Long We Keep Personal Data
Your Employee Data will be kept in a form where you can be identified for the period reasonably necessary to achieve the purposes described in this Notice, including Annexes 1 and 2, or for the period of time required by applicable law.
In short, this means that ContextLogic will retain your personal data as long as you are working for the company, though certain data may be kept longer where it is required to meet ContextLogic’s compliance and legal obligations,.
More simply put: We delete or de-identify employee data after we no longer need it unless there’s a legal or practical reason why we can’t.
ContextLogic may monitor and record your use of its devices and communication systems (including telephone, mobile phone, voicemail, e-mail or computer systems), and CCTV video surveillance may operate in ContextLogic's offices, but only to the extent permitted by law (collectively “Monitor”). Where we use CCTV, the cameras will be in plain view. You can contact Workplace to find out the precise locations.
Only specific individuals in the IT, InfoSec, and Workplace teams are authorized to Monitor. The results may then be shared with HR, Legal, management or your line manager, as appropriate. Any personal data that we come across as a result of Monitoring (including identifiable CCTV images of Employees) will be handled in accordance with this Notice.
The reason we may do this is to ensure that our policies and the law are being followed, to comply with our legal requirements, maintain security, and for other legitimate business purposes (such as to ensure employee safety, to protect our assets, manage employees and to conduct internal investigations).
Your use of ContextLogic communication systems must abide by any policies that we may issue from time to time, including without limitation, the Code of Conduct & Ethics and your local employee handbook. Just so you know, your use of ContextLogic’s communication systems may be used as evidence in disciplinary or legal proceedings against you.
More simply put: When you’re on ContextLogic premises or using ContextLogic devices, we might monitor you if the law allows it in order to keep everyone safe and secure.
We employ reasonable organizational and technical measures designed to protect the privacy of the Employee Data that we Process.
VIII. Company Contact Information
To exercise your rights, or to ask any questions related to this Notice or ContextLogic’s employee privacy practices, please contact Wish Human Resources. You also have the right to lodge a complaint with the competent data protection supervisory authority (typically the data protection authority where you live and/or work).
ANNEX 1 – USES AND LEGAL BASES FOR PROCESSING EMPLOYEE DATA
Where we rely on legitimate interests in processing Employee Data, we only do so where those legitimate interests are not overridden by your rights and interests. Our legitimate interests can include:
- Managing employees including performance, disciplinary and grievance issues;
- Assessing suitability for roles within ContextLogic;
- Implementing and running a group-wide organisational structure and group-wide information sharing;
- Maintaining the right to freedom of expression or information, including in the media and the arts (unless consent is required by local law);
- Managing customer relationships and other forms of marketing (unless consent is required by local law);
- Preventing fraud, misuse of company IT systems, harassment, theft, infringement, money laundering or other crimes;
- Operating of a whistleblowing scheme;
- Managing physical, IT and network security;
- Conducting internal investigations; and
- Helping facilitate mergers and acquisitions.
ANNEX 2 – USES AND LEGAL BASES FOR PROCESSING SENSITIVE EMPLOYEE DATA
ANNEX 3 - SUPPLEMENTAL PRIVACY NOTICE FOR CALIFORNIA RESIDENTS
California’s Consumer Privacy Act requires us to describe the categories of personal information we collect from employees, as well as: the categories of sources from which we collect such information; examples of how we use such information; and categories of third parties with whom we may share such information.