This Privacy Statement governs the way Cinnamon Hotel Management Limited (“Company”) [company registration number PB 7] of No. 117, Sir Chittampalam A. Gardiner Mawatha, Colombo 02, Sri Lanka and the hotels it operates under the Cinnamon Brand (jointly “Cinnamon Hotels & Resorts”) collects, uses, maintains and discloses information collected before, during, and after your working relationship with Cinnamon Hotels & Resorts. It applies to all permanent and temporary employees, workers, contractors and any other individuals who are working for us but are not directly employed (“employees” or “you”). It also applies to those who have applied for employment with Cinnamon Hotels & Resorts (“employment candidates” or “you”). This privacy statement may also be referred to as the ‘Employee Privacy Policy”.

1. WHAT PERSONAL DATA DO WE COLLECT?

• We collect, maintain, and use different types of Personal Information in the context of our employment relationship or potential employment relationship with you. The following provides examples of the type of information that we collect from you and how we use the information.
• Contact information (such as name, address, telephone number, email address, etc.)
• Unique Identifiers (such as national identity card, passport, driver’s licence etc.)
• Educational and professional information (qualifications and licences etc.)
• Employment history (previous employment records, information from referees, information from your social media accounts such as LinkedIn and from other John Keells Group companies)
• Special categories of personal information (police reports, grama sevaka certificates, religion, Biometrics, gender, race, nationality, medical reports)
• Financial information (bank account details, credit and debit card etc.)
• Technology equipment and system information (call logs, system usage logs, browsing history etc.)
• Audio recordings
• Photographs and CCTV footage
• Contact details of your family or other relationships for emergency

2. WHEN DO WE COLLECT YOUR PERSONAL DATA?

• When you make an employment application (such to us through the website, by post or in person)
• When you communicate with us (such as via SMS, telephone calls, emails etc).
• From external agencies (such as employment agencies or background check providers).
• When you visit any of our premises.
• From your referees.
• From your previous employers.
• From anyone with whom you may have or had a business relationship with.
• From your doctor or other medical professional
• From our surveillance camera (CCTV) system.
• From other John Keells Group companies.

3. HOW DO WE USE YOUR PERSONAL DATA?

A. For employment Candidates

• Identifying, evaluating, and selecting candidates for current and future job openings.
• Maintaining records
• Conducting background checks to verify information provided by candidates.
• Ensuring compliance with laws, regulations, and contracts.
• Contacting you or your emergency contact in case of emergencies.
• Any other legitimate purposes necessary for business operations.

B. For Employees (in addition to above)

I. Human Resources Management:

• Identifying, evaluating, and selecting candidates for employment.
• Processing new hires and managing terminations.
• Conducting performance reviews and setting performance goals.
• Providing training, development opportunities, and career counseling.
• Administering salary, benefits, and incentive plans.
• Managing employee relations, including resolving disputes and grievances.
• Ensuring a safe and healthy work environment.

II. Legal and Regulatory Compliance:

• Adhering to employment laws, tax laws, and other relevant regulations.
• Processing work permits and visas for foreign employees.
• Conducting background checks as required by law or company policy.
• To fulfill the employment contract

III. Business Operations:

• Conducting investigations into misconduct or other issues.
• Monitoring access to company facilities and systems.
• Processing payroll, managing expenses, and conducting audits.
• Supporting corporate governance initiatives.
• Organizing company events.

4. WHOM DO WE DISCLOSE YOUR PERSONAL DATA TO?

• To other John Keells Group Companies
• To public authorities
• To any other third-party organizations that are contracted with us to provide service such as external auditors, insurance companies, business card printers etc.
• If another company acquires, or plans to acquire part of our business, we will also share information with that company.

In addition to the above, our service providers may while providing you services directly collect personal data from you. You are required to read the privacy policy of every such service provider and direct any clarification to them. We have no control over their privacy practices and assume no responsibility.

5. TRANSFERS OF PERSONAL DATA

We may transfer your personal data outside of Sri Lanka. The transfer of your personal data is carried out under organizational, technical and contractual protection.

6. HOW DO WE PROTECT YOUR PERSONAL DATA?

We implement industry accepted security measures to protect your personal information from unauthorized access, use, disclosure, alteration, or destruction. However, please be aware that no system is completely secure. In the event of a data security breach that could potentially impact your personal information, we will take appropriate steps to investigate the incident and notify you as required by applicable laws and regulations.

7. HOW LONG DO WE RETAIN YOUR PERSONAL DATA?

We will retain your personal information for as long as necessary to fulfill the purposes outlined in this Privacy Statement or as required by applicable laws and regulations.  Once the retention period expires, we will securely anonymize your personal information to prevent unauthorized access or disclosure.

8. WHAT ARE YOUR RIGHTS?

You have the right to access, correct, or request anonymization of your personal information. To exercise these rights, please contact your relevant HR Business Unit Head. We will respond to your request within a reasonable timeframe. However, we reserve the right to deny these requests at our discretion within the legal framework.

9. CONSEQUENCES OF NOT PROVIDING YOUR PERSONAL DATA

• Failure to provide such information may:
• Limit or prevent access to features on our website or digital platforms.
• affect our ability to communicate with you.
• Hinder our degree to enter into a contract with you
• impact your chances of being selected for employment or internship.

Be in violation of any applicable law or regulation that requires us to collect such personal data.

10. BY SUBMITTING PERSONAL DATA TO US, YOU ACKNOWLEDGE THAT:

• You have read and understood this Privacy Statement and agree and consent to the use, processing, disclosure and transfer of personal data as set out herein.
• All information and representations provided by you are true and correct to the best of your knowledge, and you have not knowingly omitted any relevant information.
• If you are providing information on behalf of another person, you guarantee you have the authority to do s and they are aware of this privacy statement.

11. CINNAMON DATA PROTECTION POLICY

All employees are required to read, understand and follow the Cinnamon Data Protection Policy which is available on the internal intranet, HR or with your Data Protection Champion. It is the employee’s responsibility to review the policy and ensure they are aware of any changes. Failure to adhere to the policy will result in disciplinary action.

12. WHOM CAN YOU CONTACT FOR MORE INFORMATION?

If you have any questions or complaints about this statement or about our privacy and information handling practices, kindly reach out to the Data Protection officer at [email protected]

13. UPDATES TO THE PRIVACY NOTICE

We reserve the right to amend, modify, vary or update this Privacy Statement, at our discretion from time to time, as and when the need arises. The most recently published Privacy Notice shall prevail over any of its previous versions. We have no obligation to directly inform you of any changes and you have a responsibility to periodically review https://www.cinnamonhotels.com/privacy-statement for any updates.