Revision 3 January 20, 2023
-
Purpose and Scope
AECOM takes your privacy seriously. Please read this privacy
notice(“Notice”) carefully as it contains essential information on how and
why AECOM and its subsidiaries and affiliates (collectively, “AECOM” or
the “Company”) Processes your Personal Data. This Notice also explains
your rights concerning your Personal Data and how to contact Company
representatives or supervisory authorities in case you have a complaint.Within the context of this Notice, “Personal Data” means any information
relating to an individual who can be identified, directly or indirectly,
by reference to an identifier such as a name, an identification number,
location data, an online identifier or to one or more factors specific to
the physical, physiological, genetic, mental, economic, cultural, or
social identity of that individual.Personal Data does not cover aggregated data, data rendered anonymous, or
data that has been de-identified. Aggregate data relates to a group or
category of individuals from which individual identities have been
removed. Data is rendered anonymous if individual persons are no longer
identifiable. De-identified data is data that has had identifiable
elements removed, and cannot reasonably identify, relate to, describe, be
capable of being associated with, or be linked, directly or indirectly, to
a particular individual.To “Process” Personal Data means any operation or set of operations
performed upon Personal Data, whether by automatic means or otherwise.
This includes the collection, recording, organization, storage, updating
or modification, retrieval, consultation, use, disclosure by transmission,
dissemination or making available in any other form, linking, alignment or
combination, blocking, erasure, or destruction of Personal Data.The Company will only Process Personal Data according to this Notice
unless otherwise required by applicable law. The Company takes steps to
ensure the Personal Data collected is adequate, relevant, not excessive,
processed for limited purposes, and stored for no longer than is
reasonably necessary in furtherance of those purposes. The Company does
not sell “Personal Data”, nor does it share it with third parties for
cross-context, behavioural advertising.If you fail to provide certain Personal Data when requested, the Company
may not be able to fully perform services as your Employer (such as paying
you or providing certain employment-related benefits), or the Company
could be prevented from complying with AECOM’s legal obligations (such as
to ensure the health and safety of its workers).Where local laws are stricter than the policies described in this notice,
AECOM has adopted specific privacy practices in those locations to satisfy
those stricter requirements. AECOM will notify employees of such specific
privacy practices and, in some cases, obtain consent where required by
law. Where local laws are less strict than this policy, the protections
described in this notice will apply.AECOM collects Personal Data directly from you – in person, by telephone,
text or email, websites, and apps, or from third-party sources for various
business purposes as described herein.When the text of this Notice or any supplemental notice is available in
multiple languages, the English version is the authoritative version. -
Collection and Processing Data
-
Public Website Data Collection
-
Information We Collect Automatically
Our servers automatically log information about your use of and
visits to the Services, including through the use of cookies, Web
beacons, and similar technologies to help personalize content and
ads, and to analyze website traffic. For example, we may collect
your IP address, the type of web browser and operating system used
to access the Services, the time and duration of your visits, and
information about the content and webpages you view and the
features you access on the Services. -
Information from Third Parties
We may receive additional information about you from other
publicly and commercially available sources, as permitted law. We
may combine all the information we collect or receive about you
and use or disclose it in the manner described in this Notice.As you navigate AECOM’s public website, AECOM may collect
information such as your Internet Protocol (IP) address, Web
browser information and your actions while on the site. This
information will be collected, if at all, using commonly used
information-gathering tools, such as cookies and web beacons.
Standing alone, this information does not directly identify you
personally. You can configure the types of cookies that will be
active while browsing with the consent manager accessible from the
site. -
Information You Provide Directly
When expressing interest in AECOM’s products or services or using
our “Contact Us” or similar features, you may have the option to
provide contact information such as your name, job title,
organization name, address, e-mail address, phone number,
comments, and interests.We use your information for the following purposes:
-
To manage your relationship with AECOM and better serve you
when you are using the Services by personalizing and improving
your experience. We also may use such information to analyse
how users use the Services and related analysis, research,
reporting, and troubleshooting and as we believe is necessary
or appropriate to protect, enforce, or defend legal rights,
privacy, safety, or property, whether our own or that of our
employees or agents or others, and to comply with applicable
law. -
To provide the AECOM website and other services to you, to
communicate with you about your use of our site and services,
to diagnose technical problems, to respond to your inquiries,
and for other customer service purposes. -
To tailor the content and information that we may send or
display to you, to offer location customization, and
personalized help and instructions, and to otherwise
personalize your experiences while using the Public Website. -
To send you marketing information, product recommendations,
and other non-transactional communications (e.g., marketing
newsletters) about us, including information about our
products and services, promotions, special offers, or events
as necessary or to otherwise contact you about products or
information we think may interest you. You can opt out of
being contacted by us for marketing or promotional purposes by
following the instructions in the marketing emails we send or
by using the information in the Contact Us” section.
Additional restrictions on AECOM being able to send you
marketing information may apply depending on the jurisdiction.
-
-
Third-Party Links
The AECOM website may contain links to other websites or
third-party applications such as Facebook, Twitter, LinkedIn, or
YouTube. AECOM is not responsible for the privacy practices or the
content of these other websites or applications, and we advise you
to refer to the policy statements of these third parties to
understand how they collect and use information.-
Cookies, Web Beacons, and Similar Technologies
The Services — as well as certain third parties that provide
content and other functionality on the Services — use a
variety of technologies to learn more about how people use the
Services and the Internet. This section provides more
information about some of those technologies and how they
work.-
Cookies:
Cookies are small text files used to store information
about users on the users’ own computer. Cookies may be
used to recognize you as the same user across different
visits to the website. Knowing how a user is using the
Services through cookies enables us to tailor our
content and Services to meet visitors’ needs more
effectively. It also enables us to improve the quality
of your visit by making sure that the Services are
properly formatted for your computer and web browser.
Some Internet browsers can be configured to warn you
each time a cookie is being sent or to refuse cookies
completely. Refer to your browser help menu for more
information. You can also manage cookie tracking
directly through the third-party service providers that
we use.
-
Google Analytics:
You may prevent your data from being used by Google
Analytics by downloading and installing the Google
Analytics Opt-out Browser Add-on, available at https://tools.google.com/dlpage/gaoptout/. Google’s ability to use and share information
collected by Google Analytics about your visits to this
Site is restricted by the Google Analytics Terms of
Service, available at http://www.google.com/analytics/terms/us.html, and the Google Privacy Policy, available at http://www.google.com/policies/privacy/. To learn more about how Google collects and processes
data in connection with Google Analytics, visit http://www.google.com/policies/privacy/partners/. -
Hotjar:
You can opt-out of tracking by Hotjar here:https://www.hotjar.com/opt-out/ and can learn about Hotjar’s ability to use and share
information through the Hotjar Terms & Conditions of
Use, available at https://www.hotjar.com/terms, and the Hotjar Privacy Policy, available at https://www.hotjar.com/privacy/. -
Wistia:
Information collected by Wistia in connection with
videos played on this website is covered by Wistia’s
Privacy Policy, available at https://wistia.com/privacy. -
Other local storage:
Local Shared Objects (also referred to as “Flash
cookies”) and HTML5 local storage are similar to cookies
in that they are stored on your computer and can be used
to store certain information about your activities and
preferences. These objects are stored in different parts
of your computer from ordinary browser cookies, however.
Many Internet browsers allow you to disable HTML5 local
storage or delete information contained in HTML5 local
storage using browser controls. -
Web Beacons:
Web beacons can be embedded in web pages, videos, or
emails, and can allow a web server to read certain types
of information from your browser, check whether you have
viewed a particular web page or email message, and
determine, among other things, the time and date on
which you viewed the Web beacon, the IP address of your
computer, and the URL of the web page from which the Web
beacon was viewed. -
Do Not Track Signal:
Some web browsers may transmit “do-not-track” signals
to the websites with which the user communicates. We do
not currently take action in response to those signals.
If an industry standard on responding to such signals is
established and accepted, we may reassess how to respond
to those signals. -
Children’s Information:
The Company’s website and services is intended to be
used by adults and corporate entities interested in
AECOM. They are not intended for children, and AECOM
does not knowingly collect or store personal information
about children under the age of 13.
-
-
-
-
Job Applicants/Candidates
-
AECOM collects “Personal Data” from you in connection with your
resume and the application you submit to us when applying for a
job. We use your information to evaluate your skills and abilities
for job opportunities, verify your information, carry out
reference checks and/or background checks (where applicable),
communicate with you about the recruitment process, recommend
potential career opportunities at AECOM, creating and/or
submitting reports as required under applicable laws/regulations,
and making improvements to AECOM’s application or recruitment
process. -
The Personal Data we collect may include:
-
Identification Data
– such as full name, preferred name, home address, email
address, telephone number, and photo/image (if volunteered),
citizenship status, nationality. -
Demographic Data
– such as gender, ethnicity, disability status, gender
identity, transgender status, sexual orientation, and
religion.AECOM processes demographic data for a variety of reasons, and
this will vary in our different jurisdictions. Our reasons for
processing this data include:-
To monitor and ensure diversity and equality of treatment
and opportunity. -
To provide work-related accommodations or adjustments.
-
To comply with applicable legislation.
-
-
Employment and Professional
– such as job title/position, hire/term/rehire dates,
employer information, employment contacts, CV/resume,
academic/professional qualifications, skills, work-related
licenses, education, references, military status, work
permits, current salary, desired salary. -
Other Data
– We may also collect Personal Data about you from third
parties or public sources to support the employment
relationship or to engage with you concerning job
opportunities at AECOM. For example, before and during your
employment or assignment, we may collect information from
public professional networking sources, such as your
LinkedIn profile, for recruitment purposes. We also may
conduct lawful background screenings, to the extent
permitted by law, through a third-party vendor for
information about your past education, employment, credit,
and/or criminal history.
-
-
If you are offered and accept employment with AECOM, the Personal
Data collected during the job application and recruitment process
may become part of your employment record. -
If you are not offered or accept employment AECOM will keep
your CV/resume on file for future job openings. You may remove
your CV/resume by logging into your profile or sending an email
to privacyquestions@aecom.com.
-
-
Contractors/Subcontractors
-
AECOM collects “Personal Data” in connection with onboarding you
as a contractor or subcontractor to perform our contract with you.
We collect and use your “Personal Data” to evaluate your skills
and experience, verify your data, to contact you for project
opportunities and general business operations, conduct legal due
diligence/anti- corruption screening, denied party checks,
recording of work time, business continuity and incident response
communications, administration of safety and protection of AECOM
employees, resources, and workplaces, physical site access and
security, accounting/government tax and auditing business
purposes, administer quality, safety and compliance checks and
reviews to qualify third party contractors for performing work in
accordance with applicable quality standards such as ISO 9001 and
NQA-1; including use of individuals who are required to maintain
specific qualifications or certifications, administration of
safety and protection of AECOM systems for recording and
monitoring network activity for the purpose of identifying,
predicting, and preventing the entry of malicious activity onto or
the release of information from the AECOM network and computing
resources, and to manage AECOM business and project-related
operations. -
The Personal Data we collect includes:
-
Identification Data
– such as full name, preferred name, business address, home
address, email address telephone number, username/password,
date of birth, nationality, citizenship status, country of
birth, photo/image, and biometric data (i.e., fingerprint
scan) where applicable. -
Emergency Contacts
– such as full name, and telephone number. -
Employment and Professional
– such as job title/position, prior work or project
experience, reference contacts, CV/resume,
academic/professional qualifications, skills, work-related
licenses, education, references, military status, work
permits, training reports, -
Demographic Data
–such as gender, ethnicity, gender identity, transgender
status, sexual orientation, and religion.
-
-
AECOM processes demographic data for a variety of reasons, and
this will vary in our different jurisdictions. Our reasons for
collecting this data include:-
To monitor and ensure diversity and equality of treatment and
opportunity; and -
To provide work-related accommodations or adjustments; and
-
Comply with applicable legislation.
-
-
Where the processing of demographic data is not required by law,
we will ask for your express consent.-
Government Issued Data
– Social security number, federal tax identification
number, national identification number, driver’s license
number, passport number. -
Financial/Insurance Data
– bank name and routing and account number, insurance
policy information. -
Medical/Health
– such as medical certificates, work site incident and
accident reports, -
Other Data
– We may also collect Personal Data about you from third
parties or public sources as needed to support the business
relationship or to engage with you concerning projects at
AECOM. For example, before and during the business
engagement, we may collect information from public sources
and professional networking sources, such as MK Denial, your
LinkedIn profile, etc. We also may conduct lawful background
screenings, to the extent permitted by law, through a
third-party vendor for information about your company
information, personal credit, and/or criminal history.
-
-
-
Client, Supplier, Joint Venture Staff
-
As a business partner, AECOM collects Personal Data from you to
manage existing and prospective clients, customers, suppliers, or
other third-party relationships (e.g. in relation to the
initiation, conclusion, or fulfillment of a contract); Communicate
about products or services we offer or intend to offer, the
improvement of our products or services, and the review of our
business relationship; perform accounting, auditing, billing, and
collection activities; meet legal obligations (e.g. financial and
administrative obligations); and establish, enforce or defend
against legal claims. -
The Personal Data we collect includes:
-
Identification Data
– such as full name, preferred name, business address,
email address, and telephone number -
Other Data– such as data on invoices, purchase orders, agreements,
bids, proposals, and other related business records
-
-
-
-
Change of Purpose for Processing Personal Data
-
AECOM will only use your Personal Data for the purposes for which it
was originally collected unless the Company reasonably considers that
the Company needs it for another purpose compatible with the original
purpose and there is a legal basis for further Processing. For
example, the Company may Process the Personal Data you provide to us
while researching job openings in reliance on AECOM’s legitimate
interests in recruitment for roles, but once you apply for a specific
role and are hired into that new role, the Company may need to Process
your Personal Data in order to enter into an employment contract with
you. -
However, if Personal Data covered by this Notice is to be used for
a new purpose that is materially different from that for which the
Personal Data was originally collected or subsequently authorized or
is to be disclosed to a non-agent third party, AECOM will provide
you with an opportunity to choose whether to have your Personal Data
so used or disclosed. Requests to opt-out of such uses or
disclosures of Personal Data should be sent to: privacyquestions@aecom.com.
-
-
How Data is Collected
We use different methods to collect data from and about you:
-
Direct Interactions: You give us your Personal Data when contacting us through
candidate profiles, through interviews, or in response to surveys,
jobs, projects, bids, through quality and compliance questionnaires,
proposals, or other means. This includes information you provide
when you submit your CV/resume or contact details through our
website, email, and our alumni or talent networks.
-
Third Parties or Publicly Available Sources: AECOM may obtain information about you from a representative of
your company (if we are sub-contracting services), publicly
available online records, background check providers, criminal
records check, or past or current professional references you supply
to us. The organization will seek information from third parties
only once a job offer, or business opportunity has been made and
will inform you or your company representative that it is doing
so.
We do not undertake automated decision making or profiling on Personal
Data or Sensitive Personal Data. -
-
Legal Basis for Processing
-
Under data protection law, the Company can only collect and Process
your Personal Data if there is a lawful or legitimate business reason
for doing so, such as:-
To comply with legal and regulatory obligations.
-
To meet any contractual obligations the Company may have to you.
-
For AECOM’s legitimate interests or those of a third party (e.g.,
business or commercial reasons that do not override your rights
and interests under applicable data protection law). -
When the processing
is necessary to respond to public health emergencies or protect
the life, health, or property safety of a natural person under
emergency circumstance. -
Where you have given your consent; or
-
Other circumstances as required by laws or administrative
regulations.
-
-
AECOM adheres to the following guidelines to ensure that its
collection of Personal Data is fair and lawful. Specifically, AECOM:-
Collects only as much Personal Data as is required by law or
needed for reasonable and legitimate business purposes. -
Collects Personal Data in a non-deceptive manner.
-
Where appropriate, informs individuals which Personal Data is
required, and which is optional at the time of collection. -
Collects Personal Data from individuals consistent with local
legal requirements.
-
-
AECOM may need to collect Sensitive Personal Data. Where required
under applicable local law, such Personal Data will be processed with
consent. Where required by applicable local law, consent to transfers
or uses of Sensitive Personal Data will be opt-in.
-
-
Use and Retention
-
AECOM uses, stores, retains, and otherwise processes Personal Data
only for reasonable business purposes and for only as required for
that business purpose or as authorized. -
AECOM does not disclose Personal Data to third parties for direct
marketing purposes, nor does it sell Personal Data. AECOM does not
share Personal Data for purposes of behavioural marketing. Processing
of Personal Data will comply with contractual, regulatory, and local
legal requirements. -
Your Personal Data will be retained only for as long as required to
achieve the purposes for which it was collected, in line with this
Notice and will be securely destroyed when no longer required. -
The following criteria are what determine the period for which the
Company will keep your Personal Data:-
When it is no longer required to be retained to comply with
regulatory requirements or financial obligations. -
Until we are no longer required to do so by any law we are subject
to. -
Until all purposes for which the data was originally gathered have
become irrelevant or obsolete. -
Until the goods and/or services we have provided are no longer in
active use.
-
-
You have the right to submit a request to delete your data in our
systems. Please note that in some cases where there is a compelling
legal reason why we are required to keep your data, we will take
measures to delete unnecessary data and continue to store data
subjected to the legal requirement. -
Job candidate Personal Data may be processed and retained for
immigration requirements as part of the rehire process, including the
sharing of that data with legal advisers and government bodies. The
length of time data may be stored will be based on laws relating to
these requirements.
-
-
Data Privacy Rights
-
Where permitted or required by applicable law, AECOM extends certain
data privacy rights to you. -
Note that we may be unable to provide you access to your Personal Data
in instances where we have destroyed, erased, or anonymized the data,
if we are unable to verify your identity using information we have on
file for you, or if it would reveal Personal Data about another
person. We may also refuse any request if applicable law allows or
requires us to do so. We will inform you of the reasons for refusal. -
If you choose to contact us to submit a request, you will need to
provide us with:-
Enough information to identify you [(e.g., your full name,
address, birthdate, or other identifier)] -
A description of what right you want to exercise and the
information to which your request relates.
-
-
We are not obligated to make a data access or data portability
disclosure if we cannot verify that the person making the request is
the person about whom we collected information, or if someone
authorized to act on such person’s behalf. -
Any Personal Data we collect from you to verify your identity in
connection with your request will be used solely for the purposes of
verification.-
The right to request access. You have the right to request AECOM for copies of your
Personal Data. -
The right to request rectification. AECOM relies on you to ensure the information you provide to
AECOM about you is accurate, complete and current. If any
Personal Data is inaccurate or incomplete, you may request that
your Personal Data be corrected or completed. AECOM will correct
or delete Personal Data as required by applicable law. You may
also request to correct, amend, or delete Personal Data that has
been processed in violation of applicable data protection
law. -
The right to request erasure. You have the right to request AECOM delete your Personal Data
under certain conditions. -
The right to withdraw consent.
Where you have provided written consent (or positive opt-in) to
the collection, processing, or transfer of Personal Data, you
may have the legal right to withdraw consent. Where we have
processed your Personal Data with written consent (or positive
opt-in), you can withdraw that consent at any time. Note –
withdrawing consent will not affect the lawfulness of any
processing the Company conducted prior to withdrawal, nor will
it affect the processing of the Personal Data conducted in
reliance on a lawful basis other than consent. -
The right to request portability. You have the right to request AECOM transfer your Personal
Data that we have collected to another organization, or directly
to you, under certain conditions. -
The right to restrict processing. You have the right to request that AECOM restrict the
processing of your Personal Data, under certain
conditions. -
The right to opt-out of email marketing. You can opt-out of email marketing communications at any time
by selecting the email’s “Opt-out” or “Unsubscribe” link, or
following the instructions included in each email subscription
communication. -
Results of automated decision making. You have the right to request AECOM to conduct a review of
automated decision making that impacts you. -
The right to file a complaint. If you consider that your privacy rights have not been
adequately addressed, you have the right to submit a complaint
to the AECOM Privacy Office or with the supervisory authority in your country of
residence.
-
-
You can submit a request to exercise these data privacy rights to
the AECOM Privacy Office at privacyquestions@aecom.com.
California residents may also call 888.299.9602. AECOM will request
specific information to help confirm identity and rights. -
AECOM will not discriminate against individuals for exercising any of
their privacy rights allowed or required by applicable data protection
law or regulation.
-
-
Sharing and Onward Transfer
AECOM shares Personal Data in the following ways:
-
AECOM Staff: AECOM shares Personal Data among staff having a legitimate
business need to know based on their respective role with the
Company.
-
Subsidiaries and Affiliates: AECOM shares information among AECOM subsidiaries and affiliates
for the purposes described in this Privacy Notice where consistent
with applicable legal requirements.
-
Service Providers: AECOM shares Personal Data to selected affiliated or trusted
service providers to perform services on behalf of the organization.
These trusted service providers include, but are not limited to
Information Technology Providers, Cloud Providers, Data Hosting
Services, Denied and Restricted Party Screening Providers,
Background Check Providers, and Data Storage Providers.
-
Clients: AECOM shares certain Personal Data as part of our professional
services under contract to our clients, including governmental
agencies, for project-related work, security clearances or as
required by security protocols.
-
Other Third Parties: AECOM discloses certain Personal Data to other third
parties:
-
where required by law or legal process (e.g., to tax and social
security authorities); -
where AECOM determines it is lawful and appropriate;
-
to protect AECOM’s legal rights (e.g., to defend a litigation suit
or under a government investigation or inquiry) or to protect its
employees, resources, and workplaces; or -
in an emergency where health or security is at stake.
-
-
Public Security/Law Enforcement: AECOM may be required to disclose Personal Data in response to
lawful requests by public authorities, including meeting national
security or law enforcement requirements.
AECOM is a global company, with offices, Clients, and Suppliers located
throughout the world. As a result, Personal Data may be transferred to
other AECOM offices, data centers, and servers in Europe, Asia, South
America, or the United States for the purposes identified. Any such
transfer of Personal Data shall take place only under applicable law and
the use of Standard Contract Clauses, European Union Standard Contract
Clauses and data protection agreements.AECOM will take steps designed to comply with all applicable local laws
when Processing Personal Data, including any local law conditions for and
restrictions on the transfer of Personal Data.AECOM may also protect data through other legally valid methods, including
international data transfer agreements or Standard Contractual Clauses
that have been recognized by Data Protection Authorities as providing an
adequate level of protection to the Personal Data we process globally.AECOM will ensure all transfers of Personal Data are subject to
appropriate safeguards as defined by data protection laws and regulations. -
-
Data Security
AECOM has adopted and maintains reasonable and appropriate information
security policies, processes and/or procedures to safeguard Personal Data
from loss, misuse, unauthorized access, disclosure, alteration,
destruction, and other Processing. However, no method of transmission over
the Internet, or method of electronic storage, is 100% secure. As such, we
cannot promise, ensure, or warrant the security of any Personal Data that
you may provide to us.AECOM’s information security processes provide for the classification of
information and the assignment of protection requirements and information
security controls based on the classification of information. The
safeguards used to protect Personal Data is commensurate with the level of
risk involved. -
Additional information for California Residents
-
AECOM does not sell Personal Data as part of its business practices.
In compliance with Cal. Civ. Code § 1798.130(a)(5)(C)(i), the Company
reaffirms that it has not sold your Personal Data in the preceding 12
months. -
In compliance with Cal. Civ. Code §1798.130(a)(5)(C)(ii) AECOM has
shared the following Personal Data for a business purpose in the
preceding 12 months:-
Identifiers (e.g., a real name, alias, postal address, unique
personal identifier, online identifier, Internet Protocol address,
email address, account name, social security number, driver's
license number, passport number, or other similar identifiers). -
Information that identifies, relates to, describes, or is capable
of being associated with, a particular individual, including, but
not limited to, the individual’s name, signature, social security
number, physical characteristics or description, address,
telephone number, passport number, driver's license number, or
state identification number, insurance policy number, education,
employment, employment history, bank account number, credit card
number, debit card number, or any other financial information,
medical information, or health insurance information. -
Characteristics of protected classifications under California or
federal law. -
Internet or other electronic network activity information (e.g.,
browsing history, search history, and information regarding an
individual‘s interaction with an Internet
Web site, application, or advertisement). -
Audio, electronic, visual, thermal, olfactory, or similar
information. -
Professional or employment-related information.
-
Inferences drawn from any of the information identified above to
create a profile about an individual reflecting the
individual‘s preferences, characteristics,
psychological trends, predispositions, behavior, attitudes,
intelligence, abilities, and aptitudes.
-
-
In addition to the rights discussed in Section 7, California residents
have certain other privacy rights as described below. You can submit a
request to exercise these data privacy rights to the AECOM Privacy
Office at
privacyquestions@aecom.com. You may also call 888.299.9602. -
You have the right to know:
-
The categories of Personal Data the Company has collected about
you. -
The categories of sources from which the Personal Data is
collected about you. -
AECOM’s business or commercial purpose for collecting or sharing
Personal Data about you. -
The categories of third parties with whom the Company shares
Personal Data about you. -
The categories of Personal Data that the Company has disclosed
about you for a business purpose. -
The specific pieces of Personal Data the Company have collected
about you.
-
-
Please note that the Company are not required to:
-
Retain any personal data about you if, in the ordinary course of
business, that information about you is not retained. -
Reidentify or otherwise link any data that, in the ordinary course
of business, is not maintained in a manner that would be
considered Personal Data; or -
Provide the Personal Data to you more than twice in a 12-month
period.
-
-
-
Exceptions
Under certain limited or exceptional circumstances, AECOM may, as
permitted or required by applicable laws and regulations, process Personal
Data without providing notice, access or seeking consent. Examples of such
circumstances may include investigation of specific allegations of
wrongdoing, violation of company policy or criminal activity; protecting
employees, the public, or AECOM from harm or wrongdoing; cooperating with
law enforcement agencies; auditing financial results or compliance
activities; responding to court orders, subpoenas or other legally
required disclosures; meeting legal or insurance requirements or defending
legal claims or interests; satisfying labor laws or agreements or other
legal obligations; collecting debts; protecting AECOM’s information
assets, intellectualproperty and trade secrets; in emergency situations, when vital interests
of the individual, such as life or health, are at stake; with respect to
access requests, where the burden or expense of providing access would be
disproportionate to the risks to the individual’s privacy or the privacy
interests of others would be jeopardized; and in cases of business
necessity. -
Other Important Information
-
Privacy laws and guidelines are part of a constantly changing
environment. AECOM reserves the right, at its discretion, to modify,
add, or remove portions of this Privacy Notice or any supplemental
privacy notice at any time. Any material change to this Privacy
Notice will be made available to you. When the Company makes
material changes, the Company will also update Section 15 – Change Log. -
AECOM commits to cooperate with European Union data protection
authorities (DPAs) and comply with the advice given by such
authorities regarding human resources data transferred from the
European Union in the context of the employment relationship. -
If you are in the European Union, the European Economic Area,
Switzerland, or the United Kingdom, the data controller of your
Personal Data will be the AECOM entity that signs a contract with you
or for which you submit your CV/resume in response to a job
opportunity. -
If you consider that your rights have not been adequately addressed,
you have the right to submit a complaint with the supervisory
authority in your country of residence, place of work, or the country
in which an alleged infringement of data protection law has occurred.
-
-
Contacting AECOM Privacy Office
-
Any questions regarding this Notice or general privacy-related
questions or concerns related to your Personal Data should be
addressed to the AECOM Privacy Office at: privacyquestions@aecom.com -
For Germany inquiries, you may use the following email address: datenschutz@aecom.com
-
-
Terms and Definitions
a.
Data Privacy
means the legal rights and expectations of individuals to control
how their Personal Data is collected and used.b.
Personal Data
means any information relating to describing, reasonably capable of
being associated with, or capable of reasonably being linked,
directly or indirectly, to an identified or identifiable natural
person.c.
Processing
means any operation or set of operations that is performed upon
Personal Data.d.
Sensitive Personal Data
has definitions that vary from country to country. For example,
European data protection laws treat certain categories of Personal
Data as especially sensitive, e.g., biometric, information about
racial or ethnic origin, political opinions, religious or
philosophical beliefs, trade union membership, information
specifying medical or health conditions, or sex life.In the United States, sensitive information may include, but is not
limited to, Social Security numbers, bank account numbers, passport
information, healthcare related information, medical insurance
information, credit and debit card numbers, drivers’ license and
state ID information, information from children under the age of 13,
biometric information, genetic data, precise geo-location, and
information about racial or ethnic origin, religious or
philosophical beliefs, sex life, sexual orientation or unionmembership.
-
Change Log
Rev # |
Change Date |
Description of Change |
Location of Change |
0 |
12-Feb-2020 |
Initial release as L1-007-PL5 |
|
1 |
14-Aug-2020 |
|
|
2 |
26-Aug-2020 |
|
|
3 |
20-Jan-2023 |
|