RGA Workforce and Recruitment Privacy Notice for EMEA

RGA is a global reinsurance company focusing primarily on life- and health-related reinsurance solutions. Our core products and services include life reinsurance, living benefits reinsurance, group reinsurance, health reinsurance, financial solutions, facultative underwriting, and product development.

The headquarters of Reinsurance Group of America, Inc. is located in St. Louis, Missouri, United States of America.

RGA has a range of offices in the EMEA region. For example, RGA International Reinsurance Company dac located in Ireland is RGA’s representative in the European Economic Area (‘EEA’); RGA Reinsurance Company Middle East Limited in the United Arab Emirates is RGA’s representative in the Middle East and RGA Reinsurance Company of South Africa Limited in South Africa is RGA’s representative in Africa. A full list of all EMEA RGA entities is available at https://www.rgare.com/global-directory/emea.

RGA entity that employs you is the controller responsible for the personal information we collect and process. Other RGA entities may also be controllers in respect of your personal information, depending on their involvement in recruitment and employment-related matters.

This privacy notice is designed to provide compliance with relevant laws in EMEA region where RGA has offices.

RGA handles personal information in accordance with multiple local privacy laws at the place where the personal information is collected and processed. If applicable laws provide for a lower level of protection of personal information than that established by this privacy notice, then this privacy notice shall prevail.

Personal information means information, or a combination of pieces of information, that could reasonably allow an individual to be identified.

If you are applying for a position with RGA, depending on recruitment policies in a specific RGA office, we may collect your personal information in the following ways (to the extent permissible under local law):

• from your application and CV, which you provide directly to us;
• from your application and CV, which a recruiter provides to us on your behalf;
• by interviewing and communicating with you and conducting assessments to test your suitability for a role;
• by performing background checks with employment screening agencies or publicly available registers (as permitted by law). For example, RGA may check your name against lists developed by various governments for the prevention of money laundering and terrorism;
• from publicly available professional profiles on websites or social media (e.g. LinkedIn);
• from former employers or other referees, including RGA employees.

If you are an employee of RGA, we may collect your personal information in the following ways (to the extent permissible under local law):

• through photography and videography with your voluntary participation;
• by performing engagement surveys;
• directly from you, when you first joined the company and throughout your employment;
• from our communications with you throughout your employment;
• from managers, other employees, clients, or service providers that provide feedback about you throughout your employment;
• by performing ad hoc background checks with employment screening agencies or publicly available registers, such as lists developed by various governments for the prevention of money laundering and terrorism (as permitted by law);
• from professional or regulatory bodies;
• through the use of CCTV and time management systems on our premises; and
• by monitoring the use of our IT systems and applications.
  
  

The type of personal information we collect and process about you will depend upon specific circumstances relating to your recruitment and employment with us and local laws relevant to a specific RGA office you are engaged with.

If you are applying for a position with RGA, we may collect the following categories of personal information about you:

• Personal details: name, gender, date of birth, citizenship, nationality, military status, disability;
• Financial background information: credit check;
• Contact details: phone number, email address, postal address, mobile number;
• Educational and professional background information: educational and professional history, qualifications, certifications, skills, licenses, and professional memberships;
• Right-to-work information: your citizenship, work, and residence permits, visas;
• Information about your current employment: job title, responsibilities, compensation history;
• Personality or psychometric tests information.

If you are an employee of RGA, we may collect the following categories of personal information about you:

• Personal details: name, gender, date of birth, employee number;
• Contact details: phone number, email address, postal address, mobile number;
• Photographs, video footage, or your images;
• Identification documents: a copy of your passport, identity card, or driving license;
• Information about your family: marital status, date of marriage, dependents;
• Emergency contacts: next of kin, their names, relationship with you, and contact details;
• Employment information: your job role, employment contract, start and leave dates, salary (including your level and grade), working pattern;
• Pay-related information: your bank account details, payroll information, tax information, retirement and/or pension information, details of any leave, and expenses claimed;
• Benefits-related information: available benefits, payments claimed;
• Personality or psychometric tests information;
• Performance and training information: performance at work, promotions, training history, development needs;
• Investigations-related information: grievance and dignity at work matters, disciplinary records, warnings or penalties issued, whistleblowing concerns;
• Monitoring-related information: information derived from monitoring IT acceptable use standards, including employee user ID, IT systems access logs, CCTV records, time management system records
• Information about your personal and family life (only if you voluntarily share it with your colleagues).
  

Some of the personal information we ask you to provide is mandatory, which means that you must provide this to us in order for us to continue recruiting or employing you and/or to fulfill our legal obligations.

Where it is mandatory for you to provide certain information, we will make this clear to you when we ask for the information.

Our ability to collect and process your special category personal information will depend on local laws relevant to a specific RGA office and circumstances relating to your recruitment and employment with us.

If you are applying for a position with RGA, we may collect the following special category personal information:

• Criminal records: confirmation whether you have committed any criminal offense and security measures that were applied.
• Information relating to your diversity (only if you voluntarily shared it with RGA).

If you are an employee of RGA, we may collect the following special category personal information:

• Criminal records: confirmation whether you have committed any criminal offense and security measures that were applied;
• Health information: sick leave forms, details of reasonable adjustments at the office;
• Accident records (only if you have an accident at work);
• Information relating to your diversity (i.e., ethnicity, race).

If you are applying for a position with RGA , we use your personal information to:

• assess your financial responsibility;
• facilitate the recruitment process and match your details to job opportunities;
• check whether you have previously applied for a job with us
• communicate with you in relation to your application;
• assess your professional experience, skills, and abilities for a specific role;
• provide you with an adequate offer;
  
• keep you informed of job opportunities that we think may be of interest.

Under certain circumstances, we may also use your special category personal information to take precautionary measures and ascertain that you were not involved in criminal activities and are able to carry out specific responsibilities at RGA.

If you are an employee of RGA, we use your personal information to:

• take precautionary measures and ascertain that you were not involved in criminal activities and are able to carry out specific responsibilities at RGA;
• monitor diversity among job applicants and foster inclusion;
• ensure data accuracy regarding the records that RGA already retains;
• represent RGA’s workforce accurately, including its diversity, in internal and external communications, promotional and marketing materials (only with your explicit consent and in compliance with local data protection laws);
• create and publish internal and external communications, promotional and marketing materials (only with your voluntary participation and in compliance with local data protection laws);
• help inform RGA’s diversity, equity, and inclusion strategy and actions;
• perform meaningful analysis that will help us to improve employee programs, workplace practices, and policies to help RGA be a more inclusive and equitable organization;
• invite you to attend and share your experience about corporate social responsibility activities;
• budget for your compensation;
• carry out the contract we have with you and manage our human resources processes;
• administer immigration and mobility needs;
• compensate you for your work, administer our payroll and your leave entitlements;
• provide you with applicable pension entitlements and benefits;
• assess your performance, identify development needs, conduct pay and grading reviews, administer promotions, and provide training;
• plan succession;
• deal with any disputes or reported misconduct and comply with legal obligations to which we are subject and cooperate with regulators and law enforcement bodies;
• conduct investigations and resolve employee disciplinary or grievance issues;
• deal with your inquiries and requests;
• facilitate your interaction with others, maintain an interesting and collaborative working environment;
• provide you with access to our premises, equipment, and systems;
• maintain the security of our premises, systems, facilities, and data.

We may also process your special category personal information for the following purposes:

• to comply with a legal obligation to prevent unfair discrimination;
• to represent RGA’s workforce accurately, including its diversity, in internal and external communications, promotional and marketing materials (only with your explicit consent and in compliance with local data protection laws);
• to take precautionary measures and ascertain that you were not involved in criminal activities and are able to carry out specific responsibilities at RGA;
• to comply with our health and safety obligations, including administration of sick pay, monitoring and managing of sickness absence, and adapting the workplace or our facilities for your needs;
• to foster diversity in the workplace, for example, to make special arrangements to accommodate religious beliefs or to promote diversity in the workplace.
  

We may use technology (including technology provided by third-party service providers) to process your personal information in a manner that constitutes "profiling" (to the extent permissible under local laws). This involves the use of software that is able to evaluate your personal aspects and predict risks or outcomes. The main examples of when we conduct profiling are:

• when we use personality or psychometric tests, particularly in the recruitment process. These tests analyze your responses to highlight potential strengths and weaknesses and your possible match for certain types of roles, but we do not use these tests to automatically select or eliminate candidates; and
• for workforce management. We may use software to ensure our workforce is managed and utilized efficiently, to predict risks in staff retention, and to ensure that employees are being compensated fairly.

Although we may use profiling to assist our decision-making, we do not make solely automated decisions about individuals. We do not make decisions about hiring, compensation, dismissal, promotion, or other matters which may significantly impact an individual, without assessing all the circumstances.

We are committed to processing your personal information fairly and lawfully and only to the extent necessary to achieve the purposes listed above.

We must have a legal basis to process your personal information. In most cases, our ability to obtain and process your personal information is based on one of the following:

• necessary for reasons of substantial public interest, for example, to ensure equality of opportunity or treatment; as well as racial and ethnic diversity at senior levels;
• to take necessary steps prior to entering into a contract with you;
• to fulfill our contractual obligations to you in connection with your contract with us;
• to comply with our legal obligations, for example obtaining proof of your right-to-work status or carrying out background checks, or preventing unfair discrimination;
• to comply with our legal obligations to you, for example health and safety obligations that we must comply with as your employer, applicable laws in the reinsurance sector, or other applicable employment laws;
• to meet our legitimate interests, for example, to conduct the recruitment process efficiently and fairly, to manage our employees effectively, to develop, train and provide feedback on our employees, to monitor compliance with internal policies, to communicate effectively internally, to budget for payroll expenses, and to protect the company (and other employees) against theft, cybersecurity threats or other crimes. When we process personal information to meet our legitimate interests, we put in place robust safeguards to ensure that your privacy is protected and to ensure that our legitimate interests are not overridden by your interests or fundamental rights and freedoms. If you wish to obtain further information concerning the balancing test that we carry out, please contact us at the details contained in the "Contact us" section below; and
• to protect your or another person's vital interests, for example by providing your health information to a doctor in a medical emergency.

On occasion, we may obtain your explicit consent to collect and use certain types of personal information, for example when we are required to do so by law, when taking photographs or video, or if candidates ask us to pass their details to a third party for recruitment or background check purposes. If we ask for your consent to process your personal information, you may withdraw your consent at any time by contacting us at the details contained in the "Contact us" section below.

For more information about how these legal bases apply to the processing of your personal information, please seek for more detail at the following link: https://www.rgare.com/our-company/responsibility/policies-and-governance-center/policy-and-rights/careers-privacy-policy/legal-bases-and-purposes-hr-english 

Depending on the circumstances relevant to the processing of your personal information, we may share it with the following parties:

• RGA group companies. We operate as a global business, so we may share your contact details as well as other aspects of your employment profile with group companies for human resource management, budgeting, and internal reporting. Where you have volunteered and/or consented, we may also share your image with group companies for internal and external communications, promotional and marketing purposes.
• Service providers. We may share your personal information with service providers that perform services and other business operations for us, for example, we may partner with other companies for payroll administration, offering and administering benefits, employee vetting, immigration advice, psychometric testing, hosting the HR platform, photography/videography, budget administration and analyzing information to improve our processes and policies.
• Hotels, transport providers, and relocation companies, in order to provide relocation support or to arrange transport and accommodation for you, when needed.
• Any law enforcement agency, court, regulator, government authority, or professional body. We may share your personal information with these parties where we believe this is necessary to comply with a legal or regulatory obligation or otherwise to protect our rights or the rights of any third party.
• Asset purchasers. We may share your personal information with any third party that purchases, or to which we transfer, all or substantially all of our assets and business. Should such a sale or transfer occur, we will use reasonable efforts to try to ensure that the entity to which we transfer your personal information uses it in a manner that is consistent with this privacy notice.

You have certain rights regarding your personal information, subject to local laws and circumstances relating to the processing of your personal data.

Your rights include the right to:

• ask us to confirm whether your personal information is being processed, and access your personal information and details concerning its processing (right of access);
• rectify any inaccurate information we hold about you (right to rectification);
• erase your personal information (right to erasure);
• restrict the processing of your personal information (right to restriction of processing);
• ·object to our processing of your personal information (right to object);
• withdraw your consent in relation to processing your personal information (where we rely on your consent as our legal basis for processing) (right to withdraw your consent);
• receive your personal information in a usable electronic format and transmit it to a third party (right to data portability); and
• lodge a complaint with your local data protection authority.

If you would like to discuss or exercise such rights, please contact the HR department or the Global Privacy & Security Office (GSPO) at dsr@rgare.com, or by using the contact details provided in the section ‘Contact us’ below.

We encourage you to contact the HR department to update or correct your information if it changes or if the information we hold about you is inaccurate.

We are committed to working with you to obtain a fair resolution of any request, complaint or concern about privacy. If, however, you believe that we have not been able to assist with your request, complaint or concern, you have the right to make a complaint to your local supervisory authority (i.e. the supervisory in the jurisdiction where you live or work) or the supervisory authority of the jurisdiction where you believe an infringement of data protection laws has occurred. Contact details of supervisory authorities are available at the following link: https://www.rgare.com/privacy-policy/english/supervisory-authorities-contacts 

We implement technical and organizational measures to ensure a level of security appropriate to the risk to the personal information we process. These measures are aimed at ensuring the ongoing availability, integrity, and confidentiality of personal information. We evaluate these measures on a regular basis to ensure the security of the processing.

If you are applying for a job with us, we will retain your personal information until the position you are applying for has been filled, after which we will retain your personal information in accordance with our retention policy for a period of time that enables us to:

• Check our records should you apply for another role with us
• Comply with record retention requirements under the local law
• Defend or bring any existing or potential legal claims
• Deal with any queries or complaints you may have

We will delete your personal information when it is no longer required for these purposes. If there is any information that we are unable, for technical reasons, to delete entirely from our systems, we will put in place appropriate measures to prevent any further processing or use of the data.

If you are an employee, we will keep your personal information for as long as you remain employed with us. Once our relationship with you has come to an end, we will retain your personal information in accordance with our retention policy for a period of time that enables us to:

• Include your image in internal and external communications, promotional and marketing materials, and company archives;
• Provide you with any continuing benefits such as pension or insurance;
• Comply with record retention requirements under the local law;
• Defend or bring any existing or potential legal claims;
• Deal with any queries or complaints you may have; and
• Conduct checks against departing employees that move to certain controlled functions, in accordance with regulations.

We will delete your personal information when it is no longer required for these purposes. If there is any information that we are unable, for technical reasons, to delete entirely from our systems, we will put in place appropriate measures to prevent any further processing or use of the data.

Because we operate as a global business, your personal information may be transferred to, stored, and processed by RGA entities in other countries, which may include countries that are not regarded as ensuring an adequate level of protection for personal information under the European Union or your local law. Therefore, RGA has adopted Binding Corporate Rules (‘BCRs’) to enable us to make international transfers of your personal information within our group of companies in compliance with data protection laws of the European Union and other relevant countries. Summaries of our BCRs are available at https://www.rgare.com/our-company/responsibility/policies-and-governance-center/policy-and-rights/binding-corporate-rules 

If we need to transfer your personal information to service providers or other parties located outside the EEA or other relevant countries, we will make sure that adequate safeguards are in place with those parties. We typically put in place contractual commitments in accordance with applicable legal requirements to ensure that your personal information is adequately protected. For more information on the appropriate safeguards in place, please contact us at the details contained in the "Contact us" section below.

If you have questions or concerns regarding the way in which your personal information has been used, please e-mail us at privacy@rgare.com, or call or write to us.

For all other postal addresses and telephone numbers, please see  RGA EMEA pages

If you would like to exercise a data subject right, you may use our  online contact form.

You may request a copy of this privacy notice from us using the contact details set out above. We may modify or update this privacy notice from time to time. If we make a significant change to this privacy notice, we will notify you and, where appropriate, give you sufficient advance notice so that you have the opportunity to exercise your rights (e.g. to object to the processing).