We believe Black lives matter. Learn how Fitbit is stepping up to support the movement both within our company and our communities. READ CEO LETTER

Fitbit Personnel, Applicant, and Candidate Privacy Policy

At Fitbit, our mission is to inspire and empower people to live a healthier, more active life. We have a talented workforce that helps us accomplish this mission.

 

Here we describe our privacy practices for our global workforce. This includes employees, contractors, consultants, and other individuals (collectively, "personnel") who currently work or previously have worked for Fitbit, Inc. or an affiliate or subsidiary (collectively, "Fitbit" or "we"). This policy also covers individuals who applied to work for Fitbit or were recruited by us.

 

You will learn about the data we collect, how we use it, how you can access and control it, and the measures we take to keep it safe. Specifically, we'll cover:

 

INFORMATION WE COLLECT

 

We collect different kinds of information depending on whether you currently work or formerly worked for us, or applied or were recruited for a job. The provision of certain information is mandatory and may be required under applicable law or in accordance with a contractual requirement. The collection of any such information will be made clear at the time of its collection. We may collect data directly from you or from third party sources, such as when you authorize us to check your background as permitted under applicable law.

 

The data we collect includes the following types of information:

 

Personal details: including identifiers and contact information such as your name, government or other national identification numbers, address, email address, telephone number, and other contact details; audio and visual  information such as your image and voice; demographic information such as your gender, and age or date of birth; and other information that may be necessary to complete a background check, where permitted by applicable law, or otherwise to confirm your eligibility for employment or to administer benefits;

 

Personnel records: including education information and professional or employment-related information about your education, training, work experience, employment history, performance evaluations and feedback, references and background reports, and other employment documents relevant to establishing, maintaining or terminating the employment relationship;

 

Compensation and benefits information: including details of your benefits and compensation; bank account number, identifiers and other information about your dependents, identifiers and other information about your spouse or partner, and other information that may be necessary for the administration of payroll, health insurance, or benefits;

 

Work information: including professional or employment-related information about your activities while working for Fitbit, attendance and leave information, travel and other expense data, other information that supports our human resources activities or our business operations, and data generated from your use of work resources and physical premises, such as from your building access, through your use of our information technology and communications systems, and from office video cameras and CCTV used to protect the safety of Fitbit staff, visitors, equipment, and property;

 

Field test and research information: if you have consented to participate in a Fitbit field test or other type of test or research project (including testing a product, feature or service), we collect personal data in accordance with your authorization in order to administer the test. This data may include biometric information from a Fitbit device, such as steps, heart rate, location, and sleep stages, depending on the device you test; and

 

Fitbit Wellness Program ("Workplace Challenge") information: if you have consented to join the Fitbit Wellness Program ("Workplace Challenge"), we receive certain data in accordance with your authorization in order for you to participate in the Workplace Challenge, including biometric information from your Fitbit account, such as your steps, distance, floors, and active minutes. You can revoke your consent to share this data with us anytime using your Fitbit account settings.

 

Special categories of personal data: in certain circumstances, we process special categories of personal data subject to the European Union's General Data Protection Regulation ("GDPR"). This includes demographic information about race or ethnic origin, health information, or genetic or biometric information. For example, we may need to process information about your health in order to ensure occupational health and safety, to monitor sick leave, make decisions about sick pay, to administer benefits and make decisions about the need for adjustments in the workplace. Other special categories of personal data are political opinions, religious or philosophical beliefs, trade union membership, sex life, and sexual orientation. Even if we do not request this information, you may disclose it to us in the course of your relationship with us. For example, you may request time off to observe a religious holiday or join an employee resource group for LGBT workers.

 

Fitbit service data: your personal use of our consumer-facing Fitbit services, including our Fitbit devices, applications, software, and websites, is separately governed by the Fitbit Privacy Policy and outside the scope of this privacy policy.

HOW WE USE INFORMATION

 

We use the information we collect to carry out and support our human resources activities and business operations and for other business purposes, such as the following:

 

Talent acquisition and personnel lifecycle management: including recruiting and hiring job applicants (which may include conducting background checks, where permitted by applicable law); developing and retaining talent; monitoring, evaluating, and managing personnel performance; facilitating personnel mobility and managing international assignments; and managing the personnel separation process;

 

Human resources or operational purposes: including administering compensation and benefits; verifying identification; managing the company directory; managing information technology and communications systems, such as the corporate email system; managing attendance and leaves of absence; accounting for purchases; performing workforce analytics and reporting; and managing integration planning, including business continuity and disaster recovery planning;

 

Policy management and compliance purposes: including administering code of conduct and privacy and security training programs; facilitating incident reporting and security management; administering the whistleblower hotline for personnel; conducting ethics and disciplinary investigations and managing claims; and managing audit and compliance matters;

 

Compliance with applicable laws, regulations, legal processes, or governmental requests: including in relation to work permits or visas (as may be necessary), and complying with immigration requirements; fraud prevention; internal controls and company security; for the purposes of financial and tax regulations; and health and safety obligations; and

 

Promotion of safety and security: we may also use your information to protect the rights and property of Fitbit, our users, personnel, applicants, candidates, or the public as required or permitted by law.

 

If you are offered and accept a job with Fitbit, the information collected during the application and recruitment process will become part of your personnel record.

 

For personal data subject to the GDPR, we rely on several legal bases to process the data. These include:

 

• in order to comply with our contractual obligations with you; we use your data to manage the employment relationship with you and to ensure that we pay you your benefits;

 

• when processing is necessary in our legitimate interests to maintain and improve efficiencies and processes in the workplace, internal management, and effective personnel administration; we may also process data where we have a legitimate interest in doing so to maintain the safety and security of Fitbit personnel and others, to comply with contractual obligations, to enforce Fitbit policies, and to defend our interests in legal proceedings;

 

• when legal and regulatory obligations require us to process your personal data (including special categories of data): for example, we may be required by law to keep certain data about your leave (including medical leave) or to report benefits information to tax authorities; and

 

• in order to protect the vital interests of Fitbit personnel (particularly sharing information in the event of an accident or emergency).

HOW INFORMATION IS SHARED

 

We do not share your personal information except in the limited circumstances described below:

 

With Fitbit personnel and our corporate affiliates. We share your information with Fitbit personnel, within the scope of their job responsibilities and in accordance with law, in order to assist us in carrying out our human resources activities and business operations. Your information is transferred among our affiliates and subsidiaries in the United States and in other jurisdictions.

 

For external processing. We transfer your information to our service providers and other partners who process it for us, based on our instructions, and in compliance with this privacy policy and any other appropriate confidentiality and security measures. These service providers and partners provide us with services globally, including for recruiting, benefits, payroll processing, hosting our company directory, and supporting our human resources, information technology, and other business functions around the world.

 

With your consent, for legal reasons, or to prevent harm. We will share your personal information with third parties if we have your consent. We may also preserve or disclose information about you to comply with a law, regulation, legal process, or governmental request (including requests from law enforcement and security agencies); to assert legal rights or defend against legal claims; or to prevent, detect, or investigate illegal activity, fraud, abuse, violations of our agreements or policies, or threats to the security of our systems or services or to the physical safety of any person.

 

In a business transfer or sale. If we are involved in an actual or potential merger, acquisition, or sale of assets, we may share information with an actual or potential acquirer or investor or their professional advisors. In such case, we will continue to take measures to protect the confidentiality of personal information.

 

We may share non-personal information that is aggregated or de-identified so that it cannot reasonably be used to identify an individual.

YOUR RIGHTS TO ACCESS AND CONTROL YOUR PERSONAL DATA

 

We provide you with applications and tools to access and control the personal information associated with your personnel record, regardless of where you live.

 

If you live in the European Economic Area, Switzerland, or United Kingdom, in certain circumstances you have legal rights to access, edit, export, and delete your personal data, including information contained within your personnel file. In addition, when we process your personal data based on our legitimate interests (including as described in the How We Use Information section above), you have a right to object to our processing of your personal data. If you would like to exercise any of these statutory rights, please contact HRprivacy@fitbit.com. If you need further assistance regarding your rights, please contact our Data Protection Officer at data-protectionoffice@fitbit.com, who will consider your request in accordance with applicable laws. You may also have a right to lodge a complaint with your local data protection authority or with the Irish Data Protection Commissioner, Fitbit International Limited's lead supervisory authority, whose contact information is available here.

DATA RETENTION

 

If you are successful in your application to join Fitbit, the information you provide during the application process may be retained by Fitbit as part of your personnel record. We store information associated with your application or personnel record as required by law, as necessary to resolve disputes, or for as long as is reasonably required for our business purposes. If you do not want us to retain your information, please contact HRprivacy@fitbit.com. Please note that it may take a bit of time to delete your personal information, and we may preserve it in certain cases, including for legal reasons or to prevent harm as described in the How Information Is Shared section.

INFORMATION SECURITY

 

We work hard to keep your data safe. We use a combination of technical, administrative, and physical controls to maintain the security of your data. For example:

 

  • Fitbit employees undergo information security training as part of their new employee orientation process.

 

  • Fitbit has a formal security risk management program that seeks to ensure the company is operating at an acceptable level of risk with regards to the confidentiality, integrity, and availability of information.

 

  • Access to internal networks is restricted and managed according to access policies and the requirements of business applications.

 

  • Physical access to Fitbit's corporate facilities is restricted to authorized Fitbit personnel as required to perform their job responsibilities.

 

No method of transmitting or storing data is completely secure, however.

OUR INTERNATIONAL OPERATIONS AND DATA TRANSFERS

 

We operate internationally and transfer information to the United States and other countries for the purposes described in this policy.

 

We rely on the EU-US and Swiss-US Privacy Shield to lawfully transfer personal data from the EEA and Switzerland. Fitbit, Inc. complies with the EU-US and Swiss-US Privacy Shield principles regarding the collection, use, sharing, and retention of personal information, as described in our Privacy Shield certifications. Learn more about Privacy Shield here.

 

Fitbit, Inc. is subject to the oversight of the US Federal Trade Commission and remains responsible for personal information that it transfers to others who process the data on its behalf as described in the How Information Is Shared section. If you have a complaint about Fitbit, Inc.'s Privacy Shield compliance, please contact us. You can also refer a complaint to your local data protection authority, and Fitbit, Inc. will work with them, and if necessary other data protection authorities, to resolve your concern. In certain circumstances, you may invoke the Privacy Shield arbitration process.

CHANGES TO THIS POLICY

 

We may change this privacy policy from time to time. Each version of this policy is identified by its effective date.

 

 

WHO WE ARE AND HOW TO CONTACT US

 

The Fitbit entity that employs you, along with Fitbit, Inc. and Fitbit International Limited, act as the controllers of your personal data.

 

If you have questions, suggestions, or concerns about this policy, or about our use of your information, please contact us at HRprivacy@fitbit.com.

 

If you live in the European Economic Area, Switzerland, or United Kingdom and seek to exercise any of your statutory rights, please contact our Data Protection Officer at dataprotection-office@fitbit.com.

 

Effective: January 1, 2020