1. Introduction

Many countries have data protection laws that protect the privacy of individuals by regulating the way in which businesses handle personal information, requiring businesses to be, among other things, open and transparent about why and how they handle personal information. 

The purpose of this Privacy Notice is to inform you why and how Herbalife Nutrition handles personal information about you and other job applicants in the Cayman Islands. This Privacy Notice will apply to you if you are a job applicant who has applied for any role within the Herbalife Nutrition group that is based in the Cayman Islands.

2. What is Personal Data?

“Personal Data” means any information relating to an identified or identifiable individual.  An identifiable individual is one who can be identified, directly or indirectly, in particular by reference to an identification number, or to one or more factors specific to his physical, genetic, physiological, mental, economic, cultural or social identity.  Examples of personal data are first and last name, mailing address, telephone number, email address, credit card information, and banking information.  

For those applying for vacancies the entity responsible for the proper handling of your personal information is the regional Herbalife Nutrition office you are applying to. The list of regional offices is listed here: https://www.herbalife.com/region-links/ 

3. What type of Personal Data do we collect?

The types of personal data which we collect in connection with our recruitment process will vary depending on various factors, including your personal circumstances and the progress you make in the recruitment process, but it can include any combination of the following types of personal information about you:

• Your contact details such as title, name, home address, personal email address, and personal phone number;
  
  
• Information about your skills, experience, and qualifications, including academic history and employment history, and any other information you include in your CV or otherwise provide to us in connection with your job application;

• Information about your personality, character, temperament, and demeanour;

• Your performance in technical assessment(s), aptitude / psychometric test(s), and other assessments we may ask you to undertake;

• Recording of any interactive or non-interactive video interview we may ask you to take part in;

• Information about the expectations you have in respect of the position you applied for, such as the type of employment sought, type of work you wish to perform, and your desired salary level;

• Information about your personal circumstances, such as your availability for interviews, your notice period, your reasons for applying to Maples, and any adjustment you require in attending interviews or taking up a position within Maples;

• Technical information such as the IP address from which you access our website, the type and version of browser you use to access our website, type of device you use to access our website, and so on (to the extent you apply to us through our careers website); and
  
  
• Information about you which we are obliged to check or monitor for legal or regulatory reasons, such as information relating to your identity, nationality, visa / work permit, credit worthiness, bankruptcy record, and criminal record.

4. How do we obtain your Personal Data?

We obtain much of your personal information directly from you, but depending on your circumstances, we may obtain your personal information indirectly from a range of sources.

Sources from which we might obtain your personal information include, without limitation, the following:

• Those who have put you forward as a candidate (e.g. recruitment agency or temporary staffing agency);

• Those who provide references for you (e.g. academic institutions you have attended, your former employers, or your previous clients);

• Websites where you have voluntarily made your personal information publicly accessible (non-exhaustive examples of such websites include Facebook, LinkedIn, Tumblr and Twitter);

• Publicly accessible registers and databases, such as registers of shares, registers of companies and partnerships, database of journals and news articles, and so on; and

• Providers of background check and business risk screening services, including credit reference agencies and operators of criminal records database (in some cases they can include authorities such as government departments and the police).

5. Why do we collect your Personal Data?

We collect your personal data for various business purposes, including establishing, managing or terminating your relationship with us.  Specific uses include but are not limited to:

• Determining eligibility for initial employment or engagement, including background checks, verification of references and qualifications;
  
  
• Operating and managing Herbalife’s infrastructure, systems, products, services and assets;
  
  
• Communicating with you or your designated contacts if there is an emergency;
  
  
• Complying with legal and other compliance requirements, such as record-keeping and reporting obligations, conducting audits, compliance with government inspections and requests, responding to legal processes such as subpoenas, pursuing legal rights and remedies, defending litigation and managing any internal complaints or claims and conducting investigations; and

6. What is our legal basis for using your Personal Data?

In handling your personal information for the aforementioned purposes, we rely on the following legal justifications:

• Contractual Necessity. We rely on this justification where we handle your personal information in order to evaluate your job application and make you an offer if you are successful. This is the case where we handle your personal information for the purpose of HR Administration;

• Legitimate Business Interest. We rely on this justification where we need to handle your personal information in order to operate, manage, and develop our business (provided that we can strike the right balance between our interests and your interests). This is typically the case where we handle your personal information for the purposes of Business Administration and Corporate Governance;

• Legal and Regulatory Requirement (where applicable); and

• Consent. We rely on consent where we handle your personal information based exclusively on your permission. We would not ordinarily rely on consent, but occasionally, where none of the other legal justifications are available to us, we may choose to rely on consent. Where we rely on consent to handle your personal information, you can expect us to explain what you are being asked to agree to, and you will be able to decide freely without being penalised in any way for your choice. You can also withdraw your consent at any time should you subsequently change your mind.

7. With whom do we share your Personal Data?

We may share your personal data with our employees, contractors and consultants who have a legitimate business need to know the information for the purposes described in this Privacy Notice.  They may include personnel in the local, regional, or corporate HR, IT, Legal, Finance, Accounting and Internal Audit departments, among other departments.

We may share your personal data with third parties who provide services on our behalf such as:

• Professional Advisors including accountants, auditors, lawyers, insurers, bankers, and other outside professional advisors;

• Service Providers that provide products and services to us such as payroll, pension scheme and benefits administration, human resources, performance management, training, expense management, IT, equity compensation program, credit cards, medical or health, trade bodies and associations, and others;

Our third-party service providers are contractually bound to keep all personal data confidential and to only use personal data for the purpose of providing us with the requested services.

Lastly, we may also share your personal data with:

• Public and Governmental Authorities that regulate or have jurisdiction over us such as regulatory authorities, law enforcement, and public and judicial bodies; and
  
  
• Parties to Corporate Transactions in connection with any proposed or actual reorganization, merger, sale, joint venture, assignment, transfer or other disposition of all or any portion of our business, assets or stock (including in connection with any bankruptcy or similar proceedings).

8. Is your Personal Data transferred outside of the Cayman Islands?

Herbalife Nutrition does not disclose your personal data to unauthorized third parties. However, as a global corporation consisting of multiple companies in various countries, Herbalife Nutrition has international sites and uses resources located throughout the world. Herbalife Nutrition may from time to time also use third parties to act on Herbalife Nutrition’s behalf. To the extent necessary for the purposes set out in this Privacy Notice your personal data may be transferred and/or disclosed to any company within Herbalife Nutrition group of companies as well as to third parties acting on Herbalife Nutrition’s behalf, including service providers and subjects legally entitled to access the data, such as data processors.

Your data may be transferred to servers and databases outside the Cayman Islands. Such transfers may include for example transfers and/or disclosures to outside of the Cayman Islands, including the United States of America. There is not one set of data protection laws that cover Europe, the United States and other parts of the world. Cayman Islands laws require that Herbalife take steps to protect your information when it is transferred outside of the Cayman Islands. Those steps include:

• for international transfers to other Herbalife entities around the world, Herbalife relies on its Model Contractual Clauses;

• for international transfers to service providers, the protections depend on the service provider concerned and its location, and include agreements containing data protection clauses as required by law.

9. How do we secure your Personal Data?

Herbalife Nutrition takes reasonable and appropriate administrative, technical and physical precautions to protect the confidentiality, integrity and availability of your personal data, whether in electronic or tangible, hard copy form.  We take reasonable and appropriate measures to protect personal data from loss, misuse and unauthorized access, disclosure, alteration and destruction.

10. Purpose Limitation, Data Integrity and Retention

We limit the collection, use and retention of your personal data to that which is relevant for the purposes described herein or other purposes consistent with reasonable expectations given the context of the collection.  In addition, we take reasonable steps to ensure that personal data is reliable for its intended use, accurate, complete, and current.  The period for which your personal data will be stored results from legal obligations specified in relevant laws, or as long as the personal data is necessary for the purposes of the legitimate interests pursued by Herbalife Nutrition, and in cases where processing based on your consent, as long as that consent is valid.

11. Your rights

You have various rights in respect to your personal data, such as a right of access, rectification, restriction of or, objection to processing of your personal data and erasure. Please note that these rights are subject to limitations set out in law. 

For more information about how we use your data and your rights, as well as for requesting the erasure or blocking of the data, you can contact us at privacy@herbalife.com.

If you have concerns about Herbalife’s collection and use of your personal information that Herbalife cannot solve to your satisfaction, you have the right to file a complaint with the Ombudsman of the Cayman Islands:

Ombudsman
PO Box 2252, Grand Cayman KY1-1107, Cayman Islands
https://ombudsman.ky/