Notice of employee and applicant data processing practices

This notice (“Notice”) provides you with information about Liberty Mutual Canada (“Liberty Mutual” or
“we”) data processing activities with respect to personal data collected from and about job applicants,
employees, and contract employees in Canada.

1. If you are an employee

As your employer, we need to collect personal information about to manage human resources, assign work, assess performance, ensure health and safety, protect electronic network security and meet our legal obligations. We will always only use what is necessary to address operational realities to respect your privacy.

I. Your personal data

We will collect and process personal information about you as a Liberty Mutual employee, or contract employee from your job interview process, at the start of your employment and in the course of your employment, as more specifically defined in the Classes of Personal Data listed in the Annex (“Personal Data”). In addition to the other processing referred to in this Notice, we locally process your Personal Data to the extent permitted or required under applicable law, for purposes connected with your employment, such as human resources and payroll management and administration. The Personal Data
categories that we process locally are listed in the Annex, which include contact information, compensation and benefits information, information on your role in our organization, etc. The list in the Annex is divided into different classes of Personal Data as we do not collect, use and process all Personal Data for the same purposes.

Your Personal Data will also be processed, where necessary, for the purposes of complying with legal or regulatory obligations, investigating infringements of the law or Liberty Mutual policies (including disciplinary and grievance matters) and establishing, exercising or defending legal rights of members of the global group of Liberty Mutual companies (the “Liberty Mutual Group”). Your Personal Data will also be processed in the operation and management of Liberty Mutual Group IT systems which systems may be hosted internally (for example, through MS Teams Social Channels or recorded Skype or MS Teams meetings) or externally.

II. Disclosures and data transfers

We will transfer a subset of your Personal Data to other parties as described below under the section on “Recipients,” as permitted under applicable data privacy law for the following purposes:

  • Class 1 Data: To facilitate global cooperation, communication and teamwork within the Liberty Mutual Group and to provide for a global directory;
  • Class 2 Data: To plan and manage human resources on a global level, including but not limited to ensuring appropriate staffing and evaluating employees for their qualification for a particular job; cooperation, promotions, secondments, and transfers within the Liberty Mutual Group; cross-border team work; investment decisions; forecasting and budgeting; accounting and cross-charging for salary and other compensation expenses among the Liberty Mutual Group companies that benefit from contributions by employees of data exporter; global recruitment; administration of compensation and benefit programs, global payroll management and/or processing, training, performance management, succession planning, providing data subjects with access to company computer systems and networks; other tangible and intangible global benefits; and in cases of temporary or permanent assignments or secondments of individual employees (which will only occur at their request, with their voluntary consent or otherwise in compliance with applicable law) to such third parties in order to prepare and implement the transfer;
  • Class 3 Data: Liberty Mutual Group Inc. provides secure global systems as a service provider to the companies in the Liberty Mutual Group where all Liberty Mutual companies can process personal data, including payroll and benefits information relating to their own employees.
  • Class 4 Data: When required by local law to collect Personal Data revealing, for example, trade union membership then this information will not be transferred outside of Canada.

Last revision: August 2023

III. Recipients

The following recipients or categories of recipients will receive access to some of your Personal Data.

A. Global HRIS

We will include certain Personal Data in a global human resources information system (“HRIS”), whic is a
global tool that assists the Liberty Mutual Group to administer human resources and employee compensation at an international level and permits employees to manage their own Personal Data in some cases. Specifically, we will transfer Class 1, 2 and 3 Data to HRIS servers in the United States. Liberty
Mutual’s Parent company, Liberty Mutual Group Inc. in the United States may host such respective servers
or may utilize 3rd party servers but in either case will be responsible as controller for security access within the databases for Personal Data in the HRIS. This transfer of Personal Data will enable the Liberty Mutual Group to benefit from improved cross-border human resources management and to centralize payroll and benefits administration, which will reduce costs and minimize data transfer between Liberty Mutual Group entities by less secure means. With the exception of Class 1 Data, which is available to everyone in the Liberty Mutual Group to facilitate cooperation, only human resources managers and authorized employees with a need to know have access to the Personal Data. Certain executives, managers and employees at other worldwide affiliates of the Liberty Mutual Group may also have access to certain Personal Data, however, on a “need-to-know” basis if there are legitimate business purposes, e.g., supervisor-reporting relationships across national borders. A list of such affiliates is available upon request.

B. Service Providers, Third Parties

In addition, we make certain Personal Data available to affiliated and unaffiliated service providers on a
“need-to-know” basis or other third parties, as permitted under applicable data privacy law. By way of
example, some Personal Data in the HRIS will be available to Liberty Mutual Group Inc. and an employee
benefit plans service provider (who will have access to certain Class 3 Data), third parties who provide payroll support services to the Liberty Mutual Group, and government agencies and entities as required by law.

C. Cross-Border Data Transfer

Many of these recipients will be located or may have relevant operations outside of your country or province, such as in the United States, where the data protection laws may not provide a level of protection equivalent to the laws in your jurisdiction. By way of entering into appropriate data transfer agreements, we have established or confirmed that Liberty Mutual Group Inc. will provide an adequate level of protection for the Personal Data and that appropriate technical and organizational security measures are in place to protect Personal Data against accidental or unlawful destruction, accidental loss or alteration, unauthorized disclosure or access, and against all other unlawful forms of processing. Any onward transfer recipients are subject to appropriate data transfer agreements.

IV. Retention Periods

Data collected for the purposes hereunder will be stored only as long as necessary during the term of your employment relationship with Liberty Mutual, during a transition period (e.g., for the provisioning of ongoing pensions and other benefits, or the compliance of Liberty Mutual’s obligations regarding data retention as established in the applicable laws), or for purposes of documenting proper termination of the employment relationship (e.g., vis-à-vis tax authorities, etc.). If a judicial or disciplinary action is initiated or anticipated, the Personal Data may be stored until the end of such action, including any potential periods for appeal, and will then be deleted or archived and in the case of Class 4 Data the lesser of the above or as permitted by applicable law. Your Personal Data will not be kept in a form that allows you to be identified for any longer than is reasonably considered necessary by Liberty Mutual for achieving the purposes for which it was collected or processed or as it is established in the applicable laws related to data retention periods.

Last revision: August 2023

V. How can you access your personal data or obtain more information?

Under applicable law, you may have, among others, the rights: (i) to check whether and what kind of Personal Data we hold about you and to access or to request copies of such data, (ii) to request correction, supplementation or deletion of Personal Data about you that is inaccurate, and (iii) to request Liberty Mutual to stop the collection, processing or use of Personal Data about you, except to the extent required or permitted under applicable statute or other law. Where you agreed to provide your personal information on a voluntary basis, for example, through a diversity and inclusion program, you may withdraw consent at any time and we will delete the relevant information.

Please address such request and any other questions concerns regarding this Notice to your Privacy Officer, Jessica Seppi, at 416 307 4695 or via email at

Last revision: August 2023

2. If you are a job applicant

When you apply for a position at Liberty Mutual, we will need to collect certain personal information from you to assess your application against the requirements of the position. We will collect no more information than is necessary for that purpose.

To assess your application for a position at Liberty Mutual, we need your name, your address and phone number to contact you, your curriculum vitae (CV) stating your qualifications, professional certifications, as applicable, and work experience to assess your application.

As a first step in screening applications, we may apply an automated process to pre-screen applications for objective eligibility criteria such as required license or level of education. You have the right to request access to your personal information we used through this automated pre-screening process, to have it corrected if it is inaccurate and to make representations to the person handling your application if you believe there was an error in the automated pre-screening of your application.

If you are considered for the position, we will ask you for references and we may ask information about your Canadian residency status if applicable.

If we hire you, the application collected through your application will be part of your employee file and protected as described above in relation to employee personal information.

If we cannot hire you, we retain your personal information for two months after having contacted you to provide you an opportunity to inquire about the recruitment process or we seek your consent to retain your personal information for longer to consider you for another position. At the end of these periods, your personal information is destroyed.


Classes of personal data

Class 1 data: Generally available contact information

  • First name
  • Middle name
  • Last name (Family Name)
  • Employee number
  • Office e-mail address
  • Office phone number
  • Office fax number
  • Company cellular phone number
  • Work Pager
  • Office name
  • Office code
  • Office address
  • Employment Location/Country
  • Job title
  • Officer Designation and Scope
  • Names of managers up to CEO
  • Photographs – for identification purposes (example: company directory) or security purposes (example: identification badge), only with employee consent or for processing purposes

Class 2 Data: Qualified HR Data including but not limited to:

  • Social Insurance Number
  • Date of Birth
  • Gender
  • Home Address
  • Home phone, mobile, fax, email address
  • Emergency Contact Name
  • Emergency Contact Relationship
  • Emergency Contact Address
  • Emergency Contact Phone/Fax/Mobile/Pager number(s)
  • Employment/Assignment Status (effective start date/effective end date/change code/change
  • reason)
  • Leaving Reason Description and Leaving Reason Code
  • Hire date
  • Actual Termination Date
  • Estimated Return to Work
  • Prior time employed
  • Name and code of employing entity
  • Job Code
  • Job Title
  • Job Grade
  • Core Job
  • Job Function
  • Job Family
  • User Person Type (e.g. employee, contractor)
  • Department name and code
  • Sub-Department name and code
  • Executive group
  • Management group
  • Organization Level Hierarchy Number
  • Office operations managers
  • Standard hours
  • Insurance License required
  • Facility Details (code, direct dial, fax)
  • Business Group (ID and Name)
  • Strategic Business Unit (Code and Name)
  • Market (Code and Name)
  • Organization (ID, Name Abbreviation, Type)
  • Department (Code and Name)
  • Employment Category
  • Cost Center, Cost Center Code and Cost Center allocation
  • HR Contact
  • Supervisor (Employee Name and ID)
  • Time card required
  • Time Approver name/time approver number
  • Approval manager
  • Overtime eligibility
  • Acquisition data (name, code, date), if applicable
  • Salary Grade (Range Min, Range Mid, Range Max)
  • Salary change date, reason, amount
  • Salary rate
  • Tax jurisdiction/Tax location code
  • Tax withholding rate
  • Details on salary structure
  • Currency type
  • Bonus Plan Participation (Short Term Bonus Plan, Long Term Bonus Plan, Executive
  • Partnership Plan)
  • Bonus Details (date, amount, extra bonus, percentage received as variable)
  • Performance Rating and date
  • Performance Evaluation Document
  • Special Program
  • Allowances (including relocation packages, sign-on bonus)
  • Flexible Time Off Hours Available
  • Personal Holiday Hours
  • Days Pay in Lieu of Notice
  • Other Allowances (Cost of Living, Mobile Phone, Relocation packages, Sign-on bonus,
  • etc)
  • Education (qualification, subject, school)
  • All personal data required to provide data subjects (1) access to company computer systems and networks and (2) tools to electronically communicate within the Liberty Mutual Group, including but not limited to IP address and user login name.

Class 3 Data: Benefit Plans and Payroll Administration Service Provider Data including but not limited to:

  • First name
  • Middle name
  • Last name
  • E-mail address
  • Employee ID
  • Employment Action (Hire/Rehire/Termination) – Date of hire
  • Employment Action (Hire/Rehire/Termination) – Termination date
  • Tax jurisdiction/Tax location code
  • Tax withholding rate
  • Annual Salary
  • Payment information (payment type, amount, amount type)
  • Pay basis
  • Payroll entity responsible for reporting of income and taxes/payroll name
  • Home address
  • Date of Birth
  • Additional amount withheld
  • Banking Details, including the following: a) IBAN (International Banking Account Number) or BBAN (Basic Bank Account Number; b) BIC (Bank Identifier Code) or SWIFT code; C) Account currency

Class 4 Data: Locally process data only:

  • MS Teams’ Social Channels
  • Recorded Skype or MS Teams Meetings