Kohler Privacy Notices

Kohler

Employee Privacy Notice

What does this Privacy Notice Cover?

The purpose of this Privacy Notice is to provide Kohler Co. and its affiliates and subsidiaries (“Kohler”, “we”, “us”, “our”) employees with information about how and why we process their personal data and to tell them about their privacy rights and how the law protects them.

This policy applies to Kohler employees located outside of the United States, European Union, and United Kingdom, unless a separate privacy notice has been prominently displayed or presented.

This Privacy Notice is designed to describe:

Who we are and how to contact us

Your rights relating to your personal data

What personal data we collect

Personal data from third-party sources

How we use your personal data and why

Who we share your personal data with

Data transfers

How we keep your personal data secure

How long we store your personal data

No automated decisions

We may update this Privacy Notice from time to time. If we do so, we will provide you with and/or make available, a revised Privacy Notice.

Who we are and how to contact us

Who we are

KOHLER Co. is a global company providing a variety of products, services, and experiences to consumers, customers, vendors, and suppliers. We are committed to the privacy and security of personal information that is shared with us and seek to be transparent concerning our data processing practices.

For questions about this Notice, you may contact the Kohler Global Data Privacy Team, using the contact information in the “How To Contact Us” section of this notice.

How to contact us.

To contact us, you can email us at KohlerGlobalDataPrivacy@Kohler.com

Your rights relating to your personal data

Your rights in connection with your personal data

Under certain circumstances, by law you may have the right to:

Request access to your personal data. This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have exercised your right to object to processing (see below).
Object to processing of your personal data. This right exists where we are relying on a Legitimate Interest (defined below) as the legal basis for our processing and there is something about your particular situation, which makes you want to object to processing on this ground.
Request the restriction of processing of your personal data. This enables you to ask us to suspend the processing of personal data about you, for example if you want us to establish its accuracy or the reason for processing it.
Request the transfer of your personal data. We will provide to you, or a third party you have chosen, your personal data which you have provided to us, in a structured, commonly used, machine-readable format. Note that this right only applies to personal data we process by automated means which you initially provided consent for us to use or where we used the information to perform a contract with you.

How to exercise your rights

If you want to exercise any of the rights described above, please contact us using the contact details shown in the “Who We Are and How to Contact Us” section above.

We may need to request specific information from you to help us confirm your identity and verify your right to access your personal data (or to exercise any of your other rights). This is a security measure designed to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information to assist us in responding to your request.

Please also note that in certain circumstances the rights above will not apply and/or in certain circumstances some categories of personal data will be exempt from the scope of those rights. We will notify you where this is the case.

We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

Complaints

If you would like to make a complaint regarding this Privacy Notice, you can contact us using the contact details shown in the “Who We Are and How to Contact Us” section above. We will reply to your complaint as soon as we can.

What personal data we collect

All the personal data we collect, both from you and from third parties about you, is outlined in the table below.

Category of personal data collected	What this means
Contact information	Your work and home address, telephone number, email address and social media handles.
Identification information	Your government-issued identification information (e.g., driver’s license, passport), photographs, or other similar identifiers.
Immigration status	Information that would allow us to verify your employment eligibility.
Biographical information	Your name, gender/gender identity, pronouns, date of birth, professional history, language proficiencies, professional qualifications, references, education details, information in your company biography, social media profiles and activity, and your photo.
Professional qualifications	Your professional designations, licensure information, memberships, leadership positions, credentials, professional qualifications and continuing education information.
General employment information	Your department, work location, job title, dates of employment, work status (e.g., full-time/part-time), any terms or conditions of employment, work history (current, past, or prospective), timekeeping information, personnel and disciplinary records, training and learning program participation, information necessary to complete background checks, drug and/or alcohol tests, and other screens permitted by law, and other information reasonably necessary to administer the employment relationship with you, including without limitation information related to absence administration, workers’ compensation matters and emergency services.
Compensation, benefits and payroll information	Your salary and bonus details, benefits information (including information regarding health insurance, retirement savings), equity award information, bank account information and working time records (e.g., vacation and absence records, sick leave, leave status, and hours worked).
Performance information	Your management metrics, performance evaluations, feedback, and promotion history.
Information about related persons	Your spouse, domestic/civil partner, dependents, beneficiaries and emergency contacts.
Credentials, technology, access and system information	Your company email address, usernames, passwords, and keycard number; information about your use of, as well as content and communications you send and receive through, devices, company communications, IT systems and applications (e.g., time of use, files accessed, search history, web pages viewed, IP address, device ID, device geolocation); and information about your access to and location within offices and facilities (e.g., keycard scans and security camera footage).
Expenses and travel information	Information about your business travel and other business expenses.
Healthcare, welfare, and medical information	Information related to your or your eligible dependent’s participation in wellness and employee assistance programs, executive physicals and health insurance programs and your body temperature, vaccination status, health symptoms and other screening and tracking information (including travel information, participation in health education programs, and information about your related persons) in connection with the company’s health and safety plans and protocols, including screening required to access company offices/facilities and other measures designed to prevent the transmission of COVID-19 or other infectious diseases;
Biometric information	Fingerprint scans and voiceprints may be collected in certain Kohler locations.
Information needed to evaluate accommodation requests	Disabilities or other health conditions

Personal data from third-party sources

In addition to the personal data that we collect from you directly, in certain circumstances, we may also collect personal data from third-party sources. Please see below for a list of the types of third-party sources from which we may collect your personal data (including whether the source of that personal data is publicly available):

Employment agencies or recruiters.
Job board websites you may use to apply for a job with us.
Providers of services that we make available to our employees as part of our benefits program.
Prior employers, when they provide us with employment references.
Professional references that you identify on your CV/resume or authorise us to contact.
Providers of background check, credit check, or other screening services (where required and permitted by law).
Your social media profiles or other publicly-available sources (information gathered from these sources is publicly-available).
Your dependents and related persons who communicate with us directly.

We may also collect additional personal data in the course of your employment-related activities throughout the period of your employment and otherwise in relation to your employment at Kohler.

How we use your personal data and why

Most commonly, we will rely on one of the following legal bases:

Where we need to perform a contract we are about to enter into with you or have entered into with you (“Contractual Necessity”).
Where we need to comply with a legal or regulatory obligation (“Compliance with Law”).
Where it is necessary for our legitimate interests and your interests and fundamental rights do not override those interests (“Legitimate Interests”). More detail about the specific legitimate interests pursued in respect of each purpose we use your personal data for is set out in the table below.

The table below shows at a very high-level how we may use your personal data and the relevant legal bases we rely upon for that use.

For more information – see Appendix A to this Privacy Notice. In Appendix A, we have set out in detail the purposes for which we may use your personal data, the legal bases we rely on in respect of each such purpose (including details of any legitimate interests pursued, where applicable), and the categories of personal data typically used for the relevant purpose.

Purpose	Legal basis
Contractual performance. We may process your personal data (including sharing it with third parties, where appropriate) to perform, administer and manage any agreements we may have with you (e.g., your employment contract or share option agreement (if applicable) we have with you.	Contractual Necessity.
Talent management. We may process your personal data (including sharing it with third parties, where appropriate) for talent management purposes.	Legitimate Interests.
Business operation and improvement. We may process your personal data (including sharing it with third parties, where appropriate) to operate and improve our products and services and our business more generally.	Legitimate Interests.
Systems and premises management. We may process your personal data (including sharing it with third parties, where appropriate) to operate, manage and secure our IT systems, premises and facilities.	Legitimate Interests.
Compliance and protection. We may process your personal data (including sharing it with third parties, where appropriate) for compliance and protection purposes (including the establishment, exercise or defence of legal claims).	Depending on the circumstances: Compliance with Law or Legitimate Interests.
Data sharing in the context of corporate transactions. We may process and disclose personal data in the context of actual or prospective corporate transactions.	Legitimate Interests.
Privacy Protective Steps. We may create aggregated, de-identified and/or anonymised data from your personal data.	Legitimate Interests.
Further uses. In some cases, we may use your personal data for further uses, in which case we will ask for your consent to such use of your personal data for those further purposes in so far as they are not compatible with the initial purpose for which information was collected.	Consent or the original legal basis where the relevant further use is compatible with the initial purpose.

Where we use any ‘special categories’ of personal data (e.g., your health data), we rely on the following conditions:

We may need to process that data to carry out our legal obligations or exercise rights in connection with employment and our role as an employer (e.g., dealing with your sickness, sick-pay, accidents at work etc).
We may need to process that data because it is necessary for reasons of substantial public interest (e.g., for equal opportunities monitoring, preventing or detecting unlawful acts etc).
We may need to process that data because it is necessary for the establishment, exercise or defence of legal claims (including regulatory, administrative or any out-of-court procedure, and seeking advice).

Who we share your personal data with

As part of our business and in relation to your employment, we may share your personal data with certain third parties – please see the list below for information about the categories of such third-party recipients:

Affiliates. Our group companies, subsidiaries, and other affiliates under the control of the corporate parent. For example, this may occur:

to enable our group to operate shared infrastructure, systems and technology;
as part of our reporting activities on performance of the group and its members;
in the context of a business reorganisation or restructuring exercise; and
to enable participation in any share plans, pension arrangements or benefits operated or procured by particular group members for the benefit of our employees, so as to enable us to administer those plans, schemes and benefits.

Service providers. Providers of services to Kohler or our group. For example, this may involve sharing of personal data with such providers for the purposes of:

payroll administration, benefits and wellness;
human resources, occupational health, performance management, training;
expense management, travel, transportation and accommodation;
IT systems and support, information and physical security;
background checks and other screenings;
equity award administration;
corporate banking and credit cards; and
insurance brokers, claims handlers and loss adjusters, and any necessary third-party administrators, nominees, registrars or trustees appointed in connection with benefits plans or programs.

Employee benefits providers. Providers of services to eligible employees as part of our employee benefits program, who need your information to verify your eligibility and provide you with services. For example, this may include: financial advisors and institutions, pensions providers, insurance providers and intermediaries (such as health insurance providers), and providers of health, fitness, wellness, childcare and concierge services.

Professional advisers. Accountants, auditors, lawyers, insurers, bankers, and other professional advisors.

Our marketing audience, Current and prospective customers and other business contacts with whom we share your Kohler bio, which may be shared on our website or in other publicly available marketing materials and communications as part of our marketing activities.

Customers and business partners. Customers, other companies and individuals with whom Kohler does business or is exploring a business relationship.

Parties involved in corporate transactions. We may disclose personal data in the context of actual or prospective business transactions (e.g., investments in Kohler, financing of Kohler, or the sale, transfer or merger of all or part of our business, assets or shares), for example, we may need to share certain personal data with prospective counterparties and their advisers. We may also disclose your personal data to an acquirer, successor, or assignee of Kohler as part of any merger, acquisition, sale of assets, or similar transaction, and/or in the event of an insolvency, bankruptcy, or receivership in which personal data is transferred to one or more third parties as one of our business assets. Please note, we would always look to take steps to minimise the amount and sensitivity of any personal data shared in these contexts where possible and appropriate.

Compliance and protection related sharing. We may need to or may have a legitimate interest in, sharing your personal data with entities that regulate or have jurisdiction over us (such as regulatory authorities, public bodies and judicial bodies). We may also share your personal data in the context of protecting our, your or others' rights, privacy, safety or property (including by establishing, making and defending legal claims).

Future employers and their vendors. Future employers and their vendors where you ask that we provide references or where we are otherwise required to provide such references by law.

Other third parties where requested. We may disclose personal data to other third parties who provide additional services to you (e.g. your mortgage provider) where you ask us to do so.

How we keep your personal data secure

We have put in place security measures designed to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed.

How long we store your personal data

Kohler’s retention periods for personal data are based on business needs and legal requirements. We retain personal data for as long as is necessary for the processing purpose(s) for which it was collected, as set out in this Privacy Notice, and any other permissible, related purposes. For example, we may retain certain information to comply with regulatory requirements regarding the retention of such data, or in the event a litigation hold is imposed.

When personal data is no longer needed, we either irreversibly anonymise the data (and we may further retain and use the anonymised information) or securely destroy the personal data.

No automated decisions

Kohler does not envisage that you will be subject to decisions or profiling that will have a significant impact on you based solely on automated decision-making.