Mattermost is committed to protecting the privacy and security of staff personal information. Mattermost respects the confidentiality of the personal information of staff and contractors of Mattermost and within the Mattermost Community. This includes personal staff and contractor medical and personnel information. All team member records are kept in BambooHR or a confidential HR Google Shared Drive. Access to personal information is only authorized when there is a legitimate and lawful reason, and access is only granted to appropriate personnel.

Staff data protection principles

• Used lawfully, fairly, and in a transparent way.

• Collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes.

• Relevant to the purposes we have told you about and limited only to those purposes.

• Accurate and kept up to date.

• Kept only as long as necessary for the purposes we have told you about.

• Stored securely.

Type of staff information collected

Personal contact details (telephone number, email address, physical address, name, gender, next of kin and emergency contact information, date of birth, marital status and dependents, tax/social security ID, bank account details, copies of relevant identification documents (passport, drivers licence etc.), details of qualifications, performance ratings, copies of employment contracts and supporting documents, ongoing records of training and vocational development, location of employment, start date of employment, current and historical job titles, working hours, professional memberships, remuneration details and history, disciplinary and grievance information, individual requirements under health and safety regulations, health information relevant to sickness absence, travel information, timesheet information, car registration number, trade union details, collective agreement affiliations, details of termination.

Processing Special Categories of personal information

Personal information that is considered a Special Category include: Health, disability or other information that may be provided or requested related to a leave of absence, employment, or other local laws. This information will only be shared on a need-to-know basis and in a legitimate and lawful manner. For example, a health statement may be required in order to process a leave of absence.

Job abandonment

When a staff member is absent from work for three consecutive workdays and there is no entry on the Time Away Calendar or a post in the Stand-Up Channel noting the time off, and fails to contact their manager or HR, they can be terminated for job abandonment unless otherwise required by local law.

A manager will notify HR if they are unable to reach a direct report within a 24-hour period of the above criteria. HR may then access a staff member's contact information, including emergency contact information, to attempt additional reach out.