Oshkosh Careers Privacy Notice

Last updated and effective as of January 1, 2025

 

We (or “Company”) are committed to protecting the privacy and security of personal information of our current and former employees or applicants (collectively, “Employees” or "you") as well as your emergency contacts, dependents and beneficiaries in compliance with applicable law.  We collect information about you and your emergency contacts, dependents, and beneficiaries ("personal information") in connection with the Company’s human resources, employment, benefits administration, health and safety, and business-related purposes, and to be in legal compliance as outlined in this Privacy Policy ("Privacy Policy").  We do not “sell” or “share” (as those terms are defined under the laws of California), and in the past twelve (12) months have not sold or shared, personal information as defined under applicable law, including personal information of individuals we know to be under 16 years of age.

If you are an Employee of one of our affiliates in the EU or UK (or an emergency contact, dependent or beneficiary of such an Employee), then you should also read and understand the EU and UK GDPR Addendum, below.

 

1. About Us

Generally, “we” and “Company” refers to Oshkosh Corporation. However, if you are an Employee of one of our affiliates in the EU or UK (or an emergency contact, dependent or beneficiary of such an Employee), then “we” and “Company” refers to that affiliate in the EU or UK.

If you have any questions about this Privacy Policy or need access to this Privacy Policy in an alternative format for accessibility, please contact us by emailing [email protected] or calling 888-832-7797.  If you are an Employee of one of our EU and UK affiliates, you should instead get in touch with your local HR representative. This Privacy Policy may be updated from time to time to reflect changes in our personal information practices, and we will post a notice at the time of any such updates on https://www.oshkoshcorp.com/privacy-policy.


2. What Categories of Personal Information Do We Collect From U.S. Employees?

We collect, and within the past 12 months have collected, the following categories of personal information from our Employees, from devices used to access our IT systems, and through our service providers such as data analytics providers, and benefits providers for the purposes described below:

A. Identifiers such as real name, initials or alias; postal address; unique personal identifiers such as Employee ID; online identifiers such as IP address or online tracking ID; work or personal email address; account name, username, or other user ID; and forms of government identification such as Social Security Number, driver’s license number, passport number, state ID number, national identity card details, or national identification number.

B. Additional types of information that may identify, relate to, describe, or be capable of being associated with particular individuals, including the “identifiers” listed in A and the following: date of birth or birthday; signature; physical characteristics or descriptions such as sensory information, including photographs as described in F; information related to a protected class an Employee may be a part of as described in C; vehicle information such as license plate number or vehicle registration information (e.g., color, make, or model); education information as described in H; financial information, including gift card number, account number, account password, bank account information, bank account number, bank routing number, bank statements, credit card or debit card number, credit history, masked payment information, pensions, investment accounts, corporate credit card number, and any other financial information; insurance policy information such as insurance policy number; family information including Employee children’s, spouse’s, or parents’ names and emergency contact details; medical information such as height, weight, vaccine data, COVID-19 testing data, COVID-19 vaccination information, mental health status, disability status or specific condition, exercise data, and dietary data; online identifiers such as email,; and geolocation information as described in E.

C. Characteristics of protected classifications under state or federal law such as race, color, religion, sex, gender, marital status, medical condition, mental health condition, disability status, national origin including nationality, residency, and citizenship status, sexual orientation; military and/or veteran status; requests for leave related to a family member’s health, or an Employee health condition such as pregnancy; and age or age range (40 years and older).

D. Internet or other electronic network activity information, including but not limited to: IP address; online tracking ID; browsing history; search history; information regarding Employee interactions with an internet website or application; preferences related to digital communication; and information we collect (including through third-party suppliers) regarding content and other data posted on the Internet.

E. Geolocation data collected through apps, websites, or GPS-enabled devices or vehicles used in the context of employment. 

F. Sensory information, including audio information such as voicemails or audio recordings; visual information such as photographs; or other similar information.

G. Professional or employment information, including: employment history; educational background and status as described in H; qualifications; professional memberships and certifications; language capabilities; references, letters of recommendation and interview notes; areas of interest and work preferences; job preference, desired or expected salary, and work availability; relationship to Company; travel-related preferences, history, and details (e.g., known traveler number); information necessary for reimbursement, including corporate credit or debit card numbers and expense details; pre-employment test results, including drug test results, reference checks, or background checks (based on the role); information provided by Employees during the candidacy and hiring process, including their completed application form; contract type, including whether an Employee is a temporary, fixed term, or permanent Employee; start date/orientation date, title/position, business unit/division, line or reporting manager, grade and department/organization and region/location of office; employment status, work-related contact details, date(s) of promotion, work history, and technical skills; training records; emergency contact information; compensation data, including salary, bonus, long-term incentives and award history; work time and payroll records, sick or vacation days used, records of work absences, vacation entitlement, annual leave, and requests; performance appraisals, disciplinary actions, grievances, complaints and related procedures; health and safety information and reporting; workers compensation claims; pensions, investment accounts, insurance and other benefits information and entitlements data (which may include information about an Employee's spouse, children and other eligible dependents and beneficiaries); date of hire, date of resignation or termination, reason for resignation or termination, exit interview and comments, and other information relating to termination of employment; information collected in connection with taxation (such as information collected via standard tax forms) and verifying Employees' right to work in the United States (e.g., work authorization information), including information listed in A, B, and C above; and any information needed to comply with Company policies, EEOC or other reporting obligations, law, court or other governmental requests, or law enforcement authorities.

H. Education information defined as information that is not publicly available personally identifiable information as defined in the Family Educational Rights and Privacy Act (20 U.S.C. Sec. 1232g; 34 C.F.R. Part 99). This includes details contained in letters of application and resumes/CVs such as academic transcripts, education and training history, educational degrees, educational performance (e.g., grades received for coursework), and languages spoken.

I. Sensitive personal information such as race, ethnicity, religion, Social Security Numbers, drivers’ license number, state or national identification cards or numbers, passport number, account usernames and passwords, contents of any personal communications contained in Company emails, geolocation as described in E, medical information and health insurance information as described in B, financial information described in B under certain circumstances, and sexual orientation.  However, we do not collect sensitive personal information for the purpose of inferring characteristics about Employees.

To the extent we or our third-party service and/or benefit providers collect additional categories of information beyond those described above, additional notice will be provided, and we or our third-party service and/or benefit providers will ask for Employee consent before collecting such additional categories of personal information, as required by law.

Personal information does not include information: (a) excluded from the scope of personal information under applicable law, (b) publicly available information or (c) deidentified or aggregate information.  We maintain and use information in deidentified form, and we do not attempt to reidentify the information, except for the sole purpose of determining whether our deidentification processes satisfy the requirement under applicable law.

 

3. How Do We Use Employee Personal Information?

Personal information collected from or about Employees is used for the following business purposes:

A. General Personal and Position Information, which may include name and contact information; Social Security number (or other national identification numbers); driver’s license number, vehicle information and tag number; passport and other government identification numbers; birth date; immigration and work authorization status; Employee photos; emergency contact information; household contact information; withholding tax and dependent information; voluntary self-disclosure information regarding race/ethnicity, gender/sexual orientation, and veteran status; survey responses; any special needs during emergencies or travel; second languages; dietary and allergy information; employment status (full-time or part-time, regular, or temporary); education and work experience; job title, duties, and assignments; work schedule; hours worked and time off; accomplishments, certifications, and awards; business travel information; information obtained during background checks such as personal information revealing criminal convictions, offences and related security measures; and expatriate and secondment assignments.  

  • We collect and use this type of information to assess and onboard new Employees, for training and development, to manage our employment relationships, and to comply with applicable laws.  If required, the general personal and position information outlined in this section may also be used for purposes identified below and in accordance with applicable laws.  

B. Pay and Expense Information such as pay rate, payroll deduction information, banking information for direct deposit (if applicable) and expense reimbursement, credit card information, and other expense reimbursement information.  

  • We collect and use this type of information to pay and reimburse Employees and to comply with applicable laws.

C. Benefits Enrollment and Administration Information, which may include benefit selection information regarding benefits offered or sponsored by the Company such as retirement, life insurance, disability insurance, employee assistance programs (EAPs), health insurance, and wellness programs; dependent and beneficiary information (including their contact information); leave of absence, disability status, and medical information; information you provide about yourself and your dependents and beneficiaries, as applicable, during the enrollment process; and other information necessary to administer benefits programs and process benefits claims.  

  • We collect and use this type of information for enrollment in and administration of the Company's benefits for Employees and your dependents and beneficiaries, to provide reasonable accommodations and leaves of absence, and to comply with applicable laws.

D. Performance Management Information such as training and development information; performance evaluation information; discipline and counseling information; and employment termination information. 

  • We collect and use this type of information to manage our employment relationship with Employees.

E. Health and Safety Information, which may include workplace testing, accident, illness, and injury information and related job restrictions; personal physician information (if applicable); and other health or related information to maintain a safe workplace, to assess your working capacity, to administer Workers’ Compensation insurance programs, to comply with occupational safety and health regulations, standards and guidance, to comply with public health authority guidance, and to comply with applicable laws.

F. Workplace Security and Electronic Communications Information, which includes (to the extent permitted by law) workplace video conferencing, recording, and security surveillance; electronic device usage such as email, computers, internet, telephones, and mobile devices; documents or other resources created on a Company device; IP addresses; log-in information; and location information.  

  • We collect and use this type of information to protect the Company, customers, and Employee property, equipment, and confidential information; to monitor Employee performance; and to enforce the Company’s policies. 

While relatively uncommon, there may be occasions when we use personal information of Employees for other purposes permitted under applicable law, for example, when are required to disclose information in connection with contractual or legal matters such as information necessary to respond to law enforcement and governmental agency requests (e.g., subpoenas); to comply with legal and contractual obligations; to exercise legal and contractual rights; and to initiate or respond to legal claims. 

We may also process personal information in connection with a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our or our affiliates’ assets, whether as a going concern or as part of a bankruptcy, liquidation, or similar proceedings, in which personal information held by us or our affiliates is among the assets transferred.

We also use personal information of Employees for the following business purposes, where applicable, to the extent permitted by law:

(1) Helping to ensure security and integrity of our operations (including our IT systems) to the extent the use of the Employee’s personal information is reasonably necessary and proportionate for these purposes.

(2) Debugging to identify and repair errors that impair existing intended functionality of our IT systems.

(3) To enable service providers to provide services on behalf of the Company.

(4) Undertaking internal research for technological development and demonstration.

(5) Undertaking activities to verify or maintain the quality or safety of a service or device that is owned by, manufactured by, manufactured for, or controlled by the Company, and to improve, upgrade, or enhance the service or device that is owned, manufactured, manufactured for, or controlled by the Company.

(6) For US Employees: Short-term, transient use, provided that the Employee’s personal information is not disclosed to another third party and is not used to build a profile about the Employee or otherwise alter the Employee’s experience outside the current interaction with the business.

 

4. What Categories Of Emergency Contact Information Do We Collect, and How Do We Use This Information?

We collect the following categories of personal information for the purposes described below:

  • Identifiers such as name and contact information; and
  • Relationship to Employee, other information as permitted (e.g., social security number, physical characteristics or description, passport number, driver’s license or state identification card number, insurance policy number, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information.

We collect this information to contact the Employee’s designated emergency contact persons in the event of an emergency.

 

5. What Categories of Dependent and Beneficiary Information Do We Collect, and How Do We Use This Information?

We collect the following categories of personal information of Employee dependents and beneficiaries for the purposes described below:

  • Identifiers such as name, contact information, and national identification number (such as a Social Security number or equivalent); and
  • Other information as permitted (e.g., birthday, relationship to Employee, information necessary to process benefits claims, passport number, driver’s license or state identification card number, insurance policy number, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information.

We collect and use this information for enrollment in and administration of benefits programs for Employee dependents and beneficiaries.

 

6. How Do We Disclose Personal Information of Employees?

Some personal information, such as Employee contact information, may be disclosed to the Employees, independent contractors, or agents of the Company and our affiliates. Personal information may also in some cases be disclosed to emergency contacts, dependents and beneficiaries.  Employee personal information may also be collected by or disclosed to IT service providers, performance management, travel agencies, and third-party service providers. We disclose, and in the past 12 months have disclosed, all categories of personal information we collect about Employees and their dependents and beneficiaries to these IT service providers, performance management, travel agencies, and third-party service providers so they can perform services on our behalf.   In addition, we also disclose Employees’ business contact information such as work email addresses, work phone numbers, and street addresses to our suppliers and business partners so they can contact our Employees and perform services on our behalf.

If you would like further information about the third parties we share personal information with, please contact us. Ways of contacting us are set out in the “About Us” section above.

 

7. How Long Do We Retain your Personal Information?

We retain and process Employee personal information for the length of time needed to carry out the purposes described in this Privacy Policy, and to the extent necessary to manage our relationships with Employees, comply with our legal obligations, resolve disputes, and enforce our agreements, consistent with our retention policy.  

Further information about our retention periods is available on request. Ways of contacting us are set out in the “About Us” section above.

 

8. What Rights Do You Have Under California Privacy Law?

A. YOUR RIGHTS

California residents have certain rights related to personal information, including:

  • The right to know the categories of personal information and/or the specific pieces of personal information we may hold about you.
  • The right to request that we delete personal information collected from you.  However, please note that we may deny your deletion request as permitted under applicable law because we maintain and use personal information of Employees only for the length of time needed to carry out the purposes described in this Privacy Policy.
  • The right to request that we correct inaccurate personal information about you.

You may request to exercise these rights by:

Please note that we will take steps to verify your identity before granting you access to information or acting on your request to exercise your rights as required by applicable law. We may require you to provide your name, email address, street address, phone number, date of birth, last line reporting manager, and/or the last 4 digits of your Social Security number, as applicable, to verify your identity in response to exercising requests of the above type. We may limit our response to your exercise of the above rights as permitted under applicable law. When you submit a request to exercise your rights above, we will use the information you provide to process your request and to maintain a record of your request and our response, as permitted under applicable law.

We will confirm receipt of your request within ten (10) business days and endeavor to respond to a verifiable request within forty-five (45) days of the receipt of your request.  If we need more time, we will inform you of the reason and extension period in writing. 

B. HOW CAN YOUR AUTHORIZED AGENT EXERCISE THESE RIGHTS ON YOUR BEHALF?

You may designate an authorized agent to make a request on your behalf here: https://www.oshkoshcorp.com/contact-us. You may make such a designation by providing the agent with written permission to act on your behalf. We will require the agent to provide proof of that written permission. We may require you to verify your own identity in response to a request, even if you choose to use an agent, to the extent permitted by law.

C. NON-DISCRIMINATION 

You have the right to be free from discrimination by a business for exercising these privacy rights, including the right not to be retaliated against for exercising these privacy rights. We will not discriminate you for exercising such privacy rights.

 

9. What Is Our Privacy Policy for Customers?

We respect the privacy of both our Employees and customers.  The privacy policy that applies to customers, prospective customers and other third parties is located at: https://www.oshkoshcorp.com/privacy-policy.

 

EU and UK GDPR ADDENDUM

This EU and UK GDPR Addendum (the “GDPR Addendum") applies to you if you are an Employee of one of our affiliates in the EU or UK (or an emergency contact, dependent or beneficiary of such an Employee).

 

1. Our Legal Bases and Justifications for Processing

The legal bases which we rely on for the collection and processing of personal information are as follows:

  • Processing is necessary for the purposes of our legitimate interests or the legitimate interests of a third party. Such legitimate interests include our (commercial) interests in:
    • managing our workforce;
    • operating our business, and offering services;
    • ensuring the effective allocation and organization of work amongst employees; and
    • exercising our legal rights, complying with certain laws, and protecting ourselves, Employees and others.
  • Processing is necessary for the performance of a contract to which you are party, or in order to take steps at your request prior to entering into a contract;
  • We must process your personal information to comply with our legal obligations;
  • You have given consent to the processing of your personal information for one or more specific purposes; and
  • Processing is necessary in order to protect your vital interests, or those of another person.

We process special categories of personal information in limited circumstances. Where we process such personal information, we will do so in accordance with the law. For example, we may process such special category personal information where:

  • You have given your explicit consent to the processing;
  • The processing is necessary for the purposes of carrying out the obligations and exercising the rights of you or us in the field of employment law, social security and social protection law, to the extent permissible under applicable laws;
  • The processing is necessary for the purposes of preventive or occupational medicine, for the assessment of your working capacity, medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems and services, to the extent permitted by applicable laws;
  • The processing is necessary for the purpose of establishing, exercising or defending legal claims;
  • The processing is necessary to protect the vital interests of you or another person, where you or that person is incapable of giving consent;
  • You have manifestly made the information public;
  • The processing is necessary for reasons of substantial public interest, on the basis of relevant laws which are proportionate and provide appropriate safeguards;
  • The processing is necessary for reasons of public interest in the area of public health, such as protecting against serious cross-border threats to health or ensuring high standards of quality and safety of health care and of medicinal products or medical devices, on the basis of applicable laws; and
  • Processing is necessary for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with law.

Where we process personal information relating to criminal convictions or offences, we ensure we have an appropriate basis in law to justify it.

If you would like further information about our justifications for processing your personal information, including our legitimate interests, please contact us. Ways of contacting us are set out in the “About Us” section above.

 

2. Cross-Border Transfers of Personal Information

We may collect personal information in,  or transfer personal information to countries with laws that offer different levels of data protection compared to those in your country (which for UK GDPR purposes is the UK, and for EU GDPR purposes is the European Economic Area). In particular, Oshkosh Corporation and some of its affiliates and service providers, and business partners are based in the U.S. Your personal information may also be shared with affiliates and service providers located in the UK and the European Economic Area.

Where we transfer your Personal information outside of your country, we put appropriate measures in place to protect it in accordance with data protection laws, including by entering into EU Standard Contractual Clauses (and the equivalent clauses available under the UK GDPR), or by relying on the EU-U.S. Data Privacy Framework (and the UK Extension). Transfers between the UK and the European Economic area are covered by adequacy decisions.

You can obtain further information about our cross-border transfers of personal information by contacting us. Ways of contacting us are set out in the “About Us” section above.

 

3. Your GDPR Data Subject Rights

You have a number of rights with respect to the personal information we process about you, which may be restricted by law – for example, in some cases certain rights are only available when your personal information is processed under particular legal bases.

One key right is the right to ‘object’ to processing of your personal information in certain circumstances (e.g., if we are processing personal information on the basis of legitimate interests). You also have the right:

  • To have personal information erased. You can ask us to erase all or some of your personal information.We will comply with this request unless there is a legal right for us to deny this request.
  • To rectify or complete personal information. You can also ask us to rectify your personal information if it’s inaccurate, or complete it if it’s incomplete.
  • To restrict use of personal information. You can ask us to limit our use of your personal information in some situations (e.g., if your personal information is inaccurate or unlawfully held).
  • To access and/or take your personal information away (data portability). You can ask us for information about, and a copy of your personal information. In some cases you have a right to receive your personal information or have it transmitted to others in an interoperable, machine readable format.
  • To withdraw consent which you have given. If you have given (explicit) consent to us to process your personal information, you may withdraw it at any time.

You can request to exercise these rights by contacting us as set out in the “About Us” section above.

If you wish to raise an issue in connection with our use of your personal information, we encourage you to get in contact with us in the first instance. You also have a right to file a complaint with a Data Protection Authority, in particular in the EU Member State of your habitual residence, place of work, or of an alleged infringement of the GDPR. If you live, work, or the alleged infringement took place in the UK, the relevant Data Protection Authority is the UK ICO (https://ico.org.uk/). If we do not take action on your request to exercise a data subject right under the UK or EU GDPR, you have the right to lodge a complaint with a supervisory authority or to seek a judicial remedy.

 

4. Sources of Personal Information

We collect personal information about you from different sources:

  • Directly from you, with respect to both online and offline interactions you may have with us, e.g., from forms you complete, accounts you create or when you email us. We may collect certain personal information automatically - for example as you use our systems. Personal information collected automatically may include usage details, and IP addresses.
  • Other affiliates with whom you interact.
  • Service Providers, and others consistent with this Privacy Policy – for example, we may collect references from a previous employer, medical reports from external professionals, and other personal information from recruitment agencies, tax authorities, benefit providers, third parties who carry out background checks, and from publicly available sources (where permitted by applicable law).
  • We may collect personal information about emergency contacts, dependents and beneficiaries from Employees, and vice versa.

Your decision to provide personal information to us is typically voluntary, except where personal information is, for example:

  • collected to meet a legal requirement; or
  • necessary in connection with a contract we have with you.

If you do not provide certain personal information, we may not be able to achieve some of the purposes outlined in this Privacy Policy.

 

5. Data Protection Officer

You can reach our Data Protection Officer at [email protected].