Effective Date: August 2, 2023
Last Reviewed on: August 2, 2023
This Privacy Notice for Job Applicants and Workforce Members (“Workforce Privacy Notice” or “Notice”) describes how Designs for Health, Inc. and its affiliates (hereafter “DFH”, “we”, “our”, or “us”) may collect, use, disclose, and share the personal information of the following individuals: (a) employees; (b) independent contractors, interns, and other individuals, other than our employees, who perform services for us (collectively “Service Providers”); (c) employees’ and Service Providers’ dependents, emergency contacts, and beneficiaries (“Related Contacts”); and (d) individuals who apply to perform work for us as employees or Service Providers (“Job Applicants”) (collectively, “Workforce Members,” each, a “Workforce Member”). “You” refers to the Workforce Member reading this Notice. We reserve the right to change, modify, and update this Notice from time to time by posting a revised version on DFH Sites and by revising the "Last Updated" date above. If considered necessary, we will also notify you directly of any change. Therefore, we recommend you regularly consult this Notice to make sure that you are aware of any changes.
This Workforce Privacy Notice explains:
- The categories of personal information we collect about you,
- The categories of sources from which we collect your personal information,
- The purposes for which we use your personal information,
- How we may disclose your personal information,
- How long we keep your personal information,
- Your privacy rights and how to exercise them, and
- Changes to this Workforce Privacy Notice.
This Notice covers the categories of personal information we have collected about Workforce Members within the twelve months prior to the Effective Date above, as well as the categories of personal information that we will collect about Workforce Members in the future. “Personal Information” or “PI” means information that can be used to identify you or, more precisely, it means information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, you or your household. However, “PI” does not include:
- information that is publicly available;
- information that lawfully obtained, truthful, and is a matter of public concern;
- aggregate Workforce Member information, or in other words information about a group of Workforce Members, or about a group including one or more Workforce Members, from which individual identities have been removed, so the information is not linked or reasonably linkable to you or your household, including via a device; or
- information that has been deidentified, which means information about one or more Workforce Members that cannot reasonably be used to infer information about, or otherwise be linked to, a particular Workforce Member or Workforce Member’s household.
Please note that this Notice does not cover certain topics as listed below:
- This Workforce Privacy Notice does not apply to any workforce members of any of our affiliates whose websites do not contain a link to it.
- Each Workforce Member is not governed by this Workforce Privacy Notice with respect to the activities listed below; instead, these activities are covered by our Privacy Notice posted at https://www.designsforhealth.com/privacy-notice (“General Privacy Notice”) and, if appliable, by our Privacy Notice for California Residents posted at https://www.designsforhealth.com/privacy-notice-for-california-residents (“Privacy Notice for California Residents”):
- Any of your activities within DFH Sites (defined in our General Privacy Notice), such as streaming health education podcasts, looking for open roles at https://www.designsforhealth.com/careers, or purchasing products (except to the extent you pay for such purchases with product credits we may disburse from time to time to certain Workforce Members);
- the submission of biological materials or genomic data for analysis as part of our Spotlight Tests (defined in the General Privacy Notice); and/or
- any activities with us in a non-Workforce Member capacity, such as calling our Customer Experience Department for assistance with an order.
- Your use of the Well World Mobile App is governed by the privacy notice linked within that app, rather than this Workforce Privacy Notice.
- Your disclosures to, and other activities with respect to, third parties, including actions on third-party websites, may be governed by the third parties’ own privacy notice(s), in lieu of, or in addition to, our privacy notices. Please review the third parties’ privacy notice(s) for more information.
- This Workforce Privacy Notice does not necessarily cover health information governed by the Health Insurance Portability and Accountability Act (HIPAA), the Health Information Technology for Economic and Clinical Health Act (HITECH Act), or California’s Confidentiality of Medical Information Act (CMIA).
1. THE CATEGORIES OF PI WE COLLECT
- Identifiers, for example: real name, alias, telephone number, postal address, e-mail address, signature, bank account name and number, and photographs, such as for direct deposits.
- Professional or Employment-Related Information, for example: educational institutions attended, degrees and certifications, licenses, work experience and previous employers, professional memberships and affiliations, union membership, seniority, training, employment start and ending dates, and job title.
- Compensation and benefits information, for example: salary, bonus and commission, hours and overtime, leave information, bank details (for payroll and reimbursement purposes only), benefits in which you may be enrolled, and identifying information for dependents and beneficiaries.
- Non-public educational information, for example: academic transcripts.
- Commercial Information, for example: business travel and expense records.
- Internet Activity Information, for example: internet browsing and search history while using our network or website, log in/out and activity on our electronic resources, and interactions with websites or Internet applications that we make available to you.
- Sensory or Surveillance Data, for example: voicemails, recordings of meetings or video-conferences, and footage from video surveillance cameras.
- Preferences, for example: hobbies and leisure activities, membership in voluntary, charitable and public organizations, and preferences regarding work tools, travel, hours, food for company events, etc.
- Inferences, for example: if we inferred, from your activity on our electronic resources, that you are willing to try new technologies.
- PI Listed in the California Customer Records Statute (Cal. Civ. Code Section 1798.80(e)), to the extent not identified elsewhere in this list, for example: your signature for purposes of direct deposit, and your insurance policy number.
- Characteristics of protected classifications under Federal and State Laws, including without limitation the laws of the state of California, for example: marital and familial status as necessary to provide benefits to employees and for tax purposes, and PI regarding disability, medical condition, pregnancy, childbirth, breastfeeding, race, ethnic origin, age, national origin, disability, sex, and veteran status to comply with other legal obligations, including processing your requests for leaves of absence or accommodations, or to the extent volunteered by you for our diversity and inclusion programs.
- Sensitive identifiers, for example: Social Security number (for U.S. residents), Social Insurance Number (for Canadian residents), driver's license number, state/provincial/territorial identification card, or passport number for tax purposes or to comply with other legal obligations, such as verifying or providing support for your authorization to work in the United States or in your other jurisdiction of residence.
- Geolocation data, for example: (1) receipts you submit for business expense reimbursement, (2) your own digital logs of meetings with sales leads maintained in customer relationship management software (“CRMs”) that we may make available to you, and also (3) precise geolocation data, such as global positioning system (“GPS”) tracking data, derived from your mobile device when you use certain device applications we make available to you for business purposes.
- Health information, for example: details of an on-the-job injury collected for workers’ compensation purposes; information regarding your lifestyle factors that you provide to our health insurance provider; health information you volunteer in the context of a voluntary company wellness initiative; or medical condition or disability to the extent volunteered by you for our diversity and inclusion programs.
- Mail, Email, and Text Message Correspondence with Third Parties, for example: your correspondence with our vendors, suppliers, and customers. Also, we inadvertently and unavoidably collect information regarding your personal communications to the extent you may send or receive personal communications on our communication platforms. Unless volunteered and authorized by you, we will not knowingly review the contents any mail, email or text messages you send or receive on any accounts or services that we do not own or license, except for purposes of legitimate investigations to the extent permitted by applicable law.
- Login credentials, for example: login credentials to an online account we own or license.
- Religion or Philosophical Beliefs, for example: if volunteered by an employee in support of the employee’s request for a religious accommodation.
- Sex life, to the extent relevant and necessary for a legitimate internal investigation and only if permitted by law, for example as needed to investigate allegations of sexual harassment.
- Sexual orientation, to the extent volunteered by you, for example, for our diversity and inclusion programs.
1.2. Service Providers
We collect the categories of PI listed in Section 1.1, above from Service Providers, excluding the following categories: (a) benefits information; (b) characteristics of protected classifications under state or federal law, unless volunteered by the Service Provider; (b) health Information, other than information you may volunteer in the context of a voluntary company wellness initiative; and (d) religion, philosophical beliefs, sex life, and sexual orientation, other than information you may volunteer or for purposes of legitimate investigations to the extent permitted by applicable law.
In addition, we collect the following PI regarding Service Providers:
- Compensation: amounts paid to Service Providers for services rendered.
1.3. Related Contacts
As to emergency contacts, we collect only their contact information and their relationship to the individual for whom they are an emergency contact, that latter of which may reveal the contact’s familial/marital status or sexual orientation.
As to spouses or domestic partners, dependents, and beneficiaries, we may collect the following categories of their PI:
- Compensation and benefits information, for example: if an employee notifies our insurance provider that his or her spouse is eligible for health insurance coverage through the spouse’s separate employer.
- Commercial information or geolocation data, for example: if we arrange travel for a dependent to attend an event we host.
- Internet Activity Information, for example: if the individual uses electronic resources or websites we provide.
- Sensory or surveillance data, for example: if the individual enters our facilities.
- Inferences, for example: if we were to infer your sex from you name.
- Characteristics of protected classifications under Federal and State Laws, including without limitation laws of the state of California, for example: childbirth to administer parental leave, marital status to pay taxes, and familial status to administer benefits.
- PI Listed in the California Customer Records Statute (Cal. Civ. Code Section 1798.80(e)), to the extent not listed elsewhere in this Notice, for example: insurance policy numbers if the Related Contact is covered by our insurance as a beneficiary.
- Sensitive identifiers, for example: Social Security numbers for beneficiary designations.
- Health information, for example: lifestyle factors the Related Contact may disclose to our insurance company in support of eligibility for coverage or benefits; or infectious disease information if needed to administer a leave of absence for an employee to care for a Related Contact.
- Mail, Email, and Text Message Correspondence with Third Parties, for example: if communicating with a Workforce Member on a communication platform that we own or license.
- Login credentials, for example: login credentials to a Company benefits portal or site.
- Sex life, for example: date of newborn delivery to administer parental leave protected by State or Federal laws.
1.4. Job Applicants
We collect the categories of PI listed in Section 1.1, above, excluding the following categories: precise geolocation data.
1.5. Note regarding Inferring Characteristics
Although our collection of sensitive PI or PI about your characteristics or protected classification(s) necessarily reveals and entails certain information about you, we do not collect or process such PI for the purpose of “inferring characteristics” about you, as we understand that phrase to be used in the California Consumer Privacy Act of 2018, California Civil Code section 1798.100 et seq., as amended by the California Privacy Rights Act of 2020, and the regulations promulgated under the acts (collectively, “CCPA”).
2. THE CATEGORIES OF SOURCES FROM WHICH WE COLLECT YOUR PI
- You, for example, in your application, forms you fill out for us, assessments you complete, surveys you submit, and any information you provide during the course of your relationship with us.
- Your spouse or dependent with respect to their own PI.
Internally generated, for example, we may generate performance ratings, evaluations, hours worked, and other information about you.
- Vendors and service providers, for example, payroll administrators and other third parties we engage to fulfill human resources functions or provide related services, pursuant to a written contract with us.
- Affiliated companies, for example, when an employee works on a cross-enterprise team.
- Third parties, for example, job references, business partners, professional employer organizations or staffing agencies, insurance companies.
- Public internet sources, for example, social media, job boards, public profiles, and other public online sources.
- Public records, for example, court records, and credentialing and licensing organizations.
- Surveillance or recording technologies installed by Company, for example, video surveillance in common areas of Company facilities, GPS technologies, voicemail technologies, webcams, audio recording technologies, and blue-tooth technologies, all only with consent, to the extent required by law.
- Government or administrative agencies, for example, law enforcement.
- Acquired company, if we were to acquire your employer or other engaging entity, we might collect PI from that entity.
Note: This Workforce Privacy Notice does not cover background screening conducted by third-party background check vendors subject to the federal Fair Credit Reporting Act. We provide separate notices for such screening.
3. THE PURPOSES FOR WHICH WE COLLECT AND USE YOUR PI
In addition to the reasons given above, we collect and use PI for the reasons stated in this Section.
3.1. All Workforce Members
Managing Personnel, including:
(Not applicable to Related Contacts)
- Administration, including:
- To manage personnel and workforce matters
- To communicate with the workforce
- To plan and arrange work supplies and workspaces
- To fulfill recordkeeping and reporting responsibilities
- To recruit new employees
- To resolve internal grievances and disciplinary issues
- To make business travel arrangements
- To manage workforce-related emergencies, including health emergencies
- Workforce development, including:
- To screen workforce for risks to the business and continued suitability in their positions
- To conduct surveys
- Team-building, including:
- To maintain an internal workforce directory and for purposes of identification
- To facilitate communication, interaction, and collaboration among employees
- To arrange meetings and manage company-sponsored events and public service activities
- To promote us as a place to work
- For workforce reporting and data analytics and trend analysis
- For workforce satisfaction
Monitoring, security, and compliance, including:
- To monitor use of our information systems and other electronic resources or information systems
- To conduct internal audits
- To conduct internal investigations
- To administer a whistleblower hotline
- To protect the safety and security of our facilities, including preventing illicit activity
- To report suspected criminal conduct to law enforcement and cooperate in investigations
- To control access to secure facilities
- To monitor compliance with our policies
- To exercise our rights under applicable law and to support any claim, defense, or declaration in legal disputes
Conducting our business, including:
(Not applicable to Related Contacts)
- To engage in marketing, advertising, and promotion
- For communications with prospective, current, and former customers
- To provide a directory and contact information for prospective and current customers and business partners
- For customer service purposes
- To enable us to comply with contractual obligations to customers, vendors, or suppliers
- To manage and fulfill orders
- To manage business expenses, reimbursements, and disbursement of product credits
- To engage in project management
- To conduct product and service training
- To conduct research and development
- To conduct quality assurance and improvement
- For event planning
- To engage in crisis management
(Not applicable to Related Contacts)
- To verify or support your authorization to work in the United States or your other jurisdiction of residence
- To confirm or ensure coverage of you and/or your acts or omissions under our or your insurance policies
- To support claims under our insurance policies
- To comply with our obligations to taxing authorities
Miscellaneous other purposes, including:
- To manage and operate information technology and communications systems, risk management and insurance functions, budgeting, financial management and reporting, and strategic planning
- To manage litigation involving us, and other legal disputes and inquiries and to meet legal and regulatory requirements
- In connection with a corporate transaction, sale, or assignment of assets, merger, divestiture, or other changes of control or financial status of us or any of our subsidiaries or affiliates
- To manage licenses, permits, and authorizations applicable to Company’s business operations
- To protect the rights, property, or safety of Worforce Members, customers, vendors, or others
Generally Applicable Purposes. The following list expresses our purposes generally for collecting and using most of the categories of PI identified above about employees, including (i) identifiers, (ii) professional or employment-related information, (iii) compensation and benefits information, (iv) non-public educational information, (v) commercial information, (vi) Internet activity information, (vii) sensory or surveillance data, (viii) preferences, (ix) inferences, and (x) PI listed in the California public records statute. Our purposes with respect to the remaining categories of PI are addressed further below in a subsequent section.
Managing employees, including:
- Administration, including:
- To set up and manage a personnel file
- To manage performance
- To administer compensation, bonuses, equity grants, other forms of compensation, and benefits (as permitted by law)
- To manage vacation, sick leave, and other leaves of absence
- To track hours and attendance
- To monitor compliance with Company policies and administer discipline
- Employee development, including:
- To provide, evaluate, and manage training
- To evaluate job performance and consider employees for other internal positions or promotions
- To assist with professional licensing
- To develop a talent pool and plan for succession
- Career development activities
- Team-building, including:
- For diversity and inclusion programs
- To arrange team-building and other morale-related activities
- To design employee retention programs
Purposes Specific to Certain Categories of PI about Employees. We may collect and use the categories of employees’ PI listed in this section for the purposes stated below:
Purposes for using employees’ geolocation data:
- Business expense reimbursement
- Sales employees may use CRMs to record details of their meetings with current and prospective customers and business contacts
- To enable or improve the performance of certain functions by software applications we may make available to you for business purposes
Purposes for using employees’ health information:
- To conduct a direct threat analysis in accordance with the Americans with Disabilities Act and state law
- For workers’ compensation purposes
- For occupational health surveillance
- For occupational health and safety compliance and record-keeping
- To conduct fitness-for-duty examinations
- To administer leaves of absence and sick time
- To provide wellness programs
- To respond to an employee’s medical emergency
- Voluntary wellness initiatives
- To the extent health information relates to a protected classification, such as disability, please see the purposes associated with protected classifications below.
Purposes for using employees’ mail, email, and text message correspondence with third parties:
- To conduct and facilitate our business activities, such as when you are communicating with our suppliers, vendors, or customers.
- For purposes of our legitimate investigations (with your authorization, to the extent required by law)
- We inadvertently and unavoidably collect information regarding your personal communications to the extent you send or receive personal communications on mail, email, and messaging platforms that we own or license. Once collected, we cannot practicably distinguish such communications from official business communications, and so we may process such personal communications in the same way as business communications. Note that conducting personal conversations through mail, email, or text message platforms that we own or license may violate our policies.
Purposes for using employees’ religion:
- Please see the purposes associated with protected classifications below
Purposes for using sex life:
- Company may collect and use information about an employee’s sex life only to the extent relevant and necessary for a legitimate Company investigation and only if permitted by law, for example, as needed to investigate allegations of sexual harassment
- To the extent information regarding sex life relates to a protected classification, such as sexual orientation, please see the purposes associated with protected classifications below
Purposes for using employees’ protected categories of information:
We collect information about race, age, national origin, disability, sex, and veteran status as necessary to comply with legal obligations, including the reporting requirements of the Federal Equal Employment Opportunity Act, and certain state laws, which may include, for example, California’s Fair Employment and Housing Act. We also collect information about disability status to the extent an employee may need special assistance during emergencies from us or from first responders.
We may also collect the following characteristics (in addition to those listed above) for our diversity and inclusion programs (including analytics): (a) religion, (b) sex, (c) gender, (d) pregnancy, (e) childbirth, (f) breastfeeding, or related medical conditions, (g) sexual orientation, (h) disability, (i) gender identity, (j) gender expression, (k) marital status, (l) age, (m) familial status, and (n) ancestry.
We also use this PI for additional purposes including:
- with respect to disability, medical condition, familial status, marital status, and pregnancy, childbirth, breastfeeding, and related medical conditions: as necessary to comply with applicable laws related to leaves of absence and accommodation;
- with respect to military and veteran status: as necessary to comply with leave requirements under applicable law and for tax purposes;
- with respect to age: we may use your date of birth for birthday celebrations and identity verification;
- with respect to religion and pregnancy, childbirth, breastfeeding, and related medical conditions: as necessary for accommodations under applicable law;
- with respect to protected classifications, such as national origin: to the extent this information is contained in documents that you provide in I-9 documentation; and
- with respect to marital status and familial status: for events we host and as necessary to provide benefits and for tax purposes.
We collect PI about membership in protected categories on a purely voluntary basis, except where required by law, and use the information only in compliance with applicable laws and regulations.
3.3 Service Providers
Managing Service Providers, including:
- To evaluate the individual’s qualifications for engagements, including licensure and certifications
- To negotiate and execute the agreement with the individual
- To provide orientation and familiarization with Company’s working environment
- To administer the contractual relationship, including payments
- To evaluate the Service Providers’ deliverables or performance of the contract
- To manage absences or other unavailability to perform services
In addition, with respect to (a) geolocation data; (b) precise geolocation data; (c) email, mail, and text message correspondence platforms; and (d) sex life; we may collect and use the PI of Service Providers in the same manner as we do employees, to the extent Service Providers: (i) use applications owned or licensed by us, (ii) bill us for travel or other business expenses, (iii) send correspondence to, or receive correspondence from, mail, email, or text message platforms that we own or license; or (iv) have knowledge or access to evidence that is relevant to legitimate investigations, such as investigations of sexual harassment of employees (subject to the Service Providers’ prior consent where required by applicable law).
3.4. Related Contacts
Spouse, Dependents and Beneficiaries
- To manage and administer benefits
- To communicate with the Related Contact
- To arrange travel to, and manage participation in, Company events
- To communicate in the event of an emergency involving the individual who provided the emergency contact’s information
3.5 Deidentified Information
At times, we convert PI into deidentified information using reasonable measures to ensure that the deidentified information cannot be associated with the individual (“Deidentified Information”). We maintain Deidentified Information in a deidentified form and do not attempt to reidentify it, except that we may attempt reidentification solely to confirm reidentification is not reasonably possible. We prohibit vendors or any other third parties, by contract, from attempting to reidentify our Deidentified Information.
4. HOW WE MAY DISCLOSE YOUR PI
We generally maintain information related to Workforce Members as confidential; however, from time to time, we may have a legitimate business need to disclose Workforce Members’ personal information for one of the purposes listed in Section 3, above, to one or more of the categories of recipients listed below. In that event, we disclose your PI and/or sensitive PI only to the minimum extent necessary to achieve the purpose of the disclosure and only if the disclosure is permitted by applicable laws, including without limitation the CCPA.
- Service providers and contractors: We disclose your PI to service providers and contractors to assist us in meeting our business needs and contractual and legal obligations.
- We disclose your PI to service providers and contractors only subject to written contracts in compliance with the CCPA and any other applicable law.
- Service providers and contractors include auditors, administrative service providers, law firms, travel agencies, benefits providers, and any other entity providing services to us.
- We may also disclose your PI to insurance companies or other third parties with which we maintain a relationship regarding insurance, for example to allow for coverage with respect to your acts or omissions. If an employee will operate an automobile in the course and scope of employment with us, then we may disclose the employee’s name and drivers’ license number to our automobile insurance provider.
- Affiliated companies: Other companies within our family of companies.
- Past, current, and prospective clients and customers: This may include, for example, disclosing a sales representative’s contact information to clients and customers.
- Business partners: For example, we might disclose your business contact information to a co-marketer or co-developer of a new product or service with which you will be working.
- Government or administrative agencies: These may include, for example:
- Internal Revenue Service to pay taxes;
- State agencies, such as California’s Employment Development Department, as required for state payroll taxes and to respond to unemployment or state disability insurance claims;
- The Federal Occupational Safety and Health Administration (commonly known as “OSHA”) and related state laws, such as the California Occupational Safety and Health Agency (also known as “CalOSHA”), as required to report work-related death or serious injury or illness;
- State agencies, such as the California Department of Fair Employment and Housing, as required to respond to employment charges; and
- State agencies, such as the California Department of Industrial Relations, as required to resolve workers’ compensation claims.
- Public: We may disclose your PI to the public as part of a press release, for example, to announce promotions or awards. We may also include your likeness in a video promoting our products, subject to your prior authorization to the extent required by law. We do not disclose sensitive PI to the public.
- Required Disclosures: We may be required to disclose PI (a) in a court proceeding, (b) in response to a court order, subpoena, civil discovery request, other legal process, or (c) as otherwise required by law.
- Legal Compliance and Protections: We may disclose PI when we believe disclosure is necessary to comply with the law or to protect the rights, property, or safety of Company, our users, or others.
We do not sell your PI, nor do we disclose or share the PI covered by this Notice for cross-context behavioral advertising.
5. CPRA-DEFINED PURPOSES FOR COLLECTION, USE, AND DISCLOSURE
The following line items are CPRA-defined “business purposes” recognized by California law that summarize and/or supplement the above-listed purposes for our collection, use, and disclosure of Workforce Members’ PI. California law identifies the categories of activities listed below as ways for businesses like us to express, to California residents, the reasons for our activities with respect to their PI:
- Auditing related to the use Workforce-Member-facing websites, such as assessing the extent of Workforce Members’ adoption of the website
- Detecting security incidents, protecting against malicious, deceptive, or illegal activity, and prosecuting those responsible for that activity
- Debugging to identify and repair errors that impair existing intended functionality of websites, software, and other platforms we own or license for use by Workforce Members,
- Fulfilling human resources functions and performing related services for you, for example: (i) maintaining and servicing your accounts with respect to websites, software, and other platforms we own or license for that purpose; (ii) answering your questions regarding human resources or other matters relevant to your status as a Workforce Member; (iii) verifying your information; (iv) processing direct deposits and benefits; (v) analytic services; (vi) and similar functions and services.
- Providing advertising and marketing services to you, other than cross-context behavioral advertising
- Undertaking internal research for technological improvement and demonstration
- Quality and safety assurance, and improving, upgrading, and enhancing the performance of human resources functions and related activities with respect to you.
- The other operational purposes or purposes set forth in this Notice, which are reasonably necessary and proportionate to achieve the purpose for which the PI was collected or processed, or for other purposes that are compatible with the context in which the PI was collected.
6. HOW LONG WE KEEP YOUR PI
We keep your PI no longer than necessary for the purposes described in Section 3 above and in accordance with our record retention schedule.
We will store your personal data, in a form that permits us to identify you, for no longer than is necessary for the purpose for which the personal data is processed. We store your PI as necessary to comply with our legal obligations, resolve disputes, and enforce and exercise our agreements and rights, or if it is not technically and reasonably feasible to delete your PI.
7. CALIFORNIA PRIVACY RIGHTS AND HOW TO EXERCISE THEM
Subject to applicable law, if you reside in California, then you have the following rights. To exercise these rights, contact us at the phone number or email address posted below and mention that You are a Workforce Member.
7.1. The Right to Know
You have the right to send us a request, no more than twice in a twelve-month period, for any of the following for the period that is twelve months prior to the request date:
- The categories of PI we have collected about you.
- The categories of sources from which we collected your PI.
- The business or commercial purposes for our collecting or selling your PI.
- The categories of third parties to whom we have shared your PI.
- A list of the categories of PI disclosed for a business purpose in the prior 12 months, or that no disclosure occurred.
- Specific Pieces
You have the right to make or obtain a transportable copy, no more than twice in a twelve-month period, of your PI that we have collected in the period that is 12 months prior to the request date and are maintaining. Please note that PI is retained by us for various time periods, so we may not be able to fully respond to what might be relevant going back 12 months prior to the request.
7.2. The Right to Deletion
Except to the extent we have a basis for retention under CCPA, you may request that we delete your PI that we are maintaining. Our retention rights include, without limitation, to complete transactions and services you have requested or that are reasonably anticipated, for security purposes, for legitimate internal business purposes, including maintaining business records, to comply with law, to exercise or defend legal claims, and to cooperate with law enforcement. Note also that we are not required to delete PI that is publicly available, and we are not required to delete lawfully obtained, truthful information that is a matter of public concern.
7.3. Right to Opt Out of Sale and Sharing
As noted above, we do not sell your PI, nor do we disclose or share the PI covered by this Notice for cross-context behavioral advertising. Therefore, there is no need for You to opt out of the sale or sharing of PI covered by this Notice.
7.4.The Right to Correct Inaccurate PI
You have the right to ask that we correct the PI we may have collected about you if that PI is inaccurate. Please correct such inaccuracies yourself to the extent possible. For example, you may be able to correct certain elements of your contact information by logging into your account within ADP. If more corrective action is necessary, please reach out to us at the contact information below.
7.5. How to Exercise Your Rights
To submit a request to know, delete, or correct, reach out to us at the contact information provided at the end of this Notice.
7.6. How We Will Verify and Respond to Your Request:
We will respond in accordance with applicable law if we can verify the identity of the individual submitting the request or, in the case of agents submitting requests on behalf of the data subject, if we can verify the authority of the agent. The processes that we follow to verify your identity when you make a request to know, correct, or delete are described below. The relevant process depends on the nature of the request, and how and why it is submitted. If you send us a request from the email address we assigned you in your capacity as our Workforce Member, we will verify your identity by requiring you to match at least one data point that you provide with your request, or in response to our request for verification information, against information that we already have about you in our records and that we have deemed to be reliable for verification purposes (we refer to this matching as “Matching” a “Data Point”). If we receive the request by any other means, then the verification methods will be as follows:
- Requests to Know Categories of PI: We will require you to Match at least two Data Points.
- Requests To Know Specific Pieces of PI: We will require you to Match at least three Data Points. In addition, we may require you to sign a declaration under penalty of perjury that you are the individual whose PI is the subject of the request.
- Requests To Correct or Delete PI: Our process for verifying your identity will depend on the sensitivity of the PI that you ask us to correct or delete. For less sensitive PI, we will require a Match of two Data Points. For more sensitive PI, we will require a Match of three Data Points and a signed declaration as described in Paragraph 2, above.
We have implemented the following additional procedures when verifying the identity of a requestor:
- If we cannot verify your identity based on the processes described above, we may ask you for additional verification information. If we do so, we will not use that information for any purpose other than verification or as required by law.
- If we cannot verify your identity to a sufficient level of certainty to respond to your request, we will let you know and explain why we cannot verify your identity.
We will acknowledge receipt of your requests to know, to delete, and to correct information within 10 days of receiving the verified request. Within forty-five (45) days, we will take action on, and/or respond to, your request, unless we need additional time, in which case we will notify you that we need up to another forty-five (45) additional days to respond. Responses to requests for specific information about you will be provided using a format that is readily useable, including by mailing you a paper copy or providing an electronic copy to you by email.
7.7. Authorized Agents
If an authorized agent submits on your behalf a request to know, correct, or delete, then the authorized agent must submit with the request either (a) a power of attorney, signed by you, that is valid under California law; or (b) another document signed by you that authorizes the authorized agent to submit the request on your behalf. In addition, we may ask you to follow the applicable process described above for verifying your identity and confirming that you authorized the agent to make the request.
7.8. Company’s Non-Discrimination and Non-Retaliation Policy
We will not discriminate against you in a manner prohibited by the CCPA because you exercise your CCPA rights. However, we may charge a different price or rate, or offer a different level or quality of good or service, to the extent that doing so is reasonably related to the value of the applicable data.
If we change this Workforce Privacy Notice, we will post those changes on this page and update the Workforce Privacy Notice Effective Date above. If we materially change this Workforce Privacy Notice in a way that affects how we use or disclose your PI, we will provide a prominent notice of such changes and the effective date of the changes before making them.
9. FOR MORE INFORMATION
For questions or concerns about Company’s privacy policies and practices, please contact us at