APPENDIX C
B2B Contact Personal Information Processing
Collection of Personal Information
We, and our Vendors, may have collected and processed the following categories of Personal Information from or about B2B contacts in the preceding 12 months:
Identifiers, such as real name, alias, postal address, telephone number, email address, other contact information, date of birth, Social Security number, driver’s license number, passport number, written signature, unique personal identifier, Internet Protocol (IP) address, device or mobile advertising ID, service request ID number, or other similar identifiers.
Education information (maintained by an educational institution and as defined in the Family Educational Rights and Privacy Act (20 U.S.C. Sec. 1232g; 34 C.F.R. Part 99)), such as grades, transcripts, class schedules, student identification codes, student financial information, student disciplinary records, or other academic information and records.
Professional or employment-related information, such as employment history, job title, salary, performance evaluations, professional certifications, or other professional and employment-related information.
Characteristics of protected classifications under state or federal law, including race, gender, physical or mental disability, age (40 years or older), citizenship, sexual orientation, veteran or military status, genetic information (including familial genetic information), or religion.
Commercial information, including records of personal property, products or services purchased, obtained or considered, records of program enrollment and activity, or other purchasing or consuming histories or tendencies.
Financial account information, including bank account number, routing information, credit or debit card number, payment amounts, or other financial information.
Internet or other electronic network activity information, including browsing history, search history, cookie data, referring/exiting URL, clickstream data, time spent on a webpage or advertisement, or other information regarding your interaction with an internet website, application, email or advertisement.
Geolocation data, including physical location or movements, geofencing data, or device location.
Audio, electronic, visual, thermal, olfactory, or similar information, such as customer service call recordings, profile photographs, recordings from CCTV cameras at company facilities, video testimonials, or device sensor readings.
Biometric information, including imagery of the iris, retina, fingerprint, face, hand, palm, vein patterns, and voice recordings, from which an identifier template, such as a faceprint, a minutiae template, or a voiceprint, can be extracted, and keystroke patterns or rhythms, gait patterns or rhythms, and sleep, health, or exercise data that contain identifying information.
Physical characteristics or description, such as age, gender, race, disability, height, weight, eye color, or hair color.
Health insurance information, such as insurance policy number or subscriber identification number, application or claims history information, reimbursement data, co-pay data, benefits information, or coverage amounts.
Inferences drawn from any of the information listed in this section (including Sensitive Personal Information) to create a profile about you reflecting your preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, or aptitudes.
Sensitive Personal Information, including:
- Personal information that reveals:
- Sensitive identification numbers, including social security, driver’s license, state identification card, or passport number.
- Account access information, including account log-in, financial account, debit card, or credit card number in combination with any required security or access code, password, or credentials allowing access to an account.
- Your precise geolocation.
- Your racial or ethnic origin, religious or philosophical beliefs, or union membership.
- Contents of your mail, email, and text messages unless the business is the intended recipient of the communication.
- Your genetic data.
- Biometric information for the purpose of uniquely identifying you.
- Personal information concerning your health.
- Personal information concerning your sex life or sexual orientation.
Sources of Personal Information
We collect Personal Information directly from all B2B contacts. We also collect Personal Information from joint marketing partners, public databases, consumer reporting agencies, providers of demographic data, publications, professional organizations, educational institutions, social media platforms, Service Providers and Third Parties that help us locate potential customers and B2B contacts.
Purposes for Collecting & Processing Personal Information
We, and our Vendors, collect and process B2B contact Personal Information (excluding Sensitive Personal Information) described in this California Privacy Notice to:
- Evaluate a potential customer relationship with you.
- Attract and recruit customers to purchase our products/services.
- Verify professional license.
- Evaluate, determine, and arrange purchase agreements.
- Authenticate your identity and provide you with access to online services and products.
- contact you regarding your purchase.
- Comply with laws and regulations, including (without limitation) applicable tax, anti-discrimination, immigration, labor and employment, and social welfare laws.
- Monitor, investigate, and enforce compliance with and potential breaches of ESS policies and procedures and legal and regulatory requirements.
- Comply with civil, criminal, judicial, or regulatory inquiries, investigations, subpoenas, or summons.
- Exercise or defend the legal rights of ESS and its employees, affiliates, customers, contractors, and agents.
We, and our Vendors, collect and process the Sensitive Personal Information described in this California Privacy Notice only for:
- Performing the services or providing the goods reasonably expected by an average B2B contact who requests those goods or services (including offering benefits to employees and their beneficiaries);
- Ensuring security and integrity to the extent the use of the B2B contact's Personal Information is reasonably necessary and proportionate for these purposes;
- Short-term, transient use, including, but not limited to, nonpersonalized advertising shown as part of a B2B contact's current interaction with us; provided that we will not disclose the B2B contact's Personal Information to a Third Party and/or build a profile about the B2B contact or otherwise alter the B2B contact's experience outside the current interaction with the business;
- Performing services on our behalf, including maintaining or servicing accounts, providing customer service, processing or fulfilling orders and transactions, verifying customer information, processing payments, providing financing, providing analytic services, providing storage, or providing similar services on our behalf;
- Undertaking activities to verify or maintain the quality or safety of a service or device that is owned, manufactured, manufactured for, or controlled by us, and to improve, upgrade, or enhance the service or device that is owned, manufactured, manufactured for, or controlled by us.
We do not use or disclose Sensitive Personal Information for purposes other than those specified above.
Disclosures of B2B Contact Personal Information to Third Parties
We have disclosed the following categories of Personal Information to Third Parties in the preceding 12 months:
| CATEGORY OF PERSONAL INFORMATION | CATEGORY OF THIRD PARTY RECIPIENTS |
| Identifiers |
|
| Education information |
|
| Professional or employment-related information |
|
| Characteristics of protected classifications under state or federal law |
|
| Commercial information |
|
| Financial account information |
|
| Internet or other electronic network activity information |
|
| Geolocation data |
|
| Audio, electronic, visual, thermal, olfactory, or similar information |
|
| Biometric information |
|
| Physical characteristics or description |
|
| Health insurance information |
|
| Inferences |
|
| Sensitive identification numbers |
|
| Account access information |
|
| Precise geolocation |
|
| Racial or ethnic origin, religious or philosophical beliefs, or union membership |
|
| Contents of your mail, email, and text messages (unless the business is the intended recipient of the communication) |
|
| Genetic data |
|
| Biometric information for the purpose of uniquely identifying you |
|
| Personal information concerning your health. |
|
| Personal information concerning your sex life or sexual orientation |
|
We disclose to third parties the categories of Personal Information identified above for the purposes listed under the Purposes for Collecting & Processing Personal Information section above, as well as to facilitate a merger, sale, joint venture or collaboration, assignment, transfer, or other disposition of all or any portion of our business, assets, or stock (including in connection with any bankruptcy or similar proceedings); for our business operational purposes, to assert and defend legal claims, and otherwise as permitted or required by law; to conduct research, analytics, and data analysis; to detect and prevent fraud, secure our systems and facilities, and perform accounting, audit, and other internal functions, such as internal investigations; and to comply with law, legal process, and internal policies.