APPENDIX B
Employee Personal Information Processing
Collection of Personal Information
We, and our Vendors, may have collected and processed the following categories of Personal Information from or about employees in the preceding 12 months:
Identifiers, such as real name, alias, postal address, telephone number, email address, other contact information, date of birth, Social Security number, driver’s license number, passport number, written signature, unique personal identifier, Internet Protocol (IP) address, device or mobile advertising ID, service request ID number, or other similar identifiers.
Education information (maintained by an educational institution and as defined in the Family Educational Rights and Privacy Act (20 U.S.C. Sec. 1232g; 34 C.F.R. Part 99)), such as grades, transcripts, class schedules, student identification codes, student financial information, student disciplinary records, or other academic information and records.
Professional or employment-related information, such as employment history, job title, salary, performance evaluations, professional certifications, or other professional and employment-related information.
Characteristics of protected classifications under state or federal law, including race, gender, physical or mental disability, age (40 years or older), citizenship, sexual orientation, veteran or military status, genetic information (including familial genetic information), or religion.
Commercial information, including records of personal property, products or services purchased, obtained or considered, records of program enrollment and activity, or other purchasing or consuming histories or tendencies.
Financial account information, including bank account number, routing information, credit or debit card number, payment amounts, or other financial information.
Internet or other electronic network activity information, including browsing history, search history, cookie data, referring/exiting URL, clickstream data, time spent on a webpage or advertisement, or other information regarding your interaction with an internet website, application, email or advertisement.
Geolocation data, including physical location or movements, geofencing data, or device location.
Audio, electronic, visual, thermal, olfactory, or similar information, such as customer service call recordings, profile photographs, recordings from CCTV cameras at company facilities, video testimonials, or device sensor readings.
Biometric information, including imagery of the iris, retina, fingerprint, face, hand, palm, vein patterns, and voice recordings, from which an identifier template, such as a faceprint, a minutiae template, or a voiceprint, can be extracted, and keystroke patterns or rhythms, gait patterns or rhythms, and sleep, health, or exercise data that contain identifying information.
Physical characteristics or description, such as age, gender, race, disability, height, weight, eye color, or hair color.
Health insurance information, such as insurance policy number or subscriber identification number, application or claims history information, reimbursement data, co-pay data, benefits information, or coverage amounts.
Inferences drawn from any of the information listed in this section (including Sensitive Personal Information) to create a profile about you reflecting your preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, or aptitudes.
Sensitive Personal Information, including:
- Personal information that reveals:
- Sensitive identification numbers, including social security, driver’s license, state identification card, or passport number.
- Account access information, including account log-in, financial account, debit card, or credit card number in combination with any required security or access code, password, or credentials allowing access to an account.
- Your precise geolocation.
- Your racial or ethnic origin, religious or philosophical beliefs, or union membership.
- Contents of your mail, email, and text messages unless the business is the intended recipient of the communication.
- Your genetic data.
- Biometric information for the purpose of uniquely identifying you.
- Personal information concerning your health.
- Personal information concerning your sex life or sexual orientation.
Sources of Personal Information
We collect Personal Information directly from all employees, including Personal Information about employees’ beneficiaries or dependents. We also collect Personal Information from joint marketing partners, public databases, consumer reporting agencies, providers of demographic data, publications, professional organizations, educational institutions, social media platforms, Service Providers and Third Parties that help us screen and onboard individuals for hiring purposes, and Service Providers and Third Parties when they disclose information to us.
Purposes for Collecting & Processing Personal Information
We, and our Vendors, collect and process employee Personal Information (excluding Sensitive Personal Information) described in this California Privacy Notice to:
- Manage your employment or contractor relationship with us.
- Compensation, payroll, tax, and benefits planning, enrollment, and administration.
- Provide you access to ESS systems, networks, databases, equipment, and facilities.
- Workforce and performance management, including personnel planning, productivity monitoring, and evaluation.
- Workforce development, education, training, and certification.
- Monitor, maintain, and secure ESS systems, networks, databases, equipment, and facilities.
- Authenticate your identity and verify your access permissions.
- Arrange, confirm, and monitor work-related travel, events, meetings, and other activities.
- Conduct workforce analytics.
- Problem resolution (e.g., internal reviews, grievances), internal investigations, auditing, compliance, risk management and security purposes.
- Termination and offboarding procedures, such as providing supervisor temporary access to employee files and folders (e.g., OneDrive) on ESS-issued devices, for the purposes of planning transition and continuity of work and preventing undue risk to operations.
- Assess your working capacity or the diagnosis, treatment or care of a condition impacting your fitness for work, and other preventative or occupational medicine purposes (including work-related injury and illness reporting).
- contact and communicate with you regarding your employment, job performance, compensation, and benefits, or in the event of a natural disaster or other emergency.
- contact and communicate with your designated emergency contacts in the event of an emergency, illness, or absence.
- contact and communicate with your dependents and designated beneficiaries in the event of an emergency or in connection with your benefits.
- Comply with laws and regulations, including (without limitation) applicable tax, health and safety, anti-discrimination, immigration, labor and employment, and social welfare laws.
- Monitor, investigate, and enforce compliance with and potential breaches of ESS policies and procedures and legal and regulatory requirements.
- Comply with civil, criminal, judicial, or regulatory inquiries, investigations, subpoenas, or summons.
- Exercise or defend the legal rights of ESS and its employees, affiliates, customers, contractors, and agents.
We, and our Vendors, collect and process the Sensitive Personal Information described in this California Privacy Notice only for:
- Performing the services or providing the goods reasonably expected by an average employee who requests those goods or services (including offering benefits to employees and their beneficiaries);
- Ensuring security and integrity to the extent the use of the employee's Personal Information is reasonably necessary and proportionate for these purposes;
- Short-term, transient use, including, but not limited to, nonpersonalized advertising shown as part of an employee’s current interaction with us; provided that we will not disclose the employee's Personal Information to a Third Party and/or build a profile about the employee or otherwise alter the employee's experience outside the current interaction with the business;
- Performing services on our behalf, including maintaining or servicing accounts, providing customer service, processing or fulfilling orders and transactions, verifying customer information, processing payments, providing financing, providing analytic services, providing storage, or providing similar services on our behalf;
- Undertaking activities to verify or maintain the quality or safety of a service or device that is owned, manufactured, manufactured for, or controlled by us, and to improve, upgrade, or enhance the service or device that is owned, manufactured, manufactured for, or controlled by us.
We do not use or disclose Sensitive Personal Information for purposes other than those specified above.
Disclosures of Employee Personal Information to Third Parties
We have disclosed the following categories of Personal Information to Third Parties in the preceding 12 months:
CATEGORY OF PERSONAL INFORMATION | CATEGORY OF THIRD PARTY RECIPIENTS |
Identifiers |
|
Education information |
|
Professional or employment-related information |
|
Characteristics of protected classifications under state or federal law |
|
Commercial information |
|
Financial account information |
|
Internet or other electronic network activity information |
|
Geolocation data |
|
Audio, electronic, visual, thermal, olfactory, or similar information |
|
Biometric information |
|
Physical characteristics or description |
|
Health insurance information |
|
Inferences |
|
Sensitive identification numbers |
|
Account access information |
|
Precise geolocation |
|
Racial or ethnic origin, religious or philosophical beliefs, or union membership |
|
Contents of your mail, email, and text messages (unless the business is the intended recipient of the communication) |
|
Genetic data |
|
Biometric information for the purpose of uniquely identifying you |
|
Personal information concerning your health. |
|
Personal information concerning your sex life or sexual orientation |
|
We disclose to third parties the categories of Personal Information identified above for the purposes listed under the Purposes for Collecting & Processing Personal Information section above, as well as to facilitate a merger, sale, joint venture or collaboration, assignment, transfer, or other disposition of all or any portion of our business, assets, or stock (including in connection with any bankruptcy or similar proceedings); for our business operational purposes, to assert and defend legal claims, and otherwise as permitted or required by law; to conduct research, analytics, and data analysis; to detect and prevent fraud, secure our systems and facilities, and perform accounting, audit, and other internal functions, such as internal investigations; and to comply with law, legal process, and internal policies.