Consumer: As defined by the CPRA, a consumer is a natural person who is a California resident, living in California for other than a temporary or transitory purpose, or individual domiciled in California.
Personal Information: Commonly referred to as Personally Identifiable Information (“PII”), Personal Information (“PI”) may be defined under various privacy laws, but, generally, is a fact about an individual which, if combined with one or more other facts about that individual, would enable others to determine the specific person to whom the facts apply. Personal information does not include:
- Publicly available information from government records.
- De-identified or aggregated consumer information.
- Information excluded from the CCPA’s scope, like:
- Health or medical information covered by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the California Confidentiality of Medical Information Act (CMIA) or clinical trial data;
- Personal information covered by certain sector-specific privacy laws, including the Fair Credit Reporting Act (FRCA), the Gramm-Leach-Bliley Act (GLBA) or California Financial Information Privacy Act (FIPA), and the Driver’s Privacy Protection Act of 1994.
Sensitive Personal Information: Sensitive Personal Information (“SPI”) is a subset of PI that requires greater security protections and standards of care in handling. SPI, also known as “special categories of information”, is defined as information that if lost, compromised, or disclosed could result in substantial harm, embarrassment, inconvenience, or unfairness to an individual.
Personal Information We Collect
We have collected the following categories of Personal Information and Sensitive Personal Information within the last twelve (12) months:
|A. Identifiers.||A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, Social Security number, driver’s license number, passport number, or other similar identifiers.||YES|
|B. Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)).||A name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver’s license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information. Some personal information included in this category may overlap with other categories.||YES|
|C. Protected classification characteristics under California or federal law.||Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information).||YES|
|D. Commercial information.||Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.||YES|
|E. Biometric information.||Genetic, physiological, behavioral, and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as, fingerprints, faceprints, and voiceprints, iris or retina scans, keystroke, gait,
or other physical patterns, and sleep, health, or exercise data.
|F. Internet or other similar network activity.||Browsing history, search history, information on a consumer’s interaction with a website, application, or advertisement.||YES|
|G. Geolocation data.||Physical location or movements.||YES
|H. Sensory data.||Audio, electronic, visual, thermal, olfactory, or similar information.||YES|
|I. Professional or employment-related information.||Current or past job history or performance evaluations.||YES|
|J. Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99)).||Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records.||YES|
|K. Inferences drawn from other personal information.||Profile reflecting a person’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.||YES|
We obtain the categories of personal information listed above from the following categories of sources:
- Directly from you. For example, from forms you complete or services we provide to you.
- Indirectly from you. For example, from observing your actions on our website or from information your computer or mobile device transmits when interacting with our website or mobile applications, among other things.
- Third parties, including recruiters who submit your information to us, and consumer reporting agencies for employment background checks.
Use of Personal Information
We may use or disclose the personal information we collect for one or more of the following business purposes:
- Fulfill or meet the purpose for which you provided the information.
- Recruiting and retaining employees.
- Collecting and processing employment applications, including confirming eligibility for employment, background and related checks, and onboarding.
- Employee benefit plan and program administration.
- Leave of absence administration.
- Compensation administration and compliance, including payroll, bonuses,
- Processing reimbursements.
- Maintaining personnel records and complying with record retention requirements.
- Communicating with employees and/or employees’ emergency contacts and plan beneficiaries.
- Facilitating and administering the use of the company’s property and resources, including the company’s information systems, electronic devices, network and data, and preventing unauthorized access of such.
- Workplace health and safety compliance.
- Ensuring employee productivity and adherence to the policies.
- Investigating complaints, grievances and suspected violations of policy.
- Complying with applicable state and federal laws, including labor, employment, tax, benefits, workers compensation, disability, equal employment opportunity, workplace safety and related laws.
- Exercising legal rights and defending legal claims.
- Determine whether you may be displaying symptoms of Covid-19 or may have recently been exposed to Covid-19.
- Otherwise as described to you when collecting your personal information or as set forth in the CPRA.
We will not collect additional categories of personal information or use the personal information we collected for materially different, unrelated, or incompatible purposes without providing you notice.
Sharing Personal Information
We may disclose your personal information to a third party for a business purpose. When we disclose personal information for a business purpose, we enter a contract that describes the purpose and requires the recipient to both keep that personal information confidential and not use it for any purpose except performing the contract.
In the preceding twelve (12) months, we have disclosed the following categories of personal information for a business purpose:
Category A: Identifiers.
Category B: California Customer Records personal information categories.
Category C: Protected classification characteristics under California or federal law.
Category E: Biometric information.
Category F: Internet or other similar network activity.
Category G: Geolocation data.
Category H: Sensory data.
Category I: Professional or employment-related information.
Category K: Inferences drawn from other Personal Information.
We disclose your personal information for a business purpose to the following categories of third parties:
- Our affiliates.
- Service providers.
- Third parties to whom you or your agents authorize us to disclose your personal information in connection with products or services we provide to you.
- Law enforcement or governmental authorities as required.
In the preceding twelve (12) months, we have not sold any personal information.
Sensitive Personal Information We Collect
We may also collect or process SPI as necessary to enable us to carry out your instructions, to manage and operate our business, and to comply with our legal and regulatory obligations.
You may also supply us with, or we may receive, the following SPI:
- Username and password;
- Financial, account or billing information, including tax identification number, social security number, or credit/debit card information;
- Proof of identification, including driver’s license number, or state/national government-issued identification;
- Diversity or demographic information, including race or ethnicity, gender or gender identity, religious or philosophical beliefs, political affiliation, opinion or association, veteran or disability status, or sexual preference;
- Information the Company has contractually agreed to manage under heightened confidentiality and security protocols, such as health and financial information or intellectual property;
- Information required to conduct background checks, client due diligence or conflict checks.
The Company collects SPI on the basis of one or more of the following:
- You have given explicit consent to the collection for one or more specified purposes;
- Where the collection of SPI is manifestly made public by you; and/or
- Where the collection is necessary for the establishment, exercise or defense of legal claims.
Where the collection is necessary for reasons of substantial public interest, in accordance with applicable law, the Company may collect SPI for the following reasons:
- For the purposes of the prevention or detection of an unlawful act or for preventing fraud; and
- For the provision of confidential advice.
Right to Access: You have the right to access PI which we may collect or retain about you. If requested, we shall provide you with a copy of your PI which we collect as permitted by the CPRA. You also have the right to receive your PI in a structured and commonly used format so that it can be transferred to another entity (“data portability”).
Right to Know: You have the right to request that we disclose the following about your PI, as defined by the CPRA:
- The specific PI we may collect;
- The categories of PI we may collect;
- The categories of sources from which we may collect your PI;
- The business purpose(s) for collecting or sharing your PI;
- The categories of PI we may disclose for business purposes; and
- The categories of third parties to whom we may share your PI.
Right to Opt Out: The Company does not sell PI within the meaning of the CPRA.
Do Not Share or Disclose My SPI: You have the right to limit how your SPI is disclosed or shared with third parties, as defined in the CPRA.
Right to Deletion: In certain circumstances, you have the right to request the erasure of your PI. Upon verifying the validity of a deletion request, we will delete your PI from our records, and instruct any service providers or third parties to delete your information, when applicable.
Right to Correct: In certain circumstances, you have the right to request correction of any inaccurate PI. Upon verifying the validity of a verifiable consumer correction request, we will use commercially reasonable efforts to correct your PI as directed, taking into account the nature of the PI and the purposes of maintaining your PI.
Please note that the above rights are not absolute, and we may be entitled to refuse requests, wholly or partly, based on exceptions under applicable law.
Exercising Your Rights
If you are a California resident, you can exercise any of your rights as described in this Policy and under applicable privacy laws by using the contact information provided in this Policy below. We will not discriminate against you for exercising such rights. Except as described in this Policy or provided for under applicable privacy laws, there is no charge to exercise of your legal rights. However, if your requests are manifestly unfounded or excessive, in particular because of their repetitive character, we may:
- Charge a reasonable fee taking in account the administrative costs of providing the information or taking the action requested; or
- Refuse to act on the request and notify you of the reason for refusing the request.
Data Storage and Security
The Company shall use a reasonable standard of care to store and protect your PI. We use appropriate physical, technical and organizational security measures and procedures to protect PI from unauthorized use, loss, alteration, destruction or modification. The Company shall retain your PI until the initial purpose for collecting and retaining such data has been satisfied. If you subsequently agree to a new or additional purpose, your PI may be retained for that.
If you have any questions or comments about this policy, the ways in which we collect and use your personal information, your choices and rights regarding such use, or wish to exercise your rights under California law, please do not hesitate to contact us at:
Rosa M. Serrato
730 S. A Street, Oxnard, CA 93030
Tel: (805) 483-1000
Updated: February 14, 2023