JOB CANDIDATE, INDEPENDENT CONTRACTOR, & EMPLOYEE PERSONAL DATA PRIVACY POLICY

 

Introduction

                               

Phung Enterprises d/b/a Caitlynminimist (“Company”, “we”, “our”, or “us”) is committed to maintaining our job applicants’, independent contractors’ and employees’ privacy. 

 

This Job Candidate, Independent Contractor & Employee Privacy Policy (the “Policy”) is intended to explain to you the practices regarding the collection and use of personal data we collect about you and from you. This Policy does not cover your use of our products as a consumer, outside of your employment with us. To learn more about our personal data practices that cover your use of our products, please read our Website Privacy Policy.

 

This Policy is not intended and shall not be read to create any express or implied promise or contract for employment, for any benefit, or for specific treatment in specific situations. Nothing in this notice should be construed to interfere with our ability to process personal data for purposes of complying with legal obligations or for investigating alleged misconduct or violations of Company policy or law, subject to compliance with local applicable law.

 

Scope

 

This Policy applies to all Company job applicants, independent contractors, employees, and to the personal data of all individuals (“you” or “your”) who apply to be, are, or were, employed by the Company. 

 

Collection and Use of Personal Data

 

The Company collects or may collect personal data to conduct the business of the Company and comply with applicable laws, rules and regulations.  The Company may use your personal data as set forth in this Policy (or any other Company policy, as applicable), and for any other purposes for which your consent is required under applicable law so long as the Company obtains your consent to the extent required under applicable law.  The Company may use your personal data without your knowledge or consent where the Company is permitted or required to do so under applicable law.

 

The Company collects or may collect the following types of personal data depending upon your employment or prospective employment responsibilities, citizenship, location of employment, and other factors:

 

  • Identifiers: name including name history (e.g., maiden name); phone numbers, email addresses, mailing addresses; zip code (postal); government identification numbers (e.g., social security numbers, taxpayer identification numbers, drivers’ license numbers); date of birth; gender; race; ethnicity; family-related data (e.g., marital status and personal data);
  • Internet and other Electronic Information: user IDs; data obtained by the Company in connection with the Company’s exercise of its rights under its other policies such as its Website Privacy Policy (e.g., employee e-mail and data related to Internet use);
  • Professional or Employment-Related Information: resumes and employment applications; references and interview notes; letters of offer and acceptance of employment; payroll information, wage and benefit information; compensation history; performance information; information related to employee health and other benefits including short and long term disability, medical and dental care; beneficiary information; documents and information related to proof of work eligibility; other data deemed to be necessary by the Company or voluntarily disclosed in the course of an employee’s application for and employment with the Company;
  • Education Information: education, training, qualifications, and other certifications; awards; professional memberships;
  • Biometric Information: ;
  • Precise Geolocation:
  • Other Information: photographs and video; banking and other financial data; health and disability data; emergency contact information; family-related data (e.g., health-related data on family members); veteran status;

 

The Company may hold, use, and disclose your personal data for business purposes as are reasonably required by the Company. This includes, without limitation, holding, using, and disclosing your personal data for the following purposes:

 

  • Managing the Employer Relationship: to determine your eligibility for employment with the Company including the verification of references and qualifications; to identify you; to communicate with you; to establish training and development requirements; to conduct performance reviews and determine performance requirements; to assess your qualifications for a particular job, task, or assignment; to gather evidence for disciplinary actions up to and including termination of employment; for human resources management purposes (e.g., the retention and motivation of the Company’s workforce including the Company’s recruitment, compensation, succession planning, performance assessment, training, and employee benefit administration efforts); to conduct data analytics and analysis to review employee retention, attrition rates, and other related statistics.
  • Timekeeping and Access: To verify your identify for timekeeping purposes; to facilitate your access to Company facilities and/or premises.
  • Administration of Benefits: to administer pay and benefits; to process work related claims (e.g., workers’ compensation and insurance claims); to provide employee benefits.
  • Maintain Emergency and General Contacts: to establish a point of contact in the event of an emergency; to contact family or designated individuals; to compile directories.
  • Safety and Security: to comply with laws, rules, or regulations; when, in the Company’s judgment, disclosure is necessary to prevent fraud or to comply with any statute, law, rule or regulation of any governmental authority or any order of any court of competent jurisdiction; to verify your identity for access to Company systems, networks, databases, software, hardware, or devices; to ensure network and information security, including preventing unauthorized access to our computer and electronic communications systems and preventing malicious software or code distribution.
  • Business Transaction: to transfer personal data in connection with an asset sale, acquisition, merger, consolidation, reorganization, divestiture, stock sale, purchase of part or all of the assets of the Company or any of its subsidiaries or affiliates, or other transaction, or by way of assignment (whether by operation of law or otherwise) in connection with any such or similar transaction or in connection with the administration of a bankruptcy estate. In such event, your personal data may become the property of the successor and will be subject to the successor’s privacy policies.
  • Legitimate Business Purposes: to provide and operate the Company’s business processes, systems and business operations (e.g., work assignments, management of Company property, reporting and releasing of public Company data, populating Company directories, and safety and protection of Company employees, directors, owners, agents, assets, resources, properties and facilities); when the Company outsources some or all of its operations to third party service providers who provide services for the Company; to third parties engaged by the Company and serving in an agency capacity to perform functions on behalf of the Company including, without limitation, the processing of personal data for compensation, the provision of employee benefits, the performance of legal and other professional services; in connection with a sale or other disposition of an affiliate or business unit; to enforce or apply the Company’s policies and other agreements; to support internal administration with our affiliates.

 

Where the Company is permitted to do so under applicable law, the Company may share your personal data with its affiliates, employees, contractors, consultants, vendors, service providers and other parties who assist the Company in connection with your hiring and employment or contract with us, including without limitation, employee benefits providers and parties that provide information technology and data processing services to the Company with respect to the operation of its businesses.

 

Additionally, your personal data may be disclosed as required by applicable law, to comply with a court order, subpoena, warrant or other legal process, or where the personal data is publicly available (unless otherwise restricted by applicable law).

 

If the Company engages in the processing of personal data for purposes other than those specified in this Policy, the Company will, where required by applicable law, provide notice of these changes, the purposes for which the personal data will be used, and the recipients of personal data, and obtain your consent if required by applicable law.

 

Collection and Use of Special Categories of Personal Data

 

Certain jurisdictions provide special categories of personal data that are considered sensitive under the applicable laws. Company collects and uses the following special categories of personal data when you voluntarily provide them:

 

  • Social Security number and other government identification numbers (e.g., drivers licenses)
  • health and disability data
  • race or ethnic origin

 

Company collects and uses the foregoing special categories of personal data for the following legitimate business purposes:

 

  • to carry out our obligations under employment law;
  • for the performance of the hiring process and employment contract, and to provide services reasonably expected in the job candidate-employer relationship;
  • for the performance of the employment contract and to provide services reasonably expected in the employee-employer or independent contractor relationship;
  • to protect the Company’s legal interests and to ensure the physical safety of the Company and other individuals; and
  • as otherwise required by law.

 

Where Company has a legitimate need to process special categories of personal data for purposes not identified above and where required by applicable law, Company will only do so after providing you with notice and, if required by applicable law, obtaining prior consent.

 

Information for California Residents

 

The following section of this Policy only applies to employees, independent contractors, or prospective employees or independent contractors who are California residents.

 

Collection

 

Consistent with the “Collection and Use of Personal Data” section above, the Company collects certain categories and specific pieces of personal data about employees who reside in California (“CA Personal Data”). In the prior 12 months, the Company collected the following types of categories of CA Personal Data, which the Company will continue to collect:

 

Personal Data

We collect the following subcategories of Personal Data:

We collect such Personal Data for the following purposes:

Identifiers

Name, date of birth, staff member IDs, home and business address, telephone/email addresses, emergency contact details, national ID/passport, work permits, immigration/visa status, social security numbers

Managing the Employer Relationship

Administration of Benefits

Maintain Emergency and General Contacts

Safety and Security

Business Transactions

Timekeeping and Access

Legitimate Business Purposes

Characteristics of protected classifications under California or federal law

Gender, age, nationality, race/ethnicity, citizenship, and health and medical information (including but not limited to, observations, inquiry responses and testing results)

Managing the Employer Relationship such as:

●       managing absences from work (e.g., sick/maternity leave), accidents at work, employment-related claims

●       arranging sick pay, health and insurance benefit

●       accommodating disability within the workplace

●       providing work-related accommodation

Administration of Benefits

Safety and Security

Business Transactions

Internet or other electronic network activity information

IP addresses, log files, login information, and cookies and device information (e.g., online activity such as date and time of accessing our websites, website addresses accessed, the length of website visits)

Managing the Employer Relationship

Safety and Security

Timekeeping and Access

Legitimate Business Purposes

Approximate Geolocation

IP Addresses and other internet or electronic network activity information (including, without limitation, such information as may be provided by your internet service provider)

Managing the Employer Relationship

Safety and Security

Timekeeping and Access

Legitimate Business Purposes

Sensitive Personal Data

Social Security number and government identification numbers (e.g., drivers license); health and disability data; biometric information (e.g., fingerprints); race or ethnic origin.

To carry out our obligations under employment law;

 

For the performance of the hiring process and to facilitate the hiring and on boarding procedure as reasonably expected in the job candidate-employer relationship.

 

For the performance of the employment contract and to provide services reasonably expected in the employee-employer or independent contractor relationship;

 

To protect the Company’s legal interests and to ensure the physical safety of the Company and other individuals; and

 

As otherwise required by law

 

Audio, electronic, visual, thermal, olfactory, or similar information.

Photographs and videos, thermal information

Safety and Security

Timekeeping and Access

 

Additionally, photos and videos are collected for:

- identification and access (e.g. badges)

- global contact directory

- internal social events (e.g. birthdays, promotion, introduction) and

- external promotion of the Company brand, products and values by posting photo/video content on company websites and social media

Professional or employment-related information

Employment details – job title/position, office location, employment-related agreements, performance and disciplinary records, grievance procedures, sickness/holiday records

Managing the Employer Relationship

Administration of Benefits

Maintain Emergency and General Contacts

Safety and Security

Business Transactions

Timekeeping and Access

Legitimate Business Purposes

Reference and background information, and information obtained from criminal background checks

For vetting/screening, to the extent permissible and in accordance with applicable law,

Corporate Transaction Purposes.

Financial information – banking details, tax information, withholdings, salary, benefits, expenses, company allowances, equity and other long-term incentive grants

Managing the Employer Relationship

Administration of Benefits

Maintain Emergency and General Contacts

Business Transactions

Timekeeping and Access

Legitimate Business Purposes

Spouse and dependent information - marital status, household

Managing the Employer Relationship

Administration of Benefits

Maintain Emergency and General Contacts

Safety and Security

Business Transactions

Legitimate Business Purposes

Education information

Academic/professional qualifications and education

Managing the Employer Relationship

Business Transactions

Legitimate Business Purposes

 

Sources

 

The Company collects certain categories of CA Personal Data directly from employees and, in some circumstances, third parties. The categories of sources that the Company collected CA Personal Data from in the prior 12 months includes the following:

 

  • The Company’s internal and external Website’s (including an employee’s email).
  • The Company’s third party service providers.
  • Job applications and other job candidate, employee, or independent contractor communication with the Company.

 

Disclosures to Third Parties

 

The Company discloses certain categories of CA Personal Data with third parties pursuant to the purposes listed in this Policy. The categories of CA Personal Data that the Company disclosed to third parties who are considered “service providers” (as defined under California law) in the prior 12 months includes the following:

 

  • Identifiers;
  • Characteristics of protected classifications under California or federal law;
  • Internet or other electronic network activity;
  • Approximate Geolocation;
  • Sensitive Personal Data
  • Audio, electronic, visual, thermal, olfactory, or similar information;
  • Professional or employment-related information; and
  • Education Information.

 

The categories of third parties that the Company has disclosed CA Personal Data to in the prior 12 months includes the following:

 

  • Third party service providers, including, for example, [ ].
  • Company affiliates and subsidiaries.
  • Law enforcement.
  • Company affiliates.

 

California Privacy Rights

 

The California Consumer Privacy Act, including as amended by the California Privacy Rights Act (the “CCPA”) grants individuals, that are California residents, certain rights (subject to possible exemptions and exceptions) in regard to our collection of CA Personal Data. These rights include, only to the extent applicable and to the extent granted to you under the CCPA:

 

  • The right to request the disclosures of (1) what personal data has been collected; (2) the categories of sources from which your personal data was collected; (3) the business or commercial purpose for collecting, selling, or sharing your personal data; (4) the categories of third parties with whom we disclose personal data; and (5) the specific pieces of personal data we have collected about you (also called data portability);
  • The right to request the deletion of your personal data that we have collected;
  • The right to request the correction of your personal data that we have collected; and
  • The right to not be discriminated against due to your exercise of your rights under the CCPA. We do not discriminate based on an individual’s exercise of the rights granted to them under the CCPA.

The above rights are only exercisable by you where the CCPA grants you the right being exerted and where no exception or exemption under the CCPA applies. You may also have a registered agent (if and only as permitted under applicable law) that you authorize to act on your behalf. If you have a registered agent act on your behalf, we have the right to authenticate such agent’s authority to act.

 

We do not sell your personal data to third parties, nor do we share your information for purposes of cross-contextual behavioral advertising as defined under the CCPA.

 

To exercise the rights described herein (only to the extent applicable), you may submit a verifiable request to us by through the methods set forth under the “Exercise Your Rights” section below. We will respond to all requests that we receive from you about your personal data in accordance with applicable data protection laws and to the extent permissible under any other applicable laws.

 

Exercising Your Rights

 

To exercise the rights described in this Policy, only to the extent applicable law grants you such rights, please submit a verifiable consumer request to us by either:

 

Calling: [insert toll free number]

Visiting: [insert link to data subject right request form] 

Email: [insert applicable email]

 

Only you or a registered agent (if and only as permitted under applicable law) that you authorize to act on your behalf, may make a verifiable consumer request related to your personal data. If you have a registered agent act on your behalf, we have the right to authenticate such agent’s authority to act. You may only make a verifiable consumer request for access or data portability twice within a 12-month period. Without limiting the foregoing, the verifiable consumer request must:

 

  • Provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal data or an authorized representative.
  • Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.

We cannot respond to your request or provide you with personal data if we cannot verify your identity or authority to make the request and confirm the personal data relates to you.  Making a verifiable consumer request does not require you to create an account with us.  We will only use personal data provided in a verifiable consumer request to verify the requestor’s identity or authority to make the request.

 

We endeavor to respond to a verifiable consumer request within the timeframe required under applicable law. We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded.  If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.

 

Children

 

The Company’s data collection doe pursuant to this Policy is not direct at children under 16 years of age. We do not knowingly collect or use information from children under 16 years of age in our data collection under this Policy.

 

Monitoring by the Company

 

The Company reserves the right to monitor the activities of the Company’s employees and independent contractors during the course and scope of their employment for the Company including, without limitation, employee and independent contractor work emails and Internet use during working hours.  All work product generated by employees and independent contractors, in whatever form (i.e., paper records, computer files or other format) is the property of the Company.  Employees and independent contractors are advised that they should have no expectation of privacy in their stored or transmitted electronic communications through their office devices and that the Company may access these communications and that they should have no expectation of privacy with respect to these communications or their use of Company supplied equipment, communication systems, and other resources.

 

The Company may also monitor job candidates, employee, and independent contractor activities on the Company’s facilities and property.  Some of the Company’s facilities are equipped with surveillance cameras.  These are generally used for the protection of the safety of employees and third parties, to protect against theft, vandalism, and damage to the Company’s facilities and property.  Except as otherwise prohibited by applicable law (including, without limitation, applicable law) recorded images and video may be used by the Company as the Company deems appropriate for the protection of the safety of the Company’s employees and third parties, and to protect against theft, vandalism, and damage to the Company’s facilities and property including disclosing such images and video to law enforcement authorities or appropriate governmental agencies or authorities.

 

Data Retention and Destruction

 

Company will retain personal data for as long as it is needed for or otherwise serves the purposes outline in this Policy, subject to applicable law.

 

Company retains personal data in accordance with Company policies and practices, applicable law and contractual obligations. If there is no activity in relation to the personal data, Company removes it from its database, subject to its internal policies and procedures (including, without limitation, its regular backup and archival procedures and programs), and any applicable legal or regulatory obligations or for the period of time permitted by applicable laws.

 

Accuracy & Security

 

It is every job candidate’s, independent contractor’s, and employee’s responsibility to provide the Company with accurate personal data.  An employee must notify Company when there are changes so Company is able to ensure the personal data collected is reliable for its intended use. 

 

The Company takes reasonable steps designed to protect personal data in its possession from loss, misuse, unauthorized access, disclosure, alteration, and destruction. The Company has put in place reasonable and appropriate technical, physical, and organizational procedures and security measures designed to safeguard and secure the personal data from destruction, loss, alteration, unauthorized access or disclosure, or other forms of unauthorized or unlawful processing commensurate with the risks posed by the particular type of processing, the nature of the personal data and in accordance with applicable law, and taking into consideration the cost of implementing such measures.

 

The Company values job candidates’, employees’, and independent contractors’ trust in providing us personal data; however, no method of transmission over the Internet, or method of electronic storage is 100% secure and reliable. The Company cannot guarantee the security of personal data on or transmitted via the Internet.

 

The Company limits access to its systems that hold certain personal data to authorized Company employees, representatives, and agents who are provided access through a password protection system.  Access to such personal data is limited to Company employees, representatives, and agents who have a need to know such information for purposes of performing their job functions or as otherwise permitted under this Policy.

 

Compliance

 

The Company will use a self-assessment approach to verify compliance with this Policy and periodically verify that the Policy is accurate, comprehensive for the information intended to be covered, prominently displayed, implemented and accessible.

 

If you believe that your personal data has been processed or disclosed in violation of this Policy, the Company encourages you to raise any concerns using the contact information provided in this Policy.  The Company will reasonably investigate and attempt to resolve any complaints and disputes regarding use and disclosure of personal data. 

 

Any job candidate, employee, or independent contractor of the Company that the Company determines is in violation of this Policy will be subject to disciplinary action up to and including termination of employment or a denial of their application for employment.

 

Third Party Privacy Policies

 

Over the course of a job applicant’s, independent contractor’s, and employee’s relationship with the Company, a job candidate, independent contractor, or employee may enter third party websites, use third party provided software applications or platforms, or otherwise be subject to third party privacy policies. This Policy only pertains to the Company’s collection, use, or disclosure of personal data and does not apply to a third party’s collection, use, or disclosure of job candidate, independent contractor, or employee personal data. If a employee clicks on a link to a third party website or is subject to a third party privacy policy, the employee should read that privacy policy.

 

Changes to this Policy

 

This Policy applies from [          ]Company reserves the right to amend the Policy from time to time, consistent with the requirements of applicable law. Any updated version of this Policy will be made available on this site or otherwise made available to you.

 

Contacting the Company

 

If you have questions or concerns regarding this Policy, please contact the Company through the contact methods below:

[MAILING ADDRESS]

[PHONE NUMBER]

[