THE COOK AND BOARDMAN GROUP
EMPLOYEE PRIVACY NOTICE FOR CALIFORNIA RESIDENTS
Effective Date: February 1, 2024
The Cook and Boardman Group, LLC (the “Company”) provides this Employee Privacy Notice For California Residents (“Notice”), which applies to employees, independent contractors, and other individuals who interact with the Company in an employment-related capacity (collectively, “employees”) and that are California residents. The Company respects the privacy of our employees and of every individual whose personal data we handle and are committed to the responsible management, use, and protection of personal information. This Notice sets forth our privacy practices as required by the California Consumer Privacy Act, as amended by the California Privacy Rights Act, and its implementing regulations (collectively, the “CCPA”) and explains how the Company collects, uses, and discloses your personal information for purposes of managing your employment relationship with us and your rights under the CCPA. Any terms defined in the CCPA have the same meaning when used in this Notice.
Please read this Notice carefully to understand our practices regarding your personal information and how we will treat it. If there are any material changes to this Notice, we will notify you as required by applicable law.
If you have questions or concerns regarding this Notice, please contact HR@cookandboardman.com.
When we say “personal information” in this Notice, we mean information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular individual or household. The personal information that we collect, use, or disclose about you will depend on our relationship or interaction with you. During the past twelve (12) months, we may have collected the following categories of personal information. Please note that some of the data collection and uses described below may not apply to you.
Category of Personal Data | Purpose for Collection and Use | Categories of Third Parties With Whom We Sell, Share or Disclose Personal Data | Retention Period |
Identifiers, such as a real name, alias, postal address, unique personal identifier, online identifier, IP address, email address, account name, social security number, driver’s license number, passport number, or other similar identifiers. |
Conduct employee onboarding.
Maintain and administer payroll, including, for example, salary administration, payroll management, payment of expenses, to administer other compensation related payments, including assigning amounts of any bonus payments.
Maintain and administer employee benefits, such as medical, dental, optical, commuter, and retirement benefits, including enrollment and claims handling, recording and processing eligibility of dependents, absence and leave monitoring, insurance and accident management.
Maintain personnel records and comply with record retention requirements.
Provide employees with human resources management services and employee data maintenance and support services, administration of separation of employment, approvals and authorization procedures, administration and handling of employee claims, and travel administration.
Maintain employee contact information, including to communicate with employees and their emergency contacts and plan beneficiaries.
Monitor eligibility to work in the United States.
Conduct healthcare-related services, including conducting any pre-employment and employment related medical screenings, including for return to work processes and medical case management needs, determining medical suitability for particular tasks, identifying health needs of employees to plan and provide appropriate service including the operation of sickness policies and procedures.
Conduct performance-related reviews, including performance appraisals, career planning, skills monitoring, job movements, promotions, and restructuring.
Maintain work-related licenses and credentials including provisioning software licenses for use in the course of an employee’s work related responsibilities, ensuring compliance, training, examination and other requirements are met with applicable governing or regulatory bodies.
Ensure a safe and efficient work environment, which includes Company actions relating to disciplinary actions and code of conduct processes and investigations.
Facilitate a better working environment, including conducting surveys, keeping management informed about work issues, and conducting training.
Maintain security of Company property, including information systems, communication systems, electronic devices, network, data and infrastructure, including maintenance of such systems and infrastructure, management of software and hardware assets, system testing, training, and security monitoring.
Comply with applicable state and federal labor, employment, tax benefits, workers' compensation, disability, equal employment opportunity, workplace safety, and related laws.
Ensure employee productivity and adherence to Company policies.
Conduct internal audits and investigate complaints, grievances, and suspected violations of Company policy.
Respond to law enforcement requests and as required by applicable law or court order.
Exercise or defend the legal rights of the Company and its employees, customers, contractors, and agents.
|
Service providers; advertising partners; analytics partners and other parties you may authorize |
For as long as necessary in order to carry out the purpose for which you have shared it with us or to comply with applicable laws or regulations. Retention periods may vary depending on what the information is and what it is used for. |
Personal information categories described in Section 1798.80(e), such as an address, telephone number, passport number, driver’s license or state ID card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information or health insurance information. |
Same purposes as for the Identifiers category above |
Service providers; advertising partners; analytics partners and other parties you may authorize |
For as long as necessary in order to carry out the purpose for which you have shared it with us or to comply with applicable laws or regulations. Retention periods may vary depending on what the information is and what it is used for. |
Protected classification characteristics under California or federal law, such as age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, reproductive health decision making, military and veteran status, or genetic information (including familial genetic information). |
Comply with federal and state equal employment opportunity laws.
Design, implement, and promote the Company's diversity and inclusion programs.
Perform workforce analytics, data analytics, and benchmarking.
Conduct internal audits, grievances, and suspected violations of Company policy.
Exercise or defend the legal rights of the Company and its employees, customers, contractors, and agents.
|
Service providers; advertising partners; analytics partners and other parties you may authorize |
For as long as necessary in order to carry out the purpose for which you have shared it with us or to comply with applicable laws or regulations. Retention periods may vary depending on what the information is and what it is used for. |
Biometric information. |
Time management using biometric time clocks. |
N/A |
For as long as necessary in order to carry out the purpose for which you have shared it with us or to comply with applicable laws or regulations. Retention periods may vary depending on what the information is and what it is used for. |
Internet or other electronic network activity information, including, but not limited to, browsing history, search history, and information regarding an employee’s interaction with an internet website application or advertisement. |
To support information technology services to the workforce and facilitate the efficient use of Company information systems.
To prevent, detect and investigate malicious, fraudulent or illegal activity, violations of Company policies, security breaches, and to monitor and maintain the security of the workplace, prevent unauthorized access to, use, or disclosure or removal of the Company’s property and records, and prevent the disclosure of our confidential information and data.
To monitor use of our information systems and other electronic resources or information systems, to conduct internal audits, to conduct internal investigations, complaints, and grievances, and to protect the safety and security of our facilities.
To comply with applicable laws and regulatory rules requiring employers to maintain certain records.
Exercise or defend the legal rights of the Company and its employees, affiliates, customers, contractors, and agents.
For disaster recovery, business continuity, and record keeping obligations.
|
Service providers; advertising partners; analytics partners and other parties you may authorize |
For as long as necessary in order to carry out the purpose for which you have shared it with us or to comply with applicable laws or regulations. Retention periods may vary depending on what the information is and what it is used for. |
Geolocation data. |
Including, but not limited to, the following:
To support information technology services to the workforce.
For disaster recovery, business continuity and record keeping obligations.
|
Service providers; advertising partners; analytics partners and other parties you may authorize. |
For as long as necessary in order to carry out the purpose for which you have shared it with us or to comply with applicable laws or regulations. Retention periods may vary depending on what the information is and what it is used for. |
Professional or employment-related information. |
Record of recruiting process including verifying eligibility and background checks, onboarding, and ongoing evaluation of an employee's appropriateness for promotion or transfer to a new position at the Company.
Design and administer employee benefit plans and programs, including for leaves of absence.
Maintain personnel records and comply with record retention requirements.
Communicate with employees and their emergency contacts and plan beneficiaries.
Comply with applicable state and federal labor, employment, tax, benefits, workers' compensation, disability, equal employment opportunity, workplace safety, and related laws.
Prevent unauthorized access to or use of the Company's property, including its information systems, electronic devices, network, and data.
Ensure employee productivity and adherence to the Company policies.
Conduct internal audits and investigate complaints, grievances, and suspected violations of the Company policy.
Evaluate and provide useful feedback about job performance, facilitate better working relationships, and for employee professional development, including testing.
Exercise or defend the legal rights of the Company and its employees, customers, contractors, and agents.
|
Service providers and other parties you may authorize. |
For as long as necessary in order to carry out the purpose for which you have shared it with us or to comply with applicable laws or regulations. Retention periods may vary depending on what the information is and what it is used for. |
Education information, defined as information that is not publicly available personally identifiable information as defined in the Family Educational Rights and Privacy Act |
Record of recruiting process including verifying eligibility and background checks, onboarding, and ongoing evaluation of an employee's appropriateness for promotion or transfer to a new position at the Company
|
None. |
For as long as necessary in order to carry out the purpose for which you have shared it with us or to comply with applicable laws or regulations. Retention periods may vary depending on what the information is and what it is used for. |
Inferences drawn from any of the information identified herein to create a profile about an employee reflecting the employee’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes. |
N/A
|
N/A |
N/A |
Sensitive personal information is a subtype of personal information under the CCPA consisting of specific information categories. While we collect information that falls within the sensitive personal information categories listed in the table below, the CCPA does not treat this information as sensitive because we do not collect or use it to infer characteristics about a person.
Sensitive Personal Information Category |
Purpose for Collection and Use |
Categories of Third Parties With Whom We Sell, Share, or Disclose Personal Data |
Retention Period |
Identifiers, such as a Social Security number, driver's license, state identification card, or passport number |
Same purposes as described for Identifiers above. |
Service providers; advertising partners; analytics partners and other parties you may authorize |
For as long as necessary in order to carry out the purpose for which you have shared it with us or to comply with applicable laws or regulations. Retention periods may vary depending on what the information is and what it is used for. |
Account access credentials, such as an account log-in, financial account, debit card or credit card number in combination with any required security or access code, password, or credentials allowing access to an account |
Provide employees with human resources management services and employee data maintenance and support services.
Prevent unauthorized access to or use of the Company information systems, electronic devices, network, and data.
|
None. |
For as long as necessary in order to carry out the purpose for which you have shared it with us or to comply with applicable laws or regulations. Retention periods may vary depending on what the information is and what it is used for. |
Precise geolocation
this is defined by tracking within 1850 feet, e.g., technologies on devices or vehicles
|
Comply with applicable state and federal labor, employment, tax, benefits, workers' compensation, disability, equal employment opportunity, workplace safety, and related laws.
Prevent unauthorized access to or use of the Company's property, including its information systems, electronic devices, network, and data.
Ensure employee productivity and adherence to the Company policies.
Evaluate and provide useful feedback about job performance, facilitate better working relationships, and for employee professional development, including testing.
Exercise or defend the legal rights of the Company and its employees, customers, contractors, and agents.
|
None. |
For as long as necessary in order to carry out the purpose for which you have shared it with us or to comply with applicable laws or regulations. Retention periods may vary depending on what the information is and what it is used for. |
Racial or ethnic origin |
Comply with federal and state equal employment opportunity laws.
Design, implement, and promote the Company's diversity and inclusion programs.
Perform workforce analytics, data analytics, and benchmarking.
Conduct internal audits and investigate complaints, grievances, and suspected violations of Company policy.
|
Service providers; advertising partners; analytics partners and other parties you may authorize |
For as long as necessary in order to carry out the purpose for which you have shared it with us or to comply with applicable laws or regulations. Retention periods may vary depending on what the information is and what it is used for. |
Citizenship or immigration information |
Comply with federal and state equal employment opportunity laws.
Verify employment eligibility.
|
None. |
For as long as necessary in order to carry out the purpose for which you have shared it with us or to comply with applicable laws or regulations. Retention periods may vary depending on what the information is and what it is used for. |
Religious or philosophical beliefs |
Review and process religious reasonable accommodation requests.
Exercise or defend the legal rights the Company and its employees, customers, contractors and agents.
|
None. |
For as long as necessary in order to carry out the purpose for which you have shared it with us or to comply with applicable laws or regulations. Retention periods may vary depending on what the information is and what it is used for. |
Contents of mail, email, and text messages, unless the Company is the intended recipient of the communication |
Conduct internal audits and investigate complaints, grievances, and suspected violations of the Company policy.
Exercise or defend the legal rights of the Company and its employees, customers, contractors, and agents.
|
Service providers and other parties you may authorize |
For as long as necessary in order to carry out the purpose for which you have shared it with us or to comply with applicable laws or regulations. Retention periods may vary depending on what the information is and what it is used for. |
Genetic data |
Investigate and process workers’ compensation claims
Process health insurance claims
Conduct and process employment testing
|
Service providers and other parties you may authorize |
For as long as necessary in order to carry out the purpose for which you have shared it with us or to comply with applicable laws or regulations. Retention periods may vary depending on what the information is and what it is used for. |
Biometric information (to uniquely identify an employee) |
Fingerprinting for a criminal background check after an initial offer of employment is made. Criminal background checks protect the company, mitigate risk, and avoid potential negligent hiring lawsuits.
Ensure accurate time records
Exercise or defend the legal rights of the Company and its employees, customers, contractors, and agents.
|
Service providers and other parties you may authorize |
For as long as necessary in order to carry out the purpose for which you have shared it with us or to comply with applicable laws or regulations. Retention periods may vary depending on what the information is and what it is used for. |
Health information, including job restrictions and workplace illness and injury information |
Investigate and process workers' compensation claims.
Process health insurance claims.
Conduct and process employment testing.
Ensure equal access HR related programs and policies.
|
Service providers and other parties you may authorize |
For as long as necessary in order to carry out the purpose for which you have shared it with us or to comply with applicable laws or regulations. Retention periods may vary depending on what the information is and what it is used for. |
Sex life or sexual orientation information |
Process health insurance claims
Ensure equal access to retirement programs and fertility planning by same-sex spouses
Ensure equal family leave policies and insurance for transgender surgeries
|
Service providers and other parties you may authorize |
For as long as necessary in order to carry out the purpose for which you have shared it with us or to comply with applicable laws or regulations. Retention periods may vary depending on what the information is and what it is used for. |
Collection of Personal Information
We obtain the categories of personal information listed above from the following categories of sources:
- Directly from you. For example, from your responses to information sought in your employee onboarding paperwork or forms you complete.
- Indirectly from you. For example, from your activities on Company-provided software, including email accounts and computers, among other things.
- Other. For example, staffing and recruiting agencies with whom we contract for services and consumer reporting agencies when we perform employee background screenings.
Use of Personal Information
In addition to the purposes identified above, we collect personal information from you to use or disclose as appropriate to: (a) comply with all applicable laws and regulations; (b) conduct employment related screenings and determine your suitability for employment-related positions; (c) engage in corporate transactions requiring a review of human resource records, such as evaluating potential mergers and acquisitions; (d) perform analytics and benchmarking, including for our diversity programs; (e) conduct internal audits and investigations; (f) investigate and enforce compliance with potential breaches of our policies and procedures; (g) administer and maintain our operations; (h) exercise or defend the legal rights of the Company and its employees, affiliates, customers, contractors, and agents; and (i) for any other lawful purpose to further the Company’s legitimate interests.
How We Disclose Personal Information
We may disclose your personal information to our service providers, who may collect or process your information on our behalf for a particular business purpose relating to our HR functions. We grant our service providers access to personal information to the extent needed for them to perform the specific services on our behalf.
Generally, we do not sell, share, or disclose employee personal information, including any sensitive personal information, to third parties. However, we may disclose your personal information to the following categories of third parties:
- At your direction. We may disclose your personal information to any third party with your consent or at your direction.
- Business transfers or assignments. We may disclose your personal information to other entities as reasonably necessary to facilitate or evaluate a merger, sale, joint venture or collaboration, assignment, transfer, or other disposition of all or any portion of our business, assets, or stock, including in connection with any bankruptcy or similar proceedings.
- Legal and regulatory. We may disclose your personal information to government authorities, including regulatory agencies and in court proceedings, as reasonably necessary for our business operation purposes, to assert and defend legal claims, and otherwise as permitted or required by law.
Your Rights and Choices
If you are a California resident, the CCPA provides you with specific rights regarding your personal information. This section describes your CCPA rights, when we receive your verifiable request, including the following: right to know, right to access, right to delete, and right to correct.
Right to Know - Categories Request
You have the right to request, twice in a 12-month period, the following information about the personal information we have collected about you during the past 12 months:
- The categories of personal information we have collected about you;
- The categories of sources from which we collected the personal information;
- Our business or commercial purposes for which we collected, sold, or shared the personal information;
- The categories of third parties to whom we sold or shared the personal information, by category or categories of personal information for each category of third parties to whom the personal information was sold or shared;
- The categories of personal information about you that we disclosed for a business purpose, and the categories of persons to whom we disclosed that information for a business purpose.
Right to Know - Specific Pieces
You have the right to request a transportable copy of the specific pieces of personal information we collected about you in the 12-month period preceding your request. Please note that personal information is retained by us for various time periods, so there may be certain information that we have collected about you that we do not retain for a 12-month period and thus, it would not be able to be included in our response to you. Also, under the CCPA, you may be limited to a certain number of “right to know” requests in any 12-month period.
Right to Delete
You have the right to request that we delete certain personal information that we collected from you. Please understand that we cannot delete personal information in those situations where our retention is required for our own internal business purposes or otherwise permitted by the CCPA (such as fraud prevention or legal compliance). When we receive and confirm your verifiable consumer request, we will delete your personal information from our records, unless an exception applies.
Right to Correct
You have the right to request that we correct inaccuracies that you find in your personal information maintained by us. Once we receive and confirm your verifiable consumer request, we will use commercially reasonable efforts to correct any inaccurate information and we will instruct our service providers or any contractors to correct such information. We will also inform you whether or not we have complied with your request, including any basis for denial of the request.
None of the above rights are absolute and requests may be denied or limited by the Company. Such requests will be considered against all legal or regulatory requirements and privacy considerations concerning the identity or the personal information of other persons, and business considerations including but not limited to the protection of intellectual property or trade secrets, and certain Human Resources records (e.g., investigation and organizational records). Requests may also be limited or denied depending on the technological capabilities and/or limitations of the applicable systems.
We will not discriminate against you for exercising any of your data subject rights and do not charge a fee to process or respond to your requests unless it is excessive, repetitive, or manifestly unfounded.
How to Submit Your Request
Under the CCPA, certain requests you submit to us are subject to an identity verification process (“verifiable request”) to ensure that it is you that is making the request. We will review the information you provide as part of your request and may ask you to provide additional information via email or other means as part of this verification process. To complete the request, you may send an email us at HR@cookandboardman.com with subject line “California Data Request” or by calling us at (336)768-8872.
Only you or a person registered with the appropriate governmental authority that you authorize to act on your behalf may make a verifiable request related to your personal information. If you submit a request on behalf of another person, we may require proof of authorization and verification of identity directly from the person for whom you are submitting a request.
Help
If you have questions regarding this Notice or wish to exercise your rights under the CCPA, please contact us at HR@cookandboardman.com with subject line “California Data Request” or by calling us at (336)768-8872.