CALIFORNIA PRIVACY RIGHTS
The California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA) provide certain protections to California residents concerning the collection and use of personal information, including employment information. In compliance with the CCPA, Best Egg is fully committed to handling the personal information and data of employees and job applications responsibly with respect and due care.
Good employment and engagement practices and the effective running of our business require us to collect, use, store, transfer and otherwise process certain personal information.
We collect and process personal information about you: (i) because we are required or permitted to do so by applicable law, (ii) because such information is necessary to fulfil a contract of employment or engagement with the us and facilitate your relationship with us, (iii) because such information is of particular importance to us and we have a specific legitimate interest under law to process it, (iv) where a public interest requires it, (v) where the personal information is necessary for the establishment, exercise or defense of legal claims, or (vi) where necessary to protect the vital interests of you or another person. If you do not provide certain categories of personal information, we may not be able to accomplish some of the purposes outlined in this Notice and the issue may need to be escalated to Human Resources to deal with as appropriate. We do not sell employee personal information to third parties. If you are a California resident, California law provides you with specific rights regarding your personal information and data. These rights are described below in the section below titled Your Rights as a California Resident.
The Categories of Personal Data We May Collect, Use, Transfer and Disclose, unless restricted by applicable law:
- Recruitment/Applicant information: Pre-employment references; employment history; language(s) spoken; previous compensation; I-9 documentation; voice and video recording.
- Employment and Job Information: Job title and/or position and description of responsibilities/duties; job family; location; band/seniority; Employee Identifiers; department; line and sub-line of business; local Company entity name; cost center information; employment dates; supervisor/manager/team lead name and contact information; work contact information; termination details.
- Personal Demographic Information: Date and place of birth; Dependent date of birth; Nationality; gender; name (including birth surname and any other former names); Dependent full name; family/marital status; copies of birth certificate(s); date of death; details of military service.
- Visa/ Citizenship Details: Work eligibility status; entitlement to residency; citizenship; passport details; visa details; National ID.
- Contact Details: Address, telephone, email, and emergency contact details.
- Payroll: Social Security number or other tax identifier number; bank account details; tax and social security contributions; payroll payments and deductions and other financial information; attendance data; shift and overtime data; governmental forms e.g., IRS W2
- Employee Administration: Reference letters; query management records; Flexible Working Requests; Employee Engagement Survey, personal preferences for events (e.g., dietary requirements), volunteering details, voice, and video recording (e.g., townhalls).
- Life Events Additional Documentation: Medical/diagnosis documentation; personal circumstances; Return to Work Release Documentation; Death Certificate and Death Benefit documentation including beneficiary personal contact information and details; restraining orders, family custody legal/ orders; criminal records; military orders and documentation; personal insurance documentation e.g., house fire/hurricane damage report
- Absence Data: Absence details e.g., sickness, holiday, and maternity leaves.
- Attendance Data: Working Time Details.
- Physical Security and Life Safety Data: Swipe card entry data; security cameras; photograph (Security ID Card); Accident and Incident Reporting; Biometrics (e.g., fingerprints and iris scans); data required for purposes related to Health and Safety in the workplace.
- Compensation: Compensation information (including base salary, market rates, incentive payment(s), stock options information and allowances).
- Employee Benefits Including Retirement: Benefits including family and or other dependent data and retirement information.
- Education and Training: Academic Record, Professional Qualifications and Memberships; professional training; Company internal training; voice and video recording.
- Regulatory Data (where applicable): Licenses and certifications; financial regulatory registration; voice recording
- Succession Planning Details: Reporting structure; talent management and succession planning data (including mobility preferences, date assigned to a talent pool, talent pool name and description, areas of expertise, general management experience, leadership behavior, strengths, and development needs).
- Performance Reviews and Development Plans: Performance related information (including assessments and ratings (results rating, behavior rating, potential rating), performance goals description, key competencies description).
- Employee Relations Case / Compliance / Legal Management: Areas for development, coaching notes, feedback from others, self-assessment description, manager review description, performance expectations, measurement criteria, action dates, manager progress notes; career development information; employment disciplinary record, activities, and investigations; information pertaining to any grievances raised, termination reason.
- Technical information: Including username and passwords, voice data, IP address, domain, browser type, operating system, self-service password management, click-stream data, and system logs) and electronic and non-electronic content and documents created or produced by you using Company systems or in the performance of your role with the Company.
- Diversity and Inclusion Data: (e.g., veteran status, race, ethnicity, age, disability status, sexual orientation, gender, gender identity, and gender expression).
- Signatures, including digital images and physical copies
- Virtual or In Person Events Data: Information needed for participation in virtual or in-person events: speaker biographies, travel details, spouse/partner name, name and age of child/children collected through parents or guardians attending events, dietary requirements of individuals attending an event, Special Assistance needs of individuals attending an event.
- Sensitive Personal Information:
We may collect and process a certain special category of personal information known as sensitive personal data about employees, including contract employees, when required or permitted by applicable law, when necessary for the establishment, exercise, or defense of legal claims, when in furtherance of the operation of our business, or when an employee or contract employee has provided explicit consent. Subject to applicable law, we may process information about:
- Physical and/or mental health for the purposes of benefits administration and addressing workplace health, safety, and accommodation issues
- Work-related illnesses or injuries for the purpose of complying with legal obligations (or assessing entitlements)
- Sexual orientation, race and/or ethnic origin, physical and/or mental health, religious beliefs for purposes of reporting on diversity and inclusion statistics, complying with government reporting requirements, and/or other legal obligations
- Biometric data for the purposes of electronic identification, authentication, and corporate security
The Purposes and Sources for Which We May Collect, Use, Transfer and Disclose Personal Data:
- Administering and managing the Employee employment relationship, general administration, and budgeting; marketing company products; expense management; preparation, management, and use of internal communication, business telephone/e-mail directory.
- Recruiting activities, talent management and succession planning.
- Authentication/identification of Employees, including voice authentication (e.g., for help desk, security).
- Human resources information systems (“HRIS”) and application support and development.
- Information technology and information security support including firewall monitoring, anti-spam and virus protection, and other monitoring
- To assist with Information Technology operational support (including system maintenance and bug fixes).
- Management of internal business operations (including monitoring compliance with Company policies and procedures, for example in accordance with the Company’s regional Cyber Security Monitoring Notices).
- Complying with applicable government reporting and other local law requirements (including the requirements of the US Sarbanes-Oxley Act or other applicable internal control regulations and in such areas as immigration, tax, or statutory financial regulation) and other legal obligations.
- Payroll and compensation management, administration, and processing (including compensation metrics and decisions, bonus calculations and stock plan administration).
- Complying with local or foreign state and/or country specific tax and immigration laws and regulations and payroll reporting, not limited to but including business travel.
- Benefits and insurance administration and management (including information regarding various benefit programs available to Employee’s decisions regarding eligibility for staff loans).
- Fostering career planning and growth.
- Training, advice, and counselling purposes.
- Employee performance and productivity reviews/assessments and general performance management.
- Defending, preparing for, participating in, and responding to potential legal claims, investigations, and regulatory inquiries (all as permitted by applicable law).
- Disciplinary actions/investigations (as permitted by applicable law).
- Managing relationships with clients and other third parties (including licensing and registration bodies, legal counsel, or business counterparties).
- Post-employment purposes (for example, providing employment references, assessing rehire eligibility, and any of the purposes listed in this Notice that may be applicable during the post-employment period).
- To assist with Information Technology operational support (including system maintenance and bug fixes).
- To promote the safe and healthy working conditions of company facilities.
- Diversity and Inclusion Data is used on an aggregated basis for reporting and promotions. Diversity and Inclusion Data excluding disability status is used on a personally identifiable basis, for talent management, succession planning, and training and conference opportunities
- Conducting background screening including verifying criminal history, employment, education, credit and litigation history, bankruptcy, directorships, sanctions, politically exposed persons, financial, regulatory and media checks
- Physical identity for access management
- Incident management (including threat investigations, medical emergencies, and crisis reporting)
- Virtual or In Person Events (including information needed for participation in virtual or in-person events. This may include information on your spouse or children where appropriate. In the context of virtual or in person events, Personal Data or other information may be collected when an individual visits us online to register for an event, attends an event, asks for event information, downloads content, or shares an interest to attend an event through a partner.
- Administering volunteer and giving programs
- Sensitive Personal Information: We may collect and process a certain special category of personal information known as sensitive personal data about employees, including contract employees, when required or permitted by applicable law, when necessary for the establishment, exercise, or defense of legal claims, when in furtherance of the operation of our business, or when an employee or contract employee has provided explicit consent. Subject to applicable law, we may process information about:
- Physical and/or mental health for the purposes of benefits administration and addressing workplace health, safety, and accommodation issues
- Work-related illnesses or injuries for the purpose of complying with legal obligations (or assessing entitlements)
- Sexual orientation, race and/or ethnic origin, physical and/or mental health, religious beliefs for purposes of reporting on diversity and inclusion statistics, complying with government reporting requirements, and/or other legal obligations
- Biometric data for the purposes of electronic identification, authentication, and corporate security
The Categories of Unaffiliated Third Parties with Whom We May Share Personal Information
- Professional Advisors: Accountants, auditors, lawyers, insurers, bankers, tax advisors and other outside professional advisors
- Service Providers: Companies that provide products and services to the Company, such as payroll, partner banks, benefits and retirement service providers; life event assistance services, human resources services, recruitment and training providers; performance management, training, expense management, relocation services, IT systems suppliers and support; reception and security, catering and logistics services providers, translation services, third parties assisting with event organizing and marketing activities, medical or health practitioners, trade bodies and associations, background screening providers and other service providers.
- Public and Governmental Authorities: Entities that regulate our Bank Partners, such as regulatory authorities, law enforcement, public bodies, licensing and registration bodies, judicial bodies and third parties appointed by such authorities.
- Parties Related to a Corporate Transaction: A third party in connection with any proposed or actual reorganization, merger, sale, joint venture, assignment, transfer or other disposition of all or any portion of the Company’s business, or assets
- Current or prospective Investors
- Event Vendors: Event vendors, organizers, speakers, volunteers, contractors, and sponsors to facilitate event
Sale of Personal Information
In the past 12 months, we have not “sold” Personal Information subject to CCPA/CPRA, including Personal Information of minors under the age of 16. For purposes of this Notice, “sold” means the disclosure of Personal Information to a third-party for monetary or other valuable consideration.
Data Retention
We will maintain personal information for as long as it is required to do so by applicable law(s) or for as long as necessary for the purpose(s) of use and processing in Section II, whichever is longer (“the retention period”). Any maximum storage term set forth by applicable law will prevail. We will delete personal information after the applicable retention period.
The criteria used to determine our retention periods include:
- As long as we have an ongoing relationship with the employee or contract employee
- As required by a legal obligation to which we are subject
- As advisable in light of our legal position (such as in regard of applicable statutes of limitations, litigation, or regulatory investigations)
- The time period necessary to achieve the purpose of use and processing
YOUR RIGHTS AS A CALIFORNIA RESIDENT
Listed below is a summary of the rights you are entitled to as a California resident under the CCPA, unless an exception applies:
- To request to be deleted, subject to certain exceptions, including compliance with applicable laws and regulations;
- To request the disclosure of the categories of personal information and data collected, the categories of sources, the purpose of collection, selling, or sharing such information, the categories of information and data that has been shared or sold along with the business purpose, the categories of third parties to whom we have disclosed personal information, and the specific pieces of information we have collected about you;
- To opt-out of the sale or sharing of personal information and data. Please note that the collection and disclosure of certain information and data is needed to comply with applicable law and to facilitate an employment relationship;
- To be free from discrimination for exercising your rights;
- Request the categories of third parties to whom we disclosed Personal Information or data about you and the categories of Personal Information or data that was disclosed and the purpose for disclosing such information;
- Request to correct any inaccuracies about your personal information; and
- Limit the use of sensitive personal information and data.
If you wish to exercise your privacy rights, you may submit your request or to ask any questions about our privacy practices at: recruiting@bestegg.com.
Last Updated: 12/2022