Pro Mach, Inc. Data Processing Notice for Employees and New Hires
Last Updated: August 28, 2023
Pro Mach, Inc. including our related subsidiaries and affiliates, (collectively “ProMach”) is committed to protecting the privacy and security of your Personal Information. As part of the employee enrollment process and in connection with your employment with ProMach, you may be asked to provide, and ProMach will need to retain and process, certain Personal Information about you and other third-parties. We want you to know that we respect your privacy, and place great importance on maintaining the security of Personal Information that you provide to us. This Data Processing Notice (“Notice”) describes how ProMach collects, discloses, and uses your Personal Information, your responsibilities and obligations to ProMach and others, and the data privacy rights afforded to you under certain data protection laws, statutes, and regulations (“Data Protection Laws”). Please read this Notice carefully.
This Notice does not form part of any contract of employment or other agreement to provide services, and nothing in this Notice shall be construed to (in any way) terminate, supersede, undermine, or otherwise modify the status of the employment or professional relationship between you and ProMach, pursuant to which ProMach may terminate the employment or professional relationship at any time, with or without cause, and with or without notice. This Notice imposes no independent obligation on ProMach to proceed with any business transaction or agreement, and does not create any employment or professional relationship between you and ProMach. ProMach may amend or update this Notice from time to time and we will, when necessary and appropriate, notify you of such amendments and updates.
Definitions: For purposes of this Notice, the following terms are defined as followed:
The term “Personal Information” means any information that can be used to distinguish or trace an individual’s identity, either alone or when combined with other personal or identifying information, that is linked or linkable to a specific individual, and that is subject to, or otherwise afforded protection under, any Data Protection Laws.
The term “Sensitive Personal Information” means any Personal Information that (i) poses a risk of financial, reputational, or other harm to an individual if compromised, or (ii) reveals race or ethnicity, political opinions, religious or philosophical beliefs, membership in a trade union, (iii) relates to the processing of genetic data, (iv) biometric data for the purpose of uniquely identifying a natural person, (v) data concerning an individual’s physical, metal, or emotional health, (vi) data concerning an individual’s sex life and sexual orientation, and (vii) an individual’s criminal records. For illustrative purposes only, the term Sensitive Personal Information may include, but is not limited to, the following: a national identification number (e.g., Social Security/Insurance Number), driver’s license number, bank account number, credit or debit card number, passport number and date of birth (when in combination with other data that can subject an individual to risk of identity theft), and user names and passwords for online accounts.
Categories/Types of Personal Information: ProMach collects Personal Information to satisfy its legitimate business purposes and interests, or as may otherwise be required or permitted by law. The types and categories of Personal Information that ProMach collects and retains in the employment context is set forth in Annex A. This Personal Information may relate to a ProMach employee, or an employee’s family, partners, dependents, or other individuals that have a familial or other relationship with the employee. ProMach may collect and process Personal Information concerning third parties related to, or otherwise affiliated with, its employees (e.g., emergency contact information, beneficiary information, and employment references).
Online Monitoring. Please be aware that ProMach uses cookies and other tracking technologies within our internal “intranet” and external websites (each a “Site”) to monitor and record any and all activities and communications to, from, and on the Site in order to safeguard, improve, and analyze usage of the Site, and for the other purposes listed in this Notice. For the avoidance of doubt, you hereby acknowledge, agree, and consent (to the extent such consent is legally permissible) to the monitoring and recording of all such activities and communications on each Site. In the event you access a ProMach external-facing website, your Personal Information will also be collected and processed in accordance with the privacy policy posted or otherwise linked to such a website.
Sources of Personal Information Collection:
Most often, ProMach collects Personal Information directly from the applicable employee (electronically, in writing, or verbally). For example, ProMach requires employees to complete background information when they begin employment or enter into a contractual relationship with ProMach. ProMach may receive Personal Information about an employee (indirectly) from third parties within ProMach, such as a supervisor or colleague. ProMach may also receive Personal Information about an employee from third parties who provide services to ProMach, such as companies that provide benefits, payroll, corporate training or other services. For example, if an employee has been hired through a third-party staffing or recruiting firm, ProMach will receive Personal Information on his or her experience and qualifications. In addition, Personal Information on an employee’s use of the Internet, email, or other ProMach systems and applications is automatically generated. Where permitted or otherwise authorized by law, we will collect and retain Personal Information about employees as part of the background check process.
Purposes of Data Processing: ProMach collects and uses Personal Information about, or related to, its employees and relevant third parties for a broad range of routine legal, business, and human resource (“HR”) management purposes. See Annex B for examples of our use of your Personal Information. ProMach may have multiple reasons to process Personal Information, and the identification of one such reason does not preclude the applicability of any other. ProMach may, from time to time, provide additional information with respect to the means and purposes for collecting and using Personal Information..
In the event that our data processing will occur for reasons outside of those detailed in this Notice, additional notification of that processing will, if required by Data Protection Law, be provided. ProMach does not undertake any decision-making concerning its employment activities solely by automated means and without any human involvement.
Disclosure of Personal Information: When appropriate to support ProMach’s management and administration, or to comply with legal or regulatory obligations, ProMach may disclose, transfer, or otherwise share Personal Information with authorized third-parties, such as any ProMach affiliate or subsidiary, or third-party vendors and service providers. For example, as part of our data sharing practices, we may provide Personal Information to regulatory and law enforcement authorities, or ProMach’s outside legal counsel, auditors, and other professional advisors when required by law or to further our business interests. We may also disclose your Personal Information to third-party service providers, such as the payroll company we use to facilitate payment obligations, the administrator of our group pension plan, brokers who we use to obtain insurance for your benefit, our private medical care provider, our private dental care provider, providers of online training services, external training providers, employment screening and verification support services, and other types of service providers (e.g., our cloud storage providers). ProMach may also share your Personal Information with potential acquirers or investors of ProMach, or the business area in which you work. We may share your Personal Information in the event of a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of ProMach’s practice or assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which Personal Information held by ProMach, in any form or format, is among the assets transferred.
Data Retention: The Personal Information you provide to ProMach may be stored electronically, and/or in hard copy. ProMach implements appropriate technical and organizational measures, commensurate with the nature, scope, context, purposes, and risks of processing, associated costs, and business resources, during its data processing activities, including protections to mitigate the risk of unauthorized or unlawful processing and accidental loss, destruction, or damage. These measures include password protections for online information systems, anonymization of data in certain circumstances, and restricted access to Personal Information, such as when Personal Information is processed by ProMach’s Human Resources Department. ProMach employees and authorized third-parties that have access to your Personal Information are bound by confidentiality obligations, and are required to treat your Personal Information in accordance with applicable legal requirements. ProMach will only retain your Personal Information so long as it is necessary to perform a function for which it was originally collected, which may include the management and administration of pre-, current, and post-employment relationships.
If you are offered, and accept, an employment position with ProMach, we will retain the information you provided during the employment application and recruitment process in accordance with our employee records schedule, to which you will have access upon your start of employment. If you are not provided, or accept, an employment offer, ProMach will retain your Personal Information in accordance with our internal retention management process, which is designed to ensure that records no longer necessary for legal, regulatory, administrative or business purposes may be disposed of in a timely manner.
International Data Transfers: ProMach is a global corporation and located in jurisdictions across the world. The Personal Information that ProMach collects, uses, and retains will be stored in United States and may be stored in other countries in which we, or our service providers, have locations. Please be aware that your Personal Information may be retained in a country that does not provide the same level of protections as the laws in your country of residence or location. The measures that we use to protect Personal Information are subject to the legal requirements of the jurisdictions to which we transfer Personal Information, including lawful requirements to disclose information to law enforcement and government agencies in those countries. In addition, ProMach does not participate in the United States-European Union Data Protection Framework (DPF). To the extent we transfer your Personal Information outside the jurisdiction in which you reside, we will do so using appropriate and suitable safeguards in compliance with applicable Data Protection Laws. If you wish to access written information about our policies and practices regarding service providers outside of your country of residence, or if you have any questions about the collection, use, disclosure, or storage of Personal Information by service providers outside of your country of residence, please contact us in accordance with the Contact Information section, below.
Your Data Rights and Responsibilities: Depending on the jurisdiction in which you reside, or where ProMach conducts its data processing activities, you may be afforded additional rights or privileges under applicable Data Protection Laws. Schedule 1 sets forth those additional data protection rights or privileges.
To the extent your provide ProMach with Personal Information, including the Personal Information on a third-party, you must (i) ensure, on a continuing basis, the accuracy, reliability, and relevancy of such Personal Information, (ii) only collect and provide to ProMach such Personal Information in accordance with all applicable Data Protection Laws, including when applicable, in accordance with all data processing notice and consent requirements, and (iii) inform the third-parties whose Personal Information you provide to ProMach, or who the third-party directly provides ProMach to facilitate or engage in a personal, non-business, related function with you, that the ProMach will collect and retain such Personal Information in accordance with our website privacy policy, which may be amended from time to time. Without limiting the foregoing, you must, promptly and without delay, notify ProMach (preferably in writing) of any amendments that need to be made to your Personal Information to ensure its accuracy, reliability, and relevancy. If you choose not to provide us with the Personal Information identified herein, then ProMach may not be able to satisfy our own contractual or legal obligations, and, in such circumstances, continued employment with ProMach may not be permissible. You acknowledge and agree that ProMach shall not be held liable for any consequence directly resulting from these circumstances. For general information about ProMach’s consumer privacy practices, please visit https://www.promachbuilt.com/privacy/.
Data Safeguards: ProMach has implemented appropriate physical, technical, and organizational security measures designed to secure your Personal Information against accidental loss and unauthorized access, use, alteration, or disclosure. All employees who have access to Personal Information shall collect and use such data in accordance with all applicable Data Protection Laws and ProMach policies and procedures, including this Notice. Any employee who has access to Sensitive Personal Information shall, at any and all times, (i) protect its confidentiality, integrity, and availability, (ii) protect it from any unlawful or unauthorized access, use, or disclosure, and (iii) limit its access and use to the minimum extent necessary and required to perform an authorized business or legal function. Without limiting the foregoing, all ProMach employees who collect, use, or access Sensitive Personal Information are hereby prohibited from the following: publicly displaying or posting the Sensitive Personal Information; requiring an individual to transmit the Sensitive Personal Information over the Internet without a secure connection or encryption; and selling or using the Sensitive Personal Information for any purpose unrelated to ProMach’s business operations. Any employee who reasonably suspects a breach of the foregoing must immediately notify his/her supervisor.
Website Privacy Statement: For information regarding ProMach’s privacy practices concerning customers, consumers, and business-to-business contacts, please see https://www.promachbuilt.com/disclaimer-privacy-policy/.
Contact Information: If you have questions, concerns, or comments related to how ProMach processes your Personal Information, including whether you would like to exercise the rights and privileges described herein, please email our Data Privacy Champion at [email protected]. In the alternative, you can write to us at the following:
Pro Mach, Inc.
ATTN: Privacy Request
50 East Rivercenter Blvd., Suite 1800
Covington, KY 41011 U.S.
ANNEX A
The Personal Information ProMach Collects and Retains
General Categories |
Description |
|
Personal Identifiers and Contact Data |
Basic data that is used to identify or contact an individual (e.g., name, title, email address, telephone number, physical address, and date of birth). |
|
Sensitive Government Identifiers |
Information used to validate your identify, such as a social security number, driver’s license number, state identification card, and passport number. |
|
Personnel File Data |
Data describing an individual’s current employment-related functions, responsibilities and job-related details (e.g., current position, title, salary plan, pay grade or level, unit/department location, supervisor and subordinates, identification number assigned by HR, employment contract or another contractual arrangement in place, work history with ProMach, start and termination dates, length of service, promotions, compliance-related behavior, criminal records, violations of ProMach policies and procedures, disciplinary matters, hotline submissions, internal complaints, or claims, investigations, results and remediation steps and actions). |
|
Payroll and Benefits Data |
Information ProMach requires to process payroll, health, wellness, and other benefits (e.g., salary and wage, banking details, bonus, benefits including for dependents, stock incentives, overtime, salary reviews, working time records, tax and social security details, including pension administration). |
|
Administrative Data |
Data related to the administration of ProMach’s HR and administrative functions (e.g., email and user accounts, user rights, IT and collaboration tools, helpdesk information, organizational details, including attendance, document repositories and portals, charging codes, email, telephone, Internet and resource usage information, log files, IP addresses, traffic data and content of communications, photographs and visual images, business travel and expenses). |
|
Immigration and Work Eligibility Data |
Data and documentation required under immigration laws (e.g., citizenship, passport data, visa data, details of residency or work permit, I-9 data). |
|
Health Data |
Information about your health, including any medical condition, health and sickness-related data (e.g., sick leave requests), and ability to perform work-related functions and activities. |
|
Professional Experience |
Data included in a personal resume (e.g., curriculum vitae, former employment and employer, awards and recognitions, language proficiency, memberships and associations, references, publications, volunteer work, career goals, and professional skills). |
|
Education Data |
Information pertaining to an individual’s education (e.g., level of education completed, schools and universities attended, degrees and certifications obtained, dates of graduation or completion, grades and grade point average, transcripts, attendance records, courses taken, sanctions or other disciplinary record, awards and honors). |
|
Video Communications, Audio, and Images |
Video conferencing events information (e.g., voice and/or video recordings, in the course of training events, meetings, conferences and other events that ProMach may organize), telephone and similar voice recordings, and employee photos for identification badges, system profiles, and similar purposes. |
|
Career Development and Performance Data |
Data related to an individual’s performance and goals with ProMach (e.g., performance appraisals, career goals and development, action planning, career plans, degree of performance, appraisal and assessment records, training data). |
|
Feedback |
Your feedback about ProMach’s work environment, products, goods and/or services, which include data gathered from questionnaires which you voluntarily complete. |
|
Correspondence Data |
Records and copies of an individual’s correspondence with ProMach. |
|
Technical Data and Communications Content |
Electronic communications information, such as email, computer, internet, telephone, and mobile device usage; IP address; log-in information; and other data describing an individual’s use of ProMach resources and content associated with such usage (e.g., usage and content retained in or transmitted on a ProMach’s laptop, desktop, cellphone, email account, or telecommunications systems). |
|
Geolocation; Badge Swipes |
Data about your location recorded by computing, information technology, and electronic card access systems, networks, and devices. We also record and retain information related to where and when you “swipe” your employee badge in connection with a ProMach entrance or exit point, or to access ProMach equipment, assets, or resources. |
|
Stock Ownership |
When relevant, we collect details of any shares, directorships, awards or any other equity or share rights you may have in ProMach (whether awarded, cancelled, purchased, exercised, vested, unvested or outstanding). |
|
Characteristics of Protected Classifications Under State or Federal Law |
ProMach collects information that is considered protected under state or federal law such as age, national origin, citizenship, marital status, information related to medical conditions (including physical or mental disability information) when relevant, gender, pregnancy or childbirth and related medical conditions, veteran or military status, etc. |
|
Equality and Diversity Information. |
Information about your race, ethnicity, sexual orientation, and veteran and disability status. |
|
Inferences |
ProMach may, in limited circumstances, draw inferences from the (non-sensitive) Personal Information identified in this Annex A (e.g., the level of performance of a specific employee during a specific period of time) to better assess employee performance and for similar business purposes. |
ANNEX B
Examples of Our Use of Your Personal Information
Making a decision about your recruitment or appointment, and checking that you are legally entitled to work in the applicable jurisdiction. |
Determining the terms on which you work for us, and administering the employment agreement or contract we have entered into with you, which includes paying you and, if you are an employee, deducting tax and social security contributions, providing benefits to you such as private medical coverage, dental coverage, childcare vouchers, and liaising with benefits and pension providers, where applicable. |
Addressing legal disputes and work accidents that involve you, and gathering evidence for possible grievance or disciplinary hearings. |
Making decisions about your continued employment or engagement with ProMach, and facilitating termination arrangements. |
Managing employee career development, performance (e.g., performance reviews, managing performance, and determining performance requirements), assessing qualifications for a particular job or task, including compensation and benefits; benchmarking, administering payroll and benefit arrangements (including long-term incentive awards and bonus administration); obtaining management and employee satisfaction feedback; managing absences (e.g. sickness, parental leave and other family-related and flexible-work policies); overseeing health and safety as well as travel and expenses; reporting on general headcount; planning for emergency response and disaster recovery; ensuring compliance with ProMach’s Code of Conduct. |
Executing ProMach’s day-to-day activities, allowing employees to work together and collaborate, providing services to customers, and ensuring business continuity. |
Complying with health and safety obligations, including taking the following actions: helping to maintain the health and safety of ProMach’s employees and others in the workforce; implementing and maintaining emergency and/or exposure management programs concerning hazardous substances; assessing the working capacity of an individual; reintegrating individuals into the workforce (including checking and monitoring fit-for-work status); providing support and care for individuals entitled to benefits in connection with illness or (partial or full) work incapacity; detecting and responding to an incident; managing the employee health file; providing employees with social benefits that depend on the state of an individual’s health (e.g., parental leave, sick leave); maintaining proper documentation of accidents and first-aid health care in case of incidents; and responding to pandemics, epidemics, and other health emergencies. |
Ensuring compliance with legal or fiscal obligations and ProMach policies (e.g., anti-money laundering, bribery, fraud and corruption), which includes undertaking auditing, investigations, and background checks on employees. |
Security purposes (such as detecting security incidents, protecting against unauthorized, malicious, deceptive, fraudulent, or illegal activity, and prosecuting those responsible for that activity) and ensuring network and information security, including preventing unauthorized access to our communication systems and preventing malicious software distribution. ProMach monitors our information security environment, including email communications transmitted or stored thereon, and employees should have no expectation of privacy with respect to any communications transmitted or stored on ProMach’s information technology, networks, or assets. |
To display employees’ business contact details (e.g., names or photographs) on ProMach’s website or on other social media websites and in other means of communication, such as press releases, newsletters or marketing materials. |
To conduct data analytics studies to review and better understand employee retention and attrition rates, identification of key skills, review of performance indicators, identify employee patent or advances filed, understand impact and use of project charging codes, and build generic, employee-related profiles to be used for ProMach’s analytical and business development purposes, including but not limited to, reviewing trends, identification of skills for certain positions/roles, and establishing and understanding performance review criteria. |
To carry out diversity and equal-opportunity monitoring and reporting, thereby enabling ProMach to support employees in expressing their individual diversity, ensuring that our workforce is positioned to meet the diverse needs of our consumers, ensuring that talent systems and practices support the full development and advancement of all employees, and generating aggregated level reports and analytics for ProMach so that we have a better understanding of our diversity in support of inclusive cultures. |
SCHEDULE 1
JURISDICTION SPECIFIC DATA PROTECTION LAWS
If your Personal Information is subject to, or afforded protection under, any of the following Data Protection Laws, then you are entitled to receive notice of the following:
CANADA (INCLUDING QUEBEC)
ProMach will collect, store, use, and process Personal Information in accordance with this Notice and ProMach’s obligations under applicable data protection laws in Canada, including the Act to Modernize Legislative Provisions respecting the Protection of Personal Information (collectively, “Canadian Data Protection Law”). Pursuant to Canadian Data Protection Law, you have the following rights and privileges
- Access Rights. You can ask ProMach for a copy of the Personal Information that we retain about you.
- Rectification/Correction Rights. You can ask ProMach to change incorrect or incomplete data, or to make changes yourself where you have access.
- Withdraw Consent. Where you have furnished to ProMach your consent for a data processing activity, you may notify ProMach of your intent to withdrawal you consent, and we will advise you of any consequence of withdrawing your consent at the time of your request.
- Deletion Rights. You can ask us to delete or stop processing your data, for example where the data is no longer necessary for the purposes of processing.
ProMach is a global corporation and located in jurisdictions across the world. The Personal Information that ProMach collects, uses, and retains will be stored in United States and may be stored in other countries outside Quebec or Canada where we, or our service providers, have locations. Please be aware that your Personal Information may be retained in a country that does not provide the same level of protections as Canadian Data Protection Laws. The measures that we use to protect Personal Information are subject to the legal requirements of the jurisdictions to which we transfer Personal Information, including lawful requirements to disclose information to law enforcement and government agencies in those countries. To the extent we transfer your Personal Information outside Quebec or Canada, we will do so using appropriate and suitable safeguards in compliance with applicable Data Protection Laws. If you wish to access written information about our policies and practices regarding service providers outside of Quebec or Canada, or if you have any questions about the collection, use, disclosure, or storage of Personal Information by service providers outside of your country of residence, please contact us in accordance with the Contact Information section, above.
Surveillance. ProMach engages in “electronic monitoring” of employee devices and use of ProMach systems, networks, and other devices, and this Notice, and other applicable ProMach policies, serves as notice of the same. The term “electronic monitoring” means the “collection of information on an employer’s premises concerning employees’ activities or communications by any means other than direct observation, including the use of a computer, telephone, wire, radio, camera, electromagnetic, photoelectronic or photo-optical systems
EUROPEAN UNION (EU), SWITZERLAND, AND UNITED KINGDOM (UK)
If you are located in the EU, Switzerland, or the UK, you have the following data protection rights:
- Right to Know. The right to know about what Personal Information ProMach collects and processes about you, including the types and categories of Personal Information we collect and process, the sources of such Personal Information, our retention criteria, with whom we share your Personal Information, cross-border data transfers, and how to file complaints and inquiries. Such information is set forth in this Privacy Policy.
- Automated Decision Making. ProMach does not engage in any activity that subjects our customers, Site users, survey participants, or others to a decision based solely on automated processing, including profiling, which produces legal effects, or similarly significant results, impacting them.
- Access Rights. You may ask us whether we process any of your Personal Information and, if so, receive access to such Personal Information . When complying with an access request, we will also provide you with additional information, such as the purposes of the processing, the categories of Personal Information concerned as well as any other information necessary for you to exercise the essence of this right.
- Rectification. You have the right to have your Personal Information corrected/rectified in case of inaccuracy or incompleteness. Upon request, we will correct inaccurate Personal Information about you and, taking into account the purposes of the processing, update any incomplete Personal Information, which may include the provision of a supplementary statement.
- Erasure. You have the right to have your Personal Information erased, which means the deletion of your Personal Information by us and, where possible, any other controller to whom your data has previously been disclosed. However, your right to erasure is subject to statutory limits and prerequisites (e.g., where your Personal Information is no longer necessary in relation to the initial purposes for which it was processed, your Personal Information was processed unlawfully).
- Restriction of Processing. You have the right to obtain the restriction of the processing of your Personal Information, which means that we suspend the processing of your Personal Information for a certain period of time. Circumstances which may give rise to this right include situations where the accuracy of your Personal Information is contested, but we need time to verify the inaccuracy (if any) of your Personal Information.
- Data Portability. You have the right to request us to provide you with your Personal Information in a structured, commonly used and machine-readable format and to have such data transmitted directly to another controller, where technically feasible.
- Right to Object. You have the right to object to the processing of your Personal Information, which means you may request us to no longer process your Personal Information. This only applies in case the “legitimate interests” ground (including profiling) constitutes the legal basis for processing (see below “Legal Basis for Processing”). However, at any time (and free of charge) you can object to having your Personal Information processed for direct marketing purposes.
- Withdrawing Consent. You also may withdraw your consent at any time if we are solely relying on your consent for the processing of your Personal Information. However, this will not impact our legal basis to process such Personal Information prior to the withdrawal of your consent.
To exercise any of these data privacy rights, please complete our privacy webform or contact us, or have your designated agent contact us, in accordance with the “Contact Us” section listed below. To the extent permitted by law, we will need to verify your identity (or the identity of your agent) and ensure the authenticity of your request.
Legal Basis for Processing.
We process your Personal Information in accordance with the legal bases set forth in law. For example, our processing of Personal Information (as described herein) is justified based on the following legal grounds:
- Legitimate Interests. Processing is necessary for our legitimate interests as set out herein (e.g., monitoring your use of ProMach technology and your compliance with the terms and conditions governing the same, compliance with foreign laws).
- Contract Undertaking. Processing is necessary for the performance of a contract to which you are a party (e.g., your employment contract).
- Legal Compliance. Processing is required to comply with a legal or statutory obligation (e.g., tax disclosures).
Complaints. In the event you have concerns about our data processing, you have the right to file a complaint with your data protection authority.
- For data protection authorities in the EU, please see here: https://edpb.europa.eu/about-edpb/about-edpb/members_en.
- For the data protection authority in Switzerland, please contact the Federal Data Protection and Information Commissioner (https://www.edoeb.admin.ch/edoeb/en/home.html).
For the data protection authority in the UK, please contact the Information Commissioner’s Office (www.ico.org.uk). We would, however, appreciate the opportunity to deal with your concerns before you approach a data protection authority with a complaint, and invite you to contact us in the first instance.
THE UNITED STATES
Without limiting any provisions in this Employee Data Privacy Notice, including this Annex C, this Employee Data Privacy Notice, either alone or in conjunction with other ProMach policies and procedures, satisfies ProMach’s legal obligation to draft and/or provide notice with regard to how ProMach collects, uses, safeguards, disposes, or otherwise processes social security numbers or similar data afforded protection under U.S. state law, including Conn. Gen. Stat. Ann. § 42-471; 201 Mass. Code Regs. §§ 17.01 – 17.04; Mich. CL § 445.84; New Mex. SA 1978, §§ 57-12b-1 – 57-12b-4; N.Y. Gen. Bus. Law § 399-ddd; and Tex. Bus. & Com. Code Ann. § 501.0.52.
California. Pursuant to the California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act of 2020 (“CCPA”), California residents are entitled to certain data privacy rights:
- Right to Know (Specific Pieces of Personal Information). You have the right to know the specific pieces of your Personal Information that we have collected about you.
- Right to Know (Categories of Personal Information). You have the right to know (i) the categories of Personal Information we have collected from you; (ii) the categories of sources from which the Personal Information is collected; (iii) the categories of your Personal Information we have sold or disclosed for a business purpose; (iv) the categories of third parties to whom your Personal Information was sold or disclosed for a business purpose; and (v) the business or commercial purpose for collecting or selling your Personal Information.
- Right to Delete. You have the right to request that we delete your Personal Information that we have collected and retain.
- Right to Correct. You have the right to request that we correct inaccurate Personal Information that we have collected and retain.
- Nondiscrimination: The right not to be subject to discrimination for asserting your rights under the CCPA.
Opt Out Rights: Do Not Sell/Share Personal Information. California residents have the right to request that organizations cease “selling” or “sharing” their Personal Information to third parties for profit, monetary or valuable consideration, and under similar circumstances. However, except as otherwise set forth in privacy notices on our external websites available to the general public, ProMach does not “sell” or “share” Personal Information regarding our employees to third parties or regarding any person under sixteen (16) years of age, and therefore we do not provide individuals with the ability to opt out of such activities.
Limit Use of Sensitive Personal Information. California residents have the right to request that organizations limit the use of their sensitive Personal Information in certain circumstances. However, ProMach does not use or disclose sensitive Personal Information regarding our employees for reasons other than those set forth in the CCPA, and therefore we do not provide individuals with the ability to limit how we use or disclose such sensitive Personal Information.
Submit a Privacy Request. To submit a CCPA privacy request, please (i) contact your supervisor or (ii) you may write to us in accordance with the “Contact Information” section listed above in the Notice. If you would prefer, you may designate an authorized agent to submit a CCPA privacy request on your behalf. An authorized agent must be registered with the California Secretary of State to conduct business in California.
Privacy Request Verification Process. If you (or your authorized agent) make any request related to your Personal Information under the CCPA, ProMach will ascertain your identity (and the identity of the authorized agent, to the extent applicable) to the degree of certainty required or permitted under the law before addressing your request. In particular, ProMach will, to the extent required or permitted by law, require you (or your authorized agent) to verify your request via email, request certain contact information or government identifiers, and we will match at least two pieces of such Personal Information with data that we have previously collected from you before granting you access to, erasing, or correcting, specific pieces or categories of Personal Information, or otherwise responding to your request. We may require written documentation that demonstrates a third party is authorized to serve as your agent for the purposes of submitting the requests set forth herein, unless you have provided the authorized agent with power of attorney pursuant to California Probate Code §§ 4121 to 4130. None of the CCPA’s rights are absolute, and such rights are subject to legal and regulatory exceptions and exemptions. For more information about the CCPA, please see https://oag.ca.gov/privacy/ccpa.
Connecticut. For purposes of CT ST § 31-48d, ProMach engages in “electronic monitoring,” and this Employee Data Privacy Notice, and other applicable ProMach policies, serves as notice of the same. The term “electronic monitoring” means the “collection of information on an employer’s premises concerning employees’ activities or communications by any means other than direct observation, including the use of a computer, telephone, wire, radio, camera, electromagnetic, photoelectronic or photo-optical systems, but not including the collection of information for security purposes in common areas of the employer's premises which are held out for use by the public, or which is prohibited under state or federal law.”
Delaware. For purposes of DE ST TI 19 § 705, ProMach monitors or otherwise intercepts the telephone conversations or transmissions, electronic mail or transmissions, or Internet access or usage of its employees and of any party accessing ProMach’s information technology assets, networks, systems, environment, and resources, and the use of the same constitutes consent to the foregoing.
New York. For purposes of NY CIV RTS § 52–c, ProMach employees are hereby notified that any and all telephone conversations or transmissions, electronic mail or transmissions, or Internet access or usage by an employee, by any electronic device or system, including but not limited to the use of a computer, telephone, wire, radio or electromagnetic, photoelectronic or photo-optical systems, that are owned, leased, or operated by ProMach may be subject to interception and monitoring at any and all times and by any lawful means.