In scope. This Policy applies to personal information that we collect and use in order to manage the employment relationship (including emergency contact information) and other personal information related to our administration of benefits to Employees.
Not in scope. This Policy does not address or apply to our collection of personal information that is exempt under applicable law, including where applicable the California Consumer Privacy Act and any successor or replacement regulations (the “CCPA”), such as protected health information (or “PHI”), consumer credit reports and background checks, publicly available data lawfully made available from state or federal government records. This Policy also does not apply to the personal information we collect about contractors, customers or end users of our products and services, which are subject to different notices. To learn more about our privacy practices with respect to personal information collected for purposes unrelated to employment, please refer to our Privacy and Security Policy.
The categories of personal information we collect, and our use of personal information may vary depending upon the circumstances, such as an Employee’s role and responsibilities within Bluevine. The information in this Policy is intended to provide an overall description of our collection and use of personal information about Employees.
CATEGORIES OF PERSONAL INFORMATION COLLECTED
We may collect, or have collected over the past twelve (12) months, the following categories of personal information about Employees:
- Identifiers: such as a real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, social security number, driver’s license number, or other government identifiers.
- Characteristics of protected classifications: such as race, color, sex, sexual orientation, gender identity, age, religion, national origin, disability, citizenship status, military/veteran status, marital status, medical condition, or other characteristics of protected classifications under California or federal law. (Note: generally, this information is collected on a voluntary basis and is used in support of our equal opportunity and diversity and inclusion efforts and reporting obligations, or where otherwise required by law. )
- Internet or other electronic network activity information: such as browsing history, search history, and information regarding interactions with an internet website, application, or advertisement, as well as physical and network access logs and other network activity information related to your use of any Bluevine device, network, or other information resource.
- Geolocation data: location information about a particular individual or device.
- Audio, video and other electronic data: audio, electronic, visual, thermal, olfactory, or similar information, such as CCTV footage, photographs, and call recordings and other audio recording (e.g., recorded meetings and webinars).
- Employment information: professional or employment-related information.
- Education information: information about education history or background that is not publicly available, or personally identifiable information as defined in the federal Family Educational Rights and Privacy Act (20 U.S.C. section 1232g, 34 C.F.R. Part 99).
- Inferences: inferences drawn from other information to create a profile about an individual regarding her or his preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.
- Personal information described in California Civil Code § 1798.80(e): records containing personal information, such as name, signature, photo, contact information, education and employment history, Social Security number and other government identifiers, insurance policy number, financial or payment information, medical information, or health insurance information.
Please note that because of the overlapping nature of certain of the categories of personal information identified above, which are required by state law, some of the personal information we collect may be reasonably classified under multiple categories.
Sensitive personal information. Certain of the personal information that we collect from Employees, as described above, may constitute “sensitive personal information” under California law, including:
- Social Security number and other government identifiers (e.g., as part of the application and verification process);
- Racial or ethnic origin or sexual orientation (e.g., on a voluntary basis to support of our equal opportunity and diversity and inclusion efforts and reporting obligations, or where otherwise required by law), or union membership; and
- Health and disability information (e.g., as necessary to provide reasonable accommodations).
WHO WE DISCLOSE INFORMATION TO
We may disclose this information for business purposes to the following third parties, including, but not limited to:
- advisors and agents
- benefits providers
- regulators, government entities, and law enforcement
- affiliates and subsidiaries
- internet service providers, operating systems, and third party platforms
- other service providers
- others as required by law
SOURCES OF PERSONAL INFORMATION
In general, Bluevine may collect the categories of personal information identified in the table above from the following categories of sources:
- Directly from the individual
- Recruiters and recruiting platforms
- Employee referrals
- Publicly available information and sources
- Former employers
- Our service providers, representatives and agents
- References you provide
We may supplement the information described above with information we obtain from other sources, including from both online and offline data providers.
We retain the personal information we collect only as reasonably necessary for the purposes described below or otherwise disclosed to you at the time of collection. For example, we will retain your application information as necessary to comply with our tax, accounting and recordkeeping obligations, to consider you for additional positions (with your permission, as well as an additional period of time as necessary to protect, defend or establish our rights, defend against potential claims, and comply with our legal obligations.
PURPOSES FOR PROCESSING PERSONAL INFORMATION
Subject to applicable legal restrictions, unless otherwise stated herein or at the point of collection, we generally collect, use and disclose Employee personal information as reasonably necessary for the following purposes:
Compensation and Benefits: relating to our administration of compensation and benefits, including:
- Administering employee payroll, salary and compensation
- Administering employee pensions, IRAs and 401K, health insurance, medical plans, and other employee benefits administration (which may include the collection of personal information about others such as beneficiaries, where necessary to administer such benefits)
- Reviewing, assessing and administering employee salary and compensation increases and bonuses
- Calculating deductions, issuing tax return-related documents and forms to employees
- Reviewing timecards and reported time worked
- Monitoring and managing vacation, holiday, FMLA, sick leave, and other leaves of absences
Management of Employment Relationship: to manage our relationship with Employees, including related to:
- Hiring, terminations, relocation, transfers, promotions and disciplinary actions
- Reviewing performance
- Conducting Employee performance reviews, compensation and bonus reviews, and headcount and salary reviews
- Administering and monitoring compliance with our policies and procedures
- Maintaining records of emergency contact information for use in the event of an emergency
- Administering or performing employment contracts where applicable
- Conducting pre-employment and employment screening
- For professional development and training purposes
- Verification and management of applicable Employee credentials, licensing and other qualifications
- Facilitating employee communication and collaboration, such as through the corporate directory, employee bios and other similar compilations
- In support of our equal opportunity employment policy and diversity and inclusion program
Business Operations and Client Services: relating to the organization and operation of our business and our performance of services to clients, including related to:
- Operating our business by developing, producing, marketing, selling and providing goods and services
- Providing after-sales services to clients
- Auditing and assessing performance of business operations, including client services and associated activities
- Training and quality control
- Satisfying client reporting and auditing obligations
- Facilitating business development opportunities, as relevant
- Facilitating communications in furtherance of the foregoing
Security and monitoring: to monitor and secure our resources, network, premises and assets, including:
- monitoring for, preventing and investigating suspected or alleged misconduct or violations of work rules
- monitoring for, preventing investigating and responding to security and privacy incidents
- providing and managing access to physical and technical access controls
- monitoring activities, access and use to ensure the security and functioning of our systems and assets
- securing our offices, premises and physical assets, including through the use of electronic access systems and video monitoring
- conducting appropriate screenings of individuals prior to entering or accessing certain locations or premises
Auditing, accounting and corporate governance: relating to financial, tax and accounting audits, and audits and assessments of our business operations, security controls, financial controls, or compliance with legal obligations, and for other internal business purposes such as administration of our records retention program.
M&A and other business transactions: for planning, due diligence and implementation of commercial transactions, for example mergers, acquisitions, asset sales or transfers, bankruptcy or reorganization or other similar business transactions.
Defending and protecting rights: to protect and defend our rights and interests and those of third parties, including to manage and respond to employee and other legal disputes, to respond to legal claims or disputes, and to otherwise establish, defend or protect our rights or interests, or the rights, interests, health or safety of others, including in the context of anticipated or actual litigation with third parties.
Complying with legal obligations: relating to compliance with applicable legal obligations (such as hiring eligibility, responding to subpoenas and court orders) as well as assessments, reviews and reporting relating to such legal obligations, including under employment and labor laws and regulations, Social Security and tax laws, environmental regulations, workplace safety laws and regulations, and other applicable laws, regulations, opinions and guidance.
Sensitive personal information. Our collection, use and disclosure of sensitive information is generally limited what is reasonable and proportionate for the following purposes: (a) to comply with our legal, regulatory and reporting obligations; (b) to provide services requested by you, to respond to your requests, to make reasonable accommodations where necessary, to verify the information you provide to us, for benefits administration, and where otherwise necessary to manage and administer your employment relationship; (c) in support of our equal opportunity and diversity and inclusion efforts (on a voluntary basis); (d) where necessary to protect the health and safety of an individual; and (e) to prevent, protect and take action against malicious, deceptive, fraudulent, or illegal actions, and security incidents. We do not use or disclose your sensitive personal information for any other purpose except as described herein or otherwise permitted by California law.
Sales and sharing. We do not ‘sell’ or ‘share’ Employee personal information (including those that we know to be minors).
YOUR CCPA RIGHTS
Employees who are residents of California generally have the following rights under the CCPA with respect to their personal information processed by us, subject to certain limitations and exceptions:
Right to delete. You have the right to request deletion of your personal information that we have collected about you and to have such personal information deleted (without charge), subject to certain exceptions.
Right to know (access). You have the right, with respect to the personal information we have collected about you, to require that we disclose the following to you (in a portable format to the extent practicable):
- categories of personal information collected
- categories of sources of personal information
- categories of personal information about you we have disclosed for a business purpose, sold or shared
- categories of third parties to whom we have sold, shared or disclosed for a business purpose your personal information
- the business or commercial purposes for collecting, selling or sharing personal information
- a copy of the specific pieces of personal information we have collected about you.
Right to correct. You have the right to request that inaccurate personal information we have collected about you be corrected.
Right to limit use and disclosure. You have the right to limit the use or disclosure of your sensitive personal information to only the uses necessary for us to provide employment-related services to you, though Bluevine does not currently use your sensitive personal information for any uses other than those that are necessary for us to provide employment-related services to you.
Right to non-discrimination. You have the right not to be subject to discriminatory treatment by us for exercising your rights under the CCPA, as described above.
Submitting CCPA Requests. Employees may exercise their California privacy rights as set forth below by submitting a privacy request by email at email@example.com. We will take steps to verify your request by (i) sending you an email confirmation link which you must click to confirm your request; and (ii) matching the information provided by you with the information we have in our records, which will include, at a minimum, your first name, last name, and email address. You must provide us with this information if you submit your request via email for us to verify your request. In some cases, we may request additional information in order to verify your request or where necessary to process your request. If we are unable to adequately verify a request, we will notify the requestor. Authorized agents may initiate a request on behalf of another individual through one of the above methods; authorized agents will be required to provide proof of their authorization and we may also require that the relevant consumer directly verify their identity and the authority of the authorized agent.
If you have any questions or concerns regarding our use of personal information as described in this Policy, please contact us at firstname.lastname@example.org.