California Personnel Privacy Notice (“Notice”)

Effective Date: January 1, 2023

This Notice describes how Hybrid Promotions, LLC (“Company,” “we,” “us,” or “our”) processes personal information (“PI”) of Personnel (defined below) in various human resources (“HR”) contexts. This Notice is designed to meet obligations under the California Consumer Privacy Act, as amended by the California Privacy Rights Act (together, the “CCPA”).  In the event of a conflict between any other Company policy, statement, or notice and this Notice, this Notice will prevail as to California Personnel, unless stated otherwise. Capitalized terms used but not defined in this Notice shall have the meanings given to them under the CCPA.

Applicability: This Notice applies to the following California residents who provided us with PI in HR contexts:

  • Job applicants who have applied for a position with Company.
  • Current/former employees of Company.
  • Independent contractors of Company.
  • Temporary workers

This Notice also applies to California residents whose family member or friend has provided PI about you to Company in an HR context, such as if:

  • You are listed as an emergency contact for a Company employee or former employee.
  • You are a beneficiary or dependent of a Company employee or former employee.

The individuals referred to in the foregoing bullet points are collectively referred to as “Personnel” throughout this Notice.  Section 1 of this Notice provides notice of our data practices, including our collection, use, retention, and disclosure of Personnel PI.  Sections 2-4 of this Notice provide information regarding California Personnel rights under the CCPA and how you may exercise them.

 

Non-Applicability:  This Notice does not apply to our consumer facing website(s) or our other data practices outside of the human resources context (including where Company acts as a service provider / processor to business customers), which are addressed in our general privacy notice available here.

  1. Notice of Data Practices

The description of our data practices in this Notice covers the twelve (12) months prior to the Effective Date and will be updated at least annually. Our data practices may differ between updates, however, if materially different from this Notice, we will provide supplemental pre-collection notice of the current practices, which may include references to other privacy policies, notices, or statements. Otherwise, this Notice serves as our notice at collection.

  • PI Sources and Use

We may collect your PI directly from you, such as when you apply for a position or become employed or engaged by us (e.g., identification/identity data, contact details, educational and employment data), others through interactions in the course of employment or engagement, third parties (e.g., background check vendors and references) or public sources of data.

Generally we use Personnel PI for HR Business Purposes and as otherwise related to the operation of our business, including for: Performing Services; Security; Debugging; Quality Assurance; and Processing Interactions and Transactions;. For example, we use Personnel PI for the following purposes:

  • Recruitment
  • Running background checks
  • Employee intake/ onboarding/ off-boarding
  • Maintaining personnel records
  • Payroll, reimbursements, and timekeeping
  • Processing leaves of absence
  • Processing workers’ compensation claims
  • Booking employee travel
  • Benefits administration
  • Employee activation initiatives and communications
  • Facilitating diversity and inclusion programs
  • Administering training and education programs
  • HR IT systems and security
  • Employee and performance management
  • Health & safety/occupational health
  • Security (including electronic and of premises)

We may also use PI for “Additional Business Purposes” in a context that is not a Sale or Share under the CCPA, such as:

  • Disclosing it to our Service Providers, Contractors, or Processors that perform services for us (“Vendors”);
  • Disclosing it to you or to other parties at your direction or through your action (e.g., payroll processors, benefits providers, third-party administrators, and brokers, and some software platform operators etc.);
  • For the additional purposes explained at the time of collection (such as in the applicable privacy policy or notice);
  • As required or permitted by applicable law;
  • To the government or private parties to comply with law or legal process or protect or enforce legal rights or obligations or prevent harm;
  • Where we believe we need to in order to investigate, prevent or take action if we think someone might be using information for illegal activities, fraud, or in ways that may threaten someone’s safety or violate our policies or legal obligations; and
  • To assignees as part of an acquisition, merger, asset sale, or other transaction where another party assumes control over all or part of our business (“Corporate Transaction”).

Subject to restrictions and obligations under the CCPA, our Vendors may also use your PI for Business Purposes and Additional Business Purposes, and may engage their own vendors to enable them to perform services for us.

  • PI Collection, Disclosure, and Retention - By Category of PI

We collect, disclose, and retain PI as follows:

Category of PI

Examples of PI Collected and Retained

Categories of Recipients

1.     Identifiers

Real name, alias, postal address, unique personal identifiers, online identifier, Internet Protocol address, e-mail address, and account name.

Disclosures for Business Purposes:

·       General IT, software, and other business Vendors;

·       HR system and software Vendors

·       Non-software HR vendors, such as background check and drug/alcohol screening Vendors;

·       Payroll and benefits Vendors and providers

·       Insurance providers and brokers;

·       Other members of our corporate group;

·       Governmental entities (for example, in relation to our obligations to determine employment eligibility and responding to requests pursuant to legal or regulatory process); and/or

·       Other parties (e.g., litigants) within the limits of Additional Business Purposes.

Sale/Share: None

2.     Personal Records

Name, signature, description, address, telephone number, and financial information (e.g., financial account number). Some PI included in this category may overlap with other categories.

Disclosures for Business Purposes:

·       General IT, software, and other business Vendors;

·       HR system and software Vendors;

·       Non-software HR Vendors, such as background check and drug/alcohol screening Vendors

·       Payroll and benefits vendors and providers;

·       Insurance providers and brokers;

·       Other members of our corporate group;

·       Governmental entities (for example, in relation to our obligations to determine employment eligibility and responding to requests pursuant to legal or regulatory process); and/or

·       Other parties (e.g., litigants) within the limits of Additional Business Purposes.

Sale/Share: None

3.     Personal Characteristics or Traits

In some circumstances, we may collect PI that is considered protected under U.S. law, such as age, gender, nationality, race, or information related to medical conditions.

Disclosures for Business Purposes:

·       General IT, software, and other business Vendors;

·       HR system and software Vendors;

·       Non-software HR Vendors, such as background check and drug/alcohol screening Vendors

·       Payroll and benefits vendors and providers;

·       Insurance providers and brokers;

·       Other members of our corporate group;

·       Governmental entities (for example, in relation to our obligations to determine employment eligibility and responding to requests pursuant to legal or regulatory process); and/or

·       Other parties (e.g., litigants) within the limits of Additional Business Purposes.

Sale/Share: None

4.     Commercial Information

Records of products or services purchased or obtained in the HR context, such as benefits you have signed up for.

Disclosures for Business Purposes:

·       Insurance brokers;

·       Benefits providers;

·       Other members of our corporate group; and/or

·       Other parties (e.g., litigants) within the limits of Additional Business Purposes.

Sale/Share: None

5.     Internet Usage Information

When you use our online systems or otherwise interact with us online, we may collect browsing history, search history, and other information regarding your interaction with our systems or other sites, applications, or content.

Disclosures for Business Purposes:

·       General IT, software, and other business Vendors

·       HR system and software Vendors

·       Other members of our corporate group

·       Governmental entities (for example, responding to requests pursuant to legal or regulatory process); and/or

·       Other parties (e.g., litigants) within the limits of Additional Business Purposes.

Sale/Share: None

6.     Geolocation Data

If you use our systems or interact with us online we may gain access to the approximate location of the device or equipment you are using, or the location from which you are accessing our systems.

Disclosures for Business Purposes:

·       General IT, software, and other business Vendors;

·       HR system and software Vendors;

·       Other members of our corporate group;

·       Governmental entities (for example, to respond to requests pursuant to legal or regulatory process); and/or

·       Other parties (e.g., litigants) within the limits of Additional Business Purposes.

Sale/Share: None

7.     Sensory Data

We may collect audio, visual, electronic, or similar information via CCTV at our locations or contact us through our HR call-in line and via our video security recordings.

Disclosures for Business Purposes:

·       General IT, software, and other business Vendors;

·       HR system and software Vendors;

·       Other members of our corporate group;

·       Governmental entities (for example, to respond to requests pursuant to legal or regulatory process); and/or

·       Other parties (e.g., litigants) within the limits of Additional Business Purposes.

Sale/Share: None

8.     Professional or Employment Information

Professional, educational, or employment-related information.

Disclosures for Business Purposes:

·       General IT, software, and other business Vendors;

·       HR system and software Vendors;

·       Payroll and benefits Vendors and providers

·       Insurance providers and brokers;

·       Other members of our corporate group;

·       Governmental entities (for example, to respond to requests pursuant to legal or regulatory process); and/or

·       Other parties (e.g., litigants) within the limits of Additional Business Purposes.

Sale/Share: None

9.     Inferences from PI Collected

We may draw inferences from other information we collect about you.

Disclosures for Business Purposes:

·       General IT, software, and other business vendors;

·       Other members of our corporate group;

·       Governmental entities (for example, to respond to requests pursuant to legal or regulatory process); and/or

·       Other parties (e.g., litigants) within the limits of Additional Business Purposes.

Sale/Share: None

10.  Sensitive PI

Government Issued ID Numbers (social security, driver’s license, state ID card, or passport number)

Disclosures for Business Purposes:

·       General IT, software, and other business Vendors

·       Other members of our corporate group; and/or

·       Other parties (e.g., litigants) within the limits of Additional Business Purposes.

Sale/Share: None

Account Log-In (e.g., username and password to online account with Company)

Disclosures for Business Purposes:

·       General IT, software, and other business Vendors

·       Other members of our corporate group; and/or

·       Other parties (e.g., litigants) within the limits of Additional Business Purposes.

Sale/Share: None

Personal Characteristics (racial or ethnic origin)

Disclosures for Business Purposes:

·       General IT, software, and other business Vendors;

·       Other members of our corporate group; and/or

·       Other parties (e.g., litigants) within the limits of Additional Business Purposes.

Sale/Share: None

Communication Content (contents of mail, email, and text messages, other than where Company is the intended recipient of the communication)

Disclosures for Business Purposes:

·       General IT, software, and other business Vendors

·       Other members of our corporate group; and/or

·       Other parties (e.g., litigants) within the limits of Additional Business Purposes.

Sale/Share: None

Biometric Information (the processing of biometric info for the purpose of uniquely identifying an individual)

Disclosures for Business Purposes:

·       General IT, software, and other business Vendors;

·       Payroll processor;

·       Other members of our corporate group; and/or

·       Other parties (e.g., litigants) within the limits of Additional Business Purposes.

Sale/Share: None

Health Information (PI collected and analyzed concerning an individual’s health)

Disclosures for Business Purposes:

·       General IT, software, and other business Vendors;

·       Other members of our corporate group; and/or

·       Other parties (e.g., litigants) within the limits of Additional Business Purposes.

Sale/Share: None

Sex Life/ Sexual Orientation (PI collected and analyzed concerning an individual’s sex life or sexual orientation)

Disclosures for Business Purposes:

·       General IT, software, and other business vendors;

·       Benefits providers;

·       Other members of our corporate group; and/or

·       Other parties (e.g., litigants) within the limits of Additional Business Purposes.

Sale/Share: None

There may be additional information we collect that meets the definition of PI under the CCPA but is not reflected by a category above, in which case we will treat it as PI as required, but will not include it when we describe our practices by PI category. Because there are numerous types of PI in each category, and various uses for each PI type, actual retention periods vary. We retain specific PI pieces based on how long we have a legitimate purpose for the retention.

  1. Your Rights and How to Exercise Them

California Personnel have the same rights to know/access, delete, correct, limit, and opt-out as traditional Consumers and may learn more about these rights and how to exercise them in Section 10B. of our 2023 Privacy Notice Here  at https://hybridapparel.com/privacy-policy.

Right to Limit Use and Disclosure of Sensitive PI

We only Process Sensitive PI for purposes that are exempt from Consumer choice under U.S. Privacy Laws.

  1. Non-Discrimination / No Retaliation

We will not discriminate or retaliate against you in a manner prohibited by the CCPA for your exercise of your privacy rights.

  1. Our Rights and the Rights of Others

Notwithstanding anything to the contrary, we may collect, use, and disclose your PI as required or permitted by applicable law and this may override your rights under the CCPA. In addition, we are not required to honor your requests to the extent that doing so would infringe upon our or another person’s or party’s rights or conflict with applicable law.

  1. Contact Us

If you have any questions, comments, or concerns about our HR privacy practices, please contact us by e-mail at HRPrivacy@hybridapparel.com or call us at 866-737-2515. Please note that e-mail communications will not necessarily be secure; accordingly, you should not include sensitive information in your e-mail correspondence with us.