What is the purpose of this document?
For the purposes of this Policy, “Personal Information” means any information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, to any individual or a household.
This Policy Describes:
- Personal Information We Collect
- How We Collect Your Personal Information
- How We Use Your Personal Information
- How We Disclose Personal Information
- California Privacy Rights
- Changes to the Policy
- Questions About This Policy
Personal Information Collected
AFP collects Personal Information about you during the application process and throughout the scope of your employment with AFP. The categories of Personal Information collected may include the following:
- Identifiers, such as your name, employee/staff ID, address, email address, phone number, date of birth, Social Security number or equivalent national identification number, driver’s license, California state identification card, passport number, or other government issued identification card.
- Characteristics of protected classifications under California or federal law, such as your race, age, gender, national origin, self-identification of disability, request for leave for family care, health condition, pregnancy, veteran status, and marital status.
- Family Information, such as the name, relationship, date of birth, contact details, and social security numbers of your family members that may be needed for the administration of benefits, and any other information and to identify who to contact in the case of an emergency.
- Information about your job, such as job title, category and status, seniority date, work location, department, supervisor’s name, start and end date, and reason for leaving.
- Education information, such as your education and training background.
- Professional or employment related information and documents, such as prior work experience and any other information that may be included in your resume or job application, references, training, and confidentiality agreements.
- Internet and other electronic network activity information, such as information technology systems usage information related to your use of our equipment, systems, and other resources.
- Communication details, such as email content, business letter content, business documents, and chat content.
- Performance and disciplinary information, such as performance reviews, information about disciplinary allegations, the disciplinary process and any disciplinary warnings, details of grievances, and any outcome.
- Information about your compensation and benefits, such as your basic salary, bonus, insurance benefits (including information about you and your dependents that we provide to the insurer), hours and overtime, tax code, taxes withheld, holiday entitlement, sick time, accrued salary information, and information relating to your retirement and pension accounts.
- Financial information, such as your bank details (for payroll and travel reimbursement purposes only) and business travel and entertainment data.
- Health information, as required by law or as needed to manage the employment relationship, including benefits administration, disability accommodation, workers’ compensation, and medical leave.
- Results of background checks and screenings: such as criminal record checks, financial checks, work history and reference checks.
- Union membership status, as required by law to ensure benefits, terms of employment, and employment policies comply with the Union’s requirements.
- Termination and post-employment information, such as unemployment compensation information.
Sensitive Personal Information
We collect Personal Information that is defined as “Sensitive Personal Information” under California law, including driver’s license, state identification card, passport, or other government issued identification card, social security numbers, race or ethnic origin, health information, and union membership. We use and disclose Sensitive Personal Information only as necessary: (i) to process your request for employment, (ii) provide services and benefits in connection with your employment, (iii) to comply with the law, and (iv) for business purposes reasonably expected within the scope of your employment.
For each of these categories of Personal Information, we will retain the information as long as is reasonably necessary to fulfill the purpose for which it was collected and to comply with applicable laws and regulations. We consider the following criteria when determining how long to retain Personal Information: why we collected the Personal Information, the nature of the Personal Information, the sensitivity of the Personal Information, our legal obligations related to the Personal Information, and the risks associated with retaining the Personal Information.
How We Collect Your Personal Information
We may collect your Personal Information from a variety of sources and methods. This includes:
Information You Voluntarily Provide to Us
We may collect Personal Information from you that you voluntarily provide to us as an applicant and during the scope of your employment.
Information We Collect When You Use Our Systems
We collect Personal Information when you use our systems, including computer systems, security systems, time keeping systems, and any internal intranet or online platforms.
Information We Collect When You Use Our Website
Automated technologies or interactions. If you applied for a position through one of our websites, we receive and store internet protocol (IP) addresses, browser type, internet service provider (ISP), referring/exit pages, operating system, date/time stamp, and/or clickstream data. When you access and use our website from your mobile devices, we receive data from that mobile device. This may include your device ID, location data, IP address and device type. You may manage how your mobile device and mobile browser share location information with us, as well as how your mobile browser handles cookies and related technologies by adjusting your mobile device privacy and security settings. Please refer to instructions provided by your mobile service provider or the manufacturer of your device to learn how to adjust your settings.
Your ‘Do Not Track’ Browser Setting. Some web browsers incorporate a “Do Not Track” feature (DNT) that signals to the websites that you visit that you do not want to have your online activity tracked. For more information about DNT signals, please visit http://allaboutdnt.com. Our website does not currently respond to web browser DNT signals. Other third-party websites may keep track of your browsing activities when they provide you with content, which enables them to customize what they present to you on their websites.
Information We Collect From Third Parties
Service Providers. We collect Personal Information from service providers including where we operate accounts on third-party platforms, such as recruiters, job boards, employee benefit and insurance providers, training platforms, time keeping and payroll providers, communications and video conference providers, and other software and technology providers.
Google Analytics. We use Google Analytics to assist us in better understanding our website visitors. Google Analytics uses a first party cookie, identifiers for mobile devices, or similar technology to collect usage data. Based on this information, Google Analytics compiles data about website traffic and interactions, which we use to offer better user experiences, perform analytics, and analyze traffic. You can learn more about how Google Analytics collects and uses information from our website at: www.google.com/policies/privacy/partners/.
How We Use Your Personal Information
AFP uses Personal Information, for all purposes related to the application for employment, and the creation, administration, and termination of your employment relationship with the AFP and for all purposes related to our ongoing business operations. These purposes include, but are not limited to, the following:
- Making a decision about your recruitment or appointment.
- To assess your skills, qualifications, and suitability for the work or role for which you are applying.
- To carry out background and reference checks, where applicable.
- To communicate with you about the recruitment process.
- Determining the terms on which you work for us.
- Confirming you are legally entitled to work in the United States.
- To administer compensation, including, but not limited to, time keeping, payment of wages and bonuses and income tax withholding and reimbursement of business expenses.
- Providing employment benefits to you if applicable, for example, medical insurance, life insurance, and retirement savings plans.
- Business management and planning, including accounting and auditing.
- Conducting performance reviews, managing performance and determining performance requirements.
- Making decisions about salary reviews and compensation.
- Assessing qualifications for a particular job or task, including decisions about promotions.
- Gathering evidence for possible grievance or disciplinary hearings.
- Making decisions about your continued employment or engagement.
- Making arrangements for the termination of our working relationship.
- Education, training and development requirements.
- Dealing with legal disputes involving you, or other employees, workers and contractors, including accidents at work.
- Ascertaining your ability to perform the essential functions of your position with or without reasonable accommodation.
- To administer leaves of absence as required by law or company policy.
- Complying with health and safety obligations.
- To prevent fraud.
- To monitor your use of our information and communication systems to ensure compliance with our policies.
- To ensure network, information, and building security, including preventing unauthorised access to our computer and electronic communications systems and preventing malicious software distribution.
- To conduct data analytics studies to review and better understand employee retention and attrition rates.
- Equal opportunities monitoring.
- To exercise the AFP’s rights under applicable law and to support any claim, defense, or declaration in a case or before a jurisdictional and/or administrative authority, arbitration, or mediation panel.
- To meet legal and regulatory requirements including civil discovery in litigation involving the AFP or affiliated companies.
- To facilitate administrative functions, including, but not limited to, the management and operation of information technology and communications systems, risk management and insurance functions, budgeting, financial management and reporting, strategic planning, and the maintenance of licenses, permits and authorizations applicable to the AFP’s business operations.
How We Disclose Personal Information
Personal Information We Disclose for a Business Purpose
Service Providers. We may use third-party service providers to perform certain business services on behalf of us or the Services and may disclose Personal Information to such service providers as needed for them to perform these business services. Service providers are only allowed to use, disclose or retain the Personal Information to provide these services and are prohibited from selling Personal Information. Business services provided include, but are not limited to, recruiters, workforce management platform providers, background check and employee eligibility providers, payroll providers, employee benefit and insurance providers, communications and video conference providers, and other software and technology providers.
Internal Third Parties. We may disclose Personal Information to our parent company, subsidiaries and other related companies owned by or controlled by or under common ownership with AFP, who may use the Personal Information for the purposes described above.
Categories of Personal Information that have been disclosed for a business purpose in the past twelve months to service providers and internal third parties include:
- Characteristics of protected classifications under California or federal law
- Family Information
- Information about your job
- Education information
- Professional or employment related information and documents
- Internet and other electronic network activity information
- Communication details
- Performance and disciplinary information
- Information about your compensation and benefits
- Financial information
- Health information
- Results of background checks and screenings
- Union membership status
- Termination and post-employment information
Personal Information Sold or Shared. We have not sold any Personal Information in the past twelve months. We have shared Personal Information in the past twelve months with advertising providers who were allowed to place tracking cookies on our websites who may use this information to serve ads to you about as you browse the Internet. “Sharing” is defined under California privacy law as “renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, in writing, or by electronic or other means, a consumer’s Personal Information by the business to a third party for cross-context behavioral advertising, whether or not for monetary or other valuable consideration, including transactions between a business and a third party for cross-context behavioral advertising for the benefit of a business in which no money is exchanged.” This sharing means that these third-party advertising providers use their own cookies or tags to track your online activities and purchases in order to deliver targeted advertising based on your interests. You can opt out of sharing through the Do Not Share My Personal Information link. Additionally, if your browser supports it, you can turn on the Global Privacy Control (GPC) to opt-out of the “sharing” of your Personal Information. Learn more at the Global Privacy Control website. We do not have any actual knowledge of selling or sharing Personal Information of minors under 16 years of age.
Business Transactions. We may do business with third parties to whom we may choose to sell, transfer, or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your Personal Information in the same way as set out in this Policy.
Legal Process. Subject to applicable law, we may disclose information about you (i) if we are required to do so by law, regulation or legal process, such as a subpoena; (ii) in response to requests by government entities, such as law enforcement authorities; (iii) when we believe disclosure is necessary or appropriate to prevent physical, financial or other harm, injury or loss; or (iv) in connection with an investigation of suspected or actual unlawful activity.
California Privacy Rights
The California Consumer Privacy Act as amended (“CCPA”) provides California residents with specific rights regarding their Personal Information. This section describes your CCPA rights and explains how to exercise those rights.
Right to Know: You have the right to know what Personal Information we have collected about you in the immediately preceding 12-month period, including the categories of personal information, the categories of sources from which the Personal Information is collected, the business or commercial purpose for collecting, selling, or sharing Personal Information, the categories of third parties to whom we have disclosed Personal Information, and the specific pieces of Personal Information we have collected. You may exercise this right no more than twice in any 12-month period.
Right to Delete: You have the right to request that we delete Personal Information that we collected from you and retained, subject to certain exceptions.
Right to Correct: You have the right to correct inaccurate personal information that we maintain about you.
Right to Opt-Out of the Sale/Sharing: You have the right to opt-out of the sale or sharing of their personal information by the business. We do not sell your Personal Information.
Right to Limit the Use or Disclosure of Sensitive Personal Information: You have the right to request that we limit the use and disclosure of sensitive personal information to specific business purposes approved by the CCPA. Our use of Sensitive Personal Information is already limited to the approved business purposes identified above.
Right to Non-Discrimination: Unless permitted by applicable law, we will not discriminate against you for exercising any of your privacy rights under CCPA or applicable law, including by, but not limited to:
- Denying you goods or services;
- Charging you different prices or rates for goods or services, including through the use of discounts or other benefits or imposing penalties;
- Providing you a different level of quality of goods or services; or
- Suggesting that you will receive a different price or rate for goods or services or a different level of quality of goods or services.
Exercising Your Rights
Requests can be submitted by calling our toll-free number +1 800 322 2743, by clicking here, or by contacting the HR Director if you are a current employee. You can also opt out of sharing (having Personal Information transmitted through third-party cookies and pixels) by clicking on the Do Not Share My Personal Information link. Additionally, if your browser supports it, you can turn on the Global Privacy Control (GPC) to opt-out of the “sharing” of your Personal Information. You can learn more about the GPC and how to enable it in your browser from the Global Privacy Control website.
Only you, or a person that you authorize to act on your behalf, may make a verifiable consumer request related to your Personal Information.
Authorizing an Agent to Act on Your Behalf
Except where you have provided an agent with a Power of Attorney pursuant to Sections 4000 – 4465 of the California Probate Code, when using an authorized agent you must: (1) provide the agent with signed written permission clearly describing their authority to make a request on your behalf; (ii) verify your own identity; and (iii) directly confirm that you have provided the authorized agent permission to submit the request. We may deny a request from an authorized agent if the agent does not provide us with the signed written permission demonstrating that they have been authorized to act on your behalf.
Verifying Your Request
The verifiable consumer request initiated by you or your authorized agent must:
- Include your full legal name, and email, which we will need to contact you in order to verify that you are the person about whom we collected Personal Information or an authorized representative.
- Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.
We cannot respond to your request or provide you with Personal Information if we cannot verify your identity or authority to make the request and confirm the Personal Information relates to you. Making a verifiable request does not require you to create an account with us. One of our representatives will contact you in order to verify your identity. You may need to provide additional information in order to verify your request. Depending on the nature of the request, we may require additional verification actions be taken, including but not limited to providing a signed declaration under penalty of perjury that you are the person whose Personal Information is the subject of the request. We will only use this information to verify the requestor’s identity or authority to make the request.
These rights are not absolute and are subject to certain exceptions. For example, we cannot disclose or permit access to specific pieces of Personal Information if granting your request would present a certain level of risk to the security of the Personal Information at issue, your account with us, or the security of the website.
We may deny your deletion request if retaining the information is necessary for us or our service providers and/or contractors to:
- Engage in employment related activities and take actions reasonably anticipated within the context of our employment relationship with you.
- Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.
- Exercise a right provided for by law.
- Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 seq.).
- Enable solely internal uses that are reasonably aligned with expectations based on your employment relationship with us.
- Comply with a legal obligation.
- Make other internal and lawful uses of that information that are compatible with the context in which you provided it.
Response Timing and Format
We endeavor to respond to a verifiable request within forty-five (45) days of its receipt. If we require more time (up to 90 days), we will inform you of the reason and extension period in writing. We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.
Changes to the Policy
We may modify or update this Policy from time to time. We encourage you to revisit this page often to remain fully informed of our Policy or you can contact us at any time to obtain the latest copy of this Policy.
Questions About This Policy
If you have any questions or concerns about this Policy, please contact Judy Scott at email@example.com or the then current Senior HR Manager.
Effective: January 1, 2024
Last Reviewed: January 1, 2024