PRIVACY NOTICE AT COLLECTION TO CALIFORNIA EMPLOYEES
GDH Consulting, Inc. and/or any affiliated entities (collectively, the “Company” or “we”) provide this California Privacy Notice (“Notice”) to describe our privacy practices with respect to our collection of Personal Information as required under the California Consumer Privacy Act (“CCPA”) as amended by the California Privacy Rights Act (“CPRA”). This Notice applies only to employees who are residents of the State of California (“Consumers”) and from whom we collect “Personal Information” as defined in the CCPA/CPRA. We provide you this Notice because under the CCPA/CPRA, California residents who are employees qualify as Consumers. For purposes of this Notice, when we refer to Consumers, we mean you only to the extent you are an employee of the Company who has employees in California.
- Information We Collect from/or About Employees
We may collect Personal Information from or about you in a variety of different situations and using a variety of different methods, including, but not limited to, on our website, your mobile device, through email, in physical locations, through written applications, through the mail, and/or over the telephone. Generally, we may at various times throughout your employment with the Company collect, receive, maintain, and use the following categories of Personal Information for any of the purposes listed below in this Notice and to the extent permitted under applicable law:
| Category | Examples | Retention Period |
| Personal Identifiers | Name, alias, social security number, date of birth, driver’s license or state identification card number, passport number. | Duration of our relationship with you plus 4 years |
| Contact Information | Home, postal or mailing address, email address, home phone number, cell phone number. | Duration of our relationship with you plus 4 years |
| Account Information | Username and password for Company accounts and systems, and any required security or access code, password, security questions, or credentials allowing access to your Company accounts. | Username: permanent; Password or security code: while in use + 1 year |
| Protected Classifications | Race, ethnicity, national origin, sex, gender, sexual orientation, gender identity, religious or philosophical beliefs, age, disability, medical or mental condition, military status, familial status, union membership. | Duration of our relationship with you plus 4 years |
| Physical Characteristics or Description | Information on your Driver’s License (such as eye color, hair color, height, weight), as well as information collected to the extent relevant for workplace investigations or for enforcement of Company policies on appearance and grooming (such as tattoos, piercings). | Duration of employment plus 6 years |
| Biometric Data | Fingerprints, retina scans, facial recognition, handprint. | While in use for identity verification, plus 1 year |
| Financial Information | Information collected including bank account number for direct deposit, account payments, or other financial information. | 4 years; if related to payroll records, payment and other earning history 10 years from date of record |
| Pre-Hire Information | Information gathered as part of background screening and reference checks, pre-hire drug test results, information recorded in job interview notes by persons conducting job interviews for the Company, information contained in candidate evaluation records and assessments, information in work product samples you provided, and voluntary disclosures by you. | If hired, this data will be retained for duration of employment plus 6 years. If not hired, it will be retained for 4 years from when position is filled or the date we receive your information, whichever is longer. |
| Employment History | Information contained in your resume regarding prior job experience, positions held, and when permitted by applicable law your salary history or expectations. | If hired, this data will be retained for duration of employment plus 6 years. If not hired, it will be retained for 4 years from when position is filled or the date we receive your information, whichever is longer. |
| Education Information | Information from resumes regarding educational history, information in transcripts or records of degrees, vocational certifications obtained, and information | If hired, this data will be retained for duration of employment plus 6 years. If not hired, it will be retained for 4 years from when position is filled or the date we receive your information, whichever is longer. |
| Professional or Employment Related Information | Information contained in your personnel file and in other employment documents and records, including information contained in the following types of records: new hire or onboarding records, I-9 forms, tax forms, time and attendance records, non-medical leave of absence records, workplace injury records, safety records, performance evaluations and records, disciplinary records, investigatory records, training records, licensing and certification records, compensation and health benefits records, COBRA notifications, business expense records, and payroll records. | Duration of our relationship with you plus 6 years; if related to payroll records, payment and other earning history information 10 years from date of record; benefits records including COBRA effective period + 6 years; workers compensation 18 years from date of record. |
| Travel Information | Information regarding business travel, vacation, and personal travel plans, and for infectious disease contact tracing purposes the locations travelled to within the applicable infectious period prior to coming to the workplace and the dates spent in those locations. | Duration of employment + 6 years; medical information related to benefits effective period + 6 years |
| Family Information | Contact information for family members listed as emergency contacts, contact information for dependents and other dependent information, medical and health information for family members related to COVID-19 symptoms, exposure, diagnosis, testing, as well as information related to their travel and whom they have been in close contact with during the applicable COVID-19 infectious period. | Medical information related to COVID is end of the calendar year + 5 years; Duration of employment + 6 years; medical information related to benefits effective period + 6 years |
| Information of Friends, Co-workers, and Other Associates with Whom You Have Been in Close Contact within the COVID-19 infectious period per applicable guidelines | Medical and health information provided to the Company for an employee’s friends, co-workers, and other associates related to COVID-19 symptoms, exposure, diagnosis, testing, or vaccination, as well as information related to their travel and whom they have been in close contact with during the applicable COVID-19 infectious period. | Medical information related to COVID is end of the calendar year + 5 years; Duration of employment + 6 years; medical information related to benefits effective period + 6 years |
| Medical and Health Information | Medical and health information provided to the Company for an employee’s friends, co-workers, and other associates related to COVID-19 symptoms, exposure, diagnosis, testing, or vaccination, as well as information related to their travel and whom they have been in close contact with during the applicable COVID-19 infectious period. | Medical information related to COVID is end of the calendar year + 5 years; Duration of employment + 6 years; medical information related to benefits effective period + 6 years |
| Internet Network and Computer Activity | Date and time of your visit to this website; webpages visited; links clicked on the website; browser ID; browser type; device ID; operating system; form information downloaded; domain name from which our site was accessed; search history; and cookies; internet or other electronic network activity information related to usage of Company networks, servers, intranet, or shared drives, including system and file access logs, security clearance level, browsing history, search history, and usage history. | Duration of our relationship with you plus 6 years |
| Mobile Device Security Information | Information collected when you navigate, access or use any of our websites via mobile device, including device type, software type; data identifying your device if you access our business networks and systems, including cell phone make, model, and serial number, cell phone number, and cell phone provider. | Duration of our relationship with you plus 6 years |
| Online Portal and Mobile App Access and Usage Information | Username and password, account history, usage history, file access logs, and security clearance level. | Duration of our relationship with you plus 6 years |
| Geolocation Data | IP address and/or GPS location (latitude & longitude) recorded on Company-issued computers, electronic devices, and vehicles, as well as timekeeping applications on cell phones that employees use to clock in and out and that log the geographic location at which each time entry was made. | Duration of our relationship with you plus 6 years |
| Visual, Audio or Video Recordings | Your image when recorded or captured in surveillance camera footage or pictures of you taken on our premises or at our events or that you share with us, or in pictures or video of employees posted on social media to which the Company or its managers have access or that are submitted to the Company by another employee or third party. | Surveillance video – 90 days; duration of our relationship with you plus 6 years |
| Family and Systems Access Information | Information identifying you, if you accessed our secure company facilities, systems, networks, computers, and equipment, and at what times, using keys, badges, fobs, login credentials, or other security access method. | Duration of our relationship with you plus 6 years |
| Inferences | Based on analysis of your activity on the website, we may develop inferences regarding strengths, aptitudes, characteristics, and responsibilities for career development. | Duration of our relationship with you plus 6 years |
| Contents of Personal Communications where the Company is not the intended recipient | If you use Company email, phones, computers, online chat applications (Slack, Teams, Zoom, etc.) or other Company systems for personal communications where the Company is not the intended recipient of the communication, the Company retains these communications in the ordinary course of managing its communication and computer systems and pursuant to the Company’s data retention policy. Employees have no expectation of privacy with respect to any communications or data they send, receive, access or store on any company computer or system, including any personal communications. The Company may monitor, access, review and use all such communications and data for lawful business purposes detailed below, including to manage and evaluate employee performance and make employment decisions. | Up to 3 years from date of email; chat messages 1 day from date of record |
Of the above categories of Personal Information, the following are categories of Sensitive Personal Information the Company may collect:
- Personal Identifiers (social security number, driver’s license or state identification card number, passport number)
- (your Company account log-in, in combination with any required security or access code, password, or credentials allowing access to the account)
- Protected Classifications (racial or ethnic origin, religious or philosophical beliefs, union membership, or sexual orientation)
- Biometric Information (used for the purpose of uniquely identifying you)
- Medical and Health Information
- Geolocation Data (IP address and/or GPS location, latitude & longitude)
- Contents of Personal Communications (contents of mail, email, and text messages where the Company is not the intended recipient)
Personal information does not include:
- Publicly available information from government records.
- Information that a business has a reasonable basis to believe is lawfully made available to the general public by the employee or from widely distributed media.
- Information made available by a person to whom the employee has disclosed the information if the employee has not restricted the information to a specific audience.
- De-identified or aggregated information.
2. How We Use Personal Information and Sensitive Personal Information
The Personal Information and Sensitive Personal Information we collect, and our use of Personal Information and Sensitive Personal Information, may vary depending on the circumstances. This Notice is intended to provide an overall description of our collection and use of Personal Information and Sensitive Personal Information. Generally, we may use or disclose Personal Information and Sensitive Personal Information we collect from you or about you for one or more of the following purposes:
- To fulfill or meet the purpose for which you provided the information. For example, if you share your name and contact information to become an employee, we will use that Personal Information in connection with your employment and for current and future job opportunities with us or with our customers, including determining your eligibility and suitability for such opportunities.
- To comply with local, state, and federal law and regulations requiring employers to maintain certain records (such as immigration compliance records, travel records, personnel files, wage and hour records, payroll records, accident or safety records, and tax records), as well as local, state, and federal law, regulations, ordinances, guidelines, and orders relating to COVID-19.
- To evaluate suitability for temporary assignments with clients; and to facilitate such assignments and address any issues that may arise therefrom.
- To manage and process payroll and/or Company travel and expenses.
- To validate an employee’s identity for payroll and timekeeping purposes.
- To maintain commercial insurance policies and coverages, including for workers’ compensation and other liability insurance.
- To manage workers’ compensation claims.
- To administer, manage, and maintain group health insurance benefits, 401K and/or retirement plans, and other Company benefits and perks.
- To manage employee performance of their job duties and/or employee conduct, including by engaging in lawful monitoring of employee activities and communications when they are on duty, on Company premises, or utilizing Company internet and WiFi connections, computers, networks, devices, software applications or systems.
- To conduct workplace investigations (such as investigations of workplace accidents or injuries, harassment, or other misconduct).
- To evaluate job applicants and candidates for employment or promotions.
- To obtain and verify background checks on job applicants and employees and to verify employment references.
- To evaluate, make, and communicate decisions regarding an employee’s employment, including decisions to hire, terminate, promote, demote, transfer, suspend or discipline.
- To communicate with employees regarding employment-related matters such as upcoming benefits enrollment deadlines, action items, availability of W2s, and other alerts and notifications.
- To grant employees access to secure Company facilities and maintain information on who accessed the facility.
- To track employee movement and activity throughout Company facilities and keep the facilities secure.
- To implement, monitor, and manage electronic security measures on Company internet and WiFi connections, computers, networks, devices, software applications or systems, as well as on employee devices that are used to access Company internet and WiFi connections, computers, networks, devices, software applications or systems.
- To engage in corporate transactions requiring review or disclosure of employee records subject to non-disclosure agreements, such as for evaluating potential mergers and acquisitions of the Company.
- To communicate with an employee’s family or other contacts in case of emergency or other necessary circumstance.
- To manage employee recognition programs.
- To promote and foster diversity, equity, and inclusion in the workplace.
- To provide services to corporate customers who may request certain pieces of information about a Company employee (such as name, phone number, and headshot) to permit the employee access or security clearance to their facility in advance of the Company employee being dispatched to provide services at the customer’s facility.
- To exercise Company’s rights under applicable law and to support any claim, defense, or declaration in a case or before a jurisdictional and/or administrative authority, arbitrator, or mediation panel.
- To efficiently manage and operate administrative, information technology, and communications systems.
- COVID-19 RELATED PURPOSES
a. To reduce the risk of spreading the disease in or through the workplace.
b. To protect employees and anyone who interacts with our employees from exposure to COVID-19.
c. To comply with local, state, and federal law, regulations, ordinances, guidelines, and orders relating to COVID-19, including applicable reporting requirements.
d. To facilitate and coordinate pandemic-related initiatives and activities (whether Company-sponsored or through the U.S. Center for Disease Control and Prevention, other federal, state and local governmental authorities, and/or public and private entities or establishments, including vaccination initiatives).
e. To identify potential symptoms linked to COVID-19 (including through temperature checks, antibody testing, or COVID-19 questionnaire).
f. To permit contact tracing relating to any potential exposure.
g. To communicate with employees and others who interacted with our employees regarding potential exposure to COVID-19 and properly warn others who have had close contact with an infected or symptomatic individual so that they may take precautionary measures, help prevent further spread of the virus, and obtain treatment, if necessary. - To evaluate, manage, and assess the company’s business relationship with vendors, service providers, and contractors that provide services to the company.
- To improve user experience on computers, networks, devices, software applications or systems, and to debug, identify, and repair errors that impair existing intended functionality of our systems.
- To detect security incidents involving potentially unauthorized access to and/or disclosure of Personal Information or other confidential information, including proprietary or trade secret information and third-party information that the Company receives under conditions of confidentiality or subject to privacy rights.
- To protect against malicious or illegal activity and prosecute those responsible.
- To prevent identity theft.
- To verify and respond to consumer requests under applicable consumer privacy laws.
3. Retention of Personal Information
The Company will retain each category of Personal Information in accordance with our data retention schedule, as generally indicated above. In deciding how long to retain each category of Personal Information that we collect, we consider many criteria, including, but not limited to: the business purposes for which the Personal Information was collected; relevant federal, state and local recordkeeping laws; applicable statute of limitations for claims to which the information may be relevant; and legal preservation of evidence obligations.
We apply our data retention procedures on an annual basis to determine if the business purposes for collecting the personal information, and legal reasons for retaining the personal information, have both expired. If so, we will purge the information in a secure manner.
4. Sale/Sharing of Information to Third Parties
The Company does not and will not sell your Personal Information or Sensitive Personal Information for any monetary or other valuable consideration. The Company does not and will not share your Personal Information or Sensitive Personal Information for cross-context behavioral advertising.
5. Access to Privacy Policy
For more information, please review the Company’s Privacy Policy if you are an employee on the Paylocity Self-Service Portal, or if you are not an employee you may review the Company’s online Privacy Policy at Privacy Policy – GDH (gdhinc.com).
