The California Consumer Privacy Act (“CCPA”) grants residents of the State of California (hereinafter “you”) certain privacy rights in their personal information. The CCPA requires that a business that collects personal information from an employee, owner, officer, director contractor or job applicant disclose, at or before the point of collection, the categories of personal information to be collected and the purposes to which that information is to be used. This Privacy Notice is intended to meet that requirement.
Zebit, Inc. (“Company,” “we,” “us,” or “our”) provides this Privacy Notice to California-resident employees, employee applicants, owners, directors, officers, and contractors of Zebit, as well as, as applicable, those individuals’ emergency contacts and beneficiaries who are California residents. This Privacy Notice sets forth our practices with respect to information that can reasonably be linked with an individual (“Personal Information”), as required by the California Consumer Privacy Act (“CCPA”), as amended by the California Privacy Rights Act (“CPRA”). This Privacy Notice only applies to residents of the State of California.
- Personal Information
- Personal Information We Collect
- Purposes for which We Use, Collect, and Disclose Personal Information
- How We May Use or Disclose Your Personal Information
- Retention Period
- Right to Non-Discrimination
- Requests Under CCPA
- Requests by Authorized Agents
- Contact Information
The CCPA defines personal information as information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household.
Personal information under the CCPA, however, does not include:
- Deidentified or aggregated consumer information.
- Publicly available information from federal, state or local government records.
- Information excluded from the scope of the CCPA:
- Medical or health information covered by the Health Insurance and Portability and Accountability Act of 1966 (“HIPAA”) and the California Confidentiality of Medical Information Act (“CMIA”) or clinical trial data.
- Personal information covered by certain sector-specific privacy laws such as the Fair Credit Reporting Act (“FCRA”), the Gramm-Leach-Bliley Act (“GLBA”), or California Financial Information Privacy Act (“FIPA”) and the Driver’s Privacy Protection Act of 1994.
Personal Information We Collect
The following chart details which categories of Personal Information we collect and process:
|A. Identifiers||A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, Social Security number, driver’s license number, passport number, or other similar identifiers.||YES|
|B. Personal information categories listed in the California Customer Records statute (Cal. Civ. Code §1798.80(e))||A name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver’s license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information. Some personal information included in this category may overlap with other categories.||YES|
|C. Protected classification characteristics under California or federal law||Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information).||YES|
|D. Commercial information||Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.||YES|
|E. Biometric information||Genetic, physiological, behavioral, and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as, fingerprints, faceprints, and voiceprints, iris or retina scans, keystroke, gait, or other physical patterns, and sleep, health, or exercise data.||NO|
|F. Internet or other similar network activity||Browsing history, search history, information on a consumer’s interaction with a website, application, or advertisement.||YES|
|G. Geolocation data||Physical location or movements.||YES|
|H. Sensory data||Audio, electronic, visual, thermal, olfactory, or similar information||YES|
|I. Professional or employment-related information||Current or past job history or performance evaluations.||YES|
|J. Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99))||Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records.||YES|
|K. Inferences drawn from other personal information||Profile reflecting a person’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities and aptitudes.||YES|
Purposes for which We Use, Collect, and Disclose Personal Information
- Plan and manage workforce activities and personnel generally, including for recruitment, including confirming eligibility for employment, background and related checks, employee onboarding, appropriate staffing, performance management, training and career development, payments and benefit administration, employee training, leaves and promotions;
- Conduct workforce assessments, including determining physical or mental fitness for work and evaluating work performance;
- Process payroll, manage wages and other awards such as stock options, stock grants and bonuses, reimburse expenses, and provide healthcare, pensions, savings plans and other benefits, reimburse expenses;
- Operate, maintain, monitor, and secure our facilities, equipment, systems, networks, applications, and infrastructure;
- Manage attendance, time keeping, leaves of absence, and vacation;
- Facilitate employee communication and workforce travel;
- Undertake quality and safety assurance measures, protect the health and safety of our workforce and others, and conduct risk and security control and monitoring;
- Conduct research, analytics, and data analysis, such as to assist in succession planning and to ensure business continuity, as well as to design and implement employee retention programs, diversity, equity, and inclusion initiatives;
- Perform identity verification, accounting, budgeting, audit, and other internal functions, such as internal investigations, disciplinary matters, and handling grievances and terminations;
- Operate and manage IT and communications systems and facilities, allocate Company assets and human resources, and undertake strategic planning and project management; and
- Comply with law, legal process, requests from governmental or regulatory authorities, internal policies, and other requirements, such as income tax deductions, recordkeeping, work permit and immigration regulations and reporting obligations, and the exercise or defense of legal claims.
- To manage licenses, permits and authorizations applicable to Zebit’s operations
How We May Use or Disclose Your Personal Information
We will share Personal Information received when necessary for purposes performing services for our business, providing services as requested by you, and ensuring the safety, security and integrity of our business, infrastructure, and the individuals with whom we interact. As such, we may share your information to do perform services such as administering payroll, benefits or plans. This may require that we share your information with vendors like TriNet, or others such as accountants, attorneys, insurers, or vendors we retain to assist us when necessary to accomplish any of the purposes noted above.
We may disclose personal information in when sharing is required by law, or to comply with relevant laws and regulations, so we may share Personal Information with regulatory authorities or law enforcement. We may also disclose information to protect the safety, property, or rights of the Company.
We may also disclose the above categories of Personal Information to a third party in the context of any reorganization, financing transaction, merger, sale, joint venture, partnership, assignment, transfer, or other disposition of all or any portion of our business, assets, or stock (including in connection with any bankruptcy or similar proceedings).
We do not sell Personal Information of covered individuals, and we do not share or otherwise process Personal Information of covered individuals for purposes of cross-context behavioral advertising as defined in CCPA.
We retain Personal Information including, without limitation, Sensitive Personal Information, for as long as needed or permitted in light of the purpose(s) for which it was collected. The criteria used to determine our retention periods include:
- The duration of your employment;
- The length of time we have an ongoing relationship with you or your dependents or beneficiaries and the length of time thereafter during which we may have a legitimate need to reference your Personal Information, such as to address issues that may arise;
- Whether there is a legal obligation to which we are subject (for example, certain laws may require us to keep your employment records for a certain period of time); and
- Whether retention is advisable in light of our legal position (such as in regard to applicable statutes of limitations, litigation, or regulatory investigations).
Right to Non-Discrimination
We will not discriminate against you for exercising any of your CCPA rights, nor will we retaliate against you.
Requests Under CCPA
You may, subject to applicable law, make the following requests:
You may request we disclose to you the following information covering the 12 months preceding your request:
- The categories of Personal Information we collected about you and the categories of sources from which we collected such Personal Information;
- The business or commercial purpose for collecting Personal Information about you; and
- The categories of Personal Information about you we otherwise disclosed and the categories of third parties to whom we disclosed such Personal Information.
- You may request to correct inaccuracies in your Personal Information.
- You may request to have certain Personal Information you provided to us deleted.
- You may request to receive a copy of your Personal Information, including a copy of the Personal Information you provided to us in a portable format.
We will verify and respond to your request consistent with applicable law, taking into account the type and sensitivity of the Personal Information subject to the request. We may need to request additional Personal Information from you to verify your identity and protect against fraudulent requests. If you make a request to delete, we may ask you to confirm your request before we delete your Personal Information. We will verify and respond to your request in compliance with timeframes set forth in the CCPA.
Requests by Authorized Agents
If an agent would like to make a request on your behalf as permitted by applicable law, the agent may use the submission methods noted above. As part of our verification process, we may request that the agent provide, as applicable, proof concerning their status as an authorized agent. In addition, we may require that you verify your identity as described above or confirm that you provided the agent permission to submit the request.
Postal Address:Zebit, Inc.
9920 Pacific Heights Blvd, Suite 150
San Diego, CA 92121