RoamHR California Consumer Privacy Act (“CCPA”) Privacy Statement
Active Policy Date: July 27,2020
The following CCPA Privacy Statement shall not apply to the collection, processing, sale or disclosure of any information (i) that a consumer provides to us to obtain a financial product or service from us, or (ii) about a consumer resulting from any transaction involving a financial product or service between us and the consumer; or (iii) we otherwise obtain about a consumer in connection with providing a financial product or service to that consumer.
Information We Collect
We collect information that identifies, relates to, describes, references, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household subject to the CCPA (“Personal Information”). In particular, we have collected the following categories of Personal Information from consumers within the last twelve (12) months:
|A. Identifiers.||A real name, alias, postal address, unique personal identifier, online identifier, internet protocol address, email address, account name, Social Security number, driver’s license number, passport number, or other similar identifiers.||YES|
|B. Categories of Personal Information listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)).||A name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver’s license or state identification card number, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information. Some personal information included in this category may overlap with other categories.||YES|
|C. Protected classification characteristics under California or federal law.||Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information).||YES|
|D. Commercial information.||Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.||NO|
|E. Biometric information.||Genetic, physiological, behavioral, and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as fingerprints, faceprints, and voiceprints, iris or retina scans, keystroke, gait, or other physical patterns, and sleep, health, or exercise data.||YES|
|F. Internet or other similar network activity.||Browsing history, search history, information on a consumer’s interaction with an internet website, application, or advertisement.||YES|
|G. Geolocation data.||Physical location or movements.||YES|
|H. Sensory data.||Audio, electronic, visual, thermal, olfactory, or similar information.||YES|
|I. Professional or employment-related information.||Current or past job history or performance evaluations.||NO|
|J. Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99)).||Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records.||NO|
|K. Inferences drawn from other Personal Information.||Profile reflecting a person’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.||NO|
WePersonal Information does not include:
- Publicly available information from government records.
- De-identified or aggregate consumer information.
- Other information to the extent excluded from the CCPA’s scope, like:
- Personal Information covered by certain sector-specific privacy laws, including the Fair Credit Reporting Act (FCRA), the Gramm-Leach-Bliley Act (GLBA) or California Financial Information Privacy Act (CalFIPA), and the Driver’s Privacy Protection Act of 1994;
- Health or medical information that constitutes clinical trial data or that is otherwise covered by the Health Insurance Portability and Accountability Act of 1996 (HIPAA), the Health Information Technology for Economic and Clinical Health Act (HITECH), or the California Confidentiality of Medical Information Act (CMIA);
- Personal Information we may collect from a natural person (including, without limitation, emergency contact information for that natural person and such other Personal Information we may need in order to administer benefits for such natural person) in the course of the natural person applying for a job with us or otherwise in connection that natural person acting as our employee, owner, director, officer, medical staff member, or contractor; and
- Personal Information we may collect from a natural person who is acting as an employee, owner, director, officer, or contractor of another company with which company we are communicating or for which company we are otherwise evaluating or actually providing a product or service
With respect to each of the categories of Personal Information listed in the table above, we obtain such Personal Information from a variety of sources, including from:
- our customers and consumers, with respect to both online and offline interactions they may have with us or our service providers and other entities with whom you transact;
- others with whom you maintain relationships who may deal with us on your behalf;
- the devices you use to access our websites, mobile applications, and online services;
- credit bureaus;
- identify verification and fraud prevention services;
- marketing and analytics providers;
- public databases;
- social media platforms;
- and others consistent with this Privacy Notice
Use of Personal Information
With respect to each of the categories of Personal Information listed in the table above, we may use or disclose such Personal Information for any one or more of the following business purpose:
- To fulfill or meet the reason for which the information is provided. For example, if you provide us with Personal Information in order to open a banking or mortgage account;
- To provide you with information, products or services that you request from us;
- To provide you with email alerts, event registrations and other statements concerning our products or services;
- To carry out our obligations and enforce our rights arising from any contracts entered into between you and us, including for billing and collections;
- To detect and protect against security incidents, and malicious, deceptive, fraudulent or illegal activity, and prosecute the same;
- To debug to identify and repair errors in our systems;
- As otherwise necessary or appropriate to protect the rights, property or safety of us, our customers, consumers, or others;
- To respond to law enforcement requests and as required by applicable law, court order, or governmental regulations;
- For such purposes as may be necessary or appropriate in connection with audits and reporting relating to particular transactions and interactions, including online interactions, you may have with us or others on our behalf;
- To improve our website and apps and present their content to you;
- For testing, research, analysis and product development;
- For short-term, transient use including contextual customization of ads; and/or
- As otherwise described to you when collecting your Personal Information or as otherwise set forth in the CCPA.
Sharing Personal Information
With respect to each of the categories of Personal Information listed immediately below, we may disclose such Personal Information to a third party for a business purpose.
In the preceding twelve (12) months, we have disclosed the following categories of Personal Information for a business purpose:
Category A: Identifiers
Category B: California Customer Records Personal Information categories
Category C: Protected classification characteristics under California or federal law
Category D: Commercial information
Category E: Biometric Information
Category F: Internet or other similar network activity
Category G: Geolocation Data
Category H: Sensory Data
Category I: Professional or employment-related information
Category J: Non-public education information
Category K: Inferences drawn from other Personal Information
With respect to each of the categories of Personal Information listed immediately above, we may disclose such Personal Information for a business purpose to the following categories of third parties:
- Service providers
Such third parties as our customers or consumers may direct us to disclose their personal information
We do not, and will not, sell (as that term is defined by the CCPA) any Personal Information that we collect.
We do not disclose Personal Information of individuals we know to be under the age of 16 to any business or third parties for monetary or other valuable consideration as a “sale” under California law, without affirmative authorization.
Your Rights and Choices
The CCPA provides consumers (California residents) with specific rights regarding their Personal Information. This section describes your CCPA rights and explains how to exercise those rights.
Shine the Light
Pursuant to Section 1798.83-.84 of the California Civil Code, residents of California have the right to request from a business, with whom the California resident has an established business relationship, what types of personal information, if any, the business shares with third parties for direct marketing purposes by such third party and the identities of the third parties with whom the business has shared such information in the immediately preceding calendar year. To access this information, please contact us by emailing support@RoamHR.com with “CA Shine the Light Privacy Requests” in the subject line. Please note that, under the law, we are not required to respond to your request more than once in a calendar year, nor are we required to respond to any requests that are not sent to the above-designated email.
California Do Not Track Disclosure
Access to Specific Information and Data Portability Rights
You have the right to request that we disclose certain information to you about our collection and use of your Personal Information over the past 12 months. Once we receive and confirm your verifiable consumer request, we will disclose to you:
- The categories of Personal Information we have collected about you.
- The categories of sources for the Personal Information we have collected about you.
- Our business or commercial purpose for collecting or selling that Personal Information.
- The categories of third parties with whom we share that Personal Information.
- The specific pieces of Personal Information we collected about you (also called a data portability request).
- If we sold or disclosed your Personal Information for a business purpose, two separate lists disclosing:
- the categories of Personal Information about you that we disclosed for a business purpose.
Deletion Request Rights
You have the right to request that we delete any of your Personal Information that we have collected from you and retained, subject to certain exceptions. Once we receive and confirm your verifiable consumer request, we will delete (and direct our service providers to delete) your Personal Information from our records, unless an exception applies.
We may deny your deletion request if retaining the Personal Information is necessary for us or our service providers to:
- Complete the transaction for which we collected the Personal Information, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform our contract with you.
- Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.
- Debug products to identify and repair errors that impair existing intended functionality.
- Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law.
- Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 seq. ).
- Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information’s deletion may likely render impossible or seriously impair the research’s achievement, if you previously provided informed consent.
- Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us.
- Comply with a legal obligation.
- Make other internal and lawful uses of that information that are compatible with the context in which you provided it.
Exercising Access, Data Portability, and Deletion Rights
To exercise the access, data portability, and deletion rights described above, please submit a request to us by either:
- email to firstname.lastname@example.org
- submission of help request at https://www.roamhr.com/support
Only you or a person who you authorize to act on your behalf may make a verifiable consumer request related to your Personal Information. Under California law, you may designate an authorized agent to make a request on your behalf. You may make such a designation by providing the agent with written permission to act on your behalf. Your agent may be subject to the same verification procedures that we use to verify consumers who do not currently have a relationship with us. As permitted by law, we may require you to verify your own identity in response to a request even if you choose to use an agent. You may also make a verifiable consumer request on behalf of your minor child, though please understand that, in connection with your assertion of such rights on behalf of your minor child, we may require that you sign and submit a notarized consent form.
The verifiable consumer request must:
- Provide sufficient information that allows us to reasonably verify you are the person about whom we collected Personal Information or an authorized representative.
- Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.
Verifying Your Request
We cannot respond to your request or provide you with Personal Information if we cannot verify your identity or authority to make the request and confirm the Personal Information relates to you. Making a verifiable consumer request does not require you to create an account with us. We will only use Personal Information provided in a verifiable consumer request to verify your identity or authority to make the request. We may otherwise limit our response to your request as permitted under applicable law.
Whenever feasible, we will match the identifying information provided by you to the Personal Information we maintain, or use a third-party identity verification service that complies with the CCPA. However, if we cannot verify your identity from the Personal Information that we maintain, we may request additional information from you, which shall only be used for the purposes of verifying your identity.
Response Timing and Format
We endeavor to respond to a verifiable consumer request within 45 days of its receipt. If we require more time (up to 90 days), we will inform you of the reason and extension period in writing. If you have an account with us, we will deliver our written response to that account. If you do not have an account with us, we will deliver our written response by mail or electronically, at your option. The response we provide will also explain the reasons we cannot comply with a request, if applicable. For data portability requests, we will select a format to provide your Personal Information that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance.
We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.
We will not discriminate against you for exercising any of your CCPA rights. Unless permitted by the CCPA, we will not:
- Deny you goods or services.
- Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties.
- Provide you a different level or quality of goods or services.
- Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.
However, we may offer, and you may consent to receive certain financial incentives permitted by the CCPA that can result in different prices, rates, or quality levels. Any CCPA-permitted financial incentive we offer will reasonably relate to your Personal Information’s value and contain written terms that describe the program’s material aspects. You may revoke your consent to participate or receive such financial incentive at any time.
Changes to Our Privacy Statement
We reserve the right to amend this privacy statement at our discretion and at any time. When we make changes to this privacy statement, we will notify you through a statement on our website homepage.
If you use assistive technology and the format of this privacy statement interferes with your ability to access information, please contact us at email@example.com. To enable us to respond in a manner most helpful to you, please indicate the preferred format in which to receive the material and your contact information.
If you have any questions or comments about this statement, the ways in which we collect and use your Personal Information, your choices and rights regarding such use, or wish to exercise your rights under California law, please do not hesitate to contact us at:
- email to firstname.lastname@example.org
- submission of help request at https://www.roamhr.com/support
- Phone 210-960-9136
Postal Address: RoamHR
Attn: Compliance Office
8000 Walton Pkwy, Suite 230
Effective Date: January 1, 2020