INHABIT
CALIFORNIA APPLICANT AND EMPLOYEE PRIVACY NOTICE
Effective as of September 1, 2024
Contents
- Scope
- Definition
- What personal information we collect and how we use them
- Sale & Sharing of Personal Information
- Your Data Subject Rights
- Other Disclosures
- VII. Changes to this Privacy Notice
- VIII. Contact Us
I. Scope
The California Consumer Privacy Act, as amended by the California Privacy Rights Act, and its implementing regulations (collectively, the “CCPA”), gives California residents certain rights and requires businesses to make certain disclosures regarding their collection, use, and disclosure of Personal Information. This California Applicant & Employee Privacy Notice (the “Notice”) provides such notice to Inhabit and its group of brands’ (“Inhabit”, “we,” “us,” “our”) California job applicants (“Applicants”) and California employees, independent contractors, and other individuals who interact with Inhabit in an employment-related capacity (collectively, “Employees”).
Please note that this Notice only addresses Inhabit’s processing, collection, use, and disclosure of personal information collected in an employment-related context and only applies to residents of California. This Notice does not apply to individuals who are residents of other U.S. states or other countries and/or who do not interact with Inhabit in an employment-related context. For further details about our privacy practices pertaining to non-applicant/employee personal information, please see our Privacy Policy.
As an Applicant or Employee, you have the right to know what categories of personal information we collect, use, disclose, share and process about you. This Notice provides that information and other disclosures required by California law.
II. Definition
We use some phrases in this Privacy Notice that are unique to our business or our Services. Below are definitions of some of the key terms.
- “Employees”, “employee” or “you”means an identified or identifiable natural person who is a California resident and who is acting as a Inhabit job applicant, employee, or contractor. In this context “job applicant” refers to any person who has submitted his or her candidacy with Inhabit; “employee” refers to any person who is employed at Inhabit as a full-or part-time employee or temporary worker, and “contractor” means a natural person who provides any service to a business pursuant to a written contract.
- “Personal Information” refers to information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household. Personal Information does not include certain de-identified or aggregated information, information publicly available in government records, or certain other information excluded from the scope of the CPPA.
- “Sensitive Personal Information” is a type of personal information depending on what is considered as sensitive personal information as categorized under the CCPA, sensitive personal information is that which reveals the following:
- Personal identification numbers, including social security, driver’s license, passport, or state ID card numbers
- Account or debit or credit card numbers combined with passwords or codes that would enable access to the accounts
- Precise geolocation
- A consumer’s racial or ethnic origin, religious beliefs, or union membership,
- health, sex life or sexual orientation;
- A consumer’s mail, email, or text message content unless the information was intentionally sent to the business;
- A consumer’s genetic data, biometric data that may be processed for the purpose of uniquely identifying an individual;
- “Processing” means any operations performed on personal information, including: collecting, storing, retrieving, consulting, analyzing, disclosing or sharing with someone else, erasing, or destroying personal data.
III. Personal information we collect and how we use them
A. Applicants
What do we collect
We, and our Service Providers, may have collected and processed the following categories of Personal Information from Applicants in the preceding 12 months:
- Name, alias, phone number, address, email address, unique personal identifiers (cookies, IP address), individual’s signature (“Identifiers”).
- Age, gender, race, physical or mental health conditions, and marital status (“Demographic Data”).
- Internet or other network or device activity through your interactions with our website (such as browsing history, browser type and language, operating system or app usage) (“Internet Data”).
- Audio, electronic, visual, and similar information (“Media Data”).
- Professional or employment-related information, such as work history and prior employer, including job related data, maintained as part of the employment relationship that is present in: a job application or resume (“Employment Data”).
- Education information, as defined in the federal Family Educational Rights and Privacy Act, such as student records and directory information (“Academic Data”).
- Social security, driver’s license, state identification card, or passport number and racial or ethnic origin, religious or philosophical beliefs, or union membership; (“Sensitive Personal Information”).
- Usernames, passwords, log-in credentials (“Log-in Data”).
- Inferences drawn from any of the information listed above to create a profile about an individual reflecting the individual’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, abilities, and aptitudes. (e.g., predications about an individual’s preferences or tendencies) (“Profiling Data”).
How we use your personal information
We only collect the information reasonably necessary to facilitate your employment application, to carry out our hiring process, to comply with the requirement of law, and for the other legitimate business purposes. Some of these uses may, under certain circumstances be based on your consent or are necessary to serve our legitimate interests as provided below.
We collect and process your personal information described in this Notice for the following purposes:
For processing your employment application:
- To evaluate a potential Employee relationship with you.
- To perform background checks and verify past employment, educational history, professional standing, and other qualifications.
- To assess your fitness and physical capacity for work.
- To contact you regarding your application and potential Employee relationship with us.
- To respond to your queries or follow-ups regarding the application process.
- To verify or ascertain your identity, uniquely identify you and identify potentially fraudulent activity.
- To conduct research and gain an understanding of the users of our Career Site, their experiences and preferences to further improve the platform and our hiring process.
- To assist in business development, compile statistics regarding how the Career Site is used in order to improve them, for example, we may use your personal data to improve the layout of our Site based on the click path you utilized to access certain information within the Site. To run system diagnostics to ensure that platform is functioning properly and to improve the user experience.
For compliance with our legal obligations, regulatory requirements and for other legal purposes:
- Comply with laws and regulations, including, without limitation, applicable tax, health and safety, anti-discrimination, immigration, labor and employment, and social welfare laws.
- Monitor, investigate, and enforce compliance with and potential breaches of Inhabit policies and procedures and legal and regulatory requirements.
- Comply with civil, criminal, judicial, or regulatory inquiries, investigations, subpoenas, or summons.
- Exercise or defend the legal rights of Inhabit and its employees, affiliates, customers, contractors, and agents.
- To verify your identity or conduct internal audits or reviews.
- To gather the necessary information required by law, record keeping and good business practices.
What personal information we share and disclose
We have not sold any of personal information to third parties for commercial purposes or monetary value however we do disclose personal information for internal business purposes or operational purposes of our business (servicing, quality improvement, fraud detection, security, legal).
We have disclosed the following categories of Applicant Personal Information to Service Providers and Third Parties for a business purpose in the past twelve months:
- Name, alias, phone number, address, email address, unique personal identifiers, individual’s signature (“Identifiers”).
- Age, gender, race, physical conditions, marital status (“Demographic Data”).
- Internet or other network or device activity through your interactions with our website (such as browsing history, browser type and language, operating system or app usage) (“Internet Data”).
- Audio, electronic, visual, and similar information (“Media Data”).
- Professional or employment-related information, such as work history and prior employer (“Employment Data”).
- Social security, driver’s license, state identification card, or passport number and racial or ethnic origin (“Sensitive Personal Information”).
- Usernames, passwords, log-in credentials (“Log-in Data”).
- Inferences drawn from any of the information listed above to create a profile about an individual reflecting the individual’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, abilities, and aptitudes. (e.g., predications about an individual’s preferences or tendencies) (“Profiling Data”).
To whom do we share your personal information
We share your Personal Information with the following categories of recipients for the following business purposes:
- Third-party Service Providers: Your Personal Information will only be shared with and processed by our affiliates and non-affiliated third-party service providers as permitted by law and for the purposes described in this Notice. We may disclose Personal Information to certain non-affiliated specialized service providers, including professional advisors, consultants, technical service providers, and other third parties, who are bound by contractual obligations to keep Personal Information confidential and use it only for the purposes for which we disclose it to them. We may disclose your Personal Information to third-party service providers to provide us with services such as Site hosting, including information technology and telephony services, and related infrastructure, customer service, e-mail delivery, auditing, and other similar services.
- Corporate Subsidiaries and Affiliates: We share the collected personal information as described in this notice with our subsidiaries and affiliated businesses within the Inhabit, each of which use your personal information consistent with this Notice. Those businesses may also use your personal information for each of their own purposes.
- Business Transfers: When applicable, we may share your information in connection with a substantial corporate transaction, such as the sale of a Site, a merger, consolidation, asset sale, or in the unlikely event of bankruptcy.
- With Your Consent or at Your Direction: We may share information for any other purposes disclosed to you at the time we collect the information or pursuant to your consent or direction.
- Other Legal Reasons: In addition, we may use or disclose your Personal Information as we deem necessary or appropriate: (1) under applicable law; (2) to respond to requests from public and government authorities including public and government authorities; (3) to pursue available remedies or limit damages we may sustain; (5) to protect our operations or those of any of our affiliates; (6) to protect our rights, privacy, safety or property of, our affiliates, you and others; and (7) to enforce our terms and conditions.
When the information collected from or about you is not defined as personal information under applicable law, we may share such non-personal, de-identified information or aggregated information with third parties at our discretion.
B. Employees
What do we collect
We, and our Service Providers, may have collected and processed the following categories of Personal Information from our Employees in the preceding 12 months:
- Name, alias, phone number, address, email address, unique personal identifiers (cookies, IP address), individual’s signature (“Identifiers”).
- Age, date of birth, gender, race, physical or mental health conditions, marital status, medical information, health insurance information, disability (such as mental and physical including HIV/AIDS, or cancer), military or veteran status, request for family care leave, request for leave for an employee’s own serious health condition, request for pregnancy disability leave (“Demographic Data”).
- Internet or other network or device activity through your interactions with our website (such as browsing history, browser type and language, operating system or app usage) (“Internet Data”).
- Audio, electronic, visual, and similar information (“Media Data”).
- Professional or employment-related information, such as work history and prior employer, including job related data, maintained as part of the employment relationship that is present in: an employment contract; a contractor agreement; a performance review; a disciplinary record; photos; information from employee expenses; browsing and search history; payroll and benefits related data; internal and external contact information; or information captured from video, audio, systems, or other forms of monitoring or surveillance (“Employment Data”).
- Social security, driver’s license, state identification card, or passport number and racial or ethnic origin, biometric information including imagery of your fingerprint, face, and voice recordings, Financial account number or credit card number in combination with any credentials for allowing access to an account, precise geolocation, contents of a employee email and text messages, unless the business is the intended recipient thereof, and personal Information Collected and analyzed concerning a employee’s health. (“Sensitive Personal Information”).
- Usernames, passwords, log-in credentials (“Log-in Data”).
- Inferences drawn from any of the information listed above to create a profile about an individual reflecting the individual’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, abilities, and aptitudes. (e.g., predications about an individual’s preferences or tendencies) (“Profiling Data”).
How we use your personal information
We only collect the information reasonably necessary to facilitate your employment application, to carry out our hiring process, to comply with the requirement of law, and for the other legitimate business purposes. Some of these uses may, under certain circumstances be based on your consent or are necessary to serve our legitimate interests as provided below.
We collect and process your personal information described in this Notice for the following purposes:
For managing your employee relationship with us:
- To manage and provide compensation, payroll, tax, expense reimbursement, and benefits planning, enrollment, and administration.
- To administer benefits, such as medical, dental, optical, commuter, and retirement benefits, including recording and processing eligibility of dependents, absence and leave monitoring, insurance and accident management and provision of online total reward information and statements.
- To provide you with Human Resources Management Services, including providing employee data maintenance and support services, administration of separation of employment, approvals and authorization procedures, administration and handling of employee claims, and travel administration.
- To monitor eligibility to work in the U.S., which means monitoring and ensuring compliance of employees’ ability to work in the U.S.
- To conduct Healthcare-Related Services, including conducting pre-employment and employment-related medical screenings for return to work processes and medical case management needs; determining medical suitability for particular tasks; identifying health needs of employees to plan and provide appropriate services, including operation of sickness policies and procedures; and providing guidance on fitness for travel and fitness for expatriation.
- To provide you access to Inhabit systems, networks, databases, equipment, and facilities.
- To manage our workforce and its performance, including personnel planning, productivity monitoring, and evaluation.
- To manage workforce development, education, training, and certification.
- To authenticate your identity and verify your access permissions.
- To arrange, confirm, and monitor work-related travel, events, meetings, and other activities.
- To assess your working capacity or the diagnosis, treatment, or care of a condition impacting your fitness for work, and other preventative or occupational medicine purposes (including work-related injury and illness reporting).
- To contact and communicate with you regarding your employment, job performance, compensation, and benefits, or in the event of a natural disaster or other emergency.
- To contact and communicate with your designated emergency contact(s) in the event of an emergency, illness, or absence.
- To contact and communicate with your dependents and designated beneficiaries in the event of an emergency or in connection with your benefits.
- To respond to your HR related queries, concerns, complaints, feedback and follow-ups.
- To maintain security on Inhabit Websites and Internet Connected Assets, which includes hosting and maintenance of computer systems and infrastructure; management of Inhabit’s software and hardware computer assets; systems testing, such as development of new systems and end-user testing of computer systems; training; and monitoring email and Internet access.
- To monitor, maintain, and secure Inhabit systems, networks, databases, equipment, and facilities and to conduct research and gain an understanding of the users of our systems, their experiences and preferences to further improve the systems.
- To run system diagnostics to ensure that Inhabit systems is functioning properly and to improve the user experience.
For compliance with our legal obligations, regulatory requirements and for other legal purposes:
- Comply with laws and regulations, including, without limitation, applicable tax, health and safety, anti-discrimination, immigration, labor and employment, and social welfare laws.
- Monitor, investigate, and enforce compliance with and potential breaches of Inhabit policies and procedures and legal and regulatory requirements.
- To comply with our legal obligations and other regulatory requirements.
- Comply with civil, criminal, judicial, or regulatory inquiries, investigations, subpoenas, or summons.
- Exercise or defend the legal rights of Inhabit and its employees, affiliates, customers, contractors, and agents.
- To verify your identity or conduct internal audits or reviews.
- To gather the necessary information required by law, record keeping and good business practices.
- To process any complaints, implement preventive measures and to investigate act, omission, or misconduct that would constitute a violation of contracts and of the applicable laws.
What personal information we share and disclose to Service Providers & Third Parties
We have not sold any of personal information to third parties for commercial purposes or monetary value however we do disclose personal information for internal business purposes or operational purposes of our business (servicing, quality improvement, fraud detection, security, legal).
We have disclosed the following categories of Employee Personal Information to Service Providers and Third Parties for a business purpose in the past twelve months:
- Name, alias, phone number, address, email address, unique personal identifiers (cookies, IP address), individual’s signature (“Identifiers”).
- Age, date of birth, gender, race, physical or mental health conditions, marital status, financial information, medical information, health insurance information (“Demographic Data”).
- Internet or other network or device activity through your interactions with our website (such as browsing history, browser type and language, operating system or app usage) (“Internet Data”).
- Audio, electronic, visual, and similar information (“Media Data”).
- Professional or employment-related information, such as work history and prior employer (“Employment Data”).
- Social security, driver’s license, state identification card, or passport number and racial or ethnic origin, religious or philosophical beliefs, union membership, biometric information, Financial account number or credit card number in combination with any credentials for allowing access to an account, precise geolocation, contents of a employee email and text messages, unless the business is the intended recipient thereof, and personal Information Collected and analyzed concerning an employee’s health. (“Sensitive Personal Information”).
- Usernames, passwords, log-in credentials (“Log-in Data”).
- Inferences drawn from any of the information listed above to create a profile about an individual reflecting the individual’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, abilities, and aptitudes. (e.g., predications about an individual’s preferences or tendencies) (“Profiling Data”).
To whom do we share your personal information
We share your Personal Information with the following categories of recipients for the following business purposes:
- Third-party Service Providers: Your Personal Information will only be shared with and processed by our affiliates and non-affiliated third-party service providers as permitted by law and for the purposes described in this Notice. We may disclose Personal Information to certain non-affiliated specialized service providers, including professional advisors, consultants, technical service providers, and other third parties, who are bound by contractual obligations to keep Personal Information confidential and use it only for the purposes for which we disclose it to them. We may disclose your Personal Information to third-party service providers to provide us with services such as Site hosting, including information technology and telephony services, and related infrastructure, customer service, e-mail delivery, auditing, and other similar services.
- Corporate Subsidiaries and Affiliates: We share the collected personal information as described in this notice with our subsidiaries and affiliated businesses within the Inhabit, each of which use your personal information consistent with this Notice. Those businesses may also use your personal information for each of their own purposes.
- Business Transfers: When applicable, we may share your information in connection with a substantial corporate transaction, such as the sale of a Site, a merger, consolidation, asset sale, or in the unlikely event of bankruptcy.
- With Your Consent or at Your Direction: We may share information for any other purposes disclosed to you at the time we collect the information or pursuant to your consent or direction.
- Other Legal Reasons: In addition, we may use or disclose your Personal Information as we deem necessary or appropriate: (1) under applicable law; (2) to respond to requests from public and government authorities including public and government authorities; (3) to pursue available remedies or limit damages we may sustain; (5) to protect our operations or those of any of our affiliates; (6) to protect our rights, privacy, safety or property of, our affiliates, you and others; and (7) to enforce our terms and conditions.
When the information collected from or about you is not defined as personal information under applicable law, we may share such non-personal, de-identified information or aggregated information with third parties at our discretion.
IV. Sale & Sharing of Personal Information
We do not Sell or Share any of the categories of Applicant or Employee Personal Information listed in this Notice, and we have not Sold or Shared any of the categories of Applicant or Employee Personal Information listed in the past twelve months.
V. Your Data Subject Rights
We offer you certain choices and you also may have certain rights in connection with the personal information we collect about you.
A. Your Rights
As provided by the CPPA, you have the following rights, these rights are not absolute and may be subject to exceptions and verification. We may be required or permitted by law to decline any request. Only you, a person that you authorize to act on your behalf, or an entity registered with the California Secretary of State that you authorize to act on your behalf, may make a verifiable request related to accessing or deleting your personal information.
For security purposes, we will verify your identity when you request to exercise your data privacy rights. For certain types of requests, we may also need to ask you for additional information to verify your identity. Once we have verified your identity (and your agent, as applicable), we will respond to your request as appropriate.
A. Right to Know, Access, Data Portability
You have the right to know the categories and specific pieces of personal information that we collect about you, the purposes of the collection of your personal information, categories of third parties with whom we share your personal information and the categories of the personal information that we shared with third parties.
You can also make a request to access the categories or specific pieces of personal and sensitive personal information we collected, used, or shared about you in the past twelve (12) months. Along with your verified request, we will give you any categories of sources from which the personal or sensitive personal information is collected; the purpose for collecting, selling, or sharing; and any categories of third parties with whom we share such personal information.
B. Right to Delete
You can make a request to delete any personal and sensitive personal information we collected from you. Upon receiving a verified request, we will notify you once your information has been deleted. We will also communicate your deletion request to the third parties who process your personal information on our behalf and direct them to delete your information.
C. Right to Opt-Out of Sale
California Consumers have the right to opt out of “sales” of their personal information.
The CCPA’s broad definition of “sale” may include using services to deliver targeted advertising on other sites or applications. This means that if you make a request to opt out of our “sales” of personal information, it will likely have a direct impact on the types of advertisements you see online. We will honor requests to opt out of “sales” of your personal information.
If you would like to opt out, you may do so as outlined on the following page: Do Not Sell or Sharemy Personal Information
D. Right to Limit the Use or Disclosure of Sensitive Personal Information
You have the right to limit the use of your sensitive personal information to only those purposes that are necessary for us to provide Services to you. If you would like to opt out, you may do so as outlined on the following page: Limit the Use of My Sensitive Personal Information
We will notify you if at any point we intend to use your sensitive personal information for any additional purposes.
E. Right to Non-Discrimination
We value giving consumers control over their privacy and personal information. If you choose to exercise any of your rights under the CCPA, we will not differentiate our services as a result of your decision. We also do not offer any financial incentives to opt-in to sell your personal information.
F. Right to Correct
You have the right to request the correction, updating and completion of any Personal and Sensitive Personal Information we maintain about you.
B. Exercising Your Rights
This provides for instructions on how you can exercise your rights under the CPPA.
1. How to Exercise Your Rights
To submit a request to access, rectify, delete, port your personal data you can submit a request to us either:
- by email at privacy@inhabitIQ.com or
- by calling us at 865.409.5227
Note in the body of the email the specific right you want to exercise. In the subject line, include “California Employee Request”.
To protect the privacy and security of your personal information, we will attempt to verify your identity before acting on your request. Your request must include details sufficient for us to properly understand, evaluate, and respond to the request.
Please also note that as part of the verification process, we’re required to consider:
- the difficulty of verifying whether data that we hold and data we have linked to it truly and solely belongs to the data subject making the request, along with; and
- the potential adverse effects on disclosure of personal data to the wrong individual (or a person who is purposefully seeking the information of another) because such improper disclosure would likely adversely affect the privacy rights and freedoms of the relevant data subject/consumer, we limit certain personal data we make available.
2. Use of an Authorized Agent
An agent legally authorized to act on your behalf—may make a verifiable request related to your personal information. If you are making a request through an authorized agent, you must provide the authorized agent with written permission to do so, and a power of attorney that fulfills the requirements of the CPPA. We may request more information from the authorized agent (or from you) if needed to verify the authorized agent’s identity or to avoid any breach of security or instances of fraud.
VI. Other Disclosures
A. How long we retain personal information
We will retain your Personal Information for as long as necessary to fulfill the purposes outlined in this Notice and to perform our obligations under existing contracts. We will also retain your information to comply with our legal obligations, to conduct audits, resolve disputes, and enforce our agreements with you or with third parties.
B. How do we secure your personal information
We use reasonable organizational, technical and physical measures to maintain the privacy and security of your Personal Information within our organization against any unauthorized access, use, disclosure, loss or alteration, or theft of personal information. We maintain policies and practices to ensure the protection of your personal information. Depending on the volume and sensitivity of the information, the purposes for which it is used and the format in which it is stored, we implement a combination of measures to protect your personal information, including:
- Internal policies and procedures that define the roles and responsibilities of our employees throughout the information life cycle and limits their access to such information on a “need-to-know” basis;
- Technical safeguards such as encryption, firewalls, antivirus software and similar measures to protect information stored in electronic format;
- A designated Privacy Officer to monitor our compliance with applicable privacy laws;
- Employee privacy and data security training; and
- Procedures for receiving, investigating and responding to security incidents involving personal information.
Unfortunately, no data transmission or storage system can be guaranteed to be secure at all times. Although we work to protect the security of your account and other data that we hold in our records, please be aware that no method of transmitting data over the internet or storing data is completely secure.
If you have reason to believe that your interaction with us is no longer secure, please immediately notify us in accordance with the “Contact Us” section below. We will let you know promptly if a breach occurs that may have compromised the privacy or security of your information.
C. Financial Incentives for California Applicants & Employees
Under California law, we do not provide financial incentives to California Applicants and Employees who allow us to collect, retain, sell, or share their Personal Information. We will describe such programs to you if and when we offer them to you.
VII. Changes to this Privacy Notice
This Notice will be updated at least once every twelve (12) months to reflect changes in our business, legal or regulatory obligations. Changes to this Privacy Notice will be posted here in Foyer. If we make a material change to our privacy practices, we will provide notice through Foyer or by other means as appropriate. If we are required by applicable data protection laws to obtain your consent to any material changes before they come into effect, then we will do so in accordance with law.
VIII. Contact Us
If you have any questions, or complaints, regarding the collection or use of your personal information or the content of this notice, please contact our Privacy Officer at the coordinates below.
Privacy Officer
InhabitIQ
2035 Lakeside Centre Way, Suite 250, Knoxville, Tn 37922
privacy@inhabitIQ.com
We respect your privacy rights and commit to the security of your personal information. If you do not agree to how we process your personal information as discussed in this Privacy Notice, please reach out to us.