PHILO CALIFORNIA PRIVACY NOTICE – EMPLOYEES, APPLICANTS, OFFICERS, DIRECTORS, AND CONTRACTORS
UPDATED AND EFFECTIVE DATE: September 5, 2023
This notice (“Notice”) applies to you if you are a California resident who is a job applicant to, employee of, director of, officer of, or individual contractor of Philo (collectively “you”). It informs you about (1) the categories of Personal Information that we may collect about you, (2) the sources from which we collect Personal Information, (3) the purposes for which we may use that Personal Information, and (4) the third parties to whom Personal Information may be disclosed. “Personal Information” has the definition in the California Consumer Privacy Act of 2018 (“CCPA”) and as amended by the California Privacy Rights Act (“CPRA”).
1. Your Privacy Rights
You have the right to request: (1) that we disclose to you what Personal Information we collect, use, disclose, and sell/share, including the right to request that we provide to you the specific pieces of Personal Information we have collected about you (“Right to Know”) (2) that we delete the Personal Information we have collected from you (“Right to Delete”); (3) that we correct inaccurate Personal Information we hold about you (“Right to Correct”), (4) to opt out from the sharing of your Personal Information and Sensitive Personal Information to a third party for cross-context behavioral advertising (i.e. targeted advertising) (“Right to Opt-Out of Sharing”), (5) to opt-out from the sale of Personal Information and Sensitive Personal Information (“Right to Opt-Out of Sale”), and (6) that we limit the use or disclosure of your Sensitive Personal Information to purposes set forth in the statute, including that use which is necessary to perform the services or provide the goods reasonably expected by an average person who requests those goods or services (“Right to Limit the Use and Disclosure of Sensitive Personal Information”). These rights are subject to the meanings and exceptions set forth in the CCPA and CPRA. More information on each of these rights is below.
a. Right to Know
You may request that we disclose the following information:
- The categories of Personal Information we have collected about you.
- The categories of sources from which the Personal Information is collected.
- The business or commercial purpose for collecting or “selling” or “sharing” your Personal Information.
- The specific pieces of Personal Information we have collected about you.
- The categories of Personal Information we have “sold” or “shared” or disclosed about you for a business purpose, and the categories of third parties to whom your Personal Information was “sold,” “shared,” or disclosed for a business purpose.
To provide you with specific pieces of information, we may require a signed declaration under penalty of perjury that you are the individual whose Personal Information is the subject of the request.
b. Right to Delete
You may request that we delete the Personal Information we have collected from you (and direct our Service Providers to do the same).
Please note that as part of the verification process, we may follow up after you submit your request and require you to confirm that you want your information deleted.
c. Right to Correct
You have the right to request that we correct inaccurate information we hold about you.
d. Right to Opt-Out of Sale/Right to Opt-Out of Sharing
We do not sell, or share for cross-contextual behavioral advertising, the Personal Information or Sensitive Personal Information about you. Therefore, we do not offer an opt-out for the sale of Personal Information or sharing of Sensitive Personal Information at this time.
e. Right to Limit Use and Disclosure of Sensitive Personal Information
Under the CPRA Regulations, a business must only provide the Right to Limit the Use and Disclosure of Sensitive Personal Information when the information (i) is collected or processed for the purpose of inferring characteristics about an individual, or (ii) does not fall under certain statutory exceptions, pursuant to CPRA §1798.121. Since Philo’s use and disclosure of Sensitive Personal Information is within one or more of these exceptions, we do not offer this right at this time.
2. Categories of Personal Information We Collect
Depending on the circumstances, we may collect the following categories of Personal Information that are identified in the CCPA:
| Identifiers such as your real name, alias or nickname, postal address, phone number, unique personal identifier, online identifier, internet protocol address, email address, social security number, driver's license number, passport number, and any other identifiers required by law. We may also need to collect the name, postal address, and email address of your emergency contacts, dependents, and beneficiaries. | |
| Categories of Sources from which the Information was Collected |
We may collect this type of information from: - you - through other Philo workforce members - external sources (such as data that you have posted publicly) - tracking technologies (such as cookies, web beacons, and pixel tags) - third party social media companies - third party career portals |
| Business or Commercial Purpose(s) for which Information is Collected |
We may use this type of information for: - recruiting - background screening and checks - making employment and staffing decisions - confirming your eligibility for employment under applicable law - assisting with immigration matters on your behalf - administering benefits and insurance - managing payroll and other forms of compensation - managing, awarding, and distributing equity - paying or reimbursing expenses - conducting performance reviews and managing career planning - providing human resources management services, including providing data maintenance and support services, administration of separation from Philo, approvals and authorization procedures, administration and handling of worker claims, and travel administration - maintaining your contact information - assessing training needs and conducting training - improving our culture and working environment, including conducting staff surveys and providing senior management with information about other employees - assisting you in an emergency, including maintaining contact details for you and your dependents or emergency contacts - handling any disputes related to your relationship with Philo - managing the work environment, which includes information collected relating to disciplinary actions and code of ethics conduct processes and investigations - conducting our business, including recording audio and audiovisual recordings of meetings and calls - providing technical support services for devices used for work - managing security on our systems and infrastructure and conducting investigations, which includes managing our software and hardware computer assets; systems testing, such as development of new systems and end-user testing of computer systems; training; monitoring email, internet access and usage of devices and accounts used for work; and monitoring and managing physical access to company facilities - obtaining financing, recapitalizing the company, or the purchase or sale of all or part of a business - complying with applicable law or regulatory requirements, such as legal (local, state, and federal) and internal company reporting obligations, including required reporting for tax obligations, immigration, contractor payments, wages, headcount, management information, and demographics |
| Categories of Third Parties to whom this type of Personal Information is Disclosed for a Business Purpose |
We may disclose this type of information to: - service providers - third parties (including government agencies) as required by law or in connection with court proceedings (such as pursuant to subpoenas or court orders) - third parties who may acquire the information as a result of a merger, acquisition, or other transfer of ownership |
| Categories of Personal Information listed in the California Customer Records law, such as the identifiers above, your telephone number, employment history, education, bank account number, other financial information, medical information, and health insurance information. We may also need to collect the telephone number of your emergency contacts, dependents, and beneficiaries. | |
| Categories of Sources from which the Information was Collected |
We may collect this type of information from: - you - through other Philo workforce members - external sources (such as data that you have posted publicly) - tracking technologies (such as cookies, web beacons, and pixel tags) - third party social media companies - third party career portals |
| Business or Commercial Purpose(s) for which Information is Collected |
We may use this type of information for: - recruiting - background screening and checks - making employment and staffing decisions - confirming your eligibility for employment under applicable law - assisting with immigration matters on your behalf - administering benefits and insurance - managing payroll and other forms of compensation - managing, awarding, and distributing equity - paying or reimbursing expenses - conducting performance reviews and managing career planning - providing human resources management services, including providing data maintenance and support services, administration of separation from Philo, approvals and authorization procedures, administration and handling of worker claims, and travel administration - maintaining your contact information - assessing training needs and conducting training - improving our culture and working environment, including conducting staff surveys and providing senior management with information about other employees - assisting you in an emergency, including maintaining contact details for you and your dependents or emergency contacts - handling any disputes related to your relationship with Philo - managing the work environment, which includes information collected relating to disciplinary actions and code of ethics conduct processes and investigations - conducting our business, including recording audio and audiovisual recordings of meetings and calls - providing technical support services for devices used for work - managing security on our systems and infrastructure and conducting investigations, which includes managing our software and hardware computer assets; systems testing, such as development of new systems and end-user testing of computer systems; training; monitoring email, internet access and usage of devices and accounts used for work; and monitoring and managing physical access to company facilities - obtaining financing, recapitalizing the company, or the purchase or sale of all or part of a business - complying with applicable law or regulatory requirements, such as legal (local, state, and federal) and internal company reporting obligations, including required reporting for tax obligations, immigration, contractor payments, wages, headcount, management information, and demographics |
| Categories of Third Parties to whom this type of Personal Information is Disclosed for a Business Purpose |
We may disclose this type of information to: - service providers - third parties (including government agencies) as required by law or in connection with court proceedings (such as pursuant to subpoenas or court orders) - third parties who may acquire the information as a result of a merger, acquisition, or other transfer of ownership |
| Characteristics about you that may be required by law or voluntarily provided by you, such as your date of birth, race, national origin, disability, medical condition, sex (including your gender, gender identity, gender expression, and pregnancy or childbirth and related medical conditions), marital status, citizenship status, veteran or military status, requests for parental, pregnancy, disability or sick leave, background check information (such as criminal records, historical addresses, education history, and employment history) and other characteristics. | |
| Categories of Sources from which the Information was Collected |
We may collect this type of information from: - you - through other Philo workforce members - external sources (such as data that you have posted publicly) - tracking technologies (such as cookies, web beacons, and pixel tags) - third party social media companies - third party career portals |
| Business or Commercial Purpose(s) for which Information is Collected |
We may use this type of information for: - assisting with immigration matters on your behalf - administering benefits and insurance - providing human resources management services, including providing data maintenance and support services, administration of separation from Philo, approvals and authorization procedures, administration and handling of worker claims, and travel administration - operating diversity, equity, and inclusion program - complying with applicable law or regulatory requirements, such as legal (local, state, and federal) and internal company reporting obligations, including required reporting for tax obligations, immigration, contractor payments, wages, headcount, management information, and demographics |
| Categories of Third Parties to whom this type of Personal Information is Disclosed for a Business Purpose |
We may disclose this type of information to: - service providers - third parties (including government agencies) as required by law or in connection with court proceedings (such as pursuant to subpoenas or court orders) - third parties who may acquire the information as a result of a merger, acquisition, or other transfer of ownership |
| Biometric, audio, electronic, or similar information. This may also include other physiological, biological, or behavioral characteristics about you. | |
| Categories of Sources from which the Information was Collected |
We may collect this type of information from: - you - equipment and software used for work - external sources (such as data that you have posted publicly) - third party social media companies - service providers |
| Business or Commercial Purpose(s) for which Information is Collected |
We may use this type of information for: - recruiting - conducting our business, including recording audio and audiovisual recordings of meetings and calls - providing technical support services for devices used for work - managing security on our systems and infrastructure and conducting investigations, which includes managing our software and hardware computer assets; systems testing, such as development of new systems and end-user testing of computer systems; training; monitoring email, internet access and usage of devices and accounts used for work; and monitoring and managing physical access to company facilities - complying with applicable law or regulatory requirements, such as legal (local, state, and federal) and internal company reporting obligations, including required reporting for tax obligations, immigration, contractor payments, wages, headcount, management information, and demographics |
| Categories of Third Parties to whom this type of Personal Information is Disclosed for a Business Purpose |
We may disclose this type of information to: - service providers - third parties (including government agencies) as required by law or in connection with court proceedings (such as pursuant to subpoenas or court orders) - third parties who may acquire the information as a result of a merger, acquisition, or other transfer of ownership |
| Internet or other electronic network activity information, including, but not limited to, your browsing history, search history, and email content, and information regarding your interaction with internet websites, applications, or advertisements on company issued devices, personal devices used for company purposes, or through company user accounts. | |
| Categories of Sources from which the Information was Collected |
We may collect this type of information from: - you - equipment and software used for work - tracking technologies (such as cookies, web beacons, and pixel tags) |
| Business or Commercial Purpose(s) for which Information is Collected |
We may use this type of information for: - managing the work environment, which includes information collected relating to disciplinary actions and code of ethics conduct processes and investigations - conducting our business, including recording audio and audiovisual recordings of meetings and calls - providing technical support services for devices for work - managing security on our systems and infrastructure and conducting investigations, which includes managing our software and hardware computer assets; systems testing, such as development of new systems and end-user testing of computer systems; training; monitoring email, internet access and usage of devices and accounts used for work; and monitoring and managing physical access to company facilities - complying with applicable law or regulatory requirements, such as legal (local, state, and federal) and internal company reporting obligations, including required reporting for tax obligations, immigration, contractor payments, wages, headcount, management information, and demographics |
| Categories of Third Parties to whom this type of Personal Information is Disclosed for a Business Purpose |
We may disclose this type of information to: - service providers - third parties (including government agencies) as required by law or in connection with court proceedings (such as pursuant to subpoenas or court orders) - third parties who may acquire the information as a result of a merger, acquisition, or other transfer of ownership |
| Geolocation Data, such as tracking your access to company facilities. | |
| Categories of Sources from which the Information was Collected |
We may collect this type of information from: - you - equipment and software used for work - external sources (such as data that you have posted publicly) - third party social media companies |
| Business or Commercial Purpose(s) for which Information is Collected |
We may use this type of information for: - managing the work environment, which includes information collected relating to disciplinary actions and code of ethics conduct processes and investigations - conducting our business, including recording audio and audiovisual recordings of meetings and calls - providing technical support services for devices used for work - managing security on our systems and infrastructure and conducting investigations, which includes managing our software and hardware computer assets; systems testing, such as development of new systems and end-user testing of computer systems; training; monitoring email, internet access and usage of devices and accounts used for work; and monitoring and managing physical access to company facilities - obtaining financing, recapitalizing the company, or the purchase or sale of all or part of a business - complying with applicable law or regulatory requirements, such as legal (local, state, and federal) and internal company reporting obligations, including required reporting for tax obligations, immigration, contractor payments, wages, headcount, management information, and demographics |
| Categories of Third Parties to whom this type of Personal Information is Disclosed for a Business Purpose |
We may disclose this type of information to: - service providers - third parties (including government agencies) as required by law or in connection with court proceedings (such as pursuant to subpoenas or court orders) - third parties who may acquire the information as a result of a merger, acquisition, or other transfer of ownership |
| Audio, electronic, visual, or similar information about you. | |
| Categories of Sources from which the Information was Collected |
We may collect this type of information from: - you - external sources (such as data that you have posted publicly) - equipment and software used for work - third party social media companies - third party career portals |
| Business or Commercial Purpose(s) for which Information is Collected |
We may use this type of information for: - recruiting - providing human resources management services, including providing data maintenance and support services, administration of separation from Philo, approvals and authorization procedures, administration and handling of worker claims, and travel administration - managing the work environment, which includes information collected relating to disciplinary actions and code of ethics conduct processes and investigations - conducting our business, including recording audio and audiovisual recordings of meetings and calls - providing technical support services for devices used for work - managing security on our systems and infrastructure and conducting investigations, which includes managing our software and hardware computer assets; systems testing, such as development of new systems and end-user testing of computer systems; training; monitoring email, internet access and usage of devices and accounts used for work; and monitoring and managing physical access to company facilities - obtaining financing, recapitalizing the company, or the purchase or sale of all or part of a business - complying with applicable law or regulatory requirements, such as legal (local, state, and federal) and internal company reporting obligations, including required reporting for tax obligations, immigration, contractor payments, wages, headcount, management information, and demographics |
| Categories of Third Parties to whom this type of Personal Information is Disclosed for a Business Purpose |
We may disclose this type of information to: - service providers - third parties (including government agencies) as required by law or in connection with court proceedings (such as pursuant to subpoenas or court orders) - third parties who may acquire the information as a result of a merger, acquisition, or other transfer of ownership |
| Professional or employment-related information, including your job application, resume, education history, employment contracts, contractor agreements, performance reviews, expense reports, payroll and benefits data, internal and external contact information, memberships in professional organizations, professional certifications, employment history, and information about you obtained from video, audio, systems, or other forms of monitoring or surveillance. | |
| Categories of Sources from which the Information was Collected |
We may collect this type of information from: - you - through other Philo workforce members - external sources (such as data that you have posted publicly) - third party social media companies - third party career portals |
| Business or Commercial Purpose(s) for which Information is Collected |
We may use this type of information for: - recruiting - background screening and checks - making employment and staffing decisions - confirming your eligibility for employment under applicable law - assisting with immigration matters on your behalf - administering benefits and insurance - managing payroll and other forms of compensation - managing, awarding, and distributing equity - paying or reimbursing expenses - conducting performance reviews and managing career planning - ` `providing human resources management services, including providing data maintenance and support services, administration of separation from Philo, approvals and authorization procedures, administration and handling of worker claims, and travel administration - assessing training needs and conducting training - improving our culture and working environment, including conducting staff surveys and providing senior management with information about other employees - handling any disputes related to your relationship with Philo - managing the work environment, which includes information collected relating to disciplinary actions and code of ethics conduct processes and investigations - conducting our business, including recording audio and audiovisual recordings of meetings and calls - complying with applicable law or regulatory requirements, such as legal (local, state, and federal) and internal company reporting obligations, including required reporting for tax obligations, immigration, contractor payments, wages, headcount, management information, and demographics |
| Categories of Third Parties to whom this type of Personal Information is Disclosed for a Business Purpose |
We may disclose this type of information to: - service providers - third parties (including government agencies) as required by law or in connection with court proceedings (such as pursuant to subpoenas or court orders) - third parties who may acquire the information as a result of a merger, acquisition, or other transfer of ownership |
| Education information that is not publicly available, including your grade point averages, transcripts, and any other educational information. | |
| Categories of Sources from which the Information was Collected |
We may collect this type of information from: - you - through other Philo workforce members - external sources (such as data that you have posted publicly) |
| Business or Commercial Purpose(s) for which Information is Collected |
We may use this type of information for: - recruiting - background screening and checks - making employment and staffing decisions - confirming your eligibility for employment under applicable law - assisting with immigration matters on your behalf - conducting performance reviews and managing career planning - providing human resources management services, including providing data maintenance and support services, administration of separation from Philo, approvals and authorization procedures, administration and handling of worker claims, and travel administration - assessing training needs and conducting training - improving our culture and working environment, including conducting staff surveys and providing senior management with information about other employees - conducting our business, including recording audio and audiovisual recordings of meetings and calls - complying with applicable law or regulatory requirements, such as legal (local, state, and federal) and internal company reporting obligations, including required reporting for tax obligations, immigration, contractor payments, wages, headcount, management information, and demographics |
| Categories of Third Parties to whom this type of Personal Information is Disclosed for a Business Purpose |
We may disclose this type of information to: - service providers - third parties (including government agencies) as required by law or in connection with court proceedings (such as pursuant to subpoenas or court orders) - third parties who may acquire the information as a result of a merger, acquisition, or other transfer of ownership |
| Inferences drawn from any of the information we collect that may reflect your preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, or aptitudes. | |
| Categories of Sources from which the Information was Collected |
We may collect this type of information from: - you - through other Philo workforce members - external sources (such as data that you have posted publicly) - tracking technologies (such as cookies, web beacons, and pixel tags) - third party social media companies - third party career portals |
| Business or Commercial Purpose(s) for which Information is Collected |
We may use this type of information for: - recruiting - background screening and checks - making employment and staffing decisions - confirming your eligibility for employment under applicable law - conducting performance reviews and managing career planning - assessing training needs and conducting training - improving our culture and working environment, including conducting staff surveys and providing senior management with information about other employees - handling any disputes related to your relationship with Philo - managing the work environment, which includes information collected relating to disciplinary actions and code of ethics conduct processes and investigations - conducting our business, including recording audio and audiovisual recordings of meetings and calls - complying with applicable law or regulatory requirements, such as legal (local, state, and federal) and internal company reporting obligations, including required reporting for tax obligations, immigration, contractor payments, wages, headcount, management information, and demographics |
| Categories of Third Parties to whom this type of Personal Information is Disclosed for a Business Purpose |
We may disclose this type of information to: - service providers - third parties (including government agencies) as required by law or in connection with court proceedings (such as pursuant to subpoenas or court orders) - third parties who may acquire the information as a result of a merger, acquisition, or other transfer of ownership |
3. Exercising Your Rights under the CCPA
a. Verifying Your Requests
Any request from you must be one that we can reasonably verify, and you must provide enough detail so that we can understand, evaluate and respond to it. Making such a request does not require you to create an account with us.
When you exercise your Right to Know, Right to Delete, and/or Right to Correct, we may ask you to provide us with information, in addition to your full name, in order to verify your identity and fulfill your request, such as your job title, mailing address, phone number, and work email address. We will take reasonable steps to verify your identity based upon the information you provide and the type of request you are making. We may ask for additional information as needed to fully verify your request.
If we are unable to verify that the person submitting the request is the same person about whom we have collected information (or someone that person authorized to submit the request on their behalf), we will not be able to process the request.
b. Agents
You may designate an authorized agent to make a request on your behalf. The agent should complete the request through one of the methods outlined below. and provide declaration signed by you authorizing the agent to make the request. The written permission must state the full legal names of you and the agent and needs to be clear about the permission granted. Alternatively, the agent may submit a copy of a power of attorney under Probate Code sections 4000-4465. The identity of the subject of the request, in addition to the agent’s identity, will need to be independently verified in order for us to be able to fulfill the request. We may also ask you to directly confirm with us that you provided the agent with permission to submit a request. Please keep in mind that if we do not receive adequate proof that the agent is authorized to act on behalf of the subject of the request, we may deny the request.
c. Submitting Requests
To exercise any of your rights under the CCPA with Philo, please submit your request using the following method:
- Email us at HR@philo.com
We intend to respond to a Verifiable Request for knowledge or deletion within 45 days of receiving the request. If we require more time, we will inform you of the reason and extension period in writing.
When you make a request under the CCPA, we will use the Personal Information you provide to us only to review and comply with your request.
4. Data Retention
Philo will keep your Personal Information for as long as your employment application and any working relationship with us lasts, and for a certain period after your application or working relationship with us has ended; but we will not keep or store Personal Information for longer than is reasonably necessary to fulfill the purposes (as described in this Notice) for which it was collected or that you authorized after collection, or as otherwise required by law. In determining how long we keep your Personal Information, we take into account our legal obligations (such as legal requirements to retain your information, financial reporting obligations, and equal opportunity or anti-discrimination reporting obligations), the nature and sensitivity of the Personal Information, the potential risk of harm from unauthorized use or disclosure of the Personal Information, and whether we may need to retain the Personal Information to resolve disputes, make and defend legal claims, conduct audits, pursue legitimate business purposes and/or enforce our agreements.
5. Right to Non-Discrimination for the Exercise of Your Privacy Rights
You have the right to not receive discriminatory treatment for exercising CCPA rights. We will not discriminate or retaliate against you for exercising your CCPA rights.
6. Changes to this Notice
We reserve the right to modify this Notice at our discretion and at any time. When we make changes, we will notify you through an email notice and reflect the date the Notice was updated.
7. Contact Information
If you have a question related to this Notice, please contact us at:
This Notice was last modified on the date indicated above and is effective on such date.