CCPA + CPRA Privacy Notice for Employees Inc. (the “Company,” “we,” “us,” “our”) is providing this Privacy Notice (“Notice”) pursuant to the California Consumer Privacy Act (“CCPA”) and California Privacy Rights Act (“CPRA”) to inform you about:

  1. the Categories of Personal Information that Company collects through Paycom and integrated applications about employees, officers, directors, candidates, and contractors who reside in California (“Employees”); and,
  2. the purposes for which the Company uses that Personal Information (“Purposes of Use”).

If you do not reside in California, the Company has decided to provide this notice as a courtesy to you.

For purposes of this Notice, “Personal Information” means information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, to an Employee who resides in California. Please contact with any questions or if you would like an alternative form of this Notice.

For purposes of this Notice, “Purposes of Use” for which we will use and process your Personal Information include, but are not limited to:

  1. Managing and Engaging Personnel: to manage personnel matters, to set up a personnel file, to administer compensation, bonuses, equity grants, other forms of compensation, and benefits (as applicable, and as permitted by law), to manage vacation, sick leave, and other leaves of absence, to provide training, to evaluate job applicants, to evaluate job performance, to design and engage in career development and other employee engagement programs, to screen employees for risks to the Company, to conduct employee surveys, to engage in crisis management, to fulfill recordkeeping and conduct reporting, including data analytics and trend analyses, to maintain an internal employee directory and for purposes of identification, to facilitate communication, interaction and collaboration amount employees, to manage employee-related emergencies, including health emergencies, and to promote the Company and arrange and manage Company-sponsored events and public service activities.
  2. Security and Compliance: to monitor use of Company information systems, to conduct internal audits, to conduct internal investigations, to protect the safety and security of Company’s facilities and personnel, to manage reimbursement of business expenses, to ensure compliance with federal, state and local regulations, including occupational health and safety compliance, to obtain appropriate insurance coverages, including worker’s compensation, to prevent illicit activity and report suspected criminal conduct to law enforcement and cooperate in investigations.
  3. Conducting Our Business: to communicate with prospective, current, and former customers, to make business travel arrangements and manage business expenses and reimbursements, to promote the business, to fulfill Company business objectives, including error prevention, quality assurance and improvement, product and service development and fulfillment, to engage in project management, and to provide a directory and contact information for prospective and current customers and business partners.

We do not and will not sell your Personal Information. We will not share your Personal Information with third parties for marketing purposes. We will not use your Personal Information to make any automated decisions affecting you.

Company Collects the Following Categories of Information, including through its HR System, Paycom, Integrated Applications, and Third-Party Systems:

Category of Personal Information
Purposes of Use
Identification Information
Real name, nickname or alias, postal address, telephone number, e-mail address, Social Security number, signature, photographs, online identifiers, Internet Protocol address, bank account name and number for direct deposits, identification documents provided for work eligibility verification.
Managing and Engaging Personnel; Security and Compliance; Conducting Our Business
Professional or Employment- Related Information
Compensation, bonuses, equity grants, pensions, benefits, attendance, evaluations, performance reviews, discipline, personnel files, expenses, education, corporate credit card details, membership in professional organizations, professional certifications, work eligibility in order to comply with legal requirements, and current and past employment history.
Managing and Engaging Personnel; Security and Compliance; Conducting Our Business
Health Information
Health information provided to participate in Company health insurance plans, wellness programs, and other benefits programs, as applicable. Note: This Notice does not cover medical information governed by the Health Insurance Portability and Accountability Act or the Health Information Technology for Economic and Clinical Health Act.
Managing and Engaging Personnel, and Security and Compliance
Financial Information
Financial information, including bank account name, bank account routing and accounts numbers, debit card numbers, tax information for state and federal withholding certificates (e.g. W-4).
Managing and Engaging Personnel, and Security and Compliance
Demographic Information
Information about race, age, national origin, disability, sex, and veteran status as necessary to comply with legal obligations, including the reporting requirements of the federal Equal Employment Opportunity Act, and information about disability status to the extent an employee may need special assistance during emergencies from the Company or from first responders.
The Company may also collect additional characteristics for its employee engagement or diversity and inclusion programs (including analytics).
Managing and Engaging Personnel
Note: All sensitive demographic Personal Information will be collected on a purely voluntary basis, except where required by law, and used only in compliance with applicable laws and regulations.
Commercial Information
Purchase and other transaction data from corporate cards and benefits cards, as applicable.
Managing and Engaging Personnel; Security and Compliance
Internet or Other Network Activity
Information about employees' use of the Internet or other similar network activity, including log in/out and other activity on the Company's electronic resources.
Security and Compliance
Geolocation Data
Geolocation information, such as IP address and other device metadata, that can be used to determine a device’s physical location.
Security and Compliance
Background Screening Information
Background screening information and the results of requested background screening, such as criminal history, sex offender registration, credit history, employment history, drug testing, and/or educational history.
Managing and Engaging Personnel; Security and Compliance
Preference Information
Employee preferences information, including but not limited to, preferred meals, t-shirt size, desired working hours, workspace preferences, and preferred work supplies.
Managing and Engaging Personnel; Security and Compliance
Custom Fields
Car make, model, and license plate information for Employees who require parking passes for the Virginia office.
Conducting Our Business

Additional Purposes Applicable to Any of The Categories of Personal Information Listed Above:

Company may also use Personal Information to facilitate administrative functions. These functions include, but are not limited to the following:

●       to manage and operate information technology and communications systems, risk management and insurance functions, budgeting, financial management and reporting, strategic planning;

●       to manage litigation involving the Company, and other legal disputes and inquiries and to meet legal and regulatory requirements;

●       in connection with a corporate transaction, sale, or assignment of assets, merger, divestiture, or other changes of control or financial status of the Company or any of its subsidiaries or affiliates; and

●       to manage licenses, permits and authorizations applicable to the Company’s business operations.

Categories of Third Parties With Whom We May Share Your Personal Data:

We will share personal data received when necessary to administer our payroll, benefits or plans. This may require that we share your information with vendors like ADP, or others such as accountants, actuaries, insurers or a third-party administrator or consultant used by an insurer, or vendors we retain to assist us when necessary to accomplish any of the purposes noted above. This can include with deposition officers, court reporters, videographers, notaries, trial consultants, judges, courts, tribunals, arbitrators, and mediators involved in the resolution of a dispute. When relevant to our business development efforts we may share your information with existing or potential clients.

We may also share your personal information with courts of law, law enforcement authorities, governmental officials or regulators, attorneys or other parties when it is reasonably necessary for the establishment, exercise or defense of a legal or equitable claim, or for purposes of an alternative dispute resolution process; to comply with a subpoena or court order, legal process, or other legal requirement or when we believe in good faith that such disclosure is necessary to comply with the law, to prevent imminent physical harm or material financial loss, to investigate, prevent or take action concerning illegal activities, suspected fraud, threats to our Firm, any of its lawyers or our property; or as necessary in connection with an investigation of fraud, intellectual property infringement, piracy or other unlawful activity.

Your Rights under the CCPA and CPRA:

The CCPA provides California residents with specific rights regarding their personal information. Employees who are residents of California have the following rights:

●       the right to know which categories of Personal Information are being collected and the purposes for which the Personal Information is being used;

●       the right to request the deletion of Personal Information, subject to certain exceptions;

●       the right to opt out of Company’s sale or sharing of Personal Information;

●       the right to opt out of automated decision-making technology;

●       the right to correct inaccurate Personal Information;

●       the right to limit use and disclosure of sensitive Personal Information, which is defined to include precise geolocation data, racial or ethnic origin, union membership, the contents of certain employee email and chat messages, and biometric information.

Exercising CCPA and CPRA Data Protection Rights:

In order to exercise any of the rights granted to Employees under the CCPA and CPRA, California residents can contact the Company at

Only the Employee or a person registered with the California Secretary of State that has been authorized to act on an Employee’s behalf may make a verifiable request related to the Employee’s Personal Information.

A request must provide sufficient information that allows the Company to reasonably verify that the requestor is the Employee to whom Personal Information pertains or an authorized representative of the Employee, and the request must contain sufficient detail that allows the Company to properly understand, evaluate, and respond to it.

The Company cannot respond to a request or provide a requestor with the required information if the Company cannot verify the Employee’s identity or authority to make the request and confirm that the Personal Information relates to the Employee.

The Company will disclose and deliver the required information free of charge within 45 days of receiving a verifiable request. The time period to provide the required information may be extended once by an additional 45 days when reasonably necessary and with prior notice. Any disclosures provided by the Company will only cover the 12-month period preceding the verifiable request’s receipt.