Employee and Applicant Privacy Notice
Effective Date: October 14, 2022
This notice describes the categories of personal information collected by Windfall Data, Inc. (the “Company”) from our employees and job applicants, and the purposes for which personal information may be used.
This notice does not create or form part of any employment contract. We may update this notice at any time, and we will provide you with a new privacy notice either by email or via Lattice when we make any substantial updates.
Sources of Personal Information |
For Applicants.
For Employees.
|
Categories of Personal Information Collected |
Identifiers and contact information. This category includes names, addresses, telephone numbers, mobile numbers, email addresses, dates of birth, Social Security numbers, driver’s license or state identification numbers, bank account information, and other similar contact information and identifiers. Protected classification information. This category includes characteristics of protected classifications under applicable state or federal law. Internet or other electronic network activity information. This category includes without limitation:
Geolocation data. This category includes GPS location data from Company-issued mobile devices. Audio, electronic, visual, or similar information. This category includes, for example, information collected from Company cameras and similar devices. Professional and employment-related information. This category includes, without limitation:
Education information. This category includes education history. In certain cases we may ask you for additional information for purposes of monitoring equal opportunity and/or complying with applicable laws. |
Purposes for which Personal Information is Used |
Workforce management. Managing work activities and personnel generally, such as:
Business operations. Operating and managing our business, including managing communications and IT systems; research, development and operation of our products and/or services; managing and allocating Company assets and personnel; strategic planning and project management; business continuity; maintenance of business and audit records; budgeting, financial management and reporting; internal communications; promoting our business; physical and information security; and evaluating and undergoing mergers, acquisitions, sales, re-organizations or disposals and integration with purchasers. Compliance, safety and fraud prevention. Complying with legal and other requirements, such as tax, audit, recordkeeping, reporting, verifying identity and eligibility to work, and equal opportunities monitoring requirements; complying with lawful requests and legal process, such as responding to subpoenas or requests from government authorities; protecting our, your or others’ rights, safety and property; investigating and deterring against fraudulent, harmful, unauthorized, unethical or illegal activity, or conduct in violation of our policies or procedures; pursuing legal rights and remedies, including investigating, making and defending complaints or legal claims; administering and enforcing internal policies and procedures; and sharing information with government authorities, law enforcement, courts or private parties for the foregoing purposes. Monitoring. Monitoring offices and facilities, IT and communications systems, devices, equipment and applications through manual review and automated tools such as security software, website and spam filtering, and monitoring our physical premises (e.g., by using security cameras and keycard scans) to protect our, your or others’ rights, safety and property; operate, maintain and protect the security of our network systems and devices; protect our proprietary and confidential information and intellectual property; for recordkeeping and archiving; for personnel training and/or performance management; for the compliance, safety and fraud prevention purposes described above; to investigate and respond to security and other incidents; and for business continuity (such as monitoring business-related emails following an employee's departure). Analytics. Creating anonymous, aggregated or de-identified data that we use and share to analyze our workforce and business and for other lawful business purposes. |
Sharing Personal Information |
We do not sell your personal information or disclose your personal information to third parties for targeted advertising. We may share your personal information with other parties as necessary for the purposes described above. By way of example and not limitation, we may share your personal information with: Affiliates. Our corporate parent, subsidiaries, and other affiliates under the control of our corporate parent, for purposes consistent with this Notice or to operate shared infrastructure, systems and technology. Company service providers. Providers of services to the Company, such as payroll administration, benefits and wellness, human resources, occupational health, performance management, training, expense management, travel agencies, transportation and lodging, IT systems and support, information and physical security, background checks and other screenings, equity award administration, corporate banking and credit cards, health care, trade associations, insurance brokers, claims handlers and loss adjusters, and any necessary third party administrators, nominees, registrars or trustees appointed in connection with benefits plans or programs. Benefits providers. Providers of services to eligible employees as part of our employee benefits program (e.g., financial advisors, securities brokers, financial institutions and providers of health, fitness, wellness, childcare and concierge services) who need your information to verify your eligibility, invite you to take advantage of their services, and provide you with services. Our marketing audience. Current and prospective customers and other business contacts with whom we share your employee Company bio, which may be shared on our website or in other publicly available marketing materials and communications as part of our marketing activities. Government authorities, law enforcement and others. Government authorities, law enforcement, courts, and others as described in the compliance, safety and fraud prevention section above. Business transfer participants. Parties to transactions and potential transactions whereby we sell, transfer or otherwise share some or all of our business or assets, including our employee’s personal information, such as a corporate divestiture, merger, consolidation, acquisition, reorganization or sale of assets, or in the event of bankruptcy or dissolution. Professional advisors. Accountants, auditors, lawyers, insurers, bankers, and other outside professional advisors who require your information in the course of providing their services. Customers and business partners. Customers, other companies and individuals with whom the Company does business or is exploring a business relationship. |
Privacy Rights |
You have privacy rights that allow you to submit the following requests:
In some instances, your choices may be limited, such as where fulfilling your request would impair the rights of others, our ability to provide a service you have requested, or our ability to comply with our legal obligations and enforce our legal rights. To submit a request, please email us or write to us as provided in the “Contact us” section below. We may ask for specific information from you to help us confirm your identity. You are entitled to exercise the rights described above free from discrimination. You may empower an authorized agent to submit requests on your behalf. We will require authorized agents to confirm their identity and authority, in accordance with applicable laws. |
Data Security |
We have put in place security measures designed to prevent your personal information from being accidentally lost, used or accessed in an unauthorized way, altered or disclosed. In addition, we limit access to your personal information to those employees, agents, contractors and other third parties who have a business need to know and are subject to confidentiality obligations. |
Retention |
We retain your personal information only for as long as is necessary to fulfil the purposes for which it was collected and processed, in accordance with our retention policies, and in accordance with applicable laws. To determine the appropriate retention period for your personal information, we consider the amount, nature, and sensitivity of the personal information, the potential risk of harm from unauthorized use or disclosure of your personal information, the purposes for which we use your personal information and whether we can achieve those purposes through other means, and the applicable legal requirements. |
Other Information About this Notice |
Third parties. This notice does not address, and we are not responsible for, the practices of any third parties, which have their own rules for how they collect and use your personal information. Our links to third party websites or services are not endorsements. Alternative formats for employees with disabilities. Upon request, this notice is available in alternative formats, such as large print, braille, or audio. Please contact privacy@windfall.com, and an alternative format will be provided to you so you can access the information in this notice. Your obligations. It is your responsibility to ensure that information you submit does not violate any third party’s rights. You should keep your personal information on file with the Company up to date and inform us of any significant changes to it. |
Contact Us |
If you have questions about this notice, please contact privacy@windfall.com. |