Acrisure, LLC California Staff Privacy Notice

Purpose of this Staff Privacy Notice

 

Acrisure, LLC and our affiliates (collectively, “the Company”, “we”, “our” or “us”) is committed to protecting the privacy and security of your personal information. This Privacy Notice describes how we collect, use, and share personal information about you before, during, and after your working relationship with us, in accordance with the local data protection laws of each country in which the Company operates (together the “Data Protection Laws”). It applies to all permanent and temporary employees, workers, contractors including but not limited to those who are not directly employed by the Company (“staff member” or “you”). Please read this privacy notice carefully. If you have any questions, please contact [email protected].

 

This Privacy Notice covers:

 

Purpose of this Staff Privacy Notice
1. Information we collect about you
2. How we collect your personal informaation
3. Monitoring use of company IT equipment and systems
4. How we use your personal information
5. Sharing your personal information
6. Data storage
7. Data Security
8. Miscellaneous
California Information Sharing Disclosure Appendix

1. Information we collect about you

For the purposes of this privacy notice, “personal information” means any information about an identified or identifiable natural person regardless of whether it is held in paper, electronic or any other format.  We collect, maintain, and use different types of personal information in the context of our relationship or potential relationship with you. We also collect certain “special categories” of more sensitive personal information where permitted by applicable law.

 

The following provides examples of the type of information that we may collect from you and how we may use such information:

 

ContextCategories of InformationPrimary Purpose for Collection and Use of Information
BenefitsWage and benefit information, including but not limited to salary, bonus, additional pay, variable compensation, annual leave, pension and related compensation history and benefits information.To perform our contractual obligation to provide employee benefits, including compensation, health insurance, expense reimbursements, etc. Our legitimate interest in maintaining accurate business accounts.
CCTVCCTV footage and other information obtained through electronic means such as swipe card records.Our legitimate interest in protecting the Company’s property, and maintain the security of information held by the Company.
Certifications and Qualifications We collect information from individuals who have access to our facilities and equipment including licensing and certification, and when applicable, nationality and citizenship.We have a legitimate interest in securing our facilities and equipment, and tracking those individuals with access to either for security and maintenance purposes.  In some jurisdictions, we are also required by law to validate and record information about the individuals that access our facilities and equipment.  We have a legitimate interest in complying with all legal requirements to collect information in the countries in which we operate.
Contact DetailsPersonal contact details such as name, title, addresses, telephone numbers, and work and personal email address.We have a legitimate interest in communicating with you. In some jurisdictions, we are also required to collect this information to comply with law.
Electronic CommunicationsInformation about your use of our information and communications systems.Our legitimate interest in monitoring your use of our information and communication systems and providing for security of the IT system to ensure compliance with our IT policies.
Government IdentificationSocial security numbers, tax payer identification numbers, passport numbers, and driver’s license numbers.Our legitimate interest to comply with law.
Health RelatedInformation about your health, including any medical condition, health and sickness records, details of any absences from work (other than holidays), including time on statutory parental leave and sick leave.Our legitimate interest in ascertaining your fitness to work, managing sickness absence. To complying with legal obligations related to health and safety. To perform our contractual obligation to provide health benefits such as insurance.
IdentificationName, date of birth, and driver’s license.Our legitimate interest in identifying you personally.
InvestigationsDetails of any disciplinary investigations and proceedings, or of investigations following an alert.Our legitimate interest in gathering evidence for possible grievance or disciplinary hearings, or to make arrangements for the termination of our working relationship if warranted. Our legitimate interest in determining whether you, or another employee, has complied with our policies, procedures, and protocols.
Other Special Categories Of Sensitive InformationInformation about your gender, race, ethnicity, sexual orientation, religious beliefs, health and disability data, and trade organization data.To comply with government regulations and our legitimate interest in promoting and monitoring equal opportunities and diversity (if permissible under local applicable law) and to manage personnel representation elections and meetings.
Payroll, Pension, and TaxesPayroll information, including but not limited to social security number or equivalent, tax status information (i.e., marital status, dependents, etc.), payroll records, bank account details, direct deposit/credit arrangements, and information about pension plans.To perform our contractual obligation to calculate and pay your salary, tax, social security, and pension contributions. In some jurisdictions, to comply with legal obligations.
PhotographsPhotographsOur legitimate interest in maintaining external and internal directories and/or a security badge (if applicable).
Recruitment & Employment ContingenciesRecruitment information, including copies of right to work documentation such as citizenship, work permit or visa; references and other information included in a CV, resume, or cover letter or as part of the application process; criminal background; references and interview notes; letters of offer and acceptance of employment, and employment agreements.Our legitimate interest in making a decision about your recruitment or employment. In some jurisdictions, to comply with legal requirements to verify you are legally entitled to work in the country in which you are applying.

Terms of Employment

 

Employment records including job titles/duties, job location, working arrangements, seniority data, employee identification number, performance ratings, hire/re-hire date, termination date, job history, training records, professional memberships, and business travel arrangements.

 

Our legitimate interest in business management and planning, including accounting and auditing; conducting performance reviews, managing performance and determining performance requirements; making decisions about salary reviews and compensation; assessing qualifications for a particular job or task, including decisions about promotions; making decisions about your continued employment or engagement. To perform our contractual obligation to provide salary and benefits to certain employees.
TrainingWe collect information from individuals concerning the training that they receive from us, or from third parties.Our legitimate interest in understanding and recording the qualifications and training of the individuals that work with us.  We may also be required by law, or by contract, to share the training or qualification of certain staff with third parties such as regulators or clients.  We may also choose to share the training or qualification of certain staff with third parties as part of our effort to develop business. We have a legitimate interest in complying with any statutory, regulatory, or contractual obligation to disclose the training of our staff, and we have a legitimate interest in using the qualifications of our staff to help develop business.

In addition to the information that we may collect from you directly, we may also receive information about you from other sources, including third parties, business partners, our affiliates, or publicly available sources. For example, if you submit a job application, or become an employee, we may conduct a background check or collect information from your references or previous employers.

2. How we collect your personal information

We collect personal information about staff members through the application and recruitment process, either directly from candidates or sometimes from an employment agency or background check provider where background checks are permitted. In addition, we may sometimes collect additional information from third parties including former employers, personal and professional references, credit reference agencies or other background check agencies, or government agencies (where permitted). We will also collect additional personal information in the course of job-related activities throughout the period of you working for us. This may include monitoring communications and use of the Company’s IT equipment and systems or from other staff members or supervisors.

 

3. Monitoring use of company IT equipment and systems

In the course of conducting our business, we may – under conditions permitted by applicable law – monitor employee activities and our premises and property. For example, some of our locations are equipped with surveillance cameras. Where in use, surveillance cameras are for the protection of employees and third parties, and to protect against theft, vandalism and damage to the Company’s property. They do not aim at controlling the working activity of the individual employee. Recorded images are typically destroyed and not shared with third parties unless there is suspicion of a crime or wrongdoing, in which case they may be turned over to the police, or other appropriate government agency or other appropriate third parties. If recorded, the images will be kept with a maximum of one (1) month, except if law authorizes, expressly or explicitly, a longer period or prescribes a shorter period.

4. How we use your personal information

In addition to the purposes and uses described above, we use your personal information for the following purposes:
  • To administer your relationship with us, including fulfilling any obligation that we have to provide you with compensation or benefits;
  • To carry out our business effectively;
  • To comply with laws or regulations to which the Company is subject;
  • To comply with our contractual obligations;
  • To detect and prevent fraud or crime;
  • To enforce, exercise, or defend legal claims;
  • To investigate potential misconduct;
  • To keep your personal data and that of other staff members secure and to prevent unauthorised access, loss, damage, destruction or corruption of data. This may include monitoring communications and use of company IT equipment and systems;
  • To plan, organize, and carry out administration tasks within each the Company group company and across the whole the Company group; and
  • To protect the legitimate interest of the Company, including protecting the Company property.
Note that this Privacy Notice may be amended to notify you of additional purposes for which we process your personal information.

5. Sharing your personal information

In addition to the specific situations discussed elsewhere in this Privacy Notice, we may share your personal information in the following situations:

 

  • Affiliates and Business Transfers. We may share information with our corporate affiliates (g., parent company, sister companies, subsidiaries, joint venture partners, or other companies under common control) in the course of our normal business operations. If another company acquires, or plans to acquire, our company, business, or our assets, we will also share information with that company, including at the negotiation stage.
  • Legal or Regulatory Requests and Investigations. We may disclose information in response to subpoenas, warrants, or court orders, or in connection with any legal process, or to comply with relevant laws or regulations. We may also need to share your personal information with tax authorities, courts, regulators, the police and other governmental authorities where we are required or permitted to do so by law.
  • Other Third-Parties. We may disclose certain information such as name, work contact details (including your workplace ID photo), training and qualification records, certifications, and other information about your work arrangements to other third parties, such as professional advisers (including lawyers, auditors and accountants), professional bodies, and regulatory authorities in the normal course of business.
  • Other Disclosures with Your Consent. We may ask to share your information with other unaffiliated third parties who are not described elsewhere in this Privacy Notice.
  • Protection of the Company or Others. We may share your information in order to establish or exercise our rights, to defend against a legal claim, to investigate, prevent, or take action regarding possible illegal activities, suspected fraud, safety of person or property, or a violation of our policies.
  • Third-Party Service Providers. We may share your information with service providers. For example, we may share your personal information with payroll administrators, pension administrators, IT service providers, training providers, benefits providers, marketing/events agencies, and recruitment agencies.

If you have any objections to the disclosures of your personal information or you would like more information about this, please contact your HR representative.

6. Data storage

Except as otherwise permitted or required by applicable law or regulatory requirements, the Company endeavours to retain your personal information only for as long as it believes is necessary to fulfil the purposes for which the personal information was collected (including, for the purpose of meeting any legal, accounting or other reporting requirements or obligations), with a maximum of 6 years after the termination of your employment with the Company, except (i) if law authorizes, expressly or explicitly, a longer period or prescribes a shorter period and (ii) if at the end of such 6 year period, the processing of the personal information would still be required for the purpose of legal proceedings or would still be required by applicable law.

7. Data Security

We maintain reasonable physical, technical and procedural safeguards that are appropriate to the sensitivity of the personal information in question. These safeguards are designed to help protect your personal information against loss, unauthorized access or disclosure, modification, or destruction.  While we use reasonable efforts to protect your personal information, we cannot guarantee the security of your personal information. In the event that we are required by law to inform you of any privacy or security event relating to your personal information we may notify you electronically, in writing, or by telephone, if permitted to do so by law.

8. Miscellaneous

The following additional information relates to our privacy practices:

 

  • Changes To This Privacy Notice. We may change our Privacy Notice and privacy practices over time.  To the extent that our Privacy Notice changes in a material way, the Privacy Notice that was in place at the time that you submitted personal information to us will generally govern that information.  Our Privacy Notice includes an “effective” and “last updated” date. The effective date refers to the date that the current version took effect. The last updated date refers to the date that the current version was last substantively modified.
  • Information for California Residents. California Civil Code 1798.115(c), 1798.130(a)(5)(c), 1798.130(c), and 1798.140 indicate that organizations should disclose whether certain categories of information are “sold” or transferred for an organization’s “business purpose” as those terms are defined under California law. You can find a list of the categories of information that we may share in the Appendix at the end of this Privacy Notice. Please note that because this list is comprehensive it may refer to types of information that we share about people other than yourself. If you would like more information concerning the categories of personal information (if any) we may share with third parties or affiliates for those parties to use for direct marketing please submit a written request to us using the information in the “Contact Information” section below.  We do not discriminate against California residents who exercise any of their rights described in this Privacy Notice.
  • Contact Information. If you have any questions about this Privacy Notice, please contact human resources at [email protected]  In addition, you can pose any questions to:

Acrisure, LLC
100 Ottawa Avenue SW
Grand Rapids, MI 49503
Attn: Acrisure Privacy Office
[email protected]

 

Effective Date. This policy is effective as of January 1, 2020.

Last Revised: January 1, 2020

California Information Sharing Disclosure Appendix

California Civil Code 1798.115(c), 1798.130(a)(5)(c), 1798.130(c), and 1798.140 indicates that companies should disclose whether the following categories of information are collected, transferred for “valuable consideration,” or transferred for an organization’s “business purpose” as those terms are defined under California law.  We do not “sell” your personal information.   The table below indicates the categories of personal information we may collect and transfer in a variety of contexts.  Please note that because this list is comprehensive, it may refer to types of information that we collect and share about people other than yourself. For example, while we transfer bank account numbers for our business purpose in paying some staff members (e.g., direct deposit), we do not collect or transfer bank account numbers of staff members that do not utilize direct deposit.

 

Categories of Personal Information We CollectTo Whom We Disclose Personal Information for a Business Purpose
Identifiers – this may include real name, alias, postal address, unique personal identifier, online identifier, email address, account name, social security number, driver’s license number, passport number or other similar identifiers.

· Affiliates

· Agency management system vendors

· HR information system vendors

· Data analytics providers

· Data center/host/cloud-service providers

· Electronic signature/consent facilitation vendors

· Government entities, as may be needed to comply with law or prevent illegal activity

· Retirement plan administrators

· Internet service providers

· Insurance carriers

·Managing general agents

· Managing general underwriters

· Wholesale insurance brokers

· Program administrations

· Payment processors and financial institutions

· Governmental and other regulatory or tax reporting vendors

· Professional services organizations, this may include auditors and law firms

· Third parties who assist with information technology and security programs

· Pre-hire screening and background check vendors

· Educational institutions

· Third party benefit and claim administration vendors

· Other Service Providers

Additional categories of personal information described in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)) – this may include signature, physical characteristics or description, state identification card number, insurance policy number, education, bank account number, and other financial information, medical information, and health insurance information.

· Affiliates

· Agency management system vendors

· HR information system vendors

· Data analytics providers

· Data center/host/cloud-service providers

· Electronic signature/consent facilitation vendors

· Government entities, as may be needed to comply with law or prevent illegal activity

· Retirement plan administrators

· Internet service providers

· Insurance carriers

· Managing general agents

· Managing general underwriters

· Wholesale insurance brokers

· Program administrations

· Payment processors and financial institutions

· Professional services organizations, this may include auditors and law firms

· Third parties who assist with information technology and security programs

· Pre-hire screening and background check vendors

· Third party benefit and claim administration vendors

· Other Service Providers

Characteristics of protected classifications – this may include age, sex, race, ethnicity, physical or mental handicap, etc.

· Affiliates

· Agency management system vendors

· HR information system vendors

· Data analytics providers

· Data center/host/cloud-service providers

· Electronic signature/consent facilitation vendors

· Government entities, as may be needed to comply with law or prevent illegal activity

· Retirement plan administrators

· Internet service providers

· Insurance carriers

· Managing general agents

· Managing general underwriters

· Wholesale insurance brokers

· Program administrations

· Other Service Providers

· Payment processors and financial institutions

· Professional services organizations, this may include auditors and law firms

· Third parties who assist with information technology and security programs

· Pre-hire screening and background check vendors

· Third party benefit and claim administration vendors

· Educational institutions

Biometric information· N/A
Internet or other electronic network activity information – this may include browsing history, search history, and information regarding an individual’s interaction with an internet website, application, or advertisement.

· Data center/host/cloud-service providers

· Third parties who assist with information technology and security programs

 

Geolocation data· N/A
Audio, electronic, visual, thermal, olfactory, or similar information· N/A
Professional or employment-related information

· HR information system vendors

· Data center/host/cloud-service providers

· Government entities, as may be needed to comply with law or prevent illegal activity

· Insurance carriers

· Managing general agents

· Managing general underwriters

· Wholesale insurance brokers

· Program administrations

· Professional services organizations, this may include auditors and law firms

· Pre-hire screening and background check vendors

· Third party benefit and claim administration vendors

Non-public education information (as defined in the Family Educational Rights and Privacy Act)

· HR information system vendors

· Data center/host/cloud-service providers

· Government entities, as may be needed to comply with law or prevent illegal activity

· Insurance carriers

· Managing general agents

· Managing general underwriters

· Wholesale insurance brokers

· Program administrations

· Professional services organizations, this may include auditors and law firms

· Pre-hire screening and background check vendors

· Third party benefit and claim administration vendors

· Educational institutions