Orgain, LLC Supplemental Privacy Notice for Applicants, Employees and Independent Contractors

 

Last Updated: 04/01/2024

 

This Orgain, LLC Supplemental Privacy Notice applies to California residents who are Employees, Independent Contractors, and Job Applicants (Notice) supplements the Orgain, LLC Privacy Notice and provides additional information about the personal information Orgain, LLC (referred to as “Orgain”, the “Company”, “we,” “us,” or “our,” as applicable) collects, uses, discloses, and otherwise processes about you in accordance with the California Consumer Privacy Act (“CCPA”). This Notice covers Orgain directors, employees, contractors, consultants, and other individuals who currently work or previously have worked for us (collectively, “Employees,” “you,” or “your”).

 

Where we refer to “employment” or “engagement” in this Notice, we do so for convenience only, and this should in no way be interpreted as purporting to confer employment status on non-employees to whom this Notice also applies. This Notice does not form part of any contract of employment or engagement, does not confer any employment status or contractual right on any Employees, and does not place any contractual obligation on us.

 

This Notice does not cover information collected about you as an Orgain customer or user of Orgain-affiliated websites, mobile apps, or other Orgain products or services. To learn more about our information practices in those situations, please read our online Privacy Policy.

 

We may change this Notice from time to time. If we make changes, we will notify you by revising the date at the top of this Notice. If we make material changes, we will provide you with additional notice, such as by sending you a notification.

 

1.0           Key Definitions

 

This Notice uses the following defined terms:

 

“Personal Information” means any information concerning an identified or identifiable individual (e.g., name, address, telephone number, employee ID number, Orgain network address, e-mail address, etc.).

 

“Process, “Processing” or “Processed” means all activities involving the handling of Personal Data, such as the access, collection, storage, transfer, use, disclosure, retention, amendment, and other operation involving Personal Data (e.g., passive storage, or mere consultation of Personal Data).

 

“Sensitive Personal Data” means Personal Data needing greater safeguards, such as gender, racial, or ethnic origin, social security number, age, date of birth, medical and disability information, marital status, bank and financial information, the commission of a legal offense and related proceedings and the outcome thereof pursuant to the lawful request of criminal history information, and drug screening information.

 

“We”, “Us”, “Our”, “Company” or “Orgain” means all Orgain operating companies and businesses in the US. “You” or “Your” means the employee, contractor, or job applicant.

 

2.0           Processing Purposes and Categories

 

2.1           We may process your personal data:

2.1.1       for the purposes of your employment or consideration for employment, and reasonable secondary purposes connected with your employment;

2.1.2       when we obtain information from third parties in reference to your application for employment (e.g., employment references, applicant background check, etc.);

2.1.3       in connection with investigations, litigation, and court proceedings, including litigation matters in which Orgain is a party and relevant third-party litigation matters, and other court proceedings;

2.1.4       in order to comply with requirements of governmental entities and requests from law enforcement agencies;

2.1.5       as required or permitted by applicable law;

2.1.6       when you disclose personal data for the purpose of voluntarily participating in various employee programs; and

2.1.7       for any other purposes that we provide you with notice of before starting the relevant processing, subject to compliance with applicable laws.

 

2.2           We may process your sensitive personal data:

2.2.1       for reporting purposes (e.g., time for processing applications);

2.2.2       for communicating with you about your account or our relationship;

2.2.3       for conducting criminal history or other background checks to the extent such information can lawfully be requested under applicable law;

2.2.4       for the purposes of diversity reporting statistics and equal opportunities monitoring;

2.2.5       in order to keep track of, and properly manage, requests for and decisions relating to family leave or other Company authorized leave, medical absences from work, and disability related accommodations;

2.2.6       in order to detect and prevent fraud, other criminal activities, and violation of company policies;

2.2.7       as required or permitted by applicable law; and

2.2.8       for any other purposes that we provide you with notice of before starting the relevant processing, subject to compliance with applicable law.

 

2.3           We will only process your personal data and sensitive personal data for the purposes set out in the Appendix and in accordance with the purposes described in, or notified to you under, paragraphs 2.1 and 2.2 (each a “Purpose”).

 

2.4           The categories of personal data that we may process in connection with your employment or during your application for employment process include:

2.4.1       all information that you provide to us (e.g., contact details, bank details for payroll purposes, medical records in connection with medical absences, requests for and decisions relating to family leave or other Company authorized leave or accommodations, dependent and domestic partner information in connection with employer benefits, information required to remit workers compensation claims, etc.);

2.4.2       all information that we obtain from third parties (e.g., employment references, tax codes and other governmental information, applicant background check, etc.);

2.4.3       all information created during the course of your application process or employment (e.g., employment records, disciplinary records, employment history and background check information, etc.); and

2.4.4       all information that we may be required or permitted to process in accordance with applicable law (e.g., information relating to diversity reporting and equal opportunities monitoring).

 

3.0           Your Consent

 

We will request Your consent to Process Your Personal Data or Sensitive Personal Data in connection with Your participation in voluntary employee programs and activities. You do not have to give Your consent for these voluntary programs. If You decide to give Your consent, You may later withdraw Your consent at any time by notice in writing to your HR Representative.

 

If You withdraw Your consent, it will not affect: (i) Processing that has already occurred; or (ii) Processing that is not based on Your consent. We will take no disciplinary action, and impose no sanction or penalty of any kind, as a result of any decision to refuse to give Your consent, or any decision to subsequently withdraw Your consent.

 

Please note, there are certain requests where Processing Your Personal Data or Sensitive Data is necessary and if Your consent is not given or withdrawn, We will not be able to complete the request (for example, processing family or medical leave of absence requests, requests for a reasonable accommodation, requests for direct deposit banking, vaccination or flu shot requests, or requests for other employee benefits). Additionally, please know that your Personal Data will otherwise be processed by the Company in compliance with applicable laws.

 

4.0              Additional Disclosures

 

4.1        We collect, and have collected in the preceding twelve (12) months, the following categories of personal data: identifiers, characteristics of protected classifications under California or Federal law, internet and electronic network activity, geolocation data, audio, visual, or other sensory information, professional or employment- and pre-employment related information, education information, and sensitive personal information such as, for example, your social security number, driver’s license, state identification card, or passport number, racial or ethnic origin, or other categories of “sensitive personal information” as that term is defined in applicable law. We do not use or disclose your sensitive personal information for purposes other than those expressly permitted by applicable law. For examples of the precise data points we collect and the categories of sources of such collection, please see the “Processing Purposes and Categories” section above. We collect personal data for the business and commercial purposes described in the same section above.

4.2        We may disclose personal data in certain circumstances, including: to comply with our legal obligations; to protect the rights and property of our customers and the public; to detect and respond to suspected illegal activity and threats to the health or safety of any person or of our systems or services; in connection with, or during negotiations of, any merger, joint venture, sale of Company assets, financing, or acquisition of all or a portion of our business, assets, or stock by another company (including in connection with any bankruptcy or similar proceedings); to maintain our business operations, including, for example, by providing or enabling our service providers, professional advisors, and other similar entities to assist with the administration of payroll, pension, benefits, performance management, training, communication platforms, and expense management and facilitate internal programs relating to diversity, inclusion, and anti-discrimination; and with your consent or at your direction. In the preceding twelve (12) months, we have disclosed personal data to the following categories of recipients:

 

Category of Personal Data	Categories of Recipients
Identifiers	Recruitment and personnel management service providers, benefits providers, payroll providers, fraud detection, and security service providers
Characteristics of protected classifications under state or federal law	Recruitment and personnel management service providers and benefits providers
Commercial information	Recruitment and personnel management service providers and payroll providers
Internet or electronic network activity information	Fraud detection and security service providers
Geolocation data	Fraud detection and security service providers
Audio, visual, or similar information	Recruitment and personnel management service providers, fraud detection, and security service providers
Professional and employment-related information	Recruitment and personnel management service providers, benefits providers, and payroll providers
Inferences	Recruitment and personnel management service providers
Sensitive personal information	Recruitment and personnel management service providers, benefits providers, payroll providers, workers compensation providers, government authorities, and regulators

We may also disclose aggregated or de-identified information, which cannot reasonably be used to identify you. We process, maintain, and use this information only in a de-identified fashion and will not attempt to re-identify such information except as permitted by law.

 

5.0           Your Privacy Rights and Choices

 

5.1       Your Privacy Rights. You may have certain rights with respect to your data, including the following:

 

Right to Access: You may ask us to confirm whether we are processing your personal data and, if so, to provide you with a copy of the personal data we hold about you (along with certain other details).

5.1.1       Right to Correction: If the personal data we hold about you is inaccurate or incomplete, you are entitled to ask for correction or completion taking into account the nature of that information and purpose for processing it.

5.1.2       Right to Deletion: You may ask us to delete or remove your personal data in some circumstances.

 

Exercising Your Rights. To request access, correction, or deletion of your personal data, please email us at HR@drinkorgain.com and indicate “Privacy Matter” and the type of request you are making in the subject line of your message. You may designate an authorized agent to exercise privacy rights on your behalf by providing the authorized agent signed permission to submit the request on your behalf. If an authorized agent submits a request on your behalf, we may need to contact you to verify your identity and protect the security of your personal data. If you are an authorized agent seeking to make a rights request, please contact at HR@drinkorgain.com indicating “Authorized Agent Privacy Matter” in the subject line.

 

5.1.3       Any request to exercise one of these rights will be assessed by Company on a case-by-case basis. There may be circumstances in which we are not legally required to comply with your request because of a relevant legal exemption provided for under applicable law. We will not discriminate or retaliate against you for exercising your privacy rights. If you choose not to disclose certain personal information, however, this may limit our ability to offer you a position, or perform certain activities, such as process your payroll or enroll you in benefits.

 

“Sales” and “Sharing” of Personal Data. We do not “sell” or “share”* your personal information as those terms are defined under California law. We also do not have any knowledge of any “sales” or “sharing” of the personal information of minors under sixteen (16) years of age.

 

*Sell means the exchange of personal information for monetary or other valuable consideration. Share means the exchange of personal information for cross context behavioral advertising, regardless of consideration.

 

6.0           Keeping Your Personal Information secure

 

We have appropriate technical and organizational security measures in place to protect Your Personal Information against unlawful or unauthorized Processing. This includes having secure operating systems and processes to help ensure that Your Personal Information is only accessible to Orgain employees, agents and contracted staff on a need-to-know basis and following industry-standards for security and protection of Personal Information.

 

7.0           Data Retention

 

The length of time we retain your personal information depends on the status of our relationship with you and the requirements of applicable law. We will retain your personal data for as long as your employment, employment consideration and/or application, or engagement with us lasts and for a certain period thereafter, after which point it will be deleted or archived in accordance with applicable law. To determine that period, we consider a number of factors, including our legal and regulatory obligations (such as financial reporting obligations and equal opportunity or anti-discrimination reporting obligations) and whether we may need to retain personal data to resolve disputes, make and defend legal claims, conduct audits, pursue legitimate business purposes, and/or enforce our agreements.

 

If you are a job applicant we will retain relevant personal information about you so we can consider you for future employment opportunities. If you do not wish to be considered for future employment opportunities, please let us know by emailing HR@drinkorgain.com.

 

8.0           Application of Other Company Policies

 

While this Notice sets forth how We will Process Your Personal Data and Sensitive Personal Data and actions You may take with respect to such data, employees do not have a right of privacy in electronic communications or workplace property subject to company policies including but not limited to various Company policies and applicable laws and regulations.

 

This Notice does not create a promise nor is intended to create a contract, including without limitation a contract of continued employment for any specified duration.

 

Spouses, Dependents, Partners, and Others. If you have knowledge that the Company has collected personal information related to your spouse, dependent, partner, or others, please share a copy of this Notice with all such individuals.

 

9.0           Contact Us

 

You can contact us about this Notice or our privacy practices at:

 

Orgain, LLC

ATTN: HR

16851 Hale Ave

Irvine, CA 92606

 

Or Email: HR@drinkorgain.com

 

 

Appendix – List of Processing Purposes

 

a)     Personnel management - including administration and management of the employee relationship, including employee discipline, career development management, employee time management, attendance, personal evaluation/development, recruitment and applications management, background checks, drug screening, record management, staffing (headcount planning, recruitment, termination, succession planning), compensation benefits and payments, workforce management, conducting disciplinary proceedings, addressing labor relations issues, coaching, internal complaints and grievances, and outplacement services etc. This may also include the processing of Your family’s personal data (e.g. spouse, children) for administrative purposes such as benefits management, medical claims, and voluntary participation of a family member in any event or program.

 

b)     Operations management – including official email ID creation, phone/email and organization lists of employees, internal ticket management, medical care treatment, travel management, processing health insurance claims, conducting internal audits and investigations, defining and controlling the work organization, implementing business controls, maintaining and monitoring usage of internal networks and IT systems, and security management.

 

c)     People and organizational analysis and reporting – including conducting employee surveys and opinion polls, HR analytics, managing mergers and acquisitions, conducting internal audits/ investigations, and management reporting and analysis.

 

d)     Legal and compliance – including obtaining and releasing employee personal data as required by law (tax, master ID card creation, pension funds, employee insurance), prevention of fraud and protection of company’s assets, parental or other family leave, medical leave, requests for or decisions regarding requests for reasonable accommodations, corruption and misconducts, disclosures in response to court proceedings and public authorities requests and other legal or regulatory requirements.

 

e)     Communications and other – including employee communications, team-building activities, marketing and provision of company news and updates, inclusion in Orgain publications (e.g. The Workplace by Facebook, to conduct demographic studies or audits and maintain the day-to-day operation and security of Orgain sites.