Effective Date: July 1, 2023
This California Personnel Privacy Notice (the “Notice”) informs California employees and contractors, (collectively, “Personnel”) of Gibraltar’s and its subsidiaries, affiliates, or related business units (collectively, “we,” “us,” “our,” or “[Company]”) practices regarding the collection and use of Personal Information within the context of your employment at the Company. This Notice explains what Personal Information we collect about California Personnel, why we collect it, how we use and share it, and the rights you have relating to your Personal Information under the California Consumer Privacy Act, as modified by the California Privacy Rights Act of 2020 (the “CCPA”).
- How and Why We Collect Your Personal Information
- Our Collection of Sensitive Personal Information
- How Long We Keep Your Personal Information
- Disclosures of California Personnel Personal Information
- Submitting Requests Relating to Your Personal Information
1. How and Why We Collect Your Personal Information
As used in this Notice, the term “Personal Information” means information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with you. Personal Information does not include information that is publicly available, de-identified, or aggregated.
Within the past 12 months, we collected Personal Information about our Personnel as follows:
Category of Personal Information | Categories of Sources from which Collected | Purposes for Collection / Use |
Identifiers including real name, alias, postal address, unique personal identifier, online identifier, IP address, email address, account name, social security number, driver’s license number, passport number, or other similar identifiers | Directly from you
Automatically when you use our electronic systems Created by us (e.g., your username and Company email address) From service providers that help us to run our business
|
To communicate with you
To assess your eligibility for employment To onboard and enroll you as personnel To allow you to perform job functions To provide compensation and benefits To comply with applicable laws and regulations To manage the security of our premises and systems To detect and prevent fraud against you and/or us |
Personal Information described in Cal. Civ. Code § 1798.80(e), including your name, signature, social security number, physical characteristics or description, address, telephone number, passport number, driver’s license or state identification card number, education, employment, employment history, bank account number, credit card number, debit card number, or other financial information, medical information, or health insurance information | Directly from you
From service providers that help us to run our business From third parties |
To communicate with you
To assess your eligibility for employment To onboard and enroll you as personnel To provide compensation and benefits To allow you to perform job functions To comply with applicable laws and regulations To manage the security of our premises and systems To detect and prevent fraud against you and/or us |
Characteristics of protected classifications under California or federal law, including age and date of birth, marital status, race, ancestry, ethnic origin, sex, gender, military or veteran status, medical condition, disability, marital status | Directly from you
From service providers that help us to run our business From third parties |
To comply with applicable laws and regulations
For diversity and inclusion programs |
Commercial information, including records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies
|
Directly from you | Reimbursement of expenses |
Biometric information, including fingerprints and facial scans, in limited circumstances where you are aware of the collection | Directly from you | To manage the security of our premises and systems
To detect and prevent fraud against you and/or us To aid in employee timekeeping |
Internet or other electronic network activity information, including browsing history, search history, and information regarding your interactions with our websites, applications, advertisements, or telephone usage information | Automatically when you use our electronic systems
From service providers that help us to run our business Telephone usage information is: Directly from you From service providers that help us to run our business From third parties |
To manage corporate information technology
To manage the security of our premises and systems To allow you to perform job functions To detect and prevent fraud against you and/or us To ensure the appropriate workplace usage of our systems To verify telephony usage To manage job duties, evaluate performance, and operate our business |
Geolocation data, including access-control data based on personnel secure entry and location data inferred from your device IP address, company issued vehicle, and from use of the personnel timekeeping app or other personnel apps. | Directly from you
Automatically when you use our electronic systems |
To manage corporate information technology
To manage the security of our premises and systems To manage corporate fleet vehicles using GPS tracking To detect and prevent fraud against you and/or us |
Audio, electronic, visual or similar information, including closed-circuit images, photographs and video of you (for ID badges, marketing materials, etc.), and audio recordings as may relate to your job functions | Directly from you
Automatically while you are on Company property or using certain Company devices (e.g., if you answer or place phone calls on a recorded line, or use our videoconferencing software) |
To manage the security of our premises and systems
To manage job duties, evaluate performance, and operate our business |
Professional or employment-related information, including:
Recruitment information (such as skills, qualifications, references, recommendations, and other information included in a resume, application form, or cover letter) Background information commonly used for onboarding and security screenings Personnel profile information (personnel status, organization information, performance and talent information, employment background, functional experience, leadership experience, honors or awards, timesheets, education, training, professional certifications, evaluations, developmental planning, career interests and development information, and other talent management and team-based assessments) Compensation, payroll, and benefits information Medical, parental, family, vacation, and other leave and associated records, including details of the types of and reasons for leave being taken, duration of leave, and leave-related correspondence Any termination of employment documentation, including resignation letters, dismissal letters, minutes of meetings, settlement agreements and related correspondence |
Directly from you
From service providers that help us to run our business From third parties |
To assess your eligibility for employment or promotions
To onboard and enroll you as personnel To manage job duties, evaluate performance, and operate our business To provide compensation and benefits To comply with applicable laws and regulations To manage the security of our premises and systems To detect and prevent fraud against you and/or us |
Non-public education information, including school(s) attended, grades, transcripts, records of attendance, disciplinary records, and other information relating to your secondary and post-secondary education | Directly from you
From service providers that help us to run our business From third parties |
To assess your eligibility for employment
To onboard and enroll you as personnel |
Inferences used to create a profile reflecting your preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes | From service providers that help us to run our business
|
To manage job duties, evaluate performance, and operate our business |
We collect the following information about you, which does not directly fall within the categories listed in the CCPA:
- Citizenship, immigration, visa status, and work authorization information (including information from related documents, such as your passport, driver’s license, or other identification, proof of residence, and proof of authorization to work in the United States, and documents you provide with your US Citizenship and Immigration Services Form I-9)
- Emergency contacts/next of kin information, details about your spouse/partner, dependents and beneficiaries (such as their names, ages, titles, relationship to you, addresses, telephone numbers, and email addresses)
- Languages spoken
- Criminal records information including results of background checks
- Withholdings, and tax information (such as information collected on IRS Form W-4 and California Tax Form DE 4)
- Information about births, adoptions, deaths, child medical support orders, loss of eligibility for medical coverage, and other life events that may trigger an opportunity to modify your benefits elections
- Information about your health, sickness, and absences (including information regarding your physical and/or mental health, any participation in health and wellness programs, drug and alcohol screening information, medical provider information—for example, if you apply for workers’ compensation—and information about any conditions that may require accommodations within the workplace)
Unless otherwise specified, the sources of this Personal Information, the purposes for which we use it, and the categories of persons to which we disclose it are the same as those listed for Professional or Employment-Related Information.
2. Our Collection of Sensitive Personal Information
Within the past 12 months, we collected the following categories of Sensitive Personal Information about our Personnel:
Category of Sensitive Personal Information | Categories of Sources from which Collected | Purposes for Collection / Use |
Social security, driver’s license, state identification card, or passport number | Directly from you | To assess your eligibility for employment
To onboard and enroll you as personnel To provide compensation and benefits To comply with applicable laws and regulations To manage the security of our premises and systems |
Account log-in, financial account, debit card, or credit card number in combination with any required security or access code, password, or credentials allowing access to an account | Directly from you
Automatically when you use our electronic systems |
To manage corporate information technology
To manage the security of our premises and systems |
Precise geolocation (location within a radius of 1,850 feet) | Directly from you
Automatically when you use certain types of electronic systems From service providers that help us to run our business
From company vehicles
From company network devices |
To manage corporate information technology
To manage the security of our premises and systems
|
Personal Information that reveals a personnel’s racial or ethnic origin, or union membership | Directly from you
From service providers that help us to run our business From third parties |
To comply with applicable laws and regulations
For diversity and inclusion programs |
Contents of mail, email, and text messages except those for which we are the intended recipient | Directly from you
From service providers that help us to run our business |
To manage job duties, evaluate performance, and operate our business
To manage corporate information technology To conduct investigations To ensure the appropriate workplace usage of our systems |
The processing of biometric information for the purpose of uniquely identifying an employee | Directly from you | To manage corporate information technology
To manage the security of our premises and systems To aid in employee timekeeping. |
Personal Information collected and analyzed concerning personnel health | Directly from you
From service providers that help us to run our business From benefits providers |
To manage job duties and operate our business
To provide benefits To comply with applicable laws and regulations |
We do not use or disclose Sensitive Personal Information for purposes to which the right to limit use and disclosure applies under the CCPA.
3. How Long We Keep Your Personal Information
We keep the categories of Personal Information described above for as long as necessary or permitted for the purposes described in this Notice or otherwise authorized by law. This generally means holding the information for as long as one of the following apply:
- Your Personal Information is reasonably necessary to manage our operations, to manage your relationship with us, or to satisfy another purpose for which we collected the information;
- Your Personal Information is reasonably necessary to carry out a disclosed purpose that is reasonably compatible with the context in which the Personal Information was collected;
- The Personal Information is reasonably necessary to protect or defend our rights or property (which will generally relate to applicable laws that limit actions in a particular case); or
- We are otherwise required or permitted to keep your information by applicable laws or regulations.
Where information is used for more than one purpose, we will retain it until the purpose with the latest period expires. For more information about our retention policies, please contact us using the contact details below.
4. Disclosures of California Personnel Personal Information
Within the preceding 12 months, we have not sold or shared for cross-context behavioral advertising the personal information of California Personnel that we collect in relation to your employment at all employing entities with employees in California.
The chart below shows the categories of Personal Information we have disclosed to our service providers and contractors for a business or commercial purpose during the last 12 months.
Disclosures for a Business or Commercial Purpose | |||
Category of Personal Information or Sensitive Personal Information | Categories of Recipients to Which the Information Was Disclosed | Purposes for Disclosure | |
Personal Information | |||
Identifiers | Service providers that help us to run our business
Benefits providers Governmental authorities |
To communicate with you
To assess your eligibility for employment To onboard and enroll you as personnel To manage job duties and operate our business To provide compensation and benefits To manage corporate information technology To comply with applicable laws and regulations To manage the security of our premises and systems To detect and prevent fraud against you and/or us |
|
Personal Information described in Cal. Civ. Code § 1798.80(e) | Service providers that help us to run our business
Benefits providers Governmental authorities |
To communicate with you
To assess your eligibility for employment To onboard and enroll you as personnel To manage job duties and operate our business To manage corporate information technology To provide compensation and benefits To comply with applicable laws and regulations To manage the security of our premises and systems To detect and prevent fraud against you and/or us |
|
Characteristics of protected classifications | Service providers that help us to run our business
Benefits providers Governmental authorities |
To comply with applicable laws and regulations
For diversity and inclusion programs |
|
Commercial information | Service providers that help us to run our business | Reimbursement of expenses | |
Biometric information | Service providers that help us to run our business | To manage corporate information technology
To manage the security of our premises and systems To detect and prevent fraud against you and/or us
To aid in employee timekeeping. |
|
Internet or other electronic network activity information | Service providers that help us to run our business | To manage corporate information technology
To manage the security of our premises and systems To manage job duties and operate our business To detect and prevent fraud against you and/or us
To ensure the appropriate workplace usage of our systems |
|
Geolocation data | Service providers that help us to run our business | To manage corporate information technology
To manage the security of our premises and systems To detect and prevent fraud against you and/or us |
|
Audio, electronic, visual, or similar information | Service providers that help us to run our business | To manage the security of our premises and system
To manage job duties, evaluate performance, and operate our business |
|
Professional or employment-related information | Service providers that help us to run our business
Benefits providers Governmental authorities |
To assess your eligibility for employment and/or promotional opportunities
To onboard and enroll you as personnel To manage job duties, evaluate performance, and operate our business To provide compensation and benefits To comply with applicable laws and regulations To manage the security of our premises and system To detect and prevent fraud against you and/or us |
|
Non-public education information | Service providers that help us to run our business | To assess your eligibility for employment
To onboard and enroll you as personnel |
|
Inferences | Service providers that help us to run our business | To manage job duties, evaluate performance, and operate our business
To manage corporate information technology To detect and prevent fraud against you and/or us |
|
Sensitive Personal Information | |||
Social security, driver’s license, state identification card, or passport number | Service providers that help us to run our business
Benefits providers Governmental authorities |
To assess your eligibility for employment
To onboard and enroll you as personnel To provide compensation and benefits To comply with applicable laws and regulations To manage the security of our premises and systems To detect and prevent fraud against you and/or us |
|
Account log-in, financial account, debit card, or credit card number in combination with any required security or access code, password, or credentials allowing access to an account | Service providers that help us to run our business | To manage corporate information technology
To manage the security of our premises and systems |
|
Precise geolocation | Service providers that help us to run our business | To manage corporate information technology
To manage the security of our premises and systems To detect and prevent fraud against you and/or us |
|
Personal Information that reveals personnel’s racial or ethnic origin or union membership | Service providers that help us to run our business
Benefits providers Governmental authorities |
To comply with applicable laws and regulations
For diversity and inclusion programs |
|
Contents of mail, email, and text messages except those for which we are the intended recipient | Service providers that help us to run our business | To manage the security of our premises and systems
To detect and prevent fraud against you and/or us To comply with applicable laws and regulations |
|
The processing of biometric information for the purpose of uniquely identifying personnel | Service providers that help us to run our business | To manage the security of our premises and systems
To detect and prevent fraud against you and/or us
For timekeeping purposes |
|
Personal Information collected and analyzed concerning personnel’s health | Service providers that help us to run our business
Benefits providers |
To provide benefits
|
5. Submitting Requests Relating to Your Personal Information
If you are a resident of California, you have the right to submit certain requests relating to your Personal Information as described below. To exercise any of these rights, please submit a request via email to the data privacy team at privacyinformation@gibraltar1.com or call us at 1-888-264-5708. Please note that, if you submit a request to know, request to delete or request to correct, you will be asked to provide Personal Information that we will match against our records to verify your identity. You may designate an authorized agent to make a request on your behalf; however, you will still need to verify your identity directly with us before your request can be processed. An authorized agent may submit a request on your behalf using the email or toll-free number listed above.
Right to Know. You have the right to know what Personal Information we have collected about you, which includes:
- The categories of Personal Information we have collected about you, including
- The categories of sources from which the Personal Information was collected
- Our business or commercial purposes for collecting or disclosing Personal Information
- The categories of recipients to which we disclose Personal Information
- The categories of Personal Information that we disclosed for a business purpose, and for each category identified, the categories of recipients to which we disclosed that particular category of Personal Information
- The specific pieces of Personal Information we have collected about you
Right to Delete Your Personal Information. You have the right to request that we delete Personal Information we collected from you, subject to certain exceptions.
Right to Correct Inaccurate Information. If you believe that Personal Information we maintain about you is inaccurate, you have the right to request that we correct that information.
Right to Non-Discrimination for the Exercise of Your Privacy Rights. If you choose to exercise any of your privacy rights under the CCPA, you also have the right not to receive discriminatory treatment by us, including retaliation against you as personnel, job applicant, or independent contractor.
How to Contact Us
If you have questions regarding this CCPA Notice, you can contact us at privacyinformation@gibraltar1.com or call us at 1-888-264-5708.