OPSWAT, INC. CALIFORNIA CONSUMER PRIVACY ACT NOTICE - Workforce

Effective Date: May 20, 2020

This OPSWAT, Inc. (“OPSWAT”) California Consumer Privacy Act Notice -Workforce (“CCPA Notice - Workforce”) applies to You only if You are a natural person, a California resident (as defined under §17014 of Title 18 of the California Code of Regulations), meet the “Consumer” definition under CCPA §1798.140(g), and a Job Applicant, Employee, Owner, Director, Officer, or Contractor of OPSWAT or its Affiliates (“Workforce”).

This CCPA Notice - Workforce is incorporated into, made part of, and governed by the OPSWAT Employee Privacy Policy. NOTE: The OPSWAT Employee Privacy Policy only applies to Employees. Only Employees have access to the OPSWAT Employee Privacy Policy.

This CCPA Notice – Workforce is subject to change on or before January 1, 2021.

Effective January 1, 2020, the California Consumer Privacy Act of 2018, Cal. Civil Code §1798.100 et seq. and related regulations, as amended (“CCPA”) requires OPSWAT to inform its Workforce of the: (a) Personal Information categories OPSWAT collects, (b) OPSWAT purposes for collection, and (c) rights to Personal Information.

More information on the CCPA:

1. DEFINITIONS

The following capitalized terms have the following meanings:

AG Regulations” means the California Attorney General Proposed Text of Regulations, as modified 2/2020.

Applicable Laws” means applicable national, federal, state, and local laws, rules, guidelines, court or government agency orders, and regulations.

CCPA” means the California Consumer Privacy Act of 2018, Cal. Civil Code §1798.100 et seq. and related regulations, as may be amended from time to time.

Consumer” has the meaning set forth under CCPA §1798.140(g).

Contractor” has the meaning set forth under CCPA §1798.145(h)(2)(A).

Director” has the meaning set forth under CCPA §1798.145(h)(2)(B).

Employee” means an identified or identifiable natural person who is a California resident employed by OPSWAT as a full-or part-time employee or temporary worker.

Job Applicant” means an identified or identifiable natural person who is a California resident and who has submitted candidacy with OPSWAT.

Manage and Engage Workforce” means to (a) set up a personnel file, (b) administer (1) compensation, including salary, bonuses, equity grant, commission, (2) benefits, including insurance (e.g. life, travel, vision, dental, medical), commute, and (3) business expense reimbursements, (c) manage vacation, sick leave, and other leaves of absence, (d) provide training, (e) evaluate Job Applicants, Employee job performance, (f) design Employee engagement programs, and engage Employees (e.g. career development), (g) screen Workforce for risks to OPSWAT (e.g. background checks, health), (h) conduct surveys, (i) manage, report accidents, emergencies, pandemic situations, and crises, (j) fulfill recordkeeping and conduct reporting, including data analytics and trend analyses, (j) maintain an internal Employee directory, (k) manage OPSWAT-sponsored events and public service activities, (l) process workers’ compensation claims, (m) pay and report taxes, unemployment insurance, (n) administer international work assignments (i.e. relocation services, assignment terms and conditions, immigration, health requirements).

Officer” has the meaning set forth under CCPA §1798.145(h)(2)(D).

Owner” has the meaning set forth under CCPA §1798.145(h)(2)(E).

Personal Information” has the meaning set forth under CCPA §1798.140(o)(1) or California Civil Code §1798.81.5(d)(A)(1). Personal Information does not include under California Civil Code §1798.140(o)(3): (a) de-identified Personal Information (cannot reasonably be linked or identified to a Consumer), or (b) aggregated Personal Information such that Consumer’s identity has been removed.

Process” or “Processing” means any operation or set of operations which is performed upon Workforce Personal Information, whether or not by automatic means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

Unique Personal Identifier” means a persistent identifier that can be used to recognize a Consumer, or a device that is linked to a Consumer, over time and across different services, including, but not limited to, a device identifier; an Internet Protocol address; cookies, beacons, pixel tags, or similar technology; unique pseudonym, online identifier, or user alias; telephone numbers; or other forms of persistent or Probabilistic Identifiers.

Probabilistic identifier” means the identification of a Consumer or a device to a degree of certainty of more probable than not based on any categories of Personal Information included in, or similar to, the categories enumerated in the definition of Personal Information. CCPA §1798.140(p).

2. PERSONAL INFORMATION CATEGORIES; COLLECTION PURPOSES

During the twelve (12) months preceding the Effective Date, OPSWAT may have (a) collected the categories of Personal Information (b) for the purposes below.

Categories of Personal Information

Purposes for Collection

Identifiers, including real name, alias, postal address, telephone number, Unique Personal Identifier, online identifier, internet protocol address, email address, account name, social security number, driver’s license number, state identification card number, passport number, signature, photograph, physical characteristics or description, identification documents provided for work eligibility verification, or other similar identifiers

Backup and archive for disaster recovery, business continuity, and record keeping

Communicate with prospective, current, and former OPSWAT customers, business partners (e.g. Employee contact information or directory)

Communicate with You

Comply with Applicable Laws

Conduct internal audits, investigations (i.e. gather evidence for discipline action or termination)

Defend OPSWAT legal rights

Detect, protect against, and prosecute security incidents

Evaluate or conduct organization restructure (i.e. layoff), merger, acquisition, reorganization, sale of all or substantially all of the assets, or other change of control, bankruptcy or insolvency proceeding

Fulfill OPSWAT business objectives, including debug and prevent errors, quality assurance and improvement, product and service development

Inform You about third party products or services

Make business travel arrangements

Manage and Engage Workforce

Monitor OPSWAT information systems use (i.e. software, email, Internet, hardware)

Obtain insurance coverage (e.g. workers’ compensation, directors and officers, liability, property)

Prevent fraud or illegal activity

Promote OPSWAT business

Protect OPSWAT facilities, assets (i.e. safety, security)

Verify Your identity

Commercial information, including records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies from corporate or personal cards and benefits cards, use of OPSWAT products or services

Backup and archive for disaster recovery, business continuity, and record keeping

Communicate with You

Comply with Applicable Laws

Conduct internal audits, investigations (i.e. gather evidence for discipline action or termination)

Defend OPSWAT legal rights

Detect, protect against, and prosecute security incidents

Facilitate administrative functions, including financial management, reporting, strategic planning

Manage and Engage Workforce

Monitor OPSWAT information systems use (i.e. software, email, Internet, hardware)

Obtain insurance coverage (e.g. workers’ compensation, directors and officers, liability, property)

Prevent fraud or illegal activity

Protect OPSWAT facilities, assets (i.e. safety, security)

Verify Your identity

Internet or other electronic network activity information, including browsing history, search history, and information regarding a Consumer’s interaction with an internet website, application, or advertisement, including a Consumer’s login/out, downloads, and other activity on OPSWAT network and other electronic resources

Backup and archive for disaster recovery, business continuity, and record keeping

Comply with Applicable Laws

Conduct internal audits, investigations (i.e. gather evidence for discipline action or termination)

Defend OPSWAT legal rights

Detect, protect against, and prosecute security incidents

Inform You about third party products or services

Monitor OPSWAT information systems use (i.e. software, email, Internet, hardware)

Obtain insurance coverage (e.g. workers’ compensation, directors and officers, liability, property)

Prevent fraud or illegal activity

Protect OPSWAT facilities, assets (i.e. safety, security)

Geolocation data, including IP address and other device metadata that can be used to determine a device’s physical location, movement

Backup and archive for disaster recovery, business continuity, and record keeping

Comply with Applicable Laws

Conduct internal audits, investigations (i.e. gather evidence for discipline action or termination)

Defend OPSWAT legal rights

Detect, protect against, and prosecute security incidents

Monitor OPSWAT information systems use (i.e. software, email, Internet, hardware)

Obtain insurance coverage (e.g. workers’ compensation, directors and officers, liability, property)

Prevent fraud or illegal activity

Protect OPSWAT facilities, assets (i.e. safety, security)

Audio, electronic, visual, thermal, olfactory, or similar information, including call recordings (audio, visual), security cameras (e.g. face imagery)

Backup and archive for disaster recovery, business continuity, and record keeping

Communicate with You

Conduct internal audits, investigations (i.e. gather evidence for discipline action or termination)

Detect, protect against, and prosecute security incidents

Manage and Engage Workforce

Monitor OPSWAT information systems use (i.e. software, email, Internet, hardware)

Obtain insurance coverage (e.g. workers’ compensation, directors and officers, liability, property)

Prevent fraud or illegal activity

Protect OPSWAT facilities, assets (i.e. safety, security)

Verify Your identity

Professional or employment-related information, including compensation, bonuses, equity grants, pensions, benefits, attendance, evaluations, performance reviews, discipline actions, employment contracts, terminations, promotions, personnel files, expenses, education (i.e. degrees, transcripts, achievements, dates attended, institutions), membership in professional organizations, professional certifications, licenses, work eligibility (e.g. visa status), and current and past employment history

Backup and archive for disaster recovery, business continuity, and record keeping

Communicate with prospective, current, and former OPSWAT customers, business partners (e.g. Employee contact information or directory)

Communicate with You

Conduct internal audits, investigations (i.e. gather evidence for discipline action or termination)

Detect, protect against, and prosecute security incidents

Evaluate or conduct organization restructure (i.e. layoff), merger, acquisition, reorganization, sale of all or substantially all of the assets, or other change of control, bankruptcy or insolvency proceeding

Facilitate administrative functions, including financial management, reporting, strategic planning

Fulfill OPSWAT business objectives, including debug and prevent errors, quality assurance and improvement, product and service development

Inform You about third party products or services

Make business travel arrangements

Manage and Engage Workforce

Monitor OPSWAT information systems use (i.e. software, email, Internet, hardware)

Obtain insurance coverage (e.g. workers’ compensation, directors and officers, liability, property)

Prevent fraud or illegal activity

Promote OPSWAT business

Protect OPSWAT facilities, assets (i.e. safety, security)

Verify Your identity

Inferences drawn from Personal Information to create a profile about a Consumer reflecting the Consumer’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes

Backup and archive for disaster recovery, business continuity, and record keeping

Communicate with You

Conduct internal audits, investigations (i.e. gather evidence for discipline action or termination)

Detect, protect against, and prosecute security incidents

Inform You about third party products or services

Manage and Engage Workforce

Monitor OPSWAT information systems use (i.e. software, email, Internet, hardware)

Obtain insurance coverage (e.g. workers’ compensation, directors and officers, liability, property)

Prevent fraud or illegal activity

Protect OPSWAT facilities, assets (i.e. safety, security)

Verify Your identity

Characteristics of protected classifications under Applicable Laws, including information about race, age, national origin, disability (physical, mental including HIV/AIDS, cancer, genetics), sexual orientation, gender (identity, expression), citizenship, religion/creed, grooming and dress practices, skin color, marital status, pregnancy or childbirth and related medical conditions (e.g. breastfeeding), leaves of absence requests (e.g. family, intermittent, pregnancy), and veteran/military status

Communicate with You

Comply with Applicable Laws

Manage and Engage Workforce

Verify Your identity

NOTE: OPSWAT collects sensitive demographic Personal Information on a voluntary basis, except where required by Applicable Laws, and uses such Personal Information only to comply with Applicable Laws.

Preference information, including preferred meals, seating and other travel, working hours, workspace, and work supplies

Backup and archive for disaster recovery, business continuity, and record keeping

Communicate with You

Conduct internal audits, investigations (i.e. gather evidence for discipline action or termination)

Detect, protect against, and prosecute security incidents

Facilitate administrative functions, including financial management, reporting, strategic planning

Manage and Engage Workforce

Monitor OPSWAT information systems use (i.e. software, email, Internet, hardware)

Obtain insurance coverage (e.g. workers’ compensation, directors and officers, liability, property)

Protect OPSWAT facilities, assets (i.e. safety, security)

Verify Your identity

Background screening information, including the results of requested background screening, criminal history, sex offender registration, motor vehicle records, credit history, employment history, drug testing, and/or educational history

NOTE: This CCPA Notice - Workforce on background screening information only applies to Workforce located in California.

Backup and archive for disaster recovery, business continuity, and record keeping

Communicate with You

Conduct internal audits, investigations (i.e. gather evidence for discipline action or termination)

Detect, protect against, and prosecute security incidents

Manage and Engage Workforce

Monitor OPSWAT information systems use (i.e. software, email, Internet, hardware)

Obtain insurance coverage (e.g. workers’ compensation, directors and officers, liability, property)

Protect OPSWAT facilities, assets (i.e. safety, security)

Verify Your identity

Health information, including child or other dependent, spouse, parent, health information provided to participate in OPSWAT insurance plans, wellness programs, and other benefits programs, temperature during pandemic situations as required by Applicable Laws, personal or living arrangements with persons in high risks categories for severe illness as designated during pandemic situations by Centers for Disease Control and Prevention, U.S. Department of Health & Human Services, or other government and as required by Applicable Laws

NOTE: This CCPA Notice - Workforce does not cover medical information governed by the Health Insurance Portability and Accountability Act or the Health Information Technology for Economic and Clinical Health Act.

Communicate with You

Comply with Applicable Laws

Manage and Engage Workforce

Verify Your identity

Financial information, including child or other dependent, spouse, parent, other relative information, child or spousal support or other debt for wage garnishments, bank account name, routing number, and account number for direct deposits, corporate or personal credit card number, debit card number, tax information for state and federal withholding certificates (e.g. W-4), investments for 401(k), marital status, trusts

Backup and archive for disaster recovery, business continuity, and record keeping

Communicate with You

Comply with Applicable Laws

Conduct internal audits, investigations (i.e. gather evidence for discipline action or termination)

Defend OPSWAT legal rights

Detect, protect against, and prosecute security incidents

Facilitate administrative functions, including financial management, reporting, strategic planning

Manage and Engage Workforce

Monitor OPSWAT information systems use (i.e. software, email, Internet, hardware)

Obtain insurance coverage (e.g. workers’ compensation, directors and officers, liability, property)

Prevent fraud or illegal activity

Protect OPSWAT facilities, assets (i.e. safety, security)

Verify Your identity

3. RIGHTS

Exercising Your Rights. Until January 1, 2021, You have the following rights under the CCPA with respect to the Personal Information OPSWAT collects about You:

(a) Right to Know. At or before the point of collection, You have the Right to Know the categories of Personal Information to be collected and the purposes for which the categories of Personal Information shall be used under CCPA §1798.100(b).

(b) Right to Civil Action. You have a right to institute a civil action under CCPA §1798.150 when Your nonencrypted or nonredacted Personal Information as defined under California Civil Code §1798.81.5(d)(A)(1), is subject to an unauthorized access and exfiltration, theft, or disclosure as a result of OPSWAT’s violation of the duty to implement and maintain reasonable security procedures and practices appropriate to the nature of the information to protect the Personal Information.

4. CONTACT

If You have questions or concerns about this CCPA Notice - Workforce, contact OPSWAT at Request About My Personal Data: https://go.opswat.com/myuserright, Tel: +1 855 OPSWAT1 (+1 855 6779281), or Address: OPSWAT, Inc., P.O. Box 77878, San Francisco, CA, 94103, Attn: CCPA Notices.