EMPLOYEE PRIVACY POLICY AND NOTICE

Symbl.ai (the “Company”) is committed to protecting and respecting the privacy of its employees, job applicants, contractors, directors, officers, and owners. Please read this Employee Privacy Policy and Notice (referred to herein as this “Employee Privacy Policy” and this “Policy”) carefully to understand the Company’s views and practices regarding your Personal Information and how the Company will treat it.

All Employees at the Company must comply with this Policy. Any Employee who fails to comply with this Policy may be subject to disciplinary action, up to and including dismissal. You should immediately contact Symbl.ai’s HR department via hr@symbl.ai if you become aware of a breach or potential breach of this Policy.

The Company is also committed to respecting the data it receives from customers, vendors, website users and other external sources.

I. DEFINITIONS

The following definitions apply to this Employee Privacy Policy:

  1. “Consumer”
    Means a living individual about whom the Company holds Personal Information.
  2. “Employee” or “Covered Employee”
    Refers to (a) current and former employees (including permanent, temporary and part time employees);(b) job applicants and other prospective employees who have been offered a position with the Company, contingent upon the satisfactory completion of certain actions, which can include (where legally permissible) pre-employment drug screens, driving records and criminal background checks; (c) owners, directors, officers, or contractors of the Company about whom the Company collects and processes Personal Information; and (d) dependents and beneficiaries of current and former employees, owners, directors, and officers about whom the Company collects and processes Personal Information.
  3. “Personal Information”
    Means information (whether stored electronically or in paper based filing systems) relating to a living individual who can be identified from that data (or from that data and other information in our possession), which is not otherwise publicly available. The categories of Personal Information as defined by the California Consumer Privacy Act of 2018 (“CCPA”) that pertain to this Policy include:
    1. Identifiers – Real name, alias, postal address, unique personal identifier, email address, account name, social security number, driver’s license number, passport number, or other similar identifiers.
    2. Other Identifiable Data – Any information that identifies, relates to, describes, or is capable of being associated with, a particular individual, including, but not limited to his or her signature, physical characteristics or description, address, telephone number, passport number, driver’s license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information.
    3. Protected Class – Race, gender, sexual orientation, religion, citizenship
    4. Internet Activity – Browsing history, search history, IP address, website interactions
    5. Biometric Information — Genetic, physiological behavioral and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as: fingerprints, face-prints, and voiceprints, iris or retina scans, keystroke, gait, or other physical patterns.
    6. Geolocation data — Location or movement.
    7. Professional or Employment-Related Data – CV, resume, employment history.
    8. Education Data – Educational background, grades, scores.
    9. Audio, electronic, visual, thermal, olfactory or similar information.
    10. Commercial Information – Records of personal property or other purchasing or consuming histories or tendencies.
  4. “Processing” or “Processed”
    Means any operation or set of operations that are performed by the Company on Personal Information or on sets of Personal Information.

II. PURPOSE AND SCOPE OF THIS POLICY

This Employee Privacy Policy sets out the basis on which any Personal Information the Company collects from you, or you provide to the Company, will be Processed by the Company. This Policy aims to safeguard Personal Information in any format, in particular to:

  • ensure the security and confidentiality of Personal Information in a manner consistent with industry and legal standards;
  • protect against threats or hazards to the security or integrity of Personal Information; and
  • protect against unauthorized access to or use of Personal Information that creates a substantial risk of identity theft or fraud.

This Policy aims to ensure the security and confidentiality of Personal Information in a manner consistent with industry and legal standards; protect against threats or hazards to the security or integrity of Personal Information; and protect against unauthorized access to or use of Personal Information that creates a substantial risk of identity theft or fraud.

As an employer, the Company needs to collect, store and Process Personal Information about its Employees. Personal Information may be provided to the Company by a variety of means, including through the Internet, the Company’s intranet, by email, by telephone, by fax or in person. Personal Information, which may be held on paper or on a computer or other media, is subject to certain legal safeguards that impose restrictions on how the Company may Process Personal Information. The Company strives to uphold these key principles when Processing Personal Information:

  1. Security and Accountability: Protect Personal Information with appropriate security measures from being lost or stolen, and to prevent to the extent possible accidental or unauthorized access, damage, loss or disclosure.
  2. Openness, Transparency, and Notice: Provide information to Employees about how their Personal Information is Processed and clear identify what Personal Information the Employer is collecting and Processing.
  3. Purpose Limitation: Only collect Personal Information for a specific business need of the Company, and only use the Personal Information for that specific purpose.
  4. Accuracy: Keep Personal Information accurate, complete and up-to-date; anyone whose Personal Information we Process has the right to obtain a copy of that Personal Information and to correct any inaccuracies.

III. WHAT PERSONAL INFORMATION DOES THE COMPANY COLLECT AND HOW IS IT USED?

  1. Human Resources, Payroll Processing, Employment Eligibility Verification:
    For the purpose of performing human resource functions, payroll processing, and employment eligibility verification, the Company may request the following:
    1. Employee’s name, address, date of birth;
    2. Social Security Number;
    3. Employee driver’s license number;
    4. Visa status (where lawful and required);
    5. Employment eligibility verification, and, where necessary, motor vehicle records;
    6. State identification card numbers;
    7. Bank account information, where an Employee elects auto-depositing of paychecks, and garnishments.
  2. Essential Job Duties:
    For the purpose of determining whether an applicant or Employee can carry out the essential job duties of his or her position and/or determining whether to hire an applicant or promote an Employee, the Company may collect information from the Employees’ former employer(s) relating to an Employee’s dates of employment, and if available, job performance; background details relating to Employees’ and Prospective Employees’ record checks or credit checks (when permitted by law and related to the Employee’s position); confirmation of degrees, licenses, and/or certifications; information about criminal convictions and Sensitive Personal Information, in accordance with applicable local or national laws and regulations; insurance confirmation (where such information is required for the performance of the position’s essential job duties).
  3. Geological Location:
    For purpose of tracking deliveries, the Company may use Employees’ location during their deliveries and may provide this information to third-party customers.
  4. Benefits:
    For purpose of providing Employees and their spouses, domestic partners, or dependents health plans, pension benefits, and/or any other type of Company-sponsored benefits, the Company may collect Employees’ current medical insurance information, Employees’ spouses’ medical insurance information, medical records and information relating to Employees’ primary physicians or medical providers.
  5. Drug and Alcohol Policy:
    For purpose of administering the Company’s Drug and Alcohol Policy, the Company may collect Employees’ drug test results (where permitted by law), including: pre-employment but post-conditional offer drug test results; post-accident drug test results; results for random drug tests for regulated positions; and/or as required by customer contract and permitted under the law.
  6. Pension and Retirement Plan:
    For purpose of enrolling, maintaining, or assisting with the administration of a 401k plan, or any other type of company-sponsored savings, spending, deferred compensation, or retirement plan or account, the Company may collect Employees’ banking information, beneficiary information, retirement information, family details (including but not limited to dependents’ Personal Information, marriage status, and marriage history).
  7. Access to Company Information Technology Resources:
    For the purpose of ensuring compliance with all of the Company’s employment-related policies and applicable law and regulations, as well as other security and confidentiality requirements, and as consistent with applicable federal and state law, the Company may collect information about each Covered Employee’s use of the Company’s computer systems and network, including without limitation browser history (regarding both internal network and external network [i.e., Internet] information access), search history, file access and transfer records, and website interactions.
  8. Employment Contracts:
    To carry out its obligations arising from contracts of employment entered into between Covered Employees and the Company, including but not limited to payroll functions, reporting to the Internal Revenue Service or state or local or other applicable equivalent, enrolling Covered Employees in benefit programs, or dealing with disciplinary complaints about or actions against Covered Employees.
  9. Legal Requirements:
    The Company may collect Personal Information as needed to comply with applicable laws and regulations.

Except for the notice set forth in this Policy, Personal Information collected about Covered Employees is exempt from the provisions of the CCPA. All such information is collected and used by the Company solely within the context of the individual’s employment or the context of processing an individual’s employment application.

IV. THE COMPANY’S RESPONSIBILITY FOR COVERED EMPLOYEES’ PERSONAL INFORMATION

The Company will strive to protect your Personal Information through the following methods:

  • The Company has security procedures in place so that any Personal Information the Company holds is kept secure and in accordance with this Employee Privacy Policy.
  • The Company maintains security measures and technology to prevent Personal Information from being inadvertently disclosed to any unauthorized third party either orally, in writing, via the Internet, or by any other means, accidentally or otherwise.
  • The Company ensures laptops, backup tapes, and other portable devices containing Personal Information are password protected and all Personal Information is encrypted as appropriate.
  • The Company uses physical, administrative, and technical procedures to limit access to Personal Information as described in this Employee Privacy Policy.
  • The Company has the ability to remotely destroy Personal Information on company laptops and/or certain mobile devices that are lost or stolen.

Any Employee who becomes aware of circumstances that may indicate an intrusion or compromise in the Company’s security is obliged to immediately report the incident to hr@symbl.ai.

This includes evidence of unauthorized access to Personal Information in any format, loss or theft of equipment or records containing Personal Information, evidence of an intrusion into our system, or Personal Information transmitted or disclosed in error.

The Company has established a response plan to address breaches in its security that it reviews and updates periodically. If there is a breach of security, all the affected individuals will be notified as required by law. The Company reviews all security events and all responsive actions in order to improve its protection of Personal Information.

V. DISCLOSURE AND TRANSFER OF PERSONAL INFORMATION

Where Personal Information is transferred within the Company’s organization in the course of performing its duties, the level of security appropriate to the type of Personal Information and anticipated risks will be applied.

For business purposes only, the Company may also share certain information with third parties and by submitting Personal Information you agree to this transfer and Processing. Personal Information will only be transferred to a third party if that third party agrees to comply with procedures and policies which are compliant with this Employee Privacy Policy and the Company’s procedures regarding data protection, or if that third party puts in place adequate measures which are compliant with all applicable laws and regulations.

VI. RESTRICTIONS ON ACCESS TO PERSONAL INFORMATION

The Company employs physical, administrative and technological means to restrict access to Personal Information including:

  • Only those who have appropriate authority or are reasonably required to know or use Personal Information and only to the extent reasonably necessary will have access to Personal Information. Sensitive Personal Information and other details such as Social Security Numbers and financial account numbers, will be redacted when possible.
  • Physical records containing Personal Information are required to be kept in restricted and secure areas. Access to these records is limited to authorized personnel only to the extent necessary for legitimate business purposes.
  • Physical or Electronic access is terminated for Employees whose employment is terminated or whose authorization is revoked. Terminated Employees are required to return all equipment and are not permitted to maintain any copies or reproductions of Personal Information.

VII. RETENTION AND DISPOSAL OF PERSONAL INFORMATION

The Company will only retain your Personal Information for as long as is necessary to perform its obligations to you or as is required by law. All Personal Information you provide will be stored on secure servers or in secure file. The Company shall destroy your Personal Information once the Company is no longer required to maintain or utilize the Personal Information, as described in this Policy. Such destruction shall be carried out in a secure and permanent way.

VIII. ENFORCEMENT OF THIS EMPLOYEE PRIVACY POLICY

The Company’s HR department, is responsible for ensuring compliance with the law and with this Employee Privacy Policy. You should direct any questions or concerns about the interpretation or operation of this Employee Privacy Policy or about what may or may not be done with regard to Personal Information to hr@symbl.ai.