Document Control Information | |||
Version | 1.0 | Author | Roc Search |
Reviewer | Beverley Christopher | Review Date | 07/03/24 |
Review Frequency | 12 months | Next Review Date | 07/03/25 |
The current version of this document is up to date. Any future versions or changes to this document must also be approved by the author and the Executive Team and issued on a version-controlled basis under their signature. This document has been stored at Safe Storage.
Privacy Statement Summary:
This Privacy Notice explains how Roc Search Inc. ("we," "us," or "our") collects, uses, and discloses your personal information if you are a resident of California. It applies to website visitors, users of our services, candidates, and others who reside in California ("consumers" or "you").
Throughout this notice, any terms written with a capital letter but not defined here, have the meaning given to them by the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA), collectively referred to as "CCPA/CPRA."
Information we collect
We collect information that identifies, relates to, describes, references, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or device (“personal information”). In the course of our relationship with you, we have collected, and may continue to collect, various categories of personal information. This includes information collected within the last 12 months, as well as information collected since January 1, 2022, as permitted under the California Privacy Rights Act (CPRA):
Category | Type of Personal Information | Do we collect? |
A. Identifiers | A real name, postal address, email address, or other similar identifiers.
| Yes
|
B. Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)) | A name, address, telephone number, education, employment, employment history, bank account number or any other financial information, medical information or health insurance information. Some personal information included in this category may overlap with other categories.
| Yes |
C. Protected classification characteristics under California or federal law | Medical condition, physical or mental disability. | Yes |
D. Commercial information | Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies. | No |
E. Biometric information | Genetic, physiological, behavioral, and biological characteristics or activity patterns used to extract a template or other identifier or identifying information, such as, fingerprints, faceprints, and voiceprints, iris or retina scans, keystroke, gait, or other physical patterns, and sleep, health, or exercise data.
| No |
F. Internet or other similar network activity
| Browsing history, search history, information on a consumer's interaction with a website, application, or advertisement. | Yes |
G. Geolocation data | Physical location or movements. | No |
H. Sensory data | Audio, electronic, visual, thermal, olfactory, or similar information.
| No |
I. Professional or employment-related information | Current or past job history or performance evaluations. | Yes |
J. Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99))
| Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records. | No |
K. Inferences drawn from other personal information | Profile reflecting a person's preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.
| No |
Personal information does not include:
- Publicly available information from government records.
- De-identified or aggregated consumer information.
- Information excluded from the CCPA's scope, like:
- Health or medical information covered by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the California Confidentiality of Medical Information Act (CMIA) or clinical trial data;
- Personal information covered by certain sector-specific privacy laws, including the Fair Credit Reporting Act (FRCA), the Gramm-Leach-Bliley Act (GLBA) or California Financial Information Privacy Act (FIPA), and the Driver's Privacy Protection Act of 1994.
Roc Search Inc. obtains the categories of personal information listed above from the following categories of sources:
- Directly from you or your agent: for example, from forms, verbal questions and answers, or online submissions that you have completed and provided to us related to the services you inquire about or engage us to perform.
- Indirectly from you or your agent: for example, through information we collect from our clients, vendors, or third parties in the course of providing services to you.
- Directly and indirectly from activity on our websites and applications: for example, from submissions through our website portal or website usage details collected automatically.
- Directly from third parties that interact with us in connection with the services we perform.
Processing Sensitive Personal Information
We collect and process Sensitive Personal Information for the purposes disclosed at the time we collect this information. We do not process this information for purposes other than the purpose for which it was originally collected unless required by law. Sensitive personal information that we process includes:
- Health — personal information collected and analyzed concerning your physical and mental health, as requested by our clients.
We may use and process Sensitive Personal Information collected from California employees to comply with laws including anti-discrimination laws and disability accommodation laws. We may use Sensitive Personal Information from other consumers (mental or physical health diagnosis) as part of the background checks Roc Search Inc. conducts for clients. We also use sensitive personal information for the purposes listed in this notice.
Use of personal information
We may use or disclose the personal information we collect for one or more of the following business purposes:
- To fulfill or meet the reason for which the information is provided.
- To address regulatory and legal requirements.
- To provide you with information regarding our products or services.
- To investigate a potential product or service
- To process your requests, transactions, and payments and prevent transactional fraud.
- To provide you with email alerts, event registrations and other notices concerning our products or services, or events or news, that may be of interest to you.
- To carry out our obligations and enforce our rights arising from any contracts entered between you and us, including for billing and collections.
- To improve our website and present its contents to you.
- For testing, research, analysis, and product development.
- As necessary or appropriate to protect the rights, property or safety of us, our clients, or others.
- To respond to law enforcement requests and as required by applicable law, court order, or governmental regulations.
- As described to you when collecting your personal information or as otherwise set forth in the CCPA/CPRA.
- To evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all our assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which personal information held by us is among the assets transferred.
Roc Search Inc. will not collect additional categories of personal information or use the personal information we collected for materially different, unrelated, or incompatible purposes without providing you any required notice.
Disclosure of personal information
We may disclose your personal information to third-party service providers to the extent necessary or appropriate in connection with our providing services to you. The third-party service providers that receive your personal information from us must agree to keep it confidential and to implement appropriate safeguards to protect your personal information.
During your relationship with us, including the last 12 months, if applicable, we have disclosed the following categories of personal information to third-party service providers in connection with our provision of services (see table above for examples of data for each category):
- Category A: Identifiers
- Category B: Personal information categories listed in the California Customer Records statute
- Category F. Internet or other similar network activity
- Category I. Professional or employment-related information
We disclose your personal information for a business purpose to the following categories of third parties:
- Service providers
- Third parties (our clients) to whom you or your agents authorize us to disclose your personal information in connection with products or services we provide to you
- Third parties (our clients) to whom we partner to offer products and services to you
Sale and Sharing of Personal Information
CPRA defines “Sharing” as any disclosure of personal information to third parties for cross-context behavioral advertising, whether or not for monetary or other valuable consideration. “Cross-context behavioral advertising” is defined as the targeting of advertising based on your personal information obtained from your activity across websites, applications, or services outside of our website and services provided.
In the preceding twelve (12) months, we have not sold any personal information.
Your rights and choices
Access to Personal Information
You have the right to request that we disclose the following kinds of information to you about our collection, disclosure, sale, sharing, and use of your Personal Information:
- The categories of Personal Information we have collected about you, the categories of sources from which the Personal Information is collected, the business or commercial purposes for collecting, selling or sharing Personal Information, and the categories of third parties to whom we disclose Personal Information.
- The specific pieces of Personal Information we have collected about you.
- The categories of Personal Information we have sold or shared about you and the categories of third parties to whom the Personal Information was sold or shared, by category or categories of Personal Information for each third party to whom the Personal Information was sold or shared.
- The categories of Personal Information we disclosed about you for a business purpose and the categories of persons to whom it was disclosed for a business purpose.
- If we sold or disclosed your personal information for a business purpose, two separate lists disclosing:
- Sales, identifying the personal information categories that each category of recipient purchased; and
- Disclosures for a business purpose, identifying the personal information categories that each category of recipient obtained.
Correct inaccurate Personal Information
You have the right to request that we correct inaccurate Personal Information that we maintain about you. We will honor such request but might not be able to fulfill your request if it is impossible to do so or would involve disproportionate effort, or if we have a good-faith, reasonable, and documented belief that a request to correct is fraudulent or abusive.
Delete Personal Information
You have the right to request that we delete any of your personal information that we collected from you and retained, subject to certain exceptions. Once we receive and confirm your verifiable consumer request, we will delete (and direct our service providers to delete) your personal information from our records, unless an exception applies.
We may deny your deletion request if retaining the information is necessary for us or our service providers to:
- Complete the transaction for which we collected the personal information, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform our contract with you.
- Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.
- Debug products to identify and repair errors that impair existing intended functionality.
- Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law.
- Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 seq.).
- Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information’s deletion may likely render impossible or seriously impair the research’s achievement if you previously provided informed consent.
- Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us.
- Comply with a legal obligation.
- Make other internal and lawful uses of that information that are compatible with the context in which you provided it.
Right to Opt-Out of the Sale and/or Sharing of Personal Information
You have the right to opt-out of the sale and/or sharing of your Personal Information. We do not sell your personal information for monetary consideration. However, we do use cookies for targeted advertising purposes. The collection of data through certain cookies for our targeting advertising purposes may be considered a “sale” and is considered “sharing” under the CPRA. To opt-out of having your information sold and shared with third-party website analytics and digital advertising service providers for this purpose, send an email to gdpr@roc-search.com.
We do not knowingly sell/share the Personal Information of children under the age of 16.
Right to Limit the Use and Disclosure of Sensitive Personal Information
You have the right, at any time, to direct us to limit our use of your sensitive personal information only to that use which is necessary to perform the services or provide the goods reasonably expected or to fulfill the reason that we collected such information and/or other permissible business purposes.
Please note that we do not use or disclose your sensitive personal information for purposes other than to provide you with products and/or services. However, note that this information may be used, or disclosed to a service provider or contractor pursuant to a written agreement in order to provide such products and/or services. If you choose to limit such use, you can opt-in to such use again by contacting us via email. Note that this right does not apply to sensitive personal information that is collected or processed without the purpose of inferring characteristics about you. To exercise this right send an email to gdpr@roc-search.com.
Right to Designate an Authorized Agent
You have the right to submit a request through the use of an authorized agent If you choose to do so, we may require that you (i) provide the authorized agent written permission to act on your behalf, and (ii) verify their identity directly with us. We may deny a request from an authorized agent that does not submit proof of authorization.
Non-discrimination
We will not discriminate against you for exercising any of your CPRA rights. We will not (i) deny you Products or Services, (ii) charge you different prices or rates for Products or Services, including through granting discounts or other benefits, or imposing penalties, (iii) provide you a different level or quality of Products or Services, and (iv) suggest that you may receive a different price or rate for Products or Services or a different level or quality of Products or Services.
Children privacy: Affirmative Opt-In for Sale or Sharing of PI of California Residents Under 16 Years of Age
We do not knowingly sell or share the Personal Information (PI) of California residents under the age of sixteen (16) unless we receive affirmative opt-in authorization from (i) the under-16 California resident if he or she is at least 13 years of age, or (ii) the parent or guardian of the California resident if he or she is less than 13 years of age. If you believe we may have unknowingly sold or shared the PI of a California resident under 16 years of age without the appropriate affirmative opt-in authorization, please report it to us by emailing gdpr@roc-search.com.
Exercising access to data, data correction, data portability, and data deletion rights
To exercise the access, data correction, data portability, and deletion rights described above, please submit a verifiable consumer request to us by either:
- call + 1 512-649-1070
- send an email to gdpr@roc-search.com.
Only you or a person registered with the California Secretary of State that you authorize to act on your behalf, may make a verifiable consumer request related to your personal information. You may also make a verifiable consumer request on behalf of your minor child. You may only make a verifiable consumer request for access or data portability twice within a 12-month period. The verifiable consumer request must:
- Provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative.
- Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.
We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information related to you. Making a verifiable consumer request does not require you to create an account with us. We will only use personal information provided in a verifiable consumer request to verify the requestor’s identity or authority to make the request. The response we provide will also explain the reasons we cannot comply with a request, if applicable. For data portability requests, we will select a format to provide your Personal Information that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance.
We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.
Response timing and format
We will confirm receipt of a verifiable consumer request within ten (10) business days of its receipt. We will endeavor to respond to a verifiable consumer request within forty-five (45) calendar days of its receipt. If we require more time, we will notify you of the extension and provide an explanation of the reason for the extension in writing, and we will provide you with a response no later than ninety (90) calendar days from receiving the request.
Retention
We will retain your personal information for no longer than is necessary for the purpose stated in this Privacy Policy unless otherwise extending the retention period is required or permitted by law or subject to our retention policies as may be in place from time to time. The data storage period may vary with scenario, product, and service.
The standards we use to determine the retention period are as follows: the time required to retain personal information to fulfill business purposes, including providing products and services; maintaining business records; controlling and improving the performance and quality of the Sites; handling possible user queries or conducting assessments of user complaints; whether you agree to a longer retention period; and whether the laws, contracts and other equivalencies have special requirements for data retention.
Employee and Job Candidate Data
Our employees, contingent workers, and prospective employees (job applicants) who live in California have the same rights over their employment and job application data. We do not sell or share any employee or job applicant data with anyone other than third-party service providers necessary to complete requested services (e.g., payroll and benefits management, background check vendor). Our employees, who are California residents, have access to the consumer's rights prescribed under the CCPA/CPRA.
Business-to-Business Data
In the course of business with vendors, clients, service providers, and others, we may collect personal data from California-resident individuals solely because they are employees of vendors (potential or actual), clients (potential or actual), and other business partners. These individuals have the same rights over their personal data as other California consumers.
We do not sell or share any personal information, including “business-to-business” data, with anyone other than necessary third parties that are essential to completing the business between us.
Other California Privacy Rights
California Minors Erasure
If you are a California resident under eighteen (18) years of age who has posted content or information on Roc Search Inc. Sites and Features or our Services, you can request removal by contacting us at the mailing address by sending an email to gdpr@roc-search.com. Please provide details on where the content or information is posted and attest that you posted it. We will then make reasonably good faith efforts to remove the post from prospective public view or anonymize it so you cannot be individually identified to the extent required by applicable law. Please note that this removal process cannot ensure complete or comprehensive removal, as third parties may have republished or archived content through search engines and other means that we do not control.
Direct Marketing Requests
California Civil Code Section 1798.83 permits you, if you are a California resident, to request certain information regarding the disclosure of Personal Information to third parties for their direct marketing purposes. To make such a request, please email us at gdpr@roc-search.com.
Do Not Track Settings
Cal. Bus. And Prof. Code Section 22575 also requires us to notify you how we deal with the “Do Not Track” settings in your browser.
The company's website responds to browser 'Do Not Track' signals. If a consumer has this setting enabled, the company will limit the tracking of their online activity across third-party sites.
California’s “Shine the Light” law (Civil Code Section § 1798.83):
Permits employees who are California residents to request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes. To make such a request, please email us at gdpr@roc-search.com.
Changes to this Notice
This Notice is effective as of the date of the Last Update stated at the top of this CCPA/CPRA Notice. We may change this CCPA/CPRA Notice from time to time. By visiting or accessing the Websites or the Services, or otherwise engaging or interacting with us after we make any such changes to this CCPA/CPRA Notice, you are deemed to have accepted such changes. Please be aware that, to the extent permitted by applicable law, and without prejudice to the foregoing, our use of your Personal Information is governed by the CCPA/CPRA Notice in current effect.
Please refer back to this Notice on a regular basis.