California Consumer Privacy Policy

S2 HR Solutions Group 1, LLC d/b/a Engage PEO (the “Company” or “we”) take the privacy of our worksite employees very seriously and has developed this Privacy Policy to provide transparency about our privacy practices, including the steps we take to protect your privacy. This Policy describes the personal information we collect, both online and offline, why we collect it from you, how long we keep it and when and for what purposes it is disclosed.

Collection of Personal Information and Sensitive Personal Information

In the last 12 months, we have collected the following categories of personal information and sensitive personal information from or about worksite employees, including information about worksite employees, including information about worksite employees’ family members, dependents, and beneficiaries. For each category of information, the categories of third parties to whom we have disclosed the information within the last 12 months are referenced by a letter that coincides with the letter in the list of categories of service providers and third parties that follows this table.

Category

Examples

Disclosed in Last 12 Months to

Personal Identifiers

Name, alias, social security number, date of birth, driver’s license or state identification card number, passport number, employee ID number.

A, B, C, D, E, F, G, H, I, J

Contact Information

Home, postal or mailing address, email address, home phone number, cell phone number.

A, B, C, D, E, F, G, H, I, J

Account Information

Username and password for Company accounts and systems, and any required security or access code, password, or credentials allowing access to your Company accounts.

I

Protected Classifications

Race, ethnicity, national origin, sex, gender, sexual orientation, gender identity, religious or philosophical beliefs, age, physical or mental disability, medical condition, veteran or military status, familial status, language, or union membership.

B, C, D, F, H

Physical Characteristics or Description

Information on your Driver’s License (such as eye color, hair color, height, weight), as well as information collected to the extent relevant for the workplace.

B, C, D, F, H

Financial Information

Bank account number for direct deposit, credit or debit card number, or other financial account information.

A, B, F

Pre-Hire Information

Information  in your job application or resume, or gathered as part of background screening and reference checks, pre-hire drug test results, recorded in job interview notes by your worksite employer, contained in candidate evaluation records and assessments, contained in work product samples you provided, voluntary disclosures by you, and Wage Opportunity Tax Credit (WOTC) information.

A, B, D, E, F, H

Employment History

Prior job experience, positions held, names of prior supervisors, and, when permitted by applicable law, your salary history or expectations.

B, D, E, F, H, J

Education Information

Information from resumes regarding educational history; information obtained from transcripts or records of degrees and vocational certifications obtained.

B, D, E, F, H

Professional or Employment-Related Information

Information in your personnel file and in other employment documents and records, including new hire or onboarding records, I-9 forms, tax forms, time and attendance records, non-medical leave of absence records, workplace injury and safety records, performance evaluations, disciplinary records, investigatory records, training records, licensing and certification records, compensation and health benefits records, retirement and 401(k) records, COBRA notifications, and payroll records.

A, B, C, D, E, F, G, H, J

Travel Information

Business, vacation travel plans, including locations travelled to and the dates spent in those locations.

B, C, D, F, H

Family Information

Emergency contacts, information for dependents, medical and health information of family members when necessary to enforce and/or comply with laws, regulations and Company policies concerning infectious diseases, pandemics, or other public health emergency.

B, C, D, F, H

Information of Other People You May Know

Medical information about your friends, co-workers, and other associates when necessary to enforce and/or comply with laws, regulations and Company policies concerning infectious diseases, pandemics, or other public health emergency.

B, C, D, F, H

Medical and Health Information

Medical notes or records for absences or work restrictions, requests for accommodation, interactive process records and correspondence, ergonomic assessments and accommodation records, post-hire drug test results, and information related to symptoms, exposure, contact tracing, diagnosis, testing, or vaccination for infectious diseases (e.g., COVID-19), pandemics, or other public health emergency. This includes medical information and health benefits information for dependents and beneficiaries.

B, C, D, F, H

Internet, Network, and Computer Activity

Internet or other electronic network activity information related to usage of Company networks, servers, intranet, shared drives, or online portals, including username and password, account history, system and file access logs, security clearance level, browsing history, search history, and usage history.

B, E, F, H, I

Electronic Device Security Information

Data identifying worksite employee mobile devices accessing Company networks and systems, including cell phone make, model, and serial number, cell phone number, and cell phone provider, IP address and/or GPS location (latitude & longitude) recorded in timekeeping applications that worksite employees use to clock in and out and that log the geographic location at which each time entry was made.

B, E, F, H, I

Systems Access Records

Information identifying which worksite employees accessed secure Company systems and networks and at what times using their login credentials, or other security access method.

B, E, F, H, I

Inferences

Based on analysis of the personal information collected, we may develop inferences about worksite employees’ preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes for purposes of providing consulting services to your worksite employer concerning employment decisions such as staffing, assignments, responsibilities, team composition, hiring, promotion, demotion, and termination.

H

Contents of Personal Communications Where the Company is Not the Intended Recipient[1]

If you use email, phones, computers, online chat applications (Slack, Teams, Zoom, etc.) or other systems for personal communications where the Company is not the intended recipient of the communication.

H

 

We may collect your personal information from the following sources:

  • You, the worksite employee, when you voluntarily provide or submit information.
  • Company systems, networks, software applications, and databases you log into or use in the course of performing your job, including from vendors the Company engages to manage or host such systems, networks, applications or databases.
  • Government agencies.
  • Your worksite employer, as part of its service agreement and contractual relationship with us.
  • Insurance carriers, administrators, and brokers.
  • Credit and consumer reporting agencies.
  • Drug testing and physical testing providers and vendors.
  • HR support vendors, including administrators of benefits, leaves of absence, workers’ compensation, unemployment claims, payroll, timekeeping, expense management, and training platforms.
  • Social media platforms.
  • Recruiters and staffing agencies.
  • Personal references and former worksite employers.
  • Our employees or other worksite employees, contractors, vendors, and customers based on your interactions with them.

We may disclose your personal information to the following categories of service providers or third parties:

    A.  Financial institutions

    B.  Government agencies

    C.  Benefits administrators and vendors, including third party administrators, 401K administrators, workers’ compensation and unemployment administrators, insurance brokers, and wellness vendors

    D.  Insurance carriers, administrators, and brokers

    E.  Employee tracking and talent management systems

    F.  Payroll processors, timekeeping vendors, and vendors providing services for purposes of the Company’s human resources information system (HRIS)

    G.  Communications providers

    H.  Your worksite employer and their agents, vendors or service providers

    I.  IT and cybersecurity vendors

    J.  Company retained legal counsel

By referring to the letter corresponding to the category, the above table specifies to what categories of service providers and third parties we disclose personal information.

We may collect, use and/or disclose your personal information for the following business purposes:

  1. To fulfill or meet the purpose for which you provided the information. For example, if you share your name and contact information to become a worksite employee, we will use that Personal Information in connection with your employment.
  2. To assist the Company’s customer (the worksite employer) comply with local, state, and federal law and regulations requiring employers to maintain certain records (such as immigration compliance records, travel records, personnel files, wage and hour records, payroll records, accident or safety records, and tax records).
  3. To comply with local, state, and federal law and regulations that apply to the Company.
  4. To manage and process payroll on behalf of your worksite employer.
  5. To validate an employee’s identity for payroll and timekeeping purposes.
  6. To maintain commercial insurance policies and coverages, including for workers’ compensation and other liability insurance.
  7. To manage workers’ compensation claims.
  8. To administer, manage, and maintain individual and group health insurance benefits, 401K and/or retirement plans, and other Company benefits and perks.
  9. To provide Human Resources best practices consulting services to the Company’s customer (the worksite employer), including the following topics:
    1. Worksite employer’s management of worksite employees.
    2. Workplace investigations (of workplace accidents/injuries, harassment, or other misconduct etc.).
    3. Worksite employer’s evaluation of job applicants and candidates for employment or promotions.
    4. Information gathered through background checks on job applicants and worksite employees and to verify employment references.
    5. Worksite employer’s decisions regarding a worksite employee’s employment, including decisions to hire, terminate, promote, demote, transfer, suspend or discipline.
  10. To communicate with worksite employees regarding employment-related administrative matters such as upcoming benefits enrollment deadlines, action items, availability of W2s, and other notifications.
  11. To implement, monitor, and manage electronic security measures on Company networks, software applications or systems, including managing and securing online worksite employee and new hire portals, as well as on worksite employee devices that are used to access Company networks, software applications or systems.
  12. To engage in corporate transactions requiring review or disclosure of employee records subject to non-disclosure agreements, such as for evaluating potential mergers and acquisitions of the Company.
  13. To assist in communications with a worksite employee’s family or other contacts in case of emergency or other necessary circumstance.
  14. To assist the Company’s customer (the worksite employer) promote and foster diversity, equity, and inclusion in the workplace.
  15. Infectious disease purposes (pandemic, outbreak, public health emergency, etc.)
    1. To reduce the risk of spreading the disease in or through the workplace.
    2. To protect worksite employees/other consumers from exposure to infectious diseases (e.g., COVID-19).
    3. To comply with local, state, and federal law, regulations, ordinances, guidelines, and orders relating to infectious diseases, pandemics, outbreaks, and public health emergencies.
    4. To facilitate and coordinate pandemic-related initiatives and activities (whether Company-sponsored or through the U.S. Center for Disease Control and Prevention, other federal, state and local governmental authorities, and/or public and private entities or establishments).
    5. To identify potential symptoms linked to infectious diseases, pandemics, and outbreaks (including through temperature checks, antibody testing, or symptom questionnaire).
    6. To permit contact tracing relating to any potential exposure to infectious diseases.
    7. To communicate with employees and other consumers regarding potential exposure to infectious diseases (e.g., COVID-19) and properly warn others who have had close contact with an infected or symptomatic individual so that they may take precautionary measures, help prevent further spread of the virus, and obtain treatment, if necessary.
  16. To exercise and defend legal claims on behalf of and/or against the Company.
  17. To evaluate, assess, and manage the Company’s business relationship with vendors, service providers, and contractors that provide services to the Company.
  18. To improve user experience on Company computers, networks, devices, software applications or systems, and to debug, identify, and repair errors that impair existing intended functionality of Company systems.
  19. To detect security incidents involving potentially unauthorized access to and/or disclosure of Personal Information or other confidential information, proprietary or trade secret information and third-party information that the Company receives under conditions of confidentiality or subject to privacy rights.
  20. To protect against malicious or illegal activity and prosecute those responsible.
  21. To prevent identity theft.
  22. To verify and respond to consumer requests under applicable consumer privacy laws.

We do NOT and will NOT sell or share your personal information.

We do NOT and will NOT use or disclose your sensitive personal information for purposes other than the following:

  1. To perform the services reasonably expected by an average worksite employee who onboards with us.
  2. To detect security incidents that compromise the availability, authenticity, integrity, and confidentiality of stored or transmitted personal information.
  3. To resist malicious, deceptive, fraudulent, or illegal actions directed at the business and to prosecute those responsible for those actions.
  4. To ensure the physical safety of natural persons.
  5. For short-term, transient use.
  6. To perform services on behalf of the Company.
  7. To verify or maintain the quality or safety of a product, service or device that is owned, manufactured, manufactured for, or controlled by the Company, and to improve, upgrade, or enhance the service or device that is owned, manufactured by, manufactured for, or controlled by the Company.
  8. For purposes not involving inferring characteristics about worksite employees.

Retention of Personal Information

We will keep your personal information for as long as is necessary during your co-employment relationship with us and thereafter in accordance with applicable law. When it is no longer necessary to retain your personal information, we will delete or anonymize it.

The Company will retain each category of Personal Information in accordance with our data retention schedule, which you can access here. In deciding how long to retain each category of Personal Information that we collect, we consider many criteria, including, but not limited to: the business purposes for which the Personal Information was collected; relevant federal, state and local recordkeeping laws; applicable statute of limitations for claims to which the information may be relevant; and legal preservation of evidence obligations.

Third-Party Vendors

We may use other companies and individuals to perform certain functions on our behalf. Examples include administering medical benefits and payroll services. Such parties only have access to the personal information needed to perform these functions and may not use or store the information for any other purpose.

Business Transfers

In the event we sell or transfer a particular portion of our business assets, worksite employee information may be one of the business assets transferred as part of the transaction. If substantially all of our assets are acquired, worksite employee information may be transferred as part of the acquisition.

Compliance With Law and Safety

We may disclose specific personal and/or sensitive personal information based on a good faith belief that such disclosure is necessary to comply with or conform to the law or that such disclosure is necessary to protect worksite employees or the public.

Passwords

The personal data record created through your registration of your email account for timekeeping and payroll system applications, including mobile applications, and the Company’s employee and onboarding portal can only be accessed with the unique password associated with those records. To protect the integrity of the information contained in those records, not disclose or otherwise reveal your passwords to third parties.

Worksite Employees and Their Family Members, Dependents, and Beneficiaries Under the Age of 16

We do not knowingly sell or share the personal information of worksite employees under 16 years of age or any of worksite employee’s family members, dependents or beneficiaries who are under 16 years of age.

How We Protect the Information That We Collect

The protection of the information that we collect about worksite employees is of the utmost importance to us and we take every reasonable measure to ensure that protection, including:

  • We use commercially reasonable tools and techniques to protect against unauthorized access to our systems.
  • We restrict access to private information to those who need such access in the course of their duties for us.

Rights Under the CCPA and CPRA

This section of the Privacy Policy applies only to California residents who are natural persons; it does not apply to any entities (whether business, non-profit or governmental). If you are a California resident, you have the following rights:

  1. Right to Know. The right to request, up to 2 times in a 12-month period, that we identify to you (1) the categories of personal information we have collected, shared or sold about you, (2) the categories of sources from which the personal information was collected, (3) the business purpose for which we use this information, and (4) the categories of third parties with whom we disclose or have disclosed your personal information;
  2. Right to Access. The right to request, up to 2 times in a 12-month period, that we provide you access to or disclose to you the specific pieces of personal information we have collected about you;
  3. Right to Delete. The right to request, up to 2 times in a 12-month period, that we delete personal information that we have collected from you, subject to certain exceptions;
  4. Right to Correct. The right to request that we correct inaccurate personal information (to the extent such an inaccuracy exists) that we maintain about you;
  5. The right to designate an authorized agent to submit one of the above requests on your behalf. See below for how you can designate an authorized agent; and
  6. The right to not be discriminated or retaliated against for exercising any of the above rights.

You Can Submit Any of the Above Types of Requests Using the 2 Options Below:

  1. Submit an online request on our website at engagepeo.com/contact (select feedback category “CCPA Inquiry”).
  2. Call our privacy toll-free line at 727-565-2950.

How We Will Verify That it is Really You Submitting the Request:

If you are a California resident, when you submit a Right to Know, Right to Access, Right to Delete, or Right to Correct request through one of the methods provided above, we will ask you to provide some information in order to verify your identity and respond to your request. Specifically, we will ask you to verify information that can be used to link your identity to particular information in our possession, which depends on the nature of your relationship and interaction with us. For example, we may need you to provide your name, address, email, phone number, last 4 digits of your social security number, and your date of birth.

Responding to your Right to Know, Right to Access, Right to Delete, and Right to Correct Requests

Upon receiving a verifiable request from a California resident, we will confirm receipt of the request no later than 10 business days after receiving it. We endeavor to respond to a verifiable request within forty-five (45) calendar days of its receipt. If we require more time (up to an additional 45 calendar days, or 90 calendar days total from the date we receive your request), we will inform you of the reason and extension period in writing. We will deliver our written response by mail or electronically, at your option. The response we provide will also explain the reasons we cannot comply with a request, if applicable.

We do not charge a fee to process or respond to your verifiable request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.

For a request to correct inaccurate personal information, we will accept, review, and consider any documentation that you provide, and we may require that you provide documentation to rebut our own documentation that the personal information is accurate. You should make a good-faith effort to provide us with all necessary information at the time that you make the request to correct. We may deny a request to correct if we have a good-faith, reasonable, and documented belief that a request to correct is fraudulent or abusive. If we deny your request to correct, we shall inform you of our decision not to comply and provide an explanation as to why we believe the request is fraudulent.

If You Have an Authorized Agent:

If you are a California resident, you can authorize someone else as an authorized agent who can submit a request on your behalf. To do so, you must either (a) execute a valid, verifiable, and notarized power of attorney, or (b) provide other written, signed authorization that we can then verify. When we receive a request submitted on your behalf by an authorized agent who does not have a power of attorney, that person will be asked to provide written proof that they have your permission to act on your behalf. We will also contact you and ask you for information to verify your own identity directly and not through your authorized agent. We may deny a request from an authorized agent if the agent does not provide your signed permission demonstrating that they have been authorized by you to act on your behalf.

Consent to Terms and Conditions

By onboarding as a worksite employee with S2 HR Solutions, LLC d/b/a Engage PEO, you consent to all terms and conditions expressed in this Privacy Policy.

Changes to Our Privacy Policy

As our services evolve and we perceive the need or desirability of using personal information collected in other ways, we may, from time to time, amend this Privacy Policy. We encourage you to check the Worksite Employee Portal frequently to see the current Privacy Policy in effect and any changes that may have been made. If we make material changes to this Policy, we will post the revised Policy and the revised effective date on the Worksite Employee Portal. Please check back there periodically or contact us at the address listed at the end of this Policy.

Individuals With Disabilities

This Policy is in a form that is or will be made accessible to individuals with disabilities.

Questions About the Policy

If you have any questions about this Privacy Policy, please contact us at www.engagepeo.com/contact.

**This Policy was last updated April 11, 2023

 

[1] The Company may retain, access, review and use all such communications and data for lawful business purposes detailed below, including to provide consulting services for your worksite employer concerning management and evaluation of employee performance and making employment decisions.