California Consumer Privacy Act of 2018 (“CCPA”) Notice
Under the CCPA, effective January 1, 2020, California residents received greater protection with respect to transparency and accountability concerning their personal information that is collected by certain businesses. Specifically, the basic scope of the law provides that California residents are entitled to receive pre-collection notification of (1) what personal information is being collected about them; (2) why and how it is being collected and stored; (3) whether it is disclosed, shared or sold; and (4) how to exercise their rights to access, receive copies or request deletion of personal information.
This CCPA Privacy Notice is in addition to your other rights and supplements the information contained in Revolution Medicine’s (“RevMed,” “we,” “us,” “our”) other privacy policies and statements and applies to you as a job applicant, employee, temporary employee or independent contractor (“consumer(s)” or “you”).
We predominantly collect information subject to CCPA from only job applicants, employees, temporary employees, independent contractors and site visitors.
In addition, the law is evolving, and this Notice and RevMed’s privacy policies will be reviewed and amended, if necessary, at least every twelve (12) months.
What is “Personal Information?”
As defined in the statute, “personal information” is essentially any data that identifies, refers, relates to, describes or is can be associated with you.
There are various categories of what is considered “personal information,” and it includes, but is not limited to the following: names, addresses, telephone numbers; any unique personal or online identifier (including internet protocol (IP) address, geolocation and email); account names and numbers; social security number; driver’s license or state identification card number; passport number and information regarding recent travel history; signatures; physical or other characteristics or descriptions; insurance policy numbers; education, employment, and employment/professional history; bank account, credit and debit card numbers, or any other financial and commercial information; medical, biometric, health and health insurance information; audio, electronic, visual, thermal, olfactory, or similar information; characteristics of protected classifications under California or federal law; internet and related information, including use of social media, browsing history, and computer usage; and consumer profiles.
“Personal information” does not include any publicly available information from federal, state, or local government records; deidentified, pseudonymized, or aggregate consumer information; and information excluded from the scope of CCPA, such as health or medical information covered by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the California Confidentiality of Medical Information Act (CMIA) or clinical trial data; personal information covered by certain sector-specific privacy laws, including the Fair Credit Reporting Act (FRCA), the Gramm-Leach-Bliley Act (GLBA) or California Financial Information Privacy Act (FIPA), and the Driver’s Privacy Protection Act of 1994.
What Personal Information We Do Collect From or About You
We collect personal information from you in connection with the job application process, employment and visits to our facility, which may include the following:
- name, address, telephone numbers, and email addresses;
- secondary and post-secondary education;
- social security number;
- employment history;
- birthdate, gender, marital status, nationality, demographics and dependent information;
- tax identification number, filing status and exemption information;
- account numbers for direct deposit/payroll;
- references and emergency contacts;
- credit information;
- information derived from investigative consumer reports; and
- health information
How and Why Personal Information Is Collected, Stored, and Used
Most of the collected personal information is provided directly by you in the job application, interviewing process, and new hire paperwork, but the definition also includes information that is provided directly by you or to you during your employment (e.g. employee identification or payroll numbers, etc.).
We may also indirectly receive information about you from third parties, including educational institutions, prior employers, and references that you identify, as well as information from credit reporting agencies or investigative consumer reports that we may use as part of background checks.
Personal information is stored by us in our Human Resources Department as part of the job application and our hiring process, and, for employees, in their personnel file as part of an employee’s regular employment and management of human resources (e.g. work eligibility, payroll and expenses, to administer benefits and health care related services, to provide notices, for performance reviews, to monitor work related licenses/credentials/certifications, to provide a safe and healthy workplace and maintain security, to comply with regulatory requirements, and to fulfill other obligations for which the information is being provided).
We may also use your information to improve our services, as necessary or appropriate to protect the rights, property or safety of us, our clients or others, and to respond to law enforcement requests and as required by applicable law, court order, or governmental regulations.
We may also use your information as part of our evaluation regarding our business operations, including the evaluation or conducting of any merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which personal information held by us is among the assets transferred.
As a result of the COVID-19 pandemic, we have instituted specific policies and protocols as prophylactic measures designed to provide a safe and healthy work environment. These include, but are not limited to, the collection of personal information in the form of a “Return to Work” Questionnaire that includes an emailed self-certification of certain personal facts, which may include body temperature, whether you are experiencing any of the identified symptoms of COVID-19, your travel information, and your exposure to an infected person.
As a result of the pandemic, we have also developed an onsite COVID-19 saliva-based testing program conducted by a third party vendor, DxTerity. Participation in this testing program may be required for site visitors, including employees, temporary employees and contractors, and may be made available on a voluntary basis to others, such as their respective household family members. Personal information is provided to RevMed by you in the testing program consent form. Personal information required by DxTerity is provided to RevMed by you in the testing program consent form, and this information is transmitted by RevMed to DxTerity along with your sample. Personal information required by DxTerity may include, for example, your name, demographic information, medical information and an ID number. DxTerity maintains separate privacy policies and any required notices/disclosures separate and apart from RevMed, and any information collected by DxTerity, as well as the test results that DxTerity collects, are subject to their policies.
The COVID-19-related information collected by RevMed is maintained confidentially and separately from other personal information that we collect in a separate electronic file having limited accessibility. The COVID-19-related information collected by DxTerity is maintained in accordance with DxTerity’s privacy and other policies.
We will not collect additional categories of personal information or use the personal information we have collected for materially different, unrelated, or incompatible purposes without providing you notice.
Personal Information is Not Shared or Sold
We do not generally share, disclose or sell your personal information. It may be used as indicated above, as part of the relationship we have with you as a potential or actual employer and your role as applicant, employee, temporary employee, independent contractor or site visitor. This may include limited third party service providers (e.g. payroll service providers and COVID-19-related testing providers). Such third parties maintain separate privacy policies and any required notices/disclosures separate and apart from RevMed.
Rights Regarding Personal Information
California residents have the right to request that we provide them with access to or copies of personal information we have collected about them, including a request for us to delete personal information subject to certain exceptions.
Any information collected from you regarding these requests will only be used in conjunction with processing your request and will not be stored by RevMed.
We do not discriminate against anyone who chooses to exercise any rights regarding personal information that we have collected.
If you have any questions about this CCPA Notice, our Privacy Statement, the ways in which we collect and use your personal information, your choices and rights regarding such use, or to understand or exercise your rights under California law, please contact RevMed’s Compliance Department at firstname.lastname@example.org or 833-976-2016.