CCPA Notice
California Consumer Privacy Act of 2018 (“CCPA”) Notice
Last updated December 15, 2022
Purpose
Under the CCPA, effective January 1, 2020, as amended by the California Privacy Rights Act effective of January 1, 2023, California residents receive greater protection with respect to transparency and accountability concerning their personal information that is collected by certain businesses. Specifically, the basic scope of the law provides that California residents are entitled to receive pre-collection notification of (1) what personal information is being collected about them; (2) why and how it is being collected and stored; (3) whether it is disclosed, shared or sold; (4) how long it will be stored; and (5) how to exercise their rights to access, receive copies, correct, opt out of sharing or request deletion of personal information and to limit the use and disclosure of sensitive personal information.
This CCPA Privacy Notice is in addition to your other rights and supplements the information contained in Revolution Medicines' (“RevMed,” “we,” “us,” “our”) other privacy policies and statements, including our Privacy and Cookie Policy, and applies to you as a job applicant, employee, temporary employee or independent contractor (“consumer(s)” or “you”).
We predominantly collect information subject to CCPA from only job applicants, employees, temporary employees, independent contractors, business contacts and site visitors.
In addition, the law is evolving, and this Notice and RevMed’s privacy policies will be reviewed and amended, if necessary, at least every twelve (12) months.
What is “Personal Information?”
As defined in the statute, “personal information” is essentially any data that identifies, refers, relates to, describes or is or can be associated with you.
There are various categories of what is considered “personal information,” and it includes, but is not limited to the following: names, addresses, telephone numbers; any unique personal or online identifier (including internet protocol (IP) address, geolocation and email); account names and numbers; social security number; driver’s license or state identification card number; passport number and information regarding recent travel history; signatures; physical or other characteristics or descriptions; insurance policy numbers; education, employment, and employment/professional history; bank account, credit and debit card numbers, or any other financial and commercial information; medical, biometric, health and health insurance information; audio, electronic, visual, thermal, olfactory, or similar information; characteristics of protected classifications under California or federal law; internet and related information, including use of social media, browsing history, and computer usage; and consumer profiles.
“Sensitive personal information” is a subset of “personal information” and it includes the social security number; state-issued ID number; passport number; account login along with password or required credentials; racial or ethnic origin; sexual orientation; genetic information; biometrics that are used for the purpose of identifying a unique person; personal mail, email, and text message contents when the recipient is not the business accessing it; and precise geolocation data.
“Personal information” does not include any publicly available information from federal, state, or local government records; deidentified, pseudonymized, or aggregate consumer information; and information excluded from the scope of CCPA, such as health or medical information covered by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the California Confidentiality of Medical Information Act (CMIA) or clinical trial data; personal information covered by certain sector-specific privacy laws, including the Fair Credit Reporting Act (FRCA), the Gramm-Leach-Bliley Act (GLBA) or California Financial Information Privacy Act (FIPA), and the Driver’s Privacy Protection Act of 1994.
What Personal Information We Do Collect From or About You
We collect personal information, including sensitive personal information, from you in connection with the job application process, employment and visits to our facility or when you provide information regarding our business-related interactions with you, which may include the following:
-
name, address, telephone numbers, and email addresses;
-
secondary and post-secondary education;
-
social security number;
-
employment history;
-
birthdate, gender, marital status, nationality, demographics and dependent information;
-
tax identification number, filing status and exemption information;
-
account numbers for direct deposit/payroll;
-
references and emergency contacts;
-
credit information;
-
information derived from investigative consumer reports; and
-
health information
How and Why Personal Information Is Collected, Stored, and Used
Most of the collected personal information is provided directly by you in the job application, interviewing process, and new hire paperwork or as part of our business-related interactions with you, but the definition also includes information that is provided directly by you or to you during your employment (e.g. employee identification or payroll numbers, etc.) or for business administration as may be required to perform our obligations under a contractual relationship.
We may also indirectly receive information about you from third parties, including educational institutions, prior employers, and references that you identify, as well as information from credit reporting agencies or investigative consumer reports that we may use as part of background checks.
Personal information is stored by us in our Human Resources Department as part of the job application and our hiring process, and, for employees, in their personnel file as part of an employee’s regular employment and management of human resources (e.g. work eligibility, payroll and expenses, to administer benefits and health care related services, to provide notices, for performance reviews, to monitor work related licenses/credentials/certifications, to provide a safe and healthy workplace and maintain security, to comply with regulatory requirements, and to fulfill other obligations for which the information is being provided).
We may also use your information to improve our services, as necessary or appropriate to protect the rights, property or safety of us, our clients or others, and to respond to law enforcement requests and as required by applicable law, court order, or governmental regulations.
We may also use your information as part of our evaluation regarding our business operations, including the evaluation or conducting of any merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which personal information held by us is among the assets transferred.
As a result of the COVID-19 pandemic, we have instituted specific policies and protocols as prophylactic measures designed to provide a safe and healthy work environment. These include, but are not limited to, the collection of personal information which may include your COVID-19 vaccination status, your body temperature, whether you are experiencing any of the identified symptoms of COVID-19, your travel information, and your exposure to an infected person.
As a result of the pandemic, we have also developed an at home and onsite COVID-19 testing program conducted by a third party vendor (the “Testing Vendor”). Participation in this testing program may be required for site visitors, including employees, temporary employees and contractors, and may be made available on a voluntary basis to others, such as their respective household family members. Personal information is provided to RevMed by you in the testing program consent form. Personal information required by the Testing Vendor is provided by you to the Testing Vendor in the testing program consent form, and this information is transmitted by the Testing Vendor to RevMed. Personal information required by the Testing Vendor may include, for example, your name, demographic information, medical information and an ID number. The Testing Vendor maintains separate privacy policies and any required notices/disclosures separate and apart from RevMed, and any information collected by the Testing Vendor, as well as the test results that the Testing Vendor collects, are subject to their policies.
The COVID-19-related information collected by RevMed is maintained confidentially and separately from other personal information that we collect in a separate electronic file having limited accessibility. The COVID-19-related information collected by the Testing Vendor is maintained in accordance with the Testing Vendor’s privacy and other policies.
We will not collect additional categories of personal information or use the personal information we have collected for materially different, unrelated, or incompatible purposes without providing you notice.
Personal Information is Not Shared or Sold
We do not generally share, disclose or sell your personal information. It may be used as indicated above, as part of the relationship we have with you as a potential or actual employer and your role as applicant, employee, temporary employee, independent contractor or site visitor. This may include limited third party service providers (e.g. payroll service providers and COVID-19-related testing providers). Such third parties maintain separate privacy policies and any required notices/disclosures separate and apart from RevMed.
Rights Regarding Personal Information
California residents have the right to request that we provide them with access to or copies of personal information we have collected about them, including a request for us to correct, opt out sharing or delete personal information and to limit the use and disclosure of sensitive personal information subject to certain exceptions.
Any information collected from you regarding these requests will only be used in conjunction with processing your request and will not be stored by RevMed.
We do not discriminate against anyone who chooses to exercise any rights regarding personal information that we have collected.
Contact Information
If you have any questions about this CCPA Notice, our Privacy and Cookies Policy, the ways in which we collect and use your personal information, your choices and rights regarding such use, or to understand or exercise your rights under California law, please contact RevMed’s Compliance Department at privacy@revmed.com or 833-976-2016.