CALIFORNIA PERSONNEL PRIVACY STATEMENT AND NOTICE AT COLLECTION

This Privacy Statement was last updated January 1, 2023.

1. Scope of Privacy Statement 2. Collection of Your Information 3. Use of Your Information 4. Disclosure and Retention of Your Information 5. Your Rights 6. How to Contact Us About Your Privacy Statement

1. SCOPE OF PRIVACY STATEMENT

This California Personnel Privacy Statement (“Privacy Statement” or “Policy”) describes how Auction.com, LLC, and its affiliates and subsidiaries (collectively, “we,” “us,” “our,” “Auction.com,” and/or the “Company”) handle personal information of Californian current and former employees, applicants for employment at Auction.com, contractors, consultants, interns, and other workforce members (and their beneficiaries and emergency contacts) in the context of our working relationship with the relevant individuals.  It does not apply to data about people who live outside California.

We may update this Privacy Statement at any time. We may also provide you additional privacy notices regarding our collection, use or disclosure of information. Please read this Privacy Statement and any other privacy notices carefully.

This Policy does not form part of any employment contract or contract to provide services. In addition, if you provide services to Auction.com through or in connection with another company, we are not responsible for that company’s privacy practices.

This Privacy Statement does not apply to our handling of data gathered about you in your role as a user of Auction.com’s services.  When you interact with us as in that role, the privacy statement associated with those services applies. To review our general privacy statement, please click here.

This Policy will be available on job postings or the Auction.com Careers page, and our internal Sharepoint site, and may be provided to new workforce members as part of the application and onboarding process.

 

2. COLLECTION OF YOUR INFORMATION

We collect, store, and use various types of personal information through the application, recruitment, engagement, employment, or contracting processes. We collect such information either directly from you or (where applicable) from another person or entity, such as an employment agency or consultancy, recruitment or professional networking website, background check provider, or others who provide references. We will collect additional personal information throughout the course of your employment or other provision of services to us.

The type of information we have or will have about you depends on your role with us and may include, where applicable:

 
  • Identifiers such as full name, home and business addresses, telephone numbers, email addresses, and such information about your beneficiaries or emergency contacts.
  • Professional or employment-related information, including:
    • Recruitment, employment, or engagement information such as application forms and information included in a resume, cover letter, or otherwise provided through any application or engagement process; and copies of identification documents, such as driver’s licenses, passports, and visas; and background screening results and references.
    • Career information such as job titles; work history; work dates and work locations; employment, service, or engagement agreements; appraisal and performance information; information about skills, qualifications, experience, publications, speaking engagements, and preferences (e.g., mobility); absence and leave records; professional memberships; disciplinary and grievance information; and termination information.
    • Financial information such as salary, payroll, pension or retirement contribution information; and bank account and tax information.
    • Business travel and expense information such as travel itinerary information, corporate expenses, and Company credit card usage.
  • Education Information such as institutions attended, degrees, certifications, training courses, publications, and transcript information.
  • Internet, electronic network, and device activity and device information and related identifiers such as information about your use of the Company network, information, and communication systems, including user IDs, IP addresses, device IDs, web logs, metadata, and audit trails of system access. For further information on Auction.com’s policies regarding Company networks and equipment, please refer to our related policies, including the Mobile Device Use Policy, Network Security & Monitoring Policy, and Use of Systems and Information Policy.
  • Geolocation information, including for device recovery if you use a Company-issued device and to block unauthorized devices and access.
  • Audio or visual information such as call recordings and CCTV footage, as well as other information relating to the security of our premises; recorded presentations in which you participate; recorded calls you participate in with Auction.com users and photographs taken at Company functions.
  • Legally protected classification information such as race, sex marital status, military service, ethnicity, disability status, and requests for family care leave.
  • Medical information about you, and, if applicable, your beneficiaries, such as medical conditions and other information provided in statement of health forms, disability status, health and safety incidents or accidents, sickness records, and health issues requiring adaptations to your working environment or working practices.
  • Other sensitive personal information such as Social Security number and driver’s license number.
 

3. USE OF YOUR INFORMATION

We have or will collect, use, share, and store personal information for the Company’s and our service providers’ and contractors’ business purposes, which include, where applicable:

HR management and administration, including training, compensation and benefits, invoices, leave, scheduling, career development, performance appraisals and recognition, investigating and resolving inquiries and complaints, providing references, succession planning, organizational changes, fraud prevention and investigation, preparing analyses and reports, and communicating with our workforce about updates or relevant information about perks, benefits and discounts, and changes to Company products and services.

Business operations, including providing and monitoring IT systems for any lawful purpose, maintaining accounts and internal directories, crisis management, protecting occupational health and safety, participating in due diligence activities related to the business, business succession planning, data administration, workplace management, and conducting internal analyses and audits.

Recruiting and workforce planning, including assignment planning and budgeting, job advertising, interviewing, and selecting and hiring new staff.

Security operations, including detecting security incidents, debugging and repairing errors, and preventing unauthorized access to our computer and electronic communications systems and preventing malicious software distribution; and monitoring and controlling access to Company premises and locations (including through use of CCTV).

Legal compliance, such as complying with anti-bribery, tax, social security and immigration obligations, and responding to and cooperating with legal or regulatory requests and investigations.

Exercising our legal rights, including seeking legal advice from our external lawyers or in connection with litigation with a third party.

We may also use personal information for any other legally permitted purpose (subject to your consent, where legally required). Examples of the uses described above include our use of:

  • Social Security number or passport information for legal compliance, payroll, benefits, tax, and immigration purposes;
  • Health information, which may include disability status, to provide reasonable workplace accommodations and manage absences, for workplace health and safety purposes, and for compliance with applicable law and contracts or to exercise rights thereunder; and
  • Racial/ethnic origin, sexual orientation, and/or disability status for equal opportunity and diversity and inclusion purposes and to address related applicable law.
 

California law places certain obligations on businesses that “sell” personal information to third parties or “share” personal information with third parties for cross-context behavioral advertising as those terms are defined under the California Consumer Privacy Act (“CCPA”). We do not “sell” or “share” the personal information covered by this Privacy Statement and have not done so in the 12 months prior to the effective date of this Privacy Statement.

 

4. DISCLOSURE AND RETENTION OF INFORMATION

We may disclose personal information to the following types of entities or in the following circumstances (where applicable):

  • Internally: to people within the Company, including to subsidiaries and affiliated companies that are under common ownership or control within the Company family, to carry out the purposes described in this Policy, including to your manager, human resources, as well as personnel within the Company, such as payroll, IT, legal and finance.
  • Vendors: such as compensation and benefits providers, tax and other professional advisors, technology service providers, corporate card issuers, travel management providers, travel providers, human resources suppliers, background check companies, and employment businesses (in relation to contractors or agency workers).
  • Business operations: to provide another entity (such as a potential or existing business counterparty or customer) with a means of contacting you in the normal course of business, for example, by providing your contact details, such as your phone number and email address.
  • Legal compliance and exercising legal rights: when required to do so by law, regulation, or court order or in response to a request for assistance by the police or other law enforcement agency; and to seek legal advice from our external lawyers or in connection with litigation with a third party.
  • Business Transaction Purposes: in connection with the sale, purchase, or merger of a business or a significant part of one.
  • Other Disclosures and Consent: as permitted by law (and, where legally required, with your consent), we may share personal information with any other third parties in any other circumstances.

The personal information we do or will collect, including sensitive personal information, will be retained for as long as necessary to satisfy the purposes for which it was collected. These purposes may include to comply with reporting, legal and accounting obligations. We consider the amount, nature and sensitivity of the information, the potential risk of harm from unauthorised use or disclosure of the personal information, the purposes for which we process the personal information and whether we can achieve those purposes in other ways, the applicable legal requirements and our legitimate interests.

Below is a table listing the categories of personal information and sensitive personal information we have collected about California residents, the categories of entities to whom this information was disclosed during the past 12 months, and examples of how long we will normally intend to retain this sort of information after it has been collected in 2022 and/or later:

Categories of Personal Information and Sensitive Personal Information We Collect Categories of Entities to Whom This Information Was Disclosed in the Last 12 Months Examples of How Long We Will Normally Plan to Keep This Sort of Information (After Collecting It in 2022 or Later)
Identifiers such as full name, home and business addresses, telephone numbers, email addresses, and such information about your beneficiaries or emergency contacts.   Service Provider/Vendor: such as compensation and benefits providers, tax and other professional advisors, technology service providers, corporate card issuers, travel management providers, travel providers, human resources suppliers, background check companies, and employment businesses (in relation to contractors or agency workers).

Affiliates and Subsidiaries: such as related corporate entities that share a common ownership or business purpose.

Governmental Entities and Law Enforcement Agencies : if necessary and appropriate to comply with legal or regulatory obligations, legal proceedings, and/or otherwise to protect Auction.com’s rights or the rights of any third party.

Potential or Existing Customers or Clients: if necessary and appropriate to comply with contractual, legal or regulatory obligations, and/or legal proceedings
 Identifiers for job applicants who do not become employees are normally retained for a minimum of three years.
Professional or employment-related information, including recruitment, employment, or engagement information, career information, financial information, and business and travel expense information. Same as for Identifiers. Professional or employment related information is normally retained for the duration of an employee’s tenure or for a minimum of seven years, whichever is longer. For job applicants who do not become employees, such information is normally retained for a minimum of three years.  Tax forms, including Form I-9s, are normally retained indefinitely, including to comply with legal and/or audit requirements. Personnel files for employees, including offer letters, resumes, and background checks, are normally retained for the duration of the employee’s tenure or for a minimum of seven years, whichever is longer. For job applicants, such information is normally retained for a minimum of three years.
State identification card, such as a driver’s license Same as for Identifiers, except not to a potential or existing customer. State identification card information may be obtained as part of a background check, which is normally retained for a minimum of seven years. For employees, such information may normally be retained for the duration of the employee’s tenure or for a minimum of seven years, whichever is longer.
Social Security number Same as for Identifiers except not to travel management providers, travel providers, or a potential or existing customer. Social Security numbers may be obtained as part of the initial background check once an offer is extended to a job applicant and accepted by the same, and during the onboarding and/or benefits process.  Such information is normally maintained for the duration of an employee’s tenure or for a minimum of seven years, whichever is later. To the extent that such information is included in tax records, it may be retained indefinitely.
Education Information such as institutions attended, degrees, certifications, training courses, publications, and transcript information. Same as for Identifiers, except not to corporate card issuers, travel management providers, or travel providers. Education information for consumers/personnel is usually obtained as part of a job application and/or during new hire onboarding.  Education information is normally retained for the duration of an employee’s tenure or for a minimum of seven years, whichever is later.  For job applicants who do not become employees, such information is normally retained for a minimum of three years.
Internet, electronic network, and device activity and device information and related identifiers such as information about your use of the Company network, information, and communication systems, including user IDs, passwords, IP addresses, device IDs, web logs, metadata, and audit trails of system access. Same as for Identifiers, except not to compensation and benefits providers, corporate card issuers, travel management providers, travel providers, or a potential or existing customer. This information is normally retained for the duration of an employee’s employment and continued use of a Company-provided device, or for a minimum of seven years, whichever is later.
Account log in and access code, password, or credentials allowing account access Same as for Identifiers, except not to compensation and benefits providers, tax and other professional advisors, corporate card issuers, travel management providers, travel providers, human resources suppliers, background check companies, and employment businesses (in relation to contractors or agency workers), or a potential or existing customer. Auction.com personnel account login and password are normally retained while we consider the user’s account to be active.  Personnel activity logs are normally retained for a minimum of thirteen months.
Geolocation information, such as the location of a wireless device (e.g., latitude and longitude) Same as for Identifiers, except not to compensation and benefits providers, tax and other professional advisors, corporate card issuers, travel management providers, travel providers, human resources suppliers, background check companies, employment businesses (in relation to contractors or agency workers), or a potential or existing customer. Geolocation information may be obtained from employee use of Company-provided devices, and such information is normally retained for the duration of an employee’s employment with the Company or for a minimum of seven years, whichever is later.
Precise geolocation information, such as the precise location of a wireless device (e.g., latitude and longitude) Same as for geolocation information. Same as for geolocation information.
Audio or visual information such as call recordings and CCTV footage, as well as other information relating to the security of our premises; recorded presentations in which you participate; recorded calls you participate in with Auction.com users and photographs taken at Company functions. Same as for Identifiers, except not to compensation and benefits providers, corporate card issuers, travel management providers, travel providers, or a potential or existing customer Closed caption video recordings of our workplaces are normally retained for a minimum of ninety days. Customer service phone calls between employees and customers are normally retained for a minimum of three years.
Legally protected classification information such as race, sex, marital status, military service, ethnicity, disability status, request for family care leave, and criminal history  (as part of a background check). Same as for Identifiers, except not to a a potential or existing or customer. Legally protected classification information may be obtained in the course of a job application and/or new hire onboarding.  If provided by a job applicant, such information is normally retained for a minimum of three years.  For employees, such information is normally retained for the duration of an employee’s tenure or for a minimum of seven years, whichever is later.
Medical information about you, and, if applicable, your beneficiaries, such as medical conditions and other information provided in statement of health forms, disability status, health and safety incidents or accidents, sickness records, and health issues requiring adaptations to your working environment or working practices. Same as for Identifiers, except not to corporate card issuers, travel management providers, travel providers, background check companies, or a potential or existing customer. Medical information may be obtained from employees who seek a leave of absence. Accident reports and claims or insurance records are normally retained for a minimum of five years.  Other types of medical information may be retained as part of an employee’s personnel file, which is normally retained for the duration of an employee’s tenure or for a minimum of seven years, whichever is later.

5. YOUR RIGHTS

California residents have certain rights regarding their personal information. Subject to certain exceptions, you may request that we:

  • provide you the categories of personal information we have collected or disclosed about you in the last 12 months; the categories of sources of such information; the business or commercial purpose for collecting or selling your personal information; and the categories of third parties with whom we shared personal information.
  • provide access to and/or a copy of certain information we hold about you during the last 12 months.
  • correct inaccurate personal information about you.
  • delete personal information you provided to us.
 

You also have the right not to be discriminated against (as provided for in California law) for exercising your rights.

Exceptions to Your Rights: There are exceptions to certain rights listed above. For instance, we may retain your personal information if it is reasonably necessary for us or our service providers to provide a service that you have requested or to comply with law or to detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity or prosecute those responsible for that activity.

Submitting a Request: To exercise any of these rights you may contact us at (800) 793-6107 or follow the instructions on either the “Your Privacy Choices” or “Privacy Request Form,” depending on the nature of your request.

We have the right to take reasonable steps to verify your identity before responding to a request. In doing so, we may ask you for verification information so that we can match at least two verification points with information we maintain in our files about you. If we are unable to verify you through this method, we have the right, but not the obligation, to request additional information from you.

 

6. HOW TO CONTACT US ABOUT THIS PRIVACY STATEMENT

Should you have any other questions about this Privacy Statement, contact us by sending an email to privacy@auction.com. Please provide your name, mailing address, telephone number and email address so we can service you more quickly. You can also write to us at Privacy – Legal Department, 1 Mauchly, Irvine, CA 92618.