Personnel Privacy Notice
Effective September 29, 2023
SUMMARY
InCloud, LLC (the “Company” or “we”) is committed to protecting the privacy and security of personal data of our employment candidates (“Candidates”), current and former employees (“Employees”), and contractors (collectively, “Personnel”) and their emergency contacts and beneficiaries. This Personnel Privacy Notice (“Notice”) describes what information we collect, how we use and disclose it, and your rights.
SCOPE
Unless otherwise stated, this Notice applies to Personnel globally.
We collect the following categories of personal data for the purposes described below:
Category of Personal Data | Personal Data Collected | Purpose |
Personal identifiers | Examples: − Real name − Preferred name − Postal address − Email address − Unique personal or online identifier − Internet Protocol address − Social Security number − Passport number, driver's license or state identification card number − Age or date of birth − Other similar identifiers | The Company collects personal identifiers to contact Candidates, onboard Personnel; enroll and administer benefits; enter into contracts; and use for general human resource purposes. |
Records identified by state law (including the California Customer Records statute (Cal. Civ. Code § 1798.80(e))) | Examples: − Name − Signature − Social Security number − Address − Telephone number − Passport number, driver's license or state identification card number − Insurance policy number − Education − Employment history − Bank account number − Credit card information or any other financial information − Medical information or health insurance information | The Company collects this information to contact Personnel, process job applications; onboard Personnel; enroll and administer benefits; enter into contracts; and use for general human resource purposes. The Company collects pay information such as pay rate, payroll deduction information, banking information for direct deposit, and credit card information for expense reimbursement – to pay its Personnel and comply with applicable laws. |
Protected classification characteristics under state or federal law | Examples: − Race − Religious creed − National origin − Age − Ancestry − Physical or mental disability − Medical condition − Marital status − Sex, gender, gender identity, or gender expression − Sexual orientation − Military and veteran status | As allowable and required by law, the Company collects equality and diversity information, such as minority, veteran and disability status, through voluntary self- disclosure and other means to implement the Company’s diversity programs and to comply with applicable laws. The Company collects health and safety information to maintain a safe workplace; assess working capacity; administer health and Workers' Compensation programs; and comply with applicable laws. The Company also collects information necessary for benefits enrollment and administration purposes. |
Commercial information | Examples: − Records of personal property, products or services purchased, obtained, or considered − Other purchasing or consuming histories or tendencies | If you are a contractor, we may collect commercial information from or about you in connection with obtaining services from you. |
Biometric information | An individual’s physiological, biological, or behavioral characteristics, including an individual’s deoxyribonucleic acid (DNA), that can be used, singly or in combination with each other or with other identifying data, to establish individual identity. Biometric information includes, but is not limited to, imagery of the iris, retina, fingerprint, face, hand, palm, vein patterns, and voice recordings, from which an identifier template, such as a faceprint, a minutiae template, or a voiceprint, can be extracted, and keystroke patterns or rhythms, gait patterns or rhythms, and sleep, health, or exercise data that contain identifying information. | The Company does not collect biometric information. |
Internet or other similar network activity information | Examples: − Email, computer, internet, telephone, and mobile device usage − IP address, log-in information, and location information − Browsing history, search history, or information regarding your interaction with a website, application or advertisement | The Company collects this information to protect Company, customer, and Personnel property, equipment and confidential information; monitor Personnel performance; and enforce the Company’s electronic communications acceptable use policies. |
Geolocation data | Examples: − Physical location or movements | The Company collects Personnel city when logging into systems or tools for general human resource purposes, such as tax, audit, or compliance purposes. |
Sensory Data |
Examples: − Audio and visual information | The Company may collect audio and visual information of Personnel through photographs used for identification purposes and to promote the Company. The Company collects audio and video recordings of some meetings and training sessions. |
Professional or employment- related information | Examples: − Performance management information, such as employment status (full-time or part-time, regular or temporary), work schedule, job assignments, hours worked, accomplishments and awards − Training and development information − Performance evaluation information − Discipline and counseling information − Employment termination information | The Company collects professional and employment-related information to evaluate Candidates for employment and manage its relationship with Personnel. |
Education Information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99)) | Examples: − Education records such as grades, transcripts, and class lists | The Company does not collect education records as defined. |
Inferences drawn from other personal data | Examples: − Profile reflecting a person's preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities and aptitudes | The Company may collect personal data to allow Personnel to engage in development programs, which make inferences about characteristics, such as strengths and working style. Additionally, we may make inferences about gender or race as needed to comply with EEOC reporting requirements, such as when Personnel declines to self-identify. |
Personal Data about children under the age of 16 | Personal data about Employees’ dependents under the age of 16. | The Company collects information about Employees’ dependents under the age of 16 if Employees voluntarily provide such information in connection with the enrollment and administration of benefits and other human resource purposes that involve such dependents. |
Legal and Contractual Information | Information necessary to respond to law enforcement and governmental agency requests; comply with legal and contractual obligations; exercise legal and contractual rights; and initiate or respond to legal claims | The Company collects this information to comply with legal and contractual requirements and to establish, exercise and defend legal and contractual rights and claims. |
Emergency Contact Information | Examples: − Name and contact information – Relationship to Employee | The Company collects this information to contact the Employee’s designated emergency contact persons in the event of an emergency. |
Beneficiary Information | Examples: − Name and contact information – Relationship to the Employee − Birth date – Social Security Number – Information necessary to process benefits claims | The Company collects this information to enroll and administer benefits programs for beneficiaries of Employees. |
We collect personal data directly from you. We may also combine personal data collected from other sources with the personal data you provide to us. For example, we may collect information from:
Twitter and Facebook)
service
In addition to the above, we use personal data about Personnel for routine human resources and business operations, such as:
interests for employment with the Company
required or requested)
projects and booking travel arrangements
equity plan administration
information security, disclosure to affiliated organizations for administrative
tasks, monitoring overtime, workforce monitoring for safety or management, improving the safety of our workplace, whistleblowing schemes, enforcement of legal claims, and research purposes)
defenses
We may share your personal data as necessary for the purposes described in this Privacy Notice. We do not sell or otherwise disclose personal data of Personnel for monetary or other consideration to any third parties.
For example, we share Personnel personal data with the following parties:
All data collected via or by the Company may be transferred, processed, and stored anywhere in the world, including, but not limited to, the United States.
EU-U.S. Data Privacy Framework
Ontra complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF as set forth by the U.S. Department of Commerce.
Ontra has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of Personnel personal data received from the European Union and the United Kingdom in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF, including the principles of 1) notice, 2) choice, 3) accountability for onward transfer, 4) security, 5) data integrity and purpose limitation, 6) access, and 7) recourse, enforcement, and liability.
EU-U.S. DPF Principles require that we remain potentially liable if any third party processing personal data on our behalf fails to comply with EU-U.S. DPF Principles (except to the extent we are not responsible for the event giving rise to any alleged damage). Ontra’s compliance with the EU-U.S. DPF is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission.
Please contact us as described below with any questions or concerns relating to our EU-U.S. DPF Certification. In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF, Ontra commits to cooperate and comply with the advice of the panel established by the EU data protection authorities (DPAs) and the UK Information Commissioner’s Office (ICO) with regard to unresolved complaints concerning our handling of Personnel data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF in the context of the employment relationship.
If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/.
Depending on applicable law, you may have the right to:
For more information or to exercise these rights, please contact us as described below.
We generally retain personal data for as long as necessary to fulfill the purposes for which we collected it, including for the purposes of satisfying any legal, financial, or reporting obligations, to establish or defend legal claims, or for compliance and protection purposes.
To determine the appropriate retention period for personal data, we may consider factors such as:
When we no longer require the personal data we have collected about you, we may either delete it, anonymize it, or isolate it from further processing.
Note that in some cases, even if you submit a data deletion request, we may be required to retain your personal data, such as to comply with the law; maintain records of transactions; exercise, establish, or defend legal claims; or protect against fraud or abuse of our systems.
We take steps to ensure that your personal data is treated securely and in accordance with this Notice. Unfortunately, we cannot ensure or warrant the security of any data you provide to us. To the fullest extent permitted by applicable law, we do not accept liability for unauthorized disclosure.
If you are located in the EU or the UK, you have the right to lodge a complaint with a Supervisory Authority if you believe our processing of your personal data violates applicable law.
If you have any questions or concerns regarding this Privacy Notice or the collection of your personal data, please contact privacy@ontra.ai.
Candidates with disabilities may access this notice in an alternative format by contacting talent@ontra.ai.
All other Personnel may access this notice in an alternative format by contacting people.partners@ontra.ai.