FinThrive Privacy Notice for California Resident Job Applicants
Last Updated: March 8, 2024
Download printable PDF of this policy
This Privacy Notice for California Resident Job Applicants (“Notice”) supplements the information contained in the Company’s general Privacy Policy and Privacy Notice for California Residents and applies solely to individuals who seek employment with the Company and reside in the State of California (“consumers” or “you”). This policy is intended to describe our online and offline information practices as they relate to your personal information which may be collected as a job applicant, and also to describe your rights related to your personal information.
We adopt this Notice to comply with the California Consumer Privacy Act of 2018 (CCPA), as amended by the California Privacy Rights Act of 2020 (CPRA), and its implementing regulations and any terms defined in the CCPA/CPRA have the same meaning when used in this Notice.
This Notice does not include information practices related to employee onboarding or employment with the Company (which is subject to a separate privacy notice).
Information We Collect
The Company collects information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household (personal information). The Company collects and uses personal information for recruiting activities, business-related purposes and to be in legal compliance. For example, your name, address, email address, phone number, educational and employment background, CV (resume) and job qualifications.
In particular, the Company has collected or disclosed the following categories of personal information about its consumers within the last twelve (12) months:
Category | Collected | Sold or Shared | Disclosed for Business Purpose | To whom we disclosed personal information |
A. Identifiers. (for example, name, address, email address, IP address, account name, Social Security number, or other similar identifiers) |
YES | NO | YES | Service Providers (for example, HR technology provider, auditors, recruiters) |
B. Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)). (for example, records containing personal information such as name, signature, address, phone number, bank account number or any other financial information) |
YES | NO | YES | Service Providers (for example, HR technology provider, auditors, recruiters) |
C. Protected classification characteristics under California or federal law. (for example, age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information)). |
YES (if provided by you) | NO | YES | Service Providers (for example, HR technology provider, auditors, recruiters) |
D. Commercial information. (for example records of products or services purchased or considered). |
NO | NO | NO | Not applicable |
E. Biometric information. (for example, fingerprints, faceprints, voiceprints or similar). |
NO | NO | NO | Not applicable |
F. Internet or other similar network activity. (for example, browsing history, search history, interaction with a website, application or advertisement). |
YES | NO | YES | Service Providers (for example, consultants, website developers, IT providers) |
G. Geolocation data. (for example, general physical location or movements from a particular device). |
NO | NO | NO | Not applicable |
H. Sensory data. (for example, audio, electronic, visual, thermal, olfactory, or similar information). |
YES | NO | NO | Not applicable |
I. Professional or employment-related information. (for example current or past job history or performance evaluations). |
YES | NO | YES | Service Providers (for example, HR technology provider, auditors, recruiters) |
J. Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99)). (for example, education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records). |
NO | NO | NO | Not applicable |
K. Inferences drawn from other personal information. (for example, inferences drawn to create a profile reflecting a person’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes) |
YES | NO | YES | Service Providers (for example, HR technology provider, auditors, recruiters) |
L. Sensitive Personal Information | ||||
A social security number, driver’s license, state identification card, or passport number | NO | NO | NO | Not applicable |
Account log-in, financial account, debit card, or credit card number in combination with any required security or access code, password, or credentials allowing access to an account | YES (Login information only) | NO | YES | Service Provider (for example, HR technology provider) |
Precise geolocation or any data that is derived from a device and that is used or intended to be used to locate a consumer within a geographic area that is equal to or less than the area of a circle with a radius of 1,850 feet, except as prescribed by regulations | NO | NO | NO | Not applicable |
Racial or ethnic origin, religious or philosophical beliefs, or union membership | YES (if provided by you) | NO | YES | Service Provider (for example, HR technology provider) |
The contents of a consumer’s mail, email, and text messages unless the business is the intended recipient of the communication | NO | NO | NO | Not applicable |
Genetic data | NO | NO | NO | Not applicable |
The processing of biometric information for the purpose of uniquely identifying a consumer. | NO | NO | NO | Not applicable |
Personal information collected and analyzed concerning a consumer’s health. | NO | NO | NO | Not applicable |
Personal information collected and analyzed concerning a consumer’s sex life or sexual orientation. | NO | NO | NO | Not applicable |
Category: A. Identifiers.
Examples: Name, address, email address, IP address, account name, Social Security number, or other similar identifiers
Collected: YES
Sold or Shared: NO
Disclosed for Business Purpose: YES
To whom we disclosed personal information: Service Providers (for example, HR technology provider, auditors, recruiters)
Category: B. Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)).
Examples: Records containing personal information such as name, signature, address, phone number, bank account number or any other financial information
Collected: YES
Sold or Shared: NO
Disclosed for Business Purpose: YES
To whom we disclosed personal information: Service Providers (for example, HR technology provider, auditors, recruiters)
Category: C. Protected classification characteristics under California or federal law.
Examples: Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information).
Collected: YES (if provided by you)
Sold or Shared: NO
Disclosed for Business Purpose: YES
To whom we disclosed personal information: Service Providers (for example, HR technology provider, auditors, recruiters)
Category: D. Commercial information.
Examples: Records of products or services purchased or considered).
Collected: NO
Sold or Shared: NO
Disclosed for Business Purpose: NO
To whom we disclosed personal information: Not applicable
Category: E. Biometric information.
Examples: Fingerprints, faceprints, voiceprints or similar.
Collected: NO
Sold or Shared: NO
Disclosed for Business Purpose: NO
To whom we disclosed personal information: Not applicable
Category: F. Internet or other similar network activity.
Examples: Browsing history, search history, interaction with a website, application or advertisement.
Collected: YES
Sold or Shared: NO
Disclosed for Business Purpose: YES
To whom we disclosed personal information: Service Providers (for example, consultants, website developers, IT providers)
Category: G. Geolocation data.
Examples: General physical location or movements from a particular device.
Collected: NO
Sold or Shared: NO
Disclosed for Business Purpose: NO
To whom we disclosed personal information: Not applicable
Category: H. Sensory data.
Examples: Audio, electronic, visual, thermal, olfactory, or similar information.
Collected: YES
Sold or Shared: NO
Disclosed for Business Purpose: NO
To whom we disclosed personal information: Not applicable
Category: I. Professional or employment-related information.
Examples: Current or past job history or performance evaluations.
Collected: YES
Sold or Shared: NO
Disclosed for Business Purpose: YES
To whom we disclosed personal information: Service Providers (for example, HR technology provider, auditors, recruiters)
Category: J. Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99)).
Examples: Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records.
Collected: NO
Sold or Shared: NO
Disclosed for Business Purpose: NO
To whom we disclosed personal information: Not applicable
Category: K. Inferences drawn from other personal information.
Examples: Inferences drawn to create a profile reflecting a person’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes
Collected: YES
Sold or Shared: NO
Disclosed for Business Purpose: YES
To whom we disclosed personal information: Service Providers (for example, HR technology provider, auditors, recruiters)
Category: L. Sensitive Personal Information
Examples: A social security number, driver’s license, state identification card, or passport number
Collected: NO
Sold or Shared: NO
Disclosed for Business Purpose: NO
To whom we disclosed personal information: Not applicable
Examples: Account log-in, financial account, debit card, or credit card number in combination with any required security or access code, password, or credentials allowing access to an account
Collected: YES (Login information only)
Sold or Shared: NO
Disclosed for Business Purpose: YES
To whom we disclosed personal information: Service Provider (for example, HR technology provider)
Examples: Precise geolocation or any data that is derived from a device and that is used or intended to be used to locate a consumer within a geographic area that is equal to or less than the area of a circle with a radius of 1,850 feet, except as prescribed by regulations
Collected: NO
Sold or Shared: NO
Disclosed for Business Purpose: NO
To whom we disclosed personal information: Not applicable
Examples: Racial or ethnic origin, religious or philosophical beliefs, or union membership
Collected: YES (if provided by you)
Sold or Shared: NO
Disclosed for Business Purpose: YES
To whom we disclosed personal information: Service Provider (for example, HR technology provider)
Examples: The contents of a consumer’s mail, email, and text messages unless the business is the intended recipient of the communication
Collected: NO
Sold or Shared: NO
Disclosed for Business Purpose: NO
To whom we disclosed personal information: Not applicable
Examples: Genetic data
Collected: NO
Sold or Shared: NO
Disclosed for Business Purpose: NO
To whom we disclosed personal information: Not applicable
Examples: The processing of biometric information for the purpose of uniquely identifying a consumer.
Collected: NO
Sold or Shared: NO
Disclosed for Business Purpose: NO
To whom we disclosed personal information: Not applicable
Examples: Personal information collected and analyzed concerning a consumer’s health.
Collected: NO
Sold or Shared: NO
Disclosed for Business Purpose: NO
To whom we disclosed personal information: Not applicable
Examples: Personal information collected and analyzed concerning a consumer’s sex life or sexual orientation.
Collected: NO
Sold or Shared: NO
Disclosed for Business Purpose: NO
To whom we disclosed personal information: Not applicable
Personal information does not include:
- Publicly available information from government records.
- Deidentified or aggregated consumer information.
- Information excluded from the CCPA/CPRA’s scope, like:
- health or medical information covered by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the California Confidentiality of Medical Information Act (CMIA) or clinical trial data;
- personal information covered by certain sector-specific privacy laws, including the Fair Credit Reporting Act (FRCA), the Gramm-Leach-Bliley Act (GLBA) or California Financial Information Privacy Act (FIPA), and the Driver’s Privacy Protection Act of 1994 (DPPA).
Participants in Video Interviews
Please note when you use Company provided technology (such as Zoom or Teams) to participate in an online video interview, you consent and agree to the use of your personal information for this purpose; such technology providers may maintain their own terms of use and privacy policies for your use of those platforms, for which the Company disclaims any responsibility.
The Company does not record video interviews. Therefore, the Company does not collect or store your voice or image as the result of a video interview. Information learned about you through online interviews may include information about your personality, behavior, and suitability for a particular position. Sensitive personal information may be revealed in a video interview such as racial or ethnic origin, religion or philosophical beliefs, sexual orientation, membership in a trade union, political affiliation, physical or mental health or condition, commission or alleged commission of an offense or related proceedings or job evaluations or educational records. The Company does not require, and asks that you do not provide, such information as part of these interviews.
Sources of Personal Information
The Company obtains the categories of personal information listed above from the following categories of sources:
- Directly from you, for example, information you provide in online profiles, including social media, or career sites, job applications, recruiting events, e-mail correspondence, voicemails, or phone screens, interviews, or other communications.
- Indirectly from you, for example, through activity on our sites such as information from your device or actions taken (searches, clicks) on our pages.
- From our Service Providers or third parties, for example information obtained through external recruiting partners or sources (e.g. Job Posting websites) or the performance of reference checks.
Use of Personal Information
We may use or disclose the personal information we collect for one or more of the following purposes:
- To recruit and evaluate your job application and/or candidacy for employment. For example, if you share your name, job history and other personal information on an employment application, the Company will use that information to process your application for employment. In addition, the Company may also save your information to contact you about future openings or for legal record-keeping purposes.
- To facilitate the creation, maintenance and security of your online applicant account(s) or profiles and enable your use of those accounts/profiles.
- To conduct interviews for a job position for which you have applied or generally for future open positions.
- To provide you with support, to communicate with you, and to respond to your inquiries, including to address your concerns.
- To monitor our operations and improve our recruitment processes or responses.
- To conduct audits or workplace investigations, including investigation of potential breaches of Company policies, procedures or compliance requirements.
- To defend the interests of the Company or colleagues in threatened or actual legal proceedings, investigations or inquiries.
- To comply with all applicable federal, state or local laws and regulations.
The Company will not collect additional categories of personal information or use the personal information we collected for materially different, unrelated, or incompatible purposes without providing you notice.
The Company only collects or processes your sensitive personal information for the purposes expressly permitted by the CCPA/CPRA and its implementing regulations. The Company does not collect or process sensitive personal information for the purpose of inferring characteristics about you.
Disclosure of Personal Information
The Company may disclose your personal information to external parties for a business purpose, including those purposes noted above. When we disclose personal information for a business purpose to a Service Provider or Contractor, we enter a contract that describes the purpose and requires the recipient to both keep that personal information confidential and not use it for any purpose except performing the contract.
We also may disclose your personal information to other third parties when required by law or to meet a legal or compliance obligation.
We disclose your personal information to the following categories of external parties:
- Service providers who are providing a service for, or on behalf of, the Company such as our HR/recruiting information systems providers, website providers, recruiters, or auditors.
- Other external parties such as government authorities, law enforcement or state and federal investigative agencies where we may be required to disclose your information as required by law or to meet a legal or compliance obligation.
Sale or Sharing of Personal Information
We do not sell or share for cross-context behavioral advertising, and within the past twelve (12) months, have not sold or shared for cross-context behavioral advertising the Personal Information of California residents that we collect in relation to applications for employment at FinThrive. If you also interact with us as a visitor to our website, please review our Privacy Policy for more information about our practices in that context. We do not have actual knowledge that we sell or share the Personal Information of consumers or Applicants under 16 years of age.
Retention of Personal Information
The Company maintains a Records Retention policy that outlines our practices for retention of business-related information. We are subject to certain legal and regulatory requirements to retain certain information for a defined period of time. Absent a specific requirement to retain personal information based on the retention schedule, a contractual obligation, litigation hold or other legitimate business purpose, the Company deletes information when it is no longer necessary for the proper operation of the Company.
Since we may have job opportunities arise at any time, we may retain information in your online profile or account to contact you for future positions if you meet the job qualifications. You may request to delete your online profile or account at any time.
Your Rights and Choices
The CCPA, as amended by the CPRA, provides you (California residents) with specific rights regarding their personal information. This section describes your rights and explains how to exercise those rights.
Your Right to Know and Access Specific Pieces of Personal Information
You have the right to request that the Company disclose certain information to you about our collection and use of your personal information. Once we receive and confirm your verifiable consumer request (see Exercising Access, Data Portability, Deletion, and Correction Rights), we will disclose to you:
- The categories of personal information we collected about you.
- The categories of sources for the personal information we collected about you.
- Our business or commercial purpose for collecting or sharing that personal information.
- The categories of third parties with whom we disclose that personal information.
- The specific pieces of personal information we collected about you (if requested, also called a data portability request).
- If we shared your personal information, or disclosed it for a business purpose, two separate lists disclosing:
- the categories of personal information sold or shared about you and the categories of third parties to whom the information was sold or shared (by category of personal information for each category of third party); and
- the categories of personal information disclosed about you for a business purpose and the categories of persons to whom it was disclosed.
You may only make a verifiable consumer request for access or data portability twice within a 12-month period. Your request for access or data portability will apply to personal information collected on or after January 1, 2022, that is still maintained by the Company at the time of the request. You may specify a shorter time-period for your request at your option.
Your Right to Delete Personal Information
You have the right to request that the Company delete any of your personal information that we collected from you and retained, subject to certain exceptions. Once we receive and confirm your verifiable consumer request (see Exercising Access, Data Portability, Deletion, and Correction Rights), we will delete (and direct our service providers to delete) your personal information from our records, unless an exception applies.
We may deny your deletion request if retaining the information is necessary for us or our service provider(s) to:
- Complete the transaction for which we collected the personal information, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform our contract with you.
- Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.
- Debug products to identify and repair errors that impair existing intended functionality.
- Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law.
- Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 et. seq.).
- Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information’s deletion may likely render impossible or seriously impair the research’s achievement, if you previously provided informed consent.
- Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us.
- Comply with a legal obligation.
- Make other internal and lawful uses of that information that are compatible with the context in which you provided it.
Your Right to Correction Inaccurate Personal Information
You have the right to request that the Company correct inaccurate personal information that we maintain about you. Once we receive and confirm your verifiable consumer request (see Exercising Access, Data Portability, Deletion, and Correction Rights), we will use commercially reasonable efforts to correct (and direct our service providers to correct) your inaccurate personal information in our records.
Exercising Access, Data Portability, Deletion and Correction Rights
To exercise the access, data portability, deletion and correction rights described above, please submit a verifiable consumer request via our Web Form, or by calling us toll-free at 1-877-636-5442.
Only you, or someone legally authorized to act on your behalf, may make a verifiable consumer request related to your personal information. You may also make a verifiable consumer request on behalf of your minor child. If you choose to designate an authorized agent to make a request on your behalf, you must provide us with written authorization or a power of attorney, signed by you, for the agent to act on your behalf. You will still need to verify your identity directly with us such as through an email address we have on file.
The verifiable consumer request must:
- Provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative. For example, we may need to verify your home address or other information to validate against our system information. Authorized representatives may be asked to provide documentation to support their role.
- Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.
We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you.
Making a verifiable consumer request does not require you to create an account with us.
We will only use personal information provided in a verifiable consumer request to verify the requestor’s identity or authority to make the request.
Response Timing and Format
We endeavor to respond to a verifiable consumer request within forty-five (45) days of its receipt. If we require more time (up to 90 days), we will inform you of the reason and extension period in writing.
If you have an account with us, we will deliver our written response to that account. If you do not have an account with us, we will deliver our written response by mail or electronically, at your option.
The response we provide will explain the reasons we cannot comply with a request, if applicable. For data portability requests, we will select a format to provide your personal information that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance.
We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.
Your Right to Limit the Use and Disclosure of Sensitive Personal Information
You have the right to request that the Company limit its use of your sensitive personal information when used for purposes other than those permitted by the CCPA/CPRA and its implementing regulations. Sensitive personal information that is collected or processed as permitted is not subject to this “Right to Limit” and is treated as personal information (and thus subject to other rights listed above). The Company only collects or processes your sensitive personal information for the purposes expressly permitted by the CCPA/CPRA and its implementing regulations.
Your Right to No Retaliation
You have the right to exercise your rights without retaliation. We will not discriminate against you for exercising any of your CCPA/CPRA rights. Unless permitted by the law, we will not:
- Deny you goods or services.
- Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties.
- Provide you a different level or quality of goods or services.
- Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.
If you feel you have experienced retaliation, you are encouraged to call the Company’s Helpline at 1-844-680-0572.
Notice of Sale of De-Identified Information
With appropriate authorizations, FinThrive may sell or disclose deidentified information derived from patient information which is not subject to the CCPA/CPRA. Such information is de-identified in accordance with Section 164.514(b)(1) of Title 45 of the Code of Federal Regulations, commonly known as the HIPAA expert determination method.
Changes to Our Privacy Notice
The Company reserves the right to amend this Notice at our discretion and at any time. The most up-to-date version can always be found on our website, and updates will be reflected by the Last Updated date at the top of this Notice. When we make changes to this Notice, we will post the updated notice on our website at the point of collection and update the “Last Updated” date.
Contact Information
If you have any questions or comments about this Notice, the ways in which the Company collects and uses your information described in this Notice, your choices and rights regarding such use, or wish to exercise your rights under California law, please do not hesitate to contact us at privacy@finthrive.com.