Privacy Notice for California Contractors
CALIFORNIA LAW REQUIRES THAT WE PROVIDE YOU THIS NOTICE ABOUT THE COLLECTION AND USE OF YOUR PERSONAL INFORMATION. WE ENCOURAGE YOU TO READ IT CAREFULLY.
Effective Date: July 1, 2023
This notice (“Notice”) describes the categories of personal information that The Habit Restaurants, LLC, and its subsidiaries and affiliates, (“Company”, “we”, “us” and “our”) collects about our contractors who are California residents, and the purposes for which we use Aand share that information.
For purposes of this Notice, “personal information” and “sensitive personal information” have the meaning given in the California Consumer Privacy Act of 2018 (as amended, the “CCPA”).
This Notice does not create or form part of any contract nor is it intended to create an employment relationship between the Company and you.
If you have questions about this Notice, please contact HBGPrivacy@yum.com.
2. Information we collect about contractors
2.1. Categories of personal information
Below are categories of personal information we may collect and process before, during and after your engagement with the Company. For each category listed, the CCPA requires us to identify the statutory category under Cal. Civ. Code Section 1798.140(v)(1) to which it corresponds. These statutory categories are listed in footnotes as “California categories” or addressed in Section 2.2.
- Contact information, such as your work and home address, telephone number, email address, social media handles, and emergency contact information;
- Identification information, such as your social security number and other government-issued identification information (e.g., driver’s license, passport) and photograph;
- Immigration status and other information that would allow us to verify your authorization to work;
- Payment information, such as your fee and payment information, banking details, hours worked and reimbursable expenses;
- Role/function information, such as a description of current role/function and services, branch/unit/department, location, terms of engagement as an independent contractor or through a staffing agency or other third party that employs you, contract start and termination date(s) and reason;
- Evaluation information, such as your resume/CV or other information, including materials provided by staffing agencies or other third parties, to evaluate your skills and qualifications (e.g., education history, professional qualifications, language, skills, certifications), and complete a background check where requested and permitted by law;
- Credentials, technology, access and system information, such as your Company email address, usernames, passwords, and keycard number; information about your use of, as well as content and communications you send and receive through, devices, Company communications, IT systems and applications (e.g., time of use, files accessed, search history, web pages viewed, IP address, device ID, device location); and information about your access to and locations within offices and facilities (e.g., keycard scans and security camera footage);
- Medical information, such as your body temperature, health symptoms, vaccination status and other screening information in connection with the Company’s health and safety plans and protocols, including screening required to access Company offices/facilities and other measures designed to prevent the transmission of COVID-19 or other infectious diseases;
- Information needed to evaluate accommodation requests regarding potential disabilities or other health conditions; and
- Other information you provide during the course of your engagement with us. In certain cases we may ask you for additional information for purposes of complying with applicable laws. We may also inquire about criminal and/or credit records. We will do so only where permitted by applicable law.
2.2. Sensitive personal information and protected classification characteristics
With the possible exception of “contact information”, all of the categories above include, or contain information from which it may be possible to infer, sensitive personal information and characteristics of protected classifications under California or federal law if applicable. However, we do not use or disclose sensitive personal information in ways subject to the right of California residents to limit use of sensitive personal information under the CCPA.
2.3. Sources of personal information
We collect personal information from you when we are exploring an engagement with you as well as during and after the course of the engagement. We may also collect your personal information from various other sources and combine it with the personal information you provide us. For example, we may collect your personal information from:
- your employers, including staffing agencies or other third parties that refer you to us;
- professional references;
- providers of background check, credit check, or other screening services (where permitted by law);
- your public social media profiles or other publicly-available sources;
- Company communications and IT systems/applications that automatically collect information about, and transmitted by, users; and
- other Company personnel.
This section generally describes our practices currently and during the preceding 12 months. You should assume that each category of personal information we collect may have been collected from each category of sources listed above in this section.
3. How we use and disclose personal information of contractors
3.1. Purposes for which we use personal information
We may use the categories of personal information above for the following purposes:
- Workforce management. Managing work activities and personnel generally, such as:
- communicating with you;
- paying fees in respect of your services and managing authorized expense reimbursements;
- performing background, reference, and/or credit checks;
- providing information technology resources and support;
- maintaining internal personnel directories; and
- otherwise administering our engagement with you.
- Business operations. Operating and managing our business, including managing communications and IT systems; research, development and operation of our products and/or services; managing and allocating Company assets and personnel; strategic planning and project management; business continuity; maintenance of business and audit records; budgeting, financial management and reporting; internal communications; promoting our business; physical and information security; health and safety, including the personal safety and security of employees, contractors, vendors and other visitors; and evaluating and undergoing mergers, acquisitions, sales, re-organizations or disposals and integration with purchasers.
- Compliance, safety and protection. Complying with legal and other requirements, such as tax, audit, recordkeeping, reporting, and verifying identity; complying with lawful requests and legal process, such as to respond to subpoenas or requests from government authorities; protecting our, your or others’ rights, safety and property, including by complying with applicable public health guidelines and requirements, including, without limitation, guidance from the Centers for Disease Control or other public health authorities relating to the prevention and control of COVID-19 or other infectious diseases; investigating and deterring against fraudulent, harmful, unauthorized, unethical or illegal activity, or conduct in violation of our policies or procedures; pursuing legal rights and remedies, including investigating, making and defending complaints or legal claims; administering and enforcing internal policies and procedures; and sharing information with government authorities, law enforcement, courts or private parties for the foregoing purposes.
- Monitoring. Monitoring offices and facilities, IT and communications systems, devices, equipment and applications through manual review and automated tools such as security software, and website and spam filtering software, and controlling access to and monitoring our physical premises (e.g., by requiring health screenings to access offices/facilities and using security cameras and keycard scans) to protect our, your or others’ rights, safety and property; operate, maintain and protect the security of our network systems and devices; protect our proprietary and confidential information and intellectual property; for recordkeeping and archiving; for personnel training (where applicable); for the compliance, safety and protection purposes described above; to investigate and respond to security and other incidents; and for business continuity (such as monitoring businessrelated emails following a contractor’s departure).
- Analytics. Creating anonymous, aggregated or de-identified data that we use and share to analyze our workforce and business and for other lawful business purposes.
3.2. Sharing personal information
We may share your personal information with the following parties for the purposes described above.
- Affiliates. Our corporate parent, subsidiaries, and other affiliates under the control of our corporate parent, for purposes consistent with this Notice or to operate shared infrastructure, systems and technology.
- Company service providers. Providers of services to the Company, such as IT systems and support, information and physical security and background check providers.
- Business contacts. Current and prospective customers and other business contacts that you interact with in the ordinary course of your engagement.
- Government authorities, law enforcement and others. Government authorities, law enforcement, courts, and others as described in the compliance, safety and protection section above.
- Business transfer participants. Parties to transactions and potential transactions whereby we sell, transfer or otherwise share some or all of our business or assets, including your personal information, such as a corporate divestiture, merger, consolidation, acquisition, reorganization or sale of assets, or in the event of bankruptcy or dissolution.
- Professional advisors. Accountants, auditors, lawyers, insurers, bankers, and other outside professional advisors who require your information in the course of providing their services.
- Customers and business partners. Customers, other companies and individuals with whom the Company does business or is exploring a business relationship.
- Other parties not listed above but that are identified at or before the point at which we collect your personal information along with the purposes for which the information will be shared. This section generally describes our practices currently and during the preceding 12 months. You should assume that each category of personal information we collect may be disclosed, and may have been disclosed during the preceding 12 months, to each category of other parties listed above in this section.
The criteria for deciding how long to retain personal information is generally based on whether such period is sufficient to fulfill the purposes for which we collected it as described in this Notice, including complying with our legal obligations.
4. California privacy rights
4.1. Your California privacy rights
California residents have the rights listed below under the CCPA. However, these rights are not absolute, and in certain cases we may decline your request as permitted by law. You are not employed by us, but you may be eligible for voluntary programs (including in-office contests, such as prizes or raffles) that we will also use your information for, should you choose to participate.
- Information. You can request the following information about how we have collected and used your personal information during the past 12 months:
- The categories of personal information that we have collected.
- The categories of sources from which we collected personal information.
- The business or commercial purpose for collecting or selling personal information.
- The categories of third parties with which we share personal information.
- The categories of personal information that we sold or disclosed for a business purpose.
- The categories of third parties to whom the personal information was sold or disclosed for a business purpose.
- Access. You can request a copy of the personal information that we have collected about you.
- Deletion. You can ask us to delete the personal information that we have collected from you.
- Correction. You can ask us to correct inaccurate personal data that we have collected about you.
- Nondiscrimination. You are entitled to exercise the rights described above free from discrimination as prohibited by the CCPA, including exercising such rights without retaliation.
4.2. How to exercise your California privacy rights
Your authorized agent may make a request on your behalf upon our verification of the agent’s identity and our receipt of a copy of a valid power of attorney given to your authorized agent pursuant to California Probate Code Sections 4000-4465. If you have not provided your agent with such a power of attorney, you must provide your agent with written and signed permission to exercise your CCPA rights on your behalf, provide the information we request to verify your identity, and provide us with confirmation that you have given the authorized agent permission to submit the request.
5. Third parties
This Notice does not address, and we are not responsible for, the practices of any third parties, which have their own rules for how they collect and use your personal information. Our links to third party websites or services are not endorsements.
6. Changes to this Notice
We reserve the right to change this Notice at any time. The “Effective Date” heading at the top of this Notice indicates when it was last revised. Any changes will become effective when we post the revised notice on any website or other location where we make it available to you.
7. Your obligations
It is your responsibility to ensure that information you submit does not violate any third party’s rights. You should keep your personal information on file with the Company up to date and inform us of any significant changes to it.