Workforce Privacy Notice | Cintas (2024)

The description of our data practices in this Notice will be updated at least annually. We may change or update this Notice from time to time. When we do, we will communicate changes and updates by posting the updated Notice with a new “Updated” date. Otherwise, this Notice serves as our notice at collection.

We may collect your personal data directly from you, such as (i) when you apply for a position or become employed or engaged by us (e.g., identification/identity data, contact details, educational and employment data); (ii) indirectly from you, such as by overserving your actions on our network or from information your computer or mobile device transmits when interacting with our network; (iii) from others through interactions in the course of employment or engagement; (iv) from third parties (e.g., references); or (v) from public sources of data.

Generally, we use Workforce personal data for HR Business Purposes and as otherwise related to the operation of our business, including for: performing services; managing interactions and transactions; security; debugging; quality assurance; processing interactions and transactions; and research and development. For example, we may use Workforce personal data for the following purposes:

We may also use personal data for “Additional Business Purposes” in a context that is not a sale or share under the CCPA, such as:

Subject to restrictions and obligations under the CCPA, our Vendors may also use your personal data for Business Purposes and Additional Business Purposes, and may engage their own vendors to enable them to perform services for us.

Category of Personal DataExamples of Personal Data Collected and RetainedCategories of Recipients1. IdentifiersName, alias, postal address, unique personal identifiers, online identifier, Internet Protocol address, e-mail address, account name, Social Security number, driver’s license number, passport number, or other similar identifiers.

Disclosures for Business Purposes:

  • General IT, software, and other business Vendors;
  • HR system and software Vendors;
  • Non-software HR vendors, such as drug screening Vendors
  • Payroll provider (e.g., SAP SuccessFactors);
  • Governmental entities (for example, in relation to our obligations to determine employment eligibility, responding to requests pursuant to legal or regulatory process, and tax obligations); and/or
  • Other parties (e.g., litigants and third-party advisors) within the limits of Additional Business Purposes.

Sale/Share: None

2. Personal RecordsName, signature, physical characteristics or description, address, telephone number, insurance policy number, medical information, drug screening records, health insurance information, and financial information (e.g., bank account number). Some PI included in this category may overlap with other categories.

Disclosures for Business Purposes:

  • General IT, software, and other business Vendors;
  • HR system and software Vendors;
  • Payroll provider (e.g., SAP SuccessFactors);
  • Governmental entities (for example, in relation to our obligations to determine employment eligibility, responding to requests pursuant to legal or regulatory process, and tax obligations); and/or
  • Other parties (e.g., litigants and third-party advisors) within the limits of Additional Business Purposes.

Sale/Share: None

3. Protected Characteristics or TraitsIn some circ*mstances, we may collect PI that is considered protected under U.S. law, such as age, race, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy, or childbirth), and veteran or military status.

Disclosures for Business Purposes:

  • General IT, software, and other business Vendors;
  • HR system and software Vendors;
  • Governmental entities (for example, responding to requests pursuant to legal or regulatory process, and tax obligations); and/or
  • Other parties (e.g., litigants) within the limits of Additional Business Purposes.

Sale/Share: None

4. Commercial InformationRecords of products or services purchased or obtained in the HR context, such as benefits you have signed up for.

Disclosures for Business Purposes:

  • General IT, software, and other business Vendors;
  • HR system and software Vendors;
  • Payroll and benefits vendors and providers; and/or
  • Other parties (e.g., litigants and government entities) within the limits of Additional Business Purposes.

Sale/Share: None

5.Internet Usage InformationWhen you use our online systems or otherwise interact with us online, we may collect browsing history, search history, and other information regarding your interaction with our systems or other sites, applications, or content.

Disclosures for Business Purposes:

  • General IT, software, and other business Vendors; and/or
  • Other parties (e.g., litigants and government entities) within the limits of Additional Business Purposes.

Sale/Share: None

6. Geolocation DataIf you use our systems or interact with us online we may gain access to the approximate, and sometimes precise, location of the device or equipment you are using,or the location from which you are accessing our systems. We may also track the location of Cintas-owned equipment.

Disclosures for Business Purposes:

  • General IT, software, and other business Vendors; and/or
  • Other parties (e.g., litigants and government entities) within the limits of Additional Business Purposes.

Sale/Share: None

7.Sensory DataWe may collect audio, electronic, visual, or similar information such as via our video security recordings and our HR hotline.

Disclosures for Business Purposes:

  • General IT, software, and other business Vendors; and/or
  • Other parties (e.g., litigants and government entities) within the limits of Additional Business Purposes.

Sale/Share: None

8.Professional or Employment InformationProfessional, educational, or employment-related information, including current or past job history or performance evaluations.

Disclosures for Business Purposes:

  • General IT, software, and other business Vendors;
  • HR system and software Vendors; and/or
  • Other parties (e.g., litigants and government entities) within the limits of Additional Business Purposes.

Sale/Share: None

9.Non-public Education RecordsEducation records directly related to a student, maintained by an educational institution or party acting on its behalf, such as grades and transcripts.

Disclosures for Business Purposes:

  • General IT, software, and other business Vendors;
  • HR system and software vendors; and/or
  • Other parties (e.g., litigants and government entities) within the limits of Additional Business Purposes.

Sale/Share: None

10.Information Derived from Personal Data CollectedInferences from other information collected about you. These inferences may reflect your preferences, predispositions, abilities, and aptitudes.

Disclosures for Business Purposes:

  • General IT, software, and other business Vendors;
  • HR system and software Vendors; and/or
  • Other parties (e.g., litigants and government entities) within the limits of Additional Business Purposes.

Sale/Share: None

11.Sensitive Personal DataGovernment Issued ID Numbers (Social Security, driver’s license, state ID card, or passport number).

Disclosures for Business Purposes:

  • General IT, software, and other business Vendors;
  • HR system and software Vendors; and/or
  • Other parties (e.g., litigants and government entities) within the limits of Additional Business Purposes.

Sale/Share: None

Account Log-In (e.g., username and password to online account).

Disclosures for Business Purposes:

  • General IT, software, and other business Vendors; and/or
  • Other parties (e.g., litigants and government entities) within the limits of Additional Business Purposes.

Sale/Share: None

Financial Data (financial account, debit card, or credit card number in combination with any required security or access code, password, or credentials allowing access to an account).

Disclosures for Business Purposes:

  • General IT, software, and other business Vendors; and/or
  • Other parties (e.g., litigants and government entities) within the limits of Additional Business Purposes.

Sale/Share: None

Precise Geolocation (any data that is derived from a device and that is used or intended to be used to locate an individual w/in a geographic area that is equal to or less than the area of a circle with a radius of 1,850 feet).

Disclosures for Business Purposes:

  • General IT, software, and other business Vendors; and/or
  • Other parties (e.g., litigants and government entities) within the limits of Additional Business Purposes.

Sale/Share: None

Personal Characteristics (racial or ethnic origin, religious or philosophical beliefs, or union membership), to the extent such information is voluntarily provided by an individual or as required by applicable law.

Disclosures for Business Purposes:

  • General IT, software, and other business Vendors; and/or
  • Other parties (e.g., litigants and government entities) within the limits of Additional Business Purposes.

Sale/Share: None

Communication Content (contents of mail, email, and text messages, other than where Cintas is the intended recipient of the communication).

Disclosures for Business Purposes:

  • General IT, software, and other business vendors; and/or
  • Other parties (e.g., litigants and government entities) within the limits of Additional Business Purposes

Sale/Share: None

Biometric Information (the processing of limited biometric information to the extent it is voluntarily provided for the purpose of optional wellness programs)

Disclosures for Business Purposes:

  • Our optional partner wellness program provider (i.e., Virgin Pulse)

Sale/Share: None

Health Information (Personal Data collected and analyzed concerning an individual’s health), to the extent such information is voluntarily provided by an individual or as required by applicable law.

Disclosures for Business Purposes:

  • General IT, software, and other business vendors;
  • Benefits vendors and providers; and/or
  • Other parties (e.g., litigants and government entities) within the limits of Additional Business Purposes.

Sale/Share: None

Sex Life/ Sexual Orientation (Personal Data collected and analyzed concerning an individual’s sex life or sexual orientation), to the extent such information is voluntarily provided by an individual or as required by applicable law

Disclosures for Business Purposes:

  • General IT, software, and other business Vendors; and/or
  • Other parties (e.g., litigants and government) within the limits of Additional Business Purposes.

Sale/Share: None

We do not sell your personal data and we do not “share” your personal data for purposes of cross-context behavioral advertising, as defined under the CCPA. We have not engaged in such activities in the 12 months preceding the date this Notice was last updated. Without limiting the foregoing, we do not knowingly sell or “share” personal data of minors under 16 years of age.

Retention of Information.We will keep your personal data for as long as necessary to fulfill the purposes we collected it for and in accordance with our internal document retention policy and any applicable laws. We will retain and use each category of personal data as long as you have a professional relationship with us. Thereafter, we will keep your personal data for as long as is necessary (1) to protect our legal interests; and (2) to keep records required by law. Different retention periods apply for different types of personal data.

Purposes for the Collection, Use, and Disclosure of Sensitive Personal Data.We collect, use, and disclose sensitive personal data for purposes of: performing services on behalf of our business; performing services and providing goods as requested by you; ensuring the quality or safety of services we control or improving those services; ensuring the security and integrity of our infrastructure and the individuals we interact with; establishing and maintaining your employment relationship with us; managing payroll and corporate credit card use; administering and providing benefits; short-term transient use; securing the access to, and use of, our facilities, equipment, systems, networks, applications, and infrastructure; preventing, detecting, and investigating security incidents; resisting and responding to fraud or illegal activities; and other collection and processing that is not for the purpose of inferring characteristics about an individual. We do not use or disclose sensitive personal data for additional purposes.

2. YOUR RIGHTS AND HOW TO EXERCISE THEM

You have the same rights to know/access, obtain a copy, delete, correct, and opt-out as traditional Consumers and may learn more about these rights and how to exercise them in Section II of our U.S. State Privacy Notice.

3. NON-DISCRIMINATION / NO RETALIATION

We will not discriminate or retaliate against you for your exercise of your privacy rights.

4. OUR RIGHTS AND RIGHTS OF OTHERS

Notwithstanding anything to the contrary, we may collect, use and disclose your personal data as required or permitted by applicable law, and this may override your rights under the CCPA. In addition, we are not required to honor your requests to the extent that doing so would infringe upon our or another person’s or party’s rights or conflict with applicable law.

5. CONTACT US

If you have any questions, comments, or concerns about our HR privacy practices, please contact us by e-mail at [emailprotected] or call us at 844-378-7411. Please note that e-mail communications will not necessarily be secure; accordingly, you should not include sensitive information in your e-mail correspondence with us.

Workforce Privacy Notice | Cintas (2024)

FAQs

What should a privacy notice use? ›

The notice should be simple, straightforward, direct, affirmative and respectful. Use short sentences, in active voice, which are easier to understand. If you are enumerating several items, use bullet points. Each section of the notice should have an informative heading to accurately describe what follows.

Why am I getting a privacy notice? ›

The privacy notice aims to communicate the organization's data practices in a clear and accessible manner, ensuring that individuals are informed about how an organization uses their personal information.

What information must be disclosed on the privacy notice? ›

The Contents of the Privacy Notice

Your notice must include, where it applies to you, the following information: Categories of information collected. For example, nonpublic personal information obtained from an application or a third party such as a consumer reporting agency. Categories of information disclosed.

Which of the following should be mentioned on a privacy notice? ›

Your privacy notice needs to include people's information rights, including the right to withdraw consent, where that's your lawful basis. Also tell people how they can complain if they've got concerns about the way you're using their information.

What are the three types of privacy notices? ›

There are three types of privacy notices defined in the regulations: an initial notice, an annual notice, and a revised notice. The regulation specifies when and to whom a bank is required to give each type of privacy notification. Let's look at the when and who for each type of privacy notice.

Who determines a privacy notice? ›

A privacy notice is determined by the organization that collects and processes personal data. The data controller creates it and should accurately reflect the organization's data processing activities.

What is not required on a privacy notice? ›

You do not need to tell people about any statutory obligations to provide the personal data, but you do need to give people additional information on the categories of personal data you obtained and the source of that information.

Which is an acceptable delivery method for a privacy notice? ›

They can deliver written notices in person, by mail (to the consumer's last known address), or the bank can communicate electronically.

How should the initial privacy notice be given? ›

Providing notice not later than when you establish a customer relationship would not substantially delay the customer's transaction when the relationship is initiated in person at your office or through other means by which the customer may view the notice, such as on a Web site. (f) Delivery.

How do I deliver a privacy notice? ›

(a) How to provide notices.

You must provide any privacy notices and opt out notices, including short-form initial notices, that this part requires so that each consumer can reasonably be expected to receive actual notice in writing or, if the consumer agrees, electronically.

References

Top Articles
Latest Posts
Article information

Author: Sen. Ignacio Ratke

Last Updated:

Views: 5748

Rating: 4.6 / 5 (76 voted)

Reviews: 91% of readers found this page helpful

Author information

Name: Sen. Ignacio Ratke

Birthday: 1999-05-27

Address: Apt. 171 8116 Bailey Via, Roberthaven, GA 58289

Phone: +2585395768220

Job: Lead Liaison

Hobby: Lockpicking, LARPing, Lego building, Lapidary, Macrame, Book restoration, Bodybuilding

Introduction: My name is Sen. Ignacio Ratke, I am a adventurous, zealous, outstanding, agreeable, precious, excited, gifted person who loves writing and wants to share my knowledge and understanding with you.