Data Consent Policy for California Job Applicants.

Notice at Collection and Privacy Policy for California Job Applicants

Last Updated: July 1, 2023

XL Industries and its subsidiaries and affiliated companies (“Company”) takes your privacy seriously. We want you to know how we collect, use, and disclose, your personal information.

EEO Statement

Company is an equal employment opportunity employer. The Company’s policy is not to unlawfully discriminate against any applicant or employee on the basis of race, color, sex, religion, national origin, age, disability, status as a protected veteran, or any other consideration made unlawful by applicable federal, state, or local laws. The Company also prohibits harassment of applicants and employees based on any protected category, characteristic or status. It is also the Company’s policy to comply with all applicable state, federal and local laws respecting consideration of unemployment status in making hiring decisions.

Company complies with the ADA, the ADAAA and applicable state law and considers reasonable accommodation
measures that may be necessary for qualified applicants/employees to perform the essential functions of the job. Hire may be contingent upon a post-offer medical examination, and to skill and agility tests, as appropriate for the position.

This Privacy Policy explains:

The categories of personal information we collect about you
The categories of sources from which we collect your personal information
The purposes for which we use your personal information
How we may disclose your personal information
How long we keep your personal information
Your rights and how to exercise them
Changes to this Privacy Policy

Scope:

This Privacy Policy applies to the personal information of California residents in their role as job applicants to Company (“Applicants”).

“Personal information” means information that identifies, relates to, describes, is reasonably capable of being
associated with, or could reasonably be linked, directly or indirectly, with a particular Applicant.

THE CATEGORIES OF PERSONAL INFORMATION WE COLLECT ABOUT YOU
- Identifiers, for example: real name, nickname, telephone number, postal address, e-mail address, and signature.
- Professional or Employment-Related Information, for example: educational institutions attended, degrees and certifications, licenses, work experience and previous employers, and professional memberships and affiliations.
- Non-public educational information, for example: academic transcripts.
- Commercial Information, for example: travel expense records for an interview.
- Internet Activity Information, for example: interactions with Company’s Internet web site, job application, or job advertisement, and publicly available social media activity.
- Sensory or Surveillance Data, for example: voice-mails, audio/visual recordings of interviews, and footage from video surveillance cameras.
- § 1798.80: personal information described under Cal. Civ. Code § 1798.80 to the extent not already included in other categories in this section, such as a photograph.
- Other details, for example, hobbies and leisure activities or membership in voluntary/charitable/public organizations, for example, as stated on the Applicant’s resume.
- Characteristics of Protected Classifications Under California or Federal Law for Applicants, collected on a purely voluntary basis, except where collection is required by law, and used only in compliance with applicable laws and regulations, for diversity and inclusion reporting and related purposes.
- Login credentials, for example: login credentials to an online account owned or subscribed-to by Company.
THE CATEGORIES OF SOURCES FROM WHICH WE COLLECT YOUR PERSONAL INFORMATION
- You, for example, in your job application, forms you fill out for us, assessments you complete, surveys you complete, and any information you provide us during the course of your application and interview process.
- Vendors and service providers, for example, recruiters.
- Third parties, for example, job references, affiliated companies, professional employer organizations or staffing agencies.
- Public internet sources, for example, social media, job boards, public profiles, and other public online sources
- Public records, for example, court records, and credentialing and licensing organizations.
- Automated technologies on Company’s electronic resources, for example, to track logins and activity on Company’s careers page.
- Surveillance/recording technologies installed by Company, for example, video surveillance in common areas of Company facilities, voicemail technologies, webcams, and audio/video recording technologies with consent to the extent required by law.
- Government or administrative agencies, for example, law enforcement or public health authorities.
- Acquired company, if Company acquired your employer, Company might collect personal information from that employer.
  Note: This Privacy Policy does not cover background screening conducted by third-party background check vendors subject to the federal Fair Credit Reporting Act. Company provides a separate disclosure for such screening.
THE PURPOSES FOR WHICH WE USE YOUR PERSONAL INFORMATION
1. Generally Applicable Purposes:
  Unless stated otherwise in section 3.B, below, we may use Applicants’ personal information for the following purposes:
  - Recruiting
    - To evaluate Applicants’ qualifications or suitability for employment with Company
    - To communicate with Applicants
    - To conduct a pre-employment or criminal history background check
    - For identification purposes
    - For diversity and inclusion purposes
    - To arrange and manage Company-sponsored events
    - To create a talent pool for future job openings
    - For recordkeeping purposes
    - To demonstrate Applicants’ agreement to, or acceptance of, documents presented to them, e.g., preemployment arbitration agreement, acknowledgment of employment application, offer letter
    - To evaluate and improve the recruiting process
    - To promote Company as a place to work
  - Monitoring, Security, and Compliance:
    - To monitor use of Company information systems and other electronic resources or information systems
    - To conduct internal audits
    - To conduct internal investigations
    - To protect the safety and security of Company’s facilities
    - To report suspected criminal conduct to law enforcement and cooperate in investigations
    - To control access to secure facilities
    - To monitor compliance with Company policies
    - To exercise Company’s rights under applicable law and to support any claim, defense, or declaration in a case or before a jurisdictional and/or administrative authority, arbitration, or mediation panel
  - Conducting Our Business:
    - For training purposes or quality assurance with respect to Company employees conducting the interviews or otherwise assisting with the recruiting and hiring process
    - For travel and event planning
    - To engage in crisis management
    - To manage travel reimbursements
  - Miscellaneous Other Purposes:
    - To manage and operate information technology and communications systems, risk management and insurance functions, budgeting, financial management and reporting, strategic planning;
    - To manage litigation involving Company, and other legal disputes and inquiries and to meet legal and regulatory requirements;
    - In connection with a corporate transaction, sale, or assignment of assets, merger, divestiture, or other changes of control or financial status of Company or any of its subsidiaries or affiliates; and
    - To protect the rights, property, or safety of Company, HR Individuals, customers or others.
2. Purposes Specific To Certain Categories Of Personal Information:
  We may use the categories of Applicants’ personal information listed in this Section 3.B for the purposes stated below:
  - Purposes For Using Applicant Health Information:
    - To the extent necessary to comply with Company’s legal obligations, such as to accommodate disabilities
    - To protect the health and safety of Company’s employees and facilities, for example, to take the Applicant’s temperature
    - For occupational health and safety compliance and record-keeping
    - To conduct pre-employment medical examinations
    - To respond to an Applicant’s medical emergency
      Note: This Privacy Policy does not cover health information governed by the Health Insurance Portability and Accountability Act (HIPAA), the Health Information Technology for Economic and Clinical Health Act (HITECH Act), or California’s Confidentiality of Medical Information Act (CMIA).
  - Purposes For Using Applicants’ Protected Categories Of Information:
    - Company collects information about race, age, national origin, disability, sex, and veteran status as necessary to comply with legal obligations, including the reporting requirements of the federal Equal Employment Opportunity Act, the federal Office of Contracting Compliance Programs (applicable to government contractors), and California’s Fair Employment and Housing Act, and for purposes of diversity analytics.
    - Company also uses this personal information for purposes including: (a) with respect to disability and/or medical condition, as necessary, to comply with federal and California law related to accommodation; and (b) with respect to age, incidentally to the use of birth date for identity verification.
    - Company collects protected categories of Personal Information on a purely voluntary basis, except where required by law, and uses the information only in compliance with applicable laws and regulations.
  - Deidentified Information
    - At times, Company converts personal information into deidentified information using reasonable measures to ensure that the deidentified information cannot be associated with the individual (“Deidentified Information”). Company maintains Deidentified Information in a deidentified form and does not attempt to reidentify it, except that Company may attempt to reidentify the information solely for the purpose of determining whether its deidentification processes ensure that the information cannot be associated with the individual. Company prohibits vendors, by contract, from attempting to reidentify Company’s Deidentified Information.
  - HOW WE MAY DISCLOSE YOUR PERSONAL INFORMATION
    - Company generally maintains information related to Applicants as confidential. However, from time to time, Company may have a legitimate business need to disclose Applicants’ personal information for one of the purposes listed in Section 2, above, to one or more of the categories of external recipients listed below. In that event, Company discloses your personal information and/or sensitive personal information only to the minimum extent necessary to achieve the purpose of the disclosure and only if the disclosure is permitted by the CPRA and other applicable laws.
  - Service providers and contractors: Company discloses your personal information to service providers and contractors for the purposes above to assist us in our recruiting efforts and in meeting our business needs and legal obligations.
    - Company only discloses your personal information to service providers and contractors subject to written contracts as required by applicable law.
    - Service providers and contractors include recruiters, law firms, travel agencies, and any other entity providing services to Company.
  - Affiliated companies: Other companies within the XL Industries family of companies.
  - Government or administrative agencies: These may include, for example:
    - Equal Employment Opportunity Commission as required for reporting.
    - California Department of Fair Employment and Housing as required to respond to employment claims and charges.
    - Law enforcement in the event of criminal investigations.
  - Required Disclosures: We may be required to disclose personal information in a court proceeding, in response to a court order, subpoena, civil discovery request, other legal process, or as otherwise required by law.
  - Legal Compliance and Protections: We may disclose personal information when we believe disclosure is necessary to comply with the law or to protect the rights, property, or safety of Company, our users, or others.
    No sales and no “sharing”, i.e., disclosure for cross-context behavioral advertising:
    Company does not sell the personal information of any Applicants nor share their personal information for cross-context behavioral advertising.
HOW LONG WE KEEP YOUR PERSONAL INFORMATION
If Company hires you, the information collected about your during the job application process may become part of your personnel file and may be used to administer the employment relationship and for related reporting and recordkeeping purposes. Company will retain this application information for the entire duration of your employment relationship with Company and for as long thereafter as permitted or required by applicable law. Company makes its document retention schedule available to employees for review.
Company will retain information of applicants who are not hired for a legally permissible duration after the record is collected. These records will be retained for our internal record keeping and reporting purposes in compliance with California Government Code § 12946. During that time, we may use your information to consider you for positions in addition to the position(s) for which you initially applied.
YOUR PRIVACY RIGHTS AND HOW TO EXERCISE THEM
1. Your California Privacy Rights
  Subject to applicable law, Applicants have the following rights:
  - Right to Know: You have the right to submit a verifiable request for copies of specific pieces of your personal information collected in the preceding 12 months and for information about the Company’s collection, use, and disclosure of your personal information during that same 12-month time period. Please note that the CPRA’s right to obtain copies does not grant a right to the whole of any document that contains personal information, but only to copies of “specific pieces” of personal information. Moreover, HR Individuals have a right to know categories of sources of personal information and categories of external recipients to which personal information is disclosed, but not the individual sources or recipients. Company does not always track individualized sources or recipients.
  - Right to Delete: You have the right to submit a verifiable request for the deletion of personal information that you have provided to Company.
  - Right to Correct: You have the right to submit a verifiable request for the correction of inaccurate personal information maintained by Company, taking into account the nature of the personal information and the purposes of processing the personal information.
2. How to Exercise Your Rights
  Company will respond to requests know, delete, and correct in accordance with applicable law if it can verify the identity of the individual submitting the request. You can exercise these rights in the following ways:
  - Call 408-240-6329
  - Email people@xlconstruction.com
3. How We Will Verify Your Request:
  The processes that we follow to verify your identity when you make a request to know, correct, or delete are described below. The relevant process depends on how and why the request is submitted.
  If you submit a request by any means other than through a password-protected account that you created before the date of your request, the verification process that we follow will depend on the nature of your request as described below:
  1. Requests To Know Categories Or Purposes: If you request to know how we collect and handle your personal information, we will match at least two data points that you provide with your request, or in response to your verification request, against information about you that we already have in our records and that we have determined to be reliable for purposes of verifying your identity. Examples of relevant data points include your mobile phone number, your zip code, and the month and year you submitted a job application to us.
  2. Requests To Know Specific Pieces Of Personal Information: We will match at least three data points that you provide with your request to know, or in response to our request for verification information, against information that we already have about you in our records and that we have determined to be reliable for purposes of verifying your identity. In addition, we may require you to sign a declaration under penalty of perjury that you are the individual whose personal information is the subject of the request.
  3. Requests To Correct or Delete Personal Information: Our process for verifying your identity will depend on the sensitivity (as determined by Company) of the personal information that you ask us to correct delete. For less sensitive personal information, we will require a match of two data points as described in Point No. 1, above. For more sensitive personal information, we will require a match of three data points and a signed declaration as described in Point No. 2, above.
    We have implemented the following additional procedures when verifying the identity of requestors:
    - If we cannot verify your identity based on the processes described above, we may ask you for additional verification information. If we do so, we will not use that information for any purpose other than verification.
    - If we cannot verify your identity to a sufficient level of certainty to respond to your request, we will let you know promptly and explain why we cannot verify your identity.
4. Authorized Agents
  If an authorized agent submits a request to know, correct or delete on your behalf, the authorized agent must submit with the request either (a) a power of attorney that is valid under California law, or (b) a document signed by you that authorizes the authorized agent to submit the request on your behalf. In addition, we may ask you or your authorized agent to follow the applicable process described above for verifying your identity. You can obtain “Authorized Agent Designation” form by contacting us at people@xlconstruction.com
5. Company’s Non-Discrimination and Non-Retaliation Policy
  Company will not unlawfully discriminate or retaliate against you for exercising your privacy rights under the California Privacy Rights Act.
CHANGES TO THIS PRIVACY POLICY
If we change this Privacy Policy, we will post those changes on this page and update the Privacy Policy modification date above. If we materially change this Privacy Policy in a way that affects how we use or disclose your personal information, we will provide a prominent notice of such changes and the effective date of the changes before making them.
For More Information
For questions or concerns about Company’s privacy policies and practices, please contact us at people@xlconstruction.com

Notice at Collection and Privacy Policy for HR Individuals Who Reside in California

Last Updated: July 1, 2023

XL Industries and its subsidiaries and affiliated companies (“Company”) takes your privacy seriously. We want you to know how we collect, use, and disclose, your personal information.

This Privacy Policy explains:

The categories of personal information we collect about you
The categories of sources from which we collect your personal information
The purposes for which we use your personal information
How we may disclose your personal information
How long we keep your personal information
Your privacy rights and how to exercise them
Changes to this Privacy Policy

Scope:

This Privacy Policy applies to the personal information of California residents who are employees, independent contractors, interns, volunteers, owners, board members, and other individuals who perform work for Company, as well as their dependents, emergency contacts, and beneficiaries, (collectively, “HR Individuals”) in their role as HR Individuals. This Privacy Policy informs HR Individuals about the categories of personal information Company has collected about them in the preceding twelve months as well as the categories of personal information that the Comply will collect about HR individuals in the future.

Except where the Privacy Policy specifically refers only to a specific category of HR Individuals, e.g., employees, this Privacy Policy refers to all categories of HR Individuals collectively.

“Personal information” means information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular HR Individual or household.

THE CATEGORIES OF PERSONAL INFORMATION WE COLLECT ABOUT YOU
- Identifiers, for example: real name, alias, telephone number, postal address, e-mail address, signature, bank account name and number for direct deposits, and photographs.
- Professional or Employment-Related Information, for example: educational institutions attended, degrees and certifications, licenses, work experience and previous employers, professional memberships and affiliations, union representation, seniority, training, employment start and ending dates, and job title.
- Compensation and benefits information for employees, for example: salary, bonus and commission, equity compensation information, hours and overtime, leave information, bank details (for payroll and reimbursement purposes only), benefits in which you may be enrolled, and identifying information for dependents and beneficiaries.
- Non-public educational information, for example: academic transcripts.
- Commercial Information, for example: business travel and expense records.
- Internet Activity Information, for example: Internet browsing and search history while using Company’s network, log in/out and activity on Company’s electronic resources, interactions with Company’s Internet web site, application, or advertisement, and publicly available social media activity.
- Sensory or Surveillance Data, for example: voice-mails, recordings of meetings or video-conferences, and footage from video surveillance cameras.
- § 1798.80: personal information described under Cal. Civ. Code § 1798.80 to the extent not already included in other categories here, such as bank account number for purposes of direct deposit or insurance policy number.
- Preferences, for example, hobbies and leisure activities, membership in voluntary/charitable/public organizations, and preferences regarding work tools, travel, hours, food for company events, etc.
- Characteristics of Protected Classifications Under California or Federal Law for employees, for example: race, age, national origin, disability, sex, and veteran status as necessary to comply with legal obligations and to support diversity and inclusion programs; disability, medical condition, and pregnancy, childbirth, breastfeeding, and related medical conditions, as necessary to comply with Federal and California law related to leaves of absence and accommodation; and marital and familial status as necessary to provide benefits to employees and for tax purposes.
- Sensitive identifiers, for example: Social Security, driver’s license, state identification card, or passport number.
- Geolocation data, for example: GPS tracking on Company vehicles or vehicle reimbursement program.
- Health information, for example: information about an on-the-job injury collected for workers’ compensation purposes.
- Personal communications: the contents of mail, email, or text messages on accounts or services not owned, or subscribed-to, by Company only for purposes of legitimate Company investigations and, to the extent required by law, with your authorization.
  - Login credentials, for example: login credentials to an online account owned or subscribed-to by Company or as necessary to review personal communications as described in the preceding bullet point.
- Financial account access information, for example: payment card information with CVV and other information as needed for the HR Individual to purchase from a Company store.
- Sex life: to the extent relevant and necessary for a legitimate Company investigation and only if permitted by law, e.g., as needed to investigate allegations of sexual harassment.
- Sexual orientation to the extent volunteered by the HR Individual, for example, for Company diversity and inclusion programs.
  Note on emergency contacts, spouses or domestic partners, dependents, and beneficiaries named under certain of the company’s benefit plans (collectively your “Related Contacts”):
  - Company only collects contact information about emergency contacts.
  - Company may collect the following categories of personal information about spouses or domestic partners, dependents, and beneficiaries: (a) Identifiers; (b) Commercial Information if, for example, Company arranges travel for a dependent to attend a Company event; (c) Internet Activity Information if the individual uses Company electronic resources and web sites; (d) Sensory or Surveillance Data if the individual enters Company facilities; (e) § 1798.80 personal information, such as insurance policy numbers if the individual is covered by Company insurance or a beneficiary; (f) Protected Categories of Personal Information, for example, childbirth to administer parental leave, marital status to pay taxes, and familial status to administer benefits; (g) Health Information, for example, infectious disease testing when a Related Contact attends a Company event or if needed to administer a leave of absence for you to care for a Related Contact; (h) sex life, for example, date of newborn delivery to administer parental, Family & Medical Leave Act, or California Family Rights Act leave; (i) Login Credentials to a Company benefits portal or site; and (j) Sensitive Identifiers, for example, Social Security numbers for beneficiary designations; personal communications if communicating with a workforce member.
THE CATEGORIES OF SOURCES FROM WHICH WE COLLECT YOUR PERSONAL INFORMATION
- You, for example, in your application, forms you fill out for us, assessments you complete, surveys you submit, and any information you provide during the course of your relationship with us.
- Your spouse or dependent with respect to their own personal information.
- Internally generated, for example, Company may generate performance ratings, evaluations, hours worked, and other information about you.
- Vendors and service providers, for example, law firms.
- Affiliated companies, for example, when an employee works on a cross-enterprise team.
- Third parties, for example, job references, business partners, professional employer organizations or staffing agencies, insurance companies.
- Public internet sources, for example, social media, job boards, public profiles, and other public online sources.
- Public records, for example, court records, and credentialing and licensing organizations.
- Automated technologies on Company’s electronic resources, for example, to track logins and activity across Company network.
- Surveillance/recording technologies installed by Company, for example, video surveillance in common areas of Company facilities, global positioning system (“GPS”) technologies, voicemail technologies, webcams, audio recording technologies, and blue-tooth technologies, any of these with consent to the extent required by law.
- Labor processes, including collective bargaining processes, National Labor Relations Board processes to determine union representation, and grievance and arbitration processes.
- Union agreements, including collective bargaining agreements and other agreements between Company and a union.
- Government or administrative agencies, for example, law enforcement, public health authorities, California Department of Industrial Relations, Employment Development Department.
- Acquired company, if Company acquired your employer, Company might collect personal information from that employer.
  Note: This Privacy Policy does not cover background screening conducted by third-party background check vendors subject to the federal Fair Credit Reporting Act. Company provides separate notices for such screening.
THE PURPOSES FOR WHICH WE USE YOUR PERSONAL INFORMATION
1. All HR Individuals
  1. Managing Personnel: (Not applicable to Related Contacts)
    1. Administration:
      - To manage personnel and workforce matters
      - To communicate with the workforce
      - To plan and arrange work supplies and workspaces
      - To fulfill recordkeeping and reporting responsibilities
      - For recruitment of new HR Individuals
      - To resolve internal grievances and disciplinary issues
      - To make business travel arrangements
      - To manage workforce-related emergencies, including health emergencies
    2. Workforce development:
      - To screen workforce for risks to Company and continued suitability in their positions
      - To conduct surveys
    3. Team-building:
      - To maintain an internal workforce directory and for purposes of identification
      - To facilitate communication, interaction, and collaboration among HR Individuals
      - To arrange meetings and manage Company-sponsored events and public service activities
      - To promote Company as a place to work
      - Workforce reporting and data analytics/trend analysis
      - For workforce satisfaction
  2. Monitoring, Security, and Compliance:
    - To monitor use of Company information systems and other electronic resources or information systems
    - To conduct internal audits
    - To conduct internal investigations
    - To administer Company’s whistleblower hotline
    - To protect the safety and security of Company’s facilities, including preventing illicit activity
    - To report suspected criminal conduct to law enforcement and cooperate in investigations
    - To control access to secure facilities
    - To monitor compliance with Company policies
    - To exercise Company’s rights under applicable law and to support any claim, defense, or declaration in a case or before a jurisdictional and/or administrative authority, arbitration, or mediation panel.
  3. Conducting Our Business: (Not applicable to Related Contacts)
    - To engage in marketing, advertising, and promotion
    - For communications with prospective, current, and former customers
    - To provide a directory and contact information for prospective and current customers and business partners
    - For customer service purposes
      - To enable Company to comply with client contractual obligations
      - To manage and fulfill orders
      - To manage business expenses and reimbursements
      - To engage in project management
      - To conduct product and service training
      - To conduct research and development
      - To conduct quality assurance and improvement
    - For event planning
      - To engage in crisis management
  4. Miscellaneous Other Purposes:
    - To manage and operate information technology and communications systems, risk management and insurance functions, budgeting, financial management and reporting, and strategic planning;
    - To manage litigation involving Company, and other legal disputes and inquiries and to meet legal and regulatory requirements;
    - In connection with a corporate transaction, sale, or assignment of assets, merger, divestiture, or other changes of control or financial status of Company or any of its subsidiaries or affiliates;
    - To manage licenses, permits, and authorizations applicable to Company’s business operations; and
    - To protect the rights, property, or safety of Company, HR Individuals, customers or others.
2. Employees
  1. Generally Applicable Purposes
    Unless stated otherwise in section 3.B.2, below, we may use employees’ personal information for the following purposes:
    - Managing Employees:
      - Administration:
        
        To set up and manage a personnel file
        
        To manage performance
        
        To administer compensation, bonuses, equity grants, other forms of compensation, and benefits (as permitted by law)
        
        To manage vacation, sick leave, and other leaves of absence
        
        To track hours and attendance
        
        To monitor compliance with Company policies and administer discipline
      - Employee development:
        
        To provide, evaluate, and manage training
        
        To evaluate job performance and consider employees for other internal positions or promotions
        
        To assist with professional licensing
        
        To develop a talent pool and plan for succession
        
        Career development activities
      - Team-building:
        
        For diversity and inclusion programs
        
        To arrange team-building and other morale-related activities
        
        To design employee retention programs
  2. Purposes Specific To Certain Categories Of Employees’ Personal Information
    We may use the categories of employees’ personal information listed in this Section 3.B.2 for the purposes stated below:
    - Purposes For Using Employees’ Geolocation Data:
      - Company will issue employees an RFID-enabled security badge that tracks employees location within Company’s facilities.
      - Company requires employees to download a security tracking application (“app”) that tracks employee’s location for security entry/exit.
    - Purposes For Using Employees’ Health Information:
      - To the extent necessary to comply with Company’s legal obligations, such as to accommodate disabilities
      - To conduct a direct threat analysis in accordance with the Americans with Disabilities Act and state law
      - For workers’ compensation purposes
      - For occupational health surveillance
      - For occupational health and safety compliance and record-keeping
      - To conduct fitness-for-duty examinations
      - To administer leaves of absence and sick time
      - To provide a wellness program
      - To respond to an employee’s medical emergency
        Note: This Privacy Policy does not cover health information governed by the Health Insurance Portability and Accountability Act (HIPAA), the Health Information Technology for Economic and Clinical Health Act (HITECH Act), or California’s Confidentiality of Medical Information Act (CMIA).
    - Purposes For Using Employees’ Personal Communications:
      - For purposes of legitimate Company investigations and, to the extent required by law, with your authorization.
    - Purposes For Using Employees’ Financial Account Access Information:
      - Company may use employees’ credit card information, including CCV or CVV, when employee uses a payment card to make purchases from the Company store.
    - Purposes For Using Sex Life:
      - Company may use information about an employee’s sex life only to the extent relevant and necessary for a legitimate Company investigation and only if permitted by law, e.g., as needed to investigate allegations of sexual harassment.
    - Purposes For Using Employees’ Sexual Orientation:
      - Company will use an employee’s sexual orientation only if voluntarily provided by an employee in connection with the Company’s diversity and inclusion program.
    - Purposes For Using Employees’ Protected Categories Of Information:
      - Company collects information about race, age, national origin, disability, sex, and veteran status as necessary to comply with legal obligations, including the reporting requirements of the federal Equal Employment Opportunity Act, the federal Office of Contracting Compliance Programs (applicable to government contractors), and California’s Fair
      - Employment and Housing Act. Company also collects information about disability status to the extent an employee may need special assistance during emergencies from Company or from first responders.
      - Company also collects the following characteristics (in addition to those listed above) for its diversity and inclusion programs (including analytics): (a) religion, (b) sex, (c) gender, (d) pregnancy, (e) childbirth, (f) breastfeeding, or related medical conditions, (g) sexual orientation, (h) disability, (i) gender identity, (j) gender expression, (k) marital status, (l) age, (m) familial status, or (n) ancestry.
    - Company also uses this personal information for purposes including:
      - with respect to disability, medical condition, familial status, marital status, and pregnancy, childbirth, breastfeeding, and related medical conditions: as necessary to comply with Federal and California law related to leaves of absence and accommodation;
      - with respect to military and veteran status: as necessary to comply with leave requirements under applicable law and for tax purposes;
      - with respect to age: incidentally to the use of birth date for birthday celebrations and identity verification;
      - with respect to religion and pregnancy, childbirth, breastfeeding, and related medical conditions: as necessary for accommodations under applicable law;
      - with respect to protected classifications, such as national origin: to the extent this information is contained in documents that you provide in I-9 documentation; and
      - with respect to marital status and familial status: for Company events and as necessary to provide benefits and for tax purposes.
        Company collects personal information about membership in protected categories on a purely voluntary basis, except where required by law, and uses the information only in compliance with applicable laws and regulations.
3. Contingent Workforce
  Managing Contingent Workforce:
  - To evaluate the individual’s qualifications for engagements, including licensure and certifications
  - To negotiate and execute the agreement with the individual
  - To provide orientation and familiarization with Company’s working environment
  - To administer the contractual relationship, including payments
  - To evaluate the HR Individual’s deliverables or performance of the contract
  - To manage absences
4. Related Contacts
  Spouse and Dependents/Beneficiaries
  - To manage and administer benefits
  - To administer the relationship
  - To communicate with the individual
  - To arrange travel to, and manage participation in, Company events
  - Emergency Contacts
    - To communicate in the event of an emergency involving the individual who provided the emergency contact’s information
5. Deidentified Information
  At times, Company converts personal information into deidentified information using reasonable measures to ensure that the deidentified information cannot be associated with the individual (“Deidentified Information”). Company maintains Deidentified Information in a deidentified form and does not attempt to reidentify it, except that Company may attempt to reidentify the information solely for the purpose of determining whether its deidentification processes ensure that the information cannot be associated with the individual. Company prohibits vendors, by contract, from attempting to reidentify Company’s Deidentified Information.
HOW WE MAY DISCLOSE YOUR PERSONAL INFORMATION
Company generally maintains information related to its personnel as confidential. However, from time to time, Company may have a legitimate business need to disclose personnel information for one of the purposes listed in Section 2, above, to one or more of the categories of recipients listed below. In that event, Company discloses your personal information and/or sensitive personal information only to the minimum extent necessary to achieve the purpose of the disclosure and only if the disclosure is permitted by the CPRA and other applicable laws.
- Service providers and contractors: Company discloses your personal information to service providers and contractors to assist us in meeting our business needs and contractual and legal obligations.
  - Company discloses your personal information to service providers and contractors only subject to written contracts in compliance with the CPRA and any other applicable law.
  - Service providers and contractors include auditors, administrative service providers, law firms, travel agencies, benefits providers, and any other entity providing services to Company.
- Affiliated companies: Other companies within the XL Industries’ family of companies.
- Clients: This may include, for example, disclosing a sales representative’s contact information with clients.
- Business partners: For example, Company might disclose your business contact information to a co-developer of a new product or service with which you will be working.
- Government or administrative agencies: These may include, for example:
  - Internal Revenue Service to pay taxes;
  - Employment Development Department as required for state payroll taxes and to respond to unemployment or state disability insurance claims;
  - National Labor Relations Board, for example, to notify the NLRB that an employee is represented by a union;
  - OSHA/CalOSHA as required to report work-related death or serious injury or illness;
  - Department of Fair Employment and Housing as required to respond to employment charges; and
  - California Department of Industrial Relations as required to resolve workers’ compensation claims.
- Public: Company may disclose your personal information to the public as part of a press release, for example, to announce promotions or awards. If you do not want your personal information in press releases, please contact people@xlconstruction.com. Company does not disclose sensitive personal information to the public.
- Labor union: Company may disclose workers’ personal information to a union if it represents the worker or with worker consent.
- Required Disclosures: We may be required to disclose personal information (a) in a court proceeding, (b) in response to a court order, subpoena, civil discovery request, other legal process, or (c) as otherwise required by law.
- Legal Compliance and Protections: We may disclose personal information when we believe disclosure is necessary to comply with the law or to protect the rights, property, or safety of Company, our users, or others.
  No sales and no “sharing”, i.e., disclosure for cross-context behavioral advertising:
  Company does not sell the personal information of any HR Individuals nor disclose their personal information for cross- context behavioral advertising.
HOW LONG WE KEEP YOUR PERSONAL INFORMATION
Company keeps your personal information as legally permissible for the purposes described in Section 2 above.
YOUR PRIVACY RIGHTS AND HOW TO EXERCISE THEM
1. Your California Privacy Rights
  Subject to applicable law, HR Individuals have the following rights:
  - Right to Know: You have the right to submit a verifiable request for copies of specific pieces of your personal information collected in the preceding 12 months and for information about the Company’s collection, use, and disclosure of your personal information during that same 12-month time period.
    Please note that the CPRA’s right to obtain copies does not grant a right to the whole of any document that contains personal information, but only to copies of “specific pieces” of personal information. Moreover, HR Individuals have a right to know categories of sources of personal information and categories of external recipients to which personal information is disclosed, but not the individual sources or recipients. Company does not always track individualized sources or recipients.
  - Right to Delete: You have the right to submit a verifiable request for the deletion of personal information that you have provided to Company.
  - Right to Correct: You have the right to submit a verifiable request for the correction of inaccurate personal information maintained by Company, taking into account the nature of the personal information and the purposes of processing the personal information.
2. How to Exercise Your Rights
  Company will respond to requests know, delete, and correct in accordance with applicable law if it can verify the identity of the individual submitting the request. You can exercise these rights in the following ways:
  - Call 408-240-6329
  - Email people@xlconstruction.com
3. How We Will Verify Your Request:
  The processes that we follow to verify your identity when you make a request to know, correct, or delete are described below. The relevant process depends on how and why the request is submitted.
  If you submit a request by any means other than through a password-protected account that you created before the date of your request, the verification process that we follow will depend on the nature of your request as described below:
  1. Requests To Know Categories Or Purposes: We will match at least two data points that you provide with your request, or in response to your verification request, against information about you that we already have in our records and that we have determined to be reliable for purposes of verifying your identity. Examples of relevant data points include your mobile phone number, your zip code, or your employee identification number.
  2. Requests To Know Specific Pieces Of Personal Information: We will match at least three data points that you provide with your request, or in response to our request for verification information, against information that we already have about you in our records and that we have determined to be reliable for purposes of verifying your identity. In addition, we may require you to sign a declaration under penalty of perjury that you are the individual whose personal information is the subject of the request.
  3. Requests To Correct or Delete Personal Information: Our process for verifying your identity will depend on the sensitivity (as determined by Company) of the personal information that you ask us to correct delete. For less sensitive personal information, we will require a match of two data points as described in Point No. 1, above. For more sensitive personal information, we will require a match of three data points and a signed declaration as described in Point No. 2, above.
    We have implemented the following additional procedures when verifying the identity of requestors:
    - If we cannot verify your identity based on the processes described above, we may ask you for additional verification information. If we do so, we will not use that information for any purpose other than verification.
    - If we cannot verify your identity to a sufficient level of certainty to respond to your request, we will let you know promptly and explain why we cannot verify your identity.
4. Authorized Agents
  If an authorized agent submits on your behalf a request to know, correct or delete, the authorized agent must submit with the request either (a) a power of attorney, signed by you, that is valid under California law; or (b) another document signed by you that authorizes the authorized agent to submit the request on your behalf. In addition, we may ask you or your authorized agent to follow the applicable process described above for verifying your identity. You can obtain “Authorized Agent Designation” form by contacting us at people@xlconstruction.com.
5. Company’s Non-Discrimination And Non-Retaliation Policy
  Company will not unlawfully discriminate or retaliate against you for exercising your rights under the California Privacy Rights Act.
CHANGES TO THIS PRIVACY POLICY
If we change this Privacy Policy, we will post those changes on this page and update the Privacy Policy modification date above. If we materially change this Privacy Policy in a way that affects how we use or disclose your personal information, we will provide a prominent notice of such changes and the effective date of the changes before making them.
For More Information
For questions or concerns about Company’s privacy policies and practices, please contact us at people@xlconstruction.com.

Capabilities

Market Sectors

Expertise

Projects

Company

Careers

Data Consent Policy for California Job Applicants.

Notice at Collection and Privacy Policy for California Job Applicants

Notice at Collection and Privacy Policy for HR Individuals Who Reside in California