1. What is this document and why should you read it?
Golden Bear Insurance Company (“Golden Bear”, “we”, “us”, or “our”) collects and uses Personal Information about the individuals who work for us. This Policy describes how we collect and use Personal Information about you in your capacity as an employee and/or contractor of Golden Bear.
We collect and process Personal Information about you in order to hire you, to pay you, to provide you with and administer benefits, to deduct and report taxes, and to ensure your safety and wellbeing. We do not “sell” your Personal Information, and we do not intend to do so in the future.
This Policy is not an employment contract. Employment with Golden Bear is on an “at-will” basis, meaning that either you or Golden Bear may terminate your employment at any time, with or without cause or notice.
This Policy is additional to and does not supplant or supersede our general Privacy Policy, which can be found at https://www.goldenbear.com/about-us/social-responsibility/.
Personal Information means information that identifies you (such as your name, Social Security Number and Employee ID number), or other information about you that can be linked to information that identifies you.
Processing Personal Information means any activity relating to Personal Information, including, for example, collection, storage, use, consultation, disclosure, sharing and transmission.
Note that this Employee CCPA Privacy Notice does not apply to: (1) publicly available information from government records; (2) de-identified data (where personally identifiable information has been removed) or aggregated consumer information (information provided in a summary format); and (3) personal information covered by certain sector-specific privacy laws, including the Health Insurance Portability and Accountability Act of 1996, the Fair Credit Reporting Act, the Gramm-Leach-Bliley Act or California Financial Information Privacy Act, and the Driver's Privacy Protection Act of 1994. To the extent we collect personal information governed by a sector-specific privacy law, we only process that information to the extent permitted by, and consistent with, applicable law and regulations.
If any of the Personal Information you have given to us changes, such as your contact details, please inform us without delay by contacting your dedicated HR manager.
Note: Any activity performed on Golden Bear’s equipment is subject to review by the company. You have no privacy rights to communications, including voicemail, e-mail, instant messaging or texting performed on company equipment, or equipment provided to you by the company, or equipment through which company communications flow. All calls may be recorded. The company can review recorded calls and all electronic messages without further notice to or prior knowledge of the associates or the individuals with whom they are dealing.
Unless a privacy/compliance officer has been appointed, the general counsel will fulfill the responsibilities of this role.
2. Consent
- Obtaining Consent: Golden Bear seeks meaningful consent from employees before collecting, using, or disclosing personal information. Employees will be informed of the purposes for which their personal information is collected and how it will be used or disclosed.
- Withdrawing Consent: Employees have the right to withdraw their consent at any time by contacting their dedicated HR manager. Withdrawal of consent may affect the services and benefits Golden Bear can provide.
3. What types of personal information do we collect, where do we get it from, who do we disclose it to, and why do we collect it?
The Personal Information that we collect about our employees may include the categories of data below relating to California residents who are our current and former employees and contractors and their beneficiaries. These categories are defined by California law. These categories also represent the categories of Personal Information that we have collected over the past 12 months. These categories are defined by California law. We do not necessarily collect all information listed in a particular category, nor do we collect all categories of information for all individuals.
We have disclosed information in the following categories, including categories of Sensitive Personal Information, to our subsidiaries and affiliates and service providers within the past 12 months. We may also disclose this information to our legal, tax and accounting advisors, as well as with government entities as necessary and permitted by law. In the event we are acquired by or merge with another company, or otherwise undergo a change of control, we may also disclose the below categories of Personal Information as part of that transaction. We may also disclose your Personal Information to other third parties at your direction or with your consent.
Note that we do not sell your Personal Information or share it for cross-context behavioral advertising, as those terms are defined by California law. This means that we do not sell your Personal Information to a third party for their own use or share it with third parties in order to target advertising based on Personal Information obtained from your activity across businesses, distinctly‐branded websites, applications, or services, other than our websites and services with which you intentionally interact.
We also collect the below categories of Sensitive Personal Information as defined under California law. We generally use Sensitive Personal Information only for the necessary purposes below or as otherwise permitted by law.
Category of Information Collected | Source | Purpose of Collection |
Personal Identifiers: your name, alias, postal address, email address, unique personal identifier, online identifier, account name, internet protocol (IP) address, social security number, driver’s license number, passport number, employee identification number or other similar identifiers. We may collect similar information about your spouse, children and beneficiaries |
|
We may use this data to enter into and perform on the contract governing your relationship with us; to administer your relationship with us, including meeting our legal and compliance obligations; to pursue the efficient management of our business; and/or to provide you with benefits and services, as applicable. |
Information about you: Information that identifies, relates to, describes, or is capable of being associated with, a particular individual, including, but not limited to, your signature, physical characteristics or description, telephone number, insurance policy number, bank account, credit card number, debit card number, or any other financial information, medical information, and health, life or other insurance information, including your claims history |
|
We may use this data to enter into and perform on the contract governing your relationship with us; to administer your relationship with us, including meeting our legal and compliance obligations; to pursue the efficient management of our business; and/or to provide you with benefits and services, as applicable. |
Sensitive information protected by federal or state law: your age, date of birth, gender, familial status, disability, sex, sexual orientation, national origin, religion, color, race, gender identity and gender expression, marital status, veteran status, medical condition, ancestry, source of income, and genetic information |
|
We may use this data to enter into and perform on the contract governing your relationship with us; to administer your relationship with us, including meeting our legal and compliance obligations; to pursue the efficient management of our business; meeting our diversity and inclusion objectives; and/or to provide you with benefits and services, as applicable. |
Internet or other electronic network activity information: browsing history, search history, and information about your logins and interaction with a website, including online application and advertisements, text messages and email communications |
|
We may use this data to enter into and perform on the contract governing your relationship with us; to administer your relationship with us, including meeting our legal and compliance obligations; to pursue the efficient management of our business; and/or to provide you with benefits and services, as applicable. It is also processed in order to help detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, and for compliance management. Golden Bear reserves the right to monitor your internet or other similar network activity to the extent you use Golden Bear’s information systems or Golden Bear-owned electronic communication devices, or to the extent you use your personally-owned electronic communication devices to access Golden Bear’s information systems. This extends to personal (non-Golden Bear-owned) email boxes accessed through Golden Bear-owned or operated information systems or electronic communication devices. |
Sensory information: Audio, electronic, visual, thermal, olfactory, or similar information (e.g., recorded phone calls with our customer service representatives; CCTV, etc.). |
|
We may use this data to enter into and perform on the contract governing your relationship with us; to administer your relationship with us, including meeting our legal and compliance obligations; to pursue the efficient management of our business; and/or to provide you with benefits and services, as applicable. It is also processed in order to help detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, and for compliance management. |
Professional or employment-related information: such as your former job titles, current job information and compensation, timekeeping and workers compensation records, employee stock purchases, background checks, ethics hotline and employee directories, governmental records related to your job |
|
We may use this data to enter into and perform on the contract governing your relationship with us; to administer your relationship with us, including meeting our legal and compliance obligations; to pursue the efficient management of our business; and/or to provide you with benefits and services, as applicable. |
Educational information not publicly available: your level of education, schools attended, your degrees and disciplinary history |
|
We may use this data to enter into and perform on the contract governing your relationship with us; to administer your relationship with us, including meeting our legal and compliance obligations; to pursue the efficient management of our business; and/or to provide you with benefits and services, as applicable. |
We also collect the below categories of Sensitive Personal Information as defined under California law. We generally use Sensitive Personal Information only for the necessary purposes below or as otherwise permitted by law.
Category of Information Collected | Source | Purpose of Collection |
Social security number, driver’s license number or other state ID number, and passport information. |
|
We may use this data to enter into and perform on the contract governing your relationship with us; to administer your relationship with us, including meeting our legal and compliance obligations; to pursue the efficient management of our business; and/or to provide you with benefits and services, as applicable. A social security number is necessary to administer your relationship with us, particularly as it relates to taxation. Passport information is necessary for us to verify your right to work. |
Account log-in, financial account, debit card, or credit card number in combination with any required security or access code, password, or credentials allowing access to an account. |
|
We may use this data to enter into and perform on the contract governing your relationship with us; to administer your relationship with us, including meeting our legal and compliance obligations; to pursue the efficient management of our business; and/or to provide you with benefits and services, as applicable. It is also processed in order to help detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, and for compliance management. |
Racial or ethnic origin, religious or philosophical beliefs, or union membership. |
|
We may use this data to enter into and perform on the contract governing your relationship with us; to administer your relationship with us, including meeting our legal and compliance obligations; to pursue the efficient management of our business; meeting our diversity and inclusion objectives; and/or to provide you with benefits and services, as applicable. |
Information concerning sex life or sexual orientation. |
|
We may use this data to enter into and perform on the contract governing your relationship with us; to administer your relationship with us, including meeting our legal and compliance obligations; to pursue the efficient management of our business; meeting our diversity and inclusion objectives; and/or to provide you with benefits and services, as applicable. |
Health Information, including pandemic-related Personal Information, such as your temperature or your responses to questions intended to ascertain whether you may have been exposed to a virus (including but not limited to COVID-19). |
|
We may use this data to enter into and perform on the contract governing your relationship with us; to administer your relationship with us, including meeting our legal and compliance obligations; to pursue the efficient management of our business; and/or to provide you with benefits and services, as applicable. |
4. How long do we keep Personal Information about you?
We store Personal Information about you on computer systems operated by us or our service providers. We keep various records that contain Personal Information in accordance with applicable state and federal regulations, or pursuant to contractual obligations. In general, we aim to keep Personal Information only for as long as necessary and only for the reason(s) we collected it. It may be necessary to keep Personal Information longer than our official retention periods for legal or regulatory reasons, including litigation. To support us in managing how long we hold Personal Information and our record management, we maintain a data retention policy which includes clear guidelines on retention and deletion.
We consider the following criteria when determining how long a particular record will be retained, including any Personal Information contained in that record:
- How long the record is needed to provide you with the products and services you request
- How long the record is needed to support and enhance our operational processes
- How long the record is needed to protect our rights and legal interests
- How long the record must be retained to comply with applicable laws and regulations
The same Personal Information about you may be included in more than one record and used for more than one purpose, each of which may be subject to different retention periods based on the factors listed above.
If Golden Bear intends to use or disclose personal information for a new purpose not initially consented to, fresh consent will be obtained from the employee.
5. Safeguards
- Physical Safeguards: Personal information is stored in secure facilities with restricted access to authorized personnel only.
- Technical Safeguards: Golden Bear employs encryption, firewalls, and secure access protocols to protect personal information stored electronically.
- Administrative Safeguards: Regular audits, risk assessments, and policies are in place to ensure the ongoing protection of personal information.
6. Do we collect the Personal Information of minors?
We do not knowingly collect Personal Information directly from individuals under 16 years of age. We do not employee, recruit, or otherwise hire individuals under 16 years of age. We may collect Personal Information regarding individuals under 16 years of age from their parents or legal guardians, but only as necessary to provide employment and related benefits.
7. What are Your Rights Regarding Your Personal Information, How Can You Exercise Your Rights and Submit a Personal Information Request?
If you are a California resident, you may be entitled to all or some of the rights described below regarding your Personal Information, subject to certain conditions and limitations. Only those rights relevant to you will apply, and our inclusion of information about privacy laws does not imply that all privacy laws are applicable.
- Right to Know and Access – You may be entitled to request that we disclose to you Personal Information we have collected about you, the categories of sources from which we collected the information, the purposes of collecting the information, the categories of third parties to whom we have disclosed the information, the categories of Personal Information that we have disclosed to third parties for a business purpose, the categories of information sold, and the categories of third parties information is sold to. In some instances, you may have the right to receive the information about you in a portable and readily usable format. Before providing any of this information, we must be able to verify your identity.
- Right to Delete – Subject to certain conditions, you may be entitled to request that we delete Personal Information about you. Before deleting Personal Information, we must be able to verify your identity. We will not delete Personal Information about you when the information is required to fulfill a legal obligation, is necessary to exercise or defend legal claims, or where we are required or permitted to retain the information by law. For example, we cannot delete certain Personal Information about you while continuing to employ you or where we are legally required to retain certain information.
- Right to Correct – You may be entitled to request that we correct inaccurate Personal Information. Before collecting Personal Information, we must be able to verify your identity. We will not correct Personal Information about you when the information is required to fulfill a legal obligation, is necessary to exercise or defend legal claims, or where we are required or permitted to retain the information as-is by law.
Data solely retained for data backup purposes is principally excluded from these rights until it is restored to an active system or next accessed or used for a sale, disclosure, or commercial purpose.
If you chose to exercise any of these rights, to the extent that they apply, privacy law prohibits us from discriminating against you on the basis of choosing to exercise your privacy rights.
Please note that under applicable privacy law, we are only obligated to respond to Personal Information requests from the same consumer up to two times in a 12-month period. In addition, under applicable privacy law, and for the protection of your Personal Information, we may be limited in what Personal Information we can disclose.
California law also permits you to request in writing a list of the types of personal information that we have disclosed to a third party for their direct marketing purposes during the preceding year and to whom that information was disclosed. We do not disclose your personal information to third parties for their direct marketing purposes.
How to Exercise Your Personal Information Rights
You may exercise your privacy rights by visiting our form or by calling this toll-free number — 888-374-8867.
Before providing information you request, deleting, or correcting information in accordance with these rights, we must be able to verify your identity. In order to verify your identity, you will need to submit information about yourself, including your name, contact information, and, to the extent applicable, providing your account login credentials. We will match this information against information we have previously collected about you or provided to you to verify your identity and your request. If we are unable to verify your identity as part of your request, we will not be able to satisfy your request. We are not obligated to collect additional information in order to enable you to verify your identity. For deletion requests, you will be required to submit a verifiable request for deletion and then confirm separately that you want Personal Information about you deleted.
If you would like to appoint an authorized agent to make a request on your behalf, you must provide the agent with written, signed permission to submit privacy right requests on your behalf. Alternatively, your authorized agent may provide evidence of having power of attorney or acting as a conservator for you. Note that we may require you to verify your identity with us directly before we provide any requested information to your authorized agent unless your authorized agent has power of attorney or acts as a conservator, in which case we will not contact you directly.
Information collected for purposes of verifying your request will only be used for verification.
8. Employee Training and Attestation
- Training: Employees will receive training on their roles and responsibilities in protecting personal information. This includes understanding the privacy policy, data protection principles, and procedures for handling personal information.
- Attestation: Employees are required to attest that they have read, understood, and will comply with this policy. This attestation will be recorded and retained as part of the employee's training records.
9. Where can you find out more?
If you have any questions or concerns you wish to raise about our use of Personal Information about you, please contact privacy@goldenbear.com.
If you would like to learn more about our data collection practices, please visit our Privacy Policy at https://www.goldenbear.com/about-us/social-responsibility/.
Employee Complaints: Employees can register complaints regarding the handling of their personal information through the following channels:
- Contacting their dedicated HR manager
- Sending an email to privacy@goldenbear.com
- Utilizing the anonymous reporting hotline 888-374-886
10. Do Not Track Signals
We do not currently take actions to respond to Do Not Track or opt-out preference signals. As noted above, we do not sell your Personal Information or share it for cross-context behavioral advertising.
11. Changes to this privacy policy
We reserve the right to change this Policy at any time. If we make a material change to this Policy, we will post the revised Policy to this website as of the effective date of such changes.
Effective Date: August 1, 2024