CALIFORNIA PERSONNEL PRIVACY NOTICE/YOUR PRIVACY RIGHTS
Effective Date: January 1, 2023
LAST UPDATED JANUARY 1, 2023
Harvest Sherwood Food Distributors together with its subsidiaries and affiliates (collectively, "Harvest Sherwood " "us," "we," or "our") is committed to protecting the privacy of Personal Data (defined below). This Privacy Notice informs you of our practices concerning the processing of California residents’ Personal Data collected through online and offline interactions while you are working for us and after you have left. It applies to California residents who are: current and former full-time, part-time or temporary employees (and their dependents) and contractors (together referred to as “Personnel” or “you’”). If you interact with our website, purchase our products or services, or otherwise engage with us outside of your employment relationship, the privacy notice posted on the relevant service applies to any Personal Data we process through those interactions, not this Privacy Notice.
We are required by California’s privacy laws and regulations to give you the information in this Privacy Notice. It is important that you read this Privacy Notice carefully, together with any other information that we might give you from time to time about how we collect and use your Personal Data.
Whenever you interact with us on behalf of another individual or entity, such as if you provide information about a dependent, you must obtain their consent (or have the legal authority without consent) to share their Personal Data with us.
Changes: We may update this Privacy Notice from time to time. Any updated Privacy Notice will be effective when posted. Please check this Privacy Notice periodically for updates. If required by law, we will contact you directly to provide you with an updated Privacy Notice.
This Privacy Notice does not form part of any contract of employment or other contract to provide services and does not give you any contractual rights.
-
Sources of Personal Data
“Personal Data” is any information relating to an identified or identifiable natural person. We collect Personal Data about you from the following sources:
-
Directly from you. We may collect Personal Data you provide to us directly, such as when you register for benefits and through your daily interactions with us during your employment.
-
Data collected automatically and through tracking technologies. We may automatically collect information or inferences about you (including as part of our insider threat initiatives), such as through tracking technologies. This may include information about how you browse the Internet and use Harvest Sherwood devices and the content of
sent and received emails where we are permitted to collect such information under applicable law.
-
From third parties. We may collect Personal Data from third parties, such as companies that provide benefits, payroll, travel or other services. We may also receive Personal Data from your colleagues or supervisors, for example, in the context of performance evaluations.
We may combine and use information and make inferences from information that we receive from the various sources described in this Privacy Notice, including third-party sources. We also use or disclose the combined information and inferences for the purposes identified below.
-
-
Types of Personal Data We Collect
We may collect the following types of Personal Data about you and your family members, such as spouses, partners, children, dependents, or parents, as applicable:
-
Identifiers, such as name, email address, physical address, telephone number, business contact information, Department of Transportation numbers for fleet drivers, device identifiers (e.g., IP address).
-
Records About You, such as
-
Nationality;
-
Place of birth;
-
Civil/marital status;
-
Emergency contact and next of kin information;
-
Signatures; and
-
Your physical characteristics or a description of you.
-
-
Protected class and demographic information, such as age (including birthdates), military or veteran status, and gender.
-
Commercial information, such as records of business transactions, bank account details and tax status, credit-related information, bonus stock options and other incentives, shareholder information, student loan contributions.
-
Biometric information, such as fingerprints in connection with our timekeeping systems and, if you are driving company-provided vehicles as part of our fleet, face scans via in- vehicle telematics devices.
-
Internet or other electronic network activity information, such as information relating to your access to and use of or interactions with Harvest Sherwood facilities, network systems, devices, email, applications, and platforms, including your browsing history, search history, information regarding interactions with and use of Internet websites and
applications, and the content of communications and information processed within global digital communication platforms, to the extent permitted under applicable law.
-
Non-precise geolocation data, such as your location as derived from your IP address.
-
Audio, electronic, visual, or other sensory information, such as photographs or security camera footage in public areas of Harvest Sherwood’s facilities (including reception, the work floor, warehouse locations, conference rooms, parking, and other general areas); telematics information collected through in-vehicle cameras installed in our fleets, such as dash cam footage and impact sensors, and as collected in the course of training events, meetings, videoconferences, and other events that we may organize that may be photographed or recorded.
-
Professional or employment-related information, such as job title, organization, business unit/department and its location, start and termination dates and termination reasons, information on assigned company devices/credit card numbers/cars (if any), contract details, personal characteristics (such as hobbies and interests), work planning, professional licenses, credentials, professional specialties and other relevant skills and achievements, professional affiliations, professional experience, working hours, training records, professional memberships, dedicated identifiers (e.g., employee ID, badge), references, performance and other evaluation information, disciplinary information, resumes, interview notes, human resources records, payroll and benefits data (including for dependents), overtime pay, pension administration and pension qualification information, attendance/working time records, adoption and bereavement leave records, wellness information, board of directors appointments, right to work documentation, titles, languages, profile information on professional networking platforms, information related to meetings (such as information available on platforms you use to organize and participate in meetings), work travel information, and any other information you may provide in connection with your employment (such as through a hotline). In addition, we may collect information about criminal convictions and offenses, such as driving records, traffic infractions and citations for fleet drivers or related to Harvest Sherwood-provided vehicles, Department of Transportation information about your license, police reports, information collected as part of internal investigations or disciplinary or legal proceedings, and information from background checks including drug and alcohol clearinghouse records for driver qualification files.
-
Education Information, such as education history, professional qualifications, academic certificates and licenses, languages spoken, and other relevant skills.
-
Inferences drawn from any of the information we collect, such as software used to review activity on Harvest Sherwood Food Distributors systems, networks or email to evaluate insider threats, and information used to evaluate performance.
-
Sensitive Personal Data, including the following:
-
Social Security number, driver’s license, state identification card, or passport number.
-
Account log-in information.
-
Precise geolocation. For fleet drivers, this includes GPS data collected in company vehicles.
-
Racial or ethnic origin, religious or philosophical beliefs, or union membership.
-
Content of mail, email, and text messages where we are not the intended recipient (such as the content of emails you send to third parties, which may include personal emails sent using your Harvest Sherwood email address).
-
Genetic data.
-
Biometric data processed for the purpose of uniquely identifying you.
-
Information about your health, including medical conditions, vaccination status, health and sickness records, disabilities, maternity records, incident/accident information involving health data, whether you were exposed to someone who tested positive for communicable diseases or whether you are currently experiencing any flu-like or other relevant symptoms, and information about your health insurance, including insurance policy number.
-
Information concerning your sexual orientation.
-
-
-
How We Use Personal Data
We may use Personal Data for the following purposes:
-
Human resources management, such as administering payroll and benefits (including sickness, parental, adoption and bereavement leave, pensions, government-related programs, stock and equity plans, and death-in-service programs); logistics; planning and managing corporate travel and other reimbursable expenses; development and training; absence monitoring; timekeeping; performance appraisals; disciplinary and grievance processes; administration of termination of employment; career planning; administration of relocation; assessing qualifications and eligibility for a particular role or project; right to work requirements; diversity and inclusion surveys and other activities (including to understand make up and representation in the workforce, for pay gap initiatives, and to allow us to offer support to certain demographic groups); background checks and reference checks; alumni programs to stay in touch with former Personnel; and complaint/hotline programs.
-
For our internal business purposes, such as enforcing our policies and rules; organizational analysis; management reporting; managing Harvest Sherwood assets and our global workforce; work planning, both administratively and organizationally (including work scheduling and billing clients); project management; auditing; maintaining records on business activities (such as accounting and commercial activities);
document management and similar activities; budgeting; real estate management; IT administration of our technologies, network, and intranet; IT security management and tasks; analyzing and managing meeting information (including, but not limited to, recording content, conversations and discussions, which may include your voice and/or images in case of video conferences, trainings, meetings, and other events); documenting corporate decision-making processes; making online events available to our Personnel for training purposes and/or to allow them or our partners to review such events after they have finished; helping Personnel improve meeting management; increasing meeting productivity; optimizing meeting resource distribution; and providing insights into interactions with people you network with.
-
For our internal research and product improvement purposes, such as verifying or maintaining the quality or safety of our products or services; improving our products and services; designing new products and services; and debugging and repairing errors with our systems, networks, and equipment.
-
For legal, safety or security reasons, such as complying with legal requirements; complying with reporting and similar requirements; conducting compliance training; investigating and responding to claims against Harvest Sherwood and its customers and Personnel; monitoring the safety of our fleet drivers and the security of our fleet vehicles; understanding the circumstances surrounding incidents involving our fleet vehicles; completing due diligence (such as in connection with a corporate transaction); equal opportunity monitoring and compliance; environmental, health, and safety purposes; maintaining medical and sickness records and occupational health programs; keeping emergency contacts; behavioral safety purposes; detecting, preventing, and responding to security, health and safety incidents; ascertaining your fitness for work; protecting the rights, health, and safety of Personnel and others, including by preventing or reducing the spread of communicable diseases in the workplace; receiving legal advice or approval; and, protecting against malicious, deceptive, fraudulent, or illegal activity.
-
Workplace and fleet monitoring, such as controlling and monitoring Harvest Sherwood facilities and fleet vehicles (through, e.g., use of surveillance cameras or other methods of identification and monitoring); using systems, applications, records and equipment to protect individuals and property; recording telephone conversations; monitoring email, Internet, device, vehicle, and other asset usage; time clock recording; ensuring compliance with internal policies and practices; maintaining global/entity-wide digital communication and data sharing/storage platforms; investigating unauthorized use, access, loss or theft of property or Personal Data breaches; and providing IT support to Personnel.
-
In connection with a corporate transaction, such as if we acquire, or some or all of our assets are acquired by, another entity, including through a sale in connection with bankruptcy and other forms of corporate change.
-
For marketing, including externally promoting Harvest Sherwood and our brands, goods, and services. We may do so via social media, through public relations materials and communications, reputation and business-development efforts, branding, at events, and directly to business customers. For example, we may provide business partners with the names and work contact information of account representatives or post pictures of Personnel who attend public Harvest Sherwood events. We do not use Sensitive Personal Data (like your Social Security number or driver’s license number) for such purposes.
We only use Sensitive Personal Data for the following purposes: (i) performing services or providing goods reasonably expected by an average consumer; (ii) detecting security incidents;
(iii) resisting malicious, deceptive, or illegal actions; (iv) ensuring the physical safety of individuals; (v) for short-term, transient use, including non-personalized advertising; (vi) performing or providing internal business services; (vii) verifying or maintaining the quality or safety of a service or device; or (viii) for purposes that do not infer characteristics about you.
We may use anonymized, de-identified, or aggregated information for any purpose.
-
-
How and to Whom We Disclose Personal Data
We may disclose Personal Data to third parties, including the categories of recipients described below:
-
Affiliates and subsidiaries, including parent entities, corporate affiliates, subsidiaries, business units, and other companies that share common ownership with us.
-
Service providers that work on our behalf to provide products and services, such as providers of the following services: IT, payroll management, recruitment, networking and onboarding, learning and training delivery and management, email, mailing and printing, maintenance/facilities management, confidential waste management, access control and monitoring solutions, internal communication channels, data analytics, hotline platform, and workforce assessment, among others.
-
Benefits and other financial services providers, such as health and medical insurance providers and providers of retirement savings and other financial services.
-
Professional consultants, such as accountants, lawyers, financial advisors, and audit firms.
-
Vendors necessary to complete transactions you request, such as shipping companies and logistics providers.
-
Law enforcement, government agencies, and other recipients for legal, security, or safety purposes, such as when we share information to comply with law or legal requirements, to enforce or apply our policies, and to protect our, our customers’, or third parties’ safety, property, or rights.
-
To other entities in connection with a corporate transaction, such as if we, or some or all our assets, are acquired by another entity, including through a sale in connection with bankruptcy or other forms of corporate change.
-
Business partners that can use Personal Data for their own purposes, such as with certain travel services, financial institutions, software providers, certification providers, business partners that provide add-on benefits (including wellness programs or insurance products), and other third parties who may use this information to market to you directly.
-
Entities to which you have consented to the disclosure, where consent is required by law.
-
-
Additional Disclosures
We do not “sell” or “share” Personnel Personal Data (as such terms are defined under California’s privacy laws). Below please find a chart detailing the categories of Personal Data and with whom it was disclosed for a business purpose in the past 12 months:
Categories of Personal Data We Collect
Categories of Third Parties With Whom We Disclose Personal Data for a Business Purpose
Identifiers (Section 2.A)
Personal information subject to the California Customer Records Act (Section 2.B)
Characteristics of protected classifications under California or federal law (Section 2.C)
Commercial information
(Section 2.D)
Biometric information
(Section 2.E)
-
Affiliates and subsidiaries
-
Service providers
-
Benefits and other financial services providers
-
Professional consultants
-
Vendors necessary to complete transactions you request
-
Law enforcement, government, agencies, and other recipients for legal, security, or safety purposes
-
In connection with a corporate transaction
-
Entities to which you have consented to the disclosure
-
Affiliates and subsidiaries
-
Service providers
-
Benefits and other financial services providers
-
Professional consultants
-
Vendors necessary to complete transactions you request
-
Law enforcement, government, agencies, and other recipients for legal, security, or safety purposes
-
In connection with a corporate transaction
-
Entities to which you have consented to the disclosure
-
Affiliates and subsidiaries
-
Service providers
-
Benefits and other financial services providers
-
Professional consultants
-
Vendors necessary to complete transactions you request
-
Law enforcement, government, agencies, and other recipients for legal, security, or safety purposes
-
In connection with a corporate transaction
-
Business partners
-
Entities to which you have consented to the disclosure
-
Affiliates and subsidiaries
-
Service providers
-
Benefits and other financial services providers
-
Professional consultants
-
Vendors necessary to complete transactions you request
-
Law enforcement, government, agencies, and other recipients for legal, security, or safety purposes
-
In connection with a corporate transaction
-
Business partners
-
Entities to which you have consented to the disclosure
-
Affiliates and subsidiaries
-
Service providers
Internet or other electronic network activity information (Section 2.F)
Geolocation data (Section 2.G)
Audio, electronic, visual, thermal, olfactory, or similar information (Section 2.H)
Professional or employment-related information (Section 2.I)
Education information
(Section 2.J)
-
Professional consultants
-
Law enforcement, government, agencies, and other recipients for legal, security, or safety purposes
-
In connection with a corporate transaction
-
Entities to which you have consented to the disclosure
-
Affiliates and subsidiaries
-
Service providers
-
Professional consultants
-
Law enforcement, government, agencies, and other recipients for legal, security, or safety purposes
-
In connection with a corporate transaction
-
Entities to which you have consented to the disclosure
-
Affiliates and subsidiaries
-
Service providers
-
Professional consultants
-
Law enforcement, government, agencies, and other recipients for legal, security, or safety purposes
-
In connection with a corporate transaction
-
Entities to which you have consented to the disclosure
-
Affiliates and subsidiaries
-
Service providers
-
Professional consultants
-
Law enforcement, government, agencies, and other recipients for legal, security, or safety purposes
-
In connection with a corporate transaction
-
Entities to which you have consented to the disclosure
-
Affiliates and subsidiaries
-
Service providers
-
Benefits and other financial services providers
-
Professional consultants
-
Vendors necessary to complete transactions you request
-
Law enforcement, government, agencies, and other recipients for legal, security, or safety purposes
-
In connection with a corporate transaction
-
Entities to which you have consented to the disclosure
-
Affiliates and subsidiaries
-
Service providers
-
Professional consultants
-
Law enforcement, government, agencies, and other recipients for legal, security, or safety purposes
-
In connection with a corporate transaction
-
Entities to which you have consented to the disclosure
Inferences (Section 2.K)
Sensitive personal information (Section 2.L)
-
Affiliates and subsidiaries
-
Service providers
-
Benefits and other financial services providers
-
Professional consultants
-
Vendors necessary to complete transactions you request
-
Law enforcement, government, agencies, and other recipients for legal, security, or safety purposes
-
In connection with a corporate transaction
-
Entities to which you have consented to the disclosure
-
Affiliates and subsidiaries
-
Service providers
-
Professional consultants
-
Law enforcement, government, agencies, and other recipients for legal, security, or safety purposes
-
In connection with a corporate transaction
-
Entities to which you have consented to the disclosure
-
-
Rights Concerning Personal Data
California residents may have certain rights, subject to legal limitations, concerning the collection, use, and disclosure of Personal Data.
-
Right to Know. You have the right to request information about the categories of Personal Data we have collected about you, the categories of sources from which we collected the Personal Data, the purposes for collecting, selling, or sharing the Personal Data, and to whom we have disclosed Personal Data and why. You may also request the specific pieces of Personal Data we have collected about you.
-
Right to Delete. You have the right to request that we delete Personal Data that we have collected from you.
-
Right to Correct. You have the right to request that we correct inaccurate Personal Data that we maintain about you.
California residents may exercise the rights above by emailing us at legal@harvestsherwood.com or calling us at 800-653-2333. We will not discriminate against you for exercising your privacy rights.
Verification: In order to process requests, we will need to obtain information to locate you in our records or verify your identity depending on the nature of the request. In most cases, we will collect some or all the following data elements: first and last name, email address, and telephone number. In some cases, we may request different or additional information, including a signed declaration that you are who you say you are, and will inform you if we need such information.
Authorized Agents: Authorized agents may exercise rights on behalf of California residents by submitting a request via email at legal@harvestsherwood.com or via phone at 800-653-2333 and indicating that they are submitting the request as an agent. We will require the agent to demonstrate authority to act on behalf of the resident by providing signed permission from the resident. We may also require the resident to verify their own identity directly with us or to directly confirm with us that they provided the authorized agent permission to submit the request.
Timing: We will respond to Right to Delete, Right to Correct, and Right to Know requests within 45 days, unless we need more time, in which case we will notify you and may take up to 90 days total to respond to your request.
-
-
Data Security and Data Retention
We maintain reasonable security procedures and technical and organizational measures to protect your Personal Data against accidental or unlawful destruction, loss, disclosure or use.
Your Personal Data will be retained as long as necessary to fulfill the purposes we have outlined above unless we are required to do otherwise by applicable law. This includes retaining your Personal Data to maintain our employment relationship with you; to improve our business over time; to ensure the ongoing legality, safety and security of our services and relationships; or otherwise in accordance with our internal retention procedures. Once your employment or other contractual relationship with us has terminated, we may retain your Personal Data in our systems and records in order to ensure adequate fulfillment of surviving provisions in terminated contracts or for other legitimate business purposes, such as in order to enable easier future onboarding or to demonstrate our business practices and contractual obligations. If you would like to know more about the retention periods applicable to your particular circumstance, you can contact us using details provided in the Contact Information section below.
-
Contact Information
If you have questions regarding this Privacy Notice or how Harvest Sherwood uses your Personal Data, please contact us at legal@harvestsherwood.com or by phone at 800-653-2333 (toll free) or 313-659-7300.