California privacy policy and notice

Pursuant to the California Consumer Privacy Act, as amended by the California Privacy Rights Act (together, the “CCPA”), this California Privacy Policy and Notice (the “CA Privacy Notice”) supplements the Everest Group Global Privacy Notice for Applicants, Candidates, Employees and Contractors (“Global Privacy Notice”), which describe[s] the personal data that we collect, the sources from which we collect it, how long we retain it, the purposes for which we use it, the limited circumstances under which we disclose personal information, and to whom we disclose it.  This CA Privacy Notice explains our online and offline practices regarding the collection, use, and disclosure of “personal information” of all job applicants, candidates, employees and contractors of Everest Group and its affiliated companies who reside in California. Please read this Notice carefully so you understand our practices regarding your information.

For more information about the types of information we collect and use in connection with your general access and use of our website, please review our general Privacy Notice here.

This CA Privacy Notice covers all job applicants, candidates, employees and individual contractors (including current and former), contingent workers, interns, agency workers, consultants, and directors, and the individual employees or personnel of contractors or service providers of Everest Group and its affiliated companies, who reside in California.  We also may process the personal data of other individuals whose data is provided to us in connection with these relationships (e.g., next-of-kin, emergency contact information and/or dependents).

As defined by the CCPA, “personal information” includes any information that identifies, relates to, describes, references, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household. Personal information does not include deidentified or aggregated consumer information, certain regulated information, or information made available to the general public.

The personal information that Everest Group collects, or has collected from job applicants, candidates in the 12 months prior to the effective date of this CA Privacy Notice falls into the following categories established by the California Consumer Privacy Act:

 

 

Categories of PI Collected	Examples	Categories of Third Parties to Whom Disclosed
Identifiers	Real name, alias, postal or mailing address, telephone number, nationality, unique personal identifier, i.e., cookies, online identifier, IP address, email address, social security number, driver’s license number, state identification number, immigration data (including passport details and place of birth) or similar identifiers, eligibility to work data	IT and cloud/hosting service providers, such as our email providers, business application providers, managed services providers and IT consultants Vendors that perform background checks and other Human Resources services Professional advisors (accountants, lawyers, and auditors) Former employers and references of our job applicants
Personal information types listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e))	A name, signature, Social Security Number, physical characteristics or description, address, telephone number, driver’s license or state identification card number, education, or employment information Some personal information included in this category may overlap with other categories	IT and cloud/hosting service providers, such as our email providers, business application providers, managed services providers and IT consultants Vendors that perform background checks and other Human Resources services Professional advisors (accountants, lawyers, and auditors) Former employers and references of other job applicants
Internet or other similar network activity	IP addresses, access logs, browsing history, search history, and usage history with respect to job applicant portals or systems	IT and cloud/hosting service providers, such as our email providers, business application providers, managed services providers and IT consultants
Sensory data	Audio recordings, voicemail, or similar electronic information (e.g. Photograph)	IT and cloud/hosting service providers, such as our email providers, business application providers, managed services providers and IT consultants
Legally protected classification characteristics	Race, ethnicity, national origin, sex, gender, sexual orientation, gender identity, age, disability, military status	IT and cloud/hosting service providers, such as our email providers, business application providers, managed services providers and IT consultants Vendors that perform background checks and other Human Resources services Professional advisors (accountants, lawyers, and auditors)
Professional or employment-related information	Information regarding prior job experience, positions held, names of prior supervisors	IT and cloud/hosting service providers, such as our email providers, business application providers, managed services providers and IT consultants Vendors that perform background checks and other Human Resources services
Pre-Hire Information	Job application, resume, background check results, job interview notes, and candidate evaluation records	IT and cloud/hosting service providers, such as our email providers, business application providers, managed services providers and IT consultants Vendors that perform background checks and other Human Resources services
Consumer-Provided Education Information	Information from resumes regarding educational history; transcripts or records of degrees and vocational certifications obtained, grades or class results, disciplinary records, or other education records or information	IT and cloud/hosting service providers, such as our email providers, business application providers, managed services providers and IT consultants Vendors that perform background checks and other Human Resources services

NOTES: The detailed description of PI categories being collected by Everest Group for Employees and Contractors (current and former) are provided under the Section: WHAT PERSONAL DATA DO WE PROCESS? of the Everest Group Global Privacy Notice for Applicants, Candidates, Employees and Contractors

Everest Group collects the above-identified categories of personal information from the following sources:

• Direct collection. We collect information directly from you when you choose to provide it to us by filling out forms or surveys, participating in an interview or other components of the applicant process, or otherwise directly providing the information to us
• Third-Parties. We collect information about you from third parties who support our Human Resources and job application process, including recruitment agencies, background check vendors, and other hiring technologies
• Indirect and technology-based collection. We collect certain information from you indirectly when you access our websites or job posts posted on job applicant portals. Everest Group collects certain identifiers (such as IP addresses) and internet and similar network activity (such as website usage data) from you indirectly using cookies, pixels, and passive tracking technologies

Everest Group may collect and use your personal information for the following business or commercial purposes, consistent with and only as permitted by applicable law:

• Considering job applicants for current and potential future employment opportunities and assessing their skills, qualifications, and interests against our career opportunities
• Evaluating a job applicant’s employment application, corroborating the information contained in the application and any supporting documents, and (where applicable) conducting employment-related screening and background checks. (Please note, we only use background information as permitted by applicable law)
• Scheduling job applicants for interviews and communicating with them about their application and employment opportunities
• Aggregating data for Everest Group’s diversity, equity, and inclusion objectives
• Complying with state and federal laws and regulations governing the employment process and maintaining records pursuant to such laws and regulations
• Communicating with job applicants about their candidacy.
• Keeping records of our interactions and communications with job applicants, candidates, employees and contractors
• Protecting our operations, rights, privacy, safety or property, or that of our affiliates, job applicants, or candidates, employees and contractors and other parties
• For any other purposes that we disclose to you at the time of collection

If you are a California resident, you may have certain rights under the California Privacy Rights Act, (CPRA), including to request information about the collection of your personal information by Everest Group, to access your personal information in a portable format, and to correct or delete your personal information.  If you, or an authorized agent under the California Privacy Rights Act, wish to do any of these things, please contact [email protected].

1. Right to access You have the right to ask for notification and access to specific details about how we have collected and utilized your personal information during the preceding 12 months. Upon receiving and verifying your request, we may provide you with:
   1. the categories and specific pieces of personal data Everest Group has collected,
   2. the categories of sources from which the personal data is collected, the business purpose(s) for collecting the personal data,
   3. and the categories of third parties with whom Everest Group has shared personal data
2. Right to Delete personal data under certain circumstances, subject to any exceptions or limitations under the CCPA;
3. Right to Correct Inaccurate Information. If we maintain inaccurate personal information about you, you have the right to request that we correct that inaccurate personal information, taking into account the nature of the personal information and the purposes of the processing of the personal information
4. Opt-out of the “sale” of personal data. We do not sell your personal data in the conventional sense. However, like many companies, we use advertising services that try to tailor online ads to your interests based on information collected via cookies and similar technologies about your online activity. This is called interest-based advertising. The CPRA’s statutory definition of the term “sale” is broad and may include interest-based advertising

 

You can get more information and opt out of the use of cookies on our sites for interest-based advertising purposes by clicking the Do not sell my personal information link https://everestgrp.com/privacy-policy/ccpa-data-rights/ in the webpage footer and setting your cookies preferences. You will need to set your preferences for each device and each web browser from which you wish to opt-out. This feature uses a cookie to remember your preference, so if you clear all cookies from your browser, you will need to reset your settings.

To exercise the rights described above, you—or someone authorized to act on your behalf—must submit a verifiable consumer request to us by sending an e-mail to [email protected] with the subject line: “CCPA Request”, and send to the following address:

Data Protection Officer, General Counsel’s Office |

Postal Address: Everest Group, 700 Central Expy S, Suite 400, Allen, TX 75013

You may also exercise your data rights by clicking the Do not sell my personal information link https://everestgrp.com/privacy-policy/ccpa-data-rights/. We may provide additional ways for you to exercise your rights from time to time.

Your request must include your name, e-mail address, mailing address, phone number, and the specific requests you are making. If you are an agent submitting a request on behalf of a consumer, we may request that you submit a signed permission from the consumer authorizing you to make the request. In order to protect the privacy and data security of consumers, the verifiable consumer request must:

• Provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative of such consumer; and
• Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it

As indicated above, please be aware that the CCPA provides certain limitations and exceptions to the foregoing rights, which may result in us denying or limiting our response to your request.

You may only make a verifiable consumer request for access or data portability twice within a 12-month period. We will only use personal information provided in a verifiable consumer request to verify the requestor’s identity or authority to make the request. We may also request that you provide additional information if needed to verify your identity or authority to make the request. We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you or the consumer on whose behalf you are making the request.

We will acknowledge receipt of your request within ten (10) business days, and provide a substantive response within 45 business days, or inform you of the reason and extension period (up to 90 days) in writing.

Under the CPRA, only you or an authorized agent may make a request related to your personal data. Note that to respond to your requests to access or delete personal data under the CPRA, we must verify your identity. We may do so by requiring you to log into your Everest Group account (if applicable), provide information relating to your account (which will be compared to information we have, such as profile information), give a declaration as to your identity under penalty of perjury, and/or provide additional information. You may designate an authorized agent to submit your verified consumer request by providing written permission and verifying your identity, or through proof of power of attorney.

California Privacy Rights Act Sensitive Personal Information Statement.  The categories of data that Everest Group collects and discloses for business purposes include “sensitive personal information” as defined under the California Privacy Rights Act.  Everest Group does not use or disclose sensitive personal information for any purpose not expressly permitted by the California Privacy Rights Act.

California Privacy Rights Act Non-Discrimination Statement. Everest Group will not discriminate against you and/or charge you for exercising any of these rights, which is further in line with your rights under the CPRA. Everest Group is not obliged to respond to more than two requests within a 12-month period.

For each category of personal information identified above, Everest Group will only retain such information for as long as necessary to fulfill your requests or the purposes for which it was obtained, as set forth in this CA Privacy Notice. The criteria used to determine our retention periods include (i) for as long as we have an ongoing relationship with you, (ii) as required by a legal obligation to which we are subject, and (iii) as necessary to resolve any disputes or enforce our legal agreements with you.

We reserve the right to amend this CA Privacy Notice at our discretion and at any time. If there are changes to this CA Privacy Notice, we will post them here and update the “Last Updated” date at the top of this document. Continued use of this website after any changes is deemed to be acceptance of those changes. Please check this page periodically for updates.