Privacy Policy for California Residents

FrankCrum and/or any affiliated entities (the “Company” or “we”) has developed this Privacy Policy out of respect for the privacy of our employees and their family members, dependents, and beneficiaries. This Policy describes the personal information we collect, both online and offline, for what purposes we use and disclose it, how long we retain it, and whether we sell it or share it for cross-context behavioral advertising purposes. We will collect some information from you for various purposes.  
termsandconditionsimage

Employees and Their Family Members, Dependents, and Beneficiaries Under the Age of 16

We do not knowingly sell or share the personal information of employees or any of their family members, dependents or beneficiaries under 16 years of age. 

Collection of Personal Information and Sensitive Personal Information

In the last 12 months, we have collected the following categories of personal information from or about employees and their family members, dependents, and beneficiaries. For each category of information, we identify below the categories of third parties, service providers, and contractors to whom we have disclosed the information in the last 12 months. The examples provided for each category are not intended to be an exhaustive list or an indication of all specific pieces of information we collect from or about you in each category, but rather the examples are to provide you a meaningful understanding of the types of information that may be collected within each category. 

 iStock-1266858252

Category 

Personal Identifiers 

Examples 

Name, alias, social security number, date of birth, driver’s license or state identification card number, passport number, employee ID number, professional license number, and signature. 

Disclosed in Last 12 Months To 

  • Financial institutions/service providers. 
  • Government agencies. 
  • Benefits administrators and vendors, including third party administrators, 401K administrators, workers’ compensation and unemployment administrators, and wellness vendors. 
  • Insurance carriers, administrators, and brokers/agents including workers’ compensation service providers. 
  • Employee tracking and talent management systems. 
  • Employment Screening service providers including credit and consumer reporting agencies, drug testing and physical testing providers and vendors. 
  • Payroll processors and vendors contracted by FrankCrum for the purpose of providing PEO services (or for payroll, benefits, or human resources processing purposes for FrankCrum internal employees). 
  • Communications providers/vendors. 
  • Social media platforms. 
  • Your direct employer. 
  • IT, cybersecurity, and privacy vendors and consultants. 
  • For Internal FrankCrum Employees: promotional or other fulfilment vendors. 

Retention Period 

Name and employee ID number: Permanent. 

Otherwise, duration of employment plus 6 years. 

 

Category 

Contact Information 

Examples 

Home, postal or mailing address, email address, home phone number, cell phone number. 

Disclosed in Last 12 Months To 

  • Financial institutions/service providers. 
  • Government agencies. 
  • Benefits administrators and vendors, including third party administrators, 401K administrators, workers’ compensation and unemployment administrators, and wellness vendors. 
  • Insurance carriers, administrators, and brokers/agents including workers’ compensation service providers. 
  • Employee tracking and talent management systems. 
  • Payroll processors and vendors contracted by FrankCrum for the purpose of providing PEO services (or for payroll, benefits, or human resources processing purposes for FrankCrum internal employees). 
  • Communications providers/vendors. 
  • Your direct employer. 
  • IT, cybersecurity, and privacy vendors and consultants. 
  • For Internal FrankCrum Employees: promotional or other fulfilment vendors. 

Retention Period 

Permanent 

 

Category 

Account Information 

Examples 

Username and password for access to FrankCrum accounts, systems, and any required security or access code, password, or credentials allowing access to your FrankCrum accounts. 

Disclosed in Last 12 Months To 

  • IT, cybersecurity, and privacy vendors and consultants. 
  • For Internal FrankCrum Employees: Promotional or other fulfilment vendors. 

Retention Period 

Username: Permanent 

Password or security code: while in use + 2 years  

 

Category 

Protected Classifications 

Examples 

Race, ethnicity, national origin, sex, gender, sexual orientation, gender identity, religious or philosophical beliefs, age, physical or mental disability, medical condition, veteran or military status, familial status, language, or union membership. 

Disclosed in Last 12 Months To 

  • Government agencies. 
  • Benefits administrators and vendors, including third party administrators, 401K administrators, workers’ compensation and unemployment administrators, and wellness vendors. 
  • Insurance carriers, administrators, and brokers/agents including workers’ compensation service providers. 
  • Payroll processors and vendors contracted by FrankCrum for the purpose of providing PEO services (or for payroll, benefits, or human resources processing purposes for FrankCrum internal employees). 
  • Your direct employer. 

Retention Period 

Duration of employment plus 6 years. 

 

Category 

Physical Characteristics or Description 

Examples 

Information on your driver’s license (such as eye color, hair color, height, weight), as well as information collected to the extent relevant for workplace investigations. 

Disclosed in Last 12 Months To 

  • Government agencies. 
  • Benefits administrators and vendors, including third party administrators, 401K administrators, workers’ compensation and unemployment administrators, and wellness vendors. 
  • Insurance carriers, administrators, and brokers/agents including workers’ compensation service providers. 
  • Payroll processors and vendors contracted by FrankCrum for the purpose of providing PEO services (or for payroll, benefits, or human resources processing purposes for FrankCrum internal employees). 
  • Your direct employer. 

Retention Period 

Duration of employment plus 6 years 

 

Category 

Biometric Data 

Examples 

Biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as fingerprints and palm/handprint reading.   

Please Note: Only if UKG biometric time clocks are utilized by Client and consented to by the employee. 

  • Note: Biometric information is housed on the time clock; see Biometric Information Policy for more information. 

Disclosed in Last 12 Months To 

  • Timekeeping vendor if used by client.  

Retention Period 

While in use for identity verification, plus 1 year 

 

Category 

Visual, Audio, or Video Recording 

Examples 

Photographs or images, security footage or video monitoring only if provided by Client, or recorded phone calls or meetings if with FrankCrum only. 

For Internal FrankCrum Employees: Photographs or images, or recorded phone calls or meetings. 

Disclosed in Last 12 Months To 

  • Insurance carriers, administrators, and brokers/agents including workers’ compensation service providers. 
  • Your direct employer. 
  • For Internal FrankCrum Employees: Employee tracking, security, and talent management systems. 

Retention Period 

While in use for identity verification, plus 1 year 

Surveillance Videos: 60 days 

 

Category 

Post-Offer Information 

Examples 

Information provided in your job application or resume if provided to FrankCrum, information gathered as part of background screening and reference checks if applicable, post-offer drug test results if applicable, information recorded in job interview notes by persons conducting job interviews, information contained in candidate evaluation records and assessments information in work product samples you provided to FrankCrum, voluntary disclosures by you, and Wage Opportunity Tax Credit (WOTC) information. 

Disclosed in Last 12 Months To 

  • Financial institutions/service providers. 
  • Government agencies. 
  • Insurance carriers, administrators, and brokers/agents including workers’ compensation service providers. 
  • Employee tracking and talent management systems. 
  • Payroll processors and vendors contracted by FrankCrum for the purpose of providing PEO services (or for payroll, benefits, or human resources processing purposes for FrankCrum internal employees). 
  • Your direct employer. 

Retention Period 

Duration of employment plus 6 years 

 

Category 

Employment History 

Examples 

Information regarding prior job experience, positions held, and when permitted by applicable law your salary history or expectations if provided to FrankCrum. 

Disclosed in Last 12 Months To 

  • Government agencies. 
  • Employee tracking and talent management systems. 
  • Insurance carriers, administrators, and brokers/agents including workers’ compensation service providers. 
  • Payroll processors and vendors contracted by FrankCrum for the purpose of providing PEO services (or for payroll, benefits, or human resources processing purposes for FrankCrum internal employees). 
  • Your direct employer. 

Retention Period 

Duration of employment plus 6 years 

 

Category 

Education Information 

Examples 

Information contained in your resume regarding educational history and information in transcripts or records of degrees and vocational certifications obtained if provided to FrankCrum. 

Disclosed in Last 12 Months To 

  • Government agencies. 
  • Employee tracking and talent management systems. 
  • Insurance carriers, administrators, and brokers/agents including workers’ compensation service providers. 
  • Payroll processors and vendors contracted by FrankCrum for the purpose of providing PEO services (or for payroll, benefits, or human resources processing purposes for FrankCrum internal employees). 
  • Your direct employer. 

Retention Period 

Duration of employment plus 6 years 

 

Category 

Professional or Employment-Related Information 

Examples 

Information contained in your personnel file and in other employment documents and records, including information in new hire or onboarding records, I-9 forms, tax forms, time and attendance records, non-medical leave of absence records, workplace injury and safety records, performance evaluations, disciplinary records, investigatory records, training records, licensing and certification records, compensation and health benefits records, pension, retirement and 401(k) records, COBRA notifications, business expense records, and payroll records. 

Disclosed in Last 12 Months To 

  • Financial institutions/service providers. 
  • Government agencies. 
  • Benefits administrators and vendors, including third party administrators, 401K administrators, workers’ compensation and unemployment administrators, and wellness vendors. 
  • Insurance carriers, administrators, and brokers/agents including workers’ compensation service providers. 
  • Employee tracking and talent management systems. 
  • Payroll processors and vendors contracted by FrankCrum for the purpose of providing PEO services (or for payroll, benefits, or human resources processing purposes for FrankCrum internal employees). 
  • Your direct employer. 

Retention Period 

Duration of employment plus 6 years, unless related to hazardous exposure records required by OSHA to be retained for at least 30 years. We retain permanently a record of your name, last position held, and dates of employment. 

 

Category 

Financial Information 

Examples 

Bank account number for direct deposit, Routing Number, and other financial account information. 

Disclosed in Last 12 Months To 

  • Financial institutions/service providers. 
  • Government agencies. 
  • Payroll processors and vendors contracted by FrankCrum for the purpose of providing PEO services (or for payroll, benefits, or human resources processing purposes for FrankCrum internal employees). 
  • Your direct employer. 

Retention Period 

Duration of employment plus 6 years. 

 

Category 

Facility & Systems Access Information 

Examples 

Information identifying you, if you accessed our secure company facilities, systems, networks, computers, and equipment, and at what times, login credentials, or other security access method. 

Disclosed To in Last 12 Months  

  • Security and risk management vendors, including IT, cybersecurity, and privacy vendors and consultants. 
  • Corporate vendors (meaning an entity, as opposed to a natural person, that purchases, leases, or finances any of our products or services). 
  • Original equipment manufacturers (OEM) (suppliers and makers of the products we sell or lease to our customers). 

Sold To or Shared With 

Not sold for monetary or other valuable consideration, and not shared for cross-context behavioral advertising. 

Retention Period 

Duration of our relationship with you plus 3 years. 

 

Category 

Family Information 

Examples 

Contact information for family members listed as emergency contacts if provided to FrankCrum; contact information for dependents and other dependent information if provided to FrankCrum. 

Disclosed in Last 12 Months To 

  • Government agencies. 
  • Benefits administrators and vendors, including third party administrators, 401K administrators, workers’ compensation and unemployment administrators, and wellness vendors. 
  • Insurance carriers, administrators, and brokers/agents including workers’ compensation service providers. 
  • Your direct employer. 

Retention Period 

Duration of employment plus 6 years 

 

Category 

Medical and Health Information 

Examples 

Medical information contained in such documents as doctor’s notes for absences or work restrictions, medical leave of absence records, requests for accommodation, interactive process records, ergonomic assessments and accommodation records, and correspondence with you and your medical or mental health provider(s) regarding any request for accommodation or medical leave of absence, as well as information in post-hire drug test results. 

Disclosed in Last 12 Months To 

  • Government agencies. 
  • Benefits administrators and vendors, including third party administrators, 401K administrators, workers’ compensation and unemployment administrators, and wellness vendors.  
  • Insurance carriers, administrators, and brokers/agents including workers’ compensation service providers. 
  • Payroll processors and vendors contracted by FrankCrum for the purpose of providing PEO services (or for payroll, benefits, or human resources processing purposes for FrankCrum internal employees). 
  • Your direct employer. 

Retention Period 

Duration of employment plus 6 years, unless related to hazardous exposure records required by OSHA to be retained for at least 30 years 

 

Category 

Internet, Network, and Computer Activity 

Examples 

Internet or other electronic network activity information related to usage of FrankCrum networks, servers, intranet, or shared drives, including system and file access logs, browsing history, search history, and usage history. 

Disclosed in Last 12 Months To 

  • Government agencies. 
  • Employee tracking and talent management systems. 
  • Payroll processors and vendors contracted by FrankCrum for the purpose of providing PEO services (or for payroll, benefits, or human resources processing purposes for FrankCrum internal employees). 
  • Communications providers/vendors. 
  • Your direct employer. 
  • IT, cybersecurity, and privacy vendors and consultants. 

Retention Period 

4 years 

 

Category 

Mobile Device Security Information 

Examples 

Data identifying employee devices accessing FrankCrum networks and systems, including cell phone make, model, and serial number, and cell phone provider. 

Disclosed in Last 12 Months To 

  • Government agencies. 
  • Employee tracking and talent management systems. 
  • Communications providers/vendors. 
  • Your direct employer. 
  • IT, cybersecurity, and privacy vendors and consultants. 

Retention Period 

4 years 

 

Category 

Online Portal and Mobile App Access and Usage Information 

Examples 

Username and password for the employee’s account on FrankCrum controlled and managed systems, apps, and online portals, account history, usage history, and file access logs. 

Disclosed in Last 12 Months To 

  • Government agencies. 
  • Employee tracking and talent management systems. 
  • Payroll processors and vendors contracted by FrankCrum for the purpose of providing PEO services (or for payroll, benefits, or human resources processing purposes for FrankCrum internal employees). 
  • Communications providers/vendors. 
  • Your direct employer. 
  • IT, cybersecurity, and privacy vendors and consultants. 

Retention Period 

Username kept indefinitely; passwords for 2 years; rest for 4 years 

 

Category 

Geolocation Data 

Examples 

IP address and/or GPS location (latitude & longitude) recorded in timekeeping applications on cell phones that employees use to clock in and out and that log the geographic location at which each time entry was made. 

Disclosed in Last 12 Months To 

  • Government agencies. 
  • Employee tracking and talent management systems. 
  • Payroll processors and vendors contracted by FrankCrum for the purpose of providing PEO services (or for payroll, benefits, or human resources processing purposes for FrankCrum internal employees). 
  • Timekeeping vendor if used by client. 
  • Communications providers/vendors. 
  • Your direct employer. 
  • IT, cybersecurity, and privacy vendors and consultants. 

Retention Period 

4 years 

 

Category 

Inferences 

Examples 

For internal FrankCrum employees only: Based on analysis of the personal information collected, we may develop inferences regarding employees’ preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes. 

Disclosed in Last 12 Months To 

  • For internal FrankCrum and FrankCrum Staffing employees only: Human Resource Testing and Assessment vendor 

Retention Period 

Duration of employment plus 6 years 

 

Of the above categories of Personal Information, the following are categories of Sensitive Personal Information we may collect from or about employees: 

  • Personal Identifiers (social security number, driver’s license or state identification card number, passport number). 
  • Account Information (your FrankCrum account log-in, in combination with any required security or access code, password, or credentials allowing access to the account). 
  • Protected Classifications (racial or ethnic origin, religious or philosophical beliefs, union membership, or sexual orientation). 
  • Biometric Information (only if used for the purpose of uniquely identifying you for time keeping purposes). 
  • Medical and Health Information. 
  • Geolocation Data (IP address and/or GPS location, latitude & longitude). 

Personal information does not include: 

  • Publicly available information from government records. 
  • Information that a business has a reasonable basis to believe is lawfully made available to the public by the employee or from widely distributed media.  
  • Information made available by a person to whom the employee has disclosed the information if the employee has not restricted the information to a specific audience.  
  • De-identified or aggregated information. 

We may collect your personal information from the following sources: 

  • You, the employee, when you voluntarily submit information. 
  • FrankCrum systems, networks, software applications, and databases you log into or use while performing your job, including from vendors the FrankCrum engages to manage or host such systems, networks, applications or databases. 
  • Government agencies. 
  • Insurance carriers, administrators, and brokers/agents including workers’ compensation service providers. 
  • Credit and consumer reporting agencies. 
  • Drug testing and physical testing providers and vendors. 
  • HR support vendors, including administrators of benefits, leaves of absence, workers’ compensation, unemployment claims, payroll, timekeeping, expense management, and training platforms. 
  • Social media platforms. 
  • Recruiters. 
  • Staffing agencies. 
  • Personal references and former employers. 
  • Other employees, contractors, vendors, and customers based on your interactions with them. 
  • Web forms submitted through our websites. 
  • Health and welfare service providers or third-party administrators. 

We may disclose your personal information to the following categories of service providers, contractors or third parties: 

  • Financial institutions/service providers. 
  • Government agencies. 
  • Benefits administrators and vendors, including third party administrators, 401K administrators, workers’ compensation and unemployment administrators, insurance brokers, and wellness vendors. 
  • Insurance carriers, administrators, and brokers/agents including workers’ compensation service providers. 
  • Employee tracking and talent management systems. 
  • Payroll processors and vendors contracted by FrankCrum for the purpose of providing PEO services (or for payroll, benefits, or human resources processing purposes for FrankCrum internal employees). 
  • Communications providers/vendors. 
  • Timekeeping vendor if used by client. 
  • Social media platforms. 
  • Your direct employer. 
  • IT, cybersecurity, and privacy vendors and consultants. 
  • Promotional or other fulfilment vendors. 
  • Human Resource Testing and Assessment vendor. 

We may collect and disclose your personal information for any of the following business purposes: 

  1. To fulfill or meet the purpose for which you provided the information. For example, if you share your name and contact information to become an employee, we will use that Personal Information in connection with your employment with your employer or your relationship with us.
  2. To assist your direct employer in complying with local, state, and federal law and regulations requiring maintenance of certain records (such as immigration compliance records, travel records, personnel files, wage and hour records, payroll records, accident or safety records, and tax records).
  3. To comply with local, state, and federal law and regulations that apply to FrankCrum.
  4. To manage and process payroll.
  5. To validate an employee’s identity for payroll and timekeeping purposes. 
  6. To grant employees access to securely utilize time clocks as applicable.
  7. To maintain commercial insurance policies and coverages, including for workers’ compensation and other liability insurance.
  8. To manage workers’ compensation claims.
  9. To administer, manage, and maintain group health insurance benefits, 401K and/or retirement plans, and other FrankCrum benefits and perks.
    1. Management of Employees
    2.  Workplace investigations (such as investigations of workplace accidents or injuries, harassment, or other misconduct). 
    3. Evaluation of job applicants and candidates for employment or promotions. 
    4. Information gathered through background checks on job applicants and employees and to verify employment references. 
    5. Decisions regarding an employee’s employment, including decisions to hire, terminate, promote, demote, transfer, suspend or discipline. 
      To provide Human Resources best practices consulting services to your direct employer, including the following topics:
  10. To communicate with employees regarding employment-related administrative matters such as upcoming benefits enrollment deadlines, action items, availability of W2s, and other alerts and notifications.
  11. To implement, monitor, and manage electronic security measures on FrankCrum networks, software applications or systems, including managing and securing online portal, MyFrankCrum as well as on employee devices that are used to access FrankCrum networks, software applications or systems.
  12. To engage in corporate transactions requiring review or disclosure of employee records subject to non-disclosure agreements, such as for evaluating potential mergers and acquisitions of FrankCrum.
  13. To assist in communications with an employee’s family or other contacts in case of emergency or other necessary circumstance.
  14. To evaluate, assess, and manage FrankCrum’s business relationship with vendors, service providers, and contractors that provide services to FrankCrum.
  15. To improve user experience on FrankCrum computers, networks, software applications or systems, and to debug, identify, and repair errors that impair existing intended functionality of our systems.
  16. To detect security incidents involving potentially unauthorized access to and/or disclosure of Personal Information or other confidential information, including proprietary or trade secret information and third-party information that FrankCrum receives under conditions of confidentiality or subject to privacy rights.
  17. To protect against malicious or illegal activity and prosecute those responsible.
  18. To prevent identity theft.
  19. To verify and respond to consumer requests under applicable consumer privacy laws.
  20. To provide marketing materials and communications for our products and services including those of our business partners and/or service providers. 
  21. To provide you with support and to respond to your inquiries, including to investigate and address your concerns, monitor, and improve our responses.  

We do NOT sell or share your personal information in exchange for monetary consideration. However, we may sell or share your personal information to third parties for other valuable considerations such as cross context behavioral advertising.  

We do NOT and will not use or disclose your sensitive personal information for purposes other than the following: 

  1. To perform the services reasonably expected by an average employee who requests those services. 
  2. To detect security incidents that compromise the availability, authenticity, integrity, and confidentiality of stored or transmitted personal information. 
  3. To resist malicious, deceptive, fraudulent, or illegal actions directed at the business and to prosecute those responsible for those actions. 
  4. To ensure the physical safety of natural persons. 
  5. For short-term, transient use.  
  6. To perform services on behalf of FrankCrum. 
  7. To verify or maintain the quality or safety of a product, service or device that is owned, manufactured, manufactured for, or controlled by the FrankCrum, and to improve, upgrade, or enhance the service or device that is owned, manufactured by, manufactured for, or controlled by the FrankCrum. 
  8. For purposes that do not involve inferring characteristics about the consumers. 

Notice of Right of California Residents to Opt-Out of the Selling and Sharing of Your Information

While we do not sell or share your personal information in exchange for money, we may sell or share your personal information for other valuable considerations. You have the right to tell us NOT to sell or share your personal information. You have the full and free right to opt-out of our disclosure of your personal information to any third parties where the disclosure constitutes “selling” or “sharing” as defined by the California Privacy Rights Act. You may exercise your right to opt-out without fear of discrimination for doing so. To opt-out of our selling or sharing of your information, meaning, we will not disclose your information to third parties for any monetary or other valuable consideration, you can do any of the following:  

  • Click HERE to be taken to an online opt-out submission form.  
  • Visit FrankCrum’s website and click on Privacy Center to be taken to an online submission form.  
  • You can use a Global Privacy Controls (GPC) signal. FrankCrum will process opt-out preferences from GPC signals, which are in formats commonly used and recognized by businesses, such as an HTTP field header, as requests to opt-out of sale or sharing. The GPC signal opt-out will only apply to the browser you are using on your device; it will not apply to other browsers and/or devices to which GPCs are not activated or to offline sales. 
  • If you are unable to submit an opt-out through any of the above methods, please call our toll-free privacy line at1-800-393-0815, Option 21 for assistance and a representative will assist in meeting your needs.  

You can have an authorized agent submit a request on your behalf. To submit an opt-out through use of an authorized agent, you must provide that agent with written permission signed by you to submit an opt-out on your behalf, except when using an opt-out preference signal. The authorized agent may call our toll-free privacy line at 1-800-393-0815, Option 21 to make the opt-out request and for directions for submitting the proof of authorization and the authorized agent’s proof of identification to the Company. We maintain the right to deny any request from an authorized agent that does not submit sufficient proof that they have been authorized by you to act on your behalf.  

A request to opt-out need not be a verifiable consumer request. However, we may deny a request to opt-out if we have a good faith, reasonable, and documented belief that a request to opt-out is fraudulent. If we deny your request to opt-out, we shall inform you of our decision not to comply and provide an explanation as to why we believe the request is fraudulent. 

Retention of Personal Information

We will retain each category of personal information in accordance with our established data retention schedule as indicated above. Some of the retention periods in the retention schedule above are measured from a particular point in time that has not occurred yet, such as the end of employment or end of a relationship (whether business, contractual, or transactional) plus a certain number of years. Where no particular event is defined in the retention schedule as the point from which the retention period is measured, we will measure the retention period from either (1) the date the record or data was collected, created, or last modified, (2) the date of the particular transaction to which the record or data pertains, or (3) another triggering event that is determined to be reasonable and appropriate based on the nature of the data and the legal/business needs for its continued use. 

In deciding how long to retain each category of personal information that we collect, we consider many criteria, including, but not limited to: the business purposes for which the Personal Information was collected; relevant federal, state and local recordkeeping laws; applicable statute of limitations for claims to which the information may be relevant; and legal preservation of evidence obligations.  

We apply our data retention procedures on an annual basis to determine if the business purposes for collecting the personal information, and legal reasons for retaining the personal information, have both expired. If so, we will purge the information in a secure manner.  

Third Party Vendors

We may use other companies and individuals to perform certain functions on our behalf. Examples include administering e-mail and payroll services. Such parties only have access to the personal information needed to perform these functions and may not use or store the information for any other purpose.  

Business Transfers

In the event we sell or transfer a particular portion of our business assets, employee information may be one of the business assets transferred as part of the transaction. If substantially all of our assets are acquired, employee information may be transferred as part of the acquisition.

Compliance With Law and Safety

We may disclose specific personal and/or sensitive personal information based on a good faith belief that such disclosure is necessary to comply with or conform to the law or that such disclosure is necessary to protect employees or the public. 

Use of Cookies, Pixels, and Other Tracking Technologies

Cookies are small files that a website may transfer to a user’s computer that reside there for either the duration of the browsing session (session cookies) or on a permanent, until deleted, basis (persistent cookies) that may be used to identify a user, a user’s machine, or a user’s behavior. We make use of cookies under the following circumstances and for the following reasons: 

  • Provide you with services available through the website and to enable you to use some of its features 
  • Authenticate users and prevent fraudulent use of user accounts 
  • Identify if users have accepted the use of cookies on the website 
  • Compile data about website traffic and how users use the website to offer a better website experience 
  • Understand and save visitor preferences for future visits, such as remembering your login details or language preference, to provide you with a more personal experience, or to avoid you having to re-enter your preferences every time you use the website 
  • Track your browsing habits to enable us to show advertising which is more likely to be of interest to you, including advertising by third parties on our website 

You may delete cookies from your web browser at any time or block cookies on your equipment, but this may affect the functioning of or even block the website. You can prevent saving cookies (disable and delete them) by changing your browser settings accordingly at any time. It is possible that some functions will not be available on our website when the use of cookies are deactivated. Check the settings of your browser. Below you can find some guidance:  

Do Not Track (DNT) is a privacy preference that users can set if they do not want web services to collect information about their online activity. We do not respond to DNT signals. 

External Links

Our website contains links to other sites. We are not responsible for the privacy practices or the content of such websites. To help ensure the protection of your privacy, we recommend that you review the Privacy Policy of any site you visit via a link from our website. 

Passwords

The personal data record created through your registration for your various FrankCrum accounts, including to access timekeeping and payroll applications, can only be accessed with the unique password associated with those records. To protect the integrity of the information contained in those records, you should not disclose or otherwise reveal your passwords to third parties. 

Employees and Their Family Members, Dependents, and Beneficiaries Under the Age of 16

We do not knowingly sell or share the personal information of employees or any of their family members, dependents or beneficiaries under 16 years of age.

How We Protect the Information That We Collect

The protection of the information that we collect about employees is of the utmost importance to us and we take every reasonable measure to ensure that protection, including: 

  • We use internal encryption on all data stores that house voluntarily captured data. 
  • We use commercially reasonable tools and techniques to protect against unauthorized access to our systems. 
  • We restrict access to private information to those who need such access in the course of their duties for us. 
  • Database level encryption is adopted on all data captured from the visitor and customer.  
  • HTTPS, only TLS 1.2, is adopted for data transferring. 
  • Access control mechanism is adopted to prevent unauthorized access and modification. 
  • Monitoring and Early Warning System is adopted to help ensure fraudulent behaviors can be inspected. 

Rights Under the CCPA and CPRA

This section of the Privacy Policy applies only to California residents. If you are a California resident, you have the following rights pursuant to the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA): 

  1. Right to Know. The right to request, up to 2 times in a 12-month period, that we identify to you (1) the categories of personal information we have collected, shared or sold about you, (2) the categories of sources from which the personal information was collected, (3) the business purpose for which we use this information, and (4) the categories of third parties with whom we disclose or have disclosed your personal information; 
  2. Right to Access. The right to request, up to 2 times in a 12-month period, that we provide you access to or disclose to you the specific pieces of personal information we have collected about you. 
  3. Right to Delete. The right to request, up to 2 times in a 12-month period, that we delete personal information that we have collected from you, subject to certain exceptions. 
  4. Right to Correct. The right to request that we correct inaccurate personal information (to the extent such an inaccuracy exists) that we maintain about you.  
  5. Right to Opt-Out. The right to opt-out of the selling or sharing of your personal information to third parties. 
  6. Right to Limit. The right to limit the use or disclosure of your sensitive personal information.  
  7. The right to designate an authorized agent to submit one of the above requests on your behalf. See below for how you can designate an authorized agent; and 
  8. The right to not be discriminated against or retaliated against for exercising any of the above rights. 

You can submit any of the above types of consumer requests through any of the 3 options below: 

  1. Submit an online request on our website at Data Subject Requests Link 
  2. Call our privacy toll-free line at 1-800-393-0815, Option 21.  
  3. Email privacy@frankcrum.com 

How We Will Verify That it is Really You Submitting the Request 

If you are a California resident, when you submit a Right to Know, Right to Access, Right to Delete, or Right to Correct request through one of the methods provided above, we will ask you to provide some information to verify your identity and respond to your request. Specifically, we will ask you to verify information that can be used to link your identity to information in our possession, which depends on the nature of your relationship and interaction with us. 

Responding to your Right to Know, Right to Access, Right to Delete, and Right to Correct Requests 

Upon receiving a verifiable request from a California resident, we will confirm receipt of the request no later than 10 business days after receiving it. We endeavor to respond to a verifiable request within forty-five (45) calendar days of its receipt. If we require more time (up to an additional 45 calendar days, or 90 calendar days total from the date we receive your request), we will inform you of the reason and extension period in writing. We will deliver our written response by mail or electronically, at your option. The response we provide will also explain the reasons we cannot comply with a request, if applicable.  

We do not charge a fee to process or respond to your verifiable request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request. 

For a request to correct inaccurate personal information, we will accept, review, and consider any documentation that you provide, and we may require that you provide documentation to rebut our own documentation that the personal information is accurate. You should make a good-faith effort to provide us with all necessarily information at the time that you make the request to correct. We may deny a request to correct if we have a good-faith, reasonable, and documented belief that a request to correct is fraudulent or abusive. If we deny your request to correct, we shall inform you of our decision not to comply and provide an explanation as to why we cannot comply with a request, if applicable.  

Responding to Your Request to Opt-Out of the Selling or Sharing of Your Personal Information  

We will act upon a request to opt-out within fifteen (15) business days of its receipt. We will notify all third parties to whom we have sold or shared personal information of your request and instruct them to comply with the request within the same time frame. We will notify you when this has been completed by mail or electronically, at your option.  

A request to opt-out need not be a verifiable request. However, we may deny a request to opt-out if we have a good faith, reasonable, and documented belief that a request to opt-out is fraudulent. If we deny your request to opt-out, we shall inform you of our decision not to comply and provide an explanation as to why we believe the request is fraudulent. 

If You Have an Authorized Agent: 

If you are a California resident, you can authorize someone else as an authorized agent who can submit a request on your behalf. To do so, you must either (a) execute a valid, verifiable, and notarized power of attorney, or (b) provide other written, signed authorization that we can then verify. When we receive a request submitted on your behalf by an authorized agent who does not have power of attorney, that person will be asked to provide written proof that they have your permission to act on your behalf. We will also contact you and ask you for information to verify your own identity directly and not through your authorized agent. We may deny a request from an authorized agent if the agent does not provide your signed permission demonstrating that they have been authorized by you to act on your behalf.  

Consent to Terms and Conditions

By onboarding as an employee with FrankCrum, you consent to all terms and conditions expressed in this Privacy Policy. 

Changes to Our Privacy Policy

As our services evolve and we perceive the need or desirability of using information collected in other ways, we may from time to time amend this Privacy Policy. We encourage you to check our website frequently to see the current Privacy Policy in effect and any changes that may have been made to them. If we make material changes to this Privacy Policy, we will post the revised Privacy Policy and the revised effective date on this website. Please check back here periodically or contact us at the address listed at the end of this Privacy Policy. 

Individuals with Disabilities

This Policy is in a form that is or will be made accessible to individuals with disabilities. 

Questions About the Policy

If you have any questions about this Privacy Policy, please contact us at privacy@frankcrum.com or call 800-393-0815, Option 21. 

Policy Details – Table of Revision  

Revised on  

Version  

Description  

Approved by  

October 25, 2024  

2.0  

Revision of Employee Privacy Policy with new CPRA requirements 

Danielle Grubb 

Corporate Counsel