image

California Employee Privacy Policy

Effective Date: January 1, 2023

Apria Healthcare LLC (“Apria,” “we,” “our,” or “us”) respects the privacy of our employees’ personal information.

Pursuant to the California Consumer Privacy Act, as amended by the California Privacy Rights Act of 2020 (“CCPA”), we are required to provide California employees and applicants with a privacy policy that contains a comprehensive description of our online and offline practices regarding our collection, use, sale, sharing, and retention of their personal information as well as a description of the rights they have regarding their personal information. This Privacy Policy provides the information the CCPA requires as well as other useful information regarding our collection and use of personal information.

Please review this Privacy Policy carefully. From time to time, we may change this Privacy Policy. If we do, we will post an amended version on this webpage and on our SharePoint policy page. You also may receive a copy by contacting us as described in the “How to Contact Us” section below.

This Privacy Policy covers the following topics:

  1. Scope of Privacy Policy
  2. Notice at Collection of Personal Information
  3. Disclosure of Personal Information
  4. Retention of Personal Information
  5. Your Rights
  6. How to Submit a Request to Know, Delete, and/or Correct
  7. Our Process for Verifying a Request to Know, Delete, and/or Correct
  8. Other Relevant Policies, Including Monitoring
  9. Accessibility
  10. How to Contact Us

 

  1. Scope of Privacy Policy

When This Policy Applies

This Privacy Policy is intended solely for, and is applicable only to, current and former California employees. Where relevant, it also applies to job applicants, interns, agency workers, contractors, consultants, directors, and other individuals whose information we collect in connection with providing employment. For ease of reference, this Privacy Policy generally refers to employee data, but this does not indicate in any way that an individual is our employee.

When This Policy Does Not Apply

This Privacy Policy does not apply to individuals who are not California residents.

This Privacy Policy also does not apply to our collection and use of your personal information in a consumer or business-to-business capacity. For more information on our collection and use of your personal information in that capacity, including how we process opt-out preference signals, please see our online privacy policy available here.

  1. Notice at Collection of Personal Information

Personal Information We Collect

The CCPA defines “personal information” to mean information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular California resident or household. Personal information does not include publicly available, deidentified, or aggregated information or lawfully obtained, truthful information that is a matter of public concern. For purposes of this Privacy Policy, we will refer to this information as “Personal Information.”

We currently collect and, in the 12 months prior to the Effective Date of this Privacy Policy, have collected the following categories of Personal Information from employees or applicants:

From Employees:

  • Identifiers (name, email address, postal address, Social Security number, driver’s license number, other types of state identification card numbers such as California ID Cards, passport number, [Internet Protocol address, online identifiers])
  • Unique personal identifiers (cookies, beacons, pixel tags, mobile ad identifiers, or other similar technology; employee number, unique pseudonym, or user alias; telephone numbers or other forms of persistent or probabilistic identifiers that can be used to identify a particular employee or device)
  • Signature
  • Telephone numbers
  • Physical characteristics or description
  • Bank account number
  • Corporate credit card number
  • Account log-in, financial account, debit card, or credit card number [for corporate account] in combination with any required security or access code, password, or credentials allowing access to an account
  • Internet or other electronic network activity information (information regarding an individual’s interaction with a website or application, including streaming sites (browsing history; and search history)
  • Geolocation data if applicable, RoadNet, GPS, mobile tracking
  • Commercial information (records of products purchased from us)
  • Medical/health information (including medical condition)
  • Insurance policy number or subscriber identification number
  • Any unique identifier used by health insurer to identify employee
  • Education information (including formal education and on-the-job training programs)
  • Professional or employment-related information (including employment history)
  • Biometric information for certain roles (fingerprint; imagery of face; voice recordings from which an identifier template, such as a faceprint, a minutiae template, or a voiceprint, can be extracted
  • Characteristics of protected classifications under California or federal law (race; sex/gender (including pregnancy, childbirth, breastfeeding and/or related medical conditions); age (40 and older); disability (mental and physical, including HIV/AIDS, cancer, and genetic characteristics); citizenship or immigration status; marital status; medical condition (genetic characteristics, cancer or a record or history of cancer); military or veteran status; political affiliations or activities; status as a victim of domestic violence, assault, or stalking; requests for family care leave, for leave for an employee’s own serious health condition, or for pregnancy disability leave; color; sexual orientation or sex life; gender identity/expression; religion (including religious dress and grooming practices); national or ethnic origin; ancestry; union membership; and genetic information)
  • Contents of an employee’s mail, email, and text messages unless we are the intended recipient of the communication

From Applicants:

  • Identifiers (name, email address, postal address, Social Security number, driver’s license number, other types of state identification card numbers such as California ID Cards, Internet Protocol address, online identifiers)
  • Unique personal identifiers (cookies, beacons, pixel tags, mobile ad identifiers, or other similar technology; unique pseudonym or user alias; telephone numbers or other forms of persistent or probabilistic identifiers that can be used to identify a particular employee or device)
  • Signature
  • Telephone numbers
  • Physical characteristics or description
  • Bank account number
  • Medical/health information (including medical condition)
  • Education information (including formal education and on-the-job training programs)
  • Professional or employment-related information (including employment history)
  • Biometric information (imagery of face)
  • Characteristics of protected classifications under California or federal law (race; sex/gender (including pregnancy, childbirth, breastfeeding and/or related medical conditions); age (40 and older); disability (mental and physical, including HIV/AIDS, cancer, and genetic characteristics); citizenship or immigration status; medical condition (genetic characteristics, cancer or a record or history of cancer); military or veteran status; color; sexual orientation or sex life; gender identity/expression; religion (including religious dress and grooming practices); national or ethnic origin; ancestry; union membership; and genetic information)

 

Sources of Personal Information

We collect Personal Information directly from you (California residents) and from recruiters; staffing companies; references; former employers; educational institutions; online providers (such as through LinkedIn and similar providers); government entities; other employees; business partners; payroll providers; benefits providers; retirement account providers; medical providers; background checks; company bankers; claims handlers; authentication and single sign-on providers; advertising networks; internet service providers; professional employer organizations; data analytics providers; operating systems, platforms, or software; social networks; and data brokers. We do not collect all categories of Personal Information from each source.

Purposes for Collection

We currently collect and have collected the above categories of Personal Information for all purposes of providing employment, including to:

  • Comply with federal and state laws, regulations, and requirements of regulators/government agencies, accrediting bodies, and enforcement personnel;
  • Perform background checks and, for certain roles motor vehicle records checks;
  • Process payroll (including to ensure appropriate salary payment and salary administration);
  • Verify your employment eligibility;
  • Administer employee benefit programs such as 401(k) plans and Health Savings Accounts;
  • Assess applicants and complete the hiring process;
  • Administer programs under which certain employees use their personal vehicles for work purposes;
  • Enhance productivity, improve safe driving performance, minimize security risks, and maximize network performance;
  • Administer employee discount program;
  • Ensure employees carry out their responsibilities in accordance with our policies and applicable laws and regulations;
  • Consider employees for promotion;
  • Measure employee performance;
  • Complete applications for licenses and for applications to government payors for durable medical equipment supplier numbers;
  • Respond to customer complaints;
  • Administer drug testing programs;
  • Assess and respond to accommodation requests;
  • Administer our employee recruiting program;
  • Administer leaves of absence;
  • Solicit and administer contributions to our political action committee;
  • Assess whether additional security at our facilities is advisable;
  • Enforce our legal rights;
  • Engage in other legitimate business purposes reasonably required for our day-to-day operations such as accounting, financial reporting, and business planning;
  • Identify you as a veteran;
  • Administer and maintain corporate bank accounts;
  • Manage corporate expenses;
  • Process security clearances;
  • Perform diversity and inclusion initiatives, including data analysis, development, and deployment;
  • Perform company audits;
  • Administer our wellness program;
  • Contact individuals for emergency purposes;
  • Manage workers’ compensation claims;
  • Arrange business travel;
  • Investigate and handle disciplinary actions or termination;
  • Establish training and/or development requirements;
  • Detect lost/stolen equipment, fraud, or other types of wrongdoing;
  • Grant and monitor your access to secure company facilities and files;
  • Engage in corporate transactions requiring review of employee records and information, such as for evaluating potential mergers and acquisitions;
  • Maintain commercial insurance policies and coverages, including for workers’ compensation and other liability insurance;
  • Maintain commercial licenses for enterprise applications and platforms;
  • Prevent the spread of illness and administer programs during a pandemic and/or influenza season (e.g., COVID-19); and
  • Perform call monitoring and surveillance (g., CCTV).

 

We also use your Personal Information for the purposes described in our C-14 Personnel Records Policy; C-26-1A Affirmative Action Program – Apria; IS-PO-005 Access Control Policy; IS-PO-008 Security Monitoring and Response Policy, IS-PO-013 Apria Mobile Device Policy; IS-PO-014 Remote Access Policy; Global Financial Authority Policy.

  1. Disclosure of Personal Information

The following table identifies the categories of Personal Information that we disclosed for a business purpose in the 12 months preceding the Effective Date of this Privacy Policy and, for each category, categories of recipients to whom we disclosed Personal Information.

Employees:

Categories of Personal Information

Categories of Recipients

Personal identifiers (name; email address; postal address; Social Security number; driver’s license number; other types of state identification card numbers; passport number; Internet Protocol address, online identifiers; cookies, beacons, pixel tags, mobile ad identifiers, or other similar technology; employee number, unique pseudonym, or user alias; telephone numbers or other forms of persistent or probabilistic identifiers that can be used to identify a particular employee or device; signature; telephone numbers; physical characteristics or description; bank account number; corporate credit card number; account log-in, financial account, debit card, or credit card number [for corporate account] in combination with any required security or access code, password, or credentials allowing access to an account; information regarding an individual’s interaction with a website or application, including streaming sites; browsing history; and search history; geolocation data; records of products purchased from us)

Human resource information systems; operating systems and platforms; customer relationship management systems; background check service providers; government or law enforcement entities; applicant and recruiter software; payroll/tax providers; expense management service providers; enterprise travel providers; data analytics providers; company bankers; authentication and single sign-on providers; security providers; mobile device management providers; accountants; lawyers; benefits providers; social networks; company insurers; communication service providers; consultants and other professional advisors

Medical and insurance information (medical/health information (including medical condition); insurance policy number or subscriber identification number; any unique identifier used by health insurer to identify employee)

Benefits providers; company insurers; professional employer organizations; human resource information systems; company insurers; communication service providers; lawyers; government or law enforcement entities

Education, employment history, and related information

Applicant and recruiter software; professional employer organizations; human resource information systems; payroll/tax providers; background check service providers; benefits providers; lawyers; government or law enforcement entities

Biometric information for certain roles (fingerprint; imagery of face; voice recordings from which an identifier template, such as a faceprint, a minutiae template, or a voiceprint, can be extracted)

Human resource information systems; operating systems and platforms; background check service providers; government or law enforcement entities; applicant and recruiter software; payroll/tax providers; data analytics providers; authentication and single sign-on providers; security providers; mobile device management providers; benefits providers; company insurers; communication service providers; consultants and other professional advisors

Characteristics of protected classifications under California or federal law (race; sex/gender (including pregnancy, childbirth, breastfeeding and/or related medical conditions); age (40 and older); disability (mental and physical, including HIV/AIDS, cancer, and genetic characteristics); citizenship or immigration status; medical condition (genetic characteristics, cancer or a record or history of cancer); military or veteran status; color; sexual orientation or sex life; gender identity/expression; religion (including religious dress and grooming practices); national or ethnic origin; ancestry; union membership; and genetic information)

Applicant and recruiter software; professional employer organizations; government or law enforcement entities; human resource information systems; benefits providers; payroll/tax providers; company insurers; background check service providers; lawyers

 

Applicants:

Categories of Personal Information

Categories of Recipients

Personal identifiers (name; email address; postal address; Social Security number; driver’s license number; other types of state identification card numbers; Internet Protocol address, online identifiers; cookies, beacons, pixel tags, mobile ad identifiers, or other similar technology; unique pseudonym or user alias; telephone numbers or other forms of persistent or probabilistic identifiers that can be used to identify a particular employee or device; signature; telephone numbers; physical characteristics or description; bank account number

Human resource information systems; operating systems and platforms; background check service providers; government or law enforcement entities; applicant and recruiter software; payroll/tax providers; data analytics providers; security providers; accountants; lawyers; benefits providers; company insurers; communication service providers; consultants and other professional advisors

Medical and insurance information (medical/health information (including medical condition))

Benefits providers; company insurers; professional employer organizations; human resource information systems; company insurers; communication service providers; lawyers; government or law enforcement entities

Education, employment history, and related information

Applicant and recruiter software; professional employer organizations; human resource information systems; payroll/tax providers; background check service providers; benefits providers; lawyers; government or law enforcement entities

Biometric information for certain roles (imagery of face)

Human resource information systems; operating systems and platforms; background check service providers; government or law enforcement entities; applicant and recruiter software; payroll/tax providers; security providers; benefits providers; company insurers; communication service providers; consultants and other professional advisors

Characteristics of protected classifications under California or federal law (race; sex/gender (including pregnancy, childbirth, breastfeeding and/or related medical conditions); age (40 and older); disability (mental and physical, including HIV/AIDS, cancer, and genetic characteristics); citizenship or immigration status; medical condition (genetic characteristics, cancer or a record or history of cancer); military or veteran status; color; sexual orientation or sex life; gender identity/expression; religion (including religious dress and grooming practices); national or ethnic origin; ancestry; union membership; and genetic information)

Applicant and recruiter software; professional employer organizations; government or law enforcement entities; human resource information systems; benefits providers; payroll/tax providers; company insurers; background check service providers; lawyers

 

We disclosed Personal Information to the above categories of recipients for all of the business or commercial purposes identified in the above “Purposes for Collection” section.

We have not sold or shared Personal Information in the twelve (12) months preceding the Effective Date of this Privacy Policy. We do not knowingly collect, sell, or share the Personal Information of individuals under 16 years of age. We do not collect or process Personal Information for the purpose of inferring characteristics.

 

  1. Retention of Personal Information

We retain your Personal Information for as long as necessary to fulfill the purposes for which we collect it, such as to provide you with services you have requested, and for the purpose of satisfying any legal, accounting, contractual, or reporting requirements that apply to us. Please contact us as described in the “How to Contact Us” section below for more information on our employee data retention schedule.

  1. Your Rights

If you are a California resident, you have the following rights with respect to your Personal Information:

  • The right to know what Personal Information we have collected about you, including the categories of Personal Information, the categories of sources from which we collected Personal Information, the business or commercial purpose for collecting, selling, or sharing Personal Information (if applicable), the categories of third parties to whom we disclose Personal Information (if applicable), and the specific pieces of Personal Information we collected about you;
  • The right to delete Personal Information that we collected from you, subject to certain exceptions;
  • The right to correct inaccurate Personal Information that we maintain about you;
  • If we sell or share Personal Information, the right to opt-out of the sale or sharing;
  • If we use or disclose sensitive Personal Information for purposes other than those allowed by the CCPA and its regulations, the right to limit our use or disclosure; and
  • The right not to receive discriminatory treatment by us for the exercise of privacy rights conferred by the CCPA.

  1. How to Submit a Request to Know, Delete, and/or Correct

You may submit a request to know, delete, and/or correct by calling the HR Service Center at 1-800- 305-0263. You also may submit a request by email at HRServiceCenter@owens-minor.com.

 

If you submit a request to delete online, we may ask you to confirm separately that you want your Personal Information deleted.

If you are submitting a request on behalf of a California resident, please submit the request through one of the designated methods discussed above. After submitting the request, we will require additional information to verify your authority to act on behalf of the California employee.

In addition to the CCPA rights discussed above, California law provides current and former employees with the right to request certain information relating to their employment, such as the right to access their personnel file and payroll records. Because these requests are governed by laws that contain different requirements than the CCPA, we handle such requests separately from CCPA requests. If you would like to make such a request, please reach out to your Employee Relations representative.

If you would like to update your personal information, such as a change of name or address, you can update that information yourself on the ADP system. If you have questions about your employment, please contact HR Connect at (800) 305-0263, or HRConnect@apria.com.

  1. Our Process for Verifying a Request to Know, Delete, and/or Correct

We will comply with your request upon verification of your identity and, to the extent applicable, the identity of the California employee on whose behalf you are making such request.

If you maintain a password-protected account, we may verify your identity through existing authentication practices available through your account. Prior to disclosing or deleting the Personal Information, we will ask you to re-authenticate yourself with respect to that account.

If you do not maintain a password-protected account, or if you are an account-holder but we suspect fraudulent or malicious activity with your account,] we will verify your identity either to a “reasonable degree of certainty” or a “reasonably high degree of certainty” depending on the sensitivity of the Personal Information and the risk of harm to you by unauthorized disclosure, deletion, or correction as applicable.

For requests to access categories of Personal Information and for requests to delete or correct Personal Information that is not sensitive and does not pose a risk of harm by unauthorized deletion or correction, we will verify your identity to a “reasonable degree of certainty” by verifying at least two data points that you previously provided to us and which we have determined to be reliable for the purpose of verifying identities.

For requests to access specific pieces of Personal Information or for requests to delete or correct Personal Information that is sensitive and poses a risk of harm by unauthorized deletion or correction, we will verify your identity to a “reasonably high degree of certainty” by verifying at least three pieces of Personal Information previously provided to us and which we have determined to be reliable for the purpose of verifying identities. In addition, you will be required to submit a signed declaration under penalty of perjury stating that you are the individual whose Personal Information is being requested.

  1. Other Relevant Policies, Including Monitoring

When we hire you, we provide you with other policies and procedures that govern your use of our offices, networks, computers, and other devices. We have the right to monitor your use of our offices and electronic resources in accordance with those policies and procedures.

For more information, please read Apria’s policies on IT, Access, Personnel Records Policy, etc. You can find copies of these policies on SharePoint or by contacting Employee Relations or HR Connect.

  1. Accessibility

We are committed to ensuring this Privacy Policy is accessible to individuals with disabilities. If you wish to access this Privacy Policy in an alternative format, please contact us as described below.

  1. How to Contact Us

To contact us for questions or concerns about our privacy policies or practices please contact the HR Service Center, HRServiceCenter@owens-minor.com.