Workplace Privacy Notice

Matthews Workplace Privacy Notice

To California Employees and Independent Contractors

Last Updated: June 1, 2023

1.       Scope

1.1.    This Workplace Privacy Notice (hereafter, “Notice”) is provided pursuant to the California Consumer Privacy Act, as amended by the California Privacy Rights Act and its corresponding regulations (collectively, the “CPRA”). It applies to California residents who are employees, independent contractors, or temporary job workers (collectively, “you”) of Matthews International or any of its affiliates (“Matthews International,” “we,” “us,” or “out”). This Notice explains what types of personal information we may collect from and about you and how we use and share that personal information. Matthews International recognizes the confidential nature of the personal information in its care and is accountable for the compliance of itself and its directors, officers, management, employees, representatives, and agents in protecting this personal information.

1.2.    If you have any questions, comments, or concerns about this policy, please contact us at [email protected].  Persons with disabilities or limited English proficiency may obtain an alternative version of this policy.[1] Please send your request to [email protected].

1.3.    For purposes of this Notice, “personal information” means any information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular individual or household. “Personal information” does not include information that is considered publicly available, aggregated, or deidentified under applicable law.

2.       Categories of Personal Information Collected and Associated Purposes

2.1.    Sources of Personal Information Collected

2.1.1. Directly from you. We collect personal information directly from you in circumstances where you provide personal information (e.g., during the onboarding process, signing up for direct deposit, enrolling in benefits, payroll, or other employment services).

2.1.2. From third parties. In some instances, the personal information we collect has been inferred about you based on other information you provide us, through your interactions with us, or from third parties (e.g. background check and driving record information providers).  When we collect your personal information from third parties, it is either because you have given us express permission to do so, your permission was implied by your actions, or because you provided explicit or implicit permission to the third party to provide the personal information to us.

2.2.    Information Collected

2.2.1. The categories of personal information we may collect and process (but only to the extent and in a manner consistent with applicable law), and associated purposes, are as follows:

2.2.1.1.              Personal identifiers and personal details. Matthews International collects personal identifiers (such as your name, email address, work address, telephone number, or contact details) and relevant personal characteristics. In some instances, we may also create a personal identifier for you, such as an employee number. We use this information to process payroll, maintain employment or contractor records, report and pay taxes and other withholdings and garnishments, manage benefits for employees, facilitate business travel, carry out performance reviews and evaluations, perform risk management activities (including background checks), implement and track safety efforts, respond to workers compensation claims, comply with our legal and contractual obligations, and otherwise as part of typical personnel-related activities.

2.2.1.2.              Financial Data. We may collect financial data (such as your bank account number) to make payments to you or to facilitate business travel.

2.2.1.3.              Compensation, benefits, withholdings, and garnishment information. With respect to employees, we may collect and create information associated with benefits (including beneficiaries), withholdings, garnishments, compensation, vacation and time/off balances, and similar information. We use this information to process payroll, report and pay taxes and other withholdings and garnishments, manage benefits, and otherwise as part of typical employment-related activities.

2.2.1.4.              Work performance information. We may collect and create information associated with your work performance (such as your time records, performance appraisals, feedback, safety records, driving and Department of Transportation records, drug test records, and disciplinary actions) to carry out performance reviews and evaluations, develop and monitor training, perform risk management activities, implement and track safety efforts, comply with our legal and contractual obligations, and otherwise as part of typical personnel-related activities.

2.2.1.5.              Protected class information. We may collect protected class information as defined by applicable law and that is not considered sensitive personal information as described below in section 2.2.1.16 (such as race, gender, age or date of birth, copies of citizenship and right to work information, marital or family status, disability status, and veteran status) to report to regulators and to measure our performance against diversity goals.

2.2.1.6.              Physical characteristics. We may collect information about your characteristics (e.g., height and weight) for work-related equipment, furniture, or furnishings, clothing items, or safety-related purposes.

2.2.1.7.              Biometric information. We may collect and use your biometric information (such as your fingerprints) for the purpose of controlling access to our computer systems, computing devices, and physical jobsite locations. Biometric information may be used for identity verification and authentication, security, and fraud detection and prevention.

2.2.1.8.              Geo-location information. We may automatically monitor your location information electronically when you are working on-site or are in a vehicle owned or leased by Matthews International. For example, we may track badge access to its facilities and worker locations when workers are on duty. We collect this information for safety and security purposes, and otherwise for typical workplace and facilities access monitoring.

2.2.1.9.              Claims and medical reports information. We collect information associated with claims (such as, with respect to employees, workers compensation claims and unemployment claims), including related medical reports. We collect this information to process and respond to such claims, administer the workers compensation program, perform risk management activities, implement and track safety efforts, develop training, and comply with our legal and contractual obligations.

2.2.1.10.          Health information. We may receive health-related information when you are involved in an accident or when you provide it to us (such as, with respect to employees, in connection with a request for sick leave). We use such health- related information to implement and track safety efforts, for staffing purposes, and otherwise as part of typical personnel-related activities. Note that any health information generated or maintained in connection with our employee benefit plan is handled separately and is subject to policies and procedures designed to comply with the federal Health Insurance Portability and Accountability Act (“HIPAA”).

2.2.1.11.          Professional, employment, and education information. Matthews International may maintain personal information that you submitted in connection with a job application or independent contractor proposal. Such information may include professional and employment-related information (such as title, resume/CV, compensation and performance review information, background check results, and qualifications and details of previous employment roles or engagements) and education information (such as academic transcripts and confirmations of attendance at an educational establishment). We may use this information to assess your qualifications for certain positions and opportunities, develop or recommend training programs, comply with legal and contractual obligations, and otherwise as part of typical personnel-related activities.

2.2.1.12.          Audio and visual information. We may monitor and collect activity and communications made using Matthews International communications and computing devices and systems (such as our phone devices and email systems), and we may monitor and record video footage of jobsites taken by security cameras. We use such information for training, quality assurance, information and system security, fraud and other potential criminal activity detection and prevention, and for protecting the safety and rights of Matthews International, you, and others.

2.2.1.13.          Internet or other electronic network activity information, and online identifiers. We may monitor and collect Internet and other network activity information (such as website, application, and file usage) of Matthews International communications and computing devices and systems. In addition, we may collect your IP address and other online identifiers when you use our devices, systems, websites, and other tools. We collect this information for identity verification and authentication, information and system security, fraud and potential criminal activity detection and prevention, compliance and performance monitoring, and as part of typical personnel- related activities.

2.2.1.14.          Signature Data. We collect your signature and related authentication details in connection with any documents you electronically or physically sign and provide to us. This information may be used to maintain the integrity of our processes, enforce rights, prevent fraud, and validate your identity.

2.2.1.15.          Inferences. We may draw inferences from any of the above categories in connection with the purposes stated as to such categories.

2.2.1.16.          Sensitive personal information. The following types of information we collect are considered sensitive personal information under the CPRA:

·         Social security, driver’s license, state identification card, or passport number;

·         Account log-in, financial account number, debit card number, or credit card number in combination with any required security or access code, password, or credentials for allowing access to an account;

·         Precise geolocation;

·         Racial or ethnic origin, religious or philosophical beliefs, or union membership;

·         Contents of an individual’s email and text messages, unless the business is the intended recipient thereof;

·         Biometric data processed for the purpose of uniquely identifying an individual; and

·         Personal information collected and analyzed concerning an individual’s Further details of personal information that may be processed by Matthews International can be found in Appendix A.

3.       Categories of Personal Information Sold or Shared to Third Parties

3.1.    Matthews International does not sell and has not sold your personal information or transferred personal information to third parties to use for their own benefit. Matthews International also does not share your personal information for targeted or cross-context behavioral advertising. Relatedly, we do not sell or share personal information of California residents under 16 years of age.

3.2.    For purposes of this Notice, “sell” means the sale or transfer of your personal information to a third party for monetary or other valuable consideration, subject to certain exceptions in applicable law.  For purposes of this Notice, “share” means transferring, making available or otherwise disclosing your personal information to another party for purposes of sending advertising to you based on your personal information obtained from your activities across distinctly-branded sites. “Share” and “sharing” as used in this section, does not include transfers of personal information described in this Notice as part of a corporate business transaction, such as a merger, acquisition, or joint venture, or in the event of insolvency, bankruptcy, or receivership. Should such an event occur, we will use reasonable efforts to direct the transferee to use personal information you have provided to us in a manner that is consistent with this Notice.

4.       Categories of Personal Information Disclosed to Service Providers

4.1.    We disclose personal information to certain third parties to enable them to fulfill the purposes described in the “Information Collected” section of the Notice above. The personal information provided to our service providers is limited to that personal information which is necessary for them to fulfill these purposes. Our service providers have contractually agreed not to use your personal information other than as necessary to fulfill the applicable purposes and in accordance with the CPRA. In the preceding 12 months, we have disclosed the categories of personal information described above in the “Information Collected” section, with the following categories of service providers:

4.1.1.1.              Data Analytics Providers
4.1.1.2.              Workforce Management and Human Resource Management Providers
4.1.1.3.              Operating Systems and Platforms
4.1.1.4.              Health & Safety Providers
4.1.1.5.              Financial Services Providers
4.1.1.6.              Insurance Providers
4.1.1.7.              Technology Providers
4.1.1.8.              Cybersecurity Providers
4.1.1.9.              Supply Chain Management Providers

4.2.    We disclose personal information to our service providers in accordance with the purposes described in the “Information Collected” section of the Notice above.

5.       Retention of Personal Information

5.1.    We retain each of the categories of personal information and sensitive personal information listed for as long as necessary to carry out the purposes set out above in the “Information Collected” section for which your data is processed unless a longer retention period is required by applicable law. When determining the appropriate period to retain personal information after the employment relationship ends, we take into account how long the personal information is required (e.g. the administration of retirement, disability or survivor’s benefits), our legal and regulatory obligations, the amount, nature and sensitivity of the personal information, the purposes for processing and whether Matthews International can achieve those purposes through other means, and the establishment and defense of legal claims.

5.2.    Thus, your personal information relating to your employment will be kept for a period corresponding to your time with Matthews International, increased by any legal obligations to which Matthews International is bound (such as mandatory recordkeeping), as well as the limitation periods for all legal or administrative actions.

6.       Knowledge of Unauthorized Disclosure

6.1.    Any employees who have knowledge of an impending unauthorized disclosure, whether intentional or unintentional, and who fail to act to prevent the unauthorized disclosure will be subject to discipline as described in the Enforcement section below and/or as otherwise described in the employee handbook, up to and including the immediate dismissal of the offending employee(s).

7.       Enforcement

7.1.    All employees having care over or access to personal information must comply with the policies, procedures and practices described in this Notice.  Any breach of any term or condition of this Notice, whether intentional or unintentional, is grounds for disciplinary action up to and including the immediate dismissal of any and all offending employees.

8.       Children

8.1.    We may collect data about children that are under 16 years old as necessary to provide and administer employment benefits and/or to otherwise comply with applicable laws.  We do not sell or share the personal information of consumers under 16 years of age.

9.       Changes to this Workplace Privacy Notice

9.1.    This Notice is reviewed periodically to ensure it accurately captures all types of personal information collected or any additional or different processing of such personal information. We may, therefore, change this Notice at any time and will update the “Last Updated” date accordingly.  If we make material changes, we will notify you via a posting on the @Matt intranet site and by posting on our applicant portal.

10.   Your Data Privacy Rights

California residents have the following data rights:

10.1.                     Right to Know and to Access

10.1.1.     Subject to certain exceptions, and legal obligations, you have the right to request that we disclose certain information to you about our collection and use of your personal information over the past 12 months, including whether we sell or share such information. You also have the right to request access to personal information collected about you and information regarding the following:

·         The categories of personal information we collected about you;

·         The categories of sources of that information;

·         The business or commercial purposes for which we collect, sell or share personal information about you;

·         The categories of personal information about you that we have disclosed about you and the categories of persons or vendors to whom it was disclosed for a business purpose; and

·         The specific pieces of personal information we have collected about you.

10.1.2.     This information is disclosed above in the “Categories of Personal Information Collected and Associated Purposes” section. You may also submit a request for this information as described below. To protect your personal information, we may request additional information to verify your identify before we act on your request. To the extent legally required, we will provide a copy of the personal information we have collected about you, in a portable and, to the extent technically feasible, readily usable format that allows you to transmit the data to another entity without hindrance.  We may provide this data to you via email to the email address you have provided with your request.

10.2.                     Right to Correction

10.2.1.     You have the right to request that we correct any inaccurate personal information we maintain about you. In response to your request, we may request additional information showing that the information you want to correct is inaccurate.

10.3.                     Right to Deletion

10.3.1.     You may request that we delete your personal information. This right is subject to certain exceptions, and legal obligations imposed by state or federal privacy and employment laws. We will delete or deidentify personal information not subject to one of these exceptions from our records and will direct our service providers to take similar action.

10.4.                     Right to Opt-Out of the Sale or Sharing of Personal Information to Third Parties

10.4.1.    You have the right to opt out of the sale or sharing of your personal information by Matthews International to third parties. We do not sell or share your personal information, as those terms are defined under California law.

10.5.                     Right to Limit Use and Disclosure of Sensitive Personal Information

10.5.1.    You have the right to direct us to limit our use of your sensitive personal information to that use which is necessary to fulfill the purposes reasonably expected by an average consumer who requests those goods or services. California law considers the following pieces of personal information to be “sensitive:” social security number, driver’s license number or other government-issued identification number, financial account number, any health insurance or medical identification number, an account password, security questions and answers, or unique biometric data. We use sensitive personal information only as it is necessary to fulfill the purposes for which it was collected, as described above in the “Sensitive Personal Information” section.

10.6.                     Non-Discrimination or Retaliation

10.6.1.     We will not discriminate or retaliate against you for exercising any of your data privacy rights.

10.7.                     How to Submit a Request

10.7.1.     You or an authorized agent may submit a request to exercise your rights through one of three means:

  1. By calling us toll-free at 1 800.775.7775.
  2. By emailing us at [email protected].
  3. By filling out a Consumer Data Request Form.

10.8.Verification Procedures

10.8.1.     In order to process your request to exercise your rights, we must first verify it using information necessary to complete your request. We may do this by asking you to:

·         Provide specific pieces of personal information we can match against information we may have collected from you previously (such as the last four digits of your Social Security Number, the last four digits of your bank account on file for wage distribution, your employee identification number, or the last four digits of your last pay stub); and

·         Confirm your request using the email and/or telephone account stated in the request.

10.8.2.     We will not collect additional personal information from you for the sole purpose of your exercising your rights under the data protection laws.  Similarly, we will not require you to create an account of any sort, solely for the purpose of exercising your rights under applicable data protection laws.

10.9.   Authorized Agent

10.9.1.    You may authorize another individual or a business registered with the California Secretary of State, called an authorized agent, to make requests on your behalf. We may ask the individual to submit documentation or proof supporting their authority to represent you, and we may ask you to either verify your own identity or confirm that you provided the authorized individual to act on your behalf. Parents of minor children may submit a birth certificate of the child in lieu of an affidavit, in order to make requests on the child’s behalf.

Appendix A

In the course of providing administrative employment services, including processing job applications, we may collect the following specific pieces of personal information from you:

·         Name, email address, gender, home address and telephone number, date of birth, marital status, religious affiliation, employee identification number, and emergency contacts.

·         Residency and work permit status, military status, nationality, and passport information.

·         Social security or other taxpayer/government identification number.

·         Payroll information, banking details.

·         Wage and benefit information.

·         Retirement account information.

·         Sick pay, paid time off, retirement accounts, pensions, insurance, and other benefits information (including the gender, age, nationality and passport information for any spouse, minor children or other eligible dependents and beneficiaries).

·         Date of hire, date(s) of promotions(s), work history, technical skills, educational background, professional certifications and registrations, language capabilities, and training records.

·         Beneficiary and emergency contact information.

·         Records of an employee’s login information including usernames and passwords, systems accessed.

·         Records of locations worked, work absences, vacation/paid time off, entitlement and requests, salary history and expectations, performance appraisals, letters of appreciation and commendation, and disciplinary and grievance procedures (including monitoring compliance with and enforcing our policies).

·         Video surveillance information collected at our facilities.

·         Disciplinary investigation records including the investigators notes, witness information and contacts, pictures or videos submitted by staff, bystanders, guests, and managers.

·         Records of employee badge swipes, computer log-ins, and other access data.

·         Where permitted by law and applicable we may collect the results of credit and criminal background checks, health screening, health certifications, vaccination information, medical records, driving license number.

·         Social media information, including profile picture and publicly shared data.

·         Voicemails, e-mails, correspondence, documents, and other work product and communications created, stored or transmitted using our networks, applications, devices, computers or communications equipment.

·         Date of resignation or termination, reason for resignation or termination, information relating to administering termination of employment (e.g., references).

·         Letters of offer and acceptance of employment.

·         Your resume or CV, cover letter, previous and/or relevant work experience or other experience, education, transcripts, or other information you provide to us in support of an application and/or the application and recruitment process.

·         References and interview notes.

·         Personal information that is necessary for us to retain and administer benefits to another person relating to you.

·         Geolocation information in connection with badge access, computer logins and/or in connection with travelling accommodations (e.g. hotel information, transportation booking information, etc.).

·         Inferences drawn from any of the information identified above to create a profile about you reflecting your preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.

 

 

[1] Aviso de recopilación de información personal a empleados y contratistas de California. Si quiere una

copia de este aviso en español, comuníquese con el centro de servicios de recursos humanos, al (855)

435-7440, opción 2 | [email protected] | Matthews International HR Service Center, 2 NorthShore

Center, Pittsburgh, PA 15212.