Privacy Notice - California HR Individuals

Last update: January 1, 2023

Back to Top

Privacy notice and notice at collection of personal information for California HR individuals

Maximus, Inc. and its subsidiaries (we, us, our) provide this privacy notice and notice at collection of personal information (notices) for California Human Resources (HR) individuals. These notices only apply to California residents who are HR individuals. For these notices, HR individuals are defined as job applicants and employees (consumers, you, your).

These notices comply with the California Consumer Privacy Act of 2018 (CCPA), as amended by the California Privacy Rights Act of 2020 (CPRA), and other California privacy laws. Terms defined in the CCPA and CPRA have the same meaning in these notices.

Contents

Purpose
Notice at collection of personal information

Sources of personal information we collect
Personal information we disclose to third parties
Reasonably necessary and proportionate use or sharing of consumers’ sensitive personal information
Your rights regarding your personal information

Shine the Light law
Changes to these notices
Your California privacy rights
How to contact us

Purpose

The CCPA as amended by the CPRA grants consumers rights regarding their personal information held by businesses. The purpose of these notices is to give consumers:

  • A description of Maximus’ online and offline information practices
  • Information about the rights you have regarding your personal information
  • Any information needed to exercise those rights

Return to Contents

Notice at collection of personal information

Return to Contents

Categories of personal information we collect

We collect information that identifies, relates to, describes, references, is capable of being associated with, or could reasonably be directly or indirectly linked with a particular consumer or household (personal information). We collected these categories of personal information from HR individuals in the last 12 months:

Category

Description

A

Personal Identifiers: Unique identifiers such as name, postal address, Internet Protocol (IP) address, email address, or other similar identifiers

B

Personal Information: Includes contact details such as name, address, telephone number (may overlap with other categories)  

C

Protected classification characteristics under California or federal law such as age, race, or color

E

Biometric information such as fingerprints and faceprints

F

Internet or other electronic network activity information including but not limited to browsing history, search history, and information regarding a consumer’s interaction with an Internet website, application, or advertisement

G

Geolocation data such as physical location or movements

H

Sensory data such as audio, visual, or similar information

I

Professional or employment-related information such as current or past job history or performance evaluation

J

Non-public education information per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99) such as education records directly related to a student kept by an educational institution or party acting on its behalf, such a transcript

K

Inferences drawn from other personal information such as a profile reflecting a person’s behavior

L

Sensitive personal information such as a consumer’s Social Security number, driver’s license, state identification number, or passport; precise geolocation data; racial or ethnic origin; religious or philosophical beliefs or union membership; genetic data; the processing of biometric information for the purpose of uniquely identifying a consumer; personal information collected and analysed concerning a consumer’s health; personal information collected and analysed concerning a consumer’s sex life or sexual orientation

 

Personal information does not include: 

  • Publicly available information from government records
  • De-identified or aggregated consumer information
  • Information excluded from the CCPA's scope as amended by the CPRA, such as: 
    • Health or medical information covered by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the California Confidentiality of Medical Information Act (CMIA) or clinical trial data 
    • Personal information covered by certain privacy laws including the Fair Credit Reporting Act (FCRA), the Gramm-Leach-Bliley Act (GLBA) or California Financial Information Privacy Act (FIPA), and the Driver's Privacy Protection Act of 1994

 Return to Contents

Business reasons we collect personal information

We collect consumer personal information for one or more of these business reasons (not a complete list): 

Business reason

Examples

Support our everyday operations, including to meet risk, legal, and compliance requirements

  • Perform accounting, monitoring, and reporting
  • Manage privacy and information security activities
  • Respond to law enforcement requests and as required by law, court order, and governmental regulations, and to exercise and defend legal claims
  • Engage service providers
  • Comply with Maximus and client policies, procedures, and contractual obligations
  • As necessary or appropriate to protect the rights, property, or safety of Maximus, our clients, or others

Manage, improve, and develop our business

  • Improve our website and present its contents
  • Test, analyse, and develop products
  • Support customer relationship management
  • Evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all our assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which personal information we hold is among the assets transferred

Support employment, infrastructure, and human resource management

  • Provide benefits to employees and dependents, including healthcare and retirement plans
  • Manage pay and compensation activities
  • Manage and operate our facilities and infrastructure
  • Recruit and evaluate job applicants for employment
  • Recognize employees
  • Engage employees
  • Reaching your emergency contacts when needed, such as when you are not reachable or are injured or ill

Provide information to consumers

  • Fulfill or meet the reason you gave us the information
  • Provide information, products, or services you ask us for
  • Provide email or text alerts, event registrations, and other notices about our products, services, events, or news that may interest you

 

Our collection, use, and holding your personal information will be consistent with the purpose it was collected or processed for, or another disclosed purpose compatible with the reason we collect it. We will not collect more categories of personal information or share personal information we collect from you for any purpose that is inconsistent with your reasonable expectations without getting your consent.  

Return to Contents

Retention of personal information

We maintain record retention policies and procedures based on applicable law and business needs that determine how long we retain records, including those containing personal information.

Return to Contents

Sale and sharing of personal information

In the last 12 months, we have not sold or shared any personal information subject to the CCPA as amended by the CPRA, including the personal information of a consumer under 16 years old. 

Return to Contents

Sources of personal information we collect

We may get the categories of personal information listed above from these sources (not a complete list): 

  • Directly and indirectly from activity on our websites, client systems, Maximus systems, and email
  • From service providers, contractors, and third parties that interact with us in connection with the services we offer

Return to Contents

Personal information we disclose to third parties

We do not disclose consumer personal information to a third party for a business reason. When we disclose personal information for a business purpose, we enter into a contract that describes the business reason. The contract requires the receiver to keep that personal information confidential and not use it for any purpose except to perform the contract.

Return to Contents

Reasonably necessary and proportionate use or disclosure of consumers’ sensitive personal information

In the last 12 months, we have only used or disclosed the reasonably necessary and proportionate amount of consumers’ sensitive personal information for these purposes that the CCPA as amended by the CPRA permits us to:

  • Provide the benefits we offer
  • Further contract performance
  • Prevent, detect, and investigate privacy and security incidents
  • Resist malicious, deceptive, fraudulent, or illegal actions directed at Maximus, and prosecute those responsible for those actions
  • Ensure the physical safety of natural persons
  • Perform services on behalf of Maximus
  • Verify or maintain the quality or safety of a product, service, or device that is owned, manufactured, manufactured for, or controlled by Maximus, and to improve, upgrade, or enhance the service or device that is owned, manufactured by, manufactured for, or controlled by Maximus

Return to Contents

Your rights regarding your personal information

The CCPA as amended by the CPRA gives you these rights regarding your personal information: 

Right to

Description

Know

Ask for disclosure of personal information Maximus collects about you, from whom we collected it, why we collected it, and, if sold, to whom 

Delete

Personal information we collected from you 

Correct

Inaccurate personal information

Limit

Use and disclosure of sensitive personal information

Non-discriminatory treatment

For exercising any of your rights 

 

Return to Contents

How to make a request

If you are a California HR individual and want to exercise your rights, send your request using How to contact us below. To act on a request to know, delete, or correct, we need to verify your identity. Give us enough information to identify you, such as your:

  • Employee ID
  • Date of birth
  • Name of last manager
  • Project name
  • Project location

Do not give us your Social Security number.

Return to Contents

Authorized agents

You may have an authorized agent exercise your rights under the CCPA as amended by the CPRA. Your agent must show proof that you granted them power of attorney. If you have not granted them power of attorney, your authorized agent must give us a written, signed statement in which you authorize your agent to act for you. Your authorized agent must verify their identity. You may be required to confirm with us directly that you authorized your agent to submit the request on your behalf.

Return to Contents

How we respond to your request

No later than 10 business days after we get your request to delete, correct, or know, we will send you a confirmation. It will say we got your request. We will then respond to your request to delete, correct, or know no later than 45 calendar days after we get the request. If we cannot verify your identity in that time, we may deny your request. We will notify you during that time if we need more time (up to 45 calendar days) to respond to your request.  

Some information is exempt from CCPA requests as amended by the CPRA. Information subject to certain federal privacy laws such as the Gramm-Leach-Bliley Act (GLBA) and the Health Insurance Portability and Accountability Act (HIPAA) are exempt from CCPA requests as amended by the CPRA. 

Other laws may also affect our ability to comply with your request.  State or federal laws requiring that we keep certain information may prevent us from granting your request to delete it. We may decline all or part of your request. 

We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or clearly unfounded. If we find that your request requires a fee, we will tell you why. We will give you a cost estimate before we complete your request

Return to Contents

Shine the Light law

The California “Shine the Light” law gives California residents the right, under certain circumstances, to opt out of the disclosure of certain categories of personal information, as defined in the Shine the Light law, with third parties for their direct marketing purposes, or that we provide a cost-free way for consumers to opt out of any such disclosure. We do not currently disclose your personal information to third parties for their own direct marketing purposes.

Return to Contents

Changes to these notices

We reserve the right to change this privacy notice and notice at collection of personal information at any time. When we do, we will post the revised notices on this webpage with the date of last update.

Return to Contents

Your California privacy rights

If you are a California resident and want to read about the CCPA as amended by the CPRA and other rights you may have under California law regarding your personal information, go to oag.ca.gov/privacy/privacy-laws.

Return to Contents

How to contact us

If you have questions or comments about these notices or our information practices, contact us at:

Phone: 1-833-953-3696
Email: privacyofficial@maximus.com

Do not put personal information in your email. Email may not be secure

Return to Contents