Privacy notice and notice at collection of personal information for California HR individuals
Maximus, Inc. and its subsidiaries (we, us, our) provide this privacy notice and notice at collection of personal information (notices) for California Human Resources (HR) individuals. These notices only apply to California residents who are HR individuals. For these notices, HR individuals are defined as job applicants and employees (consumers, you, your).
These notices comply with the California Consumer Privacy Act of 2018 (CCPA), as amended by the California Privacy Rights Act of 2020 (CPRA), and other California privacy laws. Terms defined in the CCPA and CPRA have the same meaning in these notices.
Purpose
Notice at collection of personal information
- Categories of personal information we collect
- Business reasons we collect personal information
- Retention of personal information
- Sale and sharing of personal information
Sources of personal information we collect
Personal information we disclose to third parties
Reasonably necessary and proportionate use or sharing of consumers’ sensitive personal information
Your rights regarding your personal information
Shine the Light law
Changes to these notices
Your California privacy rights
How to contact us
Purpose
The CCPA as amended by the CPRA grants consumers rights regarding their personal information held by businesses. The purpose of these notices is to give consumers:
- A description of Maximus’ online and offline information practices
- Information about the rights you have regarding your personal information
- Any information needed to exercise those rights
Notice at collection of personal information
Categories of personal information we collect
We collect information that identifies, relates to, describes, references, is capable of being associated with, or could reasonably be directly or indirectly linked with a particular consumer or household (personal information). We collected these categories of personal information from HR individuals in the last 12 months:
Category | Description |
A | Personal Identifiers: Unique identifiers such as name, postal address, Internet Protocol (IP) address, email address, or other similar identifiers |
B | Personal Information: Includes contact details such as name, address, telephone number (may overlap with other categories) |
C | Protected classification characteristics under California or federal law such as age, race, or color |
E | Biometric information such as fingerprints and faceprints |
F | Internet or other electronic network activity information including but not limited to browsing history, search history, and information regarding a consumer’s interaction with an Internet website, application, or advertisement |
G | Geolocation data such as physical location or movements |
H | Sensory data such as audio, visual, or similar information |
I | Professional or employment-related information such as current or past job history or performance evaluation |
J | Non-public education information per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99) such as education records directly related to a student kept by an educational institution or party acting on its behalf, such a transcript |
K | Inferences drawn from other personal information such as a profile reflecting a person’s behavior |
L | Sensitive personal information such as a consumer’s Social Security number, driver’s license, state identification number, or passport; precise geolocation data; racial or ethnic origin; religious or philosophical beliefs or union membership; genetic data; the processing of biometric information for the purpose of uniquely identifying a consumer; personal information collected and analysed concerning a consumer’s health; personal information collected and analysed concerning a consumer’s sex life or sexual orientation |
Personal information does not include:
- Publicly available information from government records
- De-identified or aggregated consumer information
- Information excluded from the CCPA's scope as amended by the CPRA, such as:
- Health or medical information covered by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the California Confidentiality of Medical Information Act (CMIA) or clinical trial data
- Personal information covered by certain privacy laws including the Fair Credit Reporting Act (FCRA), the Gramm-Leach-Bliley Act (GLBA) or California Financial Information Privacy Act (FIPA), and the Driver's Privacy Protection Act of 1994
Business reasons we collect personal information
We collect consumer personal information for one or more of these business reasons (not a complete list):
Business reason | Examples |
Support our everyday operations, including to meet risk, legal, and compliance requirements |
|
Manage, improve, and develop our business |
|
Support employment, infrastructure, and human resource management |
|
Provide information to consumers |
|
Our collection, use, and holding your personal information will be consistent with the purpose it was collected or processed for, or another disclosed purpose compatible with the reason we collect it. We will not collect more categories of personal information or share personal information we collect from you for any purpose that is inconsistent with your reasonable expectations without getting your consent.
Retention of personal information
We maintain record retention policies and procedures based on applicable law and business needs that determine how long we retain records, including those containing personal information.
Sale and sharing of personal information
In the last 12 months, we have not sold or shared any personal information subject to the CCPA as amended by the CPRA, including the personal information of a consumer under 16 years old.
Sources of personal information we collect
We may get the categories of personal information listed above from these sources (not a complete list):
- Directly and indirectly from activity on our websites, client systems, Maximus systems, and email
- From service providers, contractors, and third parties that interact with us in connection with the services we offer
Personal information we disclose to third parties
We do not disclose consumer personal information to a third party for a business reason. When we disclose personal information for a business purpose, we enter into a contract that describes the business reason. The contract requires the receiver to keep that personal information confidential and not use it for any purpose except to perform the contract.
Reasonably necessary and proportionate use or disclosure of consumers’ sensitive personal information
In the last 12 months, we have only used or disclosed the reasonably necessary and proportionate amount of consumers’ sensitive personal information for these purposes that the CCPA as amended by the CPRA permits us to:
- Provide the benefits we offer
- Further contract performance
- Prevent, detect, and investigate privacy and security incidents
- Resist malicious, deceptive, fraudulent, or illegal actions directed at Maximus, and prosecute those responsible for those actions
- Ensure the physical safety of natural persons
- Perform services on behalf of Maximus
- Verify or maintain the quality or safety of a product, service, or device that is owned, manufactured, manufactured for, or controlled by Maximus, and to improve, upgrade, or enhance the service or device that is owned, manufactured by, manufactured for, or controlled by Maximus
Your rights regarding your personal information
The CCPA as amended by the CPRA gives you these rights regarding your personal information:
Right to | Description |
Know | Ask for disclosure of personal information Maximus collects about you, from whom we collected it, why we collected it, and, if sold, to whom |
Delete | Personal information we collected from you |
Correct | Inaccurate personal information |
Limit | Use and disclosure of sensitive personal information |
Non-discriminatory treatment | For exercising any of your rights |
How to make a request
If you are a California HR individual and want to exercise your rights, send your request using How to contact us below. To act on a request to know, delete, or correct, we need to verify your identity. Give us enough information to identify you, such as your:
- Employee ID
- Date of birth
- Name of last manager
- Project name
- Project location
Do not give us your Social Security number.
Authorized agents
You may have an authorized agent exercise your rights under the CCPA as amended by the CPRA. Your agent must show proof that you granted them power of attorney. If you have not granted them power of attorney, your authorized agent must give us a written, signed statement in which you authorize your agent to act for you. Your authorized agent must verify their identity. You may be required to confirm with us directly that you authorized your agent to submit the request on your behalf.
How we respond to your request
No later than 10 business days after we get your request to delete, correct, or know, we will send you a confirmation. It will say we got your request. We will then respond to your request to delete, correct, or know no later than 45 calendar days after we get the request. If we cannot verify your identity in that time, we may deny your request. We will notify you during that time if we need more time (up to 45 calendar days) to respond to your request.
Some information is exempt from CCPA requests as amended by the CPRA. Information subject to certain federal privacy laws such as the Gramm-Leach-Bliley Act (GLBA) and the Health Insurance Portability and Accountability Act (HIPAA) are exempt from CCPA requests as amended by the CPRA.
Other laws may also affect our ability to comply with your request. State or federal laws requiring that we keep certain information may prevent us from granting your request to delete it. We may decline all or part of your request.
We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or clearly unfounded. If we find that your request requires a fee, we will tell you why. We will give you a cost estimate before we complete your request.
Shine the Light law
The California “Shine the Light” law gives California residents the right, under certain circumstances, to opt out of the disclosure of certain categories of personal information, as defined in the Shine the Light law, with third parties for their direct marketing purposes, or that we provide a cost-free way for consumers to opt out of any such disclosure. We do not currently disclose your personal information to third parties for their own direct marketing purposes.
Changes to these notices
We reserve the right to change this privacy notice and notice at collection of personal information at any time. When we do, we will post the revised notices on this webpage with the date of last update.
Your California privacy rights
If you are a California resident and want to read about the CCPA as amended by the CPRA and other rights you may have under California law regarding your personal information, go to oag.ca.gov/privacy/privacy-laws.
How to contact us
If you have questions or comments about these notices or our information practices, contact us at:
Phone: 1-833-953-3696
Email: privacyofficial@maximus.com
Do not put personal information in your email. Email may not be secure