Workforce Privacy Notice
California Workforce Privacy Notice ("Notice")
Updated on: January 8, 2024
This Notice describes how Cintas Corporation together with its relevant subsidiaries, associates, and affiliated companies (“Cintas,” “we,” “us,” or “our”) processes personal data (“personal data”) of Workforce (defined below) in various human resources (“HR”) contexts.
This Notice is designed to meet obligations under the California Consumer Privacy Act, as amended by the California Privacy Rights Act (together, the “CCPA”). In the event of a conflict between any other Cintas policy, statement, or notice and this Notice, this Notice will prevail as to California Workforce, unless stated otherwise. Capitalized terms used but not defined in this Notice shall have the meanings given to them under the CCPA.
Applicability: This Notice applies to the following California residents who provided us with personal data in HR contexts (collectively, “Workforce”):
- Job applicants who have applied for a position with Cintas.
- Current/former employees of Cintas.
- Independent contractors of Cintas.
- California residents whose family member or friend has provided personal data about you to Cintas in an HR context, such as if:
- You are listed as an emergency contact for one of the foregoing.
- You are a beneficiary or dependent of one of the foregoing.
Section 1 of this Notice describes our data practices, including our collection, use, retention, and disclosure (collectively, “process(ing)” of Workforce personal data. Sections 2-4 of this Notice provide information regarding California Workforce rights under the CCPA and how you may exercise them.
Non-Applicability: This Notice does not apply to our consumer facing website(s) or to those of our Workforce acting in their capacity as a consumer, which are addressed in our General Privacy Notice and our U.S. State Privacy Notice.
1. Notice of Data Practices
The description of our data practices in this Notice will be updated at least annually. We may change or update this Notice from time to time. When we do, we will communicate changes and updates by posting the updated Notice with a new “Updated” date. Otherwise, this Notice serves as our notice at collection.
(a) Personal Data Sources and Use
We may collect your personal data directly from you, such as (i) when you apply for a position or become employed or engaged by us (e.g., identification/identity data, contact details, educational and employment data); (ii) indirectly from you, such as by overserving your actions on our network or from information your computer or mobile device transmits when interacting with our network; (iii) from others through interactions in the course of employment or engagement; (iv) from third parties (e.g., references); or (v) from public sources of data.
Generally, we use Workforce personal data for HR Business Purposes and as otherwise related to the operation of our business, including for: performing services; managing interactions and transactions; security; debugging; quality assurance; processing interactions and transactions; and research and development. For example, we may use Workforce personal data for the following purposes:
- Recruitment;
- Conducting background checks;
- Employee onboarding/off-boarding;
- Maintaining personnel records;
- Payroll, reimbursements, and timekeeping;
- Processing leaves of absence;
- Processing workers’ compensation claims;
- Booking employee travel;
- Benefits administration;
- Employee activation initiatives and communications;
- Facilitating diversity and inclusion programs;
- Administering training and education programs;
- HR IT system management, administration, and security;
- Performance management;
- Safety and occupational health;
- Security (including network and physical security); and
- As required by law.
We may also use personal data for “Additional Business Purposes” in a context that is not a sale or share under the CCPA, such as:
- Disclosing it to our Service Providers or Contractors that perform services for us (“Vendors”);
- Disclosing it to you or to other parties at your direction, through your action, or as otherwise requested or permitted by you to enable us to satisfy our obligations to you pursuant to your employment or engagement by Cintas (e.g., payroll processors, benefits providers, some software platform operators, wellness program providers, insurance providers etc.);
- For the additional purposes explained at the time of collection (such as in any additional applicable privacy notice);
- As required or permitted by applicable law;
- To the government or private parties to comply with law or legal process or protect or enforce legal rights or obligations or prevent harm;
- To investigate, prevent, or take action if we think someone might be using information for illegal activities, fraud, or in ways that may threaten someone’s safety or violate our policies or legal obligations; and
- To assignees as part of an acquisition, merger, asset sale, or other transaction where another party assumes control over all or part of our business (“Corporate Transaction”).
Subject to restrictions and obligations under the CCPA, our Vendors may also use your personal data for Business Purposes and Additional Business Purposes, and may engage their own vendors to enable them to perform services for us.
(b) Personal Data Collection, Disclosure, and Retention - By Category
We collect, disclose, and retain Personal Data as follows:
| Category of Personal Data | Examples of Personal Data Collected and Retained | Categories of Recipients |
| 1. Identifiers | Name, alias, postal address, unique personal identifiers, online identifier, Internet Protocol address, e-mail address, account name, Social Security number, driver’s license number, passport number, or other similar identifiers. | Disclosures for Business Purposes:
Sale/Share: None |
| 2. Personal Records | Name, signature, physical characteristics or description, address, telephone number, insurance policy number, medical information, drug screening records, health insurance information, and financial information (e.g., bank account number). Some PI included in this category may overlap with other categories. | Disclosures for Business Purposes:
Sale/Share: None |
| 3. Protected Characteristics or Traits | In some circumstances, we may collect PI that is considered protected under U.S. law, such as age, race, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy, or childbirth), and veteran or military status. | Disclosures for Business Purposes:
Sale/Share: None |
| 4. Commercial Information | Records of products or services purchased or obtained in the HR context, such as benefits you have signed up for. | Disclosures for Business Purposes:
Sale/Share: None |
| 5. Internet Usage Information | When you use our online systems or otherwise interact with us online, we may collect browsing history, search history, and other information regarding your interaction with our systems or other sites, applications, or content. | Disclosures for Business Purposes:
Sale/Share: None |
| 6. Geolocation Data | If you use our systems or interact with us online we may gain access to the approximate, and sometimes precise, location of the device or equipment you are using, or the location from which you are accessing our systems. We may also track the location of Cintas-owned equipment. | Disclosures for Business Purposes:
Sale/Share: None |
| 7. Sensory Data | We may collect audio, electronic, visual, or similar information such as via our video security recordings and our HR hotline. | Disclosures for Business Purposes:
Sale/Share: None |
| 8. Professional or Employment Information | Professional, educational, or employment-related information, including current or past job history or performance evaluations. | Disclosures for Business Purposes:
Sale/Share: None |
| 9. Non-public Education Records | Education records directly related to a student, maintained by an educational institution or party acting on its behalf, such as grades and transcripts. | Disclosures for Business Purposes:
Sale/Share: None |
| 10. Information Derived from Personal Data Collected | Inferences from other information collected about you. These inferences may reflect your preferences, predispositions, abilities, and aptitudes. | Disclosures for Business Purposes:
Sale/Share: None |
| 11. Sensitive Personal Data | Government Issued ID Numbers (Social Security, driver’s license, state ID card, or passport number). | Disclosures for Business Purposes:
Sale/Share: None |
| Account Log-In (e.g., username and password to online account). | Disclosures for Business Purposes:
Sale/Share: None | |
| Financial Data (financial account, debit card, or credit card number in combination with any required security or access code, password, or credentials allowing access to an account). | Disclosures for Business Purposes:
Sale/Share: None | |
| Precise Geolocation (any data that is derived from a device and that is used or intended to be used to locate an individual w/in a geographic area that is equal to or less than the area of a circle with a radius of 1,850 feet). | Disclosures for Business Purposes:
Sale/Share: None | |
| Personal Characteristics (racial or ethnic origin, religious or philosophical beliefs, or union membership), to the extent such information is voluntarily provided by an individual or as required by applicable law. | Disclosures for Business Purposes:
Sale/Share: None | |
| Communication Content (contents of mail, email, and text messages, other than where Cintas is the intended recipient of the communication). | Disclosures for Business Purposes:
Sale/Share: None | |
| Biometric Information (the processing of limited biometric information to the extent it is voluntarily provided for the purpose of optional wellness programs) | Disclosures for Business Purposes:
Sale/Share: None | |
| Health Information (Personal Data collected and analyzed concerning an individual’s health), to the extent such information is voluntarily provided by an individual or as required by applicable law. | Disclosures for Business Purposes:
Sale/Share: None | |
| Sex Life/ Sexual Orientation (Personal Data collected and analyzed concerning an individual’s sex life or sexual orientation), to the extent such information is voluntarily provided by an individual or as required by applicable law | Disclosures for Business Purposes:
Sale/Share: None |
We do not sell your personal data and we do not “share” your personal data for purposes of cross-context behavioral advertising, as defined under the CCPA. We have not engaged in such activities in the 12 months preceding the date this Notice was last updated. Without limiting the foregoing, we do not knowingly sell or “share” personal data of minors under 16 years of age.
Retention of Information. We will keep your personal data for as long as necessary to fulfill the purposes we collected it for and in accordance with our internal document retention policy and any applicable laws. We will retain and use each category of personal data as long as you have a professional relationship with us. Thereafter, we will keep your personal data for as long as is necessary (1) to protect our legal interests; and (2) to keep records required by law. Different retention periods apply for different types of personal data.
Purposes for the Collection, Use, and Disclosure of Sensitive Personal Data. We collect, use, and disclose sensitive personal data for purposes of: performing services on behalf of our business; performing services and providing goods as requested by you; ensuring the quality or safety of services we control or improving those services; ensuring the security and integrity of our infrastructure and the individuals we interact with; establishing and maintaining your employment relationship with us; managing payroll and corporate credit card use; administering and providing benefits; short-term transient use; securing the access to, and use of, our facilities, equipment, systems, networks, applications, and infrastructure; preventing, detecting, and investigating security incidents; resisting and responding to fraud or illegal activities; and other collection and processing that is not for the purpose of inferring characteristics about an individual. We do not use or disclose sensitive personal data for additional purposes.
2. YOUR RIGHTS AND HOW TO EXERCISE THEM
You have the same rights to know/access, obtain a copy, delete, correct, and opt-out as traditional Consumers and may learn more about these rights and how to exercise them in Section II of our U.S. State Privacy Notice.
3. NON-DISCRIMINATION / NO RETALIATION
We will not discriminate or retaliate against you for your exercise of your privacy rights.
4. OUR RIGHTS AND RIGHTS OF OTHERS
Notwithstanding anything to the contrary, we may collect, use and disclose your personal data as required or permitted by applicable law, and this may override your rights under the CCPA. In addition, we are not required to honor your requests to the extent that doing so would infringe upon our or another person’s or party’s rights or conflict with applicable law.
5. CONTACT US
If you have any questions, comments, or concerns about our HR privacy practices, please contact us by e-mail at [email protected] or call us at 844-378-7411. Please note that e-mail communications will not necessarily be secure; accordingly, you should not include sensitive information in your e-mail correspondence with us.