2. Collection of Your Information
In addition to the paragraph above describing the information we collect, if you are an employee using Sequoia Workplace available through our Services, you may be asked to provide certain information to enable your employer to evaluate whether you may be at risk for COVID-19. This includes responses you provide to questions about symptoms you may have experienced related to COVID-19. You also may be asked about results of recent COVID-19 tests if your employer has requested that you self-report results.
3. Protection of Your Information
To prevent unauthorized access or disclosure, maintain data accuracy and facilitate the appropriate use of information, Sequoia uses physical, technological and administrative procedures to attempt to protect the personally identifiable information we collect through the Service. Nevertheless, Internet transmissions are never completely private or secure. You understand that any messages or information you send to the Service may be read or intercepted by others. If you have any questions about the security of personally identifiable information collected by Sequoia, please contact us at: email@example.com
4. Use of Your Personally Identifiable Information
Upon our collection of your personally identifiable information, Sequoia may use such personally identifiable information internally, separately or in combination with pre-existing information, for the following purposes:
- To provide any requested information, products or services;
- To access your account profile (MyBenefits), as directed by you;
- To troubleshoot problems with the Service;
- To customize your experience on the Service;
- To contact you with more information about your Sequoia products or services.
5. Disclosure of Your Information
We may disclose your personally identifiable information to our subsidiaries or affiliates and to third party partners whom we occasionally hire to provide services on our behalf, including support services, website services, delivering promotional materials, answering customer questions about our services and new services. Sequoia will only provide those third party partners with the personally identifiable information they need to deliver the services to us and/or on our behalf, and they will be contractually prohibited from using that information for any other purpose. In the event that Sequoia is involved in a transaction such as a merger, stock purchase or sale, or sale of substantially all of Sequoia assets, your personal information may be transferred to the other party in such transaction.
If you are an employee using the Sequoia Workplace available through the Service, any information that you provide or that we receive about you, including data about your use of the Service and the health-related and COVID-19 testing information described in Section 2, may also be shared with your employer, unless prohibited by applicable law.
Sequoia reserves the right to disclose your personally identifiable information if required to do so by law or legal process or otherwise requested by any law enforcement officer or agency acting under color of law. In addition, Sequoia reserves the right to disclose your personally identifiable information based on the good faith belief that such action is necessary or appropriate to: (a) protect and defend the rights or property of Sequoia, or (b) act in urgent circumstances to protect the safety or security of the public or of users of the Sequoia products and the Service.
6. Cross-Border Data Transfers
If you choose to use our Service from regions of the world with laws governing data collection and use that may differ from U.S. law, then please note that you are transferring your personally identifiable information outside of those regions to the U.S. for storage and processing, which does not have the same data protection laws as your jurisdiction. When we transfer your personally identifiable information to the U.S., we take steps to comply with applicable data protection law, in particular legal requirements regarding adequate protection for data transfers. Also, we may transfer your data from the U.S. to other countries or regions in connection with storage and processing of data, fulfilling your requests, and operating our Service. By providing any information, including personally identifiable information, on or to the Service, you consent to such transfer, storage, and processing.
If you are located in the European Economic Area (“EEA”) or the United Kingdom, we will comply with applicable EEA data protection law when transferring your personally identifiable information outside of the EEA. We may transfer your personally identifiable information to countries which have been found to provide adequate protection by the EU Commission (e.g., Switzerland and Canada), use contractual protections for the transfer of personally identifiable information, or transfer to recipients who have certified to the Privacy Shield or adopted Binding Corporate Rules. For more information about how we transfer personally identifiable information outside of the EEA, or to obtain a copy of the contractual safeguards we use for such transfers, you may contact us as specified below.
8. Website Analytics
9. No Spyware or Adware
We do not install any spyware or adware in connection with our Service or distribute any commercial message, or authorize any third party to distribute any commercial message, by means of spyware or adware. “Spyware” or “adware” is any software which has been downloaded to or installed on an Internet user’s computer or device, without the user’s actual consent, and facilitates the distribution of any commercial message to the user. If you feel you may have spyware from another company installed on your machine or device, there are various anti-spyware/adware software applications available on the Internet to identify if this has occurred.
10. User Generated Content
If you use a Service message board, chat room, instant messenger or post any User Generated Content (as defined in the Terms of Service Agreement) you are solely responsible for the content of your messages. You should be aware that when you voluntarily disclose personally identifying Information (for example, your name, street address, email address, or telephone number) on the Service, that information can be read, collected and used by other users of the Service and may result in unsolicited messages, both commercial and otherwise. You agree that by participating in such online public forums, you will not use such forums for any purpose that is unlawful or prohibited by the Sequoia community guidelines that may be in effect from time to time in connection with the Service. We reserve the right to terminate your access to the Service or to take other protective steps if you violate these terms.
11. Privacy Notice for California Residents
This notice reflects our understanding of the law as of the date set forth above, but as of that date the CCPA’s implementing regulations were not final. We may from time-to-time update information in this and other notices regarding our data practices and your rights, modify our methods for responding to your requests, and/or supplement our response to your requests, as we continue to develop our compliance program to reflect the evolution of the law and our understanding of how it relates to our data practices.
A. Applicability and Scope
This Notice covers the collection, use, disclosure, and sale of Consumers’ “Personal Information” (“PI”) as defined by the CCPA, except to the extent such PI is exempt from the notice obligations of the CCPA.
For example, the CCPA does not apply to “protected health information” collected by a “covered entity” or “business associate” as those terms are defined in the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”).
This Notice sets forth our privacy practices as required by the CCPA in those limited circumstances where we are not providing you services that are subject to HIPAA or other applicable law that the CCPA exempts.
B. Collection of PI: Categories and Sources, and Purposes for Collection
We have collected PI in the past 12 months in the categories listed below, and may continue to collect PI about Consumers, including:
|Category of PI||Sources of PI||Business Purposes for PI|
This may include but is not limited to: a real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, social security number, driver’s license number or other similar identifiers.
|2. Personal Records (listed in Cal. Civ. Code § 1798.80(e))
This may include information such as: physical characteristics or description, signature, telephone number, education, employment, employment history, equity grant and equity compensation data, insurance policy number, bank account number, or any other financial information medical information, or health insurance information.
|3. Consumer Characteristics
This may include, but is not limited to: sex, marital status, religion, veteran status, familial status, ethnicity and disability.
|4. Customer Account Details / Commercial Information
This may include, but is not limited to: products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.
|5. Biometric Information
This may include information that can be used to establish individual identity, such as fingerprints and face scans, from which an identifier template can be extracted, and other physical patterns such as sleep, health, or exercise data, that contain identifying info.
|6. Internet Usage Information
This may include, but is not limited to: browsing history, search history, and information regarding your interaction with an Internet Web site, application, or advertisement.
|7. Geolocation Data
This may include, but is not limited to: physical location, IP addresses or other geolocation information.
|8. Sensory Data
This may include, but is not limited to: audio recordings of customer calls, electronic, visual, or similar information.
|9. Professional or Employment Information
This may include, but is not limited to: professional, educational, or employment-related information.
|10. Inferences from PI Collected
This may include, but is not limited to: creating a profile about a Consumer reflecting, among other things, the Consumer’s preferences, characteristics, behavior and aptitudes.
As permitted by applicable law, we do not treat de-identified data or aggregate consumer information as PI and we reserve the right to convert, or permit others to convert, your PI into de-identified data or aggregate consumer information. We have no obligation to re-identify such information or keep it longer than we need it to respond to your requests. This helps us practice data minimization, which we consider to be a privacy best practice consistent with our mission to respect our employees and customers.
C. Sharing of PI
We may share PI with our service providers, other vendors, and affiliates, as may be required in connection with the services that Sequoia or any of its affiliates provides, including without limitation as follows:
|Category of PI Shared||Categories of Service Providers and Third-Party Recipients|
|2. Personal Record||
|3. Consumer Characteristics||
|4. Customer Account Details/Commercial Information||
|5. Biometric Information||
|6. Internet Usage Information||
|7. Geolocation Data||
|8. Professional or Employment Information||
|9. Inferences from PI Collected||
The business purpose for collecting and sharing personal information is listed above in the Collection and Use PI table.
D. We Do Not Sell Your PI
It is our good faith belief that to the best of our knowledge we have not sold your PI in 2019 and do not intend to “sell” your PI as defined under the CCPA.
E. Your Rights under the CCPA
We provide Consumers with the privacy rights described in this section. You have the right to exercise these rights via an authorized agent who meets the agency requirements of the CCPA and related regulations. As permitted by the CCPA, any request you submit to us is subject to an identification and residency verification process (“Verifiable Consumer Request”) via email, phone number or address listed below. This process may consist of, but is not limited to, our verifying your identity through established protocols, or our asking you to confirm information previously submitted to Sequoia.
We will not fulfill your CCPA request unless you have provided sufficient information for us to reasonably verify you are the Consumer about whom we collected PI.
If we cannot comply with a request, we will explain the reasons in our response. You are not required to create an account with us to make a Verifiable Consumer Request. We will use PI provided in a Verifiable Consumer Request only to verify your identity or authority to make the request and to track and document request responses, unless you also gave it to us for another purpose.
We will make commercially reasonable efforts to identify PI that we collect, process, store, disclose and otherwise use and to respond to your Consumer privacy rights requests. We reserve the right to direct you to where you may access and copy responsive PI yourself. We will typically not charge a fee to fully respond to your requests; provided, however, that we may charge a reasonable fee, or refuse to act upon a request, if your request is excessive, repetitive, unfounded or overly burdensome. If we determine that the request warrants a fee, or that we may refuse it, we will give you notice explaining why we made that decision. You will be provided a cost estimate and the opportunity to accept such fees before we will charge you for responding to your request.
Consistent with the CCPA and our interest in the security of your PI, we will not deliver to you your social security number, driver license number or other government-issued ID number, financial account number, any health or medical identification number, an account password, or security questions or answers in response to a CCPA request; however, you may be able to access some of this information yourself through your account if you have an active account with us.
Your Consumer privacy rights are as follows:
The Right to Know
You have the right to send us a request, no more than twice in a twelve-month period, for any of the following for the period that is twelve months prior to the request date:
- The categories of PI we have collected about you.
- The categories of sources from which we collected your PI.
- The business or commercial purposes for our collecting or selling your PI.
- The categories of third parties to whom we have shared your PI.
- The specific pieces of PI we have collected about you. You have the right to make or obtain a transportable copy, no more than twice in a twelve-month period, of your PI that we have collected in the period that is 12 months prior to the request date and are maintaining. Please note that PI is retained by us for various time periods, so we may not be able to fully respond to what might be relevant going back 12 months prior to the request.
- A list of the categories of PI disclosed for a business purpose in the prior 12 months, or that no disclosure occurred.
- A list of the categories of PI sold about you in the prior 12 months, or that no sale occurred. If we sold your PI, we will explain:
- The categories of your PI we have sold.
- The categories of third parties to which we sold PI, by categories of PI sold for each third party.
As noted above, we do not sell your PI. Accordingly, we do not offer an opt-out to the sale of personal data.
Except to the extent we have a basis for retention under CCPA, you may request that we delete your PI that we have collected directly from you and are maintaining. Our retention rights include, without limitation, to complete transactions and service you have requested or that are reasonably anticipated, for security purposes, for legitimate internal business purposes, including maintaining business records, to comply with law, to exercise or defend legal claims, and to cooperate with law enforcement. Note also that we are not required to delete your PI that we did not collect directly from you.
Non-Discrimination and Financial Incentive Programs
We will not discriminate against you in a manner prohibited by the CCPA because you exercise your CCPA rights.
Notwithstanding anything to the contrary, we may collect, use and disclose your PI as required or permitted by applicable law and this may override your CCPA rights. In addition, we need not honor any of your requests to the extent that doing so would infringe upon our or any other person or party’s rights or conflict with applicable law.
Additional California Notices
Contact Information and Making Requests
Via email: firstname.lastname@example.org
Via phone: 1- 833-521-0026
Via U.S. Mail:
Sequoia Benefits and Insurances Services, LLC
1850 Gateway Drive
San Mateo, CA 94404
12. Retention of Your Personally Identifiable Information
The personally identifiable information that you provide will be stored and maintained by Sequoia until you instruct us otherwise, or, in Sequoia’s sole discretion, for the longer of: (a) for so long as is necessary or appropriate to carry out the purpose(s) for which such information was collected and (b) for so long as we are required to maintain such information by law or other applicable rules or regulations.
13. Children’s Privacy
Sequoia recognizes the privacy interests of children and we encourage parents and guardians to take an active role in their children’s online activities and interests. The Service is not intended for children under the age of 16. Sequoia does not target its Service to children under 16. Sequoia does not knowingly collect personally identifiable information from children under the age of 16.
14. Choice and Opt-Out Preferences
If you decline to share certain personally identifiable information with us, we may not be able to provide to you some of the features and functionalities of our Service. If, at any time, you prefer not to receive further email communications from Sequoia (except in connection with information, products or services that you specifically request), you will have the ability to unsubscribe from such communications by means of a link provided in every broadcast email that is sent to you by Sequoia. If, at any time, you prefer not to receive any other form of communication from Sequoia, you will have the ability to unsubscribe from such communications by contacting us at: email@example.com.
If you have an account with us, you consent to the electronic delivery of all documents and notices regarding your account. You also confirm that you have the ability, necessary equipment and software to access and view any documents or notices we send you. You are entitled to withdraw your consent to electronic delivery at any time by emailing us at firstname.lastname@example.org. Should you withdraw your electronic delivery consent, you are entitled to receive a paper copy of all required notices and documents. Some notices and documents which we are not required to provide you will not be sent to you should you withdraw your consent to electronic delivery.
15. Access and Accuracy
Sequoia will use commercially reasonable efforts to provide access to your personally identifiable information if you request such access in writing submitted to: email@example.com. If you believe that the personally identifiable information maintained by Sequoia about you is inaccurate or incomplete, you may notify Sequoia in writing describing in details any inaccuracies or omissions, submitted to: firstname.lastname@example.org. Following receipt of such a properly submitted written notice, Sequoia will, within 30 days, use commercially reasonable efforts to amend or correct your personally identifiable information to reflect corrected or additional information provided by you.
16. European Privacy Rights
Sequoia is committed to processing personal data of users in the EEA or the United Kingdom lawfully and to facilitating the exercise of such rights grants granted by the General Data Protection Regulation (“GDPR”). You may contact us at email@example.com to discuss your privacy concerns.
Sequoia only collects and uses personal data of EU or EEA residents when there is a fair and legal basis and/or when you have consented to our collection or use of such personal data.
If you are located in the EEA or the United Kingdom, you have the right to access the personally identifiable information we hold about you. In addition, you have the right to ask that we rectify any errors in your personally identifiable information when it is incorrect or inaccurate, and to exercise your right to erasure, portability and to restriction of processing when these rights are not incompatible with other legal obligations. For all marketing communications, you can opt-out any time and free of charge. The right to object for other processing activities will be balanced to ensure that it is not incompatible with local regulations or our legitimate interests. Any such requests will be addressed within 30 days. Please note that, prior to any response to the exercise of such rights, we may require you to verify your identity. In addition, we may have valid legal reasons to refuse your request, and will inform you if that is the case. You also have the right to lodge a complaint with the supervisory authority of your habitual residence, place of work, or place of the alleged infringement.
If you are an employee using the Sequoia Workplace available through the Service, we will inform your employer if you contact us to exercise any of the above rights, and we will assist your employer to respond to you.
18. Questions or Comments
Via email: firstname.lastname@example.org
Via U.S. Mail:
Sequoia Benefits & Insurances Services, LLC
1850 Gateway Drive
San Mateo, CA 94404