Privacy Notice for California Employees
Effective Date: December 16, 2022
This notice (“Notice”) describes the categories of personal information that Doximity, Inc. (“Company”, “we”, “us” and “our”) collects about our employees who are California residents, and the purposes for which we use that information.
For purposes of this Notice, “personal information” has the meaning given in the California Consumer Privacy Act of 2018 (the “CCPA”) and the California Privacy Rights Act of 2023 (“CPRA”) but excludes information exempted from the CCPA or CPRA’s scope.
This Notice does not create or form part of any employment contract.
If you have questions about this Notice, please contact our HR team at firstname.lastname@example.org
1. Information we collect about employees
1.1. Categories of personal information
The categories of personal information we may collect and process before, during and after your employment include:
- Contact information, such as your name, work and home address, telephone number, and email address;
- Identification information, such as your social security number, government-issued identification information (e.g., driver’s license, passport), photographs, or other similar identifiers;
- Immigration status and other information that would allow us to verify your employment eligibility;
- Biographical information, such as name, gender, date of birth, professional history, references, language proficiencies, professional qualifications, references, education details, information in your company biography, and your photo;
- General employment information, such as department, work location, job title, dates of employment, work status (e.g., full-time/part-time), any terms or conditions of employment, work history (current, past, or prospective), timekeeping information, personnel and disciplinary records, training and learning program participation, information necessary to complete background checks, and other screens permitted by law, and other information reasonably necessary to administer the employment relationship with you;
- Compensation, benefits and payroll information, such as salary and bonus details, benefits information (including information regarding health insurance, retirement savings), equity award information, bank account information and working time records (e.g., vacation and absence records, sick leave, leave status, and hours worked);
- Performance information, such as management metrics, performance evaluations and feedback, and promotion history;
- Information about related persons, such as your spouse, domestic/civil partner, dependents, beneficiaries and emergency contacts;
- Credentials, access and system information, such as your Company email address, usernames, passwords, and keycard number; information about your use of, as well as content and communications you send and receive through, devices, Company communications, IT systems and applications (e.g., time of use, files accessed, search history, web pages viewed, IP address, device ID, device location); and information about your access to offices and facilities (e.g., keycard scans and security camera footage);
- Expenses and travel information, such as information about your business travel and other business expenses;
- Health care and medical information, such as information related to employee participation in wellness programs and health insurance programs;
- Information needed to evaluate accommodation requests regarding potential disabilities or other health conditions; and
- Other information you provide to us, such as your feedback and survey responses where you choose to identify yourself.
In certain cases we may ask you for additional information for purposes of monitoring equal opportunity and/or complying with applicable laws. We may also inquire about criminal records. We will do so only where permitted by applicable law.
1.2. Sources of personal information
We collect personal information from you during your candidacy for a job, and during and after your employment.
We may also collect your personal information from various other sources and combine it with the personal information you provide to us. For example, we may collect your personal information from:
- job board websites you may use to apply for a job with us;
- providers of services that we make available to our employees as part of our benefits program;
- prior employers, when they provide us with employment references;
- professional references that you authorize us to contact;
- providers of background check, credit check, or other screening services (where permitted by law);
- your public social media profiles or other publicly-available sources;
- employment agencies or recruiters;
- your related persons who chose to communicate with us directly;
- Company communications and IT systems/applications that automatically collect information about, and transmitted by, users; and
- other Company personnel.
2. How we use personal information of employees
2.1. Purposes for which we use personal information
We may use the categories of personal information above for the following purposes:
- Workforce management. Managing work activities and personnel generally, such as:
- recruiting, interviewing and evaluating job candidates and employees;
- administration of payroll, wages and other compensation;
- granting and administering equity awards, bonuses, commissions and other incentive awards;
- administering and evaluating employee benefits, including healthcare, pensions, retirement and savings plans and loans;
- maintaining contact details of your designated dependents and beneficiaries and communicating with them as necessary in the administration of your employee benefits and awards;
- maintaining contact details of your designated emergency contacts and communicating with them as necessary in emergencies;
- administering and evaluating vacation, paid time off, sick leave, and other leaves of absence;
- performance and compensation evaluation and promotions;
- providing training and career development opportunities;
- administering employee transfers, reassignments and secondments;
- conducting employee surveys and soliciting employee feedback;
- performing background, reference, or credit checks;
- managing disciplinary matters, grievances and terminations;
- administering business expense tracking, reimbursements and travel;
- assisting with obtaining an immigration visa or work permit;
- improving our application and/or recruitment process, including improving diversity;
- accommodating disabilities or health conditions;
- providing information technology resources and support;
- maintaining internal employee directories;
- communicating with you;
- otherwise administering our employment relationship with you; and
- analyzing our workforce and information relating to any of the activities above.
- Business operations. Operating and managing our business, including managing communications and IT systems; research, development and operation of our products and/or services; managing and allocating Company assets and personnel; strategic planning and project management; business continuity; maintenance of business and audit records; budgeting, financial management and reporting; internal communications; promoting our business; physical and information security; and evaluating and undergoing mergers, acquisitions, sales, re-organizations or disposals and integration with purchasers.
- Compliance, safety and fraud prevention. Complying with legal and other requirements, such as tax, audit, recordkeeping, reporting, verifying identity and eligibility to work, and equal opportunities monitoring requirements; complying with lawful requests and legal process, such as to respond to subpoenas or requests from government authorities; protecting our, your or others’ rights, safety and property; investigating and deterring against fraudulent, harmful, unauthorized, unethical or illegal activity, or conduct in violation of our policies or procedures; pursuing legal rights and remedies, including investigating, making and defending complaints or legal claims; administering and enforcing internal policies and procedures; and sharing information with government authorities, law enforcement, courts or private parties for the foregoing purposes.
- Monitoring. Monitoring offices and facilities, IT and communications systems, devices, equipment and applications through manual review and automated tools such as security software, website and spam filtering, and monitoring our physical premises (e.g., by using security cameras and keycard scans) to protect our, your or others’ rights, safety and property; operate, maintain and protect the security of our network systems and devices; protect our proprietary and confidential information and intellectual property; for recordkeeping and archiving; for personnel training and/or performance management; for the compliance, safety and fraud prevention purposes described above; to investigate and respond to security and other incidents; and for business continuity (such as monitoring business-related emails following an employee's departure).
- Analytics. Creating anonymous, aggregated or de-identified data that we use and share to analyze our workforce and business and for other lawful business purposes.
2.2. Sharing personal information
We may share your personal information with other parties as necessary for the purposes described above. By way of example and not limitation, we may share your personal information with:
- Affiliates. Our corporate parent, subsidiaries, and other affiliates under the control of our corporate parent, for purposes consistent with this Notice or to operate shared infrastructure, systems and technology.
- Company service providers. Providers of services to the Company, such as payroll administration, benefits and wellness, human resources, occupational health, performance management, training, expense management, travel agencies, transportation and lodging, IT systems and support, information and physical security, background checks and other screenings, equity award administration, corporate banking and credit cards, health care, trade associations, insurance brokers, claims handlers and loss adjusters, and any necessary third party administrators, nominees, registrars or trustees appointed in connection with benefits plans or programs.
- Employee service providers. Providers of services to eligible employees as part of our employee benefits program (e.g., financial advisors, securities brokers, financial institutions and providers of health, fitness, wellness, childcare and concierge services) who need your information to verify your eligibility and provide you with services.
- Our marketing audience. Current and prospective customers and other business contacts with whom we share your Company bio, which may be shared on our website or in other publicly available marketing materials and communications as part of our marketing activities.
- Government authorities, law enforcement and others. Government authorities, law enforcement, courts, and others as described in the compliance, safety and fraud prevention section above.
- Business transfer participants. Parties to transactions and potential transactions whereby we sell, transfer or otherwise share some or all of our business or assets, including your personal information, such as a corporate divestiture, merger, consolidation, acquisition, reorganization or sale of assets, or in the event of bankruptcy or dissolution.
- Professional advisors. Accountants, auditors, lawyers, insurers, bankers, and other outside professional advisors who require your information in the course of providing their services.
- Customers and business partners. Customers, other companies and individuals with whom the Company does business or is exploring a business relationship.
3. Our data retention policies
We will store your Personal Information for at least the period reasonably necessary to fulfill the purposes outlined in Section 2.1 (Purposes for which we use personal information), unless a longer retention period is required or permitted by law.
If you ask us to delete specific personal information, (see ‘Your California privacy rights’ below), we will honor this request unless deleting that information prevents us from carrying out necessary business functions, including but not limited to managing your work and personnel activities generally, compliance with the law, and other business operations. When you are no longer employed by us, we will store your Personal Information for up to 6 years.
4. Your California privacy rights
California residents have the rights listed below. However, these rights are not absolute and exceptions apply, so in certain cases we may decline your request as permitted by law.
- Information. You can request the following information about how we have collected and used your Personal Information during the past 12 months:
- The categories of Personal Information that we have collected
- The categories of sources from which we collected Personal Information
- The business or commercial purpose for collecting and/or selling Personal Information
- The categories of third parties with whom we share Personal Information.
- Whether we have disclosed your Personal Information for a business purpose, and if so, the categories of Personal Information received by each category of third party recipient
- Whether we’ve sold your Personal Information, and if so, the categories of Personal Information received by each category of third party recipient
- Access. You can request a copy of the Personal Information that we have collected about you since January 1, 2022.
- Deletion. You can ask us to delete the Personal Information that we have collected from you.
- Opt-out of sales or sharing. We do not sell (as defined in the CPRA) your Personal Information. If we share your Personal Information relating to Section 2.2 above, you may opt-out. Please note that we only collect and use your Personal Information for the legitimate business purposes outlined in Section 2.1.
- Nondiscrimination. You are entitled to exercise the rights described above free from discrimination. This means that we will not penalize you for exercising your rights by taking actions such as taking any retaliatory action.
- Correction. You can correct your own Personal Information displayed on your employee profile in Workday. You can also ask us to correct Personal Information that we have collected from you by providing us with clear evidence of the necessary correction (such as, changing the spelling of your name if you provide us with a government-issued form of identification showing the corrected spelling).
- How to exercise your rights If you are a California resident, you may exercise your California privacy rights described above, subject to certain exceptions, by contacting our HR team at email@example.com.
4. Other information about this Notice
4.1. Third parties
This Notice does not address, and we are not responsible for, the practices of any third parties, which have their own rules for how they collect and use your personal information. Our links to third party websites or services are not endorsements.
4.2. Changes to this Notice
We reserve the right to change this Notice at any time. The “Effective Date” heading at the top of this Notice indicates when it was last revised. Any changes will become effective when we post the revised notice on our DoxWiki site.
5. Your obligations
It is your responsibility to ensure that information you submit does not violate any third party’s rights. You should keep your personal information on file with the Company up to date and inform us of any significant changes to it.