Schedule a Demo

Notice to Applicants / Employees

NetSPI, LLC

This notice, intended for California-resident employees and candidates (job applicants), describes the information that NetSPI, LLC (“Company”) collects about you, and what it does with such information. For more information on the Company’s related policies, please refer to the Company’s employee handbook, and refer to the Company’s privacy policy online concerning use of Company’s websites.

Where We Get Your Information From. The Company collects information about you from the following sources: 1) you; 2) prior employers, references, recruiters, job-related social media platforms; 3) third-party sources of demographic information; 4) third-party companies, such as background check companies, drug testing facilities; and 5) claim administrators and investigators. Depending on the Company’s interactions with you, we may or may not collect all of the information identified about you.

The Personal and Sensitive Personal Information That We Are Collecting. We are collecting the following information: 

  • Identifiers, such as name, government-issued identifier (e.g., Social Security number (“SSN”)), and unique identifiers (e.g., employee ID);
  • Personal information, such as full name, signature, SSN, physical characteristics or description, address, telephone number, passport number, driver’s license or state identification card number, passport number, federal identification authorizing work in the United States, access and/or passcodes, insurance policy number, education, employment, employment history, bank account number, other financial information, medical information, or health insurance information;
  • Characteristics of protected classifications under California or federal law, such as age, marital status, gender, sex, race, color, disability, citizenship, primary language, immigration status, military/veteran status, disability, request for leave, and medical conditions;
  • Commercial information, such as transaction information and purchase history (e.g., in connection with travel or other reimbursements from Company);
  • Internet or network activity information on the Company’s information systems using Company devices, such as browsing history and interactions with our online systems and websites, search history, intranet activity, email communications, social media postings, stored documents and emails, usernames and passwords and any personal information that you provide while accessing the Company’s information systems;
  • all activity on Company communications systems using Company-issued devices including phone calls, call logs, voice mails, text messages, chat logs, app use, mobile browsing and search history, mobile email communications, and other information regarding your use of Company-issued devices
  • for employee personally-owned devices (such as mobile phones or pads) that may be used to read company e-mail, company slack messages, or similar activities information may be collected using Microsoft’s Intune to manage the connection of your personal device to Company systems (see the following link regarding what can and cannot be collected through Intune. https://learn.microsoft.com/en-us/mem/intune/user-help/what-info-can-your-company-see-when-you-enroll-your-device-in-intune);
  • Professional or employment-related information, such as work history and prior employer; and
  • Inferences drawn from any of the Personal and Sensitive Personal Information listed above to create a profile or summary about, for example, an individual’s preferences and characteristics.

How Your Personal and Sensitive Personal Information is Used. We may use Personal and Sensitive Personal Information:

  • To operate, manage, and maintain our business;
  • For hiring, retention, and employment purposes;
  • To otherwise accomplish our business purposes and objectives, including, for example:
  • Emergency services;
  • Conducting research, analytics, and data analysis;
  • Maintaining our facilities and infrastructure;
  • Quality and safety assurance measures;
  • Conducting risk and security controls and monitoring;
  • Protecting confidential and trade secret information;
  • Detecting and preventing fraud;
  • Performing identity verification;
  • Performing accounting, audit, and other internal functions, such as internal investigations;
  • Complying with the law, legal process, and internal policies;
  • Maintaining records;
  • Claims processing;
  • Responding to legal requests for information and subpoenas; and
  • Exercising and defending legal claims.
  • Any other purposes authorized by the California Privacy Protection Agency, California or Federal law, or other applicable federal state or local laws.

Sharing of Personal Information. We only share your information with the following third-party entities: 

  • Customers of Company (if you may be part of the Company team that performs services for such customers), and subcontractors of Company who will work with you in performing services for Company customers;
  • Insurers, insurance agents or consultants, payroll, background check companies, drug test companies, third-party human resources and information technology vendors, outside legal counsel, state or federal governmental agencies, and Company’s landlord, in each case to the extent necessary as part of your work for Company or to enable you to receive compensation and benefits from Company.

Selling of Personal Information. The Company does not sell your Personal Information. 

Data Retention. The Company retains the information it receives about you for the time period permitted by applicable state or Federal law and the Company’s data retention policy. 

Updates or Changes. This notice will be reviewed at least every 12 months and updated as needed. The Company may add to the categories of Personal Information it collects and the purposes for which it uses Personal Information. If that occurs, the Company will inform you by updating this notice. 

Inquiries and/or to Submit Requests regarding your Personal Information

The California Consumer Privacy Act (“CCPA”) and California Privacy Rights Act (“CPRA”) provide California-resident applicants and employees with certain rights, such as: 

  • Notice of information collected;
  • Correction or deletion of information collected;
  • Opt-out of the sale of your personal information;
  • Limitations on use of sensitive information collected;
  • Right not to be discriminated against for exercising rights under the law.

Please note that the Company is not required by law to grant all requests in their entirety, as (for example) the Company may have legal obligations to retain certain information. 

Please contact Heather Crosley, VP, People Operations (heather.crosley@netspi.com) for inquiries about the Company’s policies, this notice, or to submit your requests for information, deletion or correction. The Company will address your request within 45 days.