Equity Residential California Human Resources Privacy Notice (“Notice”)
Effective Date: January 1, 2023
This Notice describes how Equity Residential and its affiliates (“Company,” “we,” “us,” or “our”) processes personal information (“PI”) of Personnel (defined below) in various human resources (“HR”) contexts. This Notice is designed to meet obligations under the California Consumer Privacy Act, as amended by the California Privacy Rights Act (together, the “CCPA”). In the event of a conflict between any other Company policy, statement, or notice and this Notice, this Notice will prevail as to California Personnel, unless stated otherwise. Capitalized terms used but not defined in this Notice shall have the meanings given to them under the CCPA.
Applicability: This Notice applies to the following California residents who provided us with PI in HR contexts:
- Job applicants who have applied for a position with Company.
- Current/former employees of Company.
- Independent contractors of Company.
This Notice also applies to California residents whose family member or friend has provided PI about you to Company in an HR context, such as if:
- You are listed as an emergency contact for a Company employee or former employee.
- You are a beneficiary or dependent of a Company employee or former employee.
- A Company employee or former employee has provided information about you in connection with Company wellness programs.
The individuals referred to in the foregoing bullet points are collectively referred to as “Personnel” throughout this Notice. Section 1 of this Notice provides notice of our data practices, including our collection, use, retention, and disclosure of Personnel PI. Sections 2-5 of this Notice provide information regarding California Personnel rights under the CCPA and how you may exercise them.
Non-Applicability: This Notice does not apply to our consumer facing website(s) including, without limitation, our careers webpages, or our other data practices outside of the human resources context, which are addressed in our general privacy policy available here.
TABLE OF CONTENTS
- Notice of Data Practices (a) PI Sources and Use
- Your Rights and How to Exercise Them
- Non-Discrimination / No Retaliation
- Notice of Financial Incentive Programs
- Our Rights and the Rights of Others
- Contact Us
(b) PI Collection, Disclosure, and Retention - By Category of PI
1. Notice of Data Practices
The description of our data practices in this Notice covers the twelve (12) months prior to the Effective Date and will be updated at least annually. Our data practices may differ between updates, however, if materially different from this Notice, we will provide supplemental pre-collection notice of the current practices, which may include references to other privacy policies, notices, or statements. Otherwise, this Notice serves as our notice at collection.
(a) PI Sources and Use
We may collect your PI directly from you, such as when you apply for a position or become employed or engaged by us (e.g., identification/identity data, contact details, educational and employment data), over the phone or through paper documents such as applications for employment and consents to perform employment screening, in our notes or records we create about you, from our websites with which you interact, from others through interactions in the course of employment or engagement, from third parties (e.g., references), or from public sources of data such as government databases.
Generally we use Personnel PI for HR Business Purposes and as otherwise related to the operation of our business, including for: Performing Services; Managing Interactions and Transactions; Security; Debugging; Advertising & Marketing; Quality Assurance; Processing Interactions and Transactions; and Research and Development. For example, we use Personnel PI for the following purposes:
- Recruitment
- Employee screening
- Employee intake/ onboarding/ off-boarding
- Assess evidence of levels of education achieved, licensing, or other required certifications
- Maintain personnel records
- Payroll, reimbursements, and timekeeping
- Process direct deposit instructions
- Process leaves of absence
- Process workers’ compensation claims
- Book employee travel
- Benefits administration and maintenance
- Employee activation initiatives and communications
- Facilitate diversity and inclusion programs
- Administer training and education programs
- HR IT systems and security
- Employee and performance management
- Process employee evaluations
- Health & safety/occupational health
- Process accommodations related to a disability
- Security (including electronic and of premises), such as monitor our website for malicious or criminal activity
- Debug or troubleshoot errors that may occur on our websites or mobile apps
- Improve our employment processes and analyze the competitiveness of our compensation and benefits
- Manage our Total Wellbeing programs
We may also use PI for “Additional Business Purposes” in a context that is not a Sale or Share under the CCPA, such as:
- Disclosing it to our Service Providers, Contractors, or Processors that perform services for us (“Vendors”);
- Disclosing it to you or to other parties at your direction or through your action (e.g., payroll processors, benefits providers, and some software platform operators, etc.);
- For the additional purposes explained at the time of collection (such as in the applicable privacy policy or notice);
- As required or permitted by applicable law;
- To the government or private parties to comply with law or legal process or protect or enforce legal rights or obligations or prevent harm;
- Where we believe we need to in order to investigate, prevent or take action if we think someone might be using information for illegal activities, fraud, or in ways that may threaten someone’s safety or violate our policies or legal obligations; and
- To assignees as part of an acquisition, merger, asset sale, or other transaction where another party assumes control over all or part of our business (“Corporate Transaction”).
Subject to restrictions and obligations under the CCPA, our Vendors may also use your PI for Business Purposes and Additional Business Purposes, and may engage their own vendors to enable them to perform services for us.
(b) PI Collection, Disclosure, and Retention - By Category of PI
We collect, disclose, and retain PI as follows:
Category of PI | Examples of PI Collected and Retained | Categories of Recipients | Retention |
---|---|---|---|
1. Identifiers | Real name, alias, postal address, unique personal identifiers, online identifier, device ID, Internet Protocol address, e-mail address, and account name. | Disclosures for Business Purposes:
Sale/Share: None | Generally between 5 and 7 years, or as otherwise stated below. |
2. Personal Records | Name, signature, physical characteristics or description, address, telephone number, education, employment, employment history, insurance policy number, and financial information (e.g., bank account number, credit card number, debit card number, or other financial information). Some PI included in this category may overlap with other categories. | Disclosures for Business Purposes:
Sale/Share: None | Generally between 5 and 7 years, or as otherwise stated below. |
3. Personal Characteristics or Traits | In some circumstances, we may collect PI that is considered protected under U.S. law, such as age, gender, gender identity, marital status, veteran status, familial status, nationality, religion, creed, race, disability, and information related to medical conditions, but only when that information is relevant for our Business Purposes. We abide by the legal requirements imposed under applicable law in regards to such information. | Disclosures for Business Purposes:
Sale/Share: None | Generally up to 5 years or as otherwise stated below. |
4. Commercial Information | Records of products or services purchased or obtained in the HR context, such as benefits you have signed up for. | Disclosures for Business Purposes:
Sale/Share: None | Generally up to 6 years, or as otherwise stated below. |
5. Internet Usage Information | When you use our online systems or otherwise interact with us online, we may collect browsing history, search history, and other information regarding your interaction with our systems or other sites, applications, or content. | Disclosures for Business Purposes:
Sale/Share: None | This data is not retained beyond its immediate use. |
6. Geolocation Data | If you use our systems or interact with us online we may gain access to the approximate and sometimes precise location of the device or equipment you are using, or the location from which you are accessing our systems or facilities using Company-issued access devices. We may also track the location of Company-owned equipment. | Disclosures for Business Purposes:
Sale/Share: None | Last known location of a company-owned device is kept until a new last known location is detected – no history is retained. Facility entry system data is generally retained between 60 days and 1 year, depending on the particular system. |
7. Sensory Data | We may collect audio recordings of calls, electronic, visual, or similar information such as when you contact us through our HR help line. We may also collect video security recordings through video technologies for site security and guest check-in and identification. | Disclosures for Business Purposes:
Sale/Share: None | Generally up to 1 year, or as otherwise stated below. |
8. Professional or Employment Information | Professional, educational, or employment-related information. | Disclosures for Business Purposes:
Sale/Share: None | Generally, 5 years after termination or separation of employment, or as otherwise stated below. |
9. Non-public Education Records | Education records directly maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, schedules, identification codes, financial information, or disciplinary records. Disclosures for Business Purposes: | General IT, software, and other business vendors
Sale/Share: None | Generally, 5 years after termination or separation of employment, or as otherwise stated below. |
10. Inferences from PI Collected | We may draw inferences from other information we collect about you to create a profile reflecting your preferences, characteristics, abilities, or aptitudes. For example, based on your performance or other information we may recommend skills training that may benefit you. | Disclosures for Business Purposes:
Sale/Share: None | Generally, 5 years after termination or separation of employment, or as otherwise stated below. |
11. Sensitive PI | Government Issued ID Numbers (social security, driver’s license, state ID card, or passport number) | Disclosures for Business Purposes:
Sale/Share: None | Generally, 5 years after termination or separation of employment, or as otherwise stated below. |
Financial Data (e.g., a credit card number in combination with any required security code) | Disclosures for Business Purposes:
Sale/Share: None | Not retained beyond processing an immediate payment transaction. | |
Precise Geolocation (any data that is derived from a device and that is used or intended to be used to locate an individual w/in a geographic area that is equal to or less than the area of a circle with a radius of 1,850 feet), such s when you use a Company-issued access device to access our facilities. | Disclosures for Business Purposes:
Sale/Share: None | Last known location of a company-owned device is kept until a new last known location is detected – no history is retained. | |
Personal Characteristics (racial or ethnic origin or religious beliefs) | Disclosures for Business Purposes:
Sale/Share: None | Generally, 5 years after termination or separation of employment, or as otherwise stated below. | |
Communication Content (e.g., contents of email on Company systems) | Disclosures for Business Purposes:
Sale/Share: None | Generally up to 60 days post-termination of employment, or such longer period as required by legal requirements. | |
Health Information (PI collected and analyzed concerning an individual’s health) | Disclosures for Business Purposes:
Sale/Share: None | Generally, 5 years after termination or separation of employment, or as otherwise stated below. |
There may be additional information we collect that meets the definition of PI under the CCPA but is not reflected by a category above, in which case we will treat it as PI as required, but will not include it when we describe our practices by PI category.
As permitted by applicable law, we do not treat deidentified data or aggregate consumer information as PI and we reserve the right to convert, or permit others to convert, your PI into deidentified data or aggregate consumer information, and may elect not to treat publicly available information as PI. We will not attempt to reidentify data that we maintain as deidentified.
As required by the CCPA, we note our general PI retention rules by category of PI above. However, because there are numerous types of PI in each category, and various uses for each PI type, actual retention periods vary. We retain specific PI pieces based on how long we have a legitimate purpose for the retention.
2. Your Rights and How to Exercise Them
California Personnel have the same rights to know/access, delete, correct, limit, and opt-out as traditional Consumers and may learn more about these rights and how to exercise them in Section 2 of our State Privacy Notice.
Right to Limit Use and Disclosure of Sensitive PIWith regard to PI that qualifies as Sensitive PI under U.S. Privacy Laws, as of January 1, 2023, if you elect to provide us with that Sensitive PI, you can limit certain types of Sensitive PI Processing by following the instructions in Section 2 of our State Privacy Notice. You can also manage information that you have voluntarily supplied about yourself in the Hub. Simply edit your “Personal Details” and/or “Document Records” to remove Sensitive PI such as ethnic background, racial identification, or health information such as disabilities you have provided us information about. Once deleted in the Hub, the information is no longer available to us except to the extent required for legal compliance purposes, such as reports required by the U.S. Department of Labor.
3. Non-Discrimination / No Retaliation
We will not discriminate or retaliate against you in a manner prohibited by the CCPA for your exercise of your privacy rights. Return to navigation
4. Notice of Financial Incentive Programs
We may offer discounts or other rewards (“Incentives”) from time-to-time to Personnel that provide us with PI, such as name, phone number, e-mail address, IP address, or location. You may opt-in to Incentives or other loyalty and rewards programs we may offer from time-to-time (“Program(s)”). Each Program may have additional terms, available on the Program page or at Program sign-up. The Incentives will be described in the Program page, or at Program sign-up. We generally measure the value of your PI collected in Programs by the cost of operating the applicable Program (excluding Incentive costs) and/or the cost of providing the Incentive. However, for some Programs, such as our Total Wellbeing Program, the PI is valued as the value of the credits earned, which will vary based on Program participation. For our Employee Apartment Discount Program, the PI is valued as the discount you receive on rent. The discount percentage varies, may be changed from time to time, and will be disclosed in the program terms. We deem the value of the PI to be reasonably related to the value of the Incentive, and by subscribing to these Programs you indicate you agree. If you do not, do not subscribe to the Programs. If you subsequently wish to withdraw from the Programs, the method for doing so will be explained in the Program terms. We do not limit Program participation to consumers that do not exercise their CCPA rights. However, a deletion request will not delete Program PI because it’s necessary to maintain your participation in the Program. If you desire to delete Program PI, terminate your participation in the Program before making a CCPA deletion request. To learn more about the Incentives we offer, contact Human Resources.
5. Our Rights and the Rights of Others
Notwithstanding anything to the contrary, we may collect, use and disclose your PI as required or permitted by applicable law and this may override your rights under the CCPA. In addition, we are not required to honor your requests to the extent that doing so would infringe upon our or another person’s or party’s rights or conflict with applicable law.
6. Contact Us
If you have any questions, comments, or concerns about our HR privacy practices, please contact us by e-mail at [email protected] or call us at (866) 869-5413. Please note that e-mail communications will not necessarily be secure; accordingly, you should not include sensitive information in your e-mail correspondence with us.