Last Updated: June 26, 2026
1. Scope and Purpose
This Employee, Applicant, and Contractor Privacy Notice (“Notice”) describes how R.F. MacDonald Co. (the “Company,” “we,” “us,” or “our”) collects, uses, discloses, retains, and otherwise processes personal information relating to:
· Job applicants and candidates
· Current and former employees
· Independent contractors and consultants
· Temporary workers and interns
· Directors and officers
(collectively, “Personnel”).
This Notice applies solely to personal information collected and processed in the context of recruitment, hiring, onboarding, workforce administration, performance management, and related business operations. It does not apply to consumer-facing or B2B activities, which are governed by a separate General Privacy Policy.
Nothing in this Notice creates a contract of employment, alters at-will employment status where applicable, or limits the Company’s rights under applicable law.
2. Data Controller and Corporate Structure
The Company is the primary data controller for personal information processed in connection with recruiting, hiring, onboarding, workforce administration, employment, contractor engagement, and related business operations. Certain workforce administration functions (including payroll, benefits, IT systems, compliance, and legal support) may be performed by service providers or affiliate entities, where applicable.
Where permitted by law, personal information may be disclosed with affiliated entities, if any, for legitimate business, administrative, and compliance purposes.
Where applicable law requires identification of a responsible privacy contact or data protection representative, inquiries may be directed to privacy@RFMacDonald.com.
3. Categories of Personal Information Collected
In connection with recruiting, hiring, onboarding, employment, contractor engagement, workforce administration, and related business operations, and during the preceding twelve (12) months, the Company has collected and processed the following categories of personal information, as applicable to your relationship with us:
· Identifiers and Government Data. We collect identifiers such as real name, alias, signature, home and mailing address, telephone numbers, email addresses, date of birth, employee identification numbers, Social Security numbers, driver’s license numbers, passport numbers, tax identification numbers, and other government-issued identifiers required for employment eligibility, payroll, tax reporting, security, or compliance purposes.
· California Customer Records and Employment Records Information. We collect information described in California Civil Code Section 1798.80(e), such as name, signature, Social Security number, address, telephone number, passport number, driver’s license or state identification card number, insurance policy number, education, employment, employment history, bank account number, and other similar records maintained in the employment or applicant context.
· Professional and Employment-Related Information. We collect and maintain employment and professional information, including resumes and curriculum vitae; employment history; educational background; professional licenses and certifications; references; background check results, where permitted by law; work authorization documentation; immigration status information where legally required; job application materials; interview notes; offer letters; performance evaluations; disciplinary records; training records; promotion history; and compensation information.
· Compensation, Payroll, and Financial Information. We collect payroll-related information, including bank account numbers, tax withholding forms, direct deposit information, benefit elections, bonus eligibility, incentive compensation data, garnishment information, and other compensation-related records.
· Benefits, Health, and Leave Information. We collect information necessary to administer benefit programs, workers’ compensation, workplace safety programs, disability accommodation requests, and leaves of absence. This may include health-related information, leave documentation, family and medical leave information, occupational health and safety records, and insurance-related information.
· Protected Classification Information. Where required for equal employment opportunity compliance or voluntarily provided, we may collect information relating to protected classifications under applicable law, such as race, ethnicity, gender, veteran status, disability status, citizenship or immigration status, sexual orientation, or similar characteristics.
· IT, Communications, Network, and Monitoring Information. We collect information relating to use of Company systems and assets, including system login credentials, account access credentials, access logs, email metadata, communications records, device identifiers, network activity, application usage, security logs, call monitoring information, and other records generated through Company-issued devices, systems, applications, and networks. This includes monitoring of Company-issued devices, networks, and communications systems in accordance with applicable law and Company policies. Personnel should not expect privacy when using Company systems except where required by law.
· Geolocation, Audio/Visual, and Security Information. We collect GPS or precise geolocation data from Company-issued devices or vehicles, and audio, electronic, visual, or similar information, including video surveillance footage, call recordings, facility access records, and other security-related information used for workplace safety, asset protection, fleet management, and operational purposes.
· Biometric Information. For timekeeping, authentication, facility access, or security, we collect biometric identifiers, such as fingerprint scans or similar biometric data. Biometric information is used solely for legitimate employment-related purposes and retained only as permitted by applicable law. The Company maintains policies governing the collection, use, retention, and destruction of such data in accordance with applicable biometric privacy laws. The Company does not sell, lease, trade, or otherwise profit from biometric identifiers. Where required by applicable biometric privacy laws, the Company obtains written consent prior to collecting biometric identifiers and maintains a biometric data retention and destruction schedule.
· Education Information. We may collect education-related information provided by applicants, employees, contractors, references, educational institutions, licensing bodies, or background screening providers, such as degrees, certifications, transcripts, coursework, licenses, or training records, where relevant to recruiting, hiring, employment, or compliance. The Company does not seek to collect non-public education records protected by the Family Educational Rights and Privacy Act (FERPA) except where such information is voluntarily provided or specifically required for a lawful employment-related purpose.
· Inferences and Workforce Analytics. We may generate internal analytics and inferences based on the information described above for workforce planning, operational management, compliance, risk assessment, and business decision-making. The Company does not use Personnel personal information for profiling in furtherance of decisions that produce legal or similarly significant effects unless expressly disclosed and permitted by law.
· Other Personal Information. The Company may collect other personal information that Personnel voluntarily provide or that is reasonably necessary for recruiting, hiring, onboarding, workforce administration, compliance, safety, security, or related business operations.
For purposes of applicable privacy laws, including the California Consumer Privacy Act as amended by the California Privacy Rights Act (“CCPA/CPRA”) and similar state privacy laws, the categories of personal information described in this Section reflect information the Company has collected in the preceding twelve (12) months.
For purposes of this Notice, references to “disclosure” or “disclosed for a business purpose” include disclosures to service providers, contractors, vendors, professional advisors, affiliates, and other recipients that support employment, recruiting, payroll, benefits, workforce administration, legal compliance, security, and related business operations. The Company does not “sell” personal information and does not “share” personal information for cross-context behavioral advertising, as those terms are defined under the CCPA/CPRA.
4. Sources of Personal Information
The Company collects personal information from a variety of sources depending on the nature of the individual’s relationship with the Company. These sources may include:
· Directly from Personnel. Information provided during the recruiting, application, onboarding, employment, or contractor engagement process, including information submitted through job applications, resumes, benefit enrollment forms, internal systems, and other employment-related communications.
· Recruiting and Background Screening Providers. Information obtained from recruiting platforms, staffing agencies, background screening providers, and reference checks, where permitted by law.
· Service Providers and Vendors. Information received from payroll providers, benefits administrators, IT service providers, training providers, and other vendors that support workforce administration.
· Government Agencies and Public Sources. Information obtained from government agencies, regulatory authorities, licensing bodies, or publicly available sources where relevant to employment eligibility, compliance obligations, or professional credentials.
· Company Systems and Devices. Information generated through the use of Company-issued devices, systems, applications, and networks.
5. Sensitive Personal Information
Certain information processed by the Company may qualify as sensitive personal information under applicable law. This may include, as applicable:
· Government-issued identifiers, including Social Security numbers, driver’s license numbers, state identification card numbers, passport numbers, and similar identifiers
· Financial account information, including bank account numbers used for payroll or reimbursement purposes
· Complete account access credentials, including usernames, account numbers, or similar credentials combined with passwords, access codes, or security codes for Company systems or accounts
· Precise geolocation information from Company-issued devices or vehicles
· Racial or ethnic origin, gender, veteran status, disability status, or similar protected classification information, where legally required or voluntarily provided
· Citizenship or immigration status and work authorization information
· Union membership information, where applicable to employment administration, collective bargaining, payroll deductions, benefits, or legal compliance
· Contents of mail, email, or text messages not directed to the Company, to the extent such content is captured or reviewed through Company systems, devices, networks, or lawful workplace investigations
· Biometric identifiers used for timekeeping, authentication, facility access, or security
· Health information, including information relating to benefits, leave administration, workers’ compensation, disability accommodation, workplace safety, and occupational health
· Information concerning sex life or sexual orientation, where voluntarily provided or reasonably necessary for benefits administration, equal employment opportunity compliance, leave administration, or other lawful employment-related purposes
The Company does not collect or use sensitive personal information to infer characteristics about Personnel. The Company does not collect religious or philosophical beliefs, genetic data, neural data, or non-public education information as defined by the Family Educational Rights and Privacy Act, except to the extent Personnel voluntarily provide such information or the Company specifically identifies a lawful employment-related need for collection.
Sensitive personal information is processed only as reasonably necessary to:
· Comply with legal and regulatory obligations
· Administer payroll and benefits
· Verify identity and employment eligibility
· Maintain workplace safety and security
· Prevent fraud, misconduct, and unauthorized access
· Administer leave, accommodation, workers’ compensation, and occupational safety programs
· Fulfill other legitimate employment-related purposes
Where required by applicable law, the Company limits its use and disclosure of sensitive personal information to purposes permitted by law, including employment administration, compliance with legal obligations, workplace safety, security, and fraud prevention. The Company will also provide appropriate notice and obtain consent where legally required prior to collecting or processing sensitive personal information.
6. Purposes of Processing
The Company processes personal information for legitimate business and legal purposes, including:
· Recruiting, evaluating, and hiring applicants
· Verifying identity and work authorization
· Administering payroll, compensation, and benefits
· Managing performance, promotions, and workforce planning
· Complying with labor, employment, tax, safety, immigration, and regulatory obligations
· Protecting Company property, systems, and information
· Preventing fraud, misconduct, and security incidents
· Conducting internal audits and investigations
· Defending legal claims and enforcing Company policies
· Supporting mergers, acquisitions, or corporate restructuring
The Company does not sell personal information and does not process Personnel personal information for targeted advertising, consumer marketing, or cross-context behavioral advertising. The Company collects and processes personal information only to the extent reasonably necessary and proportionate to achieve the purposes described in this Notice.
Where required by applicable law, the Company processes personal information on one or more of the following legal bases:
· Performance of an employment or contractor relationship
· Compliance with legal obligations
· Legitimate business interests that are not overridden by applicable privacy rights
· Consent where consent is required by law
7. Disclosure and Transfer
The Company may disclose personal information for legitimate business purposes to:
· Payroll, timekeeping, and benefits administrators
· HR, recruiting, applicant tracking, and information systems providers
· Background check, credential verification, and reference check vendors
· IT, cybersecurity, communications, data hosting, and software service providers
· Security, facility access, fleet, vehicle, and workplace monitoring service providers
· Training providers and professional development vendors
· Legal, tax, accounting, benefits, compliance, and other professional advisors
· Auditors, insurers, claims administrators, and risk management providers
· Government agencies, courts, regulators, law enforcement, or other third parties where required or permitted by law
· Affiliated corporate entities for legitimate business, administrative, and compliance purposes, if applicable
Service providers and vendors receiving personal information are contractually required to process such information solely for authorized purposes and to implement appropriate safeguards.
Personal information may also be transferred as part of a corporate transaction such as a merger, acquisition, divestiture, restructuring, financing, or sale of assets, including during the course of due diligence associated with such transactions.
In the preceding twelve (12) months, the Company has disclosed the categories of personal information identified in Section 3 to the categories of recipients identified in this Section for business purposes. The Company does not sell Personnel personal information and does not disclose Personnel personal information for cross-context behavioral advertising as those terms are defined under applicable privacy laws.
8. International Processing and Transfers
RFM is based in the United States, and Personnel personal information generally is collected and maintained by RFM in the United States. However, Personnel personal information may be stored, accessed, transferred, or otherwise processed in the United States and in other jurisdictions by RFM’s service providers, vendors, contractors, benefits providers, payroll providers, retirement plan administrators, insurers, IT providers, and other authorized recipients that support RFM’s workforce administration, benefits, payroll, compliance, security, and related business operations.
Where Personnel personal information is transferred across national borders, RFM will implement safeguards required by applicable law. These safeguards may include contractual protections, vendor data-security obligations, internal policies, and other legally recognized mechanisms designed to protect personal information.
If applicable law, including the GDPR, UK GDPR, or other data protection laws with cross-border transfer requirements, applies to a transfer of Personnel personal information, RFM will rely on an appropriate transfer mechanism where required, which may include an adequacy decision or regulation, standard contractual clauses, the UK International Data Transfer Agreement or UK Addendum, another legally recognized transfer mechanism, or an applicable derogation permitted by law. Personnel may request additional information regarding applicable transfer mechanisms by contacting RFM at privacy@RFMacDonald.com.
9. Data Retention
Personal information is retained for as long as reasonably necessary to:
· Administer the employment, applicant, or contractor relationship
· Comply with applicable legal and regulatory obligations, including employment, payroll, tax, benefits, safety, immigration, and personnel record retention requirements
· Meet recordkeeping, audit, accounting, and reporting requirements
· Resolve disputes, conduct investigations, defend legal claims, and enforce agreements or Company policies
· Protect Company systems, facilities, property, personnel, and legal rights
The Company determines retention periods based on the nature of the information, legal requirements, operational needs, and applicable statutes of limitation. Where feasible, personal information will be securely deleted, anonymized, or aggregated when it is no longer required for these purposes.
The Company retains each category of personal information for no longer than reasonably necessary to fulfill the purposes described in this Notice, unless a longer retention period is required or permitted by law. Retention periods may vary depending on legal obligations, employment record requirements, litigation holds, and operational needs.
10. Privacy Rights
Subject to applicable law and employment-related limitations, Personnel may have rights regarding their personal information. These rights may vary depending on the individual’s state or country of residence, the nature of the individual’s relationship with the Company, and the type of personal information involved.
For California residents, rights under the CCPA/CPRA may include:
· The right to know/access the categories and specific pieces of personal information the Company has collected about them, the categories of sources from which the personal information was collected, the purposes for collecting, using, retaining, or disclosing the personal information, and the categories of third parties to whom the Company discloses personal information;
· The right to request deletion of personal information, subject to legal exceptions;
· The right to request correction of inaccurate personal information;
· The right to opt out of the sale of personal information or the sharing of personal information for cross-context behavioral advertising;
· The right to limit the use and disclosure of sensitive personal information where the Company uses or discloses sensitive personal information for purposes other than those permitted by applicable law; and
· The right not to be discriminated or retaliated against for exercising privacy rights.
For Personnel located in other jurisdictions, applicable privacy laws may provide additional or different rights, including the right to confirm whether the Company processes personal information relating to them, the right to access or obtain a copy of such information, the right to obtain certain information in portable form, the right to appeal a denial of a privacy request, and the right to opt out of targeted advertising, the sale of personal information, or certain profiling or automated decision-making activities that produce legal or similarly significant effects, where such rights apply.
The Company does not sell Personnel personal information and does not share Personnel personal information for cross-context behavioral advertising. The Company also does not process Personnel personal information for targeted advertising. Where required by applicable law, Personnel may have the right to opt out of certain automated decision-making or profiling activities that produce legal or similarly significant effects.
Requests may be submitted to: privacy@RFMacDonald.com.
Where required by applicable law, the Company will respond to verified privacy requests within the time period prescribed by law.
11. Submitting Privacy Requests and Appeals
Personnel who wish to exercise applicable privacy rights may submit a request by contacting the Company by email at privacy@RFMacDonald.com.
Where permitted by law, authorized agents may submit privacy rights requests on behalf of an individual. The Company may require the authorized agent to provide written authorization from the individual and may require verification of both the individual’s identity and the agent’s authority.
Requests should describe the nature of the request and include sufficient information for the Company to verify the identity of the requestor and locate the relevant records. The Company may request additional information where necessary to verify identity or clarify the request.
The Company will respond to verified requests within the time period required by applicable law. In certain circumstances, the Company may decline to take action on a request where permitted by law, including where the information is required to comply with legal obligations, maintain employment records, or protect the rights and interests of the Company or others.
Where applicable law provides a right to appeal a decision regarding a privacy request, the requestor may submit an appeal by contacting privacy@RFMacDonald.com within forty-five (45) days of receiving the Company’s response. Appeals will be reviewed by personnel not directly involved in the original decision. The Company will respond to appeals within the time period required by applicable law.
To protect personal information, the Company may verify the identity of individuals submitting privacy requests by matching identifying information provided in the request with information maintained by the Company or through other reasonable verification methods permitted by applicable law.
12. Complaints
Individuals who believe their privacy rights have been violated may contact the Company using the contact information provided above. Where applicable law provides the right to lodge a complaint with a regulatory authority, individuals may also contact the appropriate data protection authority in their jurisdiction.
13. Security
The Company maintains reasonable administrative, technical, and physical safeguards designed to protect personal information against unauthorized access, disclosure, alteration, and destruction. No security system is completely infallible, and the Company cannot guarantee absolute security.
In the event of a data security incident involving personal information, the Company will provide notice in accordance with applicable data breach notification laws.
14. Changes to This Notice
The Company may update this Notice from time to time to reflect operational or legal changes. Updated versions will be provided as required by law.
15. Contact Us
R.F. MacDonald Co.
Attn: Bryan Walker
25920 Eden Landing Road
Hayward, CA 94545
Email: privacy@RFMacDonald.com
Phone: 1-800-922-3032.