Hims & Hers Health, Inc.
CA Employment Candidate Privacy Policy
Last updated: December 5, 2023
This Hims & Hers Health, Inc. California Employment Candidate Privacy Policy (“Policy”) explains our collection, use, and disclosure of Personal Information (defined below) relating to applicants and prospective California employees and workers (“Candidate(s)” or “you”).
This Policy applies to Hims & Hers Health, Inc. (together with its subsidiaries, “HHH,” “we,” “our,” or “us”). If a Candidate is hired for employment in other locations, a separate privacy Policy may cover how we use Personal Information.
We designed this Policy to comply with the California Consumer Privacy Act of 2018, Civil Code section 1798.100 et seq. as amended (“CCPA”). We do not intend for this Policy to create any rights beyond CCPA. You can find specific disclosures regarding how we collect, use, retain, disclose and sell or share personal information by selecting the provided links.
Personal Information We Collect
Personal Information is information that identifies, relates to, describes, is reasonably capable of being associated with, or could be reasonably linked, directly or indirectly, with a particular Candidate or Candidate’s household. Personal Information does not include publicly available, aggregated, or de-identified information.
The categories of Personal Information we have collected within the last 12 months includes the following:
| Personal Information
Category
|
Examples |
| Identifiers |
Contact information and identifiers, such as first and last name, unique online identifiers, account and usernames, aliases, IP address, email address, home or postal address, telephone numbers, signatures, and other identifiers described in the sensitive information category below |
| Categories of Information described in subdivision (e) of Section 1798.80 of the California Civil Code |
We may collect the following information that identifies, relates to, describes, or is capable of being associated with you, including:
• name, signature,
• address, telephone number,
• education, employment, employment history,
• medical information
|
| Characteristics of protected classifications under California or federal law |
Protected classification information such as:
• Race or ethnicity
• Color
• Religion (includes religious dress and grooming practices)
• Sex/gender
• Sex life (includes pregnancy, childbirth, breastfeeding and/ or related medical conditions)
• Gender identity, gender expression
• Medical condition, including disability status
• Military or veteran status
• National origin (includes use and possession of a driver’s license issued to persons unable to provide their presence in the United State is authorized under federal law)
|
| Internet or other electronic network activity |
Analytics or monitoring data, including as related to Candidate communications and use of our devices, systems, wi-fi, internet service, internal and external websites, equipment, applications, databases, network resources, and infrastructure (“Systems”); and personal devices used to connect to our Systems; including system log data such as IP address, browser type, and language, device information, access times, and referring website addresses; information collected through web beacons, like cookie IDs;; usage data, such as time spent on our Systems, features used, and actions taken in our Systems, including page views, links clicked, and documents downloaded; contents, header, metadata, delivery and access information for voice calls, voicemail, emails, chats, messaging, documents, and other communications, data, and files stored or transmitted through our systems. You can review how our websites store and retrieve personal information using cookies and similar technologies in the “Cookies, Mobile IDs, and Similar Technologies” section below. |
| Geolocation Data |
Approximate location data such as based on your IP address |
| Audio, electronic, visual, thermal, olfactory, or similar information |
Facial images and voice information, such as photos, videos, and voice recordings |
| Professional or Employment-related information |
Demographic data, some of which may be protected classifications under California or federal law, such as, gender, marital status, and certain sensitive personal information categories, described below
Content of Communications, such as communications with our recruiting and IT support teams (for example, we record calls and store the contents of your communications with us via our website, app, chat features, and other channels).
Work permit status, such as immigration, residency, and related information
Professional and background information, such as resumes/CVs, references, recommendations, academic and education background and qualifications, work skills and experience, professional certifications and registrations, language capabilities, training courses attended, work and salary history, results of credit history and criminal background checks, results of drug and alcohol testing, health screenings or certifications, and driving and vehicle licensing and history
Benefits information, such as information for determining benefits and cost estimation, (which may require information about gender, age, birthdate, marital status, and personal information of spouse and dependents)
Travel information, such as loyalty programs numbers; dates and length of travel; hotel names and locations; and travel routes and departures, stops, and destination points
Personal vehicle information, such as license plate number, color, year, make, and model
Social media data, such as public profiles on social media, posts, likes, and replies
Inferences from other data we collect for purposes other than creating a profile, (“inferences”). For example, we infer your general geographic location (such as city, state, and country) based on your IP address
Other information necessary for a legitimate human resources, business, security, or safety-related purpose |
|
Sensitive Personal Information
We collect certain Personal Information considered “sensitive” personal information (“Sensitive Personal Information”) in connection with our recruitment and hiring process (as permitted by law) to support our legal and business activities.
Examples of Sensitive Personal Information that you may provide, or we may collect include:
- Sensitive demographic information such as racial or ethnic origin, religious or philosophical beliefs,
- Health information or information relating to sex life such as related to an accommodation request
Sources of Personal Information
We collect Personal Information from a variety of sources, which may include one or more of the following:
- Directly or automatically collected from you
- Inferences we may derive from information we have collected
- References provided by you, including former and current employer
- Service providers (e.g., expense reimbursement services, recruiters)
- Insurance and benefits providers
- Travel providers (e.g., travel agents and portals, car service, and ride share companies)
- Background check services
- Online sources including social networks and recruiting sites (e.g., LinkedIn)
- Open government databases and other public sources
We also collect Personal Information through our use of cookies, web beacons, mobile analytics, and similar technologies to operate our websites including those sites and services where you submit an application, and online services accessible to you in the context of our recruiting and hiring relationship. We use these technologies to help us collect the data necessary to operate and manage our business. This includes analyzing and measuring device, application, and system usage, detecting, and preventing illegal, fraudulent, or unauthorized activity, enforcing our policies, and protecting our devices, systems information, and infrastructure. The information we collect using these technologies includes Personal Information, such as the pages you visit, the links you click on, usage and crash information, identifiers, and device information, as described above in our Collection notice as Internet and Other Electronic Network Activity.
What are cookies and similar technologies? Cookies are small text files placed by a website and stored by your browser on your device. A cookie can later be read when your browser connects to a web server in the same domain that placed the cookie. The text in a cookie contains a string of numbers and letters that may uniquely identify your device and can contain other information as well. This allows the web server to recognize your browser overtime each time it connects to that web server.
Web beacons are electronic images (also called single-pixel or clear GIFs) that are contained within a website or email. When your browser opens a webpage or email that contains a web beacon, it automatically connects to the web server that hosts the image (typically operated by a third party). This allows that web server to log information about your device and set and read its cookies. In the same way, third-party content on our websites (such as embedded videos, plug-ins, or ads) results in your browser connecting to the third-party web server that hosts that content. We also include web beacons in our email messages or newsletters to tell us if you open and act on them.
Mobile analytics are generated by operating systems for mobile devices (iOS and Android). They can be accessed and used by apps in much the same way that websites access and use cookies. Our apps contain software that enables us and our analytics providers to access these mobile IDs.]
Retention of Personal Information
We retain Personal Information in accordance with our obligations under applicable law, (including labor and employment laws) and as necessary to administer and carry out our recruitment, application, and hiring practices.
Use of Personal Information
We use Personal Information to administer and carry out the recruitment and hiring process, including for out human resources and operational, business, safety, and security purposes including as described in this Policy and below.
Human Resources Uses
- Recruitment and hiring decisions;
- Interview travel and expense reimbursement processing;
- Benefits eligibility determination;
- Equal employment opportunity, diversity, inclusion and accessibility programs;
- Legal and policy compliance administration and enforcement, including for the purpose of anti-discrimination laws and government reporting obligations.
Operational, Business, Safety, and Security Purposes
- Managing, monitoring, measuring, analyzing. protecting, and improving, our Systems, assets, and resources, including managing and protecting unauthorized access and use of company, personal, and customer data, devices, systems, and infrastructure; and protecting our Systems from intrusions;
- Managing, monitoring, measuring, analyzing, protecting, and improving campus, parking, buildings, office space, conference rooms, facilities, catering and café services, including monitoring and administering building occupancy and campus parking and transportation; operating and monitoring physical security systems, such as CCTV, key card entry systems, and guest logs; registering personal vehicles and logging exit and entry times; and emergency notification services;
- Managing and improving workplace, recruiting, and hiring efficiency and effectiveness;
- Communications and collaboration (which may include our recording or storing telephone, video, email, or online chat communications);
- Personalization to understand your preferences to enhance your recruitment and hiring experience;
- Using automated decision-making systems to help us identify potential candidates for a role, analyze application information to assess your suitability for a role against the role requirements or description, and to improve our recruitment processes and experiences;
- Delivery of information, goods, and services related to your application and recruitment;
- Research and improvement of our Systems, processes, products, services, and technology (which may include recording and analyze your interaction with our websites to help us improve our recruiting and hiring experience);
- Legal and policy compliance administration and enforcement, including monitoring access and use of our Systems
How do we and our providers use cookies and similar technologies? We, and our analytics providers, use these technologies in our websites, apps, and online services to collect Personal Information when you access and use our services, including Personal Information about your online activities over time and across different websites or online services. This data is used to store your preferences and settings, enable you to sign in, analyze how our websites, apps, and services perform, track your interaction with the site or app, develop inferences, combat fraud, and fulfill other legitimate purposes. We and/or our providers share the data we collect or infer with other providers for these purposes, as described in the “Disclosures of Personal Information” section below.
Finally, we may use aggregated and de-identified information in accordance with applicable law.
If you become an HHH employee or contractor, Personal Information we collected as part of the application and hiring process will become part of your personnel record and will be used and disclosed in accordance with our California Worker Privacy Policy.
Disclosure of Personal Information
We disclose Personal Information, including Sensitive Personal Information, to the following categories of recipients, for the business purposes described in this Policy and below.
| Category of Recipient |
Categories of Personal Information |
| Our Subsidiaries and Affiliates. For example, our entities access and use shared business processes and common data systems. |
Identifiers
Categories of Information described in subdivision (e) of Section 1798.80 of the California Civil Code
Characteristics of protected classifications under California or federal law
Internet or other electronic network activity
Geolocation data
Audio, electronic, visual, thermal, olfactory, or similar information
Profession or employment related information
Sensitive Personal Information
|
| Vendors or Agents Working on our Behalf. For example, companies we’ve hired to provide recruiting, administrative, and communications services (including those that record or store communications), providers of technologies that analyze your interaction with our websites to help us improve our recruiting and hiring experience; and protect and secure our systems and service. |
Identifiers
Categories of Information described in subdivision (e) of Section 1798.80 of the California Civil Code
Characteristics of protected classifications under California or federal law
Internet or other electronic network activity
Geolocation data
Audio, electronic, visual, thermal, olfactory, or similar information
Profession or employment related information
Sensitive Personal Information
|
| Independent Providers. For example, with travel providers and ride share services. To the extent that we provide Personal Information to such providers, that Personal Information is governed by their privacy statements. |
Identifiers
Categories of Information described in subdivision (e) of Section 1798.80 of the California Civil Code
Characteristics of protected classifications under California or federal law
Internet or other electronic network activity
Geolocation data
Audio, electronic, visual, thermal, olfactory, or similar information
Profession or employment related information
Sensitive Personal Information |
| Parties to a Corporate Transaction or Proceeding. For example, a merger, financing, acquisition, bankruptcy, dissolution, or a transfer, divestiture, or sale of all or a portion of our business or assets. |
Identifiers
Categories of Information described in subdivision (e) of Section 1798.80 of the California Civil Code
Characteristics of protected classifications under California or federal law
Internet or other electronic network activity
Geolocation data
Audio, electronic, visual, thermal, olfactory, or similar information
Profession or employment related information
Sensitive Personal Information
|
Law Enforcement and Those with Legal Necessity. We will access, transfer, disclose, and preserve Personal Information to:
• comply with applicable law or respond to valid legal process, including from law enforcement or other government agencies;
• operate and maintain the security of HHH Systems, including to prevent or stop an attack on our computer systems or networks;
• protect the rights or property or ourselves or others, including enforcing our agreements, terms, and policies; or
• act in urgent circumstances such as protecting the health or personal safety of a candidate, employee, worker, agent, customer, user of HHH services, or member of the public.
|
Identifiers
Categories of Information described in subdivision (e) of Section 1798.80 of the California Civil Code
Characteristics of protected classifications under California or federal law
Internet or other electronic network activity
Geolocation data
Audio, electronic, visual, thermal, olfactory, or similar information
Profession or employment related information
Sensitive Personal Information
|
Please note that our website and certain applications and services that we make available to you during the hiring and recruiting process may include integrations, references, or links to services provided by providers whose privacy practices differ from ours. If you provide Personal Information via these integrations, references, or links, or allow us to disclose Personal Information to them, that information is governed by their privacy statements.
Finally, we may share aggregated or de-identified information in accordance with applicable law.
Choice and Control of Personal Information
We provide a variety of ways for you to control the Personal Information we hold about you, including choices about how we use that data. In some jurisdictions, these controls and choices may be enforceable as rights under applicable law.
Communications preferences. You can choose whether to receive optional communications from us by email, SMS, postal mail, and telephone related to new jobs or roles that become available. If you receive these optional email or SMS messages from us and would like to stop, you can do so by following the directions in that message or by contacting us as described in the “Contact Us” section below. If you receive a call from us related to new jobs or roles that become available, and no longer wish to receive such calls, you can ask to opt-out from these calls. These choices do not apply to certain informational communications, including communications about an existing application with us.
Browser or platform controls.
- Cookie controls. Most web browsers are set to accept cookies by default. If you prefer, you can go to your browser settings to learn how to delete or reject cookies. If you choose to delete or reject cookies, this could affect certain features or services of our website. If you choose to delete cookies, settings and preferences controlled by those cookies may be deleted and need to be recreated.
- Do Not Track. Some browsers include a "Do Not Track" (DNT) setting that can send a signal to the websites you visit, indicating you do not wish to be tracked. There is no common understanding of how to interpret the DNT signal; therefore, our websites do not respond to browser DNT signals. Instead, you can use the range of other tools to control data collection and use, including the cookie controls described above.
Email web beacons. Most email clients have settings that allow you to prevent the automatic downloading of images, including web beacons, which avoid the automatic connection to the web servers that host those images.
Your Privacy Rights
We provide Candidates with a notice about the Personal Information we collect, how it will be used, and with whom we disclose Personal Information, such as through this Policy.
We will get consent from Candidates for the collection and use of Personal Information where such consent is required by applicable law. Failure to provide necessary Personal Information may disqualify you from employment or restrict participation in certain plans or programs.
Right to Know. You have a right to request that we disclose the Personal Information we have collected about you. You also have a right to request additional information about our collection, use, disclosure, sale, or sharing of Personal Information. Note that we have provided much of this information in this Policy.
Right to Request Correction. You have the right to request the correction of inaccurate Personal Information.
Right to Request Deletion. You also have a right to request that we delete Personal Information under certain circumstances, subject to lawful exceptions.
Please submit requests for requests to know, correct, or delete Personal Information as described in the Contact Information section below.
Right to Opt-Out. You have a right to opt-out from the “sale” or “sharing” of Personal Information, each of which is defined under CCPA. Note that we do not “sell” or “share” Personal Information as defined by the CCPA and have not done so in the past 12 months. We do not knowingly sell or share the Personal Information of minors under 16 years of age.
Right to Limit Use and Disclosure of Sensitive Personal Information.
Where we use or disclose Sensitive Personal Information to infer individual characteristics or for purposes other than those permitted by CCPA, you have a right to request that we limit our use and disclosure of such Sensitive Personal Information. We do not use or disclose Sensitive Personal Information to infer individual characteristics or for additional purposes.
Right to Notice. You have a right to receive notice of our Personal Information collection, use, retention, and disclosure practices at or before the collection of Personal Information.
Right to Non-Discrimination. You have a right not to be discriminated against for exercising these rights set out in the CCPA.
Exercising Your Rights:
You may designate, in writing or through a power of attorney, an authorized agent to make requests on their behalf to exercise their rights under the CCPA. Before accepting such a request from an agent, we will require the agent to provide proof that you have authorized it to act on your behalf. We may need you to verify your identity directly with us.
Further, to provide, correct, or delete specific pieces of Personal Information, we will need to verify your identity to the degree of certainty required by law. We will verify requests by asking you to send the request from the email address associated with your application or by requiring you to provide additional information reasonably necessary to verify your identity.
Changes to This Policy
We may occasionally update this Policy to reflect changes required by law or our practices or procedures. If we make material changes to this Policy, or in how we use Personal Information, we will provide notice (or obtain consent) regarding such modifications as may be required by law.
Contact Information
To submit a right to know, correction, deletion, or other privacy request, inquiry, or complaint, you may contact us via one of the following methods:
- privacy@forhims.com
- Postal Mail at:
Hims & Hers Health, Inc.
2269 Chestnut Street, #523
San Francisco, CA 94123
Attn: Privacy Officer