California Employee Privacy Notice at Collection

ICU Medical, Inc., 951 Calle Amanecer, San Clemente, CA 92673 ("ICU Medical California") has prepared this Employee Privacy Notice at Collection (this "Notice") to be provided to our employees who reside in California ("you"). In connection with your employment, we process your personal data (as defined below). The purpose of this Notice is to give employees who reside in California information about how ICU Medical collects, processes, stores and otherwise uses information about you.

ICU Medical (California) needs to process your personal data in order to employ you and to continue to perform crucial aspects of your employment such as paying you and providing you with benefits. There are also statutory requirements we must comply with in relation to your employment as well as business and operational needs we have to meet. If we are not able to carry out the processing activities we describe in this Notice, we may not be able to comply with our obligations under employment and other laws, and in certain very exceptional cases, may not be able to continue your employment. Of course, we hope it would never come to that, and this is simply information we are required by law to provide you as part of this Notice.

When we say, "ICU Medical California", "we" or "us" in this document, we mean your employing company. This is the entity with which you have an employment relationship. In addition, you will see several references to the "ICU Medical Group", which includes all other ICU Medical legal entities globally. (Details of these other entities can be obtained by emailing Legal@icumed.com). This Notice may be updated from time to time, for example if we implement new systems or processes that involve the use of personal data.

What categories of personal data does ICU Medical California collect about you?

"Personal data" means any information relating to you, unless the information is deidentified, aggregated, publicly available or otherwise falls within an exception under the California Consumer Privacy Act of 2018 or its regulations (the "CCPA"). ICU Medical California will collect, process and use the following categories and types of personal data about you which we describe as "Employee Data":

  • identification data, such as your name, signature, employee/Staff ID, your photo, payroll ID, business email address, business address, business landline, citizenship, passport/ID data, drivers' license information and social security number;
  • personal information, such as your date and place of birth, emergency contact details, next of kin details, gender, details of family members;
  • contact details, such as your home address, telephone number and email address;
  • information about your job, such as your position, business title, employee type, management level, time type (full or part time and percentage), working time information, work location, division, department, position level, manager (name & ID), support roles, start and end date, contract status reference, job history (including position history, title history, effective dates and past pay groups), education history and qualifications, worker history (including log-files of changes in HR databases) and reason for leaving;
  • information about your salary and benefits, such as your basic salary, bonus and commission entitlements, raise amounts and percentages, allowances, insurance benefits (including information about you and your dependents that we provide to the insurer), tax code, your bank account details and payment dates, accrued salary information, employee pay group;
  • information about your equity compensation, such as units of stock or directorships held, details of all restricted stock units or any other entitlement to shares of stock awarded, cancelled, exercised, vested, unvested or outstanding in your favour;
  • time, and systems / buildings access monitoring information, such as CCTV images, swipe card access, time recording software, internet, email and telephone usage data;
  • performance and disciplinary information, such as performance reviews, evaluations and ratings, information about disciplinary allegations (including customer complaints), the disciplinary process and any disciplinary warnings, details of grievances and any outcome;
  • absence information, such as dates of leave of absence or Personal Time Off (PTO), or confirmation of a birth of a child;
  • organizational data including IDs for IT systems, company details, cost center allocations, and organizations; and
  • criminal records data, in the event that ICU Medical California has conducted or received the results of criminal records background checks in relation to you, where relevant and appropriate to your role, only insofar as allowed for by applicable law.

The above categories of Employee Data correspond with the following categories of personal data enumerated under the CCPA definition of “personal information” and their respective letter grouping:

  • Identifiers such as a real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, social security number, driver's license number, passport number, or other similar identifiers.
  • Information that identifies or is capable of being associated with you, including signature, social security number, physical characteristics or description, address, telephone number, passport number, driver's license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, other financial information, medical information, and health insurance information.
  • Characteristics of protected classifications under California or federal law, including age, national origin, citizenship, marital status, sex (including gender, gender identity, gender expression), military or veteran status and nationality.
  • Internet or other electronic network activity information, including browsing history, search history, and information regarding your interaction with an internet website application.
  • Audio, electronic, visual, thermal, olfactory or similar information.
  • Professional or employment-related information.
  • Education information, defined as information that is not publicly available personally identifiable information as defined in the Family Educational Rights and Privacy Act (20 U.S.C. Sec. 1232g; 34 C.F.R. Part 99).
  • Inferences drawn from any of the information identified in this subdivision to create a profile about you reflecting your behavior, attitudes, abilities and aptitudes.

In addition to the collection, processing and use of the Employee Data, ICU Medical California collects, processes and uses the following special categories of personal data about you which we describe as "Sensitive Employee Data":

  • government ID numbers, including social security, driver's license, state identification card, or passport number;
  • account login credentials, including account log-in, financial account, debit card, or credit card number in combination with any required security or access code, password, or credentials allowing access to an account;
  • communications, including the contents of mail, email and text messages where we are not necessarily the intended recipient of the communication;
  • health and medical data, such as the number of sick days; information on work-related accidents; information on disability; information on leaves of absences; and
  • race or ethnicity data such as information contained in your passport or other citizenship and right to work documentation or information collected for visa and immigration purposes.

The above categories of Sensitive Employee Data correspond with the following categories of personal data enumerated under the CCPA definition of “sensitive personal information”:

  • Your social security, driver’s license, state identification card, or passport number.
  • Your account log-in, financial account, debit card, or credit card number in combination with any required security or access code, password, or credentials allowing access to an account.
  • Your racial or ethnic origin.
  • The contents of your mail, email, and text messages where we are not the intended recipient of the communication.
  • Personal information collected and analyzed concerning your health.

Why does ICU Medical California need to collect, process and use my Employee Data and Sensitive Employee Data?

We collect and use Employee Data and Sensitive Employee Data for a variety of reasons linked to your employment. To help clarify these we have set out below a list of reasons why we collect and use this data (the "Processing Purposes").

To give you the full picture, we have set out each of the reasons why we collect and use Employee Data, i.e., the Processing Purposes.

Processing Purposes

  1. administering and providing compensation
  2. administering and providing applicable benefits and other work-related allowances
  3. administering our workforce and managing the employment relationship
  4. providing IT systems and support
  5. complying with applicable laws, regulatory, and employment-related requirements
  6. monitoring and ensuring compliance with applicable policies and procedures and law 
  7. communicating with you, other ICU Medical California employees and third parties
  8. communicating with your designated contacts in the case of an emergency
  9. responding to and complying with requests and legal demands from regulators or other authorities
  10. complying with corporate financial and regulatory responsibilities

Below are the Processing Purposes for Sensitive Employee Data; we take the position that these Processing Purposes fall within the list of authorized purposes referenced at Subsection 1798.121(a) of the CCPA or are purposes not subject to the CCPA:

Processing Purpose

  1. Salary payment, workforce planning, compliance with legal obligations, insurance compensation and providing an accommodating workplace 
  2. Right to work checks or visa and immigration checks
  3. Providing IT systems and support
  4. Monitoring and ensuring compliance with applicable policies and procedures and laws

We do not use "sensitive personal information" (as this term is defined in the CCPA) about employees to infer characteristics about them. We do not "sell" or "share" (as these terms are defined in the CCPA) any of the categories of personal data that we collect about our employees residing in California.

What criteria do we consider when retaining personal data about you?

In general, we retain each of the categories of personal data and sensitive personal data described in this Notice for the longer of (i) 10 years following the end of your work with us, (ii) any duration necessary for compliance with laws, or (iii) for as long as necessary for the exercise or defense of legal rights and archiving, back-up and deletion processes. archiving, back-up and deletion processes.

Whom can I contact if I have further questions?

Please email any concerns or questions regarding this Notice to HumanResources@icumed.com

Additional Information

This notice is not intended to create any rights for anyone except us, limit our right to monitor our employees, or qualify any other notices we may have issued or consents we may have obtained regarding the processing of personal data. Please see our CCPA Privacy Policy at https://www.icumed.com/about-us/corporate-policies-disclosures/privacy-notice/ccpa.