GELBER PRIVACY NOTICE
– CALIFORNIA EMPLOYEES AND APPLICANTS

This PRIVACY NOTICE IS FOR CALIFORNIA RESIDENTS and applies to employees and job applicants of Gelber Group, LLC and Gelber Securities, LLC (collectively, “Gelber” or “we”) who reside in the State of California (“consumers” or “you”).[1] We adopt this notice to comply with the California Privacy Rights Act (“CPRA”), and other California privacy laws.  Any terms defined in the CPRA have the same meaning when used in this notice.

Information We Collect

We collect information that identifies, relates to, describes, references, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or device (“personal information”). In particular, we have collected the following categories of personal information from consumers within the last twelve (12) months:

Category Description of Information Collected Retention Period
A. Identifiers. A real name, alias, postal address, unique personal identifier, mobile or other telephone number, date of birth, email address, account name, Social Security number, bank account information, driver’s license or state identification number, passport number, or other similar contact information and identifiers. Employees: Up to 10 years after end of employment.   Applicants: Generally 2 years.
B. Protected classification characteristics under California or federal law. Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status. Employees: Up to 10 years after end of employment.   Applicants: 2 years.
C. Biometric information. Fingerprints and voice recordings. Employees: Up to 1 year after end of employment.   Applicants: N/A
D. Internet or other similar network activity. Activity on our information systems, such as internet browsing history, search history, intranet activity, email communications, social media postings, stored documents and emails, usernames and passwords. Also activity on our communications systems including phone calls, voice mails, text messages, chat logs, app use, mobile browsing and search history, mobile email communications, and other information regarding use of Gelber-issued devices. Employees: Up to 10 years.   Applicants: Up to 10 years, if applicable (e.g., emails).
E. Sensory data. Audio on recorded telephone lines and information collected from cameras and similar devices (such as security video tapes). Employees: Generally 30 days or less.   Applicants: Generally 30 days or less, if applicable (e.g., security video tapes).  
F. Professional or employment-related information. Data submitted with employment applications including salary history, employment history, employment recommendations, etc.; background check and any criminal history; work authorization; fitness for duty data and reports; performance and disciplinary records; salary and bonus data; benefit plan enrollment, participation, and claims information; leave of absence information including religious and family obligations, physical and mental health data concerning employees and their family members. Employees: Up to 10 years after end of employment.   Applicants: Generally 2 years.
G. Non-public education information Education history Employees: 10 years after end of employment.   Applicants: Generally 2 years.

As a general matter, personal information under the CPRA does not include:

  • Publicly available information from government records.
  • De-identified or aggregated consumer information.
  • Information excluded from the CPRA’s scope, such as:
    • health or medical information covered by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the California Confidentiality of Medical Information Act (CMIA); and
    • personal information covered by certain sector-specific privacy laws, including the Fair Credit Reporting Act (FCRA), the Gramm-Leach-Bliley Act (GLBA) or California Financial Information Privacy Act (FIPA), and the Driver’s Privacy Protection Act of 1994.

We obtain the categories of personal information listed above from the following categories of sources:

  • Directly from our employees and applicants or their agents (e.g., from documents that our employees and applicants provide to us).
  • Indirectly from our employees and applicants or their agents (e.g., through information we collect from our employees and applicants in the course of working with them).
  • From certain third-parties that provide employment-related services to us, such as companies that perform authorized background checks on applicants.

Use of Personal Information

We may use or disclose the personal information we collect for one or more of the following business purposes:

  • Collect and process employment applications, including confirming eligibility for employment, background and related checks, checks regarding fitness for duty, onboarding, and related recruiting efforts.
  • Process payroll and employee benefit plan and program design and administration including enrollment and claims handling, and leave-of-absence administration.
  • Maintain personnel records and comply with record retention requirements.
  • Communicate with employees, applicants, employees’ emergency contacts and plan beneficiaries.
  • Comply with state and federal labor, employment, tax, benefits, workers compensation, disability, equal employment opportunity, workplace safety, and related laws, guidance, or recommendations.
  • Prevent unauthorized access to, use, or disclosure/removal of our property, including our information systems, electronic devices, network and data.
  • Ensure and enhance employee productivity and adherence to our policies.
  • Investigate complaints, grievances, and suspected violations of our policies.
  • Design, implement, and promote our diversity and inclusion programs
  • Facilitate the efficient and secure use of our information systems.
  • Improve safety of employees and applicants with regard to use of our property and equipment.
  • Evaluate an individual’s appropriateness for a particular position at Gelber or promotion to a new position.
  • Employee engagement and other legitimate business purposes.
  • Carry out our obligations and enforce our rights arising from contracts we have entered into.
  • As necessary or appropriate to protect the rights, property or safety of us, our employees or others.
  • Respond to law enforcement and/or regulatory requests and as required by applicable law, court order, or regulations.
  • As described to you when collecting your personal information or as otherwise set forth in the CPRA.

We will not collect additional categories of personal information or use the personal information we collect for materially different, unrelated, or incompatible purposes without providing you notice.

Sale or Sharing of Personal Information

We do not engage in the “sale” or “sharing” of personal information as those terms are defined in the CPRA. We have not engaged in the sale or sharing of personal information in the past twelve months.

Your Rights and Choices

The CPRA provides consumers with specific rights regarding their personal information. This section describes your CPRA rights and explains how to exercise those rights.

Access to Specific Information and Data Portability Rights

You have the right to request that we disclose certain information to you about our collection and use of your personal information over the past 12 months. Once we receive and confirm your verifiable consumer request, we will disclose to you:

  • The categories of personal information we collected about you.
  • The categories of sources for the personal information we collected about you.
  • Our business or commercial purpose for collecting that personal information.
  • The specific pieces of personal information we collected about you (also called a data portability request).
  • The categories of third parties to whom personal information was disclosed.

Deletion Request Rights

You have the right to request that we delete any of your personal information that we collected from you and retained, subject to certain exceptions. Once we receive and confirm your verifiable “consumer” request, we will delete (and direct our service providers to delete) your personal information from our records, unless an exception applies.

We may deny your deletion request if retaining the information is necessary for us (or one or more of our service providers) to:

  1. Comply with a legal obligation, including but not limited to record keeping requirements.
  2. Complete the transaction for which we collected the personal information, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform our contract with you.
  3. Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.
  4. Debug products to identify and repair errors that impair existing intended functionality.
  5. Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law.
  6. Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us.
  7. Make other internal and lawful uses of the information that are compatible with the context in which you provided it.

Exercising Access, Data Portability, and Deletion Rights

To exercise the access, portability, or deletion rights described above, please submit a verifiable consumer request to us by either:

Only you, or a person registered with the California Secretary of State that you authorize to act on your behalf, may make a verifiable consumer request related to your personal information.

You may only make a verifiable consumer request for access or data portability twice within a 12-month period. The verifiable consumer request must:

  • Provide sufficient information that allows us to reasonably verify you are the person or an authorized representative of the person whose personal information we collected.
  • Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.

We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you.  Making a verifiable consumer request does not require you to create an account with us.  We will only use personal information provided in a verifiable consumer request to verify the requestor’s identity or authority to make the request.

Response Timing and Format

We endeavor to respond to a verifiable consumer request within 45 days of its receipt.  If we require more time (up to 90 days), we will inform you of the reason and extension period in writing.  If you have an account with us, we will deliver our written response to that account.  If you do not have an account with us, we will deliver our written response by mail or electronically, at your option.  Any disclosures we provide will only cover the 12-month period preceding the verifiable consumer request’s receipt.  The response we provide will also explain the reasons we cannot comply with a request, if applicable.  For data portability requests, we will select a format to provide your personal information that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance.

We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded.  If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.

Non-Discrimination

We will not discriminate against you for exercising any of your CPRA rights.

Changes to Our Privacy Notice

We reserve the right to amend this privacy notice at our discretion and at any time. When we make changes to this privacy notice, we will notify you through a notice on our website homepage.

Contact Information

If you have any questions or comments about this notice, the ways in which we collect and use your personal information, your choices and rights regarding such use, or if you wish to exercise your CPRA rights, please contact us at:

Website: https://www.gelbergroup.com/contact/
Email:  Legal@gelbergroup.com

Phone:  1-833-413-2924 (toll free)
Mailing Address:  Gelber Group LLC, 350 N. Orleans St., 7N, Chicago, IL 60611, Attention: General Counsel


[1] We do not have any independent contractors who reside in California.