VESTED HR SOLUTIONS, LLC PRIVACY POLICY 

Last Updated: February 28, 2024 

What information does this Privacy Policy cover? 

This Privacy Policy is maintained by Vested HR Solutions, LLC and its subsidiaries and affiliates (collectively, “we”, “us” “our,” “Vested”) to provide transparency around the information we collect from you when you access our website, our applications, our cloud-based HR technology and human capital management solutions and mobile applications, or use the Services. The term “Services” refers to the suite of services we provide through our website, cloud-based solutions, on-line software products, and other applications. We also gather information from you in our day to day business, including the transmittal of client communications. We collect different types of information depending on how you interact with us. This policy describes the types of information we collect from you and our practices for collecting, processing, and maintaining such data. 

References to “Personal Information” means information that, alone or in combination with other information in our possession, could be used to personally identify you. 

What types of Personal Information do we collect and process about you? 

For public areas of our website, we generally collect and process only Personal Information you voluntarily provide to us. We do not require you to give us Personal Information to access certain public areas of our website. For some secure areas of our website, however, we require you to provide Personal Information, including your login credentials. If you choose not to provide us with the Personal Information that we legitimately require, we may be unable to provide you with the information or services you have requested. 

Public areas of our website ask for Personal Information from you (including visitors to our website, job applicants, and independent contractors) when you engage in the following activities: 

  • Register for an account with us
  • Sign up for newsletters
  • Apply for a job, including submitting a resume
  • Submit comments, reviews, or other user-generated content
  • Register for a Vested-sponsored event

This Personal Information may include: 

  • Name
  • Postal or billing address
  • E-mail address
  • Telephone or mobile number
  • Job History
  • Payment card information
  • Location via IP address
  • Device being used (for our mobile site)
  • Previous login history with Vested
  • Activity while on the website

What Information Is Collected in Connection with our Services? 

“Services” refers to the suite of services we provide through our Site, cloud-based services, on-line software products, and other applications. We collect nonpublic personal data from Vested Clients and Vested Client’s employees (referred to herein as Worksite Employees) to provide our Services to our Clients and to fulfill any legal and regulatory requirements related to our Services. 

The categories of Personal Information that we may request that Clients or the Worksite Employees provide includes the following: 

  • Contact information, to include name, address, email and phone numbers
  • Employer information, including financial and bank account information, to provide the Services
  • Worksite Employee information, including social security number, gender, marital status, driver’s license and passport information, citizenship, insurance information, dependent information, date of birth, address, financial information, bank account information, geolocation data, and IP address, to provide the Services.
  • Medical and Health Information.
  • Pre-Hire Information, including information gathered as part of the background screening process and reference checks, pre-hire drug test results, and information recorded in job interview notes or evaluation records.
  • Professional Related Information, including information contained in tax forms/1099 forms, licensing and certification records.
  • Account information, including username and password for Vested accounts and systems and any required security or access code.
  • Mobile Device Data, including information collected when you navigate, access or use our websites via mobile device.
  • Credit, debit, or cash/payment card information if used, such as for billing.
  • Credit or debit history regarding Client creditworthiness or credit history, with proper disclosures.
  • Employment history if necessary for Services we provide.

How We Collect Information 

To access public features of our website, Personal Information may not be required. However, to access or use features or Services at the website, you may be required to provide Personal Information. With respect to Client Worksite Employees, your Personal Information is submitted and or transmitted to us when you or a Client utilize the Services or when you establish an account or an account is established for you by a Client. 

We may also obtain information in other ways through technology. Some of this information may be linked to you personally. We process this information to help our website and applications function correctly and better understand the needs of our Clients. These methods may include: 

  • Cookies (or browser cookies). A cookie is a small file placed on the hard drive of your computer. You may refuse to accept browser cookies by activating the appropriate setting on your browser. However, if you select this setting, you may be unable to access certain parts of our Site. Unless you have adjusted your browser setting so that it will refuse cookies, our system will issue cookies when you direct your browser to our Site.
  • Web Beacons. Pages of the Website and our e-mails may contain small electronic files known as web beacons (also referred to as clear gifs, pixel tags, and single-pixel gifs) that permit us, for example, to count users who have visited those pages or opened an email and for other related Website statistics (for example, recording the popularity of certain Website content and verifying system and server integrity).
  • Device Information. Depending on the permissions you have granted and other factors, we may receive information about your location and your mobile device when you download or use apps created by our Sites, including a unique identifier for your device. Examples of the device information we collect include:
  • Attributes such as the operating system, hardware version, device settings, battery and signal strength, and device identifiers.
  • Certain device locations, including specific geographic locations, such as through GPS, Bluetooth, or Wi-Fi signals are gathered if you enabled the functionality within the Vested product configuration.
  • Connection information such as the name of your mobile operator or ISP, browser type, language and time zone, mobile phone number and IP address.

Most mobile devices allow you to turn off location services, and we encourage you to contact your device 

manufacturer for detailed instructions on how to do that. 

Use of metadata and other advertising activities online 

We advertise in a number of ways, including online through managed social media presences, and on other unaffiliated sites and mobile applications. To understand how our advertising campaigns are performing, we may collect certain information via our Sites through our advertising service providers. We, or our vendors, use several common online tracking tools to collect this information, such as browser cookies, web beacons and other, similar technologies. The information we collect includes IP addresses, the number of page visits, pages viewed via our Sites, search engine referrals, browsing activities over time and across other websites following your visit to one of our Sites or applications, and responses to advertisements and promotions on the websites and applications where we advertise. 

We also use certain information to: 

  • Identify new visitors to our Sites;
  • Recognize returning visitors;
  • Advertise on other websites and mobile applications not affiliated with us;
  • Analyze the effectiveness of our advertisements;
  • Better understand our audience, customers, or other Site visitors; and
  • Determine whether you might be interested in new products or services.

Controlling Our Tracking Tools 

Your browser may give you the ability to control cookies. How you do so, however, depends on your browser and the type of cookie. Certain browsers can be set to reject all browser cookies. If you configure your computer to block all cookies, you may disrupt certain web page features and limit the functionality we can provide when you visit or use our Sites. If you block or delete cookies, not all of the tracking that we have described in this policy will stop. If you continue without changing your settings, we will assume that you are happy to receive all cookies on this Site. You can change your cookie settings at any time. Some browsers have a “Do Not Track” feature that lets you tell websites that you do not want to have your online activities tracked. These browser features are still not uniform, so we are not currently set up to respond to those signals. 

How do we use and share your Personal Information? 

  • We use information that we collect about you for the following purposes:

To develop and provide you with the Services, including to: (i) operate the website and software applications, manage accounts and provide the Services; (ii) determine your eligibility for our Services and our partners’ programs; (iii) improve, personalize, and enable your use of the website, applications, and Services; (iv) develop new products and features. 

  • To protect Vested, our users, and the public, and comply with applicable law, regulation, or legal process, including to: (i) validate user information for fraud and risk detection purposes; (ii) resolve disputes and protect the rights of users and third parties; (iii) respond to claims and legal process (such as subpoenas and court orders); (iv) monitor and enforce compliance with the applicable Vested terms of service; prevent or stop any activity that may be illegal, unethical, or legally actionable.
  • To operate our business, including to: (i) process payment transactions; (ii) manage and enforce contracts with you or with third parties; (iii) manage our corporate governance, compliance and auditing practices; (iv) recruit new hires, if you submit an application for employment with Vested generate anonymized or aggregated data.
  • To communicate with you as part of your use of Services, including to: (i) respond to requests or questions you submit to our support staff; (ii) send you surveys and get your feedback about the Services; (iii) otherwise contact you with Services-related notices.
  • To advertise and market to you, including to: (i) determine your eligibility for certain programs, events, and offers; (ii) inform you of our or our partners’ products, services, features or promotions; (iii) provide you with newsletters, articles, reports, and announcements; and (iv) develop “interest-based” or “personalized advertising.”

For any other purpose for which you, your employer, or your employer’s agent expressly authorize us to use your information. 

What are Vested’s legal grounds for the collection, use, sharing, and other processing of Personal Information? 

Vested collects, uses, shares, and processes Personal Information for the following business purposes: 

  • To fulfill the purpose for which the information was provided.
  • To perform our service contracts with our Clients, including retaining records containing Personal Information of Work-Site Employees that we are legally or contractually required to retain.
  • To provide the Services, including processing payroll, managing works compensation claims, validating employee identity, administering group health and welfare plans, communicating with Work-Site

employees regarding certain Service-related matters such as benefits enrollment deadlines and availability of W-2’s, and to provide human resource best practices. 

  • To comply with laws that apply to us.
  • Customer relationship management and other forms of marketing and analytics
  • To implement, monitor and manage electronic security measures on Vested networks, software applications or systems, including managing and securing our online portals.
  • Physical, IT, and network perimeter security
  • Internal investigations
  • Intended mergers and acquisitions
  • Compliance with legal obligations and/or defense against legal claims, including those in the area of labor law, social security, and data protection, tax, and corporate compliance laws.
  • Protection of the vital interests of any individual
  • Performance of a task carried out in the public interest or in the exercise of official authority vested in us.

We may disclose Personal Data to certain Service Providers and Third Parties 

We use other companies and individuals to perform certain functions on our behalf with regard to our Services. We may disclose Client and Work-Site Employee personal information to service providers or third parties in the context of providing services including the following parties: Financial institutions, government agencies, benefit administrators and vendors, 401k and workers compensation vendors and insurance brokers, insurance carriers, employee tracking and talent management systems, payroll processors, timekeeping vendors, communication providers, the Work-Site Employee’s employer, software and cloud service providers and IT and cybersecurity vendors. 

Sale of the Businesses 

If we sell all or part of our business, Personal Information may be transferred to the purchaser in connection with that transaction. 

Other Disclosures 

We may otherwise disclose Personal Information as permitted or required by law, when we believe in good faith it is necessary for safety purposes, required for legal reporting, or to protect our legal rights or enforce our Terms of Use or any applicable rules, or to protect the rights of others. We may also disclose Personal Information to 

our auditors, legal advisors, or to respond to a subpoena. We may also aggregate information that we gather about you (e.g., online sales, traffic patterns) and provide these statistics to others in aggregate form. 

WE DO NOT AND WILL NOT SELL YOUR PERSONAL INFORMATION IN EXCHANGE FOR MONETARY OR OTHER VALUABLE CONSIDERATION. WE WILL NOT SHARE YOUR PERSONAL INFORMATION FOR CROSS CONTEXT BEHAVIORAL ADVERTISING. 

What kinds of security measures do we take to safeguard your Personal Information? 

The security and confidentiality of your Personal Information matters to us, that is why we have implemented industry standard technical, administrative, and physical controls in place to protect your Personal Information from unauthorized access, use, and disclosure. We also review our security procedures periodically to consider appropriate new technology and updated methods. Even so, despite our reasonable efforts, no security measure is ever perfect or impenetrable. Additionally, you are responsible for keeping your username, password, and other login credentials or user verification information confidential. You should not share this information with anyone. The transmission of information over the internet is not completely secure, so we cannot guarantee the security of your personal information transmitted to our Site. Any transmission of personal data is at your own risk. 

How long do you retain my Personal Information? 

We will retain your Personal Information only for the period necessary to fulfill the purposes outlined in this Privacy Policy, other valid business purpose, or as set out in our Client services agreement, unless a longer retention period is required or permitted by a law that applies to us. In deciding how long to retain Personal Information, we consider criteria including the business purpose for which the Personal Information was collected, contractual requirements, relevant federal, state and local record keeping laws, applicable statutes of limitations for claims for which the data may be relevant and legal preservation of evidence documents. 

What about Minors and Children Under 16? 

Our Sites are not intended for minors. We do not knowingly collect any Personal Information from children under the age of 16 or knowingly track the use of our Sites by minors. 

Notice to California Consumers 

This Section applies to our collection and use of “Personal Information” if you are a resident of California, as required by the California Consumer Privacy Act of 2018 and its implementing regulations, as amended by the California Privacy Rights Act (the “CCPA”). This Section describes (1) the categories of Personal Information, collected and disclosed by us, subject to CCPA, (2) your privacy rights under CCPA, and (3) how to exercise your rights. 

When we use the term “Personal Information” in the context of the CCPA, we mean information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular California consumer or household. 

If you would like to receive a copy of this Section in an alternate format (e.g., printable) or language, please contact us using the information found below in this Privacy Policy. 

Categories of Personal Information Collected, Used, and Disclosed 

Vested discloses the following categories of Personal Information for business purposes to Service Providers and Business Partners: 

  • Identifiers (ex: name, email address, mailing address, phone number, signature)
  • Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)) (ex: Social Security number, passport number, driver’s license or state identification card number, insurance policy number, employment, employment history, financial information, medical information, or health insurance information)
  • Protected classification characteristics under California or federal law (ex: age, race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, gender, sex, veteran or military status,
  • Commercial information
  • Internet or other electronic network activity information (ex: IP address, unique personal identifier, web history, advertising history)
  • Geolocation data (ex: the location from which you’re logging in)
  • Employment-related information (ex: employment history, employer name)
  • Education information (ex: education history)

We obtain the above Personal Information from the sources identified in the section of this Privacy Policy titled “What types of Personal Information do we collect and process about you?”. We use the above Personal Information for the business purposes set forth in the section of this Privacy Policy titled “How do we use and share your Personal Information?”. We also disclose the above Personal Information for the purposes set forth in the section of this Privacy Policy titled “What are Vested’s legal grounds for the collection, use, sharing, and other processing of Personal Information?”. 

Retention of Data 

Asure will retain each category of your Personal Information for as long as necessary to fulfill the purposes described in the section of this Privacy Policy titled “How do we use and share your Personal Information?”, unless otherwise required by applicable laws. Criteria we will use to determine how long we will retain your information include whether: we need your information to provide you with products or services you have requested; we continue to have a relationship with you or your employer; you or your employer have requested information, products, or services from us; we have a legal right or obligation to continue to retain your information; we have an obligation to a third party that involves your information; our retention or recordkeeping policies and obligations dictate that we retain your information; we have an interest in providing you with information about our products or services; and we have another business purpose for retaining your information. 

Your California Privacy Rights 

If you are a resident of California, you have the following rights: 

Right to Access and Know — You may request that we disclose to you the following information covering the 12 months preceding your request: 

  • The categories of Personal Information we collected about you and the categories of sources from which we collected such Personal Information;
  • The specific pieces of Personal Information we collected about you;
  • The business or commercial purpose for collecting or sharing Personal Information about you;
  • The categories of Personal Information about you that we shared (as defined under the applicable privacy law) and the categories of third parties with whom we shared such Personal Data; and
  • The categories of Personal Information about you that we otherwise disclosed, and the categories of third parties to whom we disclosed such Personal Information (if applicable).

Right to Request Correction of your Personal Information — You may request to correct inaccuracies in your Personal Information; 

Right to Request Deletion of your Personal Information — You may request to have your Personal Data deleted; and 

Right to Opt-out of Sharing for Cross-Context Behavioral Advertising — You may request to opt out of the “sharing” of your Personal Information for purposes of cross-context behavioral advertising. 

Right to Not be Discriminated Against or Retaliated Against: You have the right not to be discriminated or retaliated against for exercising any of the above rights, including an applicant or independent contractor’s right not to be discriminated against for exercising these rights. 

Only you, or a person registered with the California Secretary of State that you authorize to act on your behalf, may make a request related to your Personal Information. You may also make a request on behalf of your minor child. 

Your request must: 

  • Provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative.
  • Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.

Exercising your individual privacy rights: To exercise any of the privacy rights afforded to you under applicable data protection law, you may submit a request by emailing us at Privacy@VestedHR.com or by calling our privacy toll-free line at 1-844-928-0925. 

Verification: We must verify your identity before fulfilling your requests. If we cannot initially verify your identity, we may request additional information to complete the verification process. We will only use Personal Information provided in a request to verify the requestor’s identity. 

We endeavor to respond to requests within the time period required by applicable law. If we require more time, we will inform you of the reason and extension period in writing. 

If you have an account with us, we will deliver our written response to that account. If you do not have an account with us, we will deliver our written response by mail or electronically, at your option. 

We do not charge a fee to process or respond to your request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request. 

We cannot respond to your request or provide you with Personal Information if we cannot verify your identity and confirm the Personal Information relates to you. Making a verifiable consumer request does not require you to create an account with us. 

We may deny certain requests, or only fulfill some in part, as permitted or required by law. For example, if you request to delete Personal Information, we may retain Personal Information that we need to retain for legal purposes. 

If you have an authorized agent: If you are a California resident, you can authorize someone else as an authorized agent who can submit a request on your behalf. To do so, you must either (a) execute a valid, verifiable, notarized power of attorney or (b) provide other written, signed authorization that we can then verify. When we receive a request submitted on your behalf by an authorized agent who does not have a power attorney, that person will be asked to provide written proof that they have your permission to act on your behalf, and we will also contact you and ask you for information to verify your own identity directly with us and not through your authorized agent. We may deny a request from an authorized agent if the agent does not provide your signed permission demonstrating that they have been authorized by you to act on your behalf. 

Additional Notice to Colorado, Connecticut, Utah, and Virginia Residents 

Subject to applicable law, residents of the above states may make the following requests: 

Right to Know — You may request to know whether we process your Personal Information and request to access such Personal Information, including, where applicable, a request to obtain a copy of the Personal Information you provided to us in a portable format; 

Right to Request Correction of your Personal Information — You may request to correct inaccuracies in your Personal Information; 

Right to Request Deletion of your Personal Information — You may request to have your Personal Information deleted; and 

Right to Opt-out of Targeted Advertising — You may request to opt out of any targeted advertising. 

We will not unlawfully discriminate against you for exercising your rights under applicable privacy law. Requests may be submitted by email to Privacy@VestedHR.com or contact us at our toll-free number at 1-844-928-0925 and request the Privacy Officer. 

How will you know if we amend this Privacy Policy? 

We may amend this Privacy Policy at any time. Revisions are effective upon posting and your continued use of our website or our Services will indicate your acceptance of these changes. You should refer regularly to this Policy. 

Questions about this Policy 

If you have any questions about this policy, you may email us at Privacy@VestedHR.com, or contact us at our toll-free number at 1-844-928-0925 and request the Privacy Officer. 

 

PROPRIETARY & CONFIDENTIAL 

* Vested HR Solutions, LLC includes the following companies/names: Vested HR II, LLC, Vested HR III, LLC, Vested HR IV, LLC & Vested HR V, LLC