Notice at Collection and Privacy Policy for California Job Applicants

Last Updated: January 1, 2023

Knight Health Holdings, LLC, and/or its affiliates and related companies (“ScionHealth,” “Kindred Hospitals,” “us,” or “we”) takes your privacy seriously. We want you to know how we collect, use, share, and protect your personal data.

EEO Statement

ScionHealth is an equal employment opportunity (EEO) employer. For more information about ScionHealth’s EEO policy, click here.

Assistance For the Disabled

Alternative formats of this Privacy Policy are available to individuals with a disability. Please contact compliance@scionhealth.com for assistance.

This Privacy Policy explains:

1. The categories of personal information we collect about you
2. The categories of sources from which we collect your personal information
3. The purposes for which we use your personal information
4. How we may disclose your personal information
5. How long we keep your personal information
6. Your rights and how to exercise them
7. Changes to this Privacy Policy

Scope:

This Privacy Policy applies to the personal information of California residents in their role as job applicants to ScionHealth (“Applicants”).

“Personal information” means any information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular Applicant.

1) THE CATEGORIES OF PERSONAL INFORMATION WE COLLECT ABOUT YOU

1. Identifiers, for example: real name, nickname, telephone number, postal address, e-mail address, and signature.
2. Professional or Employment-Related Information, for example: educational institutions attended, degrees and certifications, work experience and previous employers, and professional memberships and affiliations.
3. Non-public educational information, for example: academic transcripts.
4. Background Screening Information: ScionHealth collects background screening information, including results of the following types of background screening: criminal history; sex offender registration; motor vehicle records; credit history; employment history; drug testing; and educational history.
5. Commercial Information, for example: travel expense records for an interview.
6. Internet Activity Information, for example: interactions with ScionHealth’s Internet website, job application, or job advertisement, and publicly available social media activity.
7. Sensory or Surveillance Data, for example: audio/visual recordings of interviews, and footage from video surveillance cameras.
8. California Civil Code § 1798.80, to include: personal information described under Cal. Civ. Code § 1798.80 to the extent not already included in other categories in this section, such as a photograph and physical description for security and internal identification purposes.
9. Other details, for example: hobbies and leisure activities or membership in voluntary/charitable/public organizations, such as stated on the Applicant’s resume.
10. Inferences: ScionHealth collects profile data, which may include the following: individual’s preferences, characteristics, psychological trends, predispositions, behaviors, attitudes, intelligence, abilities, and aptitudes.
11. Characteristics of Protected Classifications Under California or Federal Law for Applicants, collected on a purely voluntary basis, except where collection is required by law, and used only in compliance with applicable laws and regulations, for diversity and inclusion reporting and related purposes.
12. Sensitive identifiers, for example: Social Security, driver's license, state identification card, or passport number.
13. Biometric information, for example: photographs, but ScionHealth does not extract faceprints or other identifying metrics from photographs.
14. Geolocation data, for example: through a radio frequency identification (RFID) chip in a security badge to determine an applicant’s physical location, and information that can be used to determine a mobile device’s physical location.
15. Health information, for example: occupational health surveillance, occupational health and safety compliance and record-keeping, to conduct fitness-for-duty examinations, and to respond to an applicant’s medical emergency.

Note on inferring characteristics: ScionHealth does not collect or process sensitive personal information or characteristics of protected classifications for the purpose of inferring characteristics about the Applicant.

2) THE CATEGORIES OF SOURCES FROM WHICH WE COLLECT YOUR PERSONAL INFORMATION

• You, for example: in your job application, forms you fill out for us, assessments you complete, surveys you complete, and any information you provide us during the course of your application and interview process.
  
• Vendors and service providers, for example: recruiters.
• Third parties, for example: job references, affiliated companies, professional employer organizations or staffing agencies.
• Public internet sources, for example: social media, job boards, public profiles, and other public online sources.
• Public records, for example: court records, and credentialing and licensing organizations.
• Automated technologies on ScionHealth’s electronic resources, for example: to track logins and activity on ScionHealth’s and other affiliated careers pages.
• Surveillance/recording technologies installed by ScionHealth, for example: video surveillance in common areas of ScionHealth facilities, and audio/video recording technologies, with consent, to the extent required by law.
• Government or administrative agencies, for example: law enforcement or public health authorities.
• Acquired company: If ScionHealth acquired your employer, ScionHealth might collect personal information from that employer.

Note: This Privacy Policy does not cover background screening conducted by third-party background check vendors subject to the federal Fair Credit Reporting Act. ScionHealth provides a separate disclosure for such screening.

3) THE PURPOSES FOR WHICH WE USE YOUR PERSONAL INFORMATION

A. Generally Applicable Purposes:

Unless stated otherwise in section 3.B, below, we may use Applicants’ personal information for the following purposes:

Recruiting

• To evaluate Applicants’ qualifications or suitability for employment with ScionHealth,
• To communicate with Applicants,
• To conduct a pre-employment or criminal history background check,
• For identification purposes,
• For diversity and inclusion purposes,
• To arrange and manage ScionHealth-sponsored events,
• To create a talent pool for future job openings,
• For recordkeeping purposes,
• To demonstrate Applicants’ agreement to, or acceptance of, documents presented to them (e.g., pre- employment arbitration agreement, acknowledgment of employment application, offer letter),
• To evaluate and improve the recruiting process, or
• To promote ScionHealth as a place to work.

Monitoring, Security, and Compliance:

• To monitor the use of ScionHealth information systems and other electronic resources or information systems,
• To conduct internal audits,
• To conduct internal investigations,
• To protect the safety and security of ScionHealth’s facilities,
• To administer ScionHealth’s whistleblower hotline,
• To report suspected criminal conduct to law enforcement and cooperate in investigations,
• To monitor compliance with ScionHealth policies, or
• To exercise ScionHealth’s rights under applicable law and to support any claim, defense, or declaration in a case or before a jurisdictional and/or administrative authority, arbitration, or mediation panel.

Conducting Our Business:

• For training purposes or quality assurance with respect to ScionHealth employees conducting the interviews or otherwise assisting with the recruiting and hiring process,
• For travel and event planning,
• To engage in crisis management, or
• To manage travel reimbursements.

Miscellaneous Other Purposes:

• To manage and operate information technology and communications systems, risk management and insurance functions, budgeting, financial management and reporting, and strategic planning,
• To manage litigation involving ScionHealth, and other legal disputes and inquiries and to meet legal and regulatory requirements,
• To manage licenses, permits, and authorizations applicable to ScionHealth's business operations,
• In connection with a corporate transaction, sale, or assignment of assets, merger, divestiture, or other changes of control or financial status of ScionHealth or any of its subsidiaries or affiliates, and
• To protect the rights, property, or safety of ScionHealth, HR Individuals, customers, or others.

B. Purposes Specific to Certain Categories Of Personal Information:

We may use the categories of Applicants’ personal information listed in this Section 3.B for the purposes stated below:

Purposes For Using Applicants’ Biometric Information:

ScionHealth uses biometric information in the form of fingerprints to conduct criminal history background checks.

Purposes For Using Applicants’ Geolocation Data:

Upon entry to ScionHealth’s facilities, ScionHealth may issue Applicants an RFID-enabled security badge. ScionHealth will use this information to protect the safety and security of its facilities and the people in its facilities, including the Applicant, to confirm that an applicant has arrived and left ScionHealth facilities when scheduled, and to manage applicant-related emergencies.

Purposes For Using Applicant Health Information:

• To the extent necessary to comply with ScionHealth’s legal obligations, such as to accommodate disabilities,
• To protect the health and safety of ScionHealth’s employees and facilities, for example: to take the Applicant’s temperature,
• For occupational health and safety compliance and record-keeping,
• To conduct pre-employment medical examinations, or
  
• To respond to an Applicant’s medical emergency.

Note: This Privacy Policy does not cover health information governed by the Health Insurance Portability and Accountability Act (HIPAA), the Health Information Technology for Economic and Clinical Health Act (HITECH Act), or California’s Confidentiality of Medical Information Act (CMIA).

Purposes For Using Applicants’ Protected Categories of Information:

ScionHealth collects information about race, age, national origin, disability, sex, and veteran status as necessary to comply with legal obligations, including the reporting requirements of the federal Equal Employment Opportunity Act, the federal Office of Contracting Compliance Programs (applicable to government contractors), and California’s Fair Employment and Housing Act, and for purposes of diversity analytics.

ScionHealth also uses this personal information for purposes including: (a) with respect to disability and/or medical condition, as necessary, to comply with federal and California law related to accommodation; and (b) with respect to age, incidentally to the use of birth date for identity verification.

ScionHealth collects protected categories of Personal Information on a purely voluntary basis, except where required by law, and uses the information only in compliance with applicable laws and regulations.

Deidentified Information

At times, ScionHealth converts personal information into deidentified information using reasonable measures to ensure that the deidentified information cannot be associated with the individual (“Deidentified Information”). ScionHealth maintains Deidentified Information in a deidentified form and does not attempt to reidentify it, except that ScionHealth may attempt to reidentify the information solely for the purpose of determining whether its deidentification processes ensure that the information cannot be associated with the individual. ScionHealth prohibits vendors, by contract, from attempting to reidentify ScionHealth’s Deidentified Information.

4) HOW WE MAY DISCLOSE YOUR PERSONAL INFORMATION

ScionHealth generally maintains information related to Applicants as confidential. However, from time to time, ScionHealth may have a legitimate business need to disclose Applicants’ personal information for one of the purposes listed in Section 2, above, to one or more of the categories of external recipients listed below. In that event, ScionHealth discloses your personal information and/or sensitive personal information only to the minimum extent necessary to achieve the purpose of the disclosure and only if the disclosure is permitted by the CPRA and other applicable laws:

• Service providers and contractors: ScionHealth discloses your personal information to service providers and contractors for the purposes above to assist us in our recruiting efforts and in meeting our business needs and legal obligations.
  • ScionHealth only discloses your personal information to service providers and contractors subject to written contracts as required by applicable law.
  • Service providers and contractors include recruiters, law firms, travel agencies, and any other entity providing services to ScionHealth.
• Affiliated companies: Other companies within the ScionHealth family of companies.
• Government or administrative agencies: These may include, for example:
  • Equal Employment Opportunity Commission as required for reporting.
  • California Department of Fair Employment and Housing as required to respond to employment claims and charges.
  • Law enforcement in the event of criminal investigations.
• Required Disclosures: We may be required to disclose personal information in a court proceeding, in response to a court order, subpoena, civil discovery request, other legal process, or as otherwise required by law.
• Legal Compliance and Protections: We may disclose personal information when we believe disclosure is necessary to comply with the law or to protect the rights, property, or safety of ScionHealth, our users, or others.
  
• Corporate Transactions: We may disclose your personal information in connection with a corporate merger, consolidation, bankruptcy, the sale of all ‒ or substantially all ‒ of our membership interests and/or assets, or other corporate change, including to any prospective purchasers.

No sales and no “sharing” (i.e., disclosure for cross-context behavioral advertising):

ScionHealth does not sell the personal information of any Applicants nor share their personal information for cross- context behavioral advertising.

5) HOW LONG WE KEEP YOUR PERSONAL INFORMATION

If ScionHealth hires you, the information collected about you during the job application process may become part of your personnel file and may be used to administer the employment relationship and for related reporting and recordkeeping purposes. ScionHealth will retain this application information for the entire duration of your employment relationship with ScionHealth and for as long thereafter as permitted or required by applicable law. ScionHealth makes its document retention schedule available to employees for review.

ScionHealth will retain information of applicants who are not hired for four (4) years after the record is collected and may retain longer as required by applicable law or regulation, by legal process, for administrative purposes, or to exercise or defend legal claims. These records will be retained for our internal recordkeeping and reporting purposes in compliance with California Government Code § 12946. During that time, we may use your information to consider you for positions in addition to the position(s) for which you initially applied.

6) YOUR PRIVACY RIGHTS AND HOW TO EXERCISE THEM

a. Your California Privacy Rights

Subject to applicable law, Applicants have the following rights:

• Right to Know: You have the right to submit a verifiable request for copies of specific pieces of your personal information collected in the preceding 12 months and for information about ScionHealth’s collection, use, and disclosure of your personal information during that same 12-month period. In addition, you have a right to know the categories of your personal information that ScionHealth sold or shared for cross-context behavioral advertising and the parties to which those categories were sold or shared.
  Please note that the CPRA’s right to obtain copies does not grant a right to the whole of any document that contains personal information, but only to “specific pieces” of personal information. Moreover, HR Individuals have a right to know categories of sources of personal information and categories of external recipients to which personal information is disclosed, but not the individual sources or recipients. ScionHealth does not always track individualized sources or recipients.
• Right to Delete: You have the right to submit a verifiable request for the deletion of personal information that you have provided to ScionHealth.
• Right to Correct: You have the right to submit a verifiable request for the correction of inaccurate personal information maintained by ScionHealth, taking into account the nature of the personal information and the purposes of processing the personal information.
  
• Right to Opt Out of Sale and Sharing: You have the right to opt out of the sale of your personal information and the disclosure of your personal information for cross-context advertising. As noted above, ScionHealth does not sell personal information or disclose personal information for cross-context advertising.
• Right to Restrict Use and Disclosure of Sensitive Personal Information: You have the right to restrict ScionHealth’s use and disclosure of your sensitive personal information to purposes permitted under the CPRA, such as security, quality control, uses required by law, and disclosures to vendors in support of the permitted purposes. This right only applies to sensitive personal information collected or processed by ScionHealth for the purpose inferring characteristics about you. As noted above, ScionHealth does not collect or process your sensitive personal information for the purpose inferring characteristics, and therefore this right does not apply.
  

b. How to Exercise Your Rights

ScionHealth will respond to requests know, delete, and correct in accordance with applicable law if it can verify the identity of the individual submitting the request. You can exercise these rights in the following ways:

• Call: 1(833)3COURAGE
• Email: compliance@scionhealth.com

To opt out of the disclosure of your personal information for purposes of cross-context behavioral advertising or the sale of your personal information, click here: Do Not Sell or Share My Personal Information

To restrict the use and disclosure of your sensitive personal information to permitted purposes, click here: Limit the Use of My Sensitive Personal Information

c. How We Will Verify Your Request:

The processes that we follow to verify your identity when you make a request to know, correct, or delete are described below. The relevant process depends on how and why the request is submitted.

If you submit a request by any means other than through a password-protected account that you created before the date of your request, the verification process that we follow will depend on the nature of your request as described below:

1. Requests To Know Categories Or Purposes: If you request to know how we collect and handle your personal information, we will match at least two data points that you provide with your request, or in response to your verification request, against information about you that we already have in our records and that we have determined to be reliable for purposes of verifying your identity. Examples of relevant data points include your mobile phone number, your zip code, and the month and year that you submitted a job application to us.
2. Requests To Know Specific Pieces Of Personal Information: We will match at least three data points that you provide with your request to know, or in response to our request for verification information, against information that we already have about you in our records and that we have determined to be reliable for purposes of verifying your identity. In addition, we may require you to sign a declaration under penalty of perjury that you are the individual whose personal information is the subject of the request.
3. Requests To Correct or Delete Personal Information: Our process for verifying your identity will depend on the sensitivity (as determined by ScionHealth) of the personal information that you ask us to correct or delete. For less-sensitive personal information, we will require a match of two data points as described in point number 1, above. For more sensitive personal information, we will require a match of three data points and a signed declaration as described in point number 2, above.

We have implemented the following additional procedures when verifying the identity of requestors:

1. If we cannot verify your identity based on the processes described above, we may ask you for additional verification information. If we do so, we will not use that information for any purpose other than verification.
2. If we cannot verify your identity to a sufficient level of certainty to respond to your request, we will let you know promptly and explain why we cannot verify your identity.

d. Authorized Agents

If an authorized agent submits a request to know, correct or delete on your behalf, the authorized agent must submit with the request either (a) a power of attorney that is valid under California law, or (b) a document signed by you that authorizes the authorized agent to submit the request on your behalf. In addition, we may ask you or your authorized agent to follow the applicable process described above for verifying your identity. You can obtain the “Authorized Agent Designation” form by contacting us at compliance@scionhealth.com.

e. ScionHealth’s Non-Discrimination and Non-Retaliation Policy

ScionHealth will not unlawfully discriminate or retaliate against you for exercising your privacy rights under the California Privacy Rights Act.

7) CHANGES TO THIS PRIVACY POLICY

If we change this Privacy Policy, we will post those changes on this page and update the Privacy Policy modification date above. If we materially change this Privacy Policy in a way that affects how we use or disclose your personal information, we will provide a prominent notice of such changes and the effective date of the changes before making them.

For More Information

For questions or concerns about ScionHealth’s privacy policies and practices, please contact us at compliance@scionhealth.com.

 

4884-1930-2191.1 / 047846-1118