1. Bank of Hope Privacy & Security CCPA for Employees, Job Applicants and Contractors

Effective Date: January 1, 2024

  1. Introduction
  2. Collection, Sources, and Use of Personal Information and Sensitive Personal Information
  3. Data Retention
  4. Disclosure of Business Purposes
  5. Sale and Sharing of Personal Information
  6. Automated Decision Making
  7. Other Legal Disclosures
  8. Your Rights and Choices
         A. Right to Know
         B. Right to Correct
         C. Right to Delete
         D. Right to Opt-Out of Selling and Sharing
         E. Right to Access Information About and Opt-out of Automated Decision Making Technology
         F. Right to Limit the Use of Your Sensitive Personal Information
         G. Right to Non-Discrimination
         H. How to Exercise your California Privacy Rights
  9. Changes to Our Privacy Notice
  10. Contact Information
 

1. Introduction

The California Consumer Privacy Act of 2018 (“CCPA”) was amended by the California Privacy Rights Act of 2020 (“CPRA”) to provide additional privacy rights and will be collectively referred to in this notice as “CCPA.” This notice for California Residents provides information that applies solely to all job applicants, external staff (temporary workers, outsourced staff or contractors), current and former employees and their emergency contacts and beneficiaries who reside in the State of California (“consumer” or “you”).

If you have a disability, you may access this notice in an alternative format by contacting the Human Resources Department at 1-213-235-2209.

 

2. Collection, Sources, and Use of Personal Information

Bank of Hope (the “Bank,” “we,” or “us”) collects personal information (“PI”) self-disclosed by you, such as on job applications, publicly available professional social media platforms, employee onboarding documentation, employee timekeeping and payroll documentation, employee benefits documentation, employee requests for leaves of absence, employee requests for use of paid sick leave or other paid time off, employee requests for accommodation, employee performance reviews and self-assessments, employee requests, such as for reimbursements or from services we provide to you such as health and welfare benefits, and information provided during communications between you and the Bank.

PI may also be collected indirectly from you, such as monitoring information that your work computer or mobile device transmits when interacting with our applications.

PI under the CCPA is defined to include any information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household. Some examples of personal information include:

  • Real name
  • Postal address
  • Unique personal identifier
  • Online identifier IP address
  • Email address
  • Account name
  • Social Security number
  • Driver’s license number
  • Passport number

PI is collected for a variety of purposes pertaining to your employment relationship with the Bank, including but not limited to: the administration of recruiting, background checks, fingerprinting, hiring, payroll, benefits, conducting risk and security controls and monitoring, detecting and preventing fraud, performing audits, internal investigations, and for the purpose of complying with all applicable labor and employment laws and regulations. We will minimize the use and storage of your PI and will not collect or use additional categories of PI for additional purposes that are incompatible with the purposes disclosed in this notice without providing prior notice.

Personal information does not include:

  • Publicly available information from federal, state, or local government records.
  • Deidentified or aggregated consumer information.
  • Information excluded from the CCPA’s scope, like personal information covered by certain sector-specific laws such as the Health Insurance Portability and Accountability Act (“HIPPA”) and the Fair Credit Reporting Act (“FCRA”).

A sub-category of PI known as Sensitive Personal Information (“SPI”) is also collected. Some examples of SPI include but is not limited to:

  • Government-issued identifiers, such as social security, driver’s license, state identification card number;
  • Financial account, debit card, or credit card number in combination with any required security or access code, password, or credentials allowing access to an account;
  • Precise geolocation;
  • Country of Citizenship or Immigration status;
  • Racial or ethnic origin, veteran status, disability status, religious or philosophical beliefs, or union membership;
  • The contents of a consumer’s mail, email and text messages, unless the business is the intended recipient of the communication;
  • Processing of biometric information for the purpose of uniquely identifying a consumer;
  • Genetic data;
  • PI collected and analyzed concerning a consumer’s sexual orientation.

As defined by the CCPA, SPI shall be treated as PI except where it is collected or processed for “the purpose of inferring characteristics about a consumer.” Bank of Hope does not collect or process SPI for the purposes of inferring characteristics about you.

In the table below, we provide the list of categories of PI that Bank of Hope has collected within the last twelve (12) months and some examples in each category. We also have identified the main sources and purposes for collection:

Categories of PI Examples Collected Sources of PI Purposes for PI collection
A. Personal Identifiers This may include but is not limited to: a real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, username, Social Security Number, or other similar identifiers. Yes Consumer directly (e.g., employment applications you complete or benefits you obtain from us) Pre-employment screening, new hire onboarding, citizenship status, administer payroll, employment taxes and benefits, process work-related claims (e.g., workers compensations, work related claims, leave of absence, etc.), emergency contact information, and to comply with applicable laws.
B. Personal Records

This may include but is not limited to: a name, telephone number, address, signature, passport number, health insurance information, bank account number, retirement account information, legal issues (e.g. child support, alimony, wage garnishments, and subpoenas) and wage information.

 Yes Consumer directly (e.g., employment applications you complete or benefits you obtain from us Pre-employment screening, new hire onboarding, citizenship status, administer payroll, tax withholding and reporting, benefits, process work-related claims (e.g., workers compensation, work related claims, leave of absence, etc.), emergency contact information, and to comply with applicable laws.
C. Protected classification characteristics under California or federal law Characteristics of protected classes or groups under state of federal law such as: sex, marital status, familial status, race, and gender identity, age, disability. Yes Consumer directly (e.g., employment applications you complete or benefits you obtain from us

Complying with applicable laws – labor and employment, anti-discrimination laws, benefits administration, complying with applicable state and federal Equal Employment Opportunity laws; Design, implement and promote Bank of Hope’s diversity and inclusion programs; Investigate complaints, grievances, and suspected violations of Bank of Hope’s policy.
D. Commercial information This may include but is not limited to: records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies. No N/A N/A
E. Biometric information This may include but is not limited to: physiological, or biological characteristics used as a form of identification and access control, such as, fingerprints, faceprints, and voiceprints. Yes Consumer directly Physical access control; employment background checks.
F. Internet or another similar network activity This may include but is not limited to: search history, information on a consumer's interaction with a website, application, or advertisements. Yes Consumer directly

Consumer indirectly		 Information Security purposes.
G. Geolocation data This may include but is not limited to: location based on IP address and device location. Yes Consumer indirectly Information Security purposes.
H. Sensory data

This may include but is not limited to: audio (voicemails), electronic, visual, or similar information

 Yes

CCTV security cameras, recorded videos, voicemails

 Compliance with regulatory requirements, work-related communications, security purposes
I. Professional or employment related information

This may include but is not limited to: education history, or employment related information.

 Yes Consumer directly, publicly available sources Verify professional license and/or certifications to assess job qualifications.
J. Non-public education records This may include but is not limited to: Education records directly related to a student maintained by an educational institution, such as grades, transcripts, class lists, or student disciplinary records. No N/A Verify education history to assess job qualifications.
K. Inferences drawn from other personal information This may include but is not limited to: profile reflecting a person's preferences, characteristics, predispositions, behavior, or attitudes. No N/A N/A

 

For additional information on the purposes listed in this chart, you can find some examples in the list below:

  • Employment Laws: To comply with applicable federal and state employment laws and regulations, including collecting and disclosing personal data as required by law (e.g., for minimum wage, payroll tax, and anti-discrimination).
  • Network monitoring, security, and system use: To monitor and record activity on our information technology systems and corporate network, such as internet traffic, website filtering, email communications, or systems accessed to help ensure the safety, security, and integrity of our information technology systems, corporate network, databases, and other technology assets.
  • Monitor physical security and safety: To monitor activity and presence in our offices with badge readers and closed circuit television (CCTV) to protect the safety of our employees, authorized visitors, property, and to prevent unauthorized access to our offices.
  • Responding to Legal and Regulatory Requests: To comply with valid court orders, warrants, subpoenas, or government regulatory requests when disclosure is required by law enforcement or regulatory authorities.
  • Legal Defense: To exercise and defend legal and contractual rights and claims.
  • As described to you when collecting your personal information or as otherwise set forth in the CCPA.

Subject to restrictions and obligations of the CCPA, our service providers may also use your PI for some or all the above listed business purposes.

 

3. Data Retention

We will retain your information only for as long as necessary for the purposes for which the information was collected (e.g., during your job application process or the duration of your employment) and to the extent required to comply with applicable laws, statutes, regulations of state and federal governments, regulatory bodies, or for legal or other obligations.

 

4. Disclosure of Business Purposes

At times, Bank of Hope engages service providers and contractors for the same business purposes for which we collect such PI as described in the previous section. To that end, a written contract is signed with each service provider and contractor that requires the recipient to keep PI confidential and not use it for any purpose except as stated in the contract and to assist the Bank in complying with CCPA consumer requests.

In the description below, we provide categories of PI that Bank of Hope has disclosed to service providers and contractors.

Note that the categories of service providers listed in the chart below do not represent an exhaustive list but provide a better understanding of vendors we usually engage.

  • Our technology vendors and service providers (e.g., website hosting, information technology and security, cloud storage, etc.).
  • Third parties who provide professional services such as attorneys, auditors, benefit specialists, payroll companies, etc.
  • Third parties to whom you or your representatives authorize us to disclose Personal Information in connection with products or services we or they provide to you.
  • Government agencies as required by laws and regulations or otherwise to comply with legal obligations or valid legal processes such as search warrants, subpoenas, or court orders.
  • When we disclose your PI to comply with a legal obligation or legal process, we will take reasonable steps to ensure that we only disclose the requested PI necessary for the specific purpose and circumstances.

5. Sale and Sharing of Personal Information

The Bank does not sell or share your Personal Information with third parties as defined by the CCPA.

For the purposes of this notice and as defined by CCPA, “sale” means “selling, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, in writing, or by electronic or other means, a consumer’s personal information by the business to another business or a third party for monetary or other valuable consideration." The CPRA defines “sharing” as “sharing, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, in writing, or by electronic or other means, a consumer’s personal information by a business to a third party for the purpose of cross-contextual behavioral advertising, whether or not for monetary or other valuable consideration."

 

6. Automated Decision Making

The Bank does not utilize automated decision making technology as defined by the CCPA.

 

7. Other Legal Disclosures

In certain circumstances, Bank of Hope may use or disclose your PI when authorized or required by law, to public authorities, courts or law enforcement, concerning conduct or activity that we reasonably and in good faith believe may violate federal, state, or local law or when required to protect our legal rights, such as to protect against or prevent actual or potential fraud, unauthorized transactions, claims or other liability. See some examples below:

  • We may share your personal information as part of a merger, acquisition, bankruptcy, or other transaction in which a third party takes control of all or some parts of our business. Any changes to this notice after the takeover will be communicated to you by that third party.
 

8. Your Rights and Choices

The CCPA provides California residents with specific rights regarding their personal information. This section describes those rights and explains how to exercise those rights.

  1. Right to Know
  2. Right to Correct
  3. Right to Delete
  4. Right to Opt-Out of Selling and Sharing
  5. Right to Access Information About and Opt-out of Automated Decision-Making Technology
  6. Right to Limit the Use of Sensitive Personal Information
  7. Right to Non-Discrimination
  8. How to Exercise Your California Privacy Rights
 

A. Right to Know

You have the right to send us a request, no more than twice in a 12-month period, for any of the following:

  • The categories of personal information (PI) we collected about you.
  • The categories of sources for the PI we collected about you.
  • Our business or commercial purposes for collecting , selling, or sharing your PI.
  • The categories of third parties with whom we disclose your PI.
  • A list of the categories of PI disclosed for a business purpose or that no disclosures occurred.
  • A list of the categories of PI sold or shared about you, or that no sale or sharing occurred.
  • The specific pieces of PI we collected about you. You can obtain a copy of your PI that we have collected by mail or electronically. This type of request requires a stricter verification standard.
  • You have the right to request us to transfer specific personal information to another entity in a machine readable format that is in a structured, commonly used, and machine readable format to the extent that it is technically feasible.
 

B. Right to Correct

You have the right to request us to correct inaccurate personal information we may have about you. Upon request, we will take commercially reasonable efforts to correct your personal information.

 

C. Right to Delete

Except to the extent we have a basis for retention under applicable law or policy, you may request us to delete your personal information that we have collected directly from you and are maintaining. We will also notify all service providers or contractors with whom your PI has been shared with for specified business purposes to delete your PI from their records. We are not required to delete your PI that we did not collect directly from you.

We may deny your deletion request if retaining the information is necessary for us or our service provider(s) to:

  • Complete the transaction for which we collected the personal information, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing relationship with you, or otherwise perform our contract with you.
  • Help to ensure security and integrity to the extent the use of the consumer’s personal information is reasonably necessary and proportionate for those purposes.
  • Debug products to identify and repair errors that impair existing intended functionality.
  • Exercise free speech, ensure the right of another customer to exercise their free speech rights, or exercise another right provided for by law.
  • Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us and compatible with the context in which the consumer provided the information.
  • Comply with a legal obligation or when otherwise authorized by law, including the CCPA.
  • Make other internal and lawful uses of that information that are compatible with the context in which your provided it.
 

D. Right to Opt-Out of Selling and Sharing

As described in Section 5 above, the Bank does not sell or share PI. Therefore, submitting a request to Opt-Out is not required.

 

E. Right to Access Information About and Opt-Out of Automated Decision Making Technology

The Bank does not utilize automated decision making technology as defined by the CCPA. Therefore, submitting a request to Opt-Out is not required.

 

F. Right to Limit the Use of Your Sensitive Personal Information

Sensitive Personal Information, as defined by the CPRA, is not collected or processed for the purpose of inferring characteristics about you. Therefore submitting a request to limit the use of your sensitive personal information is not required.

 

G. Right to Non-Discrimination

We will not discriminate against you or treat you less favorably for exercising your CCPA rights.

 

H. How to Exercise your California Privacy Rights

Mechanisms to submit Requests to Know, Delete, and Correct: If you are a California resident, you may exercise the right to know, correct, and delete by submitting your request by either:

  • Completing an Online form on our website, by clicking here.
  • Or by calling us at our Human Resources Department - 1-213-235-2209.

Initial Identification and Verification: Any request to know, correct or delete that you submit to us is subject to an identification and verification process.. Only you, or someone legally authorized to act on your behalf, may make a verifiable consumer request related to your personal information.

You may only make a verifiable consumer request for access or data portability twice within a 12-month period. The verifiable consumer request must:

  • Provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative.
  • Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.

 

Making a verifiable consumer request does not require you to create an account with us. However, we cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request.

Process: Once the initial identification and verification process is complete, we will send you an acknowledgement of receipt within 10 days from receiving your request and a reference number. If you submit the request via the toll-free telephone number, we will provide you with the reference number during the call to confirm receipt of your request.

When you submit an online request to delete PI, we will confirm your request before proceeding to the deletion.

On some occasions, we may not be able to comply with your requests. This could be in instances where we cannot verify your identity, when compliance with your request(s) would cause unreasonable risk to the security of PI, your account or the security of our systems and network, when it would be in breach of applicable federal or state laws, or because compliance might infringe data privacy rights of other individuals whose details are contained in it, among others. If this is the case, we will inform you in writing and explain the reasons.

Time period: We will endeavor to respond to a verifiable consumer request within 45 days of its receipt. If we require more time, up to an additional 45 days (90 days total), we will inform you in writing.

Designating an authorized agent: To exercise any of these privacy rights you can also designate another person to act on your behalf. We will need this person to provide us with a written authorization (such as a Power of Attorney) to show that you gave them your permission to submit information requests on your behalf.

Fees: We will typically not charge a fee to fully respond to your requests; however, we may charge a reasonable fee if we consider that your request is excessive, repetitive, unfounded or overly burdensome. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.

To obtain this information in an alternative format: If you require this notice to be provided in a different format (e.g., audio), please contact us at:

     Human Resources Department: 1-213-235-2209

 

9. Changes to Our Privacy Notice

Bank of Hope reserves the right to amend this privacy notice at our discretion at any time, as we continue to develop our compliance program in response to legal developments and new interpretations of the CCPA. When we make changes to this notice, we will post the updated notice on the Website and update the effective date of the notice.

 

10. Contact Information

If you have any questions or comments about this notice, the ways in which Bank of Hope collects and uses your PI or SPI and wish to exercise your rights under California law, please feel free to contact us at:

     Human Resources Department: 1-213-235-2209

Need help?

Human Resources Department

Call us at 1-213-235-2209
Mon-Fri: 5:30 am - 6:00 pm (PST)
Sat: 6:00 am - 1:00 pm (PST)

Message Us

Send us an email and one of our
representatives will reach out to
you soon.