Effective Date: December 20, 2022
Enova International, Inc. (“Enova,” we,” “our,” or “us”) respects the privacy of our employees’ personal information.
- Notice at Collection of Personal Information
- Disclosure of Personal Information
- Retention of Personal Information
- Your Rights
- How to Submit a Request to Know, Delete, and/or Correct
- Our Process for Verifying a Request to Know, Delete, and/or Correct
- Other Relevant Policies, Including Monitoring
- How to Contact Us
When This Policy Applies
When This Policy Does Not Apply
2. Notice at Collection of Personal Information
Personal Information We Collect
- Identifiers (name, alias, postal address, Internet Protocol address, email address, Social Security number, driver’s license number, passport number)
- Unique personal identifiers (device identifier; cookies, beacons, pixel tags, mobile ad identifiers, or other similar technology; customer number, unique pseudonym, or user alias; telephone numbers, or other forms of persistent or probabilistic identifiers that can be used to identify a particular employee or device)
- Other type of state identification card number such as California ID Cards
- Telephone number
- Physical characteristics or description
- Bank account number
- Corporate credit card number
- Account log-in, financial account, or credit card number for corporate account in combination with any required security or access code, password, or credentials allowing access to the account
- Other financial information regarding stock purchases, 401(k) elections, and similar benefits
- Medical information
- Insurance policy number or subscriber identification number
- Any unique identifier used by health insurer to identify an employee
- Internet or other electronic network activity information (information regarding an individual’s interaction with website, application or advertisement)
- Geolocation data (regional; city/state; precise (1,850 feet or less))
- Education information
- Professional or employment-related information (including employment history)
- Biometric information (imagery of face and voice recordings)
- Characteristics of protected classifications under California or federal law (race, sex/gender (including pregnancy, childbirth, breastfeeding and/or related medical conditions), sexual orientation, gender identity/expression, age (40 and older), national or ethnic origin, disability (mental and physical, including HIV/AIDS, cancer, and genetic characteristics), citizenship status, marital status, medical condition (genetic characteristics, cancer or a record or history of cancer), military or veteran status, request for family care leave, request for leave for an employee’s own serious health condition, and request for pregnancy disability leave)
Sources of Personal Information
We collect Personal Information directly from California residents and from government entities, background checks, benefits providers, payroll providers, company bankers, operating systems and platforms, data analytics providers, business partners or coworkers, authentication and single sign-on providers, enterprise communication providers, online job applicant providers (such as through LinkedIn and similar providers), medical providers, recruiters, staffing companies, references, former employers, educational institutions, other employees, claims handlers, and internet service providers. We do not collect all categories of Personal Information from each source.
Purposes for Collection
We currently collect and have collected the above categories of Personal Information for all purposes of providing employment, including to:
- Process payroll;
- Request you complete applications and forms associated with your employment or prospective employment;
- Consider you for potential employment;
- Perform a background check;
- Verify your ability to work in this country;
- Identify you as a veteran;
- Authentication and security services;
- Perform diversity and inclusion initiatives, including data analysis, development and deployment;
- Request you acknowledge your agreement to certain company policies;
- Administer and maintain benefits, including group health insurance;
- Administer and maintain your retirement account;
- Contact individuals for emergency purposes;
- Track time and attendance at work;
- Manage workers’ compensation claims;
- Manage your job-related performance;
- Arrange business travel;
- Investigate and handle disciplinary actions or termination;
- Establish training and/or development requirements;
- Detect fraud or other types of wrongdoing;
- Grant and monitor your access to secure company facilities;
- Engage in corporate transactions requiring review of employee records and information, such as for evaluating potential mergers and acquisitions;
- Review web traffic and events, monitor for virus attacks and web content, and determine bandwidth consumption;
- Maintain commercial insurance policies and coverages, including for workers’ compensation and other liability insurance;
- Prevent the spread of COVID-19;
- Perform call monitoring and surveillance (e.g., CCTV);
- Comply with federal and state law;
- Enforce our legal rights; and
- Engage in other legitimate business purposes reasonably required for our day-to-day operations such as accounting, financial reporting and business planning.
We also use your Personal Information for the purposes described in our Associate Handbook and Acceptable Use Policy.
3. Disclosure of Personal Information
|Categories of Personal Information||Categories of Recipients|
|Personal identifiers (name; alias; postal address; Internet Protocol address; email address; Social Security number; driver’s license number; passport number; device identifier; cookies, beacons, pixel tags, mobile ad identifiers, or other similar technology; customer number, unique pseudonym, or user alias; telephone numbers, or other forms of persistent or probabilistic identifiers that can be used to identify a particular employee or device; signature; physical characteristics or description; bank account number; corporate credit card number; account log-in, financial account, or credit card number for corporate account in combination with any required security or access code, password, or credentials allowing access to an account; other financial information regarding stock purchases, 401(k) elections, and similar benefits; geolocation; internet or other electronic network activity information; biometric information, including imagery of face and voice recordings; other similar identifiers)||Human resource information systems; operating systems and platforms; customer relationship management systems; background check service providers; government entities; applicant and recruiter software; payroll providers; expense management service providers; enterprise travel providers; data analytics providers; company bankers; authentication and single sign-on providers; security providers; mobile device management providers; lawyers; benefits providers|
|Medical and insurance information (medical information; insurance policy number or subscriber identification number; any unique identifier used by health insurer to identify employee)||Benefits providers; company insurers|
|Education, employment history, and related information||Applicant and recruiter software; background check service providers; benefits providers|
|Characteristics of protected classifications under California or federal law (race, sex/gender; sexual orientation, gender identity/expression; age; national or ethnic origin; disability; citizenship status; marital status; medical condition; military or veteran status; request for family care leave; request for leave for an employee’s own serious health condition; and request for pregnancy disability leave)||Applicant and recruiter software; human resource information systems; benefits providers; company insurers; background check service providers|
We disclosed Personal Information for all of the business or commercial purposes identified in the above “Purposes for Collection” section.
4. Retention of Personal Information
We retain your Personal Information for as long as necessary to fulfill the purposes for which we collect it, such as to provide you with services you have requested, and for the purpose of satisfying any legal, accounting, contractual, or reporting requirements that apply to us. Please contact us as described in the “How to Contact Us” section below for more information on our employee data retention schedule.
5. Your Rights
If you are a California employee, you have the following rights with respect to your Personal Information:
- The right to know what Personal Information we have collected about you, including the categories of Personal Information, the categories of sources from which we collected Personal Information, the business or commercial purpose for collecting, selling, or sharing Personal Information (if applicable), the categories of third parties to whom we disclose Personal Information (if applicable), and the specific pieces of Personal Information we collected about you;
- The right to delete Personal Information that we collected from you, subject to certain exceptions;
- The right to correct inaccurate Personal Information that we maintain about you;
- If we sell or share Personal Information, the right to opt-out of the sale or sharing;
- If we use or disclose sensitive Personal Information for purposes other than those allowed by the CCPA and its regulations, the right to limit our use or disclosure; and
- The right not to receive discriminatory treatment by us for the exercise of privacy rights conferred by the CCPA.
6. How to Submit a Request to Know, Delete, and/or Correct
You may submit a request to know, delete, and/or correct by emailing us at firstname.lastname@example.org, by contacting your People Resources Business Partner, or by calling us toll free at 1-888-994-1389.
If you are submitting a request on behalf of a California employee, please submit the request through one of the designated methods discussed above. After submitting the request, we will require additional information to verify your authority to act on behalf of the California employee.
In addition to the CCPA rights discussed above, California law provides current and former employees with the right to request certain information relating to their employment, such as the right to access their personnel file and payroll records. Because these requests are governed by laws that contain different requirements than the CCPA, we handle such requests separately from CCPA requests. If you would like to make such a request, please contact your People Resources Business Partner.
If you would like to update your personal information, such as to notify us of a change of name or address, or if you have questions about your employment, please contact your People Resources Business Partner, refer to existing documentation on the corporate wiki page, and/or initiate the process to change personal information directly within Workday.
7. Our Process for Verifying a Request to Know, Delete, and/or Correct
We will comply with your request upon verification of your identity and, to the extent applicable, the identity of the California employee on whose behalf you are making such request.
We will verify your identity either to a “reasonable degree of certainty” or a “reasonably high degree of certainty” depending on the sensitivity of the Personal Information and the risk of harm to you by unauthorized disclosure, deletion, or correction as applicable.
For requests to access categories of Personal Information and for requests to delete or correct Personal Information that is not sensitive and does not pose a risk of harm by unauthorized deletion or correction, we will verify your identity to a “reasonable degree of certainty” by verifying at least two data points that you previously provided to us and which we have determined to be reliable for the purpose of verifying identities.
For requests to access specific pieces of Personal Information or for requests to delete or correct Personal Information that is sensitive and poses a risk of harm by unauthorized deletion or correction, we will verify your identity to a “reasonably high degree of certainty” by verifying at least three pieces of Personal Information previously provided to us and which we have determined to be reliable for the purpose of verifying identities. In addition, we may request that you submit a signed declaration under penalty of perjury stating that you are the individual whose Personal Information is being requested.
8. Other Relevant Policies, Including Monitoring
When we hire you, we provide you with other policies and procedures that govern your use of our offices, networks, computers, and other devices. We have the right to monitor your use of our offices and electronic resources in accordance with those policies and procedures.
For more information, please read our Associate Handbook and Acceptable Use Policy. You can find copies of these procedures on our internal wiki/intranet site or by contacting your People Resources Business Partner.
10. How to Contact Us
To contact us for questions or concerns about our privacy policies or practices, current employees may contact their People Resources Business Partner. Job applicants may contact email@example.com.