Privacy Notice for California Employees and Applicants

HARIBO of America, Inc. (“HARIBO”, “we,” “us,” or “our”) provides this Privacy Notice for California Employees and Applicants (“CCPA Employee Privacy Notice”) to supplement the information contained in the HARIBO Privacy Policy. This CCPA Employee Privacy Notice applies solely to all HARIBO employees, job applicants, contractors, or similar individuals who reside in the State of California ("workforce members" or "you"). We adopt this CCPA Employee Privacy Notice to comply with the California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act of 2020 (“CCPA”). Any terms defined in the CCPA have the same meanings when used in this CCPA Employee Privacy Notice.

California Notice at Collection for Employees and Applicants

HARIBO of America, Inc. (“HARIBO”, “we,” “us,” or “our”) collects and uses Personal Information for human resources, employment, benefits administration, health and safety, and business-related purposes and to be in legal compliance. Below are the categories of Personal Information we collect and the purposes for which we intend to use this information.

We will not sell the Personal Information we collect. We also will not share it with third parties for cross-context behavioral advertising.

To view our full Privacy Policy visit https://www.haribo.com/en-us/privacy.


A. Identifiers.

Examples of Personal Information Collected:

Employees: Identifying information, such as your full name, gender, date of birth, and signature.

Applicants: Identifying information, such as your full name.

B. Demographic Data.

Examples of Personal Information Collected:

Employees: Demographic data, such as race, ethnic origin, marital status, disability, and veteran or military status.

Applicants: Providing demographic data is optional for applicants.

C. Contact Information.

Examples of Personal Information Collected:

Employees: Contact information, such as your home address, telephone numbers, email addresses, and emergency contact information.

Applicants: Contact information, such as your home address (optional), telephone numbers, and email addresses.

D. Dependents’ or Other Individuals’ Information.

Examples of Personal Information Collected:

Employees: Dependents’ or other individuals’ information, such as their full name, address, date of birth, and Social Security numbers (SSN).

Applicants: Dependents’ or other individuals’ information is not collected from applicants.

E. National Identifiers.

Examples of Personal Information Collected:

Employees: National identifiers, such as SSN, passport and visa information, and immigration status and documentation.

Applicants: National identifiers are not collected from applicants, except as required during the application process.

F. Educational and Professional Background.

Examples of Personal Information Collected:

Employees: Educational and professional background, such as your work history, academic and professional qualifications, educational records, references, and interview notes.

Applicants: Educational and professional background information is collected as provided in the applicant’s resume.

G. Employment Details.

Examples of Personal Information Collected:

Employees: Employment details, such as your job title, position, hire dates, compensation, performance and disciplinary records, and vacation and sick leave records.

Applicants: Employment information is collected as provided in the applicant’s resume.

H. Financial Information.

Examples of Personal Information Collected:

Employees: Financial information, such as banking details, tax information, payroll information, and withholdings.

Applicants: Financial information is not collected from applicants.

I. Health and Safety Information.

Examples of Personal Information Collected:

Employees: Health and safety information, such as health conditions (if relevant to your employment), job restrictions, workplace illness and injury information, and health insurance policy information.

Applicants: Health and safety information is not collected from applicants.

J. Geolocation Data.

Examples of Personal Information Collected:

Employees: Geolocation data, such as time and physical location related to use of an internet website, application, device, or physical access to a HARIBO office location.

Applicants: Geolocation data is collected as part of the application process.

K. Sensory Information.

Examples of Personal Information Collected:

Employees: Sensory or surveillance information, such as call monitoring and video surveillance.

Applicants: Video interviews are conducted with applicants, but video and audio are not recorded or collected from such video interviews. Information from video and audio surveillance is collected during onsite interviews.

L. Sensitive Personal Information.

Examples of Personal Information Collected:

Employees:

- Government identifiers (social security, driver's license, state identification card, or passport number).

- Complete account access credentials (usernames, account numbers, or card numbers combined with required access/security code or password).

- Precise geolocation.

- Racial or ethnic origin.

- Gender.

- Disability status.

- Military or veteran status.


Applicants (during application process):

- Government identifiers (social security, driver's license, state identification card, or passport number).

- Complete account access credentials (usernames, account numbers, or card numbers combined with required access/security code or password).

- Precise geolocation.

- (Optional) Racial or ethnic origin.

- Gender.

- (Optional) Disability status.

- (Optional) Military or veteran status.


Use of Personal Information

HARIBO collects Personal Information to use or disclose as appropriate to:

- Comply with all applicable laws and regulations.
- Recruit and evaluate job applicants and candidates for employment.
- Conduct pre-employment checks, which includes background checks and drug testing.
- Manage your employment relationship with us, including for:

o onboarding processes;
o timekeeping, payroll, and expense report administration;
o employee benefits administration;
o employee training and development requirements;
o the creation, maintenance, and security of your online employee accounts;
o reaching your emergency contacts when needed, such as when you are not reachable or are injured or ill;
o workers' compensation claims management;
o employee job performance, including goals and performance reviews, promotions, discipline, and termination; and
o other human resources purposes.

- Manage and monitor employee access to company facilities, equipment, and systems.
- Conduct internal audits and workplace investigations.
- Investigate and enforce compliance with and potential breaches of HARIBO policies and procedures.
- Engage in corporate transactions requiring review of employee records, such as for evaluating potential mergers and acquisitions of HARIBO.
- Maintain commercial insurance policies and coverages, including for workers' compensation and other liability insurance.
- Perform workforce analytics, data analytics, and benchmarking.
- Administer and maintain HARIBO’s operations, including for safety purposes.
- For client marketing purposes.
- Exercise or defend the legal rights of HARIBO and its employees, affiliates, customers, contractors, and agents.

HARIBO will not collect additional categories of Personal Information or use the Personal Information we collected for materially different, unrelated, or incompatible purposes without providing you notice.


Purposes for the Collection and Use of Sensitive Personal Information

We may use Sensitive Personal Information for purposes of performing services for our business, providing services as requested by you, and ensuring the security and integrity of our business, infrastructure, and the individuals we interact with. This includes, without limitation, establishing and maintaining your employment relationship with us, ensuring the diversity of our workforce, complying with legal obligations, managing payroll and corporate credit card use, administering and providing benefits, securing the access to, and use of, our facilities, equipment, systems, networks, applications, and infrastructure, receiving and processing your job application, evaluating your suitability for the position(s) you are applying for, conducting background checks, making you an offer (subject to our discretion), fulfilling administrative functions, complying with law, legal process, or requests from governmental or regulatory authorities, and exercising or defending legal claims.

Retention Period

We retain Personal Information including, without limitation, Sensitive Personal Information, for the following periods:

Employees: We retain employee Personal Information for 7 years following the date of the employee’s separation from HARIBO.

Applicants: We retain applicant Personal Information for 2 years following the date of the applicant’s application.


Privacy Notice for California Employees and Applicants

Information We Collect

HARIBO of America, Inc. (“HARIBO”, “we,” “us,” or “our”) collects and uses Personal Information for human resources, employment, benefits administration, health and safety, and business-related purposes and to be in legal compliance. Below are the categories of Personal Information we have collected from workforce members within the last twelve (12) months.

A. Identifiers.

Examples of Personal Information Collected:

Employees: Identifying information, such as your full name, gender, date of birth, and signature.

Applicants: Identifying information, such as your full name.

B. Demographic Data.

Examples of Personal Information Collected:

Employees: Demographic data, such as race, ethnic origin, marital status, disability, and veteran or military status.

Applicants: Providing demographic data is optional for applicants.

C. Contact Information.

Examples of Personal Information Collected:

Employees: Contact information, such as your home address, telephone numbers, email addresses, and emergency contact information.

Applicants: Contact information, such as your home address (optional), telephone numbers, and email addresses.

D. Dependents’ or Other Individuals’ Information.

Examples of Personal Information Collected:

Employees: Dependents’ or other individuals’ information, such as their full name, address, date of birth, and Social Security numbers (SSN).

Applicants: Dependents’ or other individuals’ information is not collected from applicants.

E. National Identifiers.

Examples of Personal Information Collected:

Employees: National identifiers, such as SSN, passport and visa information, and immigration status and documentation.

Applicants: National identifiers are not collected from applicants, except as required during the application process.

F. Educational and Professional Background.

Examples of Personal Information Collected:

Employees: Educational and professional background, such as your work history, academic and professional qualifications, educational records, references, and interview notes.

Applicants: Educational and professional background information is collected as provided in the applicant’s resume.

G. Employment Details.

Examples of Personal Information Collected:

Employees: Employment details, such as your job title, position, hire dates, compensation, performance and disciplinary records, and vacation and sick leave records.

Applicants: Employment information is collected as provided in the applicant’s resume.

H. Financial Information.

Examples of Personal Information Collected:

Employees: Financial information, such as banking details, tax information, payroll information, and withholdings.

Applicants: Financial information is not collected from applicants.

I. Health and Safety Information.

Examples of Personal Information Collected:

Employees: Health and safety information, such as health conditions (if relevant to your employment), job restrictions, workplace illness and injury information, and health insurance policy information.

Applicants: Health and safety information is not collected from applicants.

J. Geolocation Data.

Examples of Personal Information Collected:

Employees: Geolocation data, such as time and physical location related to use of an internet website, application, device, or physical access to a HARIBO office location.

Applicants: Geolocation data is collected as part of the application process.

K. Sensory Information.

Examples of Personal Information Collected:

Employees: Sensory or surveillance information, such as call monitoring and video surveillance.

Applicants: Video interviews are conducted with applicants, but video and audio are not recorded or collected from such video interviews. Information from video and audio surveillance is collected during onsite interviews.

L. Sensitive Personal Information.

Examples of Personal Information Collected:

Employees:

- Government identifiers (social security, driver's license, state identification card, or passport number).
- Complete account access credentials (usernames, account numbers, or card numbers combined with required access/security code or password).
- Precise geolocation.
- Racial or ethnic origin.
- Gender.
- Disability status.
- Military or veteran status.


Applicants (during application process):

Government identifiers (social security, driver's license, state identification card, or passport number).

- Complete account access credentials (usernames, account numbers, or card numbers combined with required access/security code or password).
- Precise geolocation.
- (Optional) Racial or ethnic origin.
- Gender.
- (Optional) Disability status.
- (Optional) Military or veteran status.

Personal Information does not include:

- Publicly available information from government records.
- De-identified or aggregated workforce member information.
- Information excluded from the CCPA's scope, like:

o Health or medical information covered by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the California Confidentiality of Medical Information Act (CMIA) or clinical trial data.
o Personal information covered by certain sector-specific privacy laws, including the Fair Credit Reporting Act (FRCA), the Gramm-Leach-Bliley Act (GLBA) or California Financial Information Privacy Act (FIPA), and the Driver's Privacy Protection Act of 1994.

HARIBO obtains the categories of Personal Information listed above from the following categories of sources:

- Directly from you. For example, from forms you complete.
- Indirectly from you. For example, from our service providers and observing your actions on our company information systems.


Use of Personal Information

HARIBO collects Personal Information to use or disclose as appropriate to:

- Comply with all applicable laws and regulations.
- Recruit and evaluate job applicants and candidates for employment.
- Conduct pre-employment checks, which includes background checks and drug testing.
- Manage your employment relationship with us, including for:

o onboarding processes;
o timekeeping, payroll, and expense report administration;
o employee benefits administration;
o employee training and development requirements;
o the creation, maintenance, and security of your online employee accounts;
o reaching your emergency contacts when needed, such as when you are not reachable or are injured or ill;
o workers' compensation claims management;
o employee job performance, including goals and performance reviews, promotions, discipline, and termination; and
o other human resources purposes.

- Manage and monitor employee access to company facilities, equipment, and systems.
- Conduct internal audits and workplace investigations.
- Investigate and enforce compliance with and potential breaches of HARIBO policies and procedures.
- Engage in corporate transactions requiring review of employee records, such as for evaluating potential mergers and acquisitions of HARIBO.
- Maintain commercial insurance policies and coverages, including for workers' compensation and other liability insurance.
- Perform workforce analytics, data analytics, and benchmarking.
- Administer and maintain HARIBO’s operations, including for safety purposes.
- For client marketing purposes.
- Exercise or defend the legal rights of HARIBO and its employees, affiliates, customers, contractors, and agents.

HARIBO will not collect additional categories of Personal Information or use the Personal Information we collected for materially different, unrelated, or incompatible purposes without providing you notice.


Purposes for the Collection and Use of Sensitive Personal Information

We may use Sensitive Personal Information for purposes of performing services for our business, providing services as requested by you, and ensuring the security and integrity of our business, infrastructure, and the individuals we interact with. This includes, without limitation, establishing and maintaining your employment relationship with us, ensuring the diversity of our workforce, complying with legal obligations, managing payroll and corporate credit card use, administering and providing benefits, securing the access to, and use of, our facilities, equipment, systems, networks, applications, and infrastructure, receiving and processing your job application, evaluating your suitability for the position(s) you are applying for, conducting background checks, making you an offer (subject to our discretion), fulfilling administrative functions, complying with law, legal process, or requests from governmental or regulatory authorities, and exercising or defending legal claims.


Retention Period

We retain Personal Information including, without limitation, Sensitive Personal Information, for the following periods:

Employees: We retain employee Personal Information for 7 years following the date of the employee’s separation from HARIBO.

Applicants: We retain applicant Personal Information for 2 years following the date of the applicant’s application.


Disclosing Personal Information

HARIBO may disclose your personal information to a third party for a business purpose. When we disclose personal information for a business purpose, we enter a contract that describes the purpose and requires the recipient to both keep that Personal Information confidential and not use it for any purpose except performing the contract.

We disclose your Personal Information to the following categories of third parties:

- HARIBO affiliates.
- Service providers (including, but not limited to, attorneys, accountants, IT service providers, payroll processors, background investigators and benefits providers).
- Government entities (for employment-related matters such as work authorizations, I-9 forms, payroll and tax withholding).

Disclosures of Personal Information for a Business Purpose

In the preceding twelve (12) months, HARIBO has disclosed the following categories of Personal Information for a business purpose:

Category A: Identifiers.
Category B: Demographic Data.
Category C: Contact Information.
Category D: Dependents’ or Other Individuals’ Information.
Category E: National Identifiers.
Category G: Employment Details.
Category H: Financial Information.
Category I: Health and Safety Information.
Category L: Sensitive Personal Information.

We disclose your personal information for a business purpose to the following categories of third parties:

- HARIBO affiliates.
- Service providers (including, but not limited to, attorneys, accountants, IT service providers, payroll processors, background investigators and benefits providers).
- Government entities (for employment-related matters such as work authorizations, I-9 forms, payroll and tax withholding).

Sales or Sharing of Personal Information

In the preceding twelve (12) months, HARIBO has not sold Personal Information nor has HARIBO shared Personal Information for cross-context behavioral advertising purposes.

Your Rights and Choices

The CCPA provides workforce members (California residents) with specific rights regarding their Personal Information. This section describes your CCPA rights and explains how to exercise those rights.

Access to Specific Information and Data Portability Rights

You have the right to request that HARIBO disclose certain information to you about our collection and use of your Personal Information over the past 12 months. Once we receive and confirm your verifiable request (see Exercising Access, Data Portability, Deletion and Correction), we will disclose to you:

- The categories of Personal Information we collected about you.
- The categories of sources for the Personal Information we collected about you.
- Our business or commercial purpose for collecting or selling that Personal Information.
- The categories of third parties with whom we share that Personal Information.
- The specific pieces of Personal Information we collected about you (also called a data portability request).
- If we disclosed your Personal Information for a business purpose, a separate list disclosing such disclosures for a business purpose, identifying the Personal Information categories that each category of recipient obtained.

Deletion Request Rights

You have the right to request that HARIBO delete any of your Personal Information that we collected from you and retained, subject to certain exceptions. Once we receive and confirm your verifiable request (see Exercising Access, Data Portability, Deletion and Correction), we will delete (and direct our service providers to delete) your Personal Information from our records, unless an exception applies.

We may deny your deletion request for the following reasons:

- That the Personal Information is needed for employment purposes, such as for payroll, government data reporting, and health care.
- Performing a contract between HARIBO and you (workforce member), such as to award stock options or pension benefits.
- Retaining Personal Information contained in security logs to satisfy compliance requirements and litigation demands.
- Complying with other laws applicable to our business, such as needing to retain certain employment records for the required data retention period.
- That deleting the information prevents us from exercising our legal rights, such as needing to retain the information to defend against possible legal claims.
- Any other permitted business justification for retaining the Personal Information exists.

Right to Correct

You have the right to request HARIBO to correct inaccurate Personal Information collected about you. HARIBO will make commercially reasonable efforts to correct any inaccurate Personal Information we hold about a workforce member within 45 days of receiving a verifiable request. If we require more time (up to 90 days), we will inform you of the reason and extension period in writing.

Right to Opt-Out of Personal Information Sales and Sharing

You have the right to direct us to not sell or share your Personal Information for cross-context behavioral advertising purposes at any time (the "right to opt-out"). Please note that we do not currently engage in sales or sharing of workforce member Personal Information triggering such opt-out requirements.

Right to Limit Disclosure or Use of Sensitive Personal Information

You have the right to limit the disclosure or use of your Sensitive Personal Information that has been collected or processed with the purpose of inferring characteristics about you. Please note that we do not currently collect or use Sensitive Personal Information to infer characteristics about workforce members triggering such limitation rights.

Exercising Access, Data Portability, Deletion and Correction Rights

To exercise the access, data portability, deletion and correction rights described above, please submit a verifiable request to us by either:

Calling us at 1-866-214-8160.
Emailing us at US-Compliance@Haribo.com.

Only you, or someone legally authorized to act on your behalf, may make a verifiable request related to your Personal Information. To designate an authorized agent, you must first verify your identity directly with us and provide written authorization to your agent to make requests on your behalf.

You may only make a verifiable request for access or data portability twice within a 12-month period. The verifiable request must:

- Provide sufficient information that allows us to reasonably verify you are the person about whom we collected Personal Information or an authorized representative, which may include:

- Your name, address, and any other information we may require verifying your identity.

- Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.

We cannot respond to your request or provide you with Personal Information if we cannot verify your identity or authority to make the request and confirm the Personal Information relates to you.

Response Timing and Format

We endeavor to respond to a verifiable request within forty-five (45) days of its receipt. If we require more time (up to 90 days), we will inform you of the reason and extension period in writing.

Any disclosures we provide will only cover the 12-month period preceding the verifiable request's receipt. The response we provide will also explain the reasons we cannot comply with a request, if applicable. For data portability requests, we will select a format to provide your Personal Information that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance, specifically .csv format.

We do not charge a fee to process or respond to your verifiable request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.

Non-Retaliation/Non-Discrimination

We will not retaliate or discriminate against you for exercising any of your CCPA rights.

Changes to Our CA Employee/Applicant Privacy Notice

HARIBO reserves the right to amend this CCPA Employee Privacy Notice at our discretion and at any time. When we make changes to this CCPA Employee Privacy Notice, we will post the updated notice on the HARIBO website, HARIBO applicant tracking system (SAP SuccessFactors), HARIBO social media, or other locations as deemed necessary in HARIBO’s discretion and update the notice's Last Updated Date.

Contact Information

If you have any questions or comments about this notice, the ways in which HARIBO collects and uses your Personal Information described in this CCPA Employee Privacy Notice and/or the HARIBO Privacy Policy, your choices and rights regarding such use, or wish to exercise your rights under California law, please do not hesitate to contact us at:

Phone: 1-866-214-8160.
Email: US-Compliance@Haribo.com.