CALIFORNIA EMPLOYEE PRIVACY POLICY (“CCPA”)

This California Employee Privacy Policy describes how US Alliance Group, Inc. and its subsidiaries, affiliates, and related entities (collectively, the “Company,” “USAG,” “we,” or “us”) collect and process personal information about our employees who reside in California (“Company Worker” or “USAG Worker”). The California Consumer Privacy Act (“CCPA”) requires us to provide our California employees with a privacy policy that contains a comprehensive description of our online and offline practices regarding our collection, use, sale sharing, and retention of their personal information, along with a description of the rights they have regarding their personal information. This Employee Privacy Policy provides the information the CCPA requires, together with other useful information regarding our
collection and use of personal information. Any terms defined in the CCPA have the same meaning when used in this policy.

This Employee Privacy Policy applies to our current and former employees who are California residents when the CCPA covers our collection and use of your personal information in the employment context.

Personal Information Collected

“Personal Information” as defined under the California Consumer Privacy Act (“CCPA”). We collect and use information that identifies, relates to, describes, references, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular employee or household (“personal information”). Personal information may include:

  • Identifiers, such as a real name, alias, postal address, unique personal identifier, online identifier, IP address, email address, account name, Social Security number, driver’s license number, passport number, or other similar identifiers;
  • Characteristics of protected classifications under California or federal law;
  • Commercial information, including records of personal property, products or services purchased, obtained or considered, or other purchasing or consuming histories or tendencies;
  • Biometric information;
  • Internet or other electronic network activity information, including, but not limited to: browsing history, search history, and information regarding a consumer’s interaction with a website, application, or advertisement;
  • Geolocation data;
  • Audio, electronic, visual, thermal, olfactory, or similar information;
  • Professional or employment-related information;
  • Education information, defined as information that is not publicly available or personally identifiable, as defined in the Family Educational Rights and Privacy Act (20 U.S.C. §1232g, 34 C.F.R. Part 99);
  • Inferences drawn from any of the information identified in this subdivision to create a profile about a consumer reflecting the consumer’s preferences, characteristics, psychological trends, preferences, predispositions, behaviour, attitudes, intelligence, abilities, and aptitudes.

Personal information does not include:

  • Publicly available information, including from government records, through widely distributed media, or that the employee made publicly available without restricting it to a specific audience.
  • Lawfully obtained, truthful information that is a matter of public concern.
  • Deidentified or aggregated employee information.
  • Information excluded from the CCPA’s scope, like:
    • health or medical information covered by the Health Insurance Portability and Accountability Act (“HIPAA”) and the California Confidentiality of Medical Information Act (“CMIA”), clinical trial data, or other qualifying research data; or
    • personal information covered by certain sector-specific privacy laws, including the Fair Credit Reporting Act (“FCRA”), the Gramm-Leach-Bliley Act (“GLBA”), California Financial Information Privacy Act (“FIPA”), and the Driver’s Privacy Protection Act


Sensitive Personal Information (“SPI”) Categories Chart

Sensitive personal information is a subtype of personal information consisting of the specific information categories listed in the chart below. Importantly, the CCPA only treats this information as sensitive personal information when we collect or use it to infer characteristics about an employee. Sensitive personal information we may have collected includes:

  • Government identifiers, such as your Social Security number (SSN), driver’s license, state identification card, or passport number.
  • Complete account access credentials, such as usernames, account logins, account numbers, or card numbers combined with required access/security code or password.
  • Precise geolocation, such as physical access to a Company office location, the location of a delivery, sales, or other employee in the field, or GPS data from the Company’s mobile phone, device, or vehicle used by an employee that can provide its location in a geographic area, with an approximate radius of 1,850 feet.
  • Racial or ethnic origin.
  • Citizenship or immigration status
  • Religious or philosophical beliefs.
  • Union membership.
  • Mail, email, or text messages not directed to the Company.
  • Genetic data.
  • Neural Data, such as information generated by measuring a consumer’s central or peripheral nervous system’s activity that is not inferred from nonneural information (effective January 1, 2025).
  • Unique identifying biometric information.
  • Health information, including job restrictions and workplace illness and injury information.
  • Sex life or sexual orientation information.


How We Use Personal Information

USAG may utilize the Personal Information of a USAG Worker in compliance with local laws and where there is a legitimate purpose for doing so. In order to comply with the terms of any employment agreement between the Company and the USAG Worker, the Company may utilize the USAG Worker’s Personal Information for the following purposes:

  • payroll, compensation and benefits administration;
  • employee performance management and discipline;
  • USAG Worker identification;
  • business travel and employee relocation administration;
  • employee appraisal, training, and development;
  • reimbursement of USAG Worker expenses;
  • USAG facility, security and health, and safety management;
  • providing Human Resources-related statistics and analytics; and
  • staff recruitment.

In order to promote safety and security, to comply with legal obligations, and to protect the Company’s data and property, the Company may utilize USAG Worker’s Personal Information for the following purposes:

  • for compliance with legal and regulatory purposes;
  • for risk management;
  • communication with USAG Workers;
  • internal audits and investigations;
  • internal technical and operational support;
  • business development and growth opportunities; or
  • marketing new USAG services or products.

Finally, USAG may utilize USAG Worker’s Personal Information to ensure compliance with applicable legal and regulatory requirements.

Additional Categories or Other Purposes

We will not collect additional categories of personal information or use the personal information we collected for materially different, unrelated, or incompatible purposes without providing you notice. If required by law, we will also seek your consent before using your personal information for a new or unrelated purpose.

USAG may be under an obligation to disclose Worker Personal Information to regulators, courts, the police or tax authorities, or in the course of litigation. It may not be possible to notify the Worker in advance about the details of such disclosures. In such cases, USAG will use all reasonable efforts to disclose the minimum Personal Information necessary to carry out its obligations.

Like many organizations, USAG may reorganize its business operations from time to time, whether by buying new businesses or by selling or merging existing businesses. This may require the Company to disclose USAG Workers’ Personal Information to prospective or actual purchasers of parts of our business or receive Personal Information from potential sellers. The Company’s practice is to seek appropriate confidentiality protection for USAG Workers’ Personal Information disclosed in these types of transactions.

We may collect, process, and disclose aggregated or deidentified information about our employees for any purpose, without restriction. When we collect, process, or disclose this aggregated or deidentified information, we will maintain and use it in deidentified form and will not attempt to reidentify the information, except to determine whether our deidentification processes satisfies any applicable legal requirements.

Disclosing, Selling, or Sharing Personal Information

Business Purpose Disclosures

We may disclose the personal information we collect, including sensitive personal information, to others for the business purposes described in this policy, such as to engage service providers to help us administer our human resources functions, payroll, benefits, or plans. For example, we may disclose information from the Company’s equipment or your use of our network, systems, or equipment to a service provider that provides us with data and cybersecurity services.

We only make these business purpose disclosures under written contracts that describe the purposes, require the recipient to keep the personal information confidential, and prohibit using the disclosed information for any purpose except performing the contract.

Selling or Sharing Personal Information

In the employment context, we do not sell your personal information to third parties and have not sold it in the past. We do not share your personal information with third parties for cross-context behavioral advertising purposes.

Security Measures

USAG is committed to taking appropriate technical, physical and organizational measures to protect Worker Personal Information against the following: unauthorized or accidental destruction; alteration or disclosure; accidental loss; unauthorized access; misuse; unlawful collection/use; and damage.

USAG strives to keep Worker Personal Information only as long as strictly necessary, as defined by local laws.

Right to Know and Data Portability

You have the right to request that we disclose certain information to you about our collection and use of your personal information (the “right to know”), including the specific pieces of personal information we have collected about you (a “data portability request”). Our response will cover the 12-month period preceding the request, although we will honor requests to cover a longer period that do not extend past January 1, 2022, unless doing so would be impossible or involves disproportionate effort. You may exercise your right to know twice in any 12-month period. Once we receive your request and confirm your identity, we will disclose to you:

  • The categories of:
    • personal information we collected about you; and
    • sources from which we collected your personal information.
  • The business or commercial purpose for collecting your personal information and, if applicable, selling or sharing your personal information.
  • If applicable, the categories of persons, including third parties, to whom we disclosed your personal information, including separate disclosures identifying the categories of your personal information that we:
    • disclosed for a business purpose to each category of persons; and
    • sold or shared to each category of third parties.
  • When your right to know submission includes a data portability request, a copy of your personal information subject to any permitted redactions.


Right to Delete and Right to Correct

You have the right to request that we delete any of your personal information that we collected from you and retained, subject to certain exceptions and limitations (the “right to delete”). Once we receive your request and confirm your identity, we will delete your personal information from our systems unless an exception allows us to retain it. We will also notify our service providers, contractors, and other recipients to take appropriate action.

You also have the right to request correction of personal information we maintain about you that you believe is inaccurate (the “right to correct”). We may require you to provide documentation, if needed, to confirm your identity and support your claim that the information is inaccurate. Unless an exception applies, we will correct personal information that our review determines is inaccurate and notify our service providers, contractors, and other recipients to take appropriate action.

Right to Limit Sensitive Personal Information Use and Disclosure to Permitted SPI Purposes

You have a right to limit our use or disclosure of your sensitive personal information to only the Permitted SPI Purposes if we use or disclose it for purposes other than the Permitted SPI Purposes.

How We Protect Your Personal Information

We use commercially reasonable administrative, physical, and technical measures designed to protect your personal information from accidental loss or destruction and from unauthorized access, use, alteration, and disclosure. However, no intranet, website, mobile application, system, electronic storage, or online service is completely secure, and we cannot guarantee the security of your personal information transmitted to, through, using, or in connection with these services. In particular, email, texts, and chats sent to or from these services may not be secure, and you should carefully decide what information you send to us through these communications channels. Any transmission of personal data is at your own risk. [We also limit access to personal information to those employees, agents, service providers, and contractors that have a legitimate business need for such access.

The safety and security of your information also depends on you. Where we have given you (or where you have chosen) a password for access to certain parts of our intranet, website, or any company systems, you are responsible for keeping this password confidential. We ask you not to share your password with anyone. We urge you to be careful about giving out information in any forum open to all employees or available to the general public, like message boards. The information you share in public areas of our intranet may be viewed by any employee.

Unfortunately, the transmission of information through the internet is not completely secure. Although we do our best to protect your personal information, we cannot guarantee the security of your personal information transmitted to our intranet, website, or other company systems. You are responsible for taking steps to protect your personal data against unauthorized use, disclosure, and access. Any transmission of personal information is at your own risk.

Privacy Policy Changes

We reserve the right to update this California Employee Privacy Policy at any time, as we continue to develop our compliance program in response to legal developments of the CCPA. If we make any material changes to this California Employee Privacy Policy, we will update the policy’s effective date and provide you with the updated policy.

Contact Information

If you have any questions or comments about this policy, the ways in which we collect and use your information described here, or your choices and rights regarding such use, or wish to exercise your rights under California law, please do not hesitate to contact us at hr@usaginc.com.

If you need to access this California Employee Privacy Policy in an alternative format due to having a disability, please contact hr@usag-inc.com.