CCPA Employee Notice

CALIFORNIA CONSUMER PRIVACY ACT EMPLOYEE NOTICE OF COLLECTION

Pursuant to the California Consumer Privacy Act (“CCPA”), US Alliance Group, Inc. (“USAG” or the“Company”) is required to inform California residents who are employees or applicants about the categories of Personal Information (“PI”) we collect or have collected in the past and the purposes for which we use this information. USAG is committed to protecting the privacy and security of PI of all individuals, including job applicants.

Collection and Use of Personal Information

The Company collects, uses, and discloses PI on USAG Workers for business purposes only and consistent with applicable laws. “Company Worker” means any potential, current, or former employee of the Company.

Personal Information

“Personal Information” as defined under the California Consumer Privacy Act (“CCPA”) may include but is not limited to the following Consumer information:

• Identifiers, such as a real name, alias, postal address, unique personal identifier, online identifier, IP address, email address, account name, Social Security number, driver’s license number, passport number, or other similar identifiers;

• Characteristics of protected classifications under California or federal law;

• Commercial information, including records of personal property, products or services purchased, obtained or considered, or other purchasing or consuming histories or tendencies;

• Biometric information;

• Internet or other electronic network activity information, including, but not limited to: browsing history, search history, and information regarding a consumer’s interaction with a website, application, or advertisement;

• Geolocation data;

• Audio, electronic, visual, thermal, olfactory, or similar information;

• Professional or employment-related information;

• Education information;

• Inferences drawn from any of the PI.

The CCPA excludes the following from the definition of PI:

1. Consumer information that is de-identified or in the aggregate consumer information. This

data cannot reasonably be linked to any person or household;

2. Information that is publicly available from federal, state, or local government records.

Purposes for Collection and Use

USAG may utilize the PI of a USAG Worker in compliance with local laws and where there is a legitimate purpose for doing so. In order to comply with the terms of any employment agreement between the Company and the USAG Worker, the Company may utilize the USAG Worker’s PI for the following purposes:

• payroll, compensation and benefits administration;

• employee performance management and discipline;

• USAG Worker identification;

• business travel and employee relocation administration;

• employee appraisal, training, and development;

• reimbursement of USAG Worker expenses;

• USAG facility, security and health, and safety management;

• providing Human Resources-related statistics and analytics; and

• staff recruitment

• procuring insurance.

In order to promote safety and security, to comply with legal obligations, and to protect the Company’s data and property, the Company may utilize USAG Worker’s PI for the following purposes:

• for compliance with legal and regulatory purposes;

• for risk management;

• communication with USAG Workers;

• internal audits and investigations;

• internal technical and operational support;

• business development and growth opportunities.

Personal Information Collected

The following information may be processed for USAG Workers, where legally permitted (“Worker PI”):

• full name

• home address

• work address

• personal phone number

• work phone number

• mobile phone number

• USAG identification number

• home email address

• work email address

• picture

• gender

• age and date of birth

• marital status

• race, ethnicity, nationality, and/or religion, only where required by law

• job application details, including previous work history and employer information and references details

• government issued identification numbers, where strictly necessary and permitted by law

• social security number, where strictly necessary and permitted by law

• tax identification number, where strictly necessary and permitted by law

• qualifications and certificates

• education and training history

• passport and visa details, where strictly necessary and permitted by law

• dependents, spouse, partner, and other family details, including mother’s maiden name, where strictly necessary and permitted by law

• next of kin and emergency contact details

• job title, job grade, role, employment status, job details, and description of the Worker’s role, and job history

• languages spoken

• terms of any employment arrangement, including contract and job status, such as full-time or part-time employment

• office location

• photograph and facial recognition

• driver’s license information, where necessary

• health and welfare insurance information

• disability access and special needs, where strictly necessary and permitted by law

• the USAG affiliate that employs the Worker, the business unit or division that the Worker is in, the Worker’s line management, the Worker’s start date, and hours of work

• performance history, including performance reviews

• pay and pay history, as well as bonus payments, equity awards, and other compensation history

• salary and wage expectation

• the end of the Worker’s employment, including end date and the reasons why the employment ended

• retirement information, including notice periods

• exit interview and comments

• survey responses

• travel requirements and preferences, including dietary restrictions

• relocation-related information pertaining to the USAG Worker and his/her family, including relocation dates, housing allowances, and relocation allowances

• birth certificates, where required by law

• bank account and other financial information

• CCTV images

• hobbies, interests, and other information the Worker volunteers in a resume or cover letter

• the details of the Worker’s employment agreement

• results of credit and/or criminal background checks, where permitted by law

• proof of eligibility to work, where permitted by law

• records of the Worker’s absences and reasons for the Worker’s absences, where permitted by law

• annual leaves

• occupational health-related information such as disabilities and accident reporting

• complaints that the Worker filed or were filed against the Worker, including complaints alleging bullying or harassment, as well as any information discovered during grievance investigation

• a Worker’s disciplinary history

• emails that the Worker sent or received to the extent permitted by law

• call history to the extent permitted by law

• emails and other documents that reference the Worker and/or opinions about the Worker’s performance and conduct to the extent permitted by law

• internet usage

• files stored on the Worker’s work device or personal devices the Worker uses for work

• biometric data where strictly necessary and permitted by law

• medical information

In the course of its relationship with Workers, USAG may collect information relating to Workers’ beneficiaries, emergency contacts and dependents, and other third parties related to Workers, such as job reference contacts. USAG may utilize or process additional PI for which it has a legitimate purpose and it will work diligently to provide notice of such use as soon as practicable when required by law.

In addition, USAG may receive information from third parties concerning Workers that it utilizes or stores. For example, USAG may receive personal data from a healthcare provider concerning a Worker requesting a leave of absence. USAG may also receive personal data as part of a reference check or background check. Similarly, USAG may receive personal data from a third party as part of legal verification for employment. If required by applicable law, when USAG receives PI from a third party, the Company will duly inform the USAG Worker about the categories of PI received and the purpose of such processing as required by law.

Legitimate Business Purposes for Monitoring

In order to protect the Company’s intellectual property and trade secrets, to comply with legal obligations, and to protect its electronic systems, the Company may monitor, where legally permitted, a Worker’s emails and computer usage, telephone communications or chat history, install data loss protection systems to prevent unauthorized transmission of proprietary data, and install security systems that allow the Company to monitor internet traffic in order to detect, for example, malware.

Disclosures to Third Parties and Transfers

USAG transfers Worker PI to third parties where required by law (e.g., to tax authorities), to protect its legal rights (e.g., to defend litigation, legal advice or audit requirements) or in an emergency (e.g., in a workplace accident where a Worker’s health or security is at risk).

USAG may also, from time to time, provide USAG Worker PI to select service providers around the world that have been engaged to provide HR-related services to or on behalf and under instructions of USAG (“Service Providers”). PI will not be provided to a Service Provider unless it undertakes to: implement and maintain appropriate security measures; comply with applicable local laws; only use PI where required and for the purposes for which PI was provided by USAG; and guarantee at least the same levels of protection for PI data as required by USAG.

In working with customers, USAG may also need to disclose PI where it is relevant to and necessary for the business engagement or provision of services to those customers.

USAG may disclose and transfer Worker PI to third parties and amongst its various affiliates, divisions, business units and subsidiaries where there is a business need to do so and for the purposes described above. When USAG transfers data amongst its various affiliates, divisions, business units and subsidiaries, it will do so in a manner consistent with this Notice, the CCPA, and applicable data protection laws.

USAG may be under an obligation to disclose Worker PI to regulators, courts, the police or tax authorities, or in the course of litigation. It may not be possible to notify the Worker in advance about the details of such disclosures. In such cases, USAG will use all reasonable efforts to disclose the minimum PI necessary to carry out its obligations.

Like many organizations, USAG may reorganize its business operations from time to time, whether by buying new businesses or by selling or merging existing businesses. This may require the Company to disclose USAG Workers’ PI to prospective or actual purchasers of parts of our business, or receive PI from potential sellers. The Company’s practice is to seek appropriate confidentiality protection for USAG Workers’ PI disclosed in these types of transactions.

In very limited circumstances where required by applicable law and in compliance with applicable law, it may be necessary for USAG to collect and subsequently use or disclose PI. USAG will utilize PI only where legally permitted and necessary. This may include situations where the Worker provides explicit consent, where USAG is legally required to utilize PI, or for other legitimate purposes that the laws may permit.

No Selling of PI

USAG does not share your information except to service our relationship with you. You do not need to “opt-out” or “opt-in” because we do not sell your information.

If you have any questions, you may contact USAG’s Human Resource Department at hr@usag-inc.com.

Correction of PI

If you’d like to correct information that you provided to us, please contact USAG’s Human Resource Department. Our representative will make the appropriate adjustments to our records. If you wish to correct PI provided to us by a third party the representative will provide you with the applicable third party’s contact information.

PI Retention and Request for Deletion

We will store your PI in accordance with applicable laws or regulatory requirements and retain data for as long as necessary to fulfill those purposes for which the personal data was collected, as documented in our corporate data retention schedule.

You may request the Company delete your PI that we have collected and retained. Once we receive and confirm the request, we will delete (and direct our service providers to delete) your PI from our records, unless an exception applies. Please be aware that certain legal and regulatory requirements require us to retain your PI for a specific period of time which may impact our ability to process your deletion request.

Request Your PI

You may request what information USAG has collected about you and its purpose. We will provide a response once we receive and confirm your request.

All requests must provide sufficient information to allow us to reasonably verify your identity. We require a signed authorization form providing specific PI that we should have on file for you. To verify your identity, we will compare the information provided to the information we have on file. Your name, address, and relationship with Company are mandatory data elements and will be used in combination with other information such as your employee number, date of birth, social security number and email address. Request forms by contacting USAG’s Human Resource Department at hr@usag-inc.com.

You may choose to authorize an agent to make a request on your behalf. In addition to submitting a request form, an agent must also supply one of the following documents:

• Court document showing authority to act on your behalf; or

• Copy of agreement/other document granting them authority to make requests on your behalf.

(Subject to additional verification by the Company)

Security Measures

USAG is committed to taking appropriate technical, physical and organizational measures to protect Worker PI against the following: unauthorized or accidental destruction; alteration or disclosure; accidental loss; unauthorized access; misuse; unlawful collection/use; and damage. USAG strives to keep Worker PI only as long as strictly necessary, as defined by local laws.

Non-Discrimination

The CCPA does not permit a business to discriminate against an employee because the employee exercised any of the rights set forth in the statute. USAG does not prohibit Workers from lodging a complaint with the relevant government agencies if a Worker has any concerns with the Company’s use of PI. USAG does recommend that Workers raise any such concerns first internally, so that any issue may be resolved in cases of mistakes.

Confidentiality Practices

USAG understands that certain PI may require special handling. This may be especially true in instances where an individual is, or has been, victim of domestic violence or abuse. This information may include the individual’s address, telephone number, name and place of employment, and other contact or location information.

If you are a victim of domestic violence or other abuse and would like Company to take steps to further safeguard your information from others or need to remove a previously submitted request, USAG’s Human Resource team is available to assist you.

Questions?

If you have questions about our privacy policies and procedures or rights you have concerning your PI, you may email us at hr@usag-inc.com.

Need advanced Industry Insights?

Subscribe to our mailing list and receive news and insights from US Alliance Group