1) Personal Data Collected
From Lathem Customers and Customer Employees:
We may collect, process and/or store your Personal Data from a number of sources, primarily to provide products and services under our contracts with our Customers and to improve those products and services.
In particular, Lathem has collected the following categories of Personal Data from individuals within the last twelve (12) months:
|A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, or other similar identifiers.
|B. Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e))
|A name, address, telephone number, bank account number, credit card number, debit card number, or any other financial information. Some personal information included in this category may overlap with other categories.
|C. Protected classification characteristics under California or federal law
|Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information).
|D. Commercial information
|Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.
|E. Biometric information
|Biological characteristics, used to extract a template or other identifier or identifying information, such as, fingerprints, faceprints, and voiceprints, iris or retina scans.
|F. Internet or other similar network activity
|Browsing history, search history, information on an individual’s interaction with a website, application, or advertisement.
|G. Geolocation data
|Physical location or movements.
|H. Sensory data
|Audio, electronic, visual, thermal, olfactory, or similar information.
|I. Professional or employment-related information
|Current or past job history or performance evaluations.
|J. Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99))
|Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records.
|K. Inferences drawn from other personal information
|Profile reflecting a person’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.
Personal Data does not include:
- Publicly available information from government records.
- Deidentified or aggregated individual information.
- Information excluded from the California Consumer Privacy Act (CCPA) scope, like:
- health or medical information covered by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the California Confidentiality of Medical Information Act (CMIA) or clinical trial data;
- personal information covered by certain sector-specific privacy laws, including the Fair Credit Reporting Act (FRCA), the Gramm-Leach-Bliley Act (GLBA) or California Financial Information Privacy Act (FIPA), and the Driver’s Privacy Protection Act of 1994.
Disclosures of Personal Data for a Business Purpose
In the preceding twelve (12) months, Lathem has not disclosed Personal Data for a business purpose.
We also may obtain Personal Data by recording how you use our products, for example through error reports or other usage data. When you visit a Site, certain Personal Data you may choose to share such as user name, email address, and phone number may be collected by recording how you interact with that Site via cookies or web beacons (see the “Information Collected via Cookies” and “Managing Cookies” sections below for further details)..
Lathem, in delivering its workforce management products and services, also processes data supplied by its Customers about their employees in order to provide Customers with the full benefit of those products and services (see Section 2 below for further details). Such data, like name, employee number, and time and attendance and schedule information, are collected under instructions set forth in the contract between Lathem and its Customers. For Customers who use Lathem terminals with a biometric finger or face scanning device for employee timekeeping, please see Section 10 (Biometric Data Privacy) of this Policy.
From Visitors to our Websites
Non-identifiable Information: When you utilize a Site, we may receive certain personally non-identifiable information about your use of the Site, such as zip code, age, gender, preferences, interests and favorites. We may store such information ourselves or it may be included in databases owned and maintained by us, our subcontractors, agents or our business partners. We may use such information and pool it with other information to track, for instance, the total number of visitors to a Site and the domain names of our visitors' Internet service providers.
Information Collected via Cookies and Similar Technologies: Like most websites, we also collect and/or log specific Site visitor information, which may include both non-identifiable information and Personal Data, including what kind of browser visitors are on, what operating system they are using, their IP address, cookie information, time stamp and clickstream information. This data is collected through the use of log files, "cookies," "web beacon" or other similar technologies. "Cookies" are small files of data that may be sent to your web browser and stored on your computer. With "web beacons," when a visitor accesses certain pages on a Site, an anonymous notice of that visit is generated which may be processed by us. Web beacons work in conjunction with cookies to let us know what portions of our Sites are of interest to you and to help us provide you with tailored information from our Sites. We may collect and store this information and combine it with other Personal Data you have provided.
We also use first-party and third-party cookies in online advertising efforts. When you visit a Site, third parties may set cookies on your computer and use those cookies to collect information about you, including about your computer and how you use the Site. These parties use such information to personalize and deliver targeted advertising to you on non-Lathem websites. For additional information about online behavioral advertising, visit the websites of the Network Advertising Initiative and the Digital Advertising Alliance.
Managing Cookies and Similar Technologies: Most web browsers can be configured not to accept cookies, notify you if a cookie is sent to you, or otherwise manage cookies, web beacons and similar technologies. If you turn off cookies, web beacons and similar technologies will still detect anonymous visits, but the notices they generate cannot be associated with other anonymous information or personally-identifiable information and are disregarded. Similarly, if you would like to prevent third parties from setting and accessing cookies and similar technologies on your computer for advertising and other purposes, you can configure your browser to manage or block cookies and those technologies.
Research: In an ongoing effort to better understand and serve all users of Lathem services, we may conduct research on user demographics and interests based on the Personal Data and other information provided to us. This research may be compiled and analyzed on an aggregate basis, and we may share this aggregated data with our affiliates, agents and business partners. This aggregate information does not identify you personally.
Do Not Track: Like many websites, our Sites do not currently respond to "do not track" browser headers. Cookie preferences, including the ability to opt-out of first and third-party cookies, may be set and managed using our cookie consent manager tool. Additionally, you can take steps to limit tracking by erasing cookies and similar technologies from your computer's hard drive and by setting your browser to block all cookies or similar technologies or warn you before they are stored.
2) How Lathem Uses Personal Data
If you visit our Sites: We may use your Personal Data in the manner described in Section 1 above. You can use many features of our Sites without providing any Personal Data, however, you may not be able to use certain services.
If you provide Personal Data to us directly in another manner: We may use your Personal Data in connection with the reason for which it was provided, such as to deliver the product or service you requested, answer the question you posed, or diagnose a technical support issue. We also may use it to send you product or service notices that may be of importance to you, prevent, detect or investigate illegal or fraudulent activity, or use it as otherwise disclosed to you when you provide the information. We may use Personal Data information to contact you in the future to tell you about services we believe will be of interest to you. In those cases, your unique Personal Data (email address, name, physical address, telephone number) is not transferred to the third party. Lathem may share data with trusted partners to help us perform statistical analysis, send you email or postal mail, provide customer support, or arrange for deliveries. When we contact you in these ways, we will do so based on your prior consent to receive such communications, or upon our “legitimate interest” to communicate with you, for instance if we have information to share based upon your prior relationship with Lathem. In every case, we offer you the opportunity to "opt-out" from receiving further such communications.
If you are an employee of a Lathem Customer: When Lathem receives Customer employee data in accordance with a Customer's instructions set forth in our Customer contract, we only use that employee data to provide products and services consistent with those Customer instructions. The collection, retention and destruction of all Customer employee data is, at all times, controlled by the Customer (as the employer), and any questions or requests with regard to a Customer employee’s Personal Data should be directed to that employer. For employees of Customers who use Lathem terminals with a biometric finger or face scanning device for employee timekeeping, please see Section 10 (Biometric Data Privacy) of this Policy.
3) Our Disclosure of Your Personal Data
Lathem does not sell or rent your Personal Data to third parties for promotional purposes.
Lathem will not use, share or distribute your Personal Data except as follows: i) as necessary to maintain the security of our products, ii) as required by applicable law, iii) for Customer employees, as described in a contract between Lathem and our Customer, iv) or as otherwise set forth in the subsequent paragraphs of this Section directly below.
Business Transfers: As we develop our business, we might sell or buy businesses or assets. In the event of a sale, merger, reorganization, dissolution or similar event relating to all or a portion of our business, assets or a Site, Personal Data may be part of the transferred assets.
Service providers, subcontractors, agents: We sometimes hire other companies to perform certain business-related functions. Examples include hosting and/or maintaining databases, mailing information on our behalf and processing payments. When we employ another party to perform a service or function, we may need to provide them with access to certain Personal Data. In that event, we only provide them with the information that they need to perform their specific service or function. Lathem is accountable for any Personal Data that it receives from you and subsequently transfers to these third parties, in accordance with applicable privacy law. We remain responsible if a third-party that we engage to process Personal Data on our behalf does so in a manner inconsistent with applicable law, unless we can prove that we are not responsible for the activities or circumstances giving rise to the claim.
Partners and related third parties: We may share information with third party partners who resell our products and services and/or provide value added services. We may offer with third parties (solely or jointly) webinars, white papers, or other services related to our offerings or services. We may share your contact information and your expressed interest in these offerings or services with third parties, if you have provided prior consent to this use of your data, or if we believe we have a legitimate interest in doing so, based on our prior business relationship with you.
Legal Requirements: We also may disclose your Personal Data if required to do so by law or in the good faith belief that such action is necessary to (i) comply with a legal obligation, (ii) protect and defend our rights or property, (iii) act in urgent circumstances to protect the personal safety of users of a Site or the public, or (iv) protect against legal liability.
Finger or face Scan Data: For employees of Customers who use Lathem terminals with a biometric finger or face scanning device for employee timekeeping, please see Section 10 (Biometric Data Privacy) of this Policy.
4) Access and Control of Personal Data
Visitors to Our Sites: You can use many Lathem Site features without providing any Personal Data, but you may not be able to use certain services. (You can learn how cookies and similar technologies collect data on our Sites in Section 1 above.) You can always choose whether you wish to receive promotional email, SMS messages, telephone calls and postal mail from Lathem. When you otherwise contact Lathem directly, you can control what Personal Data you provide to Lathem.
Employees of Lathem Customers: Employees of Lathem' Customers should contact the appropriate person within their employer's organization to understand, access, change and/or control what employee information is provided by the employer to Lathem so that Lathem may deliver its products and services to the employer under their contract. For employees of Customers who use Lathem terminals with a biometric finger or face scanning device for employee timekeeping, please see Section 10 (Biometric Data Privacy) of this Policy.
We do not knowingly collect Personal Data from children under the age of 13. If you are under thirteen, please do not submit any Personal Data to Lathem. If you have reason to believe that a child under the age of 13 has provided Personal Data to Lathem, please contact us, and we will endeavor to delete that information from our databases.
7) Links to Other Websites
Our Sites may frame or contain references or links to other websites not owned, operated or controlled by Lathem, and their privacy policies may differ from ours (the "External Sites"). Lathem is not responsible for the privacy policies and procedures of External Sites and the privacy policies and procedures we describe here do not apply to External Sites. We recommend that you read and understand the privacy policies of External Sites.
We utilize commercially reasonable physical, technical, and administrative controls and procedures to safeguard the Personal Data provided to Lathem and protect it from loss, misuse, and unauthorized access, disclosure, alteration, or destruction. When Personal Data (such as a credit card number) is transmitted to other websites, it is protected through the use of encryption, such as the Transport Layer Security (TLS) protocol. However, no Internet or e-mail transmission is ever fully secure or error free. In particular, e-mail sent to or from Lathem may not be secure. Therefore, you should therefore take special care in deciding what information you send to us via e-mail. Please keep this in mind when disclosing any Personal Data to us or our service providers electronically. Users of our Sites and online services are responsible for maintaining the security of their passwords, username or ID or other form of authentication needed to access to secure areas or services. We may suspend your access to a Site or one of our services, without notice and pending our investigation, if a security breach is suspected. For employees of Customers who use Lathem terminals with a biometric finger or face scanning device for employee timekeeping, please see Section 10 (Biometric Data Privacy) of this Policy.
9) Retention of information
We will retain your Personal Data for as long as any web registration or subscription our Customer has with us remains active, as needed to provide you (or your employer, as applicable) services or information requested, or for the period needed as described in this Policy or advised to you at the time of collection.
10) Biometric Data Privacy
Lathem does not collect or control Customer employee data. For Customers who use Lathem terminals with a biometric finger or face scanning device, the collection of Customer employee finger or face scan data is undertaken and controlled by the Customer. This data is used by the Customer for employee verification in connection with its employee timekeeping purposes. Such data consists solely of templates created from mathematical algorithms, not finger or faceprints. These templates can not be used to recreate finger or faceprints.
Lathem does not perform or control the collection of such data. Rather, Lathem Customers collect such employee data through its use of the finger or face scanning devices and related software, and either store the data at the Customer controlled site or on secure space (in accordance with applicable law) made available by Lathem in a cloud environment for that purpose.
Customer employee finger or face scan data, or templates as described above, may be among the Customer employee data collected or stored by Lathem Customers. Lathem has put reasonable measures in place to minimize its access to Customer employee finger or face scan data from its Customers. On the rare occasions when Lathem accesses Customer employee finger or face scan data (e.g. for technical support), it is done by cloning customer data online pursuant to a Customer’s instruction. This process is subject to strict handling procedures, and Lathem permanently destroys such online cloned data promptly after the specific purpose for accessing the data has been satisfied. Customers are responsible for destroying Customer employee finger or face scan data that they collect, control, possess or store. Any questions with regard to Customer biometric finger or face scan employee data, including any applicable retention schedule or destruction process, should be directed to the appropriate employer. Active Customers (i.e., customers whose subscriptions have not been cancelled or terminated) control and dictate the process and timeline for destruction of timekeeping data stored in the cloud. When a Customer cancels its subscription to our web service, or the subscription is terminated due to a violation of our terms and conditions, Lathem will automatically delete all timekeeping data including any biometric templates, on the next scheduled renewal date, which varies from customer to customer, but in every case is less than one year.
If at any time after providing contact or other Personal Data to us your Personal Data changes, or if you change your mind about receiving information, (e.g., types of marketing materials, newsletters and the like) from us, or wish to change any other use of your Personal Data described above which we control, send us your request with your updated information and/or your new choices. Send your request to email@example.com or by postal mail sent to Privacy Officer, Lathem Time, 200 Galleria Parkway Ste. 330, Atlanta, GA 30339. We will respond to your request to access, change or delete your Personal Data within 45 days. Of course, we will retain and use your Personal Data to the extent necessary to comply with our legal obligations, resolve disputes, and enforce our agreements. For more specific information on your rights, please see the subsequent paragraphs of this Section directly below.
Access to Specific Information for California Consumers
You have the right to request that Lathem disclose certain information to you about our collection and use of your Personal Data over the past 12 months. Once we receive and confirm your verifiable individual request (see Exercising Access and Deletion Rights in this Section directly below), we will disclose to you:
- The categories of Personal Data we collected about you.
- The categories of sources for the Personal Data we collected about you.
- Our business or commercial purpose for collecting that Personal Data.
- The categories of third parties with whom we share that Personal Data.
- The specific pieces of Personal Data that we collected about you.
Deletion Request Rights for California Consumers
You have the right to request that Lathem delete any of your Personal Data that we collected from you and retained, subject to certain exceptions. Once we receive and confirm your verifiable request (see Exercising Access and Deletion Rights), we will delete (and direct our service providers to delete) your Personal Data from our records, unless an exception applies.
- We may deny your deletion request if retaining the information is necessary for us or our service provider(s) to:
- Complete the transaction for which we collected the Personal Data, or as instructed by the Customer (your employer).
- Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.
- Debug products to identify and repair errors that impair existing intended functionality.
- Exercise free speech, ensure the right of another individual to exercise their free speech rights, or exercise another right provided for by law.
- Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 et. seq.).
- Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information’s deletion may likely render impossible or seriously impair the research’s achievement, if you previously provided informed consent.
- Enable solely internal uses that are reasonably aligned with individuals’ expectations based on your relationship with us.
- Comply with a legal obligation.
- Make other internal and lawful uses of that information that are compatible with the context in which you provided it.
Exercising Access and Deletion Rights for California Consumers
To exercise the access and deletion rights described above, please submit a verifiable individual request to us by either:
- Emailing us at firstname.lastname@example.org
- Call us at 1-800-224-1875
Only you, or a person registered with the California Secretary of State that you authorize to act on your behalf, may make a verifiable individual request related to your Personal Data.
You may only make a verifiable individual request for access twice within a 12-month period. The verifiable individual request must:
- Provide sufficient information that allows us to reasonably verify you are the person about whom we collected Personal Data or an authorized representative.
- Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.
We cannot respond to your request or provide you with Personal Data if we cannot verify your identity or authority to make the request and confirm the Personal Data relates to you.
Making a verifiable individual request does not require you to create an account with us. [However, we do consider requests made through your password protected account sufficiently verified when the request relates to Personal Data associated with that specific account.]
We will only use Personal Data provided in a verifiable individual request to verify the requestor’s identity or authority to make the request.
Response Timing and Format for California Consumers
We endeavor to respond to a verifiable individual request within forty-five (45) days of its receipt. If we require more time (up to 90 days), we will inform you of the reason and extension period in writing.
If you have an account with us, we will deliver our written response to that account. If you do not have an account with us, we will deliver our written response by mail or electronically, at your option.
Any disclosures we provide will only cover the 12-month period preceding the verifiable individual request’s receipt. The response we provide will also explain the reasons we cannot comply with a request, if applicable. Lathem may only consent to data portability with the consent of its Customer (the employer). Therefore, please contact your employer for any data portability requests, and Lathem will proceed accordingly with authorization from the employer.
We do not charge a fee to process or respond to your verifiable individual request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.
Non-Discrimination for California Consumers
We will not discriminate against you for exercising any of your CCPA rights. Unless permitted by the CCPA, we will not:
- Deny you services or information to which you are otherwise entitled.
- Provide you a different level of services or information.
We do not offer financial incentives relating to the use of your Personal Data.
12) Contacting Us With Questions
210 The Bluffs, Suite 107
Austell, Georgia 30168
Rev Date: 14 November 2019