This Personnel Privacy Policy (“Policy”) describes how Sunflower Labs Inc. and its affiliated entities (“Sunflower Labs”, “we”, “us” and “our”) collects, uses, and discloses information about our current and former directors, full-time and part-time employees, contractors, freelancers, consultants, interns, and other personnel (collectively, “Sunflower Labs Personnel”) and their beneficiaries and emergency contacts in the context of our working relationship with such individuals (“personal information”).
We may update this Policy at any time. We may also provide you additional privacy notices regarding our collection, use, or disclosure of information. Please read this Policy and any other privacy notices carefully.
This Policy does not form part of any employment contract or contract to provide services. In addition, if you provide services to Sunflower Labs through or in connection with another organization, we are not responsible for that organization’s privacy practices. This Policy does not apply to our handling of data gathered about you in your role as a user of our services (e.g., when you visit our website or if you have a customer account with us). If you interact with us as in that role, the Sunflower Labs Privacy Policy associated with the relevant service applies.
This Policy will be posted our website (https://sunflower-labs.com/personnel-privacy) and will be provided to new Sunflower Labs Personnel as part of their onboarding process.
Personal Information We Process
We may collect personal information either from you or from other sources, where applicable, such as our affiliates and vendors, an employment agency or consultancy, recruitment or professional networking websites or companies, background check providers, or your professional references. The type of information we have or will have about you depends on your role with us. We may collect all or some of the following information:
Identifiers such as first and last name, postal address, telephone number, email address (and such information about your emergency contacts), and identifiers related to your citizenship documents, such as social security number, national ID card, passport, and copies of work permits and birth certificates.
Professional or employment-related information, including:
Work history information such as job titles, work history, work dates, and work locations; employment, service or engagement agreements; appraisal and performance information; information about skills, qualifications, and experience; absence and leave records; professional memberships; disciplinary and grievance information; and termination information.
Financial information such as salary, payroll, pension, or retirement contribution information; bank account; and tax information.
Recruitment, employment, or engagement information such as application forms and information included in a resume, cover letter, or otherwise provided through any application or engagement process; and copies of identification documents, such as driver’s licenses, passports, and visas; and background screening results and references.
Business travel and expense information such as travel itinerary information, corporate expenses, and Sunflower Labs credit card usage.
Education information such as institutions attended, degrees, certifications, training courses, certifications, publications, and transcript information.
Internet, electronic network, and device activity and device information and related identifiers such as information about your use of our network, information, and communication systems, including IP address; user IDs; device IDs, type, and attributes; cookies and similar identifiers; web logs, metadata, and audit trails of system access; and information about how you interact with our systems in your capacity as Sunflower Labs Personnel.
Geolocation information such as general geolocation information.
Audio or visual information such as photographs for our website, and related uses; audio-visual recordings of events, activities, and presentations in which you participate; and photographs taken at Sunflower Labs functions. In addition, our location in Stallikon, Switzerland uses drones [and CCTV system] for security and testing purposes.
Legally protected classification information such as race/ethnicity, nationality, sex/gender, citizenship, marital status, military service, disability, accommodation information, request for family care leave, and criminal history.
Health information about you, and, if applicable, your beneficiaries, such as mental or physical medical conditions and other information provided in health forms, disability status, health and safety incidents or accidents, sickness and leave records, and health issues requiring adaptations to your working environment or working practices.
Sensitive personal information such as social security number and driver’s license number. Some other information listed above, such as race/ethnicity, may be considered “sensitive personal information” under certain applicable laws.
Other information that directly or indirectly identifies you, such as date and place of birth and citizenship (and such information about your dependents or emergency contacts); immigration status; and information on any publicly available social media profile of yours that mentions your connection to us.
Other information that you may voluntarily choose to provide us, in connection with your employment, your service, or otherwise.
How We Use Personal Information
We have or will collect, use, disclose, and store personal information for our legitimate business purposes, which include, where applicable:
HR management and administration, including training, compensation and benefits, invoices, leave, scheduling, career development, performance appraisals and recognition, investigating and resolving inquiries and complaints, providing references, succession planning, organizational changes, fraud prevention and investigation, preparing analyses and reports, and communicating with our workforce about updates or relevant information about perks, benefits and discounts, recruiting activities, assessing hiring needs, and changes to Sunflower Labs products and services.
Business operations, including providing and monitoring IT systems for any lawful purpose, maintaining accounts and internal directories, crisis management, protecting occupational health and safety, participating in due diligence activities related to the business, business succession planning, data administration, workplace management, and conducting internal analyses and audits.
Security operations, including detecting security incidents, debugging and repairing errors, and preventing unauthorized access to our computer and electronic communications systems and preventing malicious software distribution; and safeguarding Sunflower Labs and its facilities, services, and Sunflower Labs Personnel.
Legal compliance and assistance, such as complying with anti-bribery, tax, social security and immigration obligation and responding to and cooperating with legal or regulatory requests and investigations.
Exercising our legal rights, including seeking legal advice from our external lawyers or in connection with litigation with a third party.
We may also use personal information for any other legally permitted purpose if we have your consent.
Certain information we collect may be considered “sensitive personal information” under certain privacy laws. We collect and process such information only for our legitimate business purposes and do not process such information for purposes for which the “right to limit” applies under applicable laws. We use the following information that may be considered “sensitive” as legally necessary, in the following ways:
Social security number, passport information, or other government identification: for legal compliance, payroll, benefits, tax, and immigration purposes.
Health information, which may include disability status and accommodation information: to provide reasonable workplace accommodations and manage absences and leave, for workplace health and safety purposes, and for compliance with applicable law and contracts or to exercise rights thereunder.
Race/ethnicity, sex/gender, sexual orientation, religious/philosophical beliefs, disability status, and accommodation information: for equal opportunity and diversity and inclusion purposes and compliance with applicable law or to exercise rights thereunder.
How We Disclose Personal Information
We may disclose personal information to the following types of entities or in the following circumstances, where applicable:
Internally, to carry out the purposes described in this Policy.
Vendors, such as compensation and benefits providers, corporate card issuers, human resource suppliers, group benefit plan carriers, employment businesses (for contractors or agency workers), content providers, information technology providers such as equity award and ownership information, data storage and hosting providers, background check companies, and employment businesses (in relation to contractors or agency workers) and security providers.
Legal compliance and exercising legal rights: (i) when required to do so by law, regulation, or court order, (ii) in response to a request for assistance by the police or other law enforcement agency (iii) to seek legal advice from our external lawyers or in connection with litigation with you or a third party, or (iv) as otherwise necessary to exercising our legal rights or to protect Sunflower Labs or Sunflower Labs Personnel.
Business operations to provide another entity (such as a potential or existing business counterparty or customer) with a means of contacting you in the normal course of business, for example, by providing your contact details, such as your phone number and email address.
Business transaction purposes, such as in connection with the sale, purchase, or merger of Sunflower Labs.
Consent: with your consent and as permitted by law, we may disclose personal information to any other third parties in any other circumstances.
Retention
The personal information we do or will collect, including sensitive personal information, will be retained until we determine it is no longer necessary to satisfy the purposes for which it was collected and our legal obligations. We determine retention periods by evaluating our legal obligations and our legitimate business interests (such as backing up systems or maintaining our organizational history).
Access, Correction, and Deletion of Information
Our intention is to enable you to have reasonable control over your personal information, consistent with our relationship. You may request:
access to certain of your personal information including the right to know the categories of personal information we have or will collect about you and the reason we will or have collected such information;
correction of certain of the personal information that we have or will hold about you that is inaccurate; and
deletion or removal of certain of your personal information.
You also have the right not to be discriminated against (as provided under applicable laws) for exercising your rights.
Exceptions to Your Rights: There are certain exceptions to these enumerated rights. For instance, we may retain your personal information if it is reasonably necessary for us or our service providers to provide a service that you have requested or to comply with law or to detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for that activity.
Exercising Your Rights: To exercise one of the rights above, you may contact us as provided below under “Contact Us.” We also will take reasonable steps to verify your identity before responding to a request. In doing so, we will ask you for relevant verification information. If we are unable to verify you, we shall have the right, but not the obligation, to request additional information from you.
California and certain other privacy laws place obligations on businesses that “sell” personal information to third parties or “share” personal information with third parties for cross-context behavioral advertising. We do not “sell” or “share” the personal information covered by this Policy and have not done so in the twelve months prior to the effective date of this Policy.
6. Additional Information for Non-U.S. Sunflower Labs Personnel
information, such as the right to decline or object to certain collection, uses, and disclosures of your personal information. Please consult the laws of your jurisdiction and/or contact your local data protection authority to understand your rights. For more information and to request to exercise your rights, you may contact us as provided below under “Contact Us.” We reserve the right not to respond to requests to exercise rights where we are not legally obligated to respond.
Sunflower Labs Inc., the parent corporation, is organized and its headquarters are in the United States, and we and our vendors may store and process your personal information in the United States and other jurisdictions where we and they are located. We will transfer your personal information in accordance with applicable law.
Additional Information for Residents of the EEA, UK, and Switzerland
This subsection solely applies to you if you are a resident of the European Economic Area (“EEA”), United Kingdom (“UK”), or Switzerland.
Legal Bases: Our legal bases for processing your personal information as described above in this Policy are:
Contract: We may process your personal information as necessary to perform a contract with you, such as to administer payroll and provide benefits.
Legal obligation: We may process your personal information to comply with a legal obligation or request, such as to comply with employment and tax regulations.
Legitimate interest: We may process your personal information for purposes of our or another party’s legitimate interests, such as to maintain the security of our premises, personnel, and property.
Consent: We may process your personal information consistent with your consent to the extent permitted by applicable law.
Your Rights: As provided in applicable law, residents of the EEA, UK, and Switzerland have the right to:
Access the personal information we process about you, including the right to obtain confirmation of whether we are processing your personal information, access to the personal information we process about you, and a copy of such personal information.
Request rectification of personal information when you consider that it is inaccurate.
Erasure of certain personal information in certain circumstances, such as when your personal information is no longer necessary in relation to the purposes for processing or if erasure is necessary for legal compliance.
Request restriction of certain processing activities, such as when you dispute the accuracy of the personal information.
Object to certain processing of your personal information.
Withdraw your consent at any time where we process your personal information based on your consent and not on another legal basis, provided that withdrawing your consent only affects our processing after the withdrawal.
In some circumstances and if technically feasible, request that your personal information be transferred to a third party or provided to you directly in a structured, commonly used, and machine-readable form.
If provided for under the law of the jurisdiction where you reside, give instructions about the processing of your personal information after your death.
You also have the right to lodge a complaint with your local data protection authority if you believe we have processed your personal information in violation of applicable data protection law. However, we encourage you to raise any complaints with us first so we can do our best to resolve it. A list of EEA data protection authorities is available here: https://edpb.europa.eu/about-edpb/about-edpb/members_en#member-uk. UK residents may find information about the Information Commissioner’s Office here: https://ico.org.uk. Swiss residents may find information about the Federal Data Protection and Information Commissioner here: https://www.edoeb.admin.ch/edoeb/en/home.html.
There are certain exceptions to the above rights. For instance, we may retain your personal information if it is reasonably necessary for us or our service providers to provide a service that you have requested or to comply with law or to detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for that activity. In addition, we reserve the right not to process requests that are manifestly unfounded or excessive, as provided in applicable law.
To exercise your rights, please contact us as provided below under “Contact Us” and specify the right(s) you want to exercise and the personal information with respect to which you want to exercise such right(s), as well as your reasons for wanting to exercise such right(s), if applicable. We will process and respond to your requests as required under applicable law.
International Transfers of Personal Information: Because the Sunflower Labs Inc. headquarters are in the United States, we and our vendors may store and process your personal information in the United States and other jurisdictions where we and they are located. If we transfer your personal information to a jurisdiction not deemed to be “adequate” by the relevant authorities (i.e., jurisdictions that are deemed not to provide a level of protection to personal information that is equivalent to that of the EEA, UK, or Switzerland), we will transfer such personal information in accordance with applicable law and in accordance with the principles set forth in the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and/or the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF), as applicable.
Contact Us
If you have questions about our collection, use, or disclosure of personal information, or to exercise one of the rights above, please contact us in one of the following ways:
By email: people@sunflower-labs.com
By mail: 1364 Crestview Dr. San Carlos California 94070 USA
