This HR Data Privacy Policy (“Privacy Policy”) was last updated on January 1, 2024.

Introduction
Florence Healthcare, Inc. on behalf of itself and its subsidiaries (collectively, “Florence“, “we“, “us“, or “our“) is committed to protecting the Personal Information (as defined below) we collect with respect to past, present and prospective employees, contractors, consultants, trainees and interns. This Privacy Policy describes our policies and practices regarding the collection, use, disclosure, and processing of your Personal Information. It also describes your rights and choices regarding your Personal Information.

We receive Personal Information when you visit a website that displays or links to this Policy (the “Site”), and personal information otherwise provided in connection with your employment with or engagement by Florence. This Privacy Policy does not apply to information collected by us offline or through any other means, including on any other website or online service operated by us or third parties.

Please read this Privacy Policy carefully to understand our policies and practices regarding your Personal Information. By accessing the Site, you agree to be bound by and comply with this Privacy Policy. If you do not agree with this Privacy Policy, you should discontinue your use of the Site. This Privacy Policy is incorporated into and subject to our Terms of Use for the Site.

What Personal Information We Collect and How We Collect It
We collect information about you when you voluntarily provide it to us, when you access the Site, and when third parties provide it to us.

Types of Personal Information: “Personal Information” is information that identifies an individual or relates to an identifiable individual. We may collect some or all of the following:

  • Contact information: When you apply for a position or become an employee or contractor, we will ask for your full name, address, telephone number, email address, and any other contact details that you choose to provide, in order to communicate with you.
  • Applicant information: When you apply for a position with us, we collect your name, address, e-mail address and telephone number. This information is necessary to create and maintain your account and profile. In the course of an application for employment, we may ask for and collect other information, including previous job and salary history; education details; data for diversity monitoring, if allowed by applicable law; information from third parties as described below; and other information you choose to voluntarily submit to us in connection with your application.
  • Emergency contact: We may ask you to inform us about your marital status, next of kin, dependents and emergency contacts so that we can follow your contact instructions in the event of an emergency.
  • Banking information: We may ask for your banking information, including account numbers and routing information, to facilitate payroll direct deposit.
  • Health information: We may ask for health information in connection with sickness or family-related leaves of absence, to comply with employment and other laws, and to administer benefits. While we will seek to collect no more information than is necessary, this information may contain sensitive information relating to your health, race, ethnicity, and genetic and biometric data.
  • Disability information: We may ask you to inform us if you have a disability that affects your ability to work and for information regarding accommodations you may need, in order to determine if an accommodation is reasonable and appropriate and to make required accommodations or adjustments during your employment.
  • Performance tracking and reviews: We may collect information about your activities as an employee in order to take disciplinary, performance or other employment-related actions.
  • Verification of identity and right to work: At various times during your employment, such as upon hiring or at the request of a government authority, we may ask you to provide your full name, date of birth, residential address, government identification number, and a copy of your government-issued photo identification or passport, in order to confirm your identity and your entitlement to work in any country where we have employees.
  • Third-party information: In addition to the information that we collect from you directly, we may also receive information about you from other sources. For example, third-party service providers may assist with recruitment, credit checks, reference and background checks, and investigations of possible employee wrongdoing, and help us locate former employees and beneficiaries for purposes of administering certain benefits plans. We may collect and use personal information obtained from references or interviewers in connection with your employment application. We also may obtain publicly available information, such as from websites or social media.
  • Your communications: When you communicate with us, we may retain your communications in order to process and respond to them.
  • Aggregated data: We may compile aggregated information (that does not identify any specific individual), such as groupings of demographic data.
  • Contact us: If you choose to contact us via the Contact Us information below, we may collect your name, physical address, telephone number, email address, and the information that you choose to include in your message to us so that we can receive and respond to you request if needed. We may request that you provide additional relevant information. This information helps us direct your request and respond more quickly to your needs.

Device and Connection Information: We collect information about the computer, phone, tablet, or other devices you use to access our Site. We also collect information through your device about your operating system, browser type, Internet Protocol (IP) address, Uniform Resource Locators (URLs) of referring/exit pages, device identifiers, country preference, and crash data.

Like many website operators, we collect information that your browser sends whenever you visit our Site (“Log Data”). This Log Data may include information such as your IP address, browser type, browser version, the pages of our Site that you visit, the time and date of your visit, the time spent on those pages, and other statistics.

We use your IP address and/or country preference in order to approximate your location to provide you with a better service experience. How much of this information we collect depends on the type and settings of the device you use to access the Site.

Server and data center service administrators can disable collection of this information via the administrator settings or prevent this information from being shared with us by blocking transmission at the local network level.

Cookies and other tracking technologies: Cookies are pieces of information stored directly on the device you are using. Cookies allow us to collect information such as browser type, time spent on the Site, pages visited, language preferences, and other anonymous traffic data. Florence and certain third-party providers, such as our advertising and analytics partners, use cookies and other tracking technologies (e.g., web beacons, device identifiers and pixels) to provide functionality and to recognize you across different devices. The categories of cookies are:

  • Strictly necessary cookies:You cannot opt out of these cookies, which are essential for the provision of the Site.
  • Performance cookies:These cookies provide statistical information on site usage, such as web analytics.
  • Functional cookies:These cookies allow the provision of enhanced functionality and personalization. They may be set by us or by third-party providers whose services we have added to our pages.
  • Targeting/advertising cookies:These cookies are used to create profiles or personalize content to provide you with online targeted advertisements that we think are most relevant to you.

You must opt in to all but strictly necessary cookies and you can control these cookies and tracking technologies, as described below.

How We May Use the Personal Information We Collect

We may use your personal information in the following ways:

  • To contact you and to manage our relationship with you.
  • To manage recruitment, including legal eligibility for work and other employment screening.
  • To manage your compensation and benefits, including administering insurance, payroll, employee benefits, and taxes, including disclosure to third parties such as payroll providers, accountants, benefits providers, and insurers.
  • To assess performance, for promotions and disciplinary matters, and for training purposes.
  • To conduct investigations and incident response, including reviewing your communications in these situations in accordance with relevant internal policies and applicable law.
  • To manage and maintain the security of the Site and business records, including personnel files.
  • To comply with your instructions.
  • Pursuant to your consent.
  • In any other way we may describe when you provide the information.
  • For any other purpose to which you have consented or for which we have a legal basis under law.

If we are required by applicable law to collect certain Personal Information about you, your failure or refusal to provide this information may prevent the fulfillment of our legal obligations and may impact our ability to hire you or to manage your employment relationship with us.

How We May Disclose Personal Information

We may disclose your Personal Information for the following business purposes:

  • To our third-party service providers who provide services such as information technology and related infrastructure, cloud storage, messaging and voice services, email delivery, data analytics, marketing analytics, auditing, software development and maintenance, quality control and assurance, customer support, and other services. These service providers are legally obligated to ensure the confidentiality of Personal Information and implement appropriate security measures.
  • To a third party in the event of any reorganization, merger, sale, joint venture, assignment, transfer, or other disposition of all or any portion of our business or assets (including in connection with any bankruptcy or similar proceedings).
  • As we believe to be necessary or appropriate under applicable law; to comply with legal processes; to respond to requests from public and government authorities; to enforce our terms and conditions; to protect our operations; to protect the rights, privacy, safety, or property of Florence, you or others; and to allow us to pursue available remedies or limit damages that we may sustain.

Legal Basis

Our legal bases for collecting Personal Information are: (1) your consent; or (2) if the collection and use is in our or another’s legitimate interests and is not overridden by your data protection interests or fundamental rights and freedoms. In some cases, we also may have a legal obligation to collect Personal Information. If we collect your Personal Information with your consent, you may withdraw your consent at any time as described below. You understand and agree that we may collect, use, disclose, and otherwise process the Personal Information you provide even if you are located outside the United States.

Retention of Personal Information
We will retain and use your Personal Information for as long as is necessary to fulfill the purposes for which it was collected, to comply with our business requirements and legal obligations, to resolve disputes, to protect our assets, to provide our services, and to enforce our agreements.

When there is no longer a legitimate need to retain your information, we will securely delete or anonymize it or, if this is not possible, securely store it until it can be deleted. When we delete Personal Information, it will be removed from our active servers and databases as well as the Site, but it may remain in our archives when it is not practical or possible to delete it.

To the extent permitted by law and/or our contractual obligations, we may retain and use anonymous and aggregated information for performance reporting, benchmarking, and analytic purposes, for improving our Services, and for other business or research purposes.

Information Security
We take reasonable and appropriate administrative, technical and organizational security measures to protect your Personal Information, and we review our security procedures periodically to consider appropriate new technology and methods. However, no security system is perfect and no data transmission over the Internet can be guaranteed to be completely secure. While we strive to protect your Personal Information, we cannot guarantee the security of any information you transmit to or from our Site, and you do so at your own risk.

Certain areas of the Site may require the use of a user identification, email address, and/or password as an additional security measure to help protect your information. Do not share your password with anyone.

International Transfers

Florence is based in the United States (“US”) and governed by US law. If you are outside the US when you visit the Site or engage in communications with us via mail, email or telephone, your Personal Information may be transferred to, stored, and processed in the US where we have data centers. While the US data protection, privacy and other laws might not be as comprehensive as those in your country, we take necessary and appropriate steps to protect the privacy and security of your Personal Information. By using the Site, you understand and affirmatively consent to the collection, storage, processing, and transfer of your Personal Information to the US and to those third parties with whom we share it, as described in this Privacy Policy.

When storing, hosting, or otherwise processing information (including Personal Information) for residents of countries other than the US, including the European Union (“EU”), European Economic Area (“EEA”), or United Kingdom (“UK”), we may send such data outside of these regions. When we transfer information to the US or other countries, we do so for the purposes set forth in this Privacy Policy and in accordance with applicable law. We rely on recognized legal bases to lawfully conduct cross-border/international transfers of Personal Information, such as your express informed consent to do so, when transfer is necessary for us to deliver the Services pursuant to an agreement between us and you, or when the transfer is subject to safeguards that assure the protection of your Personal Information, such as approved Standard Contractual Clauses.

In addition, Personal Information may be transferred to, stored, and processed in our data centers outside the US to allow us to better operate and maintain the Site. By using the Site, you understand and affirmatively consent to the collection, storage, processing, and transfer of your Personal Information outside the US, as described in this Privacy Policy.

Your Rights Regarding Personal Information
If Florence has any of your Personal Information, you generally have the following rights:

  • Cookies: You must affirmatively accept all but strictly necessary cookies and you have the ability to later opt out of other cookies by going to the cookie preferences of your browser. You can find out more information about how to change your browser cookie settings here. If you choose to disable cookies, please note that you may not be able to sign in or use some of the interactive features offered through our Site.
  • Google Analytics: We use Google Analytics to help us manage and improve the Site. Google provides a browser add-on that allows you to opt out by downloading and installing the add-on for your web browser. This is available here.

EU/EEA/UK Residents

If you are located in the EU, EEA or UK, you may have the following rights under the relevant EU/UK Regulations, including the General Data Protection Regulation (“GDPR”) or UK equivalent.

Access: You have the right to receive confirmation as to whether we are processing your Personal Information. If we are, you will have access to your Personal Information; we will provide you with certain details about such processing; and, in some circumstances, we will provide a copy of your Personal Information.

Rectification: You have the right to require us to correct any inaccurate or incomplete Personal Information.

Erasure: You have the right to request that we delete your Personal Information when (1) it is no longer necessary for the purposes for which it was collected; (2) consent has been withdrawn; (3) you have objected to the processing; (4) the Personal Information has been unlawfully processed; (5) the Personal Information must be erased for compliance with a legal obligation; or (6) the Personal Information was collected in certain circumstances in relation to the offer of information society services. However, this right is not absolute. When we delete Personal Information, it will be removed from our active servers and databases as well as the Sites, but it may remain in our archives when it is not practical or possible to delete it. We also may retain your Personal Information as needed to comply with our legal obligations, resolve disputes, or enforce any agreements.

Restriction of processing: You have the right to restrict the processing of your Personal Information when: (1) the accuracy of the Personal Information is contested, for a period enabling us to verify its accuracy; (2) the processing is unlawful but you oppose erasure and instead request a restriction; (3) we no longer need the Personal Information but you require us to keep it for the establishment, exercise or defense of legal claims; or (4) you have objected to our processing of the Personal Information, pending resolution of the objection.

Objection: In certain circumstances, you have the right to object to the processing of your Personal Information, unless we can demonstrate compelling legitimate grounds for the processing that override your  interests, rights and freedoms or for the establishment, exercise or defense of legal claims. You also have the right to object if Personal Information is processed for direct marketing purposes, and for scientific or historical research purposes or statistical purposes unless the processing is necessary for performance of a task carried out in the public interest.

Withdrawal of consent: If you have provided your consent to the collection, processing, and/or transfer of your Personal Information, you may have the right to fully or partially withdraw your consent. Once we have received notice that you have withdrawn your consent we will no longer process your Personal Information for the purposes to which you originally consented, unless we have a legitimate basis that overrides your interests, rights and freedoms, or for the establishment, exercise or defense of legal claims. Withdrawal of consent to receive marketing communications will not affect the processing of Personal Information for the provision of our Services.

Complaints: If you believe we have not processed your Personal Information in accordance with applicable law, you have the right to make a complaint to the relevant Supervisory Authority (as described below) or seek a remedy through the courts.

Automated decision-making. We do not employ solely automated decision-making (including profiling) that results in automated decisions that legally or otherwise significantly affect you. Automated decisions are made automatically based on computer determinations (using software algorithms), without human review. If you are to be subjected to automated decision making, we will make it clear at the time and you will have the right to contest the decision, to express your point of view, and to require a human review of the decision.

Serbia Residents

If you are located in Serbia, you generally have the same rights as do residents of the EU, EEA, or UK, as described in this Policy, as the same may be modified under the 2018 Law on Personal Data Protection, 13 November 2018, available here.

Data Privacy Framework Program

Florence complies with the EU-US Data Privacy Framework program (“EU-US DPF”), the UK Extension to the EU-US DPF (“UK Extension”), and the Swiss-US Data Privacy Framework program (“Swiss-US DPF”), all as set forth by the US Department of Commerce. The Federal Trade Commission has jurisdiction over enforcement of Florence’s compliance with the EU-US DPF, the UK Extension, and the Swiss-US DPF. Florence has certified to the US Department of Commerce that it adheres to the EU-US Data Privacy Framework Principles (“EU-US DPF Principles”) with regard to the processing of personal data received from the EU in reliance on the EU-US DPF and from the UK (and Gibraltar) in reliance on the UK Extension. Florence also has certified to the US Department of Commerce that it adheres to the Swiss-US Data Privacy Framework program Principles (“Swiss-US DPF Principles” and collectively with the EU-US DPF Principles, the “DPF Principles”) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-US DPF. If there is any conflict between the terms in this Privacy Policy and the DPF Principles, the applicable DPF Principles will govern. To learn more about the DPF program and to view our certification, please visit here.

If Florence receives Personal Information under the DPF Principles and subsequently transfers such information to a third party acting as an agent on our behalf, we remain liable under the DPF Principles if the agent processes such Personal Information in a manner inconsistent with the DPF Principles, unless we prove that we are not responsible for the event giving rise to the damage.

In compliance with the DPF Principles, Florence commits to resolve complaints related to the DPF Principles about your privacy and our collection or use of your personal information transferred to the US pursuant to the DPF Principles. EU, Swiss and UK individuals with DPF inquiries or complaints should first contact Florence at privacy@florencehc.com.

Florence has further committed to refer unresolved privacy complaints under the DPF Principles to an independent dispute resolution mechanism, Data Privacy Framework Services, operated by BBB National Programs. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit here for more information or to file a complaint. This service is provided free of charge to you. Before you file a complaint, please review the BBB’s Procedure Rules here.

If your DPF complaint cannot be resolved through the above channels, under certain conditions you may invoke binding arbitration for some residual claims not resolved by other redress mechanisms. Details are available here.

California Privacy Rights

The California Consumer Privacy Act, as amended by the California Privacy Rights Act (“CCPA”) gives consumers the right to request that we disclose what Personal Information we collect, use, disclose, and sell, and delete certain Personal Information that we have collected or maintain. You may submit these requests to us as described in the Contact Us section of this Privacy Policy.

We will confirm receipt of your request within 10 business days. We must provide the requested information or delete your Personal Information within 45 days of receipt of your request, but we can take up to an additional 45 days if we let you know that additional time is needed.

However, these rights do not apply when we collect or sell your Personal Information if: (1) we collected that information while you were outside of California; (2) no part of a sale of your Personal Information occurred in California; and (3) no Personal Information collected while you were in California is sold. In addition, de-identified information is not subject to these rights. If your information is collected in the context of a business relationship with us, it may not be covered by the CCPA.

Request to know: You have the right to request: (1) the specific pieces of Personal Information we have collected about you; (2) the categories of Personal Information we have collected about you; (3) the categories of sources from which the Personal Information is collected; (4) the categories of Personal Information about you that we have sold and the categories of third parties to whom the Personal Information was sold; (5) the categories of Personal Information about you that we disclosed for a business purpose and the categories of third parties to whom the Personal Information was disclosed for a business purpose; (6) the business or commercial purpose for collecting, disclosing, or selling Personal Information; and (7) the categories of third parties with whom we share Personal Information. Our response will cover the 12-month period preceding our receipt of your request.

Request to delete: You have the right to request the erasure/deletion of certain Personal Information collected or maintained by us. We will delete your Personal Information from our records and direct any service providers (as defined under the CCPA) to delete your Personal Information from their records.

Request to correct: You have the right to request the correction of Personal Information that we collect and maintain.

Request to limit the use of Sensitive Personal Information: This right is not applicable, as we do not collect or process sensitive personal information (as defined by applicable California law) for the purpose of inferring characteristics about consumers.

Sale of Personal Information: Under the CCPA, you have the right to direct us to stop selling your Personal Information to third parties and to refrain from doing so in the future. We do not sell Personal Information as defined under the CCPA, and we have not sold Personal Information during the past 12 months. However, under California law, some uses of cookies and similar tracking technologies may be characterized as “selling” or “sharing” Personal Information. You have the right to restrict such “selling” or “sharing” of your Personal Information, as described in this Privacy Policy.

Non-discrimination: You have the right to not receive discriminatory treatment by us due to your exercise of the rights provided under the CCPA. We do not discriminate against consumers for exercising their rights under the CCPA.

Excessive requests: If your requests are unfounded or excessive, particularly because they are repetitive, we may either charge a reasonable fee or refuse to act on the request and notify you of the reason for refusal. If we charge a fee, the amount will be based upon the administrative costs of providing the information or communication or taking the action requested.

Verification process: We are required by law to verify the identities of those who submit requests. To determine whether the individual making the request is the consumer about whom we have collected information, we will verify your identity by matching the identifying information provided by you in the request to the Personal Information that we already maintain about you. If we cannot verify your identity, we may deny the request in whole or in part. We will inform you if we cannot verify your identity.

Authorized agents: An authorized agent may submit a request on your behalf. If you use an authorized agent to submit a request, we may require you to: (1) provide the authorized agent with signed permission to do so; (2) verify your identity directly with us; and (3) directly confirm with us that you provided the authorized agent permission to submit the request. We may deny a request from an agent that does not submit proof of your authorization to act on your behalf.

Privacy Rights In Other States

Residents of other states (including Colorado, Connecticut, Utah and Virginia) may have rights to request information about or delete their Personal Information. To inquire about exercising these rights, please contact us at privacy@florencehc.com.

Exercising Your Rights

If you wish to contact us to exercise rights with respect to your Personal Information, you can either:

You may opt out of receiving promotional communications from us by using the unsubscribe link within each email, updating your email preferences within your account settings menu, or contacting us to have your contact information removed from our promotional email list or registration database.

If you are based in the EU, EEA, Switzerland, or UK: You may contact our Data Protection Representative, DataRep, which has locations in each of the EU countries, the UK, Switzerland, Norway and Iceland, in any of the following ways:

  • Send an email to DataRep at datarequest@datarep.com and include “Florence Healthcare, Inc.” in the subject line,
  • Submit an online webform here.
  • Residents of the UK may send correspondence to DataRep at:

DataRep, 107-111 Fleet Street, London, EC4A 2AB, United Kingdom

  • Residents of Switzerland may send correspondence to DataRep at:

DataRep, Leutschenbachstrasse 95, ZURICH, 8050, Switzerland

  • Residents of the EU also may send correspondence to DataRep; please contact the Florence Privacy Team at privacy@florencehc.com for the current DataRep address in the country where you reside.

If you have any questions about how DataRep will handle Personal Information, refer to the DataRep privacy notice here.

You also may have the right to make a complaint under the GDPR to the relevant Supervisory Authority. A list of Supervisory Authorities is available here.

Third Party Links and Services
This Privacy Policy does not address, and we are not responsible for, the privacy, information, or other practices of any third party operating any site or service to which the Site link. Unless expressly stated otherwise, the inclusion of a link on the Site does not imply our endorsement or recommendation of the linked site or service.

Changes to this Privacy Policy
We may update this Privacy Policy at any time in our sole discretion and without notice. We will post any revised Privacy Policy on the Site. You should review this Privacy Policy periodically to ensure that you are aware of any changes. Your continued use of the Site constitutes your acceptance of any revised Privacy Policy.

Contact Us
If you have any questions about this Privacy Policy, please contact us at privacy@florencehc.com or at the following address:

Florence Healthcare, Inc.
600 Peachtree St NE, Suite 920
Atlanta, GA 30308
Attn: Privacy Team