Skip to content
Legal // CCPA Employee Privacy Policy & Notice

CCPA Employee Privacy Policy & Notice

Effective Date: November 16, 2023
Last Updated: [November 1, 2025]

Derivative Path (“we,” “us,” or “our”) respects the privacy of individuals’ personal information we handle and we are committed to the responsible management, use, and protection of personal information. This California Consumer Privacy Act (“CCPA”) Employee Privacy Policy (“Policy”) describes our practices in connection with the personal information that we collect from our employees, job applicants, contractors, consultants, and other staff who are California residents (“you,” “your” or “consumer”), as well as your CCPA rights, including notice, access, disclosure, correction, restriction, deletion, and anti-discrimination. Any terms used but not otherwise defined in this Policy have the same meaning as defined in the CCPA.

We will not sell the personal information, including any sensitive personal information, we collect about our employees or applicants for employment or share it with third parties for cross-context behavioral advertising.

1. Categories of Personal Information We May Collect

When we say “personal information” in this Policy, we mean information that identifies, relates to, describes, references, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a consumer. The personal information that we collect, use or disclose about you will depend on our relationship or interaction with you. During the past twelve months, we may have collected the following categories of personal information. The table below also lists the purposes for which we may collect, use or disclose personal information in different contexts. Please note that some of the data collection and uses described below may not apply to you. We will not collect additional categories of personal information or use the personal information we collected for materially different, unrelated, or incompatible purposes without providing you notice.

Personal Information CategoryBusiness Purpose
Identifiers, such as your full name, contact information, gender, date of birth, signature, Social Security number, driver’s license or state identification numbers, and similar information for your dependents and beneficiaries.
  • Recruit and process employment applications, including verifying eligibility for employment and conducting background and related checks
  • Conduct employee onboarding
  • Maintain and administer payroll and employee benefit plans, including enrollment and claims handling
  • Maintain personnel records and complying with record retention requirements
  • Provide employees with human resources management services and employee data maintenance and support services
  • Communicate with employees and their emergency contacts and plan beneficiaries
  • Comply with applicable state and federal labor, employment, tax benefits, workers’ compensation, disability, equal employment opportunity, workplace safety, and related laws
  • Prevent unauthorized access to or use of the Company property, including information systems, electronic devices, network, and data
  • Ensure employee productivity and adherence to Company policies
  • Conduct internal audits and investigate complaints, grievances, and suspected violations of Firm policy
  • Respond to law enforcement requests and as required by applicable law or court order
  • Exercise or defend the legal rights of the Company and its employees
California Customer Records employment and personal information, such as your name, signature, Social Security number, physical characteristics or description, photograph, address, telephone number, passport number, driver’s license or state identification card number, insurance policy number, education, current employment, employment history, membership in professional organizations, licenses and certifications, bank account number, or any other financial, medical or health insurance information.
  • Same purposes as for identifiers category
Protected classification characteristics under California or federal law, such as age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, reproductive health decision-making, military and veteran status, or genetic information (including familial genetic information).
  • Comply with federal and state equal employment opportunity laws
  • Design, implement, and promote the Company’s diversity and inclusion programs
  • Perform workforce analytics, data analytics, and benchmarking
  • Conduct internal audits, grievances, and suspected violations of Company policy
  • Exercise or defend the legal rights of the Company and its employees
Biometric information, such as fingerprints.
  • Fingerprinting for a criminal background check after an initial offer of employment is made, for certain NFA-regulated employees. In such instances, criminal background checks are a regulatory requirement.
  • Exercise or defend the legal rights of the Company and its employees
Internet or other similar network activity information, including all activity on the Company’s information systems (such as internet browsing history, search history, intranet activity, email communications, social media postings, stored documents and emails, usernames, and passwords) and all activity on communications systems (such as phone calls, call logs, voicemails, text messages, chat logs, app use, mobile browsing and search history, mobile email communications, and other information regarding an employee’s use of company-issued devices).
  • Facilitate the efficient and secure use of Company information systems
  • Ensure compliance with Company information systems policies and procedures.
  • Comply with applicable state and federal laws, including NFA regulatory requirements
  • Prevent unauthorized access to, use, or disclosure or removal of the Company’s property, records, data, and information
  • Enhance employee productivity
  • Conduct internal audits and investigate complaints, grievances, and suspected violations of Firm polic
  • Exercise or defend the legal rights of the Company and its employees
Sensory and surveillance data, such as call monitoring and video surveillance. 
  • Comply with applicable state and federal laws, including NFA regulatory requirements
  • Prevent unauthorized access, use, or loss of the Company property
  • Improve customer service
  • Exercise or defend the legal rights of the Company and its employees
Professional or employment-related information, such as employment application information (work history, academic and professional qualifications, educational records, references, and interview notes, background check, work authorization, performance and disciplinary records, salary, bonus, commission, and other similar compensation data, benefit plan enrollment, participation, and claims information, leave of absence information including religious, military and family obligations, health data concerning employee and their family members.
  • Recruit and process employment applications, including verifying eligibility for employment, background checks, and onboarding
  • Design and administer employee benefit plans and programs, including for leaves of absence.
  • Maintain personnel records and comply with record retention requirements.
  • Communicate with employees and their emergency contacts and plan beneficiaries.
  • Comply with applicable state and federal labor, employment, tax, benefits, workers’ compensation, disability, equal employment opportunity, workplace safety, and related laws.
  • Prevent unauthorized access to or use of the Company’s property, including its information systems, electronic devices, network, and data.
  • Ensure employee productivity and adherence to the Company policies.
  • Conduct internal audits and investigate complaints, grievances, and suspected violations of the Company policy.
  • Evaluate and provide useful feedback about job performance, facilitate better working relationships, and for employee professional development
  • Exercise or defend the legal rights of the Company and its employees
Non-public education information, such as education records, degrees and vocational certifications obtained, report cards, and transcripts. 
  • Evaluate an individual’s appropriateness for hire, or promotion or transfer to a new position at the Company.
Inferences drawn from other personal information to create a profile or summary, for example, an individual’s preferences, abilities, aptitudes, and characteristics. 
  • Engage in human capital analytics, including to identify correlations about individuals and job success, analyze data to improve retention and productivity, and analyze employee preferences to inform human resources policies and procedures
  • Conduct applicant reference checks to assist in hiring decisions

Sensitive personal information is a subtype of personal information consisting of specific information categories. While we collect information that falls within the sensitive personal information categories listed in the table below, the CCPA does not treat this information as sensitive because we do not collect or use it to infer characteristics about a person.

Sensitive Personal Information CategoryBusiness Purpose
Government identifiers, such as your Social Security number, driver’s license, state identification card, and passport and visa information, and immigration status and documentation.
  • Recruit and process employment applications, including verify eligibility for employment and conducting background and related checks
  • Process and administer payroll and employee benefit plans, including enrollment and claims handling
  • Maintain personnel records and comply with record retention requirements
  • Provide employees with human resources management services and employee data maintenance and support services
  • Communicate with employees and their emergency contacts and plan beneficiaries
  • Comply with applicable state and federal labor, employment, tax benefits, workers’ compensation, disability, equal employment opportunity, workplace safety, and related law
  • Prevent unauthorized access to or use of the Company property, including information systems, electronic devices, network, and data
  • Respond to law enforcement requests and as required by applicable law or court order
Complete account access credentials, such as user names, account numbers, or card numbers combined with required access/security code or password. 
  • Recruit and process employment applications, including verify eligibility for employment and conducting background and related checks.
  • Provide employees with human resources management services and employee data maintenance and support services
  • Prevent unauthorized access to or use of the Company information systems, electronic devices, network, and data
Racial or ethnic origin.
  • Comply with federal and state equal employment opportunity laws
  • Design, implement, and promote the Company’s diversity and inclusion programs
  • Perform workforce analytics, data analytics, and benchmarking
  • Conduct internal audits and investigate complaints, grievances, and suspected violations of Company policy
Mail, email, or text messages contents not directed to the Company. 
  • Conduct internal audits and investigate complaints, grievances, and suspected violations of the Company policy
  • Exercise or defend the legal rights of the Company and its employees
Health information, including job restrictions and workplace illness and injury information. 
  • Investigate and process workers’ compensation claims
  • Process health insurance claims
  • Ensure equal access to retirement programs and fertility planning by same-sex spouses
  • Ensure equal family leave policies and insurance for transgender surgeries

We obtain the categories of personal information listed above from the following categories of sources:

  • Directly from you. For example, from your responses to information sought in your employee onboarding paperwork or forms you complete.
  • Indirectly from you. For example, from observing your activities on company-provided software, including email accounts and computers, among other things.
  • Third parties. For example, staffing and recruiting agencies with whom we contract for services and consumer reporting agencies when we perform employee background screenings.

2. How We Share Personal Information

We may disclose your personal information to a third party for the purposes described in this Policy, which include “business purposes” defined under the CCPA. When we disclose personal information for a business purpose, we will use reasonable commercial efforts to ensure that such third parties keep your personal information secure, which may include entering a contract that describes the purpose and requires the recipient to both keep that personal information confidential and not use it for any purpose except performing the contract.

We may disclose your personal information for a purpose described in this Policy to the following categories of third parties:

  • Our affiliates or business partners.
  • Service providers, including professional advisors, such as lawyers, auditors and insurers, where necessary in the course of the professional services that they render to us.
  • Third parties to whom you or your agents authorize us to disclose your personal information in connection with products or services we provide to you, including but not limited to insurance companies.
  • Government regulators and law enforcement or other third parties in connection with legal or regulatory requests.
  • Third parties in connection with a business transfer.

Please note that some of the categories described above may not apply to you. In the preceding twelve months, we have not sold or shared (for the purposes of cross-context behavioral advertising) any of your personal information.

3. Your CCPA Rights

This section describes your CCPA rights, including the following: access/know, correct, restrict, delete, and anti-discrimination. We may deny requests to correct, restrict/opt-out, or delete your personal information in the event that we are not able to verify your identity, where we will inform you of such denial.

  • Access/Know. When you make a request about your personal information that we collect or that we share for a business purpose, we respond on a case-by-case basis. Prior to responding to your request, to verify such request, we will confirm your name, email address, and certain other necessary information based on the nature (i.e., sensitivity, amount, etc.) of the personal information.
  • Correct. You can make a request to correct your personal information through the respective application storing your data (e.g., for employees, through our human resources management software), or by otherwise contacting us as described in this Policy.
  • Restrict/Opt-Out. You can make a request to restrict your sensitive personal information (such as Social Security number) when there is no statutory exemption. We are not required to offer a right to limit our use or disclosure of sensitive personal information where we perform the services reasonably expected by you (e.g., payroll).
  • Delete. You can make a request to delete your personal information when there is no statutory exemption to retain such personal information (including, for example, an ongoing relationship, complying with a legal obligation, etc.) by contacting us or the relevant third party that collects and stores such personal information (e.g., third-party background checks). Prior to responding to the request, to verify such request, we will confirm your name, email address, and certain other information necessary based on the nature (i.e., sensitivity, amount, etc.) of the personal information.
  • Anti-Discrimination. We combat against discrimination when you exercise any of your consumer rights under the CCPA, including reviewing consumer rights through a manual, case-by-case process.

4. Changes to This Policy

We reserve the right to amend this Policy at our discretion and at any time, as permitted by law. You agree to be bound by such changes. We will notify you of material changes to this Policy. The “Effective Date” of this Policy will indicate when it was most recently updated.