RRM Design Group

Privacy Notice to Applicants/Employees

Overview

This Privacy Notice explains how RRM Design Group (“the Company”, “RRM,” “we,” “us,” or “our”) collects, uses, discloses, and retains personal information relating to individuals who apply for, work for, or otherwise provide services to RRM, including applicants, employees, former employees, interns, and independent contractors.

This notice is intended to comply with the California Consumer Privacy Act, as amended by the California Privacy Rights Act (“CCPA/CPRA”).

Please take notice that RRM Design Group collects certain personal information about you. This notice describes the categories of personal information the Company collects and the purposes for which they are used in accordance with the California’s California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA).

The law provides California applicants and employees with certain rights with respect to the personal information collected from them, including the rights:

  • To delete personal information.
  • To correct inaccurate personal information.
  • To access personal information.
  • To know what personal information is sold or shared and to whom.
  • To opt out of selling or sharing of personal information.
  • To limit use and disclosure of sensitive personal information.
  • Not to be discriminated or retaliated against for exercising rights under the law.

 

The personal and sensitive personal information that we are collecting. We may collect the following categories of personal information depending on your role and interaction with RRM:

  • Identifiers, such as name, government-issued identifier (e.g., Social Security number (SSN)) and unique identifiers (e.g., employee ID);
  • Personal information, such as real name, signature, SSN, physical characteristics or description, address, telephone number, passport number, driver’s license or state identification card number, federal identification authorizing work in the United States, access and/or passcodes, insurance policy number, education, employment, employment history, bank account number, other financial information, medical information or health insurance information;
  • Characteristics of protected classifications under California or federal law, such as age, marital status, gender, sex, race, color, disability, citizenship, primary language, immigration status, military/veteran status, disability, request for leave and medical conditions;
  • Commercial information, such as transaction information and purchase history (e.g., in connection with expense reimbursements [or purchases from the Company]);
  • Internet or network activity information, such as browsing history and interactions with our online systems and websites and any personal information that you provide while accessing the Company’s computer systems, such as personal credit card information and passwords;
  • Geolocation data, such as device location from using the Company’s devices;
  • Audio, electronic, visual, and similar information;
  • Professional or employment-related information, such as work history, prior employers, data submitted in job applications, professional licenses, degrees, background checks, performance and disciplinary records, compensation, benefits and leaves of absence information;
  • Inferences drawn from any of the personal and sensitive personal information listed above to create a profile or summary about, for example, an individual’s preferences and characteristics; and

We do not use sensitive personal information for purposes other than those permitted under CPRA.

 

Where we get your information from. The Company collects information about you from the following sources:

  • Directly from you (applications, onboarding, employment forms)
  • From HR and recruiting systems
  • From interviews, performance processes, and workplace interactions
  • From prior employers, references, recruiters or educational institutions
  • Automatically through workplace systems and devices
  • From compliance or benefit providers, including claim administrators and investigators
  • From third-party companies, such as background check companies, drug testing facilities, licensing and credentialing organizations; and

 

How your personal and sensitive personal information is used. We may use personal and sensitive personal information for the following purposes:

We use personal information for business and employment-related purposes, including:

  • Recruiting, hiring, onboarding, and retaining employees.
  • Managing employment or contractor relationships
  • Collecting and processing employment applications, including confirming eligibility for employment, background and related checks, and onboarding.
  • Leave of absence administration.
  • Compensation administration and compliance, including payroll, bonuses, reimbursements, etc.
  • Employee benefit plan and program administration.
  • Performance management and professional development
  • Workforce planning, reporting, and internal operations
  • Maintaining personnel records and complying with record retention requirements.
  • Communicating with employees and/or employees’ emergency contacts and plan beneficiaries.
  • Facilitating and administering the use of the company’s property and resources, including the company’s information systems, electronic devices, network and data, and preventing unauthorized access of such.
  • Workplace health and safety compliance.
  • Ensuring employee productivity and adherence to the policies.
  • Investigating complaints, grievances and suspected violations of policy.
  • Complying with applicable state and federal laws, including labor, employment, tax, benefits, workers compensation, disability, equal employment opportunity, workplace safety and related laws.
  • Exercising and defending legal claims.
  • Managing IT systems and access to workplace tools

 

Disclosure of personal information. We may disclose personal information to:

  • Authorized RRM personnel (HR, managers, leadership)
  • Service providers supporting HR, payroll, and recruiting functions (including Paylocity)
  • Benefits administrators and insurance providers
  • Background check and verification providers
  • IT, security, and cloud hosting providers
  • Legal, regulatory, or government authorities when required
  • Professional advisors (legal, accounting, audit, consulting)

All service providers are required to protect personal information and use it only for authorized business purposes.

 

Selling or sharing of personal information. For purposes of the CCPA/CPRA, the Company does not sell or share the personal information or sensitive personal information of job applicants, employees, former employees, interns or contractors.

 

Data retention. We retain personal information only as long as reasonably necessary to:

  • Manage the employment or engagement relationship
  • Operate HR, payroll, recruiting, and business functions
  • Comply with legal, regulatory, tax, and accounting obligations
  • Resolve disputes or enforce agreements

Retention periods vary depending on the type of information and applicable legal requirements.

 

For inquiries and/or to submit requests for information, deletion or correction. Please contact either: (1) Human Resources, 3765 S. Higuera Street, Suite 102, San Luis Obispo, CA 93401 or (2) humanresources2@rrmdesign.com for inquiries about the Company’s privacy policy, or to submit your requests for information, deletion or correction.

 

Changes to This Notice

We may update this Workforce Privacy Notice from time to time to reflect changes in legal requirements, business practices, or systems. Updates will be posted with a revised effective date.

 

Effective Date: May 19, 2026