CPRA Notice at Collection for California Employees and Applicants
Last Updated: May 6, 2024
Nylas, Inc. (“We” or “Nylas”) collects and uses Personal Information from or about you (“you” or “employee”) for human resources, employment, benefits administration, health and safety, and business-related purposes and to be in legal compliance with the California Consumer Privacy Act of 2020, as amended by the California Privacy Rights Act (“CPRA”). This policy applies only to personal information we collect about you in the employment or application context; for information on our other privacy practices, please see our Privacy Policy. As used herein, “Personal Information” has the meaning given to it in the CPRA.
Personal Information We Collect
Below are the categories of Personal Information we collect and the purposes for which we intend to use this information:
- Identifying Information, such as your full name, gender, date of birth.
- Demographic data, such as race, ethnic origin, marital status, disability, and veteran or military status, if you choose to provide it.
- Contact Information, such as your home address, telephone numbers, email addresses, and emergency contact information.
- Dependent’s or other individual’s information, such as full name, address, date of birth, and Social Security numbers.
- Educational and professional background, such as your work history, academic and professional qualifications, educational records, references, if you choose to provide it in your application, along with interview notes.
- Employment details, such as your job title, position, hire dates, compensation, performance and disciplinary records, and vacation and sick leave records.
- Financial information, such as retirement account details, tax information, payroll information, and withholdings.
- Health and Safety information, such as health conditions (if relevant to your employment), job restrictions, benefits information, workplace illness and injury information, and health insurance policy information.
- Location Information, for field reporting and remote work purposes.
- Inferences, generated from any other information you voluntarily disclose to us in the course of your employment, including without limitation photographs, chats, emails, your employee profile, and other work product in any form whatsoever.
How We Collect Personal Information
We generally collect Personal Information directly from you when you apply for a position at Nylas, during the employee onboarding process, and during your employment.
Service Providers also collect Personal Information on you on our behalf, for example:
- When you sign up for benefits, our third-party Service Providers collect health and safety information, dependent’s information, employment details, and demographic data if you choose to provide it.
- When you apply for employment, we collect background check information on you from a third-party Service Provider.
- During your employment, we use a number of third parties to help administer your benefits, payroll, and health insurance.
- During employment, third party tools that you use will collect Personal Information. For example, our employee communications tools collect and process your messages and emails; communications services collect and process your business calls and emails; and security services may see your credentials, work product, and communications.
These Service Providers are contractually bound to only process your Personal Information as we direct them, in accordance with the CPRA. For more information on Service Providers that collect Personal Information on our behalf, see Appendix A.
Why We Collect Personal Information
In general, Nylas collects Personal Information to use or disclose as appropriate to:
- Comply with all applicable laws and regulations.
- Recruit and evaluate job applicants and candidates for employment.
- Conduct background checks.
- Manage your employment relationship with us, including for:
- onboarding processes;
- timekeeping, payroll, and expense report administration;
- employee benefits administration;
- employee training and development requirements;
- the creation, maintenance, and security of your online employee accounts;
- reaching your emergency contacts when needed, such as when you are not reachable or are injured or ill;
- workers’ compensation claims management; and
- employee job performance, including goals and performance reviews, promotions, discipline, and termination.
- Assist with employee productivity, such as monitoring code committed.
- Secure our systems and services.
- Manage and monitor employee access to company facilities, equipment, and systems.
- Conduct internal audits and workplace investigations.
- Investigate and enforce compliance with and potential breaches of Company policies and procedures.
- Maintain commercial insurance policies and coverages, including for workers’ compensation and other liability insurance.
- Perform workforce analytics, data analytics, and benchmarking.
- Administer and maintain Nylas’s operations, including for safety purposes.
- Exercise or defend the legal rights of Nylas and its employees, customers, contractors, and agents.
How We Share Your Personal Information
We share your Personal Information with third parties as set forth in the below chart. We do not sell or share your Personal Information for value and have not done so in the previous 12 months.
Category of Personal Information Collected | Sold or Shared? | Disclosed for a Business Purpose? | Retention Period* |
Identifying information | No | Yes, to database hosting, benefits, recruiting, and human resource Service Providers | 4 years from date of rejection of application, upon request, or 8 years from termination date unless a different period is prescribed by applicable state law |
Demographic Data | No | Yes, to database hosting, benefits, recruiting, and human resource Service Providers | For 8 years after termination |
Contact Information | No | Yes, to database hosting, benefits, recruiting, and human resource Service Providers | 4 years from date of rejection of application, upon request, or 8 years from termination date unless a different period is prescribed by applicable state law |
Background Check Information | No | Yes, to database hosting and human resource Service Providers | 6 years from the date of background check |
Sensitive Personal Information, such as Government ID, Dependent’s information | No | Yes, to database hosting, benefits, and human resource Service Providers | For 8 years after termination |
Financial Information | No | Yes, to database hosting and human resource Service Providers | For 8 years after termination |
Professional or Education Information, Employment Details | No | Yes, to database hosting, recruiting, and IT Service Providers | For 8 years after termination |
Health and Safety Information | No | Yes, to benefits, and human resource Service Providers | For 8 years after termination |
Inferences | No | Yes, to human resource Service Providers | As needed or for 12 months after termination |
*May differ depending on applicable state or federal law.
Your Rights and Choices
Depending on where you live, you may have the below rights with respect to your Personal Information.
- Right to Know: The right to request that we disclose to you the Personal Information we collect, use, or disclose, and information about our data practices.
- Right to Access: The right to access the Personal Information held about you by us or on our behalf.
- Right to Request Correction: The right to request that we correct inaccurate Personal Information that we maintain about you.
- Right to Request Deletion: The right to request that we delete your Personal Information that we have collected from or about you, subject to exceptions in the CPRA and under prevailing law.
- Right to Non-Discrimination and Non-Retaliation: The right not to receive discriminatory treatment for exercising your privacy rights under the CPRA.
- Right of Portability: The right to have your Personal Information delivered to you in a standard portable form.
- Right to Opt Out of Automated Decision-Making Technologies: The right to have decisions made by automated technologies made by a human. We do not currently employ these decision making technologies for any decisions relevant to employees, but if we do, you may exercise this right.
- Right to Limit Processing of Sensitive Personal Information, as defined by the CPRA: The right to limit Nylas’s processing of your Sensitive Personal Information (e.g. your social security number, email content, health information), to the purposes authorized by the CPRA. For clarity, we only collect and use your Sensitive Personal Information to perform services for you related to your employment.
Depending on your request, we may fully or partially comply given our legal obligations or exceptions to your rights under the CPRA. For example, we cannot delete all financial information we have about you during the term of your employment because that would make it impossible to pay you; we cannot delete your social security number or email during the term of your employment for tax and recordkeeping purposes. If you are involved in a legal action with or against Nylas, we will retain Personal Information to assist us in protecting our legal rights.
If you have any questions about this Notice, want to exercise your rights, or need to access this Notice in an alternative format due to having a disability, please contact Samantha Cowan, [email protected], 608-385-2225.
Appendix A
Service Provider Collection of Personal Information
To support in the completion of their duties, Nylas uses Service Providers that may store and process personal information (ex. name, Nylas email, etc). This appendix provides important information about their identities, locations, and roles.
Subprocessor | Subject Matter | Purpose | Location(s) |
Adobe | Name, work email | Document and Design Software | United States |
Amazon Web Services | Name, work email, IP address | Cloud hosting | United States, EU, Canada |
Apollo | Name, work email | Lead Generation | United States |
Atlassian Pty Ltd | Name, work email | JIRA Ticketing | United States, Germany, Ireland, Singapore, and Australia |
ChurnZero | Name, work email | Customer Support Automation | United States, United Kingdom, and Ireland |
ClassMarker | Name, work email | Training | United States |
Cloudflare | Name, work email, IP address | Web Application Firewall and DDoS Prevention | North America, EU |
Coralogix | Name, Work email | Logging, Alerting | Switzerland, United Kingdom |
Dell Financial Services LLC (Jamf) | Name, work email, IP address, | Endpoint Management | United States, Germany, United Kingdom, Australia, Japan |
Docusign | Name, work email, telephone number | Electronic Document Signing | United States, EU |
Drata | Name, work email | Compliance Management | United States |
Emburse Inc. | Name, work email, bank account | Expense Reimbursement | United States |
Eshares Inc. | Name, personal email | Options Management / Excercising | United States |
Ethena | Name, work email | Training | United States |
Figma | Name, work email | Product Design | United States |
FirstBase | Name, work email, address | Inventory Management | United States |
Fivetran | United States (US), Canada, European Union (EU), United Kingdom (UK), and Asia-Pacific (APAC) regions | Data Movement | United States (US), Canada, European Union (EU), United Kingdom (UK), and Asia-Pacific (APAC) regions |
Gong.io | Name, work email | Video Call Recording | United States |
Goodhire | Name, email, background check information | Background Checks | United States |
Gravitational Inc. | Name, work email, IP | Access Control | United States |
Greenhouse | Name, personal email, hiring information, IP address | Recruiting | United States |
Guideline | Name, personal email | 401k Management | United States |
Name, work email, IP address | Email API | United States, EU, Canada | |
Google Cloud Platform | Name, work email, IP address | Cloud hosting | United States, EU, Canada |
Google Workspaces | Name, work email, IP address | Email, Documents, Spreadsheets, Slides, Drive | United States |
HackerOne | Name, work email, IP address | Application Testing | United States |
Harness | Name, work email | Access Controls | United States |
Heroku | Name, work email | Backups | United States |
Honeycomb.io | Name, work email | Observability / Logging | United States |
Hubspot | Name, work email | Communication | United States |
Jellyfish | Name, work email, github account | JIRA / Github Productivity | United States |
Ketch | Name, work email, IP | Cookie Consent Management | United States |
KnowBe4, Inc. | Work email | Phishing Simulation | United States |
Kong Inc. | Name, work email, IP | API Gateway | United States, EU |
Lattice | Name, work email | Collaboration | United States |
Looker | Name, work email | Analytics | United States |
Loom | Name, work email | Internal Video Hosting and Sharing | United States |
Mailgun | Name, work email | Transactional Email | United States, EU |
Microsoft | Name, work email | MS Office / Email API | United States, Ireland |
New Relic | Name, work email | Observability, Logging | United States |
PagerDuty | Name, work email, phone numbers | Calls, Paging | United States |
Pave | Name, work email, compensation information | Compensation Platform | United States |
Pipedrive | Name, work email | Pipeline CRM Tool | United States, EU |
Postman | Name, work email | API Testing Utility | United States |
ProductBoard, Inc. | Name, work email | Project Management and Customer Request Management | United States |
Recurly Inc. | Name, work email | Billing and Subscriptions | United States, EU |
Retool Inc | Name, work email | Low-code internal app generator | United States, EU |
Rewatch | Name, work email | Video Knowledge Base | United States |
Rippling | Name, work email, personal email, banking, telephone numbers | Human Resources-related Functions and Payroll Processing | United States |
Rootly, Inc. | Name, work email | Incident Management via Slack | United States |
Salesforce | Name, work email | Customer Relationship Management | United States |
Salesloft | Name, work email, telephone number | Sales Engagement Platform | United States, EU |
SeekOut | Name, work email | Talent Aquisition and Management | United States |
Slack | Name, work email, telephone number | Messaging | United States |
Snyk | Name, work email | Real-time security & compliance monitoring | United States |
Sora | Name, work email, personal email | Onboarding and Questionnaires | Switzerland |
Stripe | Name, work email | Credit Card Processing | United States |
Tropic | Name, work email | Procurement Platform | United States |
Twilio Segment | Name, work email | Customer Data Platform | United States |
Whimsical | Name, work email | Flowchart Tooling | United States |
Woopra | Name, work email | Usage Analytics | United States |
Zendesk | Name, work email | Ticketing Platform | United States, EU |
Zesty | Name, work email | Reserved Instance Management | United States, Ireland |
ZoomInfo – REMOVE APRIL 1 | Name, work email | B2B Lead Generation | United States |