Employee Privacy Policy

Effective Date: 03/31/2025

This California Employee Privacy Policy describes how Winery Exchange, Inc. dba Winery Exchange (“WX Brands,” “Company,” “we,” or “us”) collect and process personal information about our California job applicants and employees. Under the California Consumer Privacy of 2018 (CCPA), as amended by the California Privacy Rights Act of 2020 (CPRA), we are required to provide our California employees with a privacy policy that contains a comprehensive description of our online and offline practices regarding our collection, use, sale, sharing, and retention of their personal information, along with a description of the rights they have regarding their personal information. This Employee Privacy Policy provides the information the CCPA requires, together with other useful information regarding our collection and use of personal information, and any terms defined in the CCPA have the same meaning when used in this policy.

This Employee Privacy Policy applies to our current and former employees who are California residents when the CCPA covers our collection and use of your personal information in the employment context.

This Employee Privacy Policy does not apply to our collection and use of personal information in a consumer or business-to-business capacity. For more information on our collection and use of consumer personal information, including how we process opt-out preference signals, please see our online privacy policy available at: [CONSUMER PRIVACY POLICY URL/link].

Personal Information Collected

 

We collect and use information that identifies, relates to, describes, references, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular employee or household (”personal information”). Personal information does not include:

 

  • Publicly available information, including from government records, through widely distributed media, or that the employee made publicly available without restricting it to a specific audience.
  • Lawfully obtained, truthful information that is a matter of public concern.
  • Deidentified or aggregated employee information.
  • Information excluded from the CCPA’s scope, like:

 

  • health or medical information covered by the Health Insurance Portability and Accountability Act (HIPAA) and the California Confidentiality of Medical Information Act (CMIA), clinical trial data, or other qualifying research data; or
  • personal information covered by certain sector-specific privacy laws, including the Fair Credit Reporting Act (FCRA), the Gramm-Leach-Bliley Act (GLBA), California Financial Information Privacy Act (FIPA), and the Driver’s Privacy Protection Act.]

Personal Information Categories Chart             

 

The following table describes our collection practices with regard to information submitted    

 

Information Type Examples Collected
Personal identifiers A legal name, alias or nickname, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, date of birth, Social Security number, driver’s license number, passport number, or other similar identifiers, and similar information for your dependents and beneficiaries. YES
Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)). A name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver’s license or state identification card number, insurance policy number, education, employment, employment history, membership in professional organizations, professional licenses and certifications, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information.

Some personal information included in this category may overlap with other categories.

 

 YES
Protected classification characteristics under California or federal law.

 

 Age, race, national origin, citizenship, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), military and veteran status.

 

 YES
Commercial Information Records of personal property, products, or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies. NO
Biometric Information Genetic, physiological, behavioral, and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as fingerprints, faceprints, and voiceprints, iris or retina scans, keystroke, gait, or other physical patterns, and sleep, health, or exercise data, and certain wellness metrics. NO
Internet or other similar network activity All activity on our information systems (such as internet browsing history, search history, intranet activity, email communications, social media postings, stored documents and emails, usernames, and passwords) and all activity on the Company’s communications systems (such as phone calls, call logs, voicemails, text messages, chat logs, app use, mobile browsing and search history, mobile email communications, and other information about an employee’s use of Company-issued devices).

 

 YES
Professional or employment-related information. Current or past job history or performance evaluations, such as employment application information (work history, academic and professional qualifications, educational records, references, and interview notes, background check, drug testing results, work authorization, performance and disciplinary records, salary, bonus, commission, and other similar compensation data, benefit plan enrollment, participation, and claims information, leave of absence information including religious, military and family obligations, health data concerning employee and their family members).

 

 YES
Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99)). Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records. NO
Sensitive Personal Information Government identifiers, such as your Social Security number (SSN), driver’s license, state identification card, or passport number.

 

Racial or ethnic origin.

 

Citizenship or immigration status.

 

Mail, email, or text messages not directed to the Company (only if sent using a Company-owned device or system).

 

Health information, including job restrictions and workplace illness and injury information.

 

 YES

 

Retention of Records

 

We will retain your Personal Information for as long as it is necessary and to the extent necessary to comply with our legal obligations, resolve disputes, and enforce our legal agreements and policies.

 

Sources of Personal Information

 

‌We obtain the categories of personal information listed above from the following categories of sources:

 

  • Directly from you, such as from the forms or information you submit to us, such as a resume, or information you input into our systems during the job application and employee enrollment processes.

 

  • Indirectly from you, such as your interactions with Company’s computer systems.

 

  • From our service providers such as our payroll providers, insurance companies, benefits providers, operating systems and platforms, HR management providers, and background check providers.
  • From third parties as part of reference checking, or from government entities, such as for background check purposes.

 

  • From other employees, such as from performance reviews or other observations and interactions.

 

How We Use Personal Information

 

We may use and disclose the personal information, including sensitive personal information, we collect to advance the Company’s business purposes, specifically to:

 

  • Comply with all applicable laws and regulations;
  • Recruit and evaluate you as a job applicant and a candidate for employment;
  • Conduct background checks and verify employment eligibility; and
  • Management your employment relationship with us, including for:
  • Onboarding;
  • Timekeeping, payroll, and expense report administration;
  • The design and administration of employee benefits plans and programs, including for leaves of absence;
  • employee training and development requirements;
  • the creation, maintenance, and security of your online employee accounts;
  • the provision of human resources management services and employee data maintenance and support services;
  • reaching you, your emergency contacts, and plan beneficiaries when needed, such as when you are not reachable or are injured or ill;
  • workers’ compensation claims management;

administration and design of health wellness programs;

  • improving employee productivity and the Company’s efficiency, logistics, and supply chain management;

employee job performance, including goals and performance reviews, promotions, discipline, and termination;

  • ensuring compliance with Company information systems policies and procedures;
  • maintaining personnel records and complying with record retention requirements; and
  • other human resources purposes.

 

  • Manage and monitor employee access to and prevent unauthorized access to or use of Company property, including its facilities, equipment, and systems.
  • Conduct internal audits and workplace investigations.
  • Investigate and enforce compliance with and potential breaches of Company policies and procedures.
  • Engage in corporate transactions requiring review of employee records, such as for evaluating potential Company mergers and acquisitions.
  • Maintain commercial insurance policies and coverages, including for workers’ compensation and other liability insurance.
  • Perform workforce analytics, data analytics, and benchmarking.
  • Administer and maintain the Company’s operations, including for safety purposes.
  • For client marketing purposes.
  • Exercise or defend the legal rights of the Company and its employees, customers, contractors, and agents.
  • Respond to law enforcement requests and as required by applicable law or court order.
  • As described to you when collecting your personal information or as otherwise set forth in the CCPA.

 

How We Use and Disclose Sensitive Personal Information

 

We may use or disclose Sensitive Personal Information listed above for the following statutorily approved reasons:

 

  • Performing actions that are necessary for our employment relationship and that an average employee in an employment relationship with us would reasonably expect[, including for [all/many of the] purposes listed in the prior section, Personal Information Collection, Use, and Disclosure Purposes.]
  • Preventing, detecting, and investigating security incidents that compromise the availability, authenticity, integrity, and or confidentiality of stored or transmitted personal
  • information.
  • Defending against and prosecuting those responsible for malicious, deceptive, fraudulent, or illegal actions directed at the Company.
  • Ensuring physical safety.
  • Short-term, transient use, such as non-personalized advertising shown as part of an employee’s current employment with us, if we do not:
  • disclose the sensitive personal information to another third party; or
  • use it to build a profile about the employee or otherwise alter the employee’s experience outside their current employment with the Company.
  • Services performed for the Company, including maintaining or servicing accounts, providing human resources and employee benefits administration, processing or fulfilling transactions, verifying employee information, processing payments, or providing financing, analytic services, storage, or similar services for the Company.
  • Activities required to:
  • verify or maintain the quality or safety of a product, service, or device that we own, manufacture, had manufactured, or control; and
  • improve, upgrade, or enhance the service or device that we own, manufacture, had manufactured, or controlled.

 

Other than the above, we do not collect additional categories of personal information or use the personal information for materially different, unrelated, or incompatible purposes without providing you notice and, if required by law, seeking your consent before using your personal information for a new or unrelated purpose.

 

We may collect, process, and disclose aggregated or deidentified information about our employees for any purpose, without restriction.

 

Disclosing, Selling, or Sharing Personal Information

 

Business Purpose Disclosures

 

We may disclose the personal information we collect, including sensitive personal information, to others for the business purposes described in the sections above on How We Use and Disclose Personal Information and How We Use and Disclose Sensitive Personal Information, such as to engage service providers to help us administer our human resources functions, payroll, benefits, or plans. For example, we may disclose information from the Company’s equipment or your use of our network, systems, or equipment to a service provider that provides us with data and cybersecurity services.

 

We only make these business purpose disclosures under written contracts that describe the purposes, require the recipient to keep the personal information confidential, and prohibit using the disclosed information for any purpose except performing the contract.

 

Selling or Sharing Your Personal Information

 

In the employment context, we do not sell your personal information to third parties.  We also do not share your personal information with third parties for cross-context behavioral advertising purposes.  We reserve the right to share your personal information with any business entity that acquires all or substantially all of our assets in the course of a merger or acquisition transaction, but we have not done so within the last 12 months.

 

Your Rights and Choices

 

If you are a California employee, you have the following rights under the CCPA regarding your personal information:

 

Notice at Collection Regarding the Categories of Personal Information Collected

 

You have the right to receive notice of the categories of personal information we collect, and the purposes for which we use personal information. You also have the right to know about the sources of the personal information and to whom it is disclosed or sold. This information is described above.

 

Right to Opt Out of Sale of Personal Information to Third Parties

 

You have the right to opt out of any sale of your personal information to third parties. To exercise your right to opt out of the sale of your personal information, please visit our “Do Not Sell My Personal Information” webpage or call us at (415) 382-6900.

 

Please note that your right to opt out does not apply to our sharing of personal information with service providers.

 

Right to Know and Request Access to and Deletion of Personal Information

 

You have the right to request access to personal information collected about you and information regarding the source of that personal information, the purposes for which we collect it, and the third parties and service providers with whom we share it.

 

You also have the right to request in certain circumstances that we delete personal information that we have collected directly from you. We may have a reason under the law why we do not have to comply with your request, or why we may comply with it in a more limited way than you anticipated. If we do, we will explain that to you in our response.

 

Right to Correct Personal Information

 

You have the right to request correction of personal information we maintain about you that you believe is inaccurate. We may require you to provide documentation to support your claim that the information is inaccurate. Unless an exception applies, we will correct personal information that our review determines is inaccurate and direct our service providers to take similar action.

 

We will not discriminate against you or retaliate against you for exercising any of your rights under CCPA.

 

How to Submit a Request

 

You may submit a request to exercise your rights through any one of the means below:

 

  • By filling out a Consumer Data Request Form available here.
  • By calling us at (415) 382-6900.

 

Verification Procedures

 

In order to process your request, we must verify your identity. We do this by asking you to:

  • provide personal identifiers we can match against information we may have collected from you previously; and
  • confirm your request using the email or telephone account stated in the request.

 

We will not use personal information we collect in connection with verifying or responding to your request for any purpose other than responding to your request.

 

Authorized Agent

 

You may authorize another individual or a business registered with the California Secretary of State, called an authorized agent, to make requests on your behalf through these means.

Updates to This Policy

 

We reserve the right to update this Employee Privacy Policy at any time. If we make material changes to this Employee Privacy Policy, we will update the policy’s effective date and post the updated policy on our Website and provide written notice to our employees.  We do not provide written notice to job applicants, but we encourage job applicants to check our Website to review the current Employee Privacy Policy in effect.