California HR Data Privacy Policy

 Effective January 1, 2024 

1. INTRODUCTION AND SCOPE 

This California HR Data Privacy Policy (“Policy” or “Privacy Policy”) describes Mattson Technology Inc., and its parent and affiliates as applicable, (collectively referenced herein as “we”, “us”, “our”, and “MTI”), processing of California residents’ Personal Information (defined herein) in various human resources (HR) contexts. We are providing this Policy to you in order meet our obligations under the California Consumer Privacy Act (CCPA) and Consumer Privacy Rights Act (CPRA) (collectively “Privacy Laws”). 

This Privacy Policy is intended solely for, and is applicable only to, current and former California employees, job applicants, referrals, interns, agency workers, contractors, consultants, and other individuals whose information we collect in connection with providing employment, such as emergency contacts, beneficiaries and dependents (referenced herein as “you”, inclusive of “your”). 

This Privacy Policy applies to MTI’s internal HR data practices; other privacy policies may be available and applicable on software platforms that HR uses (e.g. ADP and Oracle). As a user of such platforms, please ensure that you review such policies from time-to-time as the terms are subject to change. 

2. EXCLUSIONS

This Privacy Policy does not apply to individuals who are not California residents at the time of collection. This Privacy Policy also does not apply to our collection and use of your PI in a consumer or business-to-business capacity. In the event of a conflict between any other MTI policy, statement or notice and this Privacy Policy, this Privacy Policy will prevail as to PI collected in an HR context, unless stated otherwise. 

3. NOTICE OF DATA PRACTICES

As required by the Privacy Laws, this Privacy Policy is designed to provide you with notice of our current, recent and historical data practices over the prior 12 months (from the Effective Date listed at the top of this Privacy Policy). This Privacy Policy will be reviewed and updated as needed and on at least an annual basis. 

a) PI Definition and Collection

Personal Information (“PI”) means information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular California resident or household. PI does not include publicly available, deidentified, or aggregated information or lawfully obtained, truthful information that is a matter of public concern. 

The table below lists the categories of PI that is collected in the course of employment or engagement with MTI and examples of PI within such category: 

**Categories of PI Collected 
Personal Identifiers Name, alias name, signature, Social Security number, passport number, driver’s license or state identification card number, account name, and online identifiers 
Contact Information Email address, telephone number, postal address, and contact information of referrals, references, and emergency contacts 
Employment-Related Information Background check, credit check, education verification, employment verification, drug testing information, timekeeping records, performance records, training records, work history, and prior employer information 
Education Information Education history and related-records 
Benefits Administration Information Insurance policy number, vacation/holiday and other paid time off or absence records, requests for leave, health-related information, military or veteran status, marital status, and information about family members and dependents (for example, if you enroll them in our benefits plan or name them as a beneficiary) 
Financial Information Company-issued credit and debit card information, personal bank account or credit information (for example, direct deposit for your pay or for expense reimbursements), and tax identification number (if applicable). 
Professional Information Resume/CV, employment history, education history, certifications, language proficiency, references 
Classifications Sex, gender, age, race, national origin, disability, medical conditions and information, citizenship, immigration status, marital status, military and veteran status 
Internet Information Internet or network activity information, such as browsing history, search history, and interactions with our website, applications or systems, and IP address 
Location Information Geolocation data, such as device location for MTI-owned devices and vehicles 
Audio and Visual Information Audio, electronic, visual, and similar information, such as images and audio, video recordings created in connection with our business activities 
Emails and messages Contents of an employee’s mail, email, and text or instant messages sent from an MTI work account 
Characteristics of protected classifications necessary to satisfy our obligations as an employer and your rights as an employee under applicable law Race, color, gender, age, national or ethnic origin, disability, citizenship or immigration status, marital status, medical condition, military or veteran status, and requests for family care leave, for leave for an employee’s own serious health condition, or for pregnancy disability leave. 

**There may be additional information that we collect that meets the definition of PI under the Privacy Laws but is not reflected by a category above, in which case we will treat it as PI as required, but will not include it when we describe our practices by category of PI.

b) Sources of PI: We may collect your PI from a number of sources, including: 

  • You, such as when you apply for a position or become employed or engaged by us (e.g., identification/identity data, contact details, educational and employment data), or otherwise during the course of your employment or engagement; 
  • Your devices and our equipment and systems; 
  • From other personnel through interactions in the course of employment or engagement (e.g., performance reviews by your supervisor, information provided by a co-worker, etc.); 
  • From third parties (e.g., background check and vendors, references, job agencies), including third-party online services, and from public sources of data; 
  • Our affiliates and related entities; and/or 
  • If you are an emergency contact, beneficiary, or dependent, from your family member or friend who is employed by us. 

c) Use of PI: We retain, use, and disclose your PI only for HR business purposes including:

  • To comply with state and federal law and regulations; 
  • To have you fill out applications and forms associated with your employment or prospective employment; 
  • To verify your ability to work in this country indefinitely or for a specified time; 
  • To identify you as a veteran; 
  • To have you acknowledge your agreement to certain company policies; 
  • To process payroll; 
  • To track time and attendance; 
  • To manage workers’ compensation claims; 
  • To enroll you in our wellness program; 
  • To administer and maintain benefits, including group health insurance; 
  • To administer and maintain a retirement savings plan; 
  • To maintain commercial insurance policies and coverages, including for workers’ compensation and other liability insurance; 
  • To manage employee performance of their job duties, including promotions, discipline, and/or termination; 
  • To conduct workplace investigations; 
  • To obtain and verify background checks; 
  • To grant and monitor your access to secure company facilities; 
  • To implement, monitor, and manage electronic security measures on devices that are used to access networks and systems (e.g., incident management); 
  • To engage in corporate transactions requiring review of employee records and information such as audits and financial evaluations of the Company, its parent and/or any of its affiliates; 
  • To review web traffic and events, monitor for virus attacks and web content, and determine bandwidth consumption; 
  • To anonymize and/or aggregate data to perform workforce analytics, data analytics, and benchmarking; and 
  • For emergency contact purposes. 

d) Third Party Recipient Access:

In order to support the business purposes identified above, we may disclose and/or allow access to the following third parties: 

Personal Identifiers and Contact Information Human resource/payroll information systems, operating systems and platforms, company-used software applications, customer relationship management systems, background check service providers, government or law enforcement entities, expense management service providers, enterprise travel providers, data analytics providers, company bankers, authentication and single sign-on providers, security providers, mobile device management providers, accountants, attorneys (if required), benefits providers, social networks, company insurers, consultants and other professional advisors 
Medical and insurance information Benefits providers and company insurers 
Education, employment history, and related information Applicant software, background check service providers, benefits providers, attorneys (if required) 
Characteristics of protected classifications under California or federal law Applicant software, human resource/payroll information systems, benefits providers, company insurers, background check service providers, attorneys (if required) 

e) Retention Details:

We retain PI for as long as necessary to fulfill the purposes for which we collect it, such as to provide employment and benefits, and for the purpose of satisfying any legal, regulatory, accounting, contractual or reporting requirements that apply to us. Please contact HR using the contact methods described in the “How to Contact Us” section below for more information.

f) Sale of PI:

We do not sell and have not sold PI identified and detailed in this Privacy Policy. 

4. YOUR HR DATA RIGHTS AND HOW TO EXERCISE THEM 

MTI provides California residents the privacy rights described in the table below pursuant to our obligations under the Privacy Laws. To exercise your privacy rights, or, if you are an authorized agent of another exercising privacy rights on behalf of someone else, you can submit a request by the following methods: 

  • Email: [email protected] 
  • Mail: Mattson Technology, Inc. 
    Attn: HR Department 
    47131 Bayside Parkway 
    Fremont, CA 94538 

Please respond to any follow-up inquiries we make, including in relation to the request verification process that we describe further below. 

RIGHT TO KNOW You have the right to request that we disclose to you the PI we collected about you in the 12-month period preceding your request. This right includes the right to request: (1) specific pieces of PI we have collected about you; (2) categories of PI we have collected about you; (3) categories of sources from which the PI was collected; (4) categories of PI that we sold or disclosed for a business purpose about you (if applicable); (5) categories of third parties to whom your PI was sold or disclosed for a business purpose (if applicable); and (6) the business or commercial purpose for collecting or, if applicable, selling your PI. 
RIGHT TO DELETE You have the right to request that we delete your PI that we have collected from you, with some exceptions. 
RIGHT TO CORRECT You have the right to correct inaccurate PI we maintain about you. 
RIGHT TO OPT OUT OF SALE You have the right to say no to the sale of your PI. The Privacy Laws defines “sell” to mean selling, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, in writing, or by electronic or other means, a California resident’s PI to another business or a third party for monetary or other valuable consideration. MTI does not sell or share Employee PI with others for monetary or other valuable consideration.
RIGHT TO LIMIT PROCESSING OF SENSITIVE PI If we use or disclose Sensitive PI for purposes other than those allowed by the Privacy Laws and its regulations, the right to limit our use and disclosure. MTI does not use or disclose Sensitive PI for purposes other than those allowed by the Privacy Laws and its regulations.
RIGHT TO NON-DISCRIMINATON You have the right to non-discrimination for exercising your Privacy Laws rights. MTI will not and does not discriminate against you for exercising any of your Privacy Laws rights.

5. VERIFYING REQUESTS, AGENT REQUESTS AND OUR RESPONSES

a) Request Verification Process: 

We will comply with your request upon verification of your identity and, where applicable, the identity of the California Employee on whose behalf your request is made. For requests to access categories of PI and for requests to delete or correct PI that is not sensitive and does not pose a risk of harm by unauthorized deletion or correction, we will verify your identity to a reasonable degree of certainty by verifying at least two data points that you previously provided to us and which we have determined to be reliable for the purpose of verifying identities. For requests to access specific pieces of PI or for requests to delete or correct PI that is sensitive and/or poses a risk of harm by unauthorized deletion or correction, we will verify your identity to a reasonably high degree of certainty by verifying at least three pieces of PI you previously provided to us and which we have determined to be reliable for the purpose of verifying identities. In addition, you must submit a signed declaration under penalty of perjury stating that you are the individual whose PI is being requested. If your request cannot be fulfilled due to an exception or our legal requirements, we will let you know. If we cannot verify you in respect of a certain requests, such as if you do not provide the requested information, we will still take certain action as required by the Privacy Laws. For example: 

  • If we cannot verify your deletion request, we will refer you to this Privacy Policy for a general description of our data practices. 
  • If we cannot verify your specific pieces request, we will treat it as a categories request. 

b) Agent Requests:

You may use an authorized agent to make a request for you via the above methods, subject to our verification of (i) the agent and (ii) the agent’s authority to submit requests on your behalf. Once your agent’s authority is confirmed, they may exercise rights on your behalf subject to the agency requirements of applicable law. 

c) Our Responses:

Some PI that we maintain is insufficiently specific for us to be able to associate it with an individual (e.g., clickstream data tied only to a pseudonymous browser ID). We do not include that PI in response to those requests. If we cannot comply with a request, we will explain the reasons in our response. We will make commercially reasonable efforts to identify PI that we maintain to respond to your requests. In some cases, particularly with voluminous and/or typically irrelevant data, we may suggest you receive the most recent or a summary of your PI and give you the opportunity to elect whether you want the entirety. We reserve the right to direct you to where you may access and copy responsive PI yourself. We will typically not charge a fee to fully respond to your requests; provided, however, that we may charge a reasonable fee, or refuse to act upon a request, if your request is excessive, repetitive, unfounded, or overly burdensome. If we determine that the request warrants a fee, or that we may refuse it, we will give you notice explaining why we made that decision. You will be provided a cost estimate and the opportunity to accept such fees before we will charge you for responding to your request. 

6. CONTACT US

If you have any questions, comments, concerns, or complaints about our privacy practices, please contact us as indicated below. 

Dept: Human Resources Department 
Attn: HR 
Email: [email protected] 

Download: California HR Data Privacy Policy