Workplace Privacy Notice | Flynn Restaurant Group

Flynn Restaurant Group Employee and Job Applicant Privacy Notice

Last Updated: 11/14/2022

Flynn Workplace Privacy Policy (Downloadable PDF)

This Workplace Privacy Notice explains what types of personal information may be collected from and about employees including contractors and temporary workers, job applicants, and candidates, and how that personal information is used and shared by Flynn Restaurant Group and/or its subsidiaries Apple American Group LLC, Bell American Group LLC, Pan American Group LLC, RB American Group LLC, Hut American Group LLC, and Wend American Group LLC (collectively, “Flynn”, “we”, “us” or “our”). Flynn recognizes the confidential nature of the personal information in its care and is accountable for the compliance of itself and its directors, officers, management, employees, representatives, and agents in protecting this personal information.

If you have any questions, comments, or concerns about this policy, please contact privacy@flynnrg.com.

Information Collected

For the purposes of this Workplace Privacy Notice, “personal information” means any information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular individual or household. We collect personal information directly from you in circumstances where you provide personal information (e.g., during the onboarding process, signing up for direct deposit, enrolling in benefits or services). However, in some instances, the personal information we collect has been inferred about you based on other information you provide us, through your interactions with us, or from third parties. When we collect your personal information from third parties, it is either because you have given us express permission to do so, your permission was implied by your actions, or because you provided explicit or implicit permission to the third party to provide the personal information to us. We collect the following categories of personal information:

Category	Source(s)	Purpose(s)	Category of Third Parties with whom We Share	Retention
Identifiers	Directly from you	For administrative employment purposes	Third party service providers who help us perform administrative employment services	As long as necessary to complete the purpose, unless otherwise required under applicable law
Protected classification characteristics under state or federal law	Directly from you	For administrative employment purposes	Third party service providers who help us perform administrative employment services	As long as necessary to complete the purpose, unless otherwise required under applicable law
Commercial information	Directly from you	For administrative employment purposes	Third party service providers who help us perform administrative employment services	As long as necessary to complete the purpose, unless otherwise required under applicable law
Internet or other similar network activity	Indirectly from you	For administrative employment purposes	Third party service providers who help us perform administrative employment services	As long as necessary to complete the purpose, unless otherwise required under applicable law
Audio, electronic, visual, thermal, olfactory, or similar information	Directly or indirectly from you	For administrative employment purposes	Third party service providers who help us perform administrative employment services	As long as necessary to complete the purpose, unless otherwise required under applicable law
Professional or employment-related information	Directly or indirectly from you	For administrative employment purposes	Third party service providers who help us perform administrative employment services	As long as necessary to complete the purpose, unless otherwise required under applicable law
Education information	Directly or indirectly from you	For administrative employment purposes	Third party service providers who help us perform administrative employment services	As long as necessary to complete the purpose, unless otherwise required under applicable law
Inferences drawn from other personal information	Indirectly from you	For administrative employment purposes	Third party service providers who help us perform administrative employment services	As long as necessary to complete the purpose, unless otherwise required under applicable law
Personal information of your dependents or relatives	Directly or indirectly from you	For administrative employment purposes	Third party service providers who help us perform administrative employment services	As long as necessary to complete the purpose, unless otherwise required under applicable law
Information that reveals social security, driver’s license, state identification card, or passport number	Directly from you	For administrative employment purposes	Third party service providers who help us perform administrative employment services	As long as necessary to complete the purpose, unless otherwise required under applicable law
Information that reveals account login, financial account, debit card, or credit card number in combination with any required security or access code, password, or credentials allowing access to an account	Directly or indirectly from you	For administrative employment purposes	Third party service providers who help us perform administrative employment services	As long as necessary to complete the purpose, unless otherwise required under applicable law
Information that reveals racial or ethnic origin, religious or philosophical beliefs, or union membership	Directly or indirectly from you	For administrative employment purposes	Third party service providers who help us perform administrative employment services	As long as necessary to complete the purpose, unless otherwise required under applicable law
Information that reveals contents of mail, email, and text messages	Directly or indirectly from you	For administrative employment purposes	Third party service providers who help us perform administrative employment services	As long as necessary to complete the purpose, unless otherwise required under applicable law
Information concerning health	Directly or indirectly from you	For administrative employment purposes	Third party service providers who help us perform administrative employment services	As long as necessary to complete the purpose, unless otherwise required under applicable law
Biometric information	Directly from you	For administrative employment purposes	Third party service providers who help us perform administrative employment services	As long as necessary to complete the purpose, unless otherwise required under applicable law

In the course of providing administrative employment services, including processing job applications, we may collect the following specific pieces of personal information from you:

Name, email address, gender, home address and telephone number, date of birth, marital status, employee identification number, and emergency contacts.
Residency and work permit status, military status, nationality, and passport information.
Social security or other taxpayer/government identification number.
Payroll information, banking details.
Wage and benefit information.
Retirement account information.
Sick pay, paid time off, retirement accounts, pensions, insurance, and other benefits information (including the gender, age, nationality and passport information for any spouse, minor children or other eligible dependents and beneficiaries).
Date of hire, date(s) of promotions(s), work history, technical skills, educational background, professional certifications and registrations, language capabilities, and training records.
Beneficiary and emergency contact information.
Height, weight and clothing sizes, photograph, videos, physical limitations, tobacco use, and special needs.
Records of an employee’s login information including usernames and passwords, systems accessed.
Records of locations worked, work absences, vacation/paid time off, entitlement and requests, salary history and expectations, performance appraisals, letters of appreciation and commendation, and disciplinary and grievance procedures (including monitoring compliance with and enforcing our policies).
Video surveillance information collected at our facilities.
Disciplinary investigation records including the investigators notes, witness information and contacts, pictures or videos submitted by staff, bystanders, guests, and managers.
Records of employee time clock punches, card swipes, and other access data tied to an employee swipe card.
Where permitted by law and applicable we may collect the results of credit and criminal background checks, the results of drug and alcohol testing, health screening, health certifications, vaccination information, medical records, driving license number, automobile insurance information, vehicle registration and driving history.
Social media information, including profile picture and publicly shared data.
Voicemails, e-mails, correspondence, documents, and other work product and communications created, stored or transmitted using our networks, applications, devices, computers or communications equipment.
Date of resignation or termination, reason for resignation or termination, information relating to administering termination of employment (e.g., references).
Letters of offer and acceptance of employment.
Your resume or CV, cover letter, previous and/or relevant work experience or other experience, education, transcripts, or other information you provide to us in support of an application and/or the application and recruitment process.
References and interview notes.
Personal information that is necessary for us to retain and administer benefits to another person relating to you.

Use of Information Collected

We use your personal information for the following purposes:

To manage all aspects of the employment relationship (e.g., determining eligibility for initial employment; pay and benefit administration; development and training; absence monitoring; project management; auditing, compliance, and risk management activities; employee communications; performance evaluation; disciplinary actions; grievance and internal investigation activities; processing employee work-related claims, such as worker’s compensation claims).
Maintain directories of employees.
Administer our occupational safety and health programs.
To protect the safety and security of our workforce, guests, property, and assets (including controlling and facilitating access to and monitoring activity on and in our premises and activity using our computers, devices, networks, communications and other assets and resources).
To investigate and respond to claims against us.
To maintain emergency contact and beneficiary details.
To comply with applicable laws (e.g., health and safety, employment laws, office of foreign asset controls regulations, tax laws), including judicial or administrative orders regarding individual employees (e.g., garnishments, child support payments).
To carry out other purposes as part of our business activities when reasonably required by us.

Sharing and Disclosure of Information Collected

Your personal information may be shared, including to our affiliates, subsidiaries and other third parties, as follows:

To third party service providers, agents, or independent contractors who provide administrative services to us.
We may share your personal information in the course of any direct or indirect reorganization process including, but not limited to, mergers, acquisitions, and sales of all or substantially all of our assets.
We may disclose your personal information to law enforcement, government agencies, and other related third parties, in order to comply with the law, enforce our policies, or protect our or others’ rights, property or safety.
We do not sell your personal information to any third parties.

Knowledge of Unauthorized Disclosure

Any employees who have knowledge of an impending unauthorized disclosure, whether intentional or unintentional, and who fail to act to prevent the unauthorized disclosure will be subject to sanction as described in the Enforcement section below, up to and including the immediate dismissal of the offending employee.

Enforcement

All employees having care over or access to personal information must comply with the policies, procedures and practices described in this Workplace Privacy Notice. Any breach of any term or condition of this Workplace Privacy Notice, whether intentional or unintentional, is grounds for disciplinary action up to and including the immediate dismissal of any and all responsible employees.

Changes to this Workplace Privacy Notice

This Workplace Privacy Notice is reviewed periodically to ensure it accurately captures all types of personal information collected or any additional or different processing of such personal information. We may, therefore, change this Workplace Privacy Notice at any time and will update the “Last Updated” date accordingly. If we make material changes, we will notify you via email at the email address we have on file for you.

New York Employee Notice

For any employees in New York, please be advised that any and all telephone conversations or transmissions, electronic mail or transmissions, or internet access or usage by an employee by any electronic device or system, including but not limited to the use of a computer, telephone, wire, radio or electromagnetic, photoelectronic or photo-optical systems may be subject to monitoring at any and all times and by any lawful means.

California Residents Supplemental Notice – Data Privacy Rights

California residents have the following data rights:

Right to Know and to Access

Subject to certain exceptions, and legal obligations, you have the right to request that we disclose certain information to you about our collection and use of your personal information over the past 12 months. You also have the right to request access to Personal Information collected about you and information regarding the source of that information, the purposes for which we collect it, and the third parties and service providers with whom we share it.
This information is disclosed in the “Information Collected” Section of this Privacy Notice. You may also submit a request for this information as described below. To protect your Personal Information, we are required to verify your identity before we can act on your request.

Right to Portability

You have the right to request that we provide a copy of the personal information we have collected about you, in a portable and, to the extent technically feasible, readily usable format that allows you to transmit the data to another entity without hindrance. This right is subject to certain exceptions, and legal obligations imposed by state or federal privacy and employment laws. Once we receive your request and confirm your identity, we will provide to you a copy of your data as required under the applicable data protection laws. We may provide this data to you through your user account with us, or via email to the email address you have provided with your request.

Right to Delete

You have the right to request that we delete any of your personal information. Once we receive your request and confirm your identity, we will review your request to see if an exception allowing us to retain the information applies. This right is subject to certain exceptions, and legal obligations imposed by state or federal privacy and employment laws. We will delete or deidentify personal information not subject to one of these exceptions from our records and will direct our service providers to take similar action.

Right to Correct Inaccurate Information

Subject to certain exceptions, and legal obligations imposed by state or federal privacy and employment laws, you have the right to request that we correct inaccurate personal information that we have collected about you. Once we receive your request and confirm your identity, we will review your request, taking into account the nature of the personal information and the purposes of the processing of the personal information to see if we can correct the data. We may also request additional information showing that the information you want to correct is inaccurate.

Right to Opt-out of Cross Context Behavioural Tracking

We do not use our employee’s personal information for cross context behavioural tracking.

Non-Discrimination or Retaliation

We will not discriminate or retaliate against you for exercising any of your data privacy rights.

How to Submit a Request

You may submit a request to exercise your rights through one of two means:

By filling out an Employee Data Request Form available at https://www.flynnrestaurantgroup.com/privacy-request/.
(2) By calling us toll-free at 1-855-575-7220.

Verification Procedures

In order to process your request to exercise your rights, we must first verify it. We do this by asking you to:

Provide personal identifiers we can match against information we may have collected from you previously; and
Confirm your request using the email and/or telephone account stated in the request; or

We will not collect additional Personal Information from you for the sole purpose of your exercising your rights under the data protection laws. Similarly, we will not require you to create an account with us, solely for the purpose of exercising your rights under the data protection laws.

Authorized Agent

You may authorize another individual or a business registered with the California Secretary of State, called an authorized agent, to make requests on your behalf. We require that you and the individual complete notarized affidavits in order to verify the identity of the authorized agent and confirm that you have authorized them to act on your behalf. Parents of minor children may submit a birth certificate of the child in lieu of an affidavit, in order to make requests on the child’s behalf.

Right to Opt Out of the Sale or Sharing of Personal Information to Third Parties

You have the right to opt out of the sale or sharing of your Personal Information by Flynn to third parties. Under California law, “sell” information means to disclose it to a third party for monetary or other benefit and “share” information means to disclose it to a third party for cross-context behavioral advertising, whether or not for monetary or other valuable consideration. We do not sell or share your personal information, as those terms are defined under California law.

Right to Limit Use and Disclosure of Sensitive Personal Information

You have the right to direct us to limit our use of your Sensitive Personal Information to that use which is necessary to perform the services or provide the goods reasonably expected by an average consumer who requests those goods or services. We only use Sensitive Personal Information only as it is necessary to perform the services for which it was collected.