United States
California Privacy Act Disclosures (CCPA)
These disclosures are provided by STO Building Group Inc. (“Company”) and apply solely to residents of the State of California (“consumers” or “you”) with respect to personal information the Company processes as a business. Any terms defined in the California Consumer Privacy Act of 2018, as amended from time to time, including by the California Privacy Rights Act of 2020 and its implementing regulations (“CCPA”) have the same meaning when used in these disclosures. These disclosures do not reflect our collection, use, or disclosure of California residents’ personal information, or data subject rights, where an exception or exemption under the CCPA applies. You can download a pdf version of these disclosures here.
1. Notices at Collection
We have set out below categories of personal information about California resident website visitors, customers, prospective customers, corporate representatives of our vendors and other partners, and job applicants and other potential employees. We do not sell or share for cross context behavioural advertising any personal information of California residents. The California Consumer Privacy Act Privacy Policy is in section 2 of these disclosures.
Website Visitors
What Categories of Personal Information Do We Collect?
Non-Sensitive Personal Information:
- Identifiers such as a real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, social security number, driver’s license number, passport number, or other similar identifiers.
- Any information that identifies, relates to, describes, or is capable of being associated with, a particular individual, including, but not limited to, his or her name, signature, social security number, physical characteristics or description, address, telephone number, passport number, driver’s license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information, but excluding publicly available information that is lawfully made available to the general public from federal, state, or local government records.
- Internet or other electronic network activity information, including, but not limited to, browsing history, search history, and information regarding a consumer’s interaction with an internet website application, or advertisement.
- Geolocation data.
- Professional or employment-related information.
- Education information, defined as information that is not publicly available personally identifiable information as defined in the Family Educational Rights and Privacy Act (20 U.S.C. Sec. 1232g; 34 C.F.R. Part 99).
- Inferences drawn from any personal information to create a profile about a consumer reflecting the consumer’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.
For What Purposes Do We Collect and Use Personal Information?
We use personal information about our website visitors as reasonably necessary and proportionate:
- To perform the services or provide the goods reasonably expected by our website visitors;
- To prevent, detect, and investigate security incidents that compromise the availability, authenticity, integrity, or confidentiality of stored or transmitted personal information, including in or via our premises, computers, software, networks, communications devices, and other similar system;
- To resist malicious, deceptive, fraudulent or illegal actions directed at us and to prosecute those responsible for those actions;
- To ensure the physical safety of natural persons;
- For short-term, transient use;
- To verify or maintain the quality or safety of our services and products;
- To improve, upgrade, or enhance our services and products;
- To market to you; and
- To collect or process it where such collection or processing is not for the purpose of inferring characteristics about a consumer such as to perform functions that are required under laws that apply to us and to support any claim or defense that we could face before any jurisdictional and/or administrative authority, arbitration, or mediation panel, and cooperating with – or informing – law enforcement or regulatory authorities to the extent required by law.
What Criteria Do We Consider When Retaining Personal Information?
In general, with respect to each category of personal and sensitive personal information about website visitors, we retain each category for the longer of: as long as needed or permitted in light of the purpose(s) for which it was obtained and any additional time periods necessary for the compliance with laws, exercise or defense of legal rights, and archiving, back-up, and deletion processes.
Job applicants or other potential workers
What Categories of Personal Information Do We Collect?
Non-Sensitive Personal Information:
- Identifiers such as a real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, social security number, driver’s license number, passport number, or other similar identifiers.
- Any information that identifies, relates to, describes, or is capable of being associated with, a particular individual, including, but not limited to, his or her name, signature, social security number, physical characteristics or description, address, telephone number, passport number, driver’s license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information, but excluding publicly available information that is lawfully made available to the general public from federal, state, or local government records.
- Characteristics of protected classifications under California or federal law.
- Internet or other electronic network activity information, including, but not limited to, browsing history, search history, and information regarding a consumer’s interaction with an internet website application, or advertisement.
- Geolocation data.
- Audio, electronic, visual, or similar information.
- Professional or employment-related information.
- Education information, defined as information that is not publicly available personally identifiable information as defined in the Family Educational Rights and Privacy Act (20 U.S.C. Sec. 1232g; 34 C.F.R. Part 99).
Inferences drawn from any personal information to create a profile about a consumer reflecting the consumer’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.
Sensitive Personal Information
- A consumer’s social security, driver’s license, state identification card, or passport number.
- A consumer’s precise geolocation.
- A consumer’s racial or ethnic origin, citizenship or immigration status (if sponsorship for employment visa status is required), religious or philosophical beliefs, or union membership.
- The contents of a consumer’s mail, email, and text messages unless the business is the intended recipient of the communication.
- Personal information collected and analyzed concerning a consumer’s health.
A consumer’s racial or ethnic origin, citizen or immigration status, religious or philosophical beliefs, or union membership.
For What Purposes Do We Collect and Use Personal Information?
We use personal and sensitive personal information about you as a job applicant or other potential worker for the following purposes as reasonably necessary and proportionate:
- To perform the services or provide the goods reasonably expected by applicants and other potential workers in their role, including those services and goods that are reasonably necessary for us to administer the application process and for our workers to perform their duties, to manage our relationship with applicants and other potential workers from recruitment and as applicable through post the working relationship;
- To prevent, detect, and investigate security incidents that compromise the availability, authenticity, integrity, or confidentiality of stored or transmitted personal information, including in or via our premises, computers, software, networks, communications devices, and other similar system;
- To resist malicious, deceptive, fraudulent, or illegal actions directed at us and to prosecute those responsible for those actions;
- To ensure the physical safety of natural persons;
- For short-term, transient use;
- To perform services on behalf of us;
- To verify or maintain the quality or safety of our services and products;
- To improve, upgrade, or enhance our services and products; and
- To collect or process it where such collection or processing is not for the purpose of inferring characteristics about a consumer such as to perform functions that are required under laws that apply to us and to support any claim or defense that we could face before any jurisdictional and/or administrative authority, arbitration, or mediation panel, and cooperating with – or informing – law enforcement or regulatory authorities to the extent required by law.
What Criteria Do We Consider When Retaining Personal Information?
In general, with respect to categories of personal and sensitive personal information about job applicants and other potential workers, we retain each category for the longer of: until the withdrawal or rejection of your application, or if you are engaged, until the end of your engagement or employment, plus 4 years and any additional time periods necessary for the compliance with laws, exercise or defense of legal rights, and archiving, back-up, and deletion processes.
Customers, prospective customers, corporate representatives of our vendors, and other partners
What Categories of Personal Information Do We Collect?
Non-Sensitive Personal Information:
- Identifiers such as a real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, social security number, driver’s license number, passport number, or other similar identifiers.
- Any information that identifies, relates to, describes, or is capable of being associated with, a particular individual, including, but not limited to, his or her name, signature, social security number, physical characteristics or description, address, telephone number, passport number, driver’s license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information, but excluding publicly available information that is lawfully made available to the general public from federal, state, or local government records.
- Characteristics of protected classifications under California or federal law.
- Commercial information, including records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.
- Internet or other electronic network activity information, including, but not limited to, browsing history, search history, and information regarding a consumer’s interaction with an internet website application, or advertisement.
- Geolocation data.
- Audio, electronic, visual, or similar information.
- Professional or employment-related information.
- Education information, defined as information that is not publicly available personally identifiable information as defined in the Family Educational Rights and Privacy Act (20 U.S.C. Sec. 1232g; 34 C.F.R. Part 99).
- Inferences drawn from any personal information to create a profile about a consumer reflecting the consumer’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.
Sensitive Personal Information:
- Information relating to union membership.
- Personal information collected and analyzed concerning a consumer’s health.
For What Purposes Do We Collect and Use Personal Information?
We use personal information about you as a customer, prospective customer, corporate representative of our vendors, and other partners as reasonably necessary and proportionate:
- To perform the services or provide the goods reasonably expected by you in your role, including those services and goods that are reasonably necessary for us to administer our customer relationships and for our employees to perform their duties;
- To prevent, detect, and investigate security incidents that compromise the availability, authenticity, integrity, or confidentiality of stored or transmitted personal information, including in or via our premises, computers, software, networks, communications devices, and other similar system;
- To resist malicious, deceptive, fraudulent, or illegal actions directed at us and to prosecute those responsible for those actions;
- To ensure the physical safety of natural persons;
- For short-term, transient use;
- To perform services on behalf of us;
- To verify or maintain the quality or safety of our services and products;
- To improve, upgrade, or enhance our services and products;
- To market to you; and
- To collect or process it where such collection or processing is not for the purpose of inferring characteristics about a consumer such as to perform functions that are required under laws that apply to us and to support any claim or defense that we could face before any jurisdictional and/or administrative authority, arbitration, or mediation panel, and cooperating with – or informing – law enforcement or regulatory authorities to the extent required by law.
What Criteria Do We Consider When Retaining Personal Information?
In general, with respect to categories of personal information about customers, prospective customers, corporate representatives of our vendors, and other partners, we retain each category for the longer of: until we determine that the Company will not be engaged by or engage the customer, vendor, or partner, or if a customer, vendor, or partner engages or is engaged by the Company, until the end of such engagement, plus any additional time periods necessary for the compliance with laws, exercise or defense of legal rights, and archiving, back-up, and deletion processes.
2. California Consumer Privacy Act Privacy Policy
Last Updated: April 10, 2024
Our Personal Information Handling Practices in 2023
Category of personal information | From what source did we collect? | Did we disclose? If so, to whom and for what purpose? |
Non Sensitive Personal Information | ||
Identifiers such as a real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, social security number, driver’s license number, passport number, or other similar identifiers. | Website visitors, job applicants or other potential workers, customers, prospective customers, corporate representatives of our vendors, and other partners, and workers. | Yes, to our affiliates, employees and third party service providers. We disclose this information to receive services, to facilitate corporate transactions, and to comply with the law.
|
Any information that identifies, relates to, describes, or is capable of being associated with, a particular individual, including, but not limited to, his or her name, signature, social security number, physical characteristics or description, address, telephone number, passport number, driver’s license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information, but excluding publicly available information that is lawfully made available to the general public from federal, state, or local government records.
(The categories of personal information described in the California Customer Records Act (Cal. Civ. Code § 1798.80(e)) |
Website visitors, job applicants or other potential workers, customers, prospective customers, corporate representatives of our vendors, and other partners, and workers. | Yes, to our affiliates, employees and third party service providers. We disclose this information to receive services, to facilitate corporate transactions, and to comply with the law.
|
Characteristics of protected classifications under California or federal law. | Job applicants or other potential workers, customers, prospective customers, corporate representatives of our vendors, and other partners, and workers. | Yes, to our affiliates, employees and third party service providers. We disclose this information to receive services, to facilitate corporate transactions, and to comply with the law. |
Commercial information, including records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies. | Customers, prospective customers, corporate representatives of our vendors, and other partners. | Yes, to our affiliates, employees and third party service providers. We disclose this information to receive services, to facilitate corporate transactions, and to comply with the law. |
Internet or other electronic network activity information, including, but not limited to, browsing history, search history, and information regarding a consumer’s interaction with an internet website application, or advertisement. | Website visitors, job applicants or other potential workers, customers, prospective customers, corporate representatives of our vendors, and other partners, and workers. | Yes, to our affiliates, employees and third party service providers. We disclose this information to receive services, to facilitate corporate transactions, and to comply with the law.
|
Geolocation data. | Website visitors, job applicants or other potential workers, customers, prospective customers, corporate representatives of our vendors, and other partners, and workers. | Yes, to our affiliates, employees and third party service providers. We disclose this information to receive services, to facilitate corporate transactions, and to comply with the law.
|
Audio, electronic, visual, thermal, olfactory, or similar information. | Job applicants or other potential workers, customers, prospective customers, corporate representatives of our vendors, and other partners, and workers. | Yes, to our affiliates, employees and third party service providers. We disclose this information to receive services, to facilitate corporate transactions, and to comply with the law. |
Professional or Employment related information. | Website visitors, job applicants or other potential workers, customers, prospective customers, corporate representatives of our vendors, and other partners, and workers. | Yes, to our affiliates, employees and third party service providers. We disclose this information to receive services, to facilitate corporate transactions, and to comply with the law.
|
Education information, defined as information that is not publicly available personally identifiable information as defined in the Family Educational Rights and Privacy Act (20 U.S.C. Sec. 1232g; 34 C.F.R. Part 99). | Website visitors, job applicants or other potential workers, customers, prospective customers, corporate representatives of our vendors, and other partners, and workers. | Yes, to our affiliates, employees and third party service providers. We disclose this information to receive services, to facilitate corporate transactions, and to comply with the law. |
Inferences drawn from any of the information identified in this subdivision to create a profile about a consumer reflecting the consumer’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes. | Website visitors, job applicants or other potential workers, customers, prospective customers, corporate representatives of our vendors, and other partners, and workers. | Yes, to our affiliates, employees and third party service providers. We disclose this information to receive services, to facilitate corporate transactions, and to comply with the law. |
Sensitive Personal Information | ||
A consumer’s social security, driver’s license, state identification card, or passport number
|
Job applicants or other potential workers, and workers. | Yes, to our affiliates, employees and third party service providers. We disclose this information to receive services, to facilitate corporate transactions, and to comply with the law. |
A consumer’s account log-in, financial account, debit card, or credit card number in combination with any required security or access code, password, or credentials allowing access to an account.
|
Workers. | Yes, to our affiliates, employees and third party service providers. We disclose this information to receive services, to facilitate corporate transactions, and to comply with the law. |
A consumer’s precise geolocation.
|
Job applicants or other potential workers, and workers. | Yes, to our affiliates, employees and third party service providers. We disclose this information to receive services, to facilitate corporate transactions, and to comply with the law. |
A consumer’s racial or ethnic origin, citizen or immigration status, religious or philosophical beliefs, or union membership.
|
Job applicants or other potential workers, customers, prospective customers, corporate representatives of our vendors, and other partners, and workers. | Yes, to our affiliates, employees and third party service providers. We disclose this information to receive services, to facilitate corporate transactions, and to comply with the law. |
The contents of a consumer’s mail, email, and text messages unless the business is the intended recipient of the communication.
|
Job applicants or other potential workers, and workers. | Yes, to our affiliates, employees and third party service providers. We disclose this information to receive services, to facilitate corporate transactions, and to comply with the law. |
A consumer’s genetic data. | From workers who choose to provide this information. | Yes, to third party service providers. We disclose this information to receive services. |
Personal information collected and analyzed concerning a consumer’s health.
|
Job applicants or other potential workers, customers, prospective customers, corporate representatives of our vendors, and other partners, and workers. | Yes, to our affiliates, employees and third party service providers. We disclose this information to receive services, to facilitate corporate transactions, and to comply with the law. |
Personal information collected and analyzed concerning a consumer’s sex life or sexual orientation. | Directly from workers who choose to provide this information. | Yes, to third party service providers. We disclose this information to receive services. |
Business or Commercial Purpose for Collecting Personal Information
- To perform the services or provide the goods reasonably expected by consumers in their role, including recruiting services, including those services and goods that are reasonably necessary for us to administer our customer and worker and employment relationships and for our workers, including employees, to perform their duties;
- To prevent, detect, and investigate security incidents that compromise the availability, authenticity, integrity, or confidentiality of stored or transmitted personal information, including in or via our premises, computers, software, networks, communications devices, and other similar system;
- To resist malicious, deceptive, fraudulent, or illegal actions directed at us and to prosecute those responsible for those actions;
- For short-term, transient use;
- To perform services on behalf of us;
- To verify or maintain the quality or safety of our services and products;
- To improve, upgrade, or enhance our services and products;
- To perform functions that are required under laws that apply to us:
- To market to consumers such as website visitors, customers, prospective customers, corporate representatives of our vendors, and other partners; and
- To collect or process it where such collection or processing is not for the purpose of inferring characteristics about a consumer such as to perform functions that are required under laws that apply to us and to support any claim or defense that we could face before any jurisdictional and/or administrative authority, arbitration, or mediation panel, and cooperating with – or informing – law enforcement or regulatory authorities to the extent required by law.
We do not have actual knowledge that we sell or share for cross context behavioural advertising, the personal information of California residents under 16 years of age.
CCPA Rights
- As a California resident, you have the following rights under the CCPA:
- The right to know what personal information we have collected about you, including the categories of personal information, the categories of sources from which the personal information is collected, the business or commercial purpose for collecting, selling, or sharing personal information, the categories of third parties to whom we disclose personal information, and the specific pieces of personal information we have collected about you. You may only exercise your right to know twice within a 12-month period.
- The right to delete personal information that we have collected from you, subject to certain exceptions.
- The right to correct inaccurate personal information that we maintain about you.
- The right to opt-out of the sale or sharing of your personal information by us. We do not sell or share for cross-context behavioral advertising any of the categories of personal information that we collect about California residents.
- The right to limit our use and disclosure of sensitive personal information to purposes specified in Cal. Civil Code 1798.121(a). We do not use or disclose sensitive personal information for purposes other than those specified in Cal. Civil Code 1798.121(a).
- The right not to receive discriminatory treatment by the business for the exercise of privacy rights conferred by the CCPA, in violation of California Civil Code § 1798.125, including an employee’s, applicant’s, or independent contractor’s right not to be retaliated against for the exercise of their CCPA rights.
How to Exercise CCPA Rights
Methods of Submission and Instructions: To submit a request to exercise your rights to know, delete or correct, please email privacy@stobuildinggroup.com or call 833.903.2575.
Verification: Only you, or someone legally authorized to act on your behalf, may make a request related to your personal information. You may designate an authorized agent by taking the steps outlined under “Authorized Agent” further below. In your request or in response to us seeking additional information, you, or your authorized agent, must provide sufficient information to allow us to reasonably verify that you are, in fact, the person whose personal information was collected, which will depend on your prior interactions with us and the sensitivity of the personal information being requested. We may ask you for information to verify your identity and, if you do not provide enough information for us to reasonably verify your identity, we will not be able to fulfil your request. We will only use the personal information you provide to us in a request for the purposes of verifying your identity and to fulfill your request.
Authorized Agents: You can designate an authorized agent to make a request under the CCPA on your behalf if:
- The authorized agent is a natural person or a business entity and the agent provides proof that you gave the agent signed permission to submit the request; and
- You directly confirm with the Company that you provided the authorized agent with permission to submit the request.
If you provide an authorized agent with power of attorney pursuant to Probate Code sections 4121 to 4130, it may not be necessary to perform these steps and we will respond to any request from such authorized agent in accordance with the CCPA.
Contact Us
If you have any questions or comments about these disclosures or our practices, please contact us at:
Email address: privacy@stobuildinggroup.com
Postal address: STO Building Group
Attn: Compliance
330 W. 34th St.
New York, NY 10001