National Steel & Shipbuilding Co. California Consumer Privacy Act Policy
Personal Information Collected
NASSCO collects personal information data through its interactions with individuals. Individuals provide this information voluntarily as a condition of employment or upon application for employment with NASSCO. NASSCO collects personal information as is practicably necessary, or as required by state and federal law, in order to provide services related to employment or potential employment with NASSCO as well as to manage and operate its business. NASSCO also collects such information to prevent unauthorized access and modification to company facilities and systems, to prevent unauthorized access to Government facilities and systems, and to update employment records. Where the company uses and/or discloses Sensitive Personal Information (SPI), its use and/or disclosure of SPI is limited to those purposes defined in the California Consumer Privacy Act Regulations §7027(m).
NASSCO does not sell or share your personal information to third parties, and has not done so in the previous twelve months. As such, NASSCO does not have actual knowledge that it sells or shares the personal information of consumers under 16 years of age.
A. Categories of Personal Information Collected
- Identifiers such as real name, alias, postal address, email address, account name, social security number, driver’s license or state identification card number, passport number, or other similar identifiers;
- Physical characteristics or description, insurance policy number, education and employment history, bank account number, medical information, and health insurance information;
- Characteristics of protected classifications under California or federal regulation, as required by law;
- Fingerprints and photographs, as necessary;
- Internet (if on a company network or device) and company intranet network activity information, including but not limited to browsing history, search history, and information regarding an individual’s interaction with an internet website application or advertisement;
- Geolocation data, if using a company device (e.g., a company-provided cellphone);
- Visual and audio information obtained from security devices on the company’s premises;
- Professional or employment-related information, including information obtained pursuant to exercising rights under the CCPA; and/or
- Sensitive personal information (SPI), including:
- Social security, driver’s license, state identification card, and/or passport numbers;
- Account log-in and financial account with any required security or access code, password, or credentials allowing access to an account;
- Geolocation when using company devices or assets;
- Racial or ethnic origin, religious or philosophical beliefs, or union membership;
- Email and text messages if using company addresses, accounts and/or devices, and
- Personal information collected and analyzed concerning health and occupational injuries.
B. Categories of Sources from Whom the Company Collects Personal Information
The Company collects personal information from the following categories of sources:
- An individual or designated agent;
- Publicly accessible sources;
- An individual’s healthcare provider, with consent;
- A bank, credit union, or other financial institutions, with consent;
- Background check providers, with consent; and
- Security systems operating on company property.
C. Categories of Personal Information Disclosed to Third Parties for a Business Purpose
NASSCO discloses categories of Personal Information it collects to third parties only as necessary for business purposes. These business purposes are, as is practicably necessary, or as required by state and federal law, to provide services related to your employment or potential employment, and to manage and operate the business. NASSCO may also disclose such information to prevent unauthorized access and modification to its facilities and systems and to prevent unauthorized access to Government facilities and systems.
D. Rights under the CCPA
Under the CCPA, individuals may exercise the following rights:
- The right to know what personal information the company has collected about them, including the categories of personal information, the categories of sources from which the personal information is collected, the business or commercial purpose for collecting, selling, or sharing personal information, the categories of third parties to whom the Company discloses personal information, and the specific pieces of personal information the business has collected;
- The right to delete personal information that the business has collected, if appropriate and subject to certain exceptions;
- The right to correct personal information that the business maintains about an individual;
- If the company sells or shares personal information, the right to opt-out of the sale or sharing of your personal information by the company, unless subject to an exception;
- If the company uses or discloses sensitive personal information for reasons other than those set forth in CCPA Regulations §7027(m), the right to limit the use or disclosure of sensitive personal information by the company; and
- The right not to receive discriminatory treatment by the company for the exercise of privacy rights conferred by the CCPA, including an employee’s, applicant’s, or independent contractor’s right not to be retaliated against for the exercise of their CCPA rights.
Please note that, as described above, the company limits its use of sensitive personal information to the uses necessary to perform the services expected by the average consumer, in addition to any of the legally authorized exceptions in CCPA Regulations §7027(m), and it does not sell or share personal information.
Attn: Privacy Officer
National Steel & Shipbuilding Co.
2798 East Harbor Drive
San Diego, CA 92113-3650
When making a request, the company may require up to three pieces of personal information to verify identity prior to responding to a request. For instance, current employees may need to verify a request by providing company computer log in and password along with employee badge number. Current employees without a company email account, may be asked to provide badge number and state identification number and/or social security number. Requests submitted by an authorized agent will require additional verification, including written permission to act on an individual’s behalf, which the company will verify.
Upon receipt of a request, the company will respond within ten business days to confirm receipt, provide information about how the request will be processed, begin the process of verifying the request, and provide notice when a response will be complete (no later than 45 calendar days from the day request is received). If the company is unable to verify an individual’s identity, additional information may be requested or the initial request denied. In the event it is proves difficult to verify an individual’s identity, the company may provide notice of up to an additional 45 days to process the request.
Modifications and Revisions