Privacy Notice for Employees and Contractors
Last Updated: May 24, 2024
Karat, Inc. (the “Company” or “we”) is committed to protecting the privacy and security of personal information, which is defined as any information that identifies you (“Personal Information” or “Personal Data”) of our current and former employees (“Employees”) and contractors (together with Employees, “Personnel”) and their emergency contacts and beneficiaries. The Company does not sell or otherwise disclose this Personal Information for monetary or other consideration to any third parties.
The Company is committed to complying with all data privacy laws in the jurisdictions in which the Company collects Personal Information of its Personnel.
You may access a copy of this privacy notice by contacting privacy@karat.com.
WHAT CATEGORIES OF PERSONAL INFORMATION DO WE COLLECT AND HOW DO WE USE THIS INFORMATION?
We may collect the following categories of Personal Information for the purposes described below:
Category of Personal Data | Personal Information Collected | Purpose |
Personal identifiers | Examples:
| The Company collects personal identifiers to onboard Personnel; enroll and administer benefits; enter into contracts; and use for general human resource purposes. |
Records identified by state law (including the California Customer Records statute (Cal. Civ. Code § 1798.80(e))) | Examples:
| The Company collects this information to process job applications; onboard Personnel; enroll and administer benefits; enter into contracts; and use for general human resource purposes.– The Company collects pay information – such as pay rate, payroll deduction information, banking information for direct deposit, and credit card information for expense reimbursement – to pay its Personnel and comply with applicable laws. |
Protected classification characteristics under state or federal law | Examples:
| The Company collects equality and diversity information, such as minority, veteran and disability status, through voluntary self-disclosure and other means to implement the Company’s diversity programs and to comply with applicable laws.– The Company collects health and safety information to maintain a safe workplace; assess your working capacity; administer health and Workers’ Compensation insurance programs; and comply with applicable laws. – The Company also collects information necessary for benefits enrollment and administration purposes. |
Commercial information | Examples:
| If you are a contractor, we may collect commercial information from or about you in connection with obtaining services from you. |
Internet or other similar network activity information | Examples:
| The Company collects this information to protect Company, customer, and Personnel property, equipment and confidential information; monitor Personnel performance; and enforce the Company’s electronic communications acceptable use policies. |
Geolocation data | Examples:
| The Company collects geolocation data for general human resource purposes. |
Audio and video data or other images | Examples:
| The Company may collect audio and visual information of Personnel through photographs used for identification purposes and to promote the Company. The Company collects audio and video recordings of training sessions. |
Professional or employment-related information |
| The Company collects professional and employment-related information to manage its relationship with Personnel. |
Education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99)) | Examples:
| The Company collects education information in connection with the job promotion process; to evaluate Employees for promotions; and to feature Employees in marketing materials and on the Company’s website. |
Inferences drawn from other personal information | Examples:
| The Company may collect inferences drawn from other personal information to manage our relationship with Personnel. |
Personal Data about children under the age of 16 | Personal information about Employees’ dependents under the age of 16 | The Company collects information about Employees’ dependents under the age of 16 if Employees voluntarily provide such information in connection with the enrollment and administration of benefits and other human resource purposes that involve such dependents. |
Legal and Contractual Information | Information necessary to: respond to law enforcement and governmental agency requests; comply with legal and contractual obligations; exercise legal and contractual rights; and initiate or respond to legal claims | The Company collects this information to comply with legal and contractual requirements and to establish, exercise and defend legal and contractual rights and claims. |
Emergency Contact Information |
| The Company collects this information to contact the Employee’s designated emergency contact persons in the event of an emergency. |
Beneficiary Information |
| The Company collects this information to enroll and administer benefits programs for beneficiaries of Employees. |
SOURCES OF PERSONAL INFORMATION
We collect personal information directly from you. We may also combine personal information collected from other sources with the personal information you provide to us. For example, we may collect information from:
- Recruiters
- Prior employers (e.g., for references)
- Professional references you provide to us
- Educational institutions
- Pre-employment screening services
- Credentialing and licensing organizations
- Publicly available sources such as your social media profile (e.g., LinkedIn, Twitter and Facebook)
- Third parties as necessary for providing you with benefits and ancillary services
- Other sources as directed by you
DISCLOSURE OF PERSONAL INFORMATION
We may share your Personal Information as necessary for the purposes described in this privacy notice. In all such circumstances, we remain liable to you for processing your Personal Information in compliance with this privacy notice. For example, we share your Personal Information with the following parties:
- Affiliates: We may share your Personal Information with our affiliates.
- Service Providers: We use service providers to operate, host and facilitate our operations and business (including human resources operations). These include hosting, technology and communication providers; security and fraud prevention consultants; analytics providers; background and reference check screening services; and hiring process and benefits management and administration tools.
- Government authorities and law enforcement: In certain situations, we may be required to disclose Personal Data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
- Business transfers: Your Personal Information may be transferred to a third party if we undergo a merger, acquisition, bankruptcy or other transaction in which that third party assumes control of our business (in whole or in part).
- Professional advisors: We may share your Personal Information with our professional advisors.
Other: We may also share your Personal Information with third parties for purposes of fulfilling our legal obligations under applicable law, regulation, court order or other legal process, such as preventing, detecting and investigating security incidents and potentially illegal or prohibited activities; protecting the rights, property or safety of you, us or another party; enforcing any agreements with you; responding to claims; and resolving disputes.
JURISDICTION-SPECIFIC NOTICES
US Residents
If you are a resident of certain US jurisdictions, including the State of California or Nevada you have the additional rights set forth in this section under applicable state law with respect to your Personal Data, which include the right to access, right to deletion, and right to correction or rectification, as further described in “US Residents” at https://karat.com/privacy/.
Furthermore, we will not sell your Personal Data, and have not done so over the last 12 months. We do not sell the Personal Data of minors under 16 years of age.
We will not discriminate against you for exercising your rights. We will not deny you our goods or services, charge you different prices or rates, or provide you a lower quality of goods and services if you exercise your rights.
European Residents
If you are a resident of the European Union (“EU”), United Kingdom, Switzerland, Lichtenstein, Norway or Iceland, you may have additional rights under the EU General Data Protection Regulation and UK General Data Protection Regulation (collectively, “GDPR”) with respect to your Personal Data, which include the right to access, right to rectification and erasure, and right to object to certain types of processing, as further described in “Europe Residents Data Subject Rights” at https://karat.com/privacy/.
We will only process your Personal Data if we have a lawful basis for doing so. Lawful bases for processing include contractual necessity and our “legitimate interests” or the legitimate interest of others, as further described at https://karat.com/privacy/.
INTERNATIONAL TRANSFERS
The Personal Information that we collect may be transferred to, and stored at, a location outside of your jurisdiction, including outside the European Economic Area (“EEA”), Switzerland and the UK, and in countries that are not subject to an adequacy decision by the European Commission and that may not provide for the same level of data protection as your jurisdiction. It may also be processed by staff operating outside of your jurisdiction who work for us in connection with the activities outlined in this Privacy Policy. More specifically, Karat is located in the United States and operates globally; we currently utilize data centers in the United States. The laws in the United States regarding Personal Information may be different from the laws of your jurisdiction or country. Any international transfers, collection, storage, or processing of your Personal Information will comply with safeguards as required by relevant law.
Standard Contractual Clauses
For transfers from the EEA, the UK, or Switzerland to the United States, we will comply with applicable laws to provide an adequate level of data protection for the transfer of your personal data. Karat relies on the European Commission approved Standard Contractual Clauses (and the equivalent standard contractual clauses for the UK where appropriate) as a legal mechanism for data transfers to the United States.
Data Privacy Framework
Karat also complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. Karat has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF. Karat has certified to the U.S. Department of Commerce that it adheres to the UK Extension to the EU-U.S. Data Privacy Framework Principles with regard to the processing of personal data received from the UK in reliance on the UK Extension to the EU-U.S. DPF. In addition, Karat has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles, the UK Extension to the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. As a part of our compliance with the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, we are subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC). To learn more about the Data Privacy Framework program, and to view our certification, please visit https://www.dataprivacyframework.gov/.
In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, we commit to cooperate and comply respectively with the advice of the panel established by the EU data protection authorities (DPAs) and the UK Information Commissioner’s Office (ICO) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to unresolved complaints concerning our handling of human resources data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF in the context of the employment relationship. If your complaint still is not resolved through the above channels, under limited circumstances, an additional binding arbitration option may be available before a DPF panel, as described at https://www.dataprivacyframework.gov/s/.
HOW WE UPDATE THIS PRIVACY NOTICE
Karat reserves the right, at its sole discretion, to change, modify, add or remove portions of this privacy notice, at any time. We will alert you to any such changes by sending you an email and/or by other legally-binding means. The processing of your Personal Information is subject to this privacy notice in effect at the time such information is collected.
CONTACT FOR QUESTIONS
If you have any questions or concerns regarding this privacy notice or the collection of your Personal Information, please contact:
- Karat, Inc.
Attn: Legal Department – Privacy 1414 NE 42nd St, Ste 204
Seattle, WA 98105-6271 USA
privacy@karat.com
+1 (509) 761-9141
Personnel with disabilities may access this notice in an alternative format by contacting accommodation@karat.com.
If you are located in the EU, Switzerland or the UK, you may also contact the following:
- Data Protection Officer
Dr. Felix Witternprivacy@karat.com Fieldfisher Tech Rechtsanwaltsgesellschaft mbH, Am Sandtorkai 68, 20457 Hamburg, Germany - EU Member Representative:
Karat@LionheartSquared.eu
Lionheart Squared (Europe) Ltd, 2 Pembroke House, Upper Pembroke Street 28-32, Dublin D02 EK84, Republic of Ireland - UK Member Representative:
Karat@LionheartSquared.co.uk
Lionheart Squared Limited, Attn: Data Privacy, 17 Glasshouse Studios, Fryern Court Road, Fordingbridge, Hampshire, SP6 1QX, United Kingdom