Legal/Compliance

VERIFICATION

Ventura Coastal does not currently use a third party audit company to verify our product supply chains in regards to human rights. Instead, the Company holds our suppliers to the Supplier Code of Business Conduct and Ethics, reflecting our values and expectations for all supplier partners.

AUDIT

While the Company does not directly or indirectly conduct supplier audits to evaluate compliance with our standards on human trafficking and slavery, Ventura Coastal has visibility to risks within our supply chain through Sedex, a third party audit system, and documented SMETA audits. We also reserve the right to audit any supplier in regards to human rights at any time now or in the future.

CERTIFICATION

All Ventura Coastal suppliers in the direct supply chain for tangible goods offered to sale certify that they do not use human trafficking or slavery.

INTERNAL ACCOUNTABILITY

The Company reserves the right to discontinue business with any Supplier who fails to comply or return to compliance with Supplier Code of Business Conduct and Ethics within a reasonably established timeframe.

TRAINING

Our company does not currently provide employees or contractors with training on human trafficking and slavery at this time.

COLLECTION OF PERSONAL DATA

Future, current and prior employees have a right to know what types of data is collected on or about them.

In the course of conducting business and complying with federal, state and local government regulations governing such matters as employment, tax, insurance, etc., the Company must collect Personal Information (“Personal Data”). The nature of the information collected varies somewhat for each employee depending on employment relationship and responsibilities, citizenship, work location, and other factors. The company collects Personal Information from future and current employees solely for business purposes.

Data collected may include, but is not limited to the following:

• Name
• Contact information (Phone Number/s, Email Address/es, and Mailing Address/es)
• Employment and educational history
• Background screening information (criminal history, sexual offender registration, motor vehicle records, credit history, reference checks and drug testing)
• Banking and other financial data
• Government identification numbers (ex. Social Security Number or Driver’s License Number)
• Date of Birth
• Gender, Race, and Ethnicity
• Military Affiliation
• Health and Disability data
• Family-related data (ex. Marital status or Dependents)
• Personal and health-related data

The Company also monitors the use of the Internet and surveils the workplace in order to protect the safety and physical as well as cyber security of the Company’s facilities and prevent misuse of the Company’s computer network and other assets.

The Company will not knowingly collect or use Personal Data in any manner not consistent with this Policy, as it may be amended from time to time, and applicable laws.

Application for employment and/or employment with the Company provides express consent to the storage, processing, disclosure and/or destruction of Personal Data as related to employment with the Company or required by governmental agencies. Because Personal Information collected by the Company is necessary for “business purposes” (to administer the employment or work relationship, manage employee performance, and ensure compliance with company policies), applicants and employees are required to provide it. For a complete list of data collected and the associated business purpose for collection, refer to the CCPA/CPRA Notices for Applicants/Employees/Temporary Associates. Refusal or failure to provide requested Personal Information may disqualify an applicant or employeefrom employment with Ventura Coastal or from receipt of certain Company benefits.

USE OF THE INFORMATION COLLECTED

Future, current and prior employees have a right to know how Personal Data collected on or about them is used. The primary purposes for collection, storage and/or use of Personal Information include, but are not limited to:

• Human Resource Management – The Company collects, stores, analyzes and shares (internally) Personal Information in order to attract, retain, motivate and hold our workforce accountable. This includes recruiting, compensation planning, succession planning, reorganization needs, performance management, training, employee benefit administration, compliance with applicable legal requirements and communication with employees and/or their union representatives.
• Business Processes and Management – Personal Information is used to run business operations including scheduling work assignments, managing company assets, reporting and/or releasing public data (ex. required Annual Reports), and populating employee directories. Information may also be used to comply with government regulations.
• Safety and Security Management – The Company uses Personal Information as appropriate to ensure the safety and protection of employees, assets, resources and communities.
• Communication and Identification – The Company uses Personal Information to identify applicants and current or former employees and to communicate accordingly.

For a complete list of data collected and the associated business purpose for collection, refer to the CCPA/CPRA Notices for Applicants/Employees/Temporary Associates.

Unauthorized use of Personal Data is strictly prohibited by law and Company policy. Applicants and Employees have a right to not be discriminated against or harassed based on any Personal Data collected during the course of conducting business with Ventura Coastal. Applicants and Employees are also protected against retaliation as a result of reporting violations or potential violations of this policy or requesting to have Personal Data deleted.

DISCLOSURE OF DATA

Future, current and prior employees have a right to know how Personal Data collected on or about them is protected against sale, theft, disclosure and/or any other unauthorized access.

The Company relies on security measures to protect the Personal Data of future, current and former employees and ensure that unauthorized individuals do not have access to this Personal Information. The Company will not knowingly disclose, sell or otherwise distribute Personal Information to any third party without applicant and/or employee knowledge and written permission except under the following circumstances:

• Legal Requests and Investigations – The Company may disclose Personal Information when such disclosure is reasonably necessarily to prevent fraud, comply with a court order or to comply with any applicable statute, law, rule or regulation.
• Third-party vendors and service providers – The Company reserves the right to outsource services, functions and/or operations of our business to third-party service providers. When engaging in such outsourcing, it may be necessary to disclose Personal Data to those service providers (ex. a payroll service or benefits provider). In some cases, the service providers may collect Personal Information directly from employees on the Company’s behalf as well. The Company will work with any such providers to restrict how the providers may access, use and disclose Personal Information. When using a third-party provider to whom we must furnish Personal Information, the Company will select reliable third parties and require them to enter into written agreements with the Company to specify the rights and obligations of each party, provide adequate security measures to protect the Personal Data provided and only process Personal Information based on the specific written instructions of the Company.
• Business Transfers – The Company may buy other companies, create new subsidiaries or business units or sell part or all of the Company and its assets. Collected Personal Information will be transferred in part or whole to another company as part of any such transaction. However, any applicant or employee personal information will remain subject to protection outlined in the then current Privacy Policy.
• Protection of Company and Other – The Company may release Personal Information as deemed necessary to comply with the law, enforce or apply policies and other agreements, or protect the rights, property or safety of Company, employees or others. This disclosure will never include selling, renting, sharing or otherwise disclosing Personal Information for commercial purposes in violation of this Privacy Policy.

SECURITY OF PERSONAL DATA

The Company relies on reasonable security measures and technology such as password protection, encryption, and physical locks to protect the confidentiality of Personal Data. Only authorized employees, or their Authorized Agent (natural person or a business entity registered with the Secretary of State to conduct business in California that a consumer has authorized to act on their behalf subject to the requirements set forth in section 7063 of the CCPA Final Regulations Text) have access to Personal Information. Employees with such authorization are held accountable to the following expectations to safeguard Personal Information:

• Securely storing paper and other hard copies containing Personal Information (or any other confidential information) in a locked location when not in use.
• Locking computers and other access points to Personal Data when not in use.
• Carefully guarding and not sharing passwords and user IDs.
• Destroying documents that are no longer necessary for business purposes (that are not required to be retained based on federal or state retention requirements) using paper shredders or similar devices; items should not be left in unsecured locations waiting to be shredded or otherwise destroyed.
• Not making or distributing unauthorized copies of documents or other medium containing Personal Data.
• Redacting Personal Data from documents when appropriate to protect Personal Information from unauthorized parties.
• Storing electronic files containing Personal Data on secure (work) computers and/or designation locations only and not copied or otherwise shared with unauthorized individuals within or outside of the Company.
• Securely sharing Personal Data transferred electronically using password protected files and/or secure file uploads.

The Company will make reasonable efforts to secure Personal Information stored or transmitted electronically to secure from hackers or other persons who are not authorized to access such Information.

Compliance with this Privacy Policy is important to the Company. Any violation or potential violation of this Policy should be immediately reported to the Chief Human Resources Officer (CHRO). The failure by any employee to follow these privacy policies may result in discipline up to and including termination. Any questions or suggestions regarding this policy may also be directed to the CHRO.

UPDATING, ACCESSING AND/OR DELETING PERSONAL DATA

Future, current and former employees, or their Authorized Agent (natural person or a business entity registered with the Secretary of State to conduct business in California that a consumer has authorized to act on their behalf subject to the requirements set forth in section 7063 of the CCPA Final Regulations Text) should promptly inform the Company when changes occur in the Personal Information provided so the Company can maintain accurate Personal Data. The Company reserves the right to maintain Personal Data previously submitted in historical archives after an update or change has been made to Personal Information.

Future and current employees can access and change their Personal Information through the Company’s electronic access system (Paycom). They may also contact the Human Resources Department to submit changes and request a copy of Personal Information previously provided.

Future and current employees can submit request to delete Personal Data, if the data is no longer necessary to comply with legal requests, investigations and/or any applicable statute, law, rule or regulation. To submit a request to delete Personal Data, applicants, current and/or former employees, or their Authorized Agent, can email their request to ccpa@vcoastal.com.

The Company will match identifying information provided by future, current, former employees, or their Authorized Agent, to the personal information already maintained by the Company, taking into account the type of request as well as the type, risk, and value of the personal information involved before updates, access or deletion will take place