D.A. DAVIDSON COMPANIES PRIVACY POLICY FOR EMPLOYEES WHO ARE CALIFORNIA RESIDENTS

 

PLEASE READ THIS PRIVACY POLICY CAREFULLY

  1. OUR PRIVACY STATEMENT.
    The protection of your Personal Information, as described below, is of great importance to D.A. Davidson Companies (“Company”) and its affiliates D.A. Davidson & Co., Davidson Investment Advisors, Inc., D.A. Davidson Trust Company, and Davidson Fixed Income Management, Inc. (collectively, the “Company Group”). This Privacy Policy for employees who are California residents (the “California Resident Privacy Policy”) therefore intends to inform you about how Company Group entities, acting as data controller, collects and processes the Personal Information that you submit or disclose to us or that you pre-authorize your agent and/or representative in writing to disclose to us in relation to your relationship with us as an employee. We also act as data controller when we process your Personal Information received or obtained through independent third-parties. We process this Personal Information in accordance with the applicable federal, state and local regulations on data protection in particular, the California Consumer Privacy Act of 2010 (“CCPA”), California Civil Code §§ 1798.100 et seq. (the “CCPA”).

    Please note that this California Resident Privacy Policy does not apply to your Personal Information when we already protect it under other laws such as the Gramm, Leach Bliley Act (GLBA), the California Financial Information Protection Act, the Health Insurance Portability and Accountability Act (HIPAA), the Fair Credit Reporting Act (FCRA), and/or the Driver's License Protection Act. It also does not apply to Personal Information collected with respect in the context of your relationship as a customer of the Company. For a description of our privacy practices as well as your rights and choices in these instances, please see our other privacy policies.

    We encourage you to read this California Resident Privacy Policy carefully. If you do not wish for your Personal Information to be used by us as set out in this California Resident Privacy Policy, please do not provide us with your Personal Information. Please note that, depending on the information that you do not wish to provide, we may not be able to employ you.

    If you have any queries or comments relating to this California Resident Privacy Policy, please contact us as detailed below

  2. DEFINITIONS
    “Personal Information” has the meaning as defined in applicable federal, state and local law statute or regulation including but not limited to CCPA, and includes information that is collected about you in the course of your employment with us for employment related purposes and encompasses any information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with you.

    “Process”, “processed” or “processing” means any operation or set of operations which is performed on Personal Information, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction of personal information.

    “Employees”, “employee” or “you” means an identified or identifiable natural person who is a California resident and who is acting in their authorized capacity as an employee, including any person who is employed by the Company Group as a full-or part-time employee or temporary worker.

    “Contractor” means a natural person who provides any service to a business pursuant to a written contract.

  3. WHAT TYPES OF PERSONAL INFORMATION MIGHT BE COVERED BY THE CCPA?
    For the purposes specified under this California Resident Privacy Policy, we collect and maintain Personal Information obtained from you directly (when you provide such Personal Information to us) or indirectly (Personal Information provided to us by your pre-authorized agent and/or representative or an independent third-party). Listed below are the categories of Personal Information that the CCPA may cover:
    Category Examples
    A. Identifiers. A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, Social Security number, driver's license number, passport number, or other similar identifiers.
    B. Personal information categories including those listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)). A name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver's license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information. Some personal information included in this category may overlap with other categories.
    C. Protected classification characteristics under state or federal law. Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information).
    D. Commercial information. Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.
    E. Biometric information. Genetic, physiological, behavioral, and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as, fingerprints, faceprints, and voiceprints, iris or retina scans, keystroke, gait, or other physical patterns, and sleep, health, or exercise data.
    F. Internet or other similar network activity. Browsing history, search history, information on a consumer's interaction with a website, application, or advertisement.
    G. Geolocation data Physical location or movements.
    H. Sensory data. Audio, electronic, visual, thermal, olfactory, or similar information.
    I. Professional or employment-related information. Current or past job history or performance evaluations.
    J. Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99)). Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records.
    K. Inferences drawn from other personal information. Profile reflecting a person's preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.

    We ensure that the Personal Information processed is adequate, relevant and limited to what is necessary in relation to the purposes for which it is processed.

  4. HOW DO WE PROCESS YOUR PERSONAL INFORMATION?
    We will always process your Personal Information in accordance with federal, state and local law and regulations. For example, we will always process your sensitive Personal Information concerning your trade union membership, religious views, and health condition in accordance with the law

    We may collect and process your Personal Information for the purposes detailed below, which are required so that we can pursue our legitimate interests and provide you with adequate human capital management:
    • To Inform You about our Policies and Terms.
    • Management related to benefits, such as medical, dental, optical, commuter, and retirement benefits.
    • Management related to Salary and Reimbursement for Expenses
    • Management of Human Capital Services, including providing employee support services, administration of separation of employment, approvals and authorization procedures, and administration and handling of employee claims
    • Management related to Healthcare-Related Services, including identifying health needs of employees to plan and provide appropriate services, including operation of sickness policies and procedures
    • Recruit Employees.
    • Conduct Performance-Related Reviews.
    • Monitor Work-Related Licenses and Credentials.
    • Monitor Eligibility to Work in the U.S.
    • Maintain Your Contact Information and to Assist You in Case of Emergency.
    • Facilitate Better Working Environment
    • Ensure a Safe and Efficient Working Environment
    • Protect Data and Manage Security of the Company Group Computer Systems and Data, which includes maintenance of computer systems and infrastructure; management of software and hardware computer assets; systems testing, such as development of new systems and end-user testing of computer systems; training; and monitoring email and Internet access.
    • Defend and Protect Rights by managing and responding to employee and other legal disputes, responding to legal claims or disputes, and to otherwise establish, defending or protecting our rights or interests, or the rights, interests, health or safety of others, including in the context of anticipated or actual litigation with third parties.
    • Compliance with Applicable Federal, State and Local Law and Regulatory Requirements and internal Company obligations as well as assessments, reviews and reporting relating to such legal obligations, including under employment and labor laws and regulations, Social security and tax laws, environmental regulations, workplace safety laws and regulations, and other applicable laws, regulations, opinions and guidance.
    • Promote safety and security, such as by monitoring fraud and investigating suspicious or potentially illegal activity or violations of our terms or policies;

    We will process your Personal Information for these specified, explicit and legitimate purposes. If we intend to process Personal Information originally collected for one purpose in order to attain other objectives or purposes, we will ensure that you are informed of this. We will keep your Personal Information for as long as it is necessary for us to comply with our legal obligations, to ensure that we provide an adequate service, and to support the Company Group’s business activities.

  5. HOW DO WE SHARE YOUR PERSONAL INFORMATION?
    We may share your Personal Information with Company Group entities and with third parties for a business purpose. Where we share your Personal Information with a third party, we enter a contract that describes the purpose and requires the recipient to both keep that Personal Information confidential and not use it for any purpose except performing the contract.
    • Service Providers – We share your Personal Information with companies which provide services on our behalf, such as hosting, maintenance, support services, email services, marketing, auditing, processing payroll, and data analytics.
    • Corporate Affiliates and Corporate Business Transactions – We may share your Personal Information with all Company Group entities and their affiliates. In the event of a merger, reorganization, acquisition, joint venture, assignment, spin-off, transfer, or sale or disposition of all or any portion of our business, including in connection with any bankruptcy or similar proceedings, we may transfer any and all Personal Information to the relevant third party.
    • Legal Compliance and Security – It may be necessary for us – by law, legal process, litigation, and/or requests from public and governmental authorities within or outside your country of residence – to disclose your Personal Information. We may also disclose your Personal Information if we determine that, due to purposes of national security, law enforcement, or other issues of public importance, the disclosure is necessary or appropriate.

    We may also disclose your Personal Information if we determine in good faith that disclosure is reasonably necessary to protect our rights and pursue available remedies, enforce our terms and conditions, investigate fraud, or protect our operations or users.

    In the preceding twelve (12) months, we have disclosed the following categories of Personal Information for a business purpose:
    • A: Identifiers
    • B: California Customer Records
    • C: Protected classification characteristics under California or federal law.
    • D: Commercial information
    • I: Professional or employment-related information.
    • J. Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99).

    We disclose your Personal Information for a business purpose to the following categories of third parties:
    • The Company Group;
    • Service providers; and
    • Third parties to whom you or your authorized agents and/or representatives authorize us to disclose your Personal Information in connection with products or services we provide to you.

  6. SALE OF PERSONAL INFORMATION
    In the preceding twelve (12) months, we have not sold any Personal Information to any third party.

  7. SECURITY MEASURES
    We maintain your Personal Information in a manner that ensures its appropriate security, including protection against unauthorised or unlawful processing, accidental loss, destruction or damage. We use appropriate technical or organisational measures to achieve this level of protection.

    We will retain your Personal Information for as long as it is necessary to fulfill the purposes outlined in this California Resident Privacy Policy unless a longer retention period is required or permitted by law.

  8. THE RIGHTS OF CALIFORNIA RESIDENTS
    The CCPA provides California residents with specific rights regarding their Personal Information. This section describes your CCPA rights and explains how to exercise those rights.

    Access to Specific Information and Data Portability Rights

    You have the right to request that we disclose certain information to you about our collection and use of your Personal Information over the past 12 months. Once we receive and confirm your verifiable consumer request, we will disclose to you:
    • The categories of Personal Information we collected about you.
    • The categories of sources for the Personal Information we collected about you.
    • Our business or commercial purpose for collecting that Personal Information.
    • The categories of third parties with whom we share that Personal Information.
    • The specific pieces of Personal Information we collected about you (also called a “data portability request”).
    • If we sold or disclosed your Personal Information for a business purpose, two separate lists disclosing:
      1. sales, identifying the Personal Information categories that each category of recipient purchased; and
      2. disclosures for a business purpose, identifying the Personal Information categories that each category of recipient obtained.


    Deletion Request Rights

    You have the right to request that we delete any of the Personal Information that we collected and retained, subject to certain exceptions. Once we receive and confirm your verifiable consumer request, we will delete (and direct our service providers to delete) your Personal Information from our records, unless an exception applies.

    We may deny your deletion request if retaining the Personal Information is necessary for us or our service providers to:
    1. Complete the transaction for which we collected the Personal Information, provide a good or service that you requested or take actions reasonably anticipated within the context of our ongoing employment relationship with you.
    2. Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.
    3. Debug products to identify and repair errors that impair existing intended functionality.
    4. Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law.
    5. Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 seq.).
    6. Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws when the deletion of your Personal Information may render impossible or seriously impair the research's achievement, if you previously had provided informed consent.
    7. Enable solely internal uses that are reasonably aligned with employment expectations based on your relationship with us.
    8. Comply with a legal obligation.
    9. Make other internal and lawful uses of that information that are compatible with the context in which you provided or authorized it.


    Exercising Access, Data Portability, and Deletion Rights

    To exercise the access, data portability, and deletion rights described above, please submit a request to Human Resources at:

    D.A. Davidson Companies
    Attn: Human Capital, Employee Privacy Request
    8 Third Street North
    P.O. Box 5015 59403
    Great Falls, MT 59401
    [email protected]
    Tel: (800) 332-5915

    Only you or a person registered with the California Secretary of State that you authorize to act on your behalf may make a request related to your Personal Information. You may also make a request on behalf of your minor child.

    Submitting a Request

    To submit a request, you or your authorized agent and/or representative must:
    • Provide sufficient information that allows us to reasonably verify you are the person about whom we collected Personal Information, including your full name, date of birth, address, email address, and phone number; and
    • Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it

    We cannot respond to your request or provide you with Personal Information if we cannot verify your identity or authority to make the request and confirm the Personal Information relates to you. We will only use Personal Information provided in a verifiable request to verify the requestor's identity or authority to make the request.
    You may only make a request for access or data portability twice within a 12-month period.

    Response Timing and Format

    We endeavor to respond to a verifiable request within 45 days of its receipt. If we require more time (up to 90 days), we will inform you of the reason and extension period in writing. We will deliver our written response by mail or electronically, at your option. Any disclosures we provide will only cover the 12- month period preceding the verifiable consumer request's receipt. The response we provide will also explain the reasons we cannot comply with a request, if any.
    For data portability requests, we will select a format to provide your Personal Information that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance.
    We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.

    Non-Discrimination

    We will not discriminate against you for exercising any of your CCPA rights.

  9. NOTIFICATION OF DATA BREACH
    In case of a security breach leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to Personal Information transmitted, stored or otherwise processed, we have the mechanisms and policies in place to identify and assess it promptly. Depending on the outcome of our assessment, we will make the requisite notifications to the authorities and communications to the affected individuals, which might include you.

  10. UPDATES TO PRIVACY POLICY
    We may revise or update this California Resident Privacy Policy from time to time. Any changes to this California Resident Privacy Policy will become effective upon posting of the revised California Resident Privacy Policy on the D.A. Davidson Intranet. If we make changes which we believe are significant, we will inform you through our website or other internal means of communication to the extent possible and seek your consent where applicable. You will be able to see that changes have been made by reviewing the effective date at the end of the California Resident Privacy Policy.

  11. CONTACT
    For any questions or requests relating to this California Resident Privacy Policy, you can contact Human Resources at:
    D.A. Davidson Companies
    Attn: Human Capital, Employee Privacy Request
    8 Third Street North
    P.O. Box 5015 59403
    Great Falls, MT 59401
    [email protected]
    Tel: (800) 332-5915
    Fax: _______________
D.A. DAVIDSON & CO. – CALIFORNIA RESIDENT PRIVACY POLICY 2020