Last updated: Dec 02, 2024
This Hims & Hers Health, Inc. Global Candidate Privacy Statement (“Statement”) explains our collection, use, and disclosure of Personal Information (defined below) that we collect and process as part of the application and recruitment process from applicants and prospective employees and other workers (“Candidate(s)” or “you”) in California and the United Kingdom (UK).
This Statement applies to Hims & Hers Health, Inc. and to our subsidiaries (“Hims & Hers”, “we”, “our” or “us”). One Hims & Hers entity may collect or process Personal Information on behalf of another Hims & Hers entity.
We designed this Statement to comply with the California Consumer Privacy Act of 2018, Civil Code section 1798.100 et seq. as amended from time to time (the “CCPA”) and the United Kingdom General Data Protection Regulation, Assimilated Regulation (EU) 2016/679 (the “UK GDPR”). We do not intend for this Statement to create any rights beyond CCPA and the UK GDPR. You can find specific disclosures regarding how we collect, use, retain, disclose and sell or share personal information by selecting the provided links. California Candidates can find specific disclosures, including “Notice at Collection” details about how we collect, use, disclose, sell or share, and retain “Personal Information” by selecting the provided links.
Personal Information We Collect
We collect Personal Information about you from different sources and in various ways during your application and candidacy, including information you provide directly, information collected automatically, information received from third-party data sources, and data we infer or generate from other data. The categories of Personal Information we have collected within the last 12 months includes the following:
Personal Information Categories | Examples |
---|---|
Contact Information and identifiers | Contact information and identifiers, such as:
|
Internet or other electronic network activity | Analytics or monitoring data, including as related to:
You can review how our websites store and retrieve personal information using cookies and similar technologies in the “Cookies, Mobile IDs, and Similar Technologies” section below. |
Geolocation and location data | Approximate location data based on an IP address. |
Audio, electronic, visual, or similar information | Facial images and voice information, such as photos, videos, voice recordings. |
Professional or employment-related information | Demographic data, some of which may be protected classifications under California or U.S. federal law or “special category data” under UK data protection law, such as:
|
Sensitive Personal Information
We collect certain “sensitive” or “special categories” of Personal Information (“Sensitive Personal Information”) in connection with our recruitment and hiring processes (as permitted by law) to support our legal and business activities.
Examples of Sensitive Personal Information that we collect include:
Sources of Personal Information
We collect Personal Information from a variety of sources, including as follows:
COOKIES, MOBILE IDs, AND SIMILAR TECHNOLOGIES
We also collect Personal information through our use of cookies, web beacons, mobile analytics, and similar technologies to operate our websites including those sites and services where you submit an application, and online services accessible to you in the context of our recruiting and hiring relationship. We use these technologies to help us collect the data necessary to operate and manage our business. This includes analyzing and measuring device, application, and system usage, detecting and preventing illegal, fraudulent, or unauthorized activity, enforcing our policies, and protecting our devices, systems, information, and infrastructure. The information we collect using these technologies includes Personal Information, such as the pages you visit, the links you click on, usage and crash information, identifiers, and device information, as described above in the Collection section above as Internet and Other Electronic Network Activity.
What are cookies and similar technologies? Cookies are small text files placed by a website and stored by your browser on your device. A cookie can later be read when your browser connects to a web server in the same domain that placed the cookie. The text in a cookie contains a string of numbers and letters that may uniquely identify your device and can contain other information as well. This allows the web server to recognize your browser over time, each time it connects to that web server.
Web beacons are electronic images (also called single-pixel or clear GIFs) that are contained within a website or email. When your browser opens a webpage or email that contains a web beacon, it automatically connects to the web server that hosts the image (typically operated by a third party). This allows that web server to log information about your device and to set and read its own cookies. In the same way, third-party content on our websites (such as embedded videos, plug-ins, or ads) results in your browser connecting to the third-party web server that hosts that content. We also include web beacons in our email messages or newsletters to tell us if you open and act on them.
Mobile analytics are generated by operating systems for mobile devices (iOS and Android) and can be accessed and used by apps in much the same way that websites access and use cookies. Our apps contain software that enables us and our analytics to access these mobile IDs.
Retention of Personal Information.
We retain Personal Information in accordance with our obligations under applicable law (including labor and employment laws) and as necessary to administer and carry out our recruitment, application, and hiring practices.
Use of Personal Information.
We use Personal Information to administer and carry out the recruitment and hiring process, including for human resources and our operational, business, safety, and security purposes including as described in this Policy and below.
We rely on different lawful bases for collecting and processing personal data about you, for example, with your consent and/or as necessary to provide the services you use, operate our business, meet our contractual and legal obligations, protect the security of our systems and our customers, or fulfill other legitimate interests.
Purposes of Use | Legal Basis (UK only) |
---|---|
Human Resources Uses | |
Recruitment and hiring decisions | Legitimate Interests; Consent |
Information verification and background checks (if relevant and where permitted by local law) | Legitimate Interests |
Interview travel and expense reimbursement processing | Consent |
Benefits eligibility determination | Legal Obligations |
Equal employment opportunity, diversity, inclusion and accessibility programs | Legal Obligations |
Legal and policy compliance administration and enforcement, including for the purpose of anti-discrimination laws and government reporting obligations | Legal Obligations |
Business Uses | |
Managing, recording, monitoring, protecting, and improving, Hims & Hers Systems, assets and resources, including managing and protecting unauthorized access and use of company, personal and customer data, devices, systems, and infrastructure; and protecting Hims &Hers networks from intrusions. | Legitimate Interests |
Managing, monitoring, measuring, analyzing, protecting, and improving campus, parking, buildings, office space, conference rooms, facilities, catering and café services, including monitoring and administering building occupancy and campus parking and transportation; operating and monitoring physical security systems, such as CCTV, key card entry systems, and guest logs; registering personal vehicles and logging exit and entry times; and emergency notification services. | Legitimate Interests |
Managing and improving hiring and recruiting efficiency and effectiveness. | Legitimate Interests |
Communications and collaboration (which may include our recording or storing telephone, video, email, or online chat communications). | Legitimate Interests |
Communicating with you about future career opportunities | Consent |
Personalization to understand your preferences to enhance your employee experience | Legitimate Interests |
Using automated decision-making systems to help us identify potential candidates for a role, analyze application information to assess your suitability for a role against the role requirements or description, and to improve our recruitment processes and experiences | Legitimate Interests |
Delivery of information and services related to your application and recruitment | Consent |
Legal and policy compliance administration and enforcement, including monitoring access and use of our Systems. | Legal Obligations; Legitimate Interests |
Research and improvement of Hims & Hers Systems, processes, products, services and technology | Legitimate Interests |
How do we and our providers use cookies and similar technologies? We, and our analytics providers, use these technologies in our websites, apps, and online services to collect Personal Information when you access and use our services, including Personal Information about your online activities over time and across different websites or online services. This data is used to store your preferences and settings, enable you to sign in, analyze how our websites, apps, and services perform, track your interaction with the site or app, develop inferences, combat fraud, and fulfill other legitimate purposes. We and/or our providers also share the data we collect or infer with other providers for these purposes as described in the “Disclosures of Personal Information” section below.
Finally, we may use aggregated or de-identified information in accordance with applicable law.
If you become a Hims & Hers employee or worker, Personal Information we collected as part of the application and hiring process will become part of your employment file. California Candidates, see our California Worker Privacy Policy for more details.
Disclosure of Personal Information
We disclose Personal Information, including Sensitive Personal Information, to the following categories of recipients, for the business purposes described in this Policy and below.
Category of Recipient | Categories of Personal Information |
---|---|
Our Subsidiaries and Affiliates. For example, our entities access and use shared business processes and common data systems. | Contact information and identifiers Internet or other electronic network activity Geolocation and location data Audio, electronic, visual, or similar information Profession or employment related information Sensitive Personal Information |
Vendors or Agents Working on our Behalf. For example, companies we’ve hired to provide recruiting, administrative, and communications services (including those that record or store communications), providers of technologies that analyze your interaction with our websites to help us improve our recruiting and hiring experience; and protect and secure our systems and service. | Contact information and identifiers Internet or other electronic network activity Geolocation and location data Audio, electronic, visual, or similar information Profession or employment related information Sensitive Personal Information |
Independent Providers. For example, with travel providers and ride share services. To the extent that we provide Personal Information to such providers, that Personal Information is governed by their privacy statements. | Contact information and identifiers Internet or other electronic network activity Geolocation and location data Audio, electronic, visual, or similar information Profession or employment related information Sensitive Personal Information |
Parties to a Corporate Transaction or Proceeding. For example, a merger, financing, acquisition, bankruptcy, dissolution, or a transfer, divestiture, or sale of all or a portion of our business or assets. | Contact information and identifiers Internet or other electronic network activity Geolocation and location data Audio, electronic, visual, or similar information Profession or employment related information Sensitive Personal Information |
Law Enforcement and Those with Legal Necessity. We will access, transfer, disclose, and preserve Personal Information to:
| Contact information and identifiers Internet or other electronic network activity Geolocation and location data Audio, electronic, visual, or similar information Profession or employment related information Sensitive Personal Information |
Please note that our candidate website and some of the applications and services that we make available to you also include integrations, references, or links to services provided by providers whose privacy practices differ from ours. If you provide Personal Information via these integrations, references, or links, or allow us to disclose Personal Information to them, that information is governed by their privacy statements.
Finally, we may share aggregated or de-identified information in accordance with applicable law.
Choice and Control of Personal Information
We provide a variety of ways for you to control the Personal Information we hold about you, including choices about how we use that data. In some jurisdictions, these controls and choices may be enforceable as rights under applicable law.
Communications preferences. You can choose whether to receive optional communications from us by email, SMS, physical mail, and telephone related to new opportunities that become available. If you receive these optional email or SMS messages from us and would like to stop, you can do so by following the directions in that message or by contacting us as described in the “Contact Us” section below. If you receive a call from us related to new jobs or roles that become available, and no longer wish to receive such calls, you can ask to be opted out from future calls. These choices do not apply to certain informational communications, including communications about an existing application with us.
Browser or platform controls.
Email web beacons. Most email clients have settings that allow you to prevent the automatic downloading of images, including web beacons, which avoid the automatic connection to the web servers that host those images.
Notice and Lawful Basis
We provide Candidates with notice about the Personal Information we collect, how it will be used, and with whom we disclose Personal Information, such as through this Policy. We collect, use, and disclose Personal Information as necessary to carry out the hiring and recruiting relationship with you and/or on the basis of our legitimate interests, as described above. Where required by law, we will provide additional notice and/or seek consent for any collection, use, or disclosure of Personal Information for purposes beyond that which is necessary for our hiring or recruiting requirements or comply with legal requirements. Failure to provide necessary Personal Information may disqualify you from employment consideration.
Data Retention
We retain Personal Information in accordance with our obligations under applicable labor and employment laws and as necessary to administer and carry out the employment relationship, our post-employment, and our legal obligations.
Data Integrity
We endeavor to use Personal Information that is up-to-date and accurate. If we are made aware that the Personal Information that we maintain is inaccurate, we take reasonable measures to rectify the data.
Data Transfer and Location
Personal Information we collect may be stored and processed in the United States or any other country in which we or our affiliates, subsidiaries, or agents maintain facilities, some of which have not been found by the European Commission to have an adequate level of data protection. When we transfer Personal Information to a country outside the EEA, UK, or Switzerland, we protect that information in accordance with applicable law, such as the General Data Protection Regulation (GDPR) and applicable EEA, UK, and Swiss data protection laws.
If you have a question or a complaint related to our processing of Personal Information, you may contact us as indicated below. For complaints that cannot be resolved directly we will cooperate with the relevant Data Protection Authority to resolve any issues. We are subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission (FTC).
Your Privacy Rights
Under certain local, state, federal, and international laws, Candidates have certain additional privacy and data protection rights related to the processing of their Personal Information.
European Economic Area, UK, and Swiss Candidate Data Protection Rights
If our processing of Personal Information about you is subject to European Union, UK, or Swiss data protection law, you have certain rights with respect to that information:
Please use the contact information in the “Contact Us” section below to exercise one or more of these rights. You also have the right to complain to a supervisory authority, but we encourage you to contact us first with any questions or concerns.
California Candidate Privacy Rights
The California Consumer Privacy Act of 2018, Civil Code section 1798.100 et seq as amended, including by the California Privacy Rights Act of 2020 (“CCPA”), provides California Candidates with the following rights concerning their Personal Information:
Right to Know. You have a right to request that we disclose the Personal Information we have collected about you. You also have a right to request additional information about our collection, use, disclosure, sale, or sharing of Personal Information. Note that we have provided much of this information in this Statement.
Right to Request Correction. You have the right to request the correction of inaccurate Personal Information.
Right to Request Deletion. You also have a right to request that we delete Personal Information under certain circumstances, subject to lawful exceptions.
Right to Opt-Out. You have a right to opt-out from the “sale” or “sharing” of Personal Information, each of which is defined under CCPA.
Note that we do not “sell” or “share” Personal Information of Candidates as defined by the CCPA and have not done so in the past 12 months.
We do not knowingly sell the Personal Information of minors under 16 years of age.
Right to Limit Use and Disclosure of Sensitive Personal Information. Where we use or disclose Sensitive Personal Information to infer individual characteristics or for purposes other than those permitted by CCPA, you have a right to request that we limit our use and disclosure of such Sensitive Personal Information.
We do not use or disclose sensitive Personal Information to infer individual characteristics or other purposes.
Right to Notice. You have a right to receive notice of our Personal Information collection, use, sale and sharing, retention, and disclosure practices at or before collection of Personal Information.
Right to Notice. You have a right to receive notice of our Personal Information collection, use, sale and sharing, retention, and disclosure practices at or before collection of Personal Information.
Right to Non-Discrimination. You have a right to not be discriminated against for exercising these rights set out in the CCPA.
Exercising Your Rights. You may designate, in writing or through a power of attorney, an authorized agent to make requests on your behalf to exercise your rights under the CCPA. Before accepting such a request from an agent, we will require the agent to provide proof you have authorized it to act on your behalf, and we may need you to verify your identity directly with us.
Further, to provide, correct, or delete specific pieces of Personal Information, we will need to verify your identity to the degree of certainty required by law. We will verify a request by asking you to send it from the email address associated with your application or by providing the information reasonably necessary to verify your identity.
Data Security
We take reasonable and appropriate measures to protect Personal Information from loss, misuse, and unauthorized access, disclosure, alteration, and destruction.
Changes to This Policy
We may occasionally update this Policy to reflect changes required by law or our practices or procedures. If we make material changes to this Policy, or in how we use Personal Information, we will provide notice (or obtain consent) regarding such modifications as may be required by law.
Contact Us
If you have any questions or comments about this Privacy Statement, the ways in which we collect and use your Personal Information, or your choices and rights regarding such use, please contact us as follows:
If you are located in the UK, you may use the following information to contact our Data Protection Officer (DPO):