Please take notice that CannaCraft (the “Company”) collects certain information about you. The Company philosophy is to safeguard personal employee information in its possession to ensure the confidentiality of the information. Additionally, the Company will only collect personal information that is required to pursue its business operations and to comply with government reporting and disclosure requirements. For more information on the Company’s policies, please refer to the Company’s privacy policy.


California’s California Consumer Privacy Act (“CCPA”) and California Privacy Rights Act (“CPRA”) provide California applicants and employees with certain rights including:

    • Knowledge of information collected;
    • Deletion of information collected; 
    • Opt-out of information collected;
    • Opt-in of information collected;
    • Correction of information collected;
    • Limit use of information collected;
    • Not to be discriminated or retaliated against for exercising rights under the law.


Where We Get Your Information From. The Company collects information about you from the following sources: (1) you; (2) prior employers, references, recruiters, job-related social media platforms; (3) third-party sources of demographic information; (4) third-party companies, such as background check companies, drug testing facilities; and (5) claim administrators and investigators. Depending on the Company’s interactions with you, we may or may not collect all of the information identified about you. 


The Personal and Sensitive Personal Information That We Are Collecting. We are collecting the following information:

  • Identifiers, such as name, government-issued identifier (e.g., Social Security number), and unique identifiers (e.g., employee ID);
  • Personal information, such as real name, signature, SSN, physical characteristics or description, address, telephone number, passport number, driver’s license or state identification card number, passport number, federal identification authorizing work in the United States, access and/or passcodes, insurance policy number, education, employment, employment history, bank account number, other financial information, medical information, or health insurance information;
  • Characteristics of protected classifications under California or federal law, such as age, marital status, gender, sex, race, color, disability, citizenship, primary language, immigration status, military/veteran status, disability, request for leave, and medical conditions;
  • Commercial information, such as transaction information and purchase history (e.g., in connection with travel or other reimbursements or purchases from Company);
  • Internet or network activity information, such as browsing history and interactions with our online systems and websites and any personal information that you provide while accessing the Company’s computer systems, such as personal credit card information and passwords;
  • Geolocation data, such as device location from usage of the Company’s devices;
  • Biometric information related to access to the Company’s secured access points;
  • Audio, electronic, visual, and similar information;
  • Professional or employment-related information, such as work history and prior employer;
  • Non-public education information; and
  • Inferences drawn from any of the Persona and Sensitive Personal Information listed above to create a profile or summary about, for example, an individual’s preferences and characteristics.


How Your Personal and Sensitive Personal Information is Used. We may use Personal and Sensitive Personal Information: 

  • To operate, manage, and maintain our business; 
  • For hiring, retention, and employment purposes;
  • To otherwise accomplish our business purposes and objectives, including, for example: 
    • Emergency services;
    • Conducting research, analytics, and data analysis; 
    • Maintaining our facilities and infrastructure; 
    • Quality and safety assurance measures; 
    • Conducting risk and security controls and monitoring; 
    • Protecting confidential and trade secret information;
    • Detecting and preventing fraud; 
    • Performing identity verification; 
    • Performing accounting, audit, and other internal functions, such as internal investigations;
    • Complying with the law, legal process, and internal policies; 
      • Maintaining records; 
      • Claims processing;
      • Responding to legal requests for information and subpoenas; and 
      • Exercising and defending legal claims.
  • Any other purposes authorized by the California Privacy Protection Agency, California or Federal law.


We may or may not have used Personal and Sensitive Personal Information about you for each of the above purposes.


Sharing/Selling of Personal Information. We share your information with the following third-party entities: Anthem Blue Cross; Kaiser; or other applicable healthcare provider; Heffernan or other insurance prover; iSolve or other payroll provider; Union UFCW Local 5 (if UFCW member); Zenefits; EDD (upon request); Protective Insurance (workers comp if a claim is filed)


Personal employee information is considered confidential and as such will be shared only as required and with those who have a need to have access to such information. Personal information collected by the company includes, but is not limited to, employee names, addresses, telephone numbers, e-mail addresses, emergency contact information, equal employment opportunity (EEO) demographic data, medical information, social security numbers, date of birth, employment eligibility data, benefits plan enrollment information, which may include dependent personal information, and school/college or certification credentials. Participants in company benefit plans should be aware that personal information will be shared with plan providers as required for their claims handling or record keeping needs.  


Data Retention. The Company indefinitely retains the information it receives about you to comply with legal and reporting requirements, unless a shorter or longer period is required by California or Federal law.


For Inquiries and/or to Submit Requests for Information, Deletion or Correction. 

For more information about our privacy and data collection policies, you may wish to review our Privacy Policy at https://www.cannacraft.com/legal/privacy-policy.


If you would like to submit a request about your data, we encourage you to do so by emailing [email protected] or by calling our toll-free number at 707-757-7075.


Please be aware that if you do not allow us to collect personal information from you, we may not be able to deliver certain experiences, products, and services to you, and some of our services may not be able to take account of your interests and preferences. If collection of personal information is mandatory, we will make that clear at the point of collection so that you can make an informed decision whether to participate. If you have questions about the specific personal information about you that we process or retain, and your rights regarding that personal information, please contact [email protected] or by calling our toll-free number at 707-757-7075.


If an employee becomes aware of a material breach in maintaining the confidentiality of employee personal information, the employee should report the incident to a representative of the human resources department. The human resources department has the responsibility to investigate the incident and take corrective action. Please be aware that a standard of reasonableness will apply in these circumstances. Examples of the release of employee information that will not be considered a breach include the following:

  • Release of partial employee birth dates, i.e., day and month is not considered confidential and may be shared with department heads who elect to recognize employees on such dates.
  • Personal telephone numbers or e-mail addresses may be distributed to department heads in order to facilitate company work schedules or business operations.
  • Employee identifier information used in salary or budget planning, review processes and for timekeeping purposes will be shared with department heads.
  • Employee's company anniversary or service recognition information will be distributed to appropriate department heads periodically.