California Personnel Privacy Notice

California Personnel Privacy Notice

Updated effective December 29, 2023

This Notice describes how AvalonBay Communities, Inc.’s and our subsidiaries (“Company,” “us,” or “we,”) processes personal information (“PI”) of Personnel (defined below) in various human resources (“HR”) contexts. This Notice is designed to meet obligations under the California Consumer Privacy Act, as amended by the California Privacy Rights Act (together, the “CCPA”). In the event of a conflict between any other Company policy, statement, or notice and this Notice, this Notice will prevail as to California Personnel, unless stated otherwise. Capitalized terms used but not defined in this Notice shall have the meanings given to them under the CCPA.

Applicability: This Notice applies to the following California residents who provided us with PI in HR contexts:

  • Job applicants who have applied for a position with Company.
  • Current/former employees of Company.
  • Independent contractors of Company.

This Notice also applies to California residents whose family member or friend has provided PI about you to Company in an HR context, such as if:

  • You are listed as an emergency contact for a Company employee or former employee.
  • You are a beneficiary or dependent of a Company employee or former employee.

The individuals referred to in the foregoing bullet points are collectively referred to as “Personnel” throughout this Notice. Section 1 of this Notice provides notice of our data practices, including our collection, use, retention, and disclosure of Personnel PI. Sections 2-5 of this Notice provide information regarding California Personnel rights under the CCPA and how you may exercise them.


Non-Applicability: This Notice does not apply to our consumer facing website(s) or our other data practices outside of the HR context, which are addressed in our general privacy notice available here.


TABLE OF CONTENTS

1. Notice of Data Practices

(A) PI Sources and Use

(B) PI Collection, Disclosure, and Retention - By Category of PI

2. Your Rights and How to Exercise Them

3. Non-Discrimination / No Retaliation

4. Notice of Financial Incentive Programs

5. Our Rights and the Rights of Others

6. Contact Us


1. Notice of Data Practices

The description of our data practices in this Notice covers the twelve (12) months prior to January 1, 2023, and ensuing twelve (12) months and will be updated at least annually. Our data practices may differ between updates, however, if materially different from this Notice, we will provide supplemental pre-collection notice of the current practices, which may include references to other privacy policies, notices, or statements. Otherwise, this Notice serves as our notice at collection.


Return to top

A. PI Sources and Use

We may collect your PI directly from you, such as when you apply for a position or become employed or engaged by us (e.g., identification/identity data, contact details, educational and employment data), from others through interactions in the course of employment or engagement, from third parties (e.g., background check vendors and references), or from public sources of data.

Generally we use Personnel PI for HR Business Purposes and as otherwise related to the operation of our business, including for: Performing Services; Managing Interactions and Transactions; Security; Debugging; Quality Assurance; Processing Interactions and Transactions; and Research and Development. For example, we use Personnel PI for the following purposes:

  • Recruitment
  • Running background checks
  • Employee intake/onboarding/off-boarding
  • Maintaining personnel records
  • Payroll, reimbursements, and timekeeping
  • Booking employee travel
  • Benefits administration
  • Employee activation initiatives and communications
  • Facilitating diversity and inclusion programs
  • Administering training and education programs
  • HR IT systems and security
  • Employee and performance management
  • Health & safety/occupational health
  • Security (including electronic and of premises)
  • Auditing and compliance purposes
  • Facilitating mandated reporting obligations
  • Internal business purposes
  • Legal compliance purposes

We may also use PI for “Additional Business Purposes” in a context that is not a Sale or Share under the CCPA, such as:

  • Disclosing it to our Service Providers, Contractors, or Processors that perform services for us (“Vendors”);
  • Disclosing it to you or to other parties at your direction or through your action (e.g., payroll processors, benefits providers, some software platform operators, etc.);
  • For the additional purposes explained at the time of collection (such as in the applicable privacy policy or notice);
  • As required or permitted by applicable law;
  • To the government or private parties to comply with law or legal process or to protect or enforce legal rights or obligations or prevent harm;
  • Where we believe we need to in order to investigate, prevent, or take action if we think someone might be using information for illegal activities, fraud, or in ways that may threaten someone’s safety or violate our policies or legal obligations; and
  • To assignees as part of an acquisition, merger, asset sale, or other transaction where another party assumes control over all or part of our business.

Subject to restrictions and obligations under the CCPA, our Vendors may also use your PI for Business Purposes and Additional Business Purposes, and may engage their own vendors to enable them to perform services for us.


Return to top

B. PI Collection, Disclosure, and Retention - By Category of PI

We collect, disclose, and retain PI as follows:

Category of PI Examples of PI Collected and Retained Categories of Recipients Retention
1. Identifiers
Real name, alias, postal address, unique personal identifiers, online identifier, Internet Protocol address, and e-mail address. Disclosures for Business Purposes:
  • General IT, software, and other business vendors
  • Auditors, consultants, and outside legal counsel we engage as part of our internal processing activities
  • HR system and software vendors
  • Non-software HR vendors, such as background check and drug screening vendors
  • Payroll and benefits vendors and providers
  • Governmental entities (for example, in relation to our obligations to determine employment eligibility and responding to requests pursuant to legal or regulatory process) and/or
  • Other parties within the limits of Additional Business Purposes.
Sale/Share: Not Sold/Shared
Year of termination + 7 years, or as otherwise stated below.
2. Personal Records
Name, signature, description, address, telephone number, and financial information. Disclosures for Business Purposes:
  • General IT, software, and other business vendors
  • Auditors, consultants, and outside legal counsel we engage as part of our internal processing activities
  • HR system and software vendors
  • Non-software HR vendors, such as background check and drug screening vendors
  • Payroll and benefits vendors and providers
  • Governmental entities (for example, in relation to our obligations to determine employment eligibility and responding to requests pursuant to legal or regulatory process) and/or
  • Other parties within the limits of Additional Business Purposes.

Sale/Share: Not Sold/Shared

Year of termination + 7 years, or as otherwise stated below.
3. Personal Characteristics or Traits
In some circumstances, we may collect PI that is considered protected under U.S. law, such as age, gender, nationality, race or information related to medical conditions. We abide by the legal requirements imposed under applicable law in regards to such information. Disclosures for Business Purposes:
  • General IT, software, and other business vendors
  • Auditors, consultants, and outside legal counsel we engage as part of our internal processing activities
  • HR system and software vendors
  • Non-software HR vendors, such as background check vendors
  • Payroll and benefits vendors and providers
  • Governmental entities and/or
  • Other parties within the limits of Additional Business Purposes.
Sale/Share: Not Sold/Shared
Year of termination + 7 years, or as otherwise stated below.
4. Commercial Information
Records of products or services purchased or obtained in the HR context, such as benefits you have signed up for. Disclosures for Business Purposes:
  • General IT, software, and other business vendors
  • HR system and software vendors
  • Non-software HR vendors
  • Payroll and benefits vendors and providers
  • Governmental entities and/or
  • Other parties within the limits of Additional Business Purposes.

Sale/Share: Not Sold/Shared

Year of termination + 10 years, or as otherwise stated below.
5. Internet Usage Information
When you use our online systems or otherwise interact with us online, we may collect browsing history, search history, and other information regarding your interaction with our systems or other sites, applications, or content. Disclosures for Business Purposes:
  • General IT, software, and other business vendors
  • HR system and software vendors
  • Governmental entities and/or
  • Other parties within the limits of Additional Business Purposes.
Sale/Share: Not Sold/Shared
Up to one year, or as otherwise stated below.
6. Geolocation Data
If you use our systems or interact with us online we may gain access to the approximate, and sometimes precise, location of the device or equipment you are using, or the location from which you are accessing our systems. We may also track the location of Company-owned equipment. Disclosures for Business Purposes:
  • General IT, software, and other business vendors
  • HR system and software vendors
  • Governmental entities and/or
  • Other parties within the limits of Additional Business Purposes.
Sale/Share: Not Sold/Shared
As long as Company has a legitimate purpose for retention.
7. Sensory Data
We may collect audio, electronic, visual, or similar information such as images and audit, video, or call recordings created in connection with our business activities, such as via our video security recordings. Disclosures for Business Purposes:
  • General IT, software, and other business vendors
  • HR system and software vendors
  • Governmental entities and/or
  • Other parties within the limits of Additional Business Purposes.
Sale/Share: Not Sold/Shared

Generally up to 30 days, or as otherwise stated below.

8. Professional or Employment Information
Professional, educational, or employment-related information, such as work history and prior employer, human resources data and data necessary for benefits and related administrative services. Disclosures for Business Purposes:
  • General IT, software, and other business vendors
  • Auditors, consultants, and outside legal counsel we engage as part of our internal processing activities
  • HR system and software vendors
  • Non-software HR vendors, such as background check vendors
  • Payroll and benefits vendors and providers
  • Governmental entities and/or
  • Other parties within the limits of Additional Business Purposes.
Sale/Share: Not Sold/Shared

Year of termination + 7 years, or as otherwise stated below.

9. Sensitive PI
Government Issued ID Numbers (Social Security, driver’s license, state ID card, or passport number) Disclosures for Business Purposes:
  • General IT, software, and other business vendors
  • HR system and software vendors and/or
  • Other parties within the limits of Additional Business Purposes.
Sale/Share: Not Sold/Shared

I-9 forms: 3 Years after hire date or 1 Year after termination (whichever is later), or as otherwise stated below.

Personnel files and other information: Year of termination + 7 years, or as otherwise stated below.

Precise Geolocation (any data that is derived from a device and that is used or intended to be used to locate an individual w/in a geographic area that is equal to or less than the area of a circle with a radius of 1,850 feet) Disclosures for Business Purposes:
  • General IT, software, and other business vendors
  • HR system and software vendors and/or
  • Other parties within the limits of Additional Business Purposes.
Sale/Share: Not Sold/Shared
As long as Company has a legitimate purpose for retention.

Personal Characteristics/Demographic (racial or ethnic origin, religious or philosophical beliefs, or union membership, citizenship, immigration status) Disclosures for Business Purposes:
  • Auditors, consultants, and outside legal counsel we engage as part of our internal processing activities
  • Governmental entities
  • Vendors (e.g., records processors and data storage) and/or
  • Other parties within the limits of Additional Business Purposes.
Sale/Share: Not Sold/Shared
Year of termination + 7 years, or as otherwise stated below.

Communication Content (contents of an individual’s text messages (only when requested by Company) and email, unless Company is the intended recipient of the communication) Disclosures for Business Purposes:
  • General IT, software, and other business vendors
  • HR system and software vendors and/or
  • Other parties within the limits of Additional Business Purposes.

Sale/Share: Not Sold/Shared
As long as Company has a legitimate purpose for retention.

Biometric Information (the processing of biometric info for the purpose of uniquely identifying an individual), such as facial recognition and fingerprints. Disclosures for Business Purposes:
  • General IT, software, and other business vendors
  • HR system and software vendors and/or
  • Other parties within the limits of Additional Business Purposes.

Sale/Share: Not Sold/Shared
As long as Company has a legitimate purpose for retention.

Health Information (PI collected and analyzed concerning an individual’s health) Disclosures for Business Purposes:
  • General IT, software, and other business vendors
  • HR system and software vendors and/or
  • Other parties within the limits of Additional Business Purposes.
Sale/Share: Not Sold/Shared
Year of termination + 7 years, or as otherwise stated below.

Sexual Orientation (where volunteered, PI collected and analyzed concerning an individual’s sexual orientation) Disclosures for Business Purposes:
  • General IT, software, and other business vendors
  • HR system and software vendors and/or
  • Other parties within the limits of Additional Business Purposes.
Sale/Share: Not Sold/Shared
Year of termination + 7 years, or as otherwise stated below.

There may be additional information we collect that meets the definition of PI under the CCPA but is not reflected by a category above, in which case we will treat it as PI as required, but will not include it when we describe our practices by PI category. As required by the CCPA, we note our general PI retention rules by category of PI above. However, because there are numerous types of PI in each category, and various uses for each PI type, actual retention periods vary. We retain specific PI pieces based on how long we have a legitimate purpose for the retention.


Return to top

2. Your Rights and How to Exercise Them

California Personnel have the same rights to know/access, delete, correct, and opt-out as traditional Consumers and may learn more about these rights and how to exercise them in Section 2 of our U.S. State Privacy Notice here.


Return to top

3. Non-Discrimination / No Retaliation

We will not discriminate or retaliate against you in a manner prohibited by the CCPA for your exercise of your privacy rights.


Return to top

4. Notice of Financial Incentive Programs

We may offer discounts or other benefits (“Incentives”) from time-to-time to Personnel. We may use your PI, such as your name, phone number, or e-mail address to administer the Incentives to you. However, we do not condition your receipt of Incentives on the non-exercise of your privacy rights. For the purposes of these Incentives, we value your PI as the value of the discount or benefit you receive from the Incentives, and by subscribing to these Incentives you indicate you agree. Where we use the PI only to administer Program benefits, we do not ascribe any value to your data beyond intangible good will. The value of the discount or benefit may change from time to time, and the most recent valuation of the Incentive is displayed at avalonbay.perkspot.com. To learn more about the Incentives we offer, contact us at Privacy@avalonbay.com or visit avalonbay.perkspot.com.


Return to top

5. Our Rights and the Rights of Others

Notwithstanding anything to the contrary, we may collect, use and disclose your PI as required or permitted by applicable law and this may override your rights under the CCPA. In addition, we are not required to honor your requests to the extent that doing so would infringe upon our or another person’s or party’s rights or conflict with applicable law.

Return to top

6. Contact Us

If you have any questions, comments, or concerns about our HR privacy practices, please contact us by e-mail at Privacy@avalonbay.com. Please note that e-mail communications will not necessarily be secure; accordingly, you should not include sensitive information in your e-mail correspondence with us.


Return to top