Purpose: To provide employees and applicants for employment with a description of San Diego State University Research Foundation’s (“SDSURF”) online and offline practices regarding the collection, use, disclosure, and sale of personal information and of the individual’s rights regarding their personal information. For the purposes of this policy only, the term “Employee Data” applies to both applicants and employees, and includes but is not limited to the following types of data: identifying information, contact information, education and professional background, demographic data, employment details, financial information, health and safety information, dependents’ information, etc.

Privacy and Personnel Files: SDSURF respects the privacy and dignity of all individuals and we are committed to protecting your personal data. SDSURF limits access to personal information to authorized personnel who need it for business or legal purposes, and we will comply with all applicable laws regarding disclosure of personal information.

As an employer, SDSURF is required by Federal and State Laws to request and retain personal data from employees for employment purposes such as I-9 Employment Validation, Background and Drug Tests, Payroll, Employment Profile, and Benefit Enrollment. All information is confidential and securely retained in Human Resources.

SDSURF is required to maintain personnel files on its employees consisting of required state and federal employment documents and signed company policies. These files are considered confidential. Managers may only have access to personnel file information on a need-to-know basis. Personnel file access by current employees and former employees upon request will generally be permitted within 30 days of the request, except as otherwise provided by applicable law. Personnel files are to be reviewed in HR or employees may request a copy. Employee file originals may not be taken outside the department. Representatives of government or law enforcement agencies, in the course of their duties, may be allowed access to personnel records and information.

Collection: SDSURF collects Employee Data in a variety of ways, including but not limited to, through any of the following:

• Self-disclosure by the individual, such as on job applications, employee onboarding documentation, employee timekeeping and payroll documentation, employee benefits documentation, employee requests for leaves of absence, employee requests for use of paid sick leave or other paid time off, employee requests for accommodation, employee performance reviews and self-assessments.
• Third parties for reference checks, including but not limited to the individual’s former employers.
• Third party background check agencies.
• Timekeeping software.
• Internal or third party tracking of usage of SDSURF email systems.
• Internal or third party tracking of usage of SDSURF telephone systems.
• Internal or third party tracking of usage of SDSURF computer networks.
• Public agencies including tax authorities, the California Department of Fair Employment and Housing, the California Labor Commissioner, the California Occupational Safety Administration, and if applicable to the position, the California Department of Motor Vehicles.
• Workers’ compensation carriers.
• Law enforcement agencies.
• Litigation.

Use: SDSURF uses Employee Data for legitimate business and employment purposes. SDSURF uses Employee Data for a wide variety of Human Resources functions including but not limited to recruiting; hiring; onboarding; training and development; timekeeping, payroll and business expense processing; performance management, discipline and discharge; workplace investigations and internal audits; administering benefits, workers’ compensation claims, attendance, leaves of absence, and requests for reasonable accommodation; perform workforce analytics, data analytics, and benchmarking; and other human resources purposes. SDSURF uses Employee Data for operational functions, including management of employees and the creation, maintenance, and security of online employee accounts. SDSURF uses Employee Data for tax payment and reporting purposes. SDSURF uses Employee Data, when needed, in response to public agency or law enforcement requests, as well as in litigation.

Disclosure: Employee Data may be disclosed to third parties as is helpful to carry out the uses set forth above as well as other legitimate business purposes. For example, Employee Data is shared with our benefits providers. SDSURF takes reasonable security measures to safeguard Employee Data.

SDSURF discloses Employee Data to SDSU, such as employment status, contact information and other data necessary to administer benefits and services offered to SDSURF employees via SDSU, as well as to provision and authenticate users in university-wide systems and services such as library, parking, email, online training, and communications.

Sale: SDSURF does not sell Employee Data.

For more information about the SDSURF’s Employee Privacy Policy, please contact Human Resources at sdsurfhumanresources@sdsu.edu.

Effective: January 2021

*Note: Documents in Portable Document format (PDF) require Adobe Acrobat Reader 9.0 or higher to view. Download Adobe Acrobat Reader