Last Updated: April 23, 2025

This notice describes the categories of personal information (“PI”) collected by Afognak Native Corporation, its direct and indirect subsidiaries at any level (including Alutiiq, LLC Afognak Commercial Group, LLC, and Afognak Professional Consulting, LLC and their direct and indirect subsidiaries), and any joint ventures, partnerships, and affiliates of those companies (“Company”) from and about California residents who are employees, the purposes for which the Company collects and uses such information, how long we retain this information, and rights you may have under the California Consumer Privacy Act (“CCPA”), as amended.

We are providing this notice to you in accordance with California Civil Code Sec. 1798.100 (“CCPA”). For additional information about the Company’s data privacy practices, please review our Privacy Policy https://privacy.afognak.com/.

Categories of Personal Information Collected

The Company collects or has collected in the preceding 12 months, the following categories of PI. We may add to the categories we collect and will inform you in the event we do so.

Identifiers and other Contact information described in subdivision € of CA Civ Code Section 1798.80. This category includes names, addresses, telephone numbers, mobile numbers, email addresses, dates of birth, Social Security numbers, driver’s license or state identification numbers, passport number, bank account information, and other similar contact information and identifiers.

Protected classification information. This category includes characteristics of protected classifications under California or federal law.

Internet or other electronic network activity information. This category includes without limitation:

  • all activity on the Company’s information systems, such as internet browsing history, search history, intranet activity, email communications, social media postings, stored documents and emails, usernames, and passwords.
  • all activity on communications systems including phone calls, call logs, voice mails, text messages, chat logs, app use, mobile browsing and search history, mobile email communications, and other information regarding an employee’s use of company-issued devices.

Professional and employment-related information. This category includes without limitation:

  • data submitted with employment applications including salary history, employment history, employment recommendations, etc.
  • background check, background investigation, and criminal history
  • biometric information
  • work authorization
  • fitness for duty data and reports
  • performance and disciplinary records
  • salary and bonus data
  • benefit plan enrollment, participation, and claims information
  • leave of absence information including religious and family obligations, physical and mental health data concerning employee and his or her family members

Education information. This category includes information that is not publicly available personally identifiable information as defined in the Family Educational Rights and Privacy Act (20 U.S.C. Sec. 1232g; 34 C.F.R. Part 99).

Limited medical information. This category includes without limitation:

  • symptoms and other indicators of exposure to the coronavirus, COVID-19
  • fitness for duty data and reports
  • leave of absence information including family obligations, physical and mental health data concerning employee and his or her family members
  • travel information and information regarding close contacts
  • COVID-19-related doctor’s notes for absences or work restrictions, medical leave of absence records, requests for accommodation, interactive process records, and correspondence with you and your healthcare provider(s) regarding any request for accommodation or medical leave of absence related to COVID-19, COVID19 vaccination-related information.

Geolocation data. This category includes GPS location data from company-owned vehicles.

Audio, Electronic, Visual, or Similar Information. This category includes, without limitation, information collected from CCTV, vehicle tracking, footage on premises.

Sensitive Personal Information. This category includes the following:

  •  Social Security, driver’s license, state identification card, or passport number.
  •  account log-in, financial account, debit card, or credit card number in combination with any required security or access code, password, or credentials allowing access to an account.
  • precise geolocation.
  • racial or ethnic origin, citizenship or immigration status, religious or philosophical beliefs, or union membership.
  • content of mail, email, and text messages unless the Company is the intended recipient of the communication.
  • health information

Inferences drawn from the PI in the categories above.

Please note that PI for purposes of this Notice does not include publicly available information or lawfully obtained, truthful information that is a matter of public concern; information that is deidentified or aggregated; and information subject to certain other laws such as the Gramm-Leach-Bliley Act (GLBA), the
California Financial Information Protection Act, the Health Insurance Portability and Accountability Act (HIPAA), the Fair Credit Reporting Act (FCRA), etc.

Purposes Personal Information is Used

The Company collects and uses PI for onboarding, managing the employment and post-employment relationship, for its business-related purposes, and for legal compliance. Personal information collected is only used for purposes listed below, unless otherwise notified.

  • Collect and process employment applications, including confirming eligibility for employment, background and related checks, personal security clearance processing, onboarding, and related recruiting efforts.
  • Confirming eligibility for employment and related checks regarding fitness for duty, obtaining and/or maintaining a facility clearance, obtain and/or maintain security guard license.
  • Processing payroll, travel profile and employee benefit plan and program administration including enrollment and claims handling and leave of absence administration.
  • Maintaining personnel records and record retention requirements.
  • Communicating with employees and/or employees’ emergency contacts and plan beneficiaries.
  • Complying with applicable state and federal health, labor, employment, benefits, workers compensation, disability, equal employment opportunity, workplace safety, and related laws, guidance, or recommendations.
  • Preventing unauthorized access to, use, or disclosure/removal of the Company’s property, including the Company’s information systems, electronic devices, network, and data.
  • Ensuring and enhancing employee productivity and adherence to the Company’s policies.
  • Investigating complaints, grievances, and suspected violations of Company policy; establishing, responding to and managing legal claims against the Company and/or its personnel including civil discovery in litigation.
  • Design, implement, and promote the Company’s Equal Employment Opportunity programs.
  • Facilitate the efficient and secure use of the Company’s information systems.
  • Ensure compliance with Company information systems policies and procedures.
  • Improve efficiency, logistics, and supply chain management.
  • Improve accuracy of time management systems.
  • Evaluate an individual’s appropriateness for a participation position at the Company, or promotion to a new position.
  • Customer engagement and other legitimate business purposes.
  • To identify trends requiring attention or opportunities for improving the company’s response to employee issues; and to allow the company to develop and improve recruitment and retention strategies.
  • Promote the recognition of contributions made by an individual Employee or team of Employees toward the Company’s goals and objectives.
  • Improve safety of our facilities for employees, customers and the public with regard to use of Company property and equipment.
  • Complying with federal, state, and local orders, identifying potential COVID-19 symptoms, and protecting the workplace.
  • Facilitating other business administrative functions and strategic activities, risk management, information technology and communications, financial management and reporting, workforce and succession planning, merger and acquisition activities, and maintenance of licenses, permits and authorization applicable to the Company’s operations.
  • Engaging in human capital analytics, including but not limited to, identifying certain correlations about
    individuals and success on their jobs, analyzing data to improve processes, and analyzing employee
    preferences to inform HR Policies, Programs and Procedures.
  • As required by applicable law.
Sources of Personal Information.

We may collect your personal information from the following sources:

  • You. We may collect personal information directly from you or through your use of our
    facilities or systems, when you send us an email, or otherwise communicate or interact
    with us during or after your employment. We may also collect information automatically
    from you when you visit our website, use our information systems, etc.
  • Related Entities and Affiliates. We may collect information about you from our related
    parties and affiliates.
  • Social media and related services. We may collect information about you through your
    social media services consistent with your settings on such services.
  • Third parties. We may collect information about you from third parties such as your
    colleagues, emergency contacts, or other third-party sources that are lawfully entitled to
    share your personal information with us. This may include service providers or contractors
    who collect or process your personal information on our behalf.

Disclosures. To carry out the purposes outlined above, we may disclose your personal information to our related entities, or affiliates; our business partners; service providers, contractors, and vendors (e.g., background check providers, third-party staffing agencies, payroll processors, benefits administrators, insurers, travel agencies, security consultants, information technology providers, data storage providers, etc.); professional advisors (e.g., lawyers, auditors, accountants, consultants); and government entities (e.g., regulatory agencies, law enforcement). We may also authorize our service providers to collect personal information on our behalf.

We may disclose your personal information to clients or customers and third parties, as necessary, to: (1) comply with federal, state, or local laws; (2) comply with a civil, criminal, or regulatory inquiry, investigation, subpoena, or summons by federal, state, or local authorities; (3) cooperate with law enforcement agencies concerning conduct or activity that we reasonably and in good faith believe may violate federal, state, or local laws; (4) investigate claims or allegations or to establish, exercise or defend legal claims; or (5) evaluate or perform a merger, acquisition, bankruptcy, or other transaction in which the third party assumes control or acquires all or part of the assets of our business.

The following chart lists the categories of third parties to whom we disclose or may have disclosed these categories of personal information in the preceding 12 months.

Categories of Personal Information

Identifiers and other Contact information – (e.g., name, postal address, email address, phone number, account name, date of birth, Social Security number, driver’s license number, photograph, passport number, unique personal identifier, online identifier, IP address, email address, photo, signature, account name, or other similar identifiers)

NOTE: The information in this category may also include elements of Sensitive Personal Information such as Social Security number, driver’s license number, state identification card number, and/or passport number.

Categories of Third Parties to Whom Disclosed

  • Third parties as directed by you.
  • Subsidiaries, affiliates, and related entities.
  • Our business partners.
  • Clients or customers.
  • Service providers, contractors and vendors.
  • Third parties as related to an acquisition of all or portions of our business.
  • Governmental entities.
  • Professional advisors.

Protected status – such as citizenship, ethnic background, sex, or other similar identifiers or any other characteristic protected by applicable federal, state or local laws.

NOTE: The information in this category may also include the following elements of Sensitive Personal Information: racial, ethnic, or national origin, data related to citizenship or immigrations status.

  • Third parties as directed by you.
  • Subsidiaries, affiliates, and related entities.
  • Our business partners.
  • Service providers, contractors and vendors.
  • Third parties as related to an acquisition of all or portions of our business.
  • Governmental entities.
  • Professional advisors.

Internet or other electronic network activity
such as browsing history, search history, a consumer’s interaction with an internet website, application, or advertisement.

NOTE: The information in this category may include the following elements of Sensitive Personal Information: the contents of mail, email, or text messages, to which the business was not the intended recipient.

  • Third parties as directed by you.
  • Subsidiaries, affiliates, and related entities.
  • Our business partners.
  • Service providers, contractors and vendors.
  • Third parties as related to an acquisition of all or portions of our business.
  • Governmental entities.
  • Professional advisors.

Geolocation data

NOTE: The information in this category may
include the following elements of Sensitive Personal Information: precise geolocation.

  • Third parties as directed by you.
  • Subsidiaries, affiliates, and related entities.
  • Our business partners.
  • Service providers, contractors, and vendors.
  • Third parties as related to an acquisition of all or portions of our business.
  • Governmental entities.
  • Professional advisors.

Audio, electronic, visual or similar information.

  • Third parties as directed by you.
  • Subsidiaries, affiliates, and related entities.
  • Our business partners.
  • Service providers, contractors and vendors.
  • Third parties as related to an acquisition of all or portions of our business.
  • Governmental entities.
  • Professional advisors.

Biometric Information

NOTE: Biometric information is considered an
element of Sensitive Personal Information.

  • Third parties as directed by you.
  • Subsidiaries, affiliates, and related entities.
  • Third parties that perform services on our behalf. For example, providing the time biometric data collection device and related data storage or processing.

Education or Professional and Employment information, including veteran status or other similar identifiers.

NOTE: The information in this category may
include the following elements of Sensitive Personal Information: union membership.

  • Third parties as directed by you.
  • Subsidiaries, affiliates, and related entities.
  • Our business partners.
  • Service providers, contractors, and vendors.
  • Third parties as related to an acquisition of all or portions of our business.
  • Governmental entities.
  • Professional advisors.

Sensitive information

  • Third parties as directed by you.
  • Subsidiaries, affiliates, and related entities.
  • Our business partners.
  • Service providers, contractors, and vendors.
  • Third parties as related to an acquisition of all or portions of our business.
  • Governmental entities.
  • Professional advisors.

Inferences drawn from personal information
such as individual profiles, preferences, characteristics, behaviors or other similar identifiers.

NOTE: The information in this category may include the following elements of Sensitive Personal Information: racial or ethnic origin, religious or philosophical beliefs, union membership, health information.

  • Third parties as directed by you.
  • Subsidiaries, affiliates, and related entities.
  • Our business partners.
  • Service providers, contractors, and vendors.
  • Third parties as related to an acquisition of all or portions of our business.
  • Governmental entities.
  • Professional advisors.

Selling and Sharing Personal Information. The Company does not sell or share, as those terms are defined by the CCPA, any category of personal information collected. In addition, we do not have actual knowledge that we sell or share the personal information of individuals under the age of 16 years.

Disclosing Sensitive Personal Information. We do not use or disclose your Sensitive Personal Information for purposes that, with limited exceptions, are not necessary for employment related purpose for which we collect it or as reasonably expected by an average individual in this context or for other permitted purposes under the CCPA or as authorized by regulation.

Retention. We retain your Personal Information for as long as is necessary to fulfill the purpose for which it was collected (e.g., to manage the employment relationship, etc.) and in accordance with the Company’s records retention schedule and applicable law. We may retain your Personal Information for longer if it is necessary to comply with our legal or reporting obligations (e.g., if we are required to retain your data to comply with applicable laws), resolve disputes, enforce our legal agreements and policies, address other legitimate business needs, or as permitted or required by applicable law. We may also retain your Personal Information in a deidentified or aggregated form so that it can no longer be associated with you.

To determine the appropriate retention period for your Personal Information, we consider various factors such as the amount, nature, and sensitivity of your information; the potential risk of unauthorized access, use or disclosure; the purposes for which we collect or process your Personal Information; and applicable legal requirements. Personal information does not include certain categories of information, such as publicly available information from government records, and deidentified or aggregated information.

California Resident Individual Rights Requests. Individuals who are residents of the State of California have the following rights, subject to certain limitations. 

Right To Know About Personal Information Collected or Disclosed. You have the right to request information beyond what we have disclosed above regarding the following, to the extent applicable:

  • the categories of personal information the Company collected about you.
  • the categories of sources from which that personal information was collected.
  • the business or commercial purposes for which that information was collected, sold, or shared.
  • the categories of third parties to whom the information was disclosed.
  • the specific pieces of personal information collected.

Upon receipt of a verifiable Request to Know (see below), and as required by applicable law, we will provide a response to such request.

Right To Request Deletion of Your Personal Information. You have the right to request that we delete the Personal Information we collected or maintain about you. Once we receive your request, we will let you know what, if any, Personal Information we can delete from our records and will direct any service providers and contractors to whom we disclosed your Personal Information to also delete your Personal Information from their records. There may be circumstances where we cannot delete your Personal Information or direct service providers or contractors to delete your Personal Information from their records. Such instances include, without limitation, when the information at issue is maintained: (a) to enable solely internal uses that are reasonably aligned with your expectations based on your relationship with the Company and compatible with the context in which you provided the information, or (b) to comply with a legal obligation.

Upon receipt of a verifiable Request to Delete (see below), and as required by applicable law, we will provide a response to such requests.

Right to Request Correction. You have the right to request that the Company correct any inaccurate Personal Information we maintain about you, taking into account the nature of that information and purpose for processing it. Upon receipt of a verifiable Request to Correct (see below), and as required by the CCPA, we will provide a response to such requests.

We will not discriminate or retaliate against you for exercising any of the rights described above.

Submitting CCPA Rights Requests. To submit a CCPA Rights request, please contact us at 888-232-9574 or email us at HR@alutiiq.com. We reserve the right to only respond to verifiable Requests to Know, Delete, or Correct that are submitted as instructed. A verifiable consumer request is one made by any individual who is:

  • the individual who is the subject of the request,
  • an individual on behalf of the individual’s minor child, or 
  • the authorized agent of the individual.

What to submit. If we request, you must provide us with sufficient information to verify your identity and/or authority to act on behalf of the individual. In general, we may ask you to provide identifying information that we already maintain about you, or we may use a third-party verification service. In either event, we will try to avoid asking you for sensitive Personal Information to verify your identity. We may not be able to respond to your request or provide you with Personal Information if we cannot verify your identity or authority to make the request and confirm the Personal Information relates to you. However, making a verifiable request does not require you to create an account with us.

Additionally, you will need to describe your request in sufficient detail to allow us to review, understand, assess, and respond. We will not use the Personal Information we collect from an individual to determine a verifiable request for any other purpose, except as required or permitted by law.

Our response. We reserve the right to charge a fee to process or respond to your request if it is excessive, repetitive, or manifestly unfounded. If we determine that a request warrants a fee, we will attempt to notify you as to why we made that decision and provide a cost estimate before completing your request. We will endeavor to respond to a verifiable request within forty-five (45) calendar days of receipt, but we may require an extension of up to forty-five (45) additional calendar days to respond and we will notify you of the need for the extension.

Authorized Agent. You may authorize a natural person or a business (the Agent) to act on your behalf. When you submit a Request to Know, Correct, or Delete, the Agent must provide proof that you gave the Agent signed permission to submit the request, and you either must (i) verify you own identity with the business or (ii) directly confirm with us that you provide permission to the Agent. However, these steps are not required when you have provided the authorized agent with power of attorney pursuant to Probate Code sections 4000 to 4465. We reserve the right to deny requests from persons or businesses claiming to be authorized agents that do not submit sufficient proof of their authorization.

Spouses, Dependents, and Associates. If you have knowledge that the Company collected Personal Information related to your spouse, dependent, or associate, please share a copy of this notice with all such individuals.

If you have questions about this notice, you may call 888-232-9574 or email HR@alutiiq.com

Changes to Statement. We reserve the right to amend this Notice at any time without advance notice.