Employee Privacy Policy

Last modified: July 28, 2025                                                                                                                                                                                                                                                                                 

The Privacy Policy describes how Veteran Benefits Guide  (“VBG,” us,” “we,” and “our”), collects, stores, uses, and discloses Personal Information about you as a former or current employee in connection with your employment.  This notice describes how we use that Personal Information, to whom we disclose it, how you can exercise your data choices, and how you can contact us. Your “Personal Information” is any information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with you or your household.  

California Residents: See the California Privacy Rights section below for important information about your Personal Information and rights under applicable state privacy laws.

Not in scope. This Privacy Policy does not apply to interactions with VBG outside of the employment context, such as browsing our website or using our services. Please review our Privacy Policy and learn more about our privacy practices related to those interactions.  We may also collect, generate, use, and disclose aggregate, anonymous, and other non-identifiable data that is not Personal Information subject to this Privacy Policy.

You may download a copy of this Privacy Policy below:

If you have any questions, or if you need to receive this Privacy Policy in a different format, contact us at (866) 412-8135 or compliance@vbg.com.

Contents

Categories of Personal Information We Collect

We have collected the below categories of employee Personal Information with your consent or as otherwise required or permitted by law in the preceding 12 months.  

  • Personal Identifiers, such as your name; online identifiers, such as your account username and password associated with our systems; telephone number, email address, address, signature, and emergency contact information (such as your family members).  We also collect your internet protocol (“IP”) address if you use a personal electronic device to access our network.  Additionally, we collect your Social Security number or tax identification number, driver’s license or state identification card number, passport number, military credentials or other I-9 documentation to show your identity and authorization to work.
  • Characteristics of Protected Classifications, such as your date of birth, age, gender identity, sex, race, ethnic or national origin, citizenship and immigration status, veteran or military status, disability information, marital status, or pregnancy and related information, if you provide this information.
  • Audio/Visual Data or Similar Information, such as your employee photograph or CCTV security camera recordings of you.  We also collect messages (whether in electronic, text, or audio/voice form) that you send to us.  If you participate in any external or internal marketing campaigns, we collect photographs and/or video recordings of you in furtherance of those marketing efforts.  
  • Biometric Information, such as voicemail messages that you leave for us.  
  • Personal Professional or Employment Information, such as information related to your employment history, including your resume.  Additionally, we collect information relating to your dates of employment, your work attendance, and your work performance., such as your name; online identifiers, such as your account username and password associated with our systems; telephone number, email address, address, signature, and emergency contact information (such as your family members).  We also collect your internet protocol (“IP”) address if you use a personal electronic device to access our network.  Additionally, we collect your Social Security number or tax identification number, driver’s license or state identification card number, passport number, military credentials or other I-9 documentation to show your identity and authorization to work.
  • Education Information, such as your education history.
  • Financial Information, such as your bank account information to process payroll, and payment information relating to employee benefits received by you or your spouse and dependents.
  • Health Insurance Information, such as enrollment details and premium payments concerning you, your dependent or spouse, in furtherance of processing your health insurance enrollment and manage your benefits.
  • Medical Information, such as your health, medical and treatment history, diagnoses, dates of service, provider name, spouse and dependent information, benefits payment information, and your ability to work to the extent provided to us and the extent permitted and required by applicable laws.
  • Internet or Other Electronic Network Activity & Analytics or Monitoring Data, such as system log data like IP address, browser type, language, device information, access times, and referring website addresses if you use a device to access our network, as part of our system management and investigations into irregular, unauthorized, or unusual activity on our systems.  The use of VBG’s Information Technology assets (i.e., VBG’s computers and electronic devices) is not governed by the Employee Privacy Policy but is instead governed by Acceptable Use Policy.

Sources of Personal Information

We collect, and in the preceding 12 months have collected, Personal Information in the following ways. We may combine information that we collect from different sources.

  • Directly from you. We may collect Personal Information directly from you, such as during the job application or onboarding process, during your employment, and/or when you experience a change in your employment status with us.
  • From third parties.  We may collect certain Personal Information about you from third parties. For example, this includes vendors that run background checks, vendors that administer VBG’s leave of absence and employee benefits, healthcare providers whom you direct to communicate with us, your spouse and/or dependents, and references and referrals you provide to us.  
  • From our employees and clients.  Other VBG employees may provide us with information about you, such as performance or evaluation information from a manager or supervisor. From time to time, we also obtain information about you from VBG’s clients, such as when they provide feedback or reviews of their interactions with you.
  • When you visit our offices.  We collect identifiers and audio/visual data when you visit our offices.
  • Automatically. When you access our networks, we collect system log data such as your IP address, browser type and language, device information, access times, and referring website addresses.  

Purposes for Collecting Personal Information

We use Personal Information for the following purposes:

  • Onboarding. We use identifiers, characteristics of protected classifications, professional or employment information, and education information to conduct background checks as necessary, complete new hire paperwork, enroll you in our HR system, and set up your personnel file.
  • Benefits. We use identifiers, financial information, professional or employment information, health insurance information, and medical information we collect to create and facilitate benefits packages and, if eligible, provide your employee benefits through us and/or through third-party benefits administrators.
  • Payroll. We use identifiers, professional or employment information, and financial information to manage reimbursements and pay you for services provided.
  • Leave and Accommodation Requests. We use identifiers, professional or employment information, medical information, and characteristics of protected classifications we collect to evaluate and process time off, sick leave, leaves of absence, or accommodation requests if you make such requests.
  • Training, Performance Reviews, and Goals Monitoring. We use identifiers and professional or employment information we collect to provide you with relevant training and feedback and to support your career development.
  • Marketing.  We use audio/visual data as well as identifiers we collect to engage in internal and external marketing efforts, but such use for external marketing efforts is only done with your affirmative consent.
  • Business Operations. We use identifiers, biometric information, characteristics of protected classifications, audio/visual data, professional or employment information, education information, and financial information we collect to guide our recruiting and hiring process, maintain files, and/or support our business operations and the operations of our parent(s), subsidiaries, and affiliates.
  • Security and Crime Prevention. We use identifiers, audio/visual data, internet or other electronic network activity & analytics or monitoring data, and professional or employment information to secure our facilities and networks, such as by monitoring access to our network, conducting periodic security checks, investigating workplace incidents, and limiting access to our facilities and assets.
  • Legal Compliance and Protection. We use the identifiers, characteristics of protected classifications, audio/visual data, biometric information, internet or other electronic network activity & analytics or monitoring data, professional or employment information, education information, financial information, health insurance information, and medical information we collect to comply with applicable laws, our legal obligations and in defense of our company, property, and others through legal proceedings.

How We Disclose Personal Information

We disclose Personal Information in the following circumstances:

  • Service Providers.  We disclose Personal Information with vendors who support the operation of our business, including our payroll provider(s), benefits administrator(s), insurance administrator(s), background check vendor(s), and retirement plan administrator(s).  In some cases, the service provider may directly collect the information from you.  In the past 12 months, we have disclosed identifiers, characteristics of protection classifications, financial information, professional or employment information, health insurance information, education information, and medical information to our service providers.
  • Professional Advisors. We disclose Personal Information to professional advisors, such as lawyers, bankers, tax consultants, auditors, and insurers, where necessary in the course of their services. In the past 12 months, we have disclosed identifiers, characteristics of protected classifications, medical information, health insurance information, professional or employment information, and education information to our professional advisors.
  • Government Entities. We disclose Personal Information with regulatory and government entities, including government, administrative, law enforcement, and regulatory agencies; tax authorities; and other public agencies or authorities if we think we should in order to comply with any applicable law, regulation, legal process, or other legal obligation.  This includes cooperating with law enforcement when we think it is appropriate, obtaining legal remedies or limiting our damages, and enforcing or protecting our contracts, legal rights, or the rights of others, including by responding to claims against us. In the past 12 months, we have disclosed identifiers and characteristics of protected classifications, to government entities.
  • The General Public.  If you participate in our external marketing efforts, we may disclose your name and veteran or military status to the general public.  In the past 12 months, we have disclosed the names and veteran or military status as part of our external marketing efforts.
  • Other Reasons. We may disclose Personal Information for other reasons we may describe to you, including if you consent to the disclosure or direct us to disclose your information.

How Long We Keep Personal Information

To the extent permitted by applicable law, we will retain your Personal Information for as long as reasonably necessary to fulfill the purposes for which it was collected, including to meet any legal, accounting, or other reporting requirements or obligations.  We use the following criteria to determine retention periods:

  • how long the information is needed to provide our services and operate our business;
  • whether there are contractual or legal obligations that exist that require us to retain the information for a period of time;
  • whether any law, statute, or regulation allows for a specific retention period;
  • whether an individual has agreed to a longer retention period;
  • whether the data is considered to be sensitive data; and
  • what was the expectation for retention at the time the data was provided to us?

Security

We follow generally accepted industry standards to protect the Personal Information submitted to us and have implemented reasonable technical, organizational, administrative, and physical measures to protect It. However, no method of transmission or method of electronic storage is 100% secure.  

Data Processing

By having an employment relationship with us and/or by providing us with your Personal Information, you acknowledge your Personal Information may be transferred to and processed in jurisdictions outside your own as described in this Privacy Policy.  Please be aware that the data protection laws and regulations that apply to your Personal Information transferred to other jurisdictions may differ from those in your place of residence.  

California Privacy Rights

If you are a California resident, this section applies to you.
California Consumer Privacy Act (“CCPA”), as Amended by the California Privacy Rights Act (“CPRA”).
Sale or Sharing of Personal Information.  In the preceding 12 months, we have not “sold” or “shared” (as those terms are defined in the CPRA) any Personal Information (including Sensitive Personal Information) to “third parties” as that term is defined in the CPRA.

Use or Disclosure of Sensitive Personal Information.  The following forms of data listed above constitute “Sensitive Personal Information”: Your Social Security, driver’s license, state identification card, and passport number; your bank account information; your racial, ethnic or national origin; your biometric information; your citizenship and/or immigration status, and your health information, if provided to us.  We do not use or disclose Sensitive Personal Information, as defined by California law, for inferring characteristics or for purposes other than those permitted by law.

Your Rights Under the CPRA.  Subject to certain exceptions and limitations, the CPRA affords California consumers the following rights:

  • You have the right to request that we tell you (i) what Personal Information we have collected about you, (ii) the sources of that information, (iii) the purposes for collecting, selling, or sharing the Personal Information; and (iv) the categories of third parties to whom we have disclosed Personal Information.
  • You have the right to request that we provide you with a copy of your Personal Information.
  • You have the right to request that we delete the Personal Information we collected from you. We may not delete all of your Personal Information if one of the exceptions to the CPRA applies.
  • You have the right to correct inaccurate Personal Information that we hold about you.
  • You have the right not to be discriminated against for exercising your CCPA rights. We will not discriminate against you if you exercise any of your CCPA rights.

Exercising Your Rights.  To exercise any of your rights, contact us at (866) 412-8135 or compliance@vbg.com to submit a request, or use our Contact Us webform. We cannot process your request if you do not provide us with sufficient detail to allow us to understand and respond to it.  You can ask to appeal any denial of your request in the same manner through which you may submit a request.

For all requests, you should provide us with your name, employee ID number (if known), email address, phone number, and mailing address.  We will verify your identity by matching the information we have regarding our current and former employees against the information you have provided.  Failure to provide the foregoing information may prevent us from processing your request.  If you have requested that we correct your Personal Information, we may contact you to request additional information about the Personal Information that you believe is inaccurate, including supporting documentation.

Authorized Agents.  Your authorized agent may be able to make a request on your behalf.  However, we may need to verify your authorized agent’s identity and authority to act on your behalf.  We may require a copy of a valid power of attorney given to your authorized agent under applicable law.  If you have not provided your agent with such a power of attorney, we may ask you to take additional steps permitted by law to verify that your request is authorized, such as by providing your agent with written and signed permission to exercise your rights on your behalf, the information we request to verify your identity, and confirmation that you have given the authorized agent permission to submit the request.

Contact Us

If you have any questions about this Policy or our privacy practices, please email us at compliance@vbg.com, or call us at (866) 412-8135.

At-Will Employment

This Employee Privacy Policy does not form any part of any contract of employment. Your status as a current/former at-will employee with us does not change by virtue of this Employee Privacy Policy.

Updates to Our Privacy Policy

This Employee Privacy Policy may be updated from time to time for any reason. If we make material changes to this Privacy Policy, we will notify you by posting the new Privacy Policy and changing the effective date listed at the top of this Privacy Policy.  If required by law, we will also provide notification of changes in another way that we believe is reasonably likely to reach you, such as via e-mail or another manner in which we communicate with you as an employee. Any modifications to this Employee Privacy Policy will be effective upon our posting the modified version as described above (or as otherwise indicated at the time of posting).