Workforce Privacy Notice
Effective Date: December 30, 2022
PURPOSE AND SCOPE
This Privacy Notice (“Notice”) explains how Lyra Health, Inc., Lyra Clinical Associates, P.C., and their affiliates and subsidiaries (collectively, “Lyra”) collect and use personal data from employment applicants, prospective employees, employees, interns, contractors, contingent, and other personnel, including Providers (collectively, “Workforce”). For purposes of this Notice, “Providers” means coaches, therapists, or others that provide mental health services on behalf of Lyra.
This Notice also details how to exercise rights that may be available to Workforce regarding their personal data.
Unless otherwise stated, this Notice applies to Lyra Workforce globally.
PERSONAL DATA WE COLLECT
During application, onboarding, and employment, Lyra may collect personal data from you, including:
- Profile/contact information, e.g., name, address, phone number, email address, photograph, and biography information.
- Qualifications, e.g., employment history, education, professional qualifications, certifications and credentials, salary information, financial information related to credit checks, bank details for payroll, information that may be recorded on a resume/CV or application form, language abilities.
- Information about third parties you elect, e.g., contact information of third parties in case of an emergency and beneficiaries under any insurance policy.
- Sensitive or demographic information, e.g., date of birth, passport number, driver’s license number, Social Security number or other government-issued identification number, details of health and disability, including medical information, vaccine status, health insurance information, mental health, medical leave, and maternity leave; information about national origin or immigration status; and optional demographic information such as race, sexual orientation, LGBTQ+ status, and/or veteran status, which helps us achieve our diversity goals.
- Information collected via Workforce use of Lyra systems and networks. We may collect information automatically from use of Lyra’s systems or networks, such as your Internet protocol (IP) address, inferred location based on your IP address, device identifiers associated with your computer or mobile device, activity logs, and other information about activities you engage in on Lyra property, equipment, accounts, systems and networks. Lyra may monitor and review Workforce uses of Lyra’s equipment, accounts, information technology systems and networks, including its phone networks, computer networks, including those used to access the Internet, videoconferencing systems and other company-provided electronic communications tools. Lyra may access and review electronic files, messages, and emails sent or stored on its information technology systems, including accounts, computers and devices provided to Workforce.
- Surveys. We may send Providers optional surveys that ask about your experience working with Lyra. Information gathered from Provider surveys may be used in sales and marketing materials, in a non-identifiable format.
- Information from other sources. We may collect or receive information about you from other sources, including through third-party services and organizations to supplement information provided by you. For example, where permitted by law, we may conduct background or credit checks on Workforce prior to employment with Lyra.
HOW WE USE WORKFORCE PERSONAL DATA
We process Workforce personal data for a variety of business purposes including:
- Recruiting and assessing suitability, aptitude, skills, qualifications, and interests for employment with Lyra;
- Communicating with candidates about the application process;
- To assist Workforce in obtaining an immigration visa or work permit (where required or requested);
- Workflow management, including assigning, managing and administering projects;
- Human Resources operations, including but not limited to performance management;
- To administer, bill, and collect for the services provided to our clients;
- To obtain a holistic view of our workforce so that we can ensure that every Lyrian has the support, benefits, and professional growth opportunities they need;
- To obtain a holistic view of our workforce so that we can identify any potential gaps in community support, benefits, and professional growth opportunities within Lyrian communities;
- Compensation, payroll, the provision of benefits, and stock plan administration;
- To pursue our legitimate interests (for example, fraud prevention, network and information security, disclosure to affiliated organizations for administrative tasks, monitoring overtime, Workforce monitoring for safety or management, improving the safety of our workplace, whistleblowing schemes, enforcement of legal claims, and research purposes);
- Helpdesk and IT support services;
- Internal and/or external or governmental compliance investigations;
- Internal or external audits;
- Where necessary for the establishment or exercise of legal claims or defenses;
- To improve our workplace and Worker satisfaction;
- Diversity and inclusion initiatives;
- Emergency contacts and services;
- Workforce safety;
- Facilities management;
- Health Plan administration purposes;
- To comply with our legal obligations;
- Acquisitions, divestitures, and integrations; and
- As you otherwise agree or consent.
HOW WE DISCLOSE WORKFORCE PERSONAL DATA
We may share your data as described in this Privacy Notice, in our HIPAA Notice (U.S.), or with your permission.
- Vendors and Service Providers. We may share personal data we receive with vendors and service providers for Human Resources operations and the provision of IT and related services.
- Disclosures to Protect Us or Others. We may access, preserve, and disclose your personal data if we believe doing so is required or appropriate to: (i) comply with law enforcement requests and legal processes such as court orders or subpoenas; (ii) protect your, our, or others’ rights, property, or safety; (iii) enforce our policies or contracts; (iv) collect amounts owed to us; or (v) assist with an investigation or prosecution of suspected or actual illegal activity.
- Merger, Sale, or Other Asset Transfers. If we are involved in a merger, acquisition, financing due diligence, reorganization, bankruptcy, receivership, sale of company assets, or transition of service to another entity, your personal data may be transferred as part of such a transaction as permitted by law and/or contract.
INTERNATIONAL DATA TRANSFERS
All data collected via or by Lyra may be transferred, processed, and stored anywhere in the world, including, but not limited to, the United States. Where required, Lyra engages transfer mechanisms for the legal transfer of personal data from the EU and UK, such as Standard Contractual Clauses.
YOUR CHOICES AND RIGHTS
In the EU and UK, you may have the right to:
- Request access to or a copy of your personal data, including in a portable format;
- Request that we delete your data from our systems;
- Object to or restrict processing of your data;
- Correct inaccurate or outdated personal data in our systems;
For more information or to exercise these rights, please contact us as set forth below. Note that the rights that are available to you depend on applicable law.
In California, you have the right to:
- Request specific pieces of personal information we have collected from you;
- Request the deletion of personal information that we collected from you;
- Request the amendment of personal information that we collected from you; and
- Request that we transmit to another entity the personal information that we collected from you.
For more information about these rights, please contact us as set forth below. To exercise these rights, please click here.
Additionally, in California, you have the right to limit the use of your sensitive personal information. To exercise this right, please click here. Please note that Lyra does not “sell” or “share” employee personal information as defined by the CPRA.
We may, however, collect Sensitive Personal Information, as defined by the CPRA, from providers including information pertaining to: race, ethnicity, and/or sexual orientation. We collect this information to support user selection of providers based on these characteristics. If providers choose to provide this information, we will retain it as long as they continue to be a Lyra provider and have not withdrawn their consent to the use of such information. If you would like to limit how we use such information, you can use the Limit the Use of My Sensitive Personal Information form.
Lyra retains the personal data we receive as described in this Privacy Notice for as long as necessary to fulfill the purpose(s) for which it was collected, resolve disputes, establish legal defenses, conduct audits, pursue legitimate business purposes, enforce our agreements, and comply with applicable laws.
SECURITY OF YOUR PERSONAL DATA
We take steps to ensure that your personal data is treated securely and in accordance with this Notice. Unfortunately, we cannot ensure or warrant the security of any data you provide to us. To the fullest extent permitted by applicable law, we do not accept liability for unauthorized disclosure.
If you are located in the EU or the UK, you have the right to lodge a complaint with a supervisory authority if you believe our processing of your personal data violates applicable law.
If you have any questions about our privacy practices or this Privacy Notice, please contact us at [email protected].