California Consumer Privacy Act policy
Scope of California law
As a global service provider, LifeWorks (US) Inc., along with its subsidiaries and affiliates (“LifeWorks”), is committed to protecting the personal information of its clients and the users of its services, in accordance with all applicable federal, state and local laws. On January 1, 2020, the State of California put into effect the California Consumer Privacy Act (“CCPA”), followed by the California Privacy Rights Act (“CPRA”) in November 2020. These laws provide California residents with rights of control over their personal information by putting restrictions on how a company may “use” that data.
The CCPA establishes several rights for California residents, such as the “right to know”, the “right to delete” and the “right to opt-out”. These rights impose requirements on a “business” that collects personal information and determine the “purposes and means” of permitted processing of any personal information collected.
However, businesses may also engage “service providers” to collect and process personal information on their behalf. In order for an organization to be a service provider, they must have a written contract in place that describes the approved uses of personal information, and that limits them to those uses that are necessary for fulfilling the obligations of the contract with the business.
Since LifeWorks engages with consumers in providing services to employers, insurance companies, schools, and other organizations, and has contractual language with those organizations limiting what we can do with consumer personal information, LifeWorks fits within the “service provider” role, as defined under the CCPA.
As a “service provider”, LifeWorks is not a “business” responsible for meeting the consumer rights identified in the CCPA. These obligations rest with the LifeWorks client as the “business”.
Some of LifeWorks business units operate as Covered Entities under the federal Health Insurance Portability and Accountability Act of 1996 (“HIPAA”), including those offering Employee Assistance Programs and iCBT services. The CCPA excludes any Protected Health Information (“PHI”) held by Covered Entities and therefore, for these business units, HIPAA governs our conduct with respect to any PHI involved.
LifeWorks understands that an individual’s rights around the control of their personal information is also a trust issue, rather than just a legal one. To that end, we are continuing to review and evolve our data handling practices to be respectful of the interests of our clients’ employees and the employees of any prospective partners with whom we may be evaluating a business relationship.
If you have any questions or concerns about this policy or LifeWorks' handling of your personal information, or if you want to make a complaint, please communicate in writing with our Privacy Officer at:
By regular mail:
LifeWorks (US) Ltd.
115 Perimeter Center Place NE
Atlanta, GA 30346
By electronic mail:
Please note that we may need to confirm your identity, request additional details and work with other LifeWorks departments to respond to you or to look into your concerns or complaint.
We may modify this notice from time to time and will post the most current version online.
Last updated: June 2021