Privacy Notice to California Independent Contractors

Clean Energy and/or any affiliated entities (collectively, the “Company” or “we”) provide this California Privacy Notice (“Notice”) to describe our privacy practices with respect to our collection of Personal Information as required under the California Consumer Privacy Act (“CPPA”). This Notice applies only to independent contractors who are residents of the State of California (“Consumers”) and from whom we collect “Personal Information” as defined in the CCPA. We provide you this Notice because under the CCPA, California residents who are independent contractors qualify as Consumers. For purposes of this Notice, when we refer to Consumers, we mean you only to the extent you are an independent contractor of the Company who resides in California.

1. Information We Collect From or About Independent Contractors

We may collect Personal Information from or about you in a variety of different situations and using a variety of different methods, including, but not limited to, on our website, your mobile device, through email, in physical locations, through written applications, through the mail, and/or over the telephone. Generally, we may at various times in the course of you providing services to the Company collect, receive, maintain, and use the following categories of Personal Information for any of the purposes listed below in this Notice and to the extent permitted under applicable law:

Category	Examples	Retention Period
Personal Identifiers	Name, alias, Tax Identification Number (TIN), social security number (when used as your TIN), date of birth, driver’s license or state identification card number, passport number, Company ID number, state professional license number.	Contract term plus 4 years, unless a different period is required by contract, relevant laws or regulations.
Contact Information	Home, postal or mailing address, email address, home phone number, cell phone number.	Contract term plus 4 years, unless a different period is required by contract, relevant laws or regulations.
Account Information	Username and password for Company accounts and systems, and any required security or access code, password, security questions, or credentials allowing access to your Company accounts.	Username:  permanent, unless a different period is required by relevant laws or regulations; Password or security code: while in use + 2 years, whichever is longer, unless a different period is required by relevant laws or regulations.
Professional Related Information	Information contained in tax forms/1099 forms, safety records, licensing and certification records, and performance records, and information related to services provided by independent contractors, including information in statements of work.	Contract term plus 4 years, unless a different period is required by contract, relevant laws or regulations.
Financial Information	Information contained in invoices billed to the Company and in records of payments made to you by the Company, account information such as ACH information used for payment, or other financial account information.	Contract term plus 4 years, unless a different period is required by contract, relevant laws or regulations.
Pre-Contract Information	Information you provided in your portfolio or proposal for services, information gathered as part of vendor evaluation and reference checks and other assessments of your qualifications to provide services to the Company, information in work product samples you provided, and voluntary disclosures you provided to Company.	Contract term plus 4 years, unless a different period is required by contract, relevant laws or regulations.
Professional History	Information regarding prior experience, positions held, and names of prior clients to which you provided services.	Contract term plus 4 years, unless a different period is required by contract, relevant laws or regulations.
Education Information	Information regarding educational history and records of degrees and vocational certifications obtained.	Contract term plus 4 years, unless a different period is required by contract, relevant laws or regulations.
Internet, Network, and Computer Activity	Internet or other electronic network activity information related to usage of Company networks, servers, intranet, shared drives, or Company-owned computers and electronic devices, including system and file access logs, security clearance level, browsing history, search history, and usage history.	3 years
Mobile Device Security Information	Data identifying independent contractor devices accessing Company networks and systems, including cell phone make, model, and serial number, cell phone number, and cell phone provider.	3 years
Online Portal and Mobile App Access and Usage Information	Username and password, account history, usage history, file access logs, and security clearance level.	Username:  permanent; Password or security code: while in use + 2 years, whichever is longer; rest of this category for 2 years, unless a different period is required by relevant laws or regulations.
Visual, Audio or Video Recordings in the Workplace	Your image when recorded or captured in surveillance camera footage or pictures of independent contractors taken at a Company facility, function or event, or in pictures or video of independent contractors posted on social media to which the Company has access or that are submitted to the Company by a third party.	Surveillance video – 90 days; rest for term of contract plus 4 years, unless a different period is required by relevant laws or regulations.
Facility & Systems Access Information	Information identifying which independent contractors accessed secure Company facilities, systems, networks, computers, and equipment and at what times using their keys, badges, fobs, login credentials, or other security access method.	3 years, unless a different period is required by relevant laws or regulations.
Inferences	Based on analysis of the personal information collected, we may develop inferences regarding your preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.	Contract term plus 4 years, unless a different period is required by relevant laws or regulations.
Medical and Health Information	Information related to symptoms, exposure, contact tracing, diagnosis, testing, or vaccination for infectious diseases (e.g., COVID-19), pandemics, or other public health emergency.	Contract term plus 4 years, unless a different period is required by relevant laws or regulations.

Of the above categories of Personal Information, the following are categories of Sensitive Personal Information the Company may collect:

1. Personal Identifiers (social security number, driver’s license or state identification card number, passport number)
2. Account Information (your Company account log-in, in combination with any required security or access code, password, or credentials allowing access to the account)
3. Medical and Health Information

Personal information does not include:

• Publicly available information from government records.
• Information that a business has a reasonable basis to believe is lawfully made available to the general public by the independent Contractor or from widely distributed media. 
• Information made available by a person to whom the independent Contractor has disclosed the information if the independent Contractor has not restricted the information to a specific audience. 
• De-identified or aggregated information.

2. How We Use Personal Information and Sensitive Personal Information

The Personal Information and Sensitive Personal Information we collect, and our use of Personal Information and Sensitive Personal Information, may vary depending on the circumstances. This Notice is intended to provide an overall description of our collection and use of Personal Information and Sensitive Personal Information. Generally, we may use or disclose Personal Information and Sensitive Personal Information we collect from you or about you for one or more of the following purposes:

1. To fulfill or meet the purpose for which you provided the information. 
2. To comply with local, state, and federal law and regulations requiring businesses to maintain certain records (such as accident or safety records, and tax records/1099 forms).
3. To engage the services of independent contractors and compensate them for services.
4. To evaluate, make, and communicate decisions regarding an Independent Contractor, including decisions to enter into, renew, and/or terminate the contract.
5. To grant Independent Contractors access to secure Company facilities, systems, networks, computers, and equipment, and maintain information on who accessed such facilities, systems, networks, computers, and equipment, and what they did therein or thereon.
6. To engage in lawful monitoring of independent contractor activities and communications when they are on Company premises, or utilizing Company internet and WiFi connections, computers, networks, devices, software applications or systems.
7. To implement, monitor, and manage electronic security measures on Independent Contractor devices that are used to access Company networks and systems.
8. To engage in corporate transactions requiring review of independent contractor relationships, services, and contracts, such as for evaluating potential mergers and acquisitions of the Company.
9. To maintain commercial insurance policies and coverages.
10. To provide services to corporate customers who may request certain pieces of information about a Company independent contractor (such as name and phone number) to permit the independent contractor access or security clearance to their facility in advance of the Company independent contractor being dispatched to provide services at the customer’s facility.
11. INFECTIOUS DISEASE PURPOSES (pandemic, outbreak, public health emergency, etc.)
    1. To reduce the risk of spreading the disease in or through the workplace.
    2. To protect independent contractors and other consumers from exposure to infectious diseases (e.g., COVID-19).
    3. To comply with local, state, and federal law, regulations, ordinances, guidelines, and orders relating to infectious diseases, pandemics, outbreaks, and public health emergencies, including applicable reporting requirements.
    4. To facilitate and coordinate pandemic-related initiatives and activities (whether Company-sponsored or through the U.S. Center for Disease Control and Prevention, other federal, state and local governmental authorities, and/or public and private entities or establishments, including vaccination initiatives).
    5. To identify potential symptoms linked to infectious diseases, pandemics, and outbreaks (including through temperature checks, antibody testing, or symptom questionnaire).
    6. To permit contact tracing relating to any potential exposure to infectious diseases.
    7. To communicate with independent contractors and other consumers regarding potential exposure to infectious diseases (e.g., COVID-19) and properly warn others who have had close contact with an infected or symptomatic individual so that they may take precautionary measures, help prevent further spread of the virus, and obtain treatment, if necessary. 
12. To evaluate, assess, and manage the Company’s business relationship with vendors, service providers, and contractors that provide services to the Company.
13. To improve user experience on Company computers, networks, devices, software applications or systems, and to debug, identify, and repair errors that impair existing intended functionality of our systems.
14. To detect security incidents involving potentially unauthorized access to and/or disclosure of Personal Information or other confidential information, including proprietary or trade secret information and third-party information that the Company receives under conditions of confidentiality or subject to privacy rights.
15. To protect against malicious or illegal activity and prosecute those responsible.
16. To prevent identity theft.
17. To verify and respond to consumer requests under applicable consumer privacy laws.
18. Retention of Personal Information  

We will retain each category of personal information in accordance with our established data retention schedule as indicated above. In deciding how long to retain each category of personal information that we collect, we consider many criteria, including, but not limited to: the business purposes for which the Personal Information was collected; relevant federal, state and local recordkeeping laws; applicable statutes of limitations for claims to which the information may be relevant; and legal preservation of evidence obligations. 

We apply our data retention procedures on an annual basis to determine if the business purposes for collecting the personal information, and legal reasons for retaining the personal information, have both expired. If so, we will purge the information in a secure manner.

4. Sale/Sharing of Information to Third Parties

The Company does not and will not sell your Personal Information or Sensitive Personal Information for any monetary or other valuable consideration. The Company does not and will not share your Personal Information or Sensitive Personal Information for cross-context behavioral advertising.

5. Access to Privacy Policy

For more information, please review the Company’s Privacy Policy at www.cleanenergyfuels.com/online-privacy-policy.