Job Applicant Personal Information Handling Policy – US
UnitedHealth Group is committed to protecting its workers’ Personal Information.
UnitedHealth Group observes principles of good information handling and takes all reasonable care when handling workers’ Personal Information, which includes any information that identifies, or is capable of identifying, individual UnitedHealth Group employees and other non-employee workers, such as third-party contractors (collectively referred to as “workers”). UnitedHealth Group processes workers’ Personal Information in accordance with applicable privacy and data protection laws.
For the purposes of this policy, all UnitedHealth Group subsidiaries and business units are collectively referred to as “UnitedHealth.” Any reference to UnitedHealth, “we,” “our,” “us,” or “company” in this policy means UnitedHealth Group and its affiliates.
What Personal Information may we hold about you?
UnitedHealth may collect and use in its day-to-day business activities Personal Information you provided prior to and during the work relationship. Such information is collected from you and by our company technology and systems when you use them. Personal Information may be obtained from: your application materials including resume or CV; offer letter; any employment contract, independent contractor agreement and/or other professional contract; information used for payroll processing and benefits administration; performance appraisals or disciplinary records; training records; company devices or vehicles; photos used for an identification badge or organizational chart, marketing, or website; biometric data, including biometric data used for timekeeping or facility access; backup files; browsing history or search history (on company-owned or provided devices); internal or external contact information maintained in the onboarding, Human Resources Information System, active directory or other systems; information captured from video or audio systems or other forms of monitoring or surveillance; data collected as part of the company’s human capital analytics or talent management programs; occupational health records and assessments, including disease testing results and vaccination records; background checks; drug screenings; payroll service records; and leave and accommodation service records. These documents may contain:
Individual Identifiers & Personal Information
Characteristics of Protected Classifications
- real name
- postal address and former addresses
- email address
- phone number
- fax number
- veteran status
- date of birth and place of birth
- residency status
- marital status
- names of any dependents
- emergency contact information
- social security number (SSN)
- driver’s license number
- passport or visa number
- tax identification number (TIN)
- unique personal or online identifier
- National Provider Identifier (NPI)
- spoken language(s)
Internet or Network Information
- voice prints
- face scans
Professional or Employment-Related Information
- website URL
- internet protocol (IP) address
- interactions with sites or apps
- employment history
- performance ratings and disciplinary records
- drug testing results
- occupational health records and assessments, including disease testing results and vaccination record
- background check information
Audio, Electronic or Visual Information
- on-site security cameras, pictures, video, and audio recordings
Medical or Health Insurance Information
Any Personal Information may be held electronically and/or in hard copy form.
How will we use your Personal Information?
UnitedHealth collects Personal Information about you to establish and manage UnitedHealth’s relationship with you and for related functions including for personnel and administrative processes (among others) such as, but not limited to:
UnitedHealth also may screen applicable workers against professional body registrations and licensing organizations. Such screenings are necessary to ensure that workers are suitable for their position at UnitedHealth Group and, in particular, to confirm that they are permitted without exception to provide services to UnitedHealth and all of UnitedHealth’s clients, including organizations that prohibit excluded or debarred individuals from working on their account.
- Human resources administration;
- Carrying out obligations and exercising rights under applicable employment laws;
- Compliance with applicable laws and regulations and UnitedHealth’s legal obligations, including accounting and tax requirements and in relation to benefits administration;
- Business processes including maintenance of business and statutory records, management analysis, audits, forecasts, planning, transactions, business continuity, organizational risk management and insurance, and labor risk prevention;
- The security of the workplace, assets, workers and the Personal Information of workers, clients, and customers, including monitoring, as described below;
- Programs and policies on training and development, job evaluation, rewards, planning, and organization;
- The performance of employment and services contracts, including human resource administration and payroll; and
- To manage our occupational health and safety obligations.
Will your Personal Information be kept up to date?
We will only retain Personal Information about you that is necessary for the purposes described above and will take all reasonable steps to ensure that it is kept up-to-date and accurate. From time to time we may ask you to review and update the Personal Information we hold (although you are encouraged to update the information at any time). We will only hold your Personal Information for as long as it is relevant to your working relationship with UnitedHealth or as long as necessary to comply with any legal obligation or to fulfill the above-listed purposes.
In order for us to keep your Personal Information up to date, you must inform us of any changes to the Personal Information we hold about you, for example, your name, address, marital status, contact details, qualifications and emergency contact details.
Do we share your Personal Information with anyone else?
Sometimes we may need to share your Personal Information with third parties. We will only do so when necessary for legitimate business purposes. For example, your Personal Information may be sent to the following parties for the following reasons:
What are your obligations under this policy?
- To external suppliers to administer your benefits on our behalf;
- To clients for the purpose of potentially offering your services to or seconding you to work for them;
- To clients to review your qualifications with a view to securing business;
- To competent public corporations and government authorities as may be required by law regarding tax, labor, social security and similar matters;
- To our carefully selected service providers appointed from time to time to provide services related to our business and under contract to us, such as processors of reimbursable expenses, salary, and other compensation information. Those service providers will be carefully selected and bound by appropriate contractual protections (such as to use appropriate measures to protect the confidentiality and security of personal data), where required by applicable data protection law;
- To internal UnitedHealth business segments that may carry out shared services functions, such as those processing reimbursable expense payments;
- To providers of labor risk prevention and occupational health services;
- To new (or prospective) contractors, if required under transfer of undertakings arrangements;
- To future employers or financial institutions for the purpose of providing a reference/credit references and other information, but only if you request that we do so;
- To any new (or prospective) owners, should there be a change (or prospective change) in the ownership of UnitedHealth, or business units or departments within UnitedHealth in which you work; and/or
- To external parties as required by law or legal process, or as otherwise authorized by you.
We request that you provide us with accurate and up-to-date Personal Information. Should you make a request to access the information we hold about you, we may require that you provide us with further information so that we can be satisfied of your identity, subject to any applicable local restrictions.
To protect UnitedHealth, its assets, workers and the Personal Information of its workers, clients, and customers and to manage and optimize worker performance UnitedHealth performs monitoring and recording activities in the company premises, including offices, workstations, workspaces, other facilities (collectively referred to as “company premises”) and company technology and systems, including device location.
UnitedHealth provides workers with access to company premises and its company technology and systems including telephones, fax machines, computers, networks, the Internet and other electronic devices for business and communication purposes.
We permit very limited personal use of company technology and systems, so long as it is in accordance with use policies that are notified to workers. UnitedHealth monitors worker use of company technology and systems for legitimate organizational, compliance, performance, production, and security purposes, including to protect the business of the company and use of its assets and the Personal Information we hold about our clients, customers, and members. All monitoring, which is subject to applicable law, will be proportionate to the potential harm that might be suffered through misuse. If any company technology and systems to which you have access are subject to monitoring, the nature of that monitoring and its purpose will be described to you through company notices and policies.
What security measures do we employ in handling your Personal Information?
UnitedHealth Group takes appropriate physical, technical and administrative security measures to guard against unauthorized or unlawful access and processing of your Personal Information, and against accidental loss or destruction of, or damage to, your Personal Information, and to ensure that your Personal Information is stored lawfully and securely. Examples of our security measures include:
Handling Personal Information on Behalf of UnitedHealth
- Workers who have access to Personal Information are made aware of their obligations to protect that information;
- Personal Information in paper form is kept in filing cabinets that are only accessible by authorized UnitedHealth workers on a need-to-know basis;
- Personal Information comprising occupational health records and assessments are maintained in confidential medical records, separate from personnel records, and only accessible by Enterprise Occupational Health and Safety;
- Personal Information stored electronically is only accessible by authorized personnel; and
- Printed material displaying Personal Information is disposed of securely, for example, by shredding.
When handling Personal Information on behalf of UnitedHealth, you must only process information that is necessary, adequate and relevant for legitimate purposes. You must ensure that Personal Information that identifies an individual is only kept for as long as is necessary for the purposes for which it was obtained. If you properly have access to personally identifiable information, you must not disclose any Personal Information to any other UnitedHealth worker, or to any third party except for the purposes of UnitedHealth business and the proper performance of your duties. In accordance with this policy, you must ensure that Personal Information is kept secure and confidential, and at all times comply with UnitedHealth’s other policies relating to confidentiality and data security.
All workers who handle Personal Information are required to comply with this policy and any other UnitedHealth policies and procedures prescribing local data security measures. All workers have a duty of confidentiality. Breaches of security and/or confidentiality will be investigated and remedied by UnitedHealth, as appropriate. Any worker handling Personal Information who knowingly or recklessly discloses that information in contravention of our policies or procedures may be subjected to disciplinary action in accordance with local procedures and applicable local law.
Please contact HRdirect at 1-800-561-0861 if you have any questions.
The effective date of this policy is July 27, 2021.
Changes to this Policy
UnitedHealth may revise this policy and the way in which it processes your Personal Information from time to time. You will be notified of any significant changes.