TRS | Privacy Policy

This policy explains how personal information is collected, stored and protected in TRS.

Effective Date: April 21, 2026 · Last Updated: April 21, 2026 · Version 1.0

1. Introduction and Scope

This Privacy Policy (the "Policy") describes how The Recruiting Software Inc., a Delaware corporation ("TRS," "we," "us," or "our") collects, uses, discloses, retains, and otherwise processes Personal Information in connection with the TRS Platform and the related websites, online services, mobile interfaces, APIs, webhooks, integrations, telephony channels, and communications (collectively, "the Services"). This Policy is provided to satisfy the notice obligations of the California Consumer Privacy Act as amended by the California Privacy Rights Act (collectively "CCPA/CPRA") and the analogous comprehensive privacy Laws of other United States states, and is intended to operate concurrently with applicable Laws of general application.

Because the Services operate in a business-to-business-to-consumer model, this Policy addresses Personal Information concerning three categories of individuals: (a) drivers, applicants, candidates, owner-operators, and similar individuals whose Personal Information is processed through the Services (collectively, "Drivers"); (b) individuals who use the Services as representatives or employees of Subscribers (collectively, "Authorized Users"); and (c) website visitors, prospects, leads, event attendees, and similar persons interacting with our marketing properties (collectively, "Prospects"). Unless context requires otherwise, references to "you" or "your" refer to any of the foregoing.

Capitalized terms used but not defined in this Policy have the meanings ascribed in our Terms and Conditions (available at https://therecruitingsoftware.com/terms-and-conditions).

IMPORTANT ROLE NOTE.

When we provide the Services to a Subscriber, the Subscriber (not TRS) is typically the "controller" or "business" with respect to Drivers' and Authorized Users' Personal Information. We process such Personal Information as a "service provider," "processor," or "vendor" on Subscriber's behalf and for the limited and specified business purposes authorized by Subscriber and consistent with Law. If you are a Driver seeking to exercise a right under applicable Law with respect to data held by a Subscriber, please contact that Subscriber directly. Nevertheless, we have designed the Services with individual-privacy protections and will reasonably assist Subscribers and individuals in the exercise of their rights.

2. Summary of Key Points

This summary is provided for convenience. It is not a complete statement of our practices and does not replace the detailed provisions below. In the event of conflict, the detailed provisions control.

We process Personal Information about Drivers, Authorized Users, and Prospects in order to deliver an applicant-tracking and recruiting platform for the United States trucking industry.
We collect a broad range of categories of Personal Information, including categories that may be characterized as Sensitive Personal Information (for example, driver's-license numbers, citizenship or immigration status, Background Check data, health-related fitness-for-duty data, and, if you permit, Biometric Information).
We use artificial-intelligence and machine-learning features, including call recording and conversational analytics, document extraction, candidate scoring, and related inferences. These outputs are intended as decision-support tools; they are not the sole basis for any significant decision.
Where Subscribers permit, we may use Customer Data in de-identified and aggregated form to operate, improve, and benchmark the Services, and to train, tune, and evaluate our machine-learning models. We do not sell Personal Information to unaffiliated third parties for advertising purposes.
We maintain reasonable administrative, technical, and physical safeguards, but no system can guarantee perfect security.
We retain Personal Information for as long as needed for the purposes described in this Policy, to meet legal and regulatory obligations (including motor-carrier recordkeeping), and to defend legal claims.
Depending on your state of residence and your role, you may have rights to access, correct, delete, port, limit use of sensitive Personal Information, opt out of sale, sharing, profiling, or automated-decision-making, and appeal a denial. See Section 17.

3. Definitions

"Personal Information" means information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular natural person or household. "Sensitive Personal Information" has the meanings given to it by applicable Laws, including Cal. Civ. Code § 1798.140(ae). Other capitalized terms are defined in context or in the Terms.

4. Categories of Personal Information We Collect

We collect the following categories of Personal Information. Not every category is collected about every individual; the categories collected depend on the feature used and the data provided. Categories correspond to those enumerated in Cal. Civ. Code § 1798.140 and are mapped to analogous categories under other state Laws.

4.1 Identifiers

Full name; preferred name; prior names and aliases; postal and residence address; mailing address; email address; telephone number(s); unique personal identifier; online identifier; Internet Protocol address; account name and credentials; cookie identifiers; device identifiers; social-media handles; session identifiers; single-device session tokens; government-issued identifiers (including driver's-license number, state, class, endorsements, restrictions; commercial driver's-license number; passport or work-authorization identifier where collected); DOT number and motor-carrier identifiers (for Subscriber and where driver serves as a motor carrier); and similar identifiers.

4.2 Customer Records (Cal. Civ. Code § 1798.80)

Signature; physical characteristics or description; address; telephone number; education; employment history; bank account or payment information (for Subscribers and indirectly for payroll-adjacent features, if any); and insurance-policy information.

4.3 Characteristics of Protected Classes

Age (derived from date of birth); sex; gender identity (where voluntarily provided); citizenship or immigration status (where collected for work-authorization verification); disability (as relevant to reasonable-accommodation or medical-certificate processes); veteran or military status; race or ethnicity (where voluntarily provided for affirmative-action, EEO-1 reporting, or similar purposes). Such information is collected only where permitted and needed, and is treated as Sensitive Personal Information where applicable.

4.4 Commercial Information

Records of employment offers, applications, lease-on inquiries, interview outcomes, sourcing channels, referral information, compensation expectations, job-preferences, and similar information.

4.5 Biometric Information

Where Subscribers enable biometric features (which are currently disabled by default), we may process voiceprints, facial-geometry data, fingerprint data, or similar identifiers for identity verification, fraud detection, or analytics. We do not currently use voiceprints for identification, but we reserve the right to do so consistent with Law and with notice.

4.6 Internet or Other Network Activity

Browsing history on our websites; clickstream on the Services; interaction with emails, messages, and notifications; session duration; log data; device logs; session replays (where enabled); referral source; and similar data.

4.7 Geolocation Data

General geolocation inferred from IP address. We do not currently collect precise geolocation (defined as location within a radius of 1,750 feet) except where provided voluntarily through device settings; if we do collect precise geolocation in the future, we will treat it as Sensitive Personal Information.

4.8 Audio, Electronic, Visual, or Similar Information

Telephone-call audio (both inbound and outbound) where Subscriber has enabled recording; transcripts; voicemail audio; video-conference recordings (if the feature is enabled); profile photographs; document scans (including CDL, medical certificate, prior-employer forms); SMS and messaging content; chat content; and similar media.

4.9 Professional or Employment-Related Information

Work history (including the 10-year CMV employment history required by 49 C.F.R. § 391.21); prior employer contact information; safety-performance history obtained under § 391.23; licenses; endorsements; restrictions; accident history; violations; suspensions; revocations; drug-and-alcohol program data (including Clearinghouse query results with appropriate consent); PSP data; MVR data; Consumer Report data; qualifications; training records; DOT physical card data; return-to-duty information; workers' compensation or injury information (where voluntarily disclosed and relevant).

4.10 Education Information

Training-school attendance, graduation, or certification, where voluntarily disclosed.

4.11 Inferences

Inferences drawn from the above information to create a profile reflecting preferences, characteristics, behavior, attitudes, intelligence, abilities, and aptitudes, including scoring, ranking, probability-of-hire, predicted retention, conversation-quality measures, sentiment/tone indicators, recommended next actions, and risk flags. Inferences are generated by the Platform using rule-based, statistical, and AI methods.

4.12 Sensitive Personal Information

We collect certain categories that are Sensitive Personal Information under Cal. Civ. Code § 1798.140(ae) or comparable Laws, specifically: Social Security number (only where required, for example for certain state pre-employment screening or tax-identification flows); driver's-license and state-issued identification card numbers; account login credentials in combination with any password or security question; precise geolocation (if enabled); racial or ethnic origin; citizenship or immigration status; religious beliefs; union membership (where voluntarily provided); contents of communications where we are not the intended recipient (for example, SMS and email content routed through the Services); genetic data (not collected absent an express feature); Biometric Information used for identification purposes (only where enabled); and personal health information (such as medical-examiner certificate status). We do not use Sensitive Personal Information for the purpose of inferring characteristics about a consumer beyond what is reasonably necessary and proportionate to the Services, and we honor any 'limit use of my sensitive personal information' requests.

5. Sources of Personal Information

Directly from you — via website forms, lead forms, applications, account registration, onboarding workflows, document uploads, SMS, email, telephone calls, uploaded resumes, chat messages, profile updates, and correspondence with our support team.
From your employer or prospective employer — Subscribers upload, import, or synchronize your Personal Information into the Services.
From public records and government databases — including SAFER, CDLIS, PSP, the FMCSA Clearinghouse (with your consent), state motor-vehicle departments, and similar sources, as well as data obtained from Consumer Reporting Agencies authorized by you or the Subscriber.
From third-party data sources — including background-check providers, MVR providers, lead-generation platforms, advertising and marketing partners, referral sources, job boards, resume databases, and publicly available business information.
From cookies, pixels, SDKs, and similar technologies — see Section 14.
From telephony and messaging providers — including RingCentral and similar service providers.
From our own generation and inference — including audio transcripts, summaries, scores, and AI-generated outputs.

6. Purposes of Processing and Legal Bases

We process Personal Information for the following business and commercial purposes:

To provide, operate, maintain, and improve the Services.
To authenticate users and maintain security, including fraud prevention, credential protection, malicious-actor detection, and platform integrity.
To enable Subscribers to source, contact, qualify, screen, evaluate, hire, and onboard Drivers, consistent with the Subscriber's role as employer or prospective employer.
To enable Subscribers to construct, maintain, retain, and produce Driver Qualification Files and related motor-carrier records required by 49 C.F.R. Part 391.
To route, record, transcribe, summarize, and analyze calls (where Subscriber has enabled recording with all-party consent).
To deliver messaging (SMS, MMS, RCS, email, voice, push) on behalf of Subscribers and to maintain opt-out, revocation, and quiet-hours compliance.
To analyze the performance and activity of the Services and of Authorized Users' use of the Services (for example, recruiter productivity and pipeline analytics).
To deliver AI-powered Features, including candidate scoring, document extraction, lead prioritization, and conversational analytics.
To generate de-identified and aggregated benchmarks, research, and market insights.
To train, tune, validate, evaluate, and operate our machine-learning models, where permitted.
To support, troubleshoot, and debug the Services.
To administer billing and payments (via third-party billing processors such as Outseta).
To communicate with users, including transactional, support, security, legal, and marketing communications.
To market our Services to prospective customers and to deliver event, webinar, and newsletter invitations.
To comply with legal obligations, respond to subpoenas and governmental requests, and enforce legal claims.
To protect the rights, property, and safety of TRS, our users, and the public.
To conduct due diligence for mergers, acquisitions, divestitures, financings, reorganizations, and similar corporate transactions, subject to confidentiality.

7. Automated Decision-Making and Profiling

The Services employ automated processes to organize, prioritize, score, classify, route, and summarize Personal Information. Some of these processes involve profiling (as that term is used in the CCPA/CPRA, the Colorado Privacy Act, and analogous Laws). Where applicable Law grants rights to opt out of profiling for decisions that produce legal or similarly significant effects (including employment decisions), Subscribers are responsible for honoring such opt-outs with respect to their own processing; we will reasonably assist Subscribers.

Types of automated processing include: lead-intake de-duplication; source-of-lead attribution; lead scoring and prioritization; call-routing; call-recording and transcription; conversation analytics including sentiment, tone, topic, and event detection; CDL and document optical character recognition and entity extraction; candidate ranking or matching; retention-probability estimation; fraud-risk scoring; pipeline conversion forecasting; and recruiter productivity analytics.

Human review is available for any material decision that might be influenced by automated processing. Drivers or Authorized Users affected by a significant decision may contact the relevant Subscriber to request human review. Where we are the business under applicable Law, Drivers may submit a request to the contact information in Section 23.

8. Artificial Intelligence, Machine Learning, and Training Data

TRS uses artificial-intelligence technologies internally developed or obtained from third-party model providers to deliver Features. Where we use third-party model providers (for example, commercial large-language-model providers or speech-analytics providers), we configure our arrangements so that providers are prohibited from using Customer Data to train their general-purpose models.

Subject to the limitations below, we may use Personal Information in de-identified, aggregated, or otherwise anonymized form to train, tune, validate, and evaluate our machine-learning models; to benchmark performance; to prevent abuse; and to improve the Services. We implement reasonable measures to minimize the risk that such models inadvertently memorize identifiable information.

Subscribers may opt out of having their Customer Data used for our machine-learning training programs by written notice to support@therecruitingsoftware.com. Opting out does not prevent operational uses of Personal Information or the use of Service Data and Aggregated Data no longer reasonably capable of identifying an individual.

9. Call Recording and Conversational Analytics

Where Subscribers have enabled telephony integration, the Services may record inbound, outbound, and internal calls. By default, calls are configured to operate in an all-party consent mode. You will hear a recording-notice at the beginning of the call. If you do not consent to being recorded, you may end the call. Continuing on the call after the notice constitutes consent where permitted by Law.

Call content, metadata, transcripts, and derived analytics (including summaries, event tags, sentiment and tone indicators, and keyword detections) may be used to operate the Services, coach recruiters, evaluate performance, investigate complaints, detect fraud, and improve features. Analytics are advisory and are not a substitute for human judgment in any employment-related decision.

Where Subscribers disable recording or where recording is not permitted in a particular jurisdiction, the Services will not record the call.

10. Biometric Information

We do not currently collect Biometric Identifiers or Biometric Information for identification purposes. If a Subscriber enables, or we enable, a Feature that processes Biometric Information (for example, voiceprints for speaker identification or facial-geometry data for identity verification), we and the Subscriber will comply with the written-release, retention-schedule, destruction, and non-sale obligations of BIPA (740 ILCS 14/), the Texas Capture or Use of Biometric Identifiers Act (Tex. Bus. & Com. Code § 503.001), RCW 19.375, the NYC Biometric Identifier Information Law, Washington's My Health My Data Act, and other applicable Laws.

If we begin collecting Biometric Information, we will publish a Biometric Information Retention and Destruction Schedule at https://therecruitingsoftware.com/legal/bipa. Such data will be destroyed when the initial purpose for collection has been satisfied or within three (3) years of the individual's last interaction with the Services, whichever occurs first, except as required by Law.

11. Workforce and Recruiter Behavior Analytics

We collect data about how Authorized Users use the Services to provide insights to Subscribers about recruiter productivity, pipeline conversion, response times, call quality, and similar operational metrics. This data may include login and logout times, application usage events, click paths, call outcomes, call duration, talk-listen ratios, SMS and email cadence, message templates used, and related telemetry. Subscribers are responsible for providing any employee-monitoring notices required by Law (for example, New York Civil Rights Law § 52-c or Connecticut Gen. Stat. § 31-48d).

12. Disclosures of Personal Information

We disclose Personal Information, subject to contractual and legal safeguards, to the following categories of recipients:

Subscribers — who are typically the business/controller and the prospective employer.
Service providers and processors — including cloud-infrastructure providers, database providers, monitoring providers, email-delivery and SMS providers, telephony providers (including RingCentral), payments and subscription-management providers (including Outseta), AI and speech-analytics providers, lead-intake providers, and similar vendors.
Third-party data sources with your authorization — including Consumer Reporting Agencies, MVR providers, the FMCSA Clearinghouse, PSP, and similar sources.
Analytics providers — for operation and improvement of the Services.
Government authorities — in response to lawful requests, subpoenas, and court orders.
Professional advisers — including attorneys, auditors, and consultants bound by confidentiality.
Acquirers and investors — in the context of due diligence, financings, mergers, acquisitions, reorganizations, and similar transactions, subject to confidentiality.
Other parties with consent or at your direction.

13. Sale and Sharing of Personal Information

We do not sell Personal Information in exchange for monetary consideration to unaffiliated third parties for their independent marketing purposes. In the twelve (12) months preceding the Last Updated date of this Policy, we have not sold Personal Information and have not shared it for cross-context behavioral advertising as those terms are used in the CCPA/CPRA.

We may share Personal Information with analytics and advertising partners in connection with our own marketing activities (for example, to measure the effectiveness of our marketing campaigns). Where such sharing could constitute 'sharing' under the CCPA/CPRA, we honor opt-out requests and Global Privacy Control signals as described in Section 18.

14. Cookies, Pixels, SDKs, and Similar Technologies

We and our service providers use cookies, pixels, beacons, tags, local storage, session storage, software development kits, and similar technologies (collectively, "Tracking Technologies") on our websites and in the Services to: (a) operate and secure the Services; (b) remember preferences; (c) authenticate sessions; (d) measure performance; (e) deliver analytics; and (f) support marketing where applicable.

You can control cookies through your browser and, where available, through our cookie-preference center. Disabling cookies may impair Service functionality.

15. Retention

We retain Personal Information for the period necessary to fulfill the purposes described in this Policy, to comply with Law (including 49 C.F.R. §§ 391.51, 382.703, 391.25(c)(2), and similar rules), to comply with Subscribers' retention policies, to defend legal claims, and to enforce our agreements. Because Subscribers are often the controller, retention of Customer Data is generally governed by Subscribers' instructions and retention schedules, subject to overriding legal obligations.

General retention guidelines (which may be overridden by controller instructions or Law):

Account and authentication records: duration of the account plus up to three (3) years.
Driver application and lead records: up to five (5) years after application submission unless extended by Subscriber.
Driver Qualification File records: as directed by the Subscriber in accordance with 49 C.F.R. § 391.51(d).
Motor vehicle record data: three (3) years after receipt, subject to DPPA re-disclosure logs retained for five (5) years (18 U.S.C. § 2721(c)).
Clearinghouse consent and query records: three (3) years (49 C.F.R. § 382.703).
Call recordings and transcripts: as directed by the Subscriber, typically two (2) to seven (7) years.
Workforce Analytics Data: up to five (5) years.
Security logs and telemetry: up to two (2) years.
Billing and tax records: seven (7) years.
Consent records (TCPA, FCRA, BIPA): for the duration required by Law plus a reasonable cushion (typically four to seven years).

16. Information Security

We maintain administrative, technical, and physical safeguards designed to protect Personal Information from unauthorized access, use, disclosure, alteration, and destruction, including encryption in transit, encryption at rest for sensitive stores, access controls, logging, vendor risk management, incident-response procedures, and employee training. No system is perfectly secure; if you believe your interaction with the Services has been compromised, contact us at support@therecruitingsoftware.com.

17. Your Rights; State-Specific Disclosures

Depending on your state of residence, you may have one or more of the following rights with respect to Personal Information: (a) right to know or access; (b) right to correct; (c) right to delete; (d) right to portability; (e) right to opt out of sale or sharing; (f) right to opt out of profiling or automated decision-making; (g) right to limit use of Sensitive Personal Information; (h) right to appeal a denied request; (i) right against retaliation or discrimination for exercising rights; (j) right to non-discrimination in pricing or services.

17.1 California (CCPA/CPRA)

California residents have rights to know, correct, delete, limit use of Sensitive Personal Information, opt out of sale or sharing, and opt out of automated decision-making technology for significant decisions (where applicable under the CPPA ADMT regulations once in effect). California employees and applicants have rights under the CCPA/CPRA following the sunset of the employee-data exemption on January 1, 2023. The categories of Personal Information collected, sold, shared, and disclosed in the preceding twelve months are set forth in Sections 4, 12, and 13. We do not sell Personal Information; we may share Personal Information in limited circumstances for our own marketing. California Shine the Light (Civ. Code § 1798.83): we do not disclose Personal Information to third parties for their direct marketing purposes.

17.2 Virginia (VCDPA)

Virginia residents have rights to access, correct, delete, obtain a portable copy, opt out of targeted advertising, opt out of sale, and opt out of profiling for decisions that produce legal or similarly significant effects. The VCDPA does not apply to Personal Information processed in an employment context.

17.3 Colorado (CPA; Colorado AI Act)

Colorado residents have rights similar to those above. Where the Colorado AI Act applies (effective June 30, 2026, subject to amendment), consumers subject to a consequential decision made or substantially influenced by a high-risk AI system are entitled to notice, an explanation of the decision, and an opportunity to appeal to a human reviewer. Subscribers are responsible for compliance with these obligations; we reasonably assist.

17.4 Connecticut (CTDPA)

Connecticut residents have rights to access, correct, delete, port, opt out of targeted advertising, sale, and profiling for legal or similarly significant effects. Consumer-health-data provisions also apply in limited circumstances.

17.5 Utah (UCPA)

Utah residents have rights to access, delete, port, and opt out of targeted advertising and sale, subject to UCPA's thresholds.

17.6 Texas (TDPSA)

Texas residents have rights to access, correct, delete, port, opt out of sale, targeted advertising, and profiling.

17.7 Oregon (OCPA)

Oregon residents have rights to access, correct, delete, port, obtain a list of specific third parties to whom their Personal Information has been disclosed, opt out of sale, targeted advertising, and profiling.

17.8 Montana (MCDPA)

Montana residents have rights similar to Connecticut's.

17.9 Iowa (ICDPA)

Iowa residents have rights to access, delete, port, and opt out of sale and targeted advertising.

17.10 Delaware (DPDPA)

Delaware residents have rights to access, correct, delete, port, opt out of sale, targeted advertising, and profiling, and to obtain a list of categories of third parties to whom we disclose Personal Information.

17.11 New Hampshire

New Hampshire residents have rights similar to Connecticut's.

17.12 New Jersey (NJDPA)

New Jersey residents have rights similar to Connecticut's. The NJ Division of Consumer Affairs oversees enforcement.

17.13 Minnesota (MCDPA)

Minnesota residents have rights similar to Colorado's, and additional rights (a) to question the result of a profiling decision and (b) to have a data inventory made available.

17.14 Tennessee (TIPA)

Tennessee residents have rights similar to Connecticut's.

17.15 Maryland (MODPA)

Maryland residents have rights similar to Connecticut's, plus heightened data-minimization requirements and a prohibition on sale of Sensitive Personal Information.

17.16 Kentucky, Rhode Island, Indiana, Nebraska

Residents of these states have rights similar in scope to the above, subject to each state's effective date and thresholds.

17.17 Illinois (BIPA)

Illinois residents have rights under BIPA where Biometric Information is collected. See Section 10.

17.18 Other States

We will honor rights granted by state Law for residents of any state not expressly listed, to the extent the state Law applies to our processing of your Personal Information.

18. Opt-Out Signals; Global Privacy Control

We recognize the Global Privacy Control (GPC) signal as a valid opt-out of sale/sharing with respect to Personal Information linked to the device or browser sending the signal, where applicable Law so requires.

19. How to Exercise Your Rights

To exercise your rights, please submit a request to support@therecruitingsoftware.com or through the request form at https://therecruitingsoftware.com/legal/privacy-request. We may require verification of your identity appropriate to the sensitivity of the Personal Information involved. You may authorize an agent to act on your behalf by providing written authorization. If we deny your request, you may appeal by replying to our written denial; we will respond within the timeframe required by Law (typically forty-five (45) to sixty (60) days).

If you are a Driver whose Personal Information was submitted to us by a Subscriber, we will typically refer your request to the Subscriber, which is the controller. We will assist the Subscriber in responding as required by Law.

20. Children's Privacy

The Services are not directed to, and are not intended for use by, children under 16 years of age. We do not knowingly collect Personal Information from children under 16 without affirmative authorization as required by Law. Because U.S. commercial motor vehicle regulations generally require drivers to be at least 18 (intrastate) or 21 (interstate), with limited exceptions under the Safe Driver Apprenticeship Pilot (IIJA § 23022), we do not expect the Services to process Personal Information of individuals under 18. If you believe we have collected Personal Information from a child, please contact us at support@therecruitingsoftware.com.

21. U.S.-Only Scope and Cross-Border Transfers

The Services are designed for use in the United States. We and our service providers may transfer, store, and process Personal Information within the United States. If you access the Services from outside the United States, you do so at your own discretion and are responsible for compliance with Laws of your jurisdiction.

22. Do Not Track

We do not respond to browser-based Do Not Track signals other than as described in Section 18 regarding the Global Privacy Control.

23. Contact

For privacy-related questions, exercises of rights, or complaints, please contact: TRS Privacy Office, 8 The Green, Ste B, Dover, DE 19901, United States, email support@therecruitingsoftware.com, data-protection officer support@therecruitingsoftware.com. You may also contact your state attorney general or the California Privacy Protection Agency (https://cppa.ca.gov/) regarding potential violations of state privacy Law.

24. Changes to this Policy

We may update this Policy from time to time. Material changes will be posted at https://therecruitingsoftware.com/privacy with an updated Effective Date. Continued use after the change constitutes acceptance.

Addendum A — California Notice at Collection (Employees and Applicants)

Where TRS collects Personal Information directly from California residents who are employees or applicants of a Subscriber, this Addendum supplements the Policy in accordance with Cal. Code Regs. tit. 11, § 7012. Categories collected, purposes, retention, and rights are described in Sections 4 through 17. TRS retains each category for the period stated in Section 15, which incorporates applicable recordkeeping Laws (49 C.F.R. § 391.51; 29 C.F.R. § 1602; 26 U.S.C. § 6501). TRS does not sell or share California employee or applicant Personal Information.

Addendum B — Biometric Information Retention and Destruction Schedule

If and when we collect Biometric Identifiers or Biometric Information, we will: (a) obtain a written release signed by the subject individual; (b) retain the Biometric Identifier or Biometric Information only for the purpose(s) disclosed; (c) destroy the Biometric Identifier or Biometric Information when the initial purpose for collection has been satisfied or within three (3) years of the individual's last interaction with the Services, whichever occurs first, except as required by Law; (d) not sell, lease, trade, or otherwise profit from Biometric Identifiers or Biometric Information; (e) disclose Biometric Identifiers and Biometric Information only to the extent permitted by 740 ILCS 14/15(d); and (f) store, transmit, and protect Biometric Identifiers and Biometric Information using the reasonable standard of care within our industry, in a manner that is the same as or more protective than the manner in which we store, transmit, and protect other Confidential and sensitive information.

Addendum C — Do Not Sell or Share Disclosure

We do not sell Personal Information for monetary consideration. With respect to the narrow circumstances in which we share Personal Information for cross-context behavioral advertising, California and other state residents may opt out at https://therecruitingsoftware.com/legal/do-not-share. We also honor Global Privacy Control signals.