Associate Privacy Notice
- About this notice
CarMax (“CarMax,” “we” or “us”) offers this Associate Privacy Notice (the “Notice”) to describe our practices for handling personal information associated with our former, current, and potential employees, contractors, temporary workers, interns, and their family members and dependents (collectively, “Associates”). This Notice describes the personal information that we collect and process about Associates, the purposes of the processing, the ways in which we may share such information, a the rights that Associates may have regarding the processing of the personal information.
If you are a California resident, please refer to the section on “Your California Privacy Rights” below for information regarding our collection, use, and disclosure of personal information. - Sources of Personal Information we collect
In association with your current or former employment with CarMax, or in the course of assessing potential employment, we process personal information about you, your dependents, beneficiaries, and other individuals. We collect such information from you, your references, other Associates, service providers that process information, solely on our behalf, recruitment agencies, benefit providers, professional and certification organizations, background check providers, and social media. We also collect personal information using cookies and similar tracking technologies regarding your use of and access to CarMax information resources (e.g., communications resources, internet, networks, systems, and applications) and access to CarMax facilities, such as entry logs, video recordings of certain areas (e.g., entry to facilities). - Types of Personal Information we collect
The types of personal information we may collect are, but not limited to:
Identifiers, such as your name, driver’s license number, employee ID, home and business address, telephone/email addresses, social media handle, device identifiers, username, emergency contact details, passport number/national ID number, and other government identifiers.
Financial information, such as banking details, tax information, compensation details, withholdings, salary, benefits, and expenses.
Demographics, such as gender, age (including date of birth), marital status, military service, and disability status.
Work eligibility information, such as visa and immigration status.
Internet or other electronic network activity information associated with CarMax technology systems, networks, applications, and resources – such as IP addresses, log files, electronic communications and files, network connections, and login credentials.
Geolocation data, such as information associated with devices or equipment you use in the course of employment or while using CarMax owned vehicles.
Video recordings, in certain work areas and photographs for identification purposes.
Recordings of communications for quality control, recordkeeping, and training purposes.
Professional or employment-related information, such as a job/title, office location, employment contract, dates of service, positions held, performance and disciplinary records, grievance procedures, travel and expenses, work location preferences, investigations, complaints, sickness/holiday records, academic/professional qualifications, CV/resume, criminal records data (for vetting purposes where permissible and in accordance with applicable law), reference information, and information related to background checks.
Education information, such as degrees or certifications held, trainings and development programs attended, and assessments.
Biometrics, such as fingerprints or facial scans for purposes of facilitating access to facilities, devices or software applications or needed for professional licensing and applications.
Information that may be treated as sensitive under applicable laws, such as government identification numbers, login credentials, personal communications received or sent using our information resources, trade union memberships, biometrics, sexual orientation, and health information (e.g., for benefits or accommodation purposes).
Inferences drawn from the above.
- Purposes of processing Personal Information
Recruitment
If you apply for or are recommended for a role at CarMax, we collect, use, and share personal information for recruitment purposes – in particular, to determine your qualifications for employment and to reach a hiring decision. This includes assessing your skills, qualifications and background for a particular role, verifying your information, completing our reference checks or background checks and checking visa status and/or eligibility to work (where applicable) and to generally manage the hiring process and communicate with you about it.
If you are accepted for a role at CarMax, the information collected during the recruitment process will form part of your ongoing record.
If you are not offered a position, we may retain personal information to allow us to consider you for other suitable openings within CarMax in the future.
Employment or work-related purposes
If you are employed by CarMax, we collect, use, and share personal information for the following purposes:
Workforce management, including appraisals, promotions, succession planning, career development, and professional licensing, administering payroll, providing other compensation, providing healthcare, life insurance, and other benefit administration, social security, pensions and savings plans, training (including distribution of CarMax policies and training materials to employees), maintaining leave, transfers, and secondments; entering into and complying with employment agreements; maintaining directories, conducting investigations and resolving disciplinary or grievance issues; administering business travel; and asset collection.
Communications and emergencies, including facilitating communication with employees, providing references, protecting the health and safety of employees and others, facilitating communication in an emergency.
Operating and maintaining technology and communication systems, including for security and business continuity purposes.
Maintaining the safety and security of our facilities, assets, Associates, and others.
Budgeting, financial management and reporting.
Managing mergers, acquisitions, and re-organizations.
Responding to legal process such as subpoenas.
Pursuing legal rights and remedies and addressing litigation and managing internal complaints or claims.
Complying with legal and other requirements, such as licensing, tax, record-keeping, reporting, and audit obligations.
Monitoring and addressing compliance with applicable laws and CarMax policies and procedures.
Receiving and responding to inquiries, reports, or complaints.
Conducting audits, compliance with government inspections and other requests from government or other public or regulatory authorities and complying with internal policies and procedures.
We do not “sell” personal information associated with Associates for monetary or other valuable compensation, and we do not share personal information associated with Associates for targeted advertising purposes. And we do not engage in such practices with respect to sensitive personal information associated with individuals under 16 years of age. - How Long We Keep Your Information
We retain the personal information we collect for as long as reasonably necessary to achieve the purposes disclosed at the point of collection or in this Privacy Notice. The length of retention may vary depending upon factors such as:
* The existence of an ongoing relationship between you and us,
* Recordkeeping or legal compliance requirements,
* The need to resolve inquiries or complaints, and
* Protecting the rights on safety or you, us or others. - How do we share and disclose Personal Information?
We may share or disclose all of the categories of personal information listed above for our business purposes. The categories of recipients include:
Service providers: We engage service providers that perform services to help us administer HR and staff member compensation and benefits, facilitate our recruiting efforts, assist us with facilitating our employment relationship with you, operate and maintain our IT resources, provide date or physical security, and otherwise operate our business. Unless otherwise specified, these companies will only use your personal information in ways described in this Notice.
Benefit providers: We arrange for you to receive certain benefits from third parties, such as insurance or financial benefit companies. We share information with those parties to facilitate the provision of those services.
Consultants and advisors: We may provide personal information to consultants and advisors that help us operate and improve our business, including accountants, auditors, lawyers, insurers, and bankers.
Recipients of legal disclosures: We may disclose your personal information to law enforcement agencies, courts, other government authorities or other third parties where we believe necessary to comply with a legal or regulator obligation. We may disclose personal information as we deem reasonably necessary to support lawful investigations or requests, or as reasonably necessary to protect our rights or the rights of you or any other party.
In the context of a transaction: We may disclose personal information to potential transaction partners, service providers, advisors, and other third parties in connection with the consideration, negotiation, or completion of a corporate transaction in which we are acquired by or merged with another CarMax or we sell or transfer all or a portion of our assets or business. - Your California Privacy Rights
This section provides California residents with additional information regarding our collection, use, and disclosure of their personal information.
We do not use or disclose sensitive personal information associated with Associates for purposes other than those expressly permitted under California law.
You may have certain rights in relation to your personal information under California law, as described below and subject to certain exceptions. In the event you would like to exercise one of your rights or if you are an authorized agent submitting a request on behalf of a California resident, please visit carmax.com/privacy- policy/your- data or call (833) 987-1241. Please note that we may require additional information from you in order to honor your request, and we may decline your request as permitted under applicable law. You may also contact us using these methods to appeal any decision we make with respect to your rights requests.
Right to access and know: You may request information about the personal information that we collect, use, disclose, share and sell.
Right to deletion: You may ask us to delete personal information associated with you that we have collected.
Right to correct: You may ask us to correct inaccurate personal information that we maintain about you.
Right to be free from discrimination: Associates may freely exercise these rights without fear of retaliation. - Associate’s Obligations
Please keep your Personal Information up to date. You agree to inform your dependents whose Personal Information you provide to use about the content of this Privacy Notice. - Inquiries
If you have any questions about this Privacy Notice or our privacy practices, please send an email with your questions to privacy@carmax.com.
*Revised August 25, 2023