Introduction

This notice is for California employees, applicants, and other individuals pursuant to the California Privacy Rights Act (“CPRA”) and supplements the information contained in our Privacy Policy (https://corporate.monro.com/privacy-policy/).

The Categories of Personal and Sensitive Personal Information That Monro has Collected in the Past 12 Months

Monro collects the following information from employees and applicants:

  • Identifiers, such as name, government-issued identifier (e.g., Social Security number), and unique identifiers (e.g., employee ID).
  • Personal information, such as real name, signature, SSN, physical characteristics or description, address, telephone number, driver’s license or state identification card number, federal identification authorizing work in the United States, education, employment, employment history, bank account number, other financial information, medical information, or health insurance information.
  • Characteristics of protected classifications under California or federal law, such as age, marital status, gender, sex, race, color, disability, citizenship, primary language, immigration status, military/veteran status, disability, request for leave, and medical conditions.
  • Internet or Other Electronic Network Activity Information, including browsing history, search history, application access location and information regarding an employee’s interaction with an internet website, application or advertisement, time and geolocation data related to use of an internet website, application or physical access to a Monro location.
  • Professional or employment-related information, such as work history and prior employer.
  • Inferences drawn from any of the Personal and Sensitive Personal Information listed above to create a profile or summary about, for example, an individual’s preferences and characteristics.
  • Information concerning employment benefits, beneficiaries, and emergency contact information.
  • Commercial information such as products or services purchased or obtained when employees and applicants are also Monro customers.
  • Audio, electronic, or similar information such as incoming recorded customer calls and recorded virtual meetings.

The Categories of Sources Monro Uses to Collect Personal and Sensitive Information

  • Directly from you.
  • From your use of our website or systems.
  • From third parties as it relates to your employment or benefits.
  • From others you authorize to provide information, such as your references.

The Business Purposes for Monro's Collection of Personal and Sensitive Personal Information

Monro may use Personal and Sensitive Personal Information:

  • Administer Benefits, such as medical, dental, optical, commuter, and retirement benefits, including recording and processing eligibility of dependents, absence and leave monitoring, insurance and accident management, and provision of online total reward information and statements.
  • Pay and Reimburse for Expenses, including salary administration, payroll management, payment of expenses, administration of other compensation-related payments, including assigning amounts of bonus payments to individuals, and administration of payments.
  • Conduct Performance-Related Reviews, including performance appraisals, skills monitoring, promotions, and staff re-structuring.
  • Provide Our Employees with Human Resources Management Services, including providing employee data maintenance and support services, administration of separation of employment, approvals and authorization procedures, and administration and handling of employee claims.
  • Maintain Your Contact Information, including altering your details at Monro.
  • Assist You in Case of Emergency, including maintenance of contact details for you and your dependents in case of personal or business emergency.
  • Monitor Eligibility to Work in the U.S., which means monitoring and ensuring compliance of employees’ ability to work in the United States.
  • Facilitate Better Working Environment, which includes conducting staff surveys, providing senior management information about other employees, and conducting training.
  • Ensure a Safe Working Environment, which includes Monro actions relating to disciplinary actions, and code of conduct processes and investigations.
  • Maintain Security on Websites and Internet Connected Assets, which includes hosting and maintenance of computer systems and infrastructure, management of Monro’s software and hardware computer assets, and systems testing.
  • Comply with Applicable Law or Regulatory Requirements, such as legal (state and federal) and internal company reporting obligations, including headcount, management information, demographic and Health, Safety, Security and Environmental reporting.

Disclosure of Personal Information

Monro may disclose your information if needed to comply with a court order, law, legal proceeding, or request from the government. Monro also reserves the right to disclose your information if we have the reasonable belief that such disclosure is fundamental to the safety of individuals associated with Monro or others unaffiliated with the company, or to report or investigate fraud or a crime.

Monro may disclose your information to third party processors, such as providers of human resources software and services, benefit plans, administrators, and others necessary for Monro’s administration of the employment and application process.

Monro reserves the right to transfer any information we have about you in the event we sell or transfer all or a portion of our business or assets. Should such a sale or transfer occur, we will use reasonable efforts to require that the transferee use personal information collected concerning consumers in a manner that is consistent with our Privacy Policy.

In the preceding twelve (12) months, Monro has not sold or shared any personal information, as those terms are defined in CPRA.

Your Rights and Choices

The CPRA provides California applicants and employees with certain rights. Subject to applicable law, you may have the right to know what personal information we collected about you, the right to correct inaccurate personal information that we collected about you, the right to request and obtain information about, or copies of, your personal information that we process, where we obtained your information, the business or commercial purpose for collecting your information, and the third parties with whom your information is shared. You may also be able to request a copy of personal information you have provided to us in a reasonably portable format. Your rights may also include the ability to tell us not to sell your information, if we do so. Lastly, you may ask us to delete personal information that we have collected from you, depending on the situation and applicable laws.

Deletion Request Rights

California applicants and employees have the right to request that we delete their personal information, subject to certain exceptions. Once we receive and confirm your verifiable request, we will delete (and direct our service providers to delete) such personal information from our records, unless an exception applies.

Monro may deny a deletion request if certain exceptions apply under CPRA.

Exercising Access, Data Portability, and Deletion Rights

Residents of California may make a request to exercise these rights by contacting us at 1-(800)-876-6676, by e-mailing us at privacy@monro.com, or by visiting https://corporate.monro.com/contact/ and selecting “Privacy Inquiry” in the “Subject” drop down menu.

Upon receipt of a request to exercise your rights, we may request additional information in order to verify your identity. You may also be required to confirm your identity under relevant law or regulation. To the extent possible, we will utilize information already in our possession to verify your identity. Any information you provide in connection with such verification will be deleted as soon as practicable following your request and not used for any other purpose.

You may designate an authorized agent to make a request on your behalf. If you submit a request through an authorized agent, we may require that the authorized agent provide proof that the authorized agent has been authorized by you to act on your behalf and may still require you to verify your identity in accordance with the above and directly confirm that you provided the authorized agent with permission to submit the request.

Response Timing and Format

We will confirm receipt of a request within ten (10) days of receipt of such request. We will then endeavor to respond to a verifiable request within forty-five (45 days of its receipt. We may deny the request if we are unable to verify your identity within this forty-five (45) day period. If we require more time, we will inform you of the reason and extension period in writing. We will deliver our written response by mail or electronically, at your option. Any disclosures we provide will only cover the 12-month period preceding the verifiable request’s receipt. The response we provide will also explain the reasons we cannot comply with a request, if applicable. For data portability requests, we will select a format to provide your personal information that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance, specifically by electronic mail communication.

We do not charge a fee to process or respond to your verifiable request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.

Non-Discrimination

Monro will not discriminate against you for exercising any of your CPRA rights. Unless permitted by the CPRA, Monro will not discriminate in making employment decisions.

Contact Us

If you have any questions or concerns about this Policy, or how Monro protects your personal information, please feel free to contact privacy@Monro.com. To print out a copy of this Policy, click here.

Effective Date

This policy was last updated on January 16, 2023.