Applicant Privacy Notice

Back to Top

Facebook

(Applicable to California Residents)

Effective Date: January 1, 2026

Our Commitment to Privacy

Rutan & Tucker, LLP (“Rutan,” “we,” or “us”) has developed and implemented this privacy policy (“Applicant Privacy Notice”) to demonstrate its commitment to privacy for California residents who seek to become a member of Rutan’s workforce. This Applicant Privacy Notice is designed to assist applicants for employment who are California residents in understanding how we collect, use, share, and safeguard personal information as part of the application process.

To Whom This Applicant Privacy Notice Applies

This Applicant Privacy Notice applies to individuals who are California residents in connection with their status as an applicant to become a workforce member with Rutan (collectively “Applicants”).  It applies to personal information that you provide to us directly through our website or email, as well as other information we receive from you or third parties (such as recruitment firms) in connection with your job application. The policy explains how we may use personal information about job applicants, the rights you have, and whom to contact for more information. Please read it carefully.

 

Except as may be specifically required by law, this Applicant Privacy Notice does not apply to information available from a public source (such as a telephone directory) or to aggregated or de-identified information we may collect about our applicants. 

What Personal Information We Collect

Depending on your specific interactions with us, we may receive and use the following information about you: 

  • Application Information. If you submit a physical or electronic application for employment using a website, recruitment portal, via email, or otherwise, we will collect the personal information contained in your application. This generally includes information contained in your resume/CV, such as: name, contact information, work experience, educational history, references, qualifications, bar license information, country of origin or residency.
  • Sensitive Personal Information. Where permitted by law, you have the option to provide personal information that is considered “sensitive,” under some circumstances, such as race or ethnic origin. We collect this information for equal opportunity monitoring. You will not be prejudiced if you decide to provide this information. In addition, if you provide health information related to disabilities or work restrictions, we will also collect this information so that we may make the appropriate accommodations and arrangements.
  • Location Data. We may collect information related to your geolocation based on your IP address (when submitting information online) and your stated address or place of residency.
  •  Audio/Visual Data. If you provide photos, video submissions, leave voicemails, visit our offices or facilities, or participate in video conferencing communications with us, we may will collect audio, electronic, and visual information associated with such activities. We may also gather publicly available images associated with your social media profiles (such as your LinkedIn profile).
  • Professional Work History. We gather information about your work history and professional experience (such as certifications, specialties, and awards) if you provide it to us. We may also gather information about your work history from references you provide. 
  • Education Information. If you provide information pertaining to your education history, we will collect this information. 
  • Interview and Assessments. As part of the application process, we will collect information during interviews and assessments with you and others (such as recruiting partners and references) about you. We will collect responses and information you provide as part of such assessments and interviews. 
  • Internet/Electronic Network Activity Information. If you access or use our website, recruitment portal, physical facilities, or video conferencing platforms, those systems automatically collect information associated with your use, such as your IP address, browser and device identifiers, information associated with cookies and other technologies, and other information regarding your usage of such systems, such as access/exit times and locations, check-in status, and signature (for sign-in purposes).
  • Information from Third Parties. We may receive information from third parties associated with your application process. For example, we may receive your resume or application from a recruitment partner, references from your former employers, transcripts from universities you attend, and other information.
  • Background Check Information. Certain applicants may be subject to pre-employment background checks as part of the onboarding process. As part of this process we may receive information from third-party background check providers related to your criminal records, verifications for employment qualifications, finances, and other matters. Background checks, credit checks, and other investigatory checks will be conducted to the extent permitted by and consistent with applicable law. Background check information may not be subject to the CCPA. 
  • Information Required for Legal Compliance. If we are required by law to obtain personal information about you, such as right to work, tax, familial status, etc., we will collect such information in accordance with our legal obligations and applicable law.
  • Onboarding Information. Successful applicants who are offered employment with Rutan will undergo onboarding which will result in collection of more personal information related to the provision of employment, including tax information, Social Security Numbers, government ID numbers, right to work information (if required/permitted by local law), emergency contact information, familial information, and similar personal information associated with employment at Rutan. Additional notices regarding data collection and use practices will be provided at the time of onboarding. 

For purposes of compliance with the CCPA, in the past twelve months, Rutan has collected the following categories of personal information from applicants (as described in more detail, above): (1) identifiers; (2) characteristics of protected classifications under California or federal law; (3) internet or other electronic network activity information; (4) geolocation data; (5) audio, electronic, and visual information; (6) professional or employment-related information; (7) education information; (8) sensitive personal information. 

How We Use Applicant Personal Information

We use the personal information we collect as follows:

  • To Process Employment Applications and Onboard New Hires. We collect most personal information to evaluate your candidacy, including to open and maintain Applicant files, communicate with you, conduct employment related background screening and checks, and evaluate your application.
  • Recruiting and Applicant Communications. We use personal information to communicate with you as part of the candidacy process and as part of your workforce relationship with us.  Personal information may be used to evaluate career development, consider Applicants for roles and positions, and to communicate company policies. 
  • For Diversity and Equal Opportunity Monitoring. We collect certain categories of personal information for equal opportunities monitoring. 
  • To Conduct Evaluations. We collect and review your personal information from multiple sources to assess your suitability for employment or work with Rutan.  This may include obtaining pre-employment background checks. 
  • Safety and Security Purposes. We process personal information to ensure the safety and security of Rutan, its property, and others, and for the prevention, detection, or investigation of fraud, suspected or actual illegal activity, or other misconduct, and the resultant harms or impacts to individuals.
  • Travel and Entertainment. We use personal information to ensure the proper capture and reimbursement of travel, personal, and other expenses, if offered to you as part of the application process. 
  • Enforcement of our Company Policies. We use personal information to support and maintain compliance with our company policies, procedures, and operations. 
  • Required Disclosures. We may disclose personal information to comply with applicable legal and regulatory requests and obligations including investigations. 
  • Legal Defense. We may process personal information to establish or defend legal claims and allegations. 
  • Professional Advice. We may process personal information in connection with seeking advice from lawyers, auditors, and other professional advisors. 
  • For Similar Purposes. When necessary or advisable, we may process your personal information for purposes like those mentioned above, and consistent with the purpose for which you provided your personal information. 

How We Disclose Applicant Personal Information

The purpose for which personal information will be collected and processed will be consistent with your role as an applicant for employment with Rutan. 

Collecting Personal Information

The following is a list of the categories of recipients of personal information from Rutan. 

  • Applicant Recruiting Partners. These are the persons or entities who assist in facilitating recruitment and review of potential applicants. These entities include recruiting firms, job search services, social media companies (such as LinkedIn), and professional recruiting agents. 
  • References. We may share personal information with other persons or entities whose references you provide, including past employers, educational institutions, professional bodies, personal references, former colleagues, and others.
  • Human Resources Service Providers. We share personal information with the persons or entities who assist in providing human resources and workforce management services, including background check providers, human resources software services providers, insurance providers, governmental entities, and similar entities. 
  • Business Services Providers. These are those persons or entities with whom we have a relationship to provide business operations services and support to Rutan. These providers may include the following:
  • IT Operations Providers. These include cloud computing service providers, internet service providers, data backup and security providers, functionality and infrastructure providers, and similar service providers.
  • Professional Service Providers. These include lawyers, accountants, consultants, security professionals, and other similar parties when disclosure is reasonably necessary to comply with our legal and contractual obligations, prevent or respond to fraud or abuse, defend ourselves against attacks, or protect the rights, property, and safety of us, our customers, and the public.
  • Operations Providers. These include service providers with whom we partner to provide day-to-day business operations, including real estate advisors, office administrators, food services providers, banks, or facilities management providers. 
  • Legally Required Parties. Persons to whom we are required by law to provide information, such as pursuant to a subpoena or a court order or to a regulatory authority.
  • Reorganization Recipients. Persons involved in the consideration, negotiation, completion of a business transaction, including the sale, merger, consolidation, acquisition, change in control, transfer of substantial assets, bankruptcy, or reorganization, and any subsequent integration.
  • Authorized Recipients. Any party when authorized by the individual to whom it pertains to share it. 

Data Transfers

Rutan is located and operates in the United States. By submitting personal information to us, you understand that we may transfer your personal information to a country foreign to you, including the United States, for processing. The laws that apply to the use and protection of personal information in the United States, or other countries or jurisdictions in which we transfer or process personal information, may be different from the laws and protections in your country. These transfers may include transfers to our service providers located in foreign jurisdictions. 

Retention of Personal Information

We will retain personal information only for so long as necessary to fulfill the purposes for which we collected it, including for the purposes of satisfying any legal, accounting, or reporting requirements. To determine the appropriate retention period for personal information, we consider: (i) the amount, nature, and sensitivity of the personal information; (ii) the potential risk of harm from unauthorized use or disclosure of your personal information; (iii) the purposes for which we process your personal information and whether we can achieve those purposes through other means; and (iv) the applicable legal requirements. In some circumstances, you may ask us to delete your personal information. Additionally, we may anonymize your personal information (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you. 

How We Protect Personal Information

We have implemented and maintain reasonable security procedures and practices, appropriate to the nature of the information, to protect your personal information from unauthorized access, destruction, use, modification, or disclosure. However, no security measure is perfect, so we cannot guarantee the security of your personal information. Periodically, our operations and business practices are reviewed for compliance with policies and procedures governing the security, confidentiality, and quality of our information. In general, our business practices limit employee access to confidential information and limit the use and disclosure of such information to authorized persons, processes, and transactions. 

Your Privacy Rights

California residents have certain rights under the CCPA. For information on how to exercise these rights, please see below. 

    • Right to Know/Access/Portability. Under the CCPA, the right to know/access includes the right to request certain disclosures about our practices (such as the categories of personal information collected, categories of sources, purposes for collection, and categories of recipients), and may also include access to the specific pieces of personal information we have collected about you. You may also request to receive your personal information (or a copy of it) in a portable and, to the extent technically feasible, readily usable format.
    • Right to Delete. You may request deletion of personal information we maintain about you. We may decline or narrow deletion requests where retention is necessary to provide legal services, comply with law and professional obligations (including recordkeeping), preserve matter files, maintain privilege and confidentiality, detect and prevent fraud or security incidents, comply with legal holds, or establish, exercise, or defend legal claims. In some cases, we may deidentify information instead of deleting it.
    • Right to Correct. You may request correction of inaccurate personal information we maintain about you, taking into account the nature of the information and the purposes for which it is processed. We may limit correction where the information must be maintained as part of an official record (e.g., timekeeping, billing, compliance records), where we cannot verify the requested change, or where changing the record could conflict with legal obligations or the integrity of a matter file. We may note a dispute or provide a supplemental statement where appropriate.
  • Right to opt out of Sale or Share for Targeted Advertising. You have the right to opt out of the “Sale” or “Share” of your personal information. However, the Firm does not Sell or Share your personal information in the context of your application. We also do not knowingly Sell or Share the personal information of consumers under 16.

The limitation of Selling and Sharing of personal data does not prevent us from disclosing personal information to service providers/contractors for business purposes, or from disclosures necessary to provide legal services, comply with law, maintain security, or otherwise operate our business consistent with applicable law. Likewise, the following are not considered a “Sale” or “Sharing”: (a) disclosures made to others at your direction; (b) disclosures made as part of a corporate transaction (described above); (c) disclosures made within the Firm; and (d) disclosures required or permitted by applicable law. 

  • Right To Limit Use and Disclosure Of Sensitive Personal Information. We only process Sensitive Personal Information for purposes that are exempt from consumer choice under the CCPA. We may use or disclose sensitive personal information as necessary to provide legal services, comply with law and professional obligations, maintain security, prevent fraud, and for other permitted purposes under applicable law.
  • Rights to Restrict Automated Decision-making.  We do not engage in automated decision-making that would require notice or opt-in or opt-out under applicable the CCPA.
  • Right to Non-discrimination. You have the right not to receive discriminatory treatment for exercising your privacy rights. The firm will not discriminate or retaliate against you for exercising your privacy rights. 

How to Submit a Request

You or your lawfully designated agent may submit a request to exercise your privacy rights by emailing us at privacy@rutan.com or calling (toll free): 866-491-0580. In your request, please include: (i) your full name, (ii) the state where you reside, (iii) the nature of your request (e.g., access/know, delete, correct), and (iv) sufficient detail for us to locate the relevant information (for example, the email address used to communicate with us and the approximate timeframe of your interactions).

You may appoint an authorized agent to submit certain requests on your behalf. We will require proof that the agent is authorized to act for you and may also require you to verify your identity directly with us and/or confirm that you provided the agent permission to submit the request.

How We Process Requests

  1. Intake. Upon receipt, we will log your request, determine which law(s) may apply based on your residency and the context of our interactions, and identify any legal, ethical, or professional obligations that may limit or shape our response (including attorney-client privilege and confidentiality obligations).
  2. Verification of Identity. To protect your information, we will take reasonable steps to verify your identity before responding to certain requests (such as access/know, deletion, or correction). Verification steps may include: (a) Matching information you provide (e.g., name, email address, phone number, matter reference, interaction timeframe) to information in our records; (b) Requesting additional information only as reasonably necessary to verify you; and/or (c) Using a risk-based approach depending on the sensitivity of the information requested. If we cannot verify your identity (or the authority of an agent), we may deny the request or limit the information we provide.
  3. Processing. We respond to verifiable consumer requests within the timeframes required by applicable law. For example, California generally provides 45 days to respond to certain requests, with a permitted extension (typically up to an additional 45 days) when reasonably necessary and with notice. We will notify you before the end of the initial statutory deadline if we need additional time to respond. 
  4. Response. We may respond to your verifiable consumer request by providing the requested information or taking the appropriate action (e.g., deletion or correction) and providing you with notice that we have done so. We may deny a request (in whole or part) where permitted by law, including where: (a) We cannot verify identity or agent authority; (b) The request is subject to an exemption or exception (e.g., privileged/confidential information, compliance and recordkeeping obligations, security, fraud prevention, or legal claims); or (c) The Firm is not subject to the asserted law and elects, in its discretion, not to honor the request. We will explain the basis for our decision to the extent required by applicable law.
  5. Appeal. If your request is denied, and where applicable law provides you such a right, you may appeal by contacting us at privacy@rutan.com with the subject line “Privacy Rights Request Appeal” (or by calling 866-491-0580). We will review and respond to appeals as required by applicable law. 

Limitations on Our Responses

In handling personal information and responding to privacy requests, the Firm will act in a manner intended to comply with applicable law and to protect the rights and interests of others. Accordingly, we may deny, limit, or condition a request where fulfilling it would (i) violate applicable law, court rules, or professional responsibility obligations; (ii) impair legal privileges or confidentiality obligations; (iii) interfere with the Firm’s ability to provide legal services; (iv) compromise the security or integrity of our systems; or (v) adversely affect the rights, privacy, or safety of other individuals, including our clients, personnel, and third parties. Where feasible and permitted by law, we may provide a partial response, redact information, or provide information in an alternative form to address these considerations. In responding to privacy requests, we may take steps and apply limitations that are permitted by applicable law and appropriate to protect individuals, our clients, and the Firm. For example:

    • Security and fraud prevention. We may deny or limit a request if we cannot reasonably verify your identity or authority, if fulfilling the request would create an undue risk of fraud, identity theft, or unauthorized access, or if we must take additional steps to safeguard personal information.
    • Protection of privileged and confidential information. As a law firm, we may withhold, redact, or decline to produce information that is protected by the attorney-client privilege, attorney work product doctrine, duties of confidentiality, court rules or orders, or that would adversely affect the rights and freedoms of others.
    • Repeated or excessive requests. We may limit the frequency of responses, decline to respond to requests that are manifestly unfounded, excessive, repetitive, or that request information beyond what is required by law, or provide a more limited response where permitted.
    • Disproportionate effort or technical feasibility. Where allowed, we may decline to take action or may narrow the scope of a request if fulfilling it would require disproportionate effort, would be technically infeasible, would compromise the security or integrity of our systems, or would require us to retain additional information solely to identify you.
    • Fees and cost considerations. Where permitted by law, we may charge a reasonable fee (or decline the request) if it is manifestly unfounded or excessive, or if applicable law otherwise allows fees (for example, for certain duplicative requests). If a fee applies, we will explain the basis and provide an estimate before proceeding.
  • Legal and operational constraints. We may retain information as required or permitted by law (including record retention requirements, legal holds, and compliance obligations), and we may provide responses in an alternative form (e.g., through secure delivery methods, summaries, or redactions) to address security, confidentiality, and legal requirements.

Where we deny a request or limit our response, we will explain the reason to the extent required by applicable law.

Contact Us Regarding Your Privacy Rights

If you would like additional information related to your privacy, please email us at privacy@rutan.com. Please submit your CCPA rights requests using the methods described above.

Updates to Our Applicant Privacy Notice

We may update this Applicant Privacy Notice from time to time. If we make changes, we will notify you by revising the date at the top of this Applicant Privacy Notice and, in some cases, we may provide you with additional notice (such as adding a statement to our website homepage or sending you a notification).