Effective Date: 05-13-2026
Last Updated: 05-13-2026
This Privacy Policy describes how Ōnin Staffing, LLC, and its subsidiaries and affiliates (collectively, “Ōnin Group,” “Company,” “we,” or “us”) collect and process personal information about consumers who visit our Website or otherwise interact with our services. This Privacy Policy provides a comprehensive description of our online and offline practices regarding our collection, use, sale, sharing, and retention of personal information, along with a description of the rights consumers have regarding their personal information.
Several states, including California, have enacted consumer privacy laws that grant their residents specific rights regarding personal information. We’ve structured this Privacy Policy to meet the requirements of the California Consumer Privacy Act (“CCPA”), which imposes the most detailed disclosure obligations among current state privacy laws, and we extend the core privacy rights described in this policy to all of our consumers regardless of where they reside. Where a specific right or obligation arises solely under a particular state law, we’ve noted that below. Any terms defined in the CCPA have the same meaning when used in this policy.
This Privacy Policy applies to information we collect on our website at oninstaffing.com (our “Website”), in email, text, and other electronic messages between you and the Website, and when you interact with our advertising and applications on third-party websites and services if those applications or advertising include links to this policy.
This Privacy Policy doesn’t apply to our collection and use of personal information in an employment capacity. Employees, job applicants, contractors, interns, or other workers seeking more information about our employment-related personal information policies and practices should contact Onin Human Resources.
We collect and use information that identifies, relates to, describes, references, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household (“personal information”). Personal information doesn’t include:
The chart below identifies the categories of personal information we’ve collected from consumers within the last 12 months and the criteria we use to determine how long we retain each category.
| Category | Examples | Collected | Retention Criteria |
|---|---|---|---|
| A. Identifiers. | A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, or other similar identifiers. | YES | As long as reasonably necessary to fulfill the purpose for which the information was collected, plus any legally required retention period. |
| B. California Customer Records (Cal. Civ. Code § 1798.80(e)). | A name, address, telephone number, employment, or employment history. | YES | As long as reasonably necessary to fulfill the purpose for which the information was collected, plus any legally required retention period. |
| C. Protected classification characteristics under California or federal law. | Age, race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex, sexual orientation, military and veteran status, or genetic information. | NO | N/A |
| D. Commercial information. | Records of products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies. | NO | N/A |
| E. Biometric information. | Genetic, physiological, behavioral, and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information. | NO | N/A |
| F. Internet or other similar network activity. | Activity on our Website, such as browsing history, search history, and information regarding a consumer’s interaction with our Website. | YES | As long as reasonably necessary to fulfill the purpose for which the information was collected, plus any legally required retention period. |
| G. Geolocation data. | Physical location information derived from IP address or device, such as approximate geographic location. | YES | As long as reasonably necessary to fulfill the purpose for which the information was collected, plus any legally required retention period. |
| H. Sensory data. | Audio, electronic, visual, or similar information. | NO | N/A |
| I. Professional or employment-related information. | Current or past job history, job preferences, skills, and interests provided by job seekers. | YES | Up to ten years for job applicant and talent pool data, or as long as required by applicable law. |
| J. Non-public education information (per FERPA). | Education records directly related to a student maintained by an educational institution or party acting on its behalf. | NO | N/A |
| K. Inferences drawn from other personal information. | Profile reflecting a person’s preferences, characteristics, behavior, or aptitudes derived from analytics. | YES | As long as reasonably necessary to fulfill the purpose for which the information was collected. |
| L. Sensitive personal information. | Further identified in the chart below. | See below | See below |
Sensitive personal information is a subtype of personal information consisting of the specific categories listed in the chart below. The CCPA treats this information as sensitive personal information when it’s collected or used to infer characteristics about a consumer.
The chart below identifies which sensitive personal information categories, if any, we’ve collected from consumers to infer characteristics about them in the last 12 months.
| Sensitive Personal Information Category | Collected to Infer Characteristics? |
|---|---|
| L.1. Government identifiers (e.g., SSN, driver’s license, passport number). | NO |
| L.2. Complete account access credentials (e.g., usernames combined with passwords). | NO |
| L.3. Precise geolocation (GPS data within approximately 1,850 feet). | NO |
| L.4. Racial or ethnic origin. | NO |
| L.5. Citizenship or immigration status. | NO |
| L.6. Religious or philosophical beliefs. | NO |
| L.7. Union membership. | NO |
| L.8. Mail, email, or text messages not directed to the Company. | NO |
| L.9. Genetic data. | NO |
| L.10. Neural data. | NO |
| L.11. Unique identifying biometric information. | NO |
| L.12. Health information. | NO |
| L.13. Sex life or sexual orientation information. | NO |
| L.14. Children’s personal information (under age 16). | NO |
We obtain the categories of personal information listed above from the following categories of sources:
We may use and disclose the personal information we collect to advance the Company’s business and commercial purposes, specifically to:
We don’t use or disclose sensitive personal information for purposes other than the CCPA’s statutorily approved reasons (“Permitted SPI Purposes”). Because we limit our use of sensitive personal information to the Permitted SPI Purposes, we don’t currently offer a right to limit sensitive personal information use.
We won’t collect additional categories of personal information or use the personal information we’ve collected for materially different, unrelated, or incompatible purposes without providing you notice.
We may collect, process, and disclose aggregated or deidentified consumer information for any purpose without restriction. When we collect, process, or disclose aggregated or deidentified consumer information, we’ll maintain and use it in deidentified form and won’t attempt to reidentify the information, except to determine whether our deidentification processes satisfy applicable legal requirements.
We may disclose the personal information we collect to service providers and contractors for the business purposes described in Section 3.1 and in the table below, such as to support our business functions. We only make these business purpose disclosures under written contracts that describe the purposes, require the recipient to keep the personal information confidential, prohibit using the disclosed information for any purpose except performing the contract, and meet the CCPA’s other contract requirements for engaging service providers or contractors.
The chart below identifies the categories of entities to whom we’ve disclosed our consumers’ personal information for a business purpose over the preceding 12 months, along with the personal information categories disclosed and the disclosure’s business purposes.
| Category of Recipient | PI Categories Disclosed | SPI Categories Disclosed | Business Purpose |
|---|---|---|---|
| Website hosting and infrastructure providers |
A. Identifiers. B. California Customer Records. F. Internet or network activity. G. Geolocation data. |
None | To host and maintain the Website and protect against security threats. |
| Data analytics providers |
A. Identifiers. F. Internet or network activity. G. Geolocation data. K. Inferences. |
None | To analyze Website usage, improve our services, and understand audience behavior. |
| Marketing and email service providers |
A. Identifiers. B. California Customer Records. F. Internet or network activity. |
None | To manage communications, send marketing materials, and track engagement. |
| Customer relationship management providers |
A. Identifiers. B. California Customer Records. I. Professional or employment-related information. |
None | To manage client and candidate relationships and support our staffing services. |
| Embedded mapping service providers |
A. Identifiers (IP address, device identifiers). F. Internet or network activity. G. Geolocation data. |
None | To provide interactive branch locator functionality on the Website. |
| Podcast hosting providers |
A. Identifiers (IP address, device identifiers). F. Internet or network activity. G. Geolocation data. |
None | To host and provide podcast playback functionality on the Website and measure listener engagement. |
We don’t sell your personal information to third parties and haven’t sold personal information in the preceding 12 months.
We do share certain personal information with third parties for cross-context behavioral advertising purposes. When you visit our Website and consent to the placement of advertising and analytics cookies, information about your browsing activity and device may be made available to third-party advertising and analytics platforms. Under the CCPA, this constitutes “sharing” of personal information, and similar state privacy laws may classify it as “targeted advertising.” You have the right to opt out of this activity regardless of your state of residence (see Section 5.4).
Our personal information sharing doesn’t include information about consumers we know are under age 16.
In addition to advertising networks and social media platforms, certain embedded third-party services on our Website collect visitor data and use it for their own advertising purposes. When these services use personal information collected from our visitors for advertising beyond what’s needed to provide their core functionality on our Website, that activity constitutes sharing under the CCPA and targeted advertising under other applicable state privacy laws.
The chart below identifies the categories of third parties with whom the Company has shared consumers’ personal information for cross-context behavioral advertising purposes over the preceding 12 months, along with the personal information categories shared and the purposes for sharing that information.
| Category of Third Party | PI Categories Shared | SPI Categories Shared | Purpose |
|---|---|---|---|
| Advertising networks (Google Ads) |
A. Identifiers (online identifiers, IP address). F. Internet or network activity. G. Geolocation data. K. Inferences. |
None | To deliver targeted advertising based on Website activity and measure advertising effectiveness. |
| Social media advertising platforms (LinkedIn) |
A. Identifiers (online identifiers, IP address). F. Internet or network activity. G. Geolocation data. |
None | To deliver targeted advertising on social media platforms based on Website activity. |
| Marketing platforms (HubSpot) |
A. Identifiers (online identifiers, IP address, email address). F. Internet or network activity. |
None | To personalize marketing content and track engagement across contexts. |
| Embedded mapping platforms and their advertising partners (Mapline/Microsoft Bing) |
A. Identifiers (IP address, online identifiers, device identifiers). F. Internet or network activity. G. Geolocation data. |
None | To display targeted advertising for the platform provider's own services based on visitor interactions with the branch locator. |
| Podcast hosting platforms and their advertising partners (Podbean/Google/Microsoft Bing) |
A. Identifiers (IP address, online identifiers, device identifiers). F. Internet or network activity. G. Geolocation data. |
None | To serve targeted advertising and measure advertising conversion metrics based on visitor interactions with the podcast player. |
Our Website uses cookies and similar tracking technologies to collect information about your browsing activity. Cookies are small data files placed on your device that help us understand how visitors use our Website and improve your experience.
We use the following categories of cookies:
We use Cookiebot as our consent management platform. When you visit our Website, the experience you see may vary based on your location.
Regardless of your location, you can manage your cookie preferences at any time through the cookie preference center accessible via the ‘Your California Privacy Choices’ link in our Website footer. This includes cookies placed by embedded third-party services such as our branch locator and podcast player.
For more information about how Google Analytics collects and processes data, please visit www.google.com/policies/privacy/partners/.
We believe all of our consumers should have meaningful control over their personal information. The rights described below are required by the CCPA for California residents, and many of these same rights are provided by other state consumer privacy laws. We extend these core privacy rights to all consumers who visit our Website or otherwise interact with our services, regardless of state of residence. Where applicable law provides additional or different rights for residents of a specific state, we’ve noted that in Section 5.7.
You have the right to request that we disclose certain information to you about our collection and use of your personal information (the “right to know”), including the specific pieces of personal information we’ve collected about you (a “data portability request”). Our response will cover the 12-month period preceding the request, although we’ll honor requests to cover longer periods that don’t extend past January 1, 2022, unless doing so would be impossible or involves disproportionate effort. You may exercise your right to know twice in any 12-month period. Once we receive your request and confirm your identity (see Section 6), we’ll disclose to you:
You have the right to request that we delete any of your personal information that we collected from you and retained, subject to certain exceptions and limitations (the “right to delete”). Once we receive your request and confirm your identity, we’ll delete your personal information from our systems unless an exception allows us to retain it. We’ll also notify our service providers, contractors, and other recipients to take appropriate action.
You also have the right to request correction of personal information we maintain about you that you believe is inaccurate (the “right to correct”). We may require you to provide documentation, if needed, to confirm your identity and support your claim that the information is inaccurate. Unless an exception applies, we’ll correct personal information that our review determines is inaccurate and notify our service providers, contractors, and other recipients to take appropriate action.
As we don’t use or disclose sensitive personal information beyond the CCPA’s Permitted SPI Purposes, we don’t currently provide this consumer right. For more on the Permitted SPI Purposes, see Section 3.2.
You have the right to request that we stop sharing your personal information for cross-context behavioral advertising at any time (the “right to opt-out”), including through a user-enabled opt-out preference signal. The CCPA also prohibits us from sharing the personal information of consumers we actually know are under 16 years old without first obtaining consent from consumers who are between 13 and 15 years old or the consumer’s parent or guardian for consumers under age 13 (the “right to opt-in”).
We can’t share your personal information after we receive your request to opt-out unless you later consent to the sharing of your personal information. For more on exercising your opt-out rights, see Section 6.2.
We don’t currently use automated decision-making technology (ADMT) to make significant decisions about consumers through our Website. Accordingly, we don’t currently provide ADMT access, opt-out, or appeal rights. We’ll update this policy if our practices change.
You have the right not to be discriminated or retaliated against for exercising any of your privacy rights described in this policy.
In addition to the rights described above, residents of certain states may have additional rights under their state’s consumer privacy laws.
California. The rights described in Sections 5.1 through 5.6 are provided to California residents under the CCPA (Cal. Civ. Code §§ 1798.100 to 1798.199.100). California residents may exercise the right to know twice in any 12-month period, and we’ll respond to verifiable requests within the timeframes specified in Section 6. California’s “Shine the Light” law (Cal. Civ. Code § 1798.83) also permits California residents to request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes. To make such a request, please contact us using the methods in Section 10.
Other States. Residents of Colorado, Connecticut, Delaware, Indiana, Iowa, Kentucky, Maryland, Minnesota, Montana, Nebraska, New Hampshire, New Jersey, Oregon, Rhode Island, Tennessee, Texas, Utah, Virginia, and other states with consumer privacy laws in effect may have rights to confirm whether we process their personal information, access and delete certain personal information, correct inaccuracies, request data portability, and opt out of personal data processing for targeted advertising, sales, or profiling. The exact scope of these rights varies by state. To exercise any of these rights, please contact us using the methods described in Section 6. If we decline your request, you may appeal that decision by contacting us using the methods in Section 6.1, identifying the original request, and explaining the basis for your appeal. We will respond to your appeal within 45 days. If we deny your appeal, we will provide you with information on how to contact your state’s attorney general to submit a complaint.
Nevada. Nevada residents have a limited right to opt out of certain personal information sales. Residents who wish to exercise this opt-out right may submit a request using the contact methods in Section 10. However, we don’t currently sell data triggering that statute’s opt-out requirements.
To exercise the right to know (including data portability), delete, or correct described above, please submit a verifiable request to us by either:
Please describe your request with sufficient detail so we can properly understand, evaluate, and respond to it. You or your authorized agent may only submit a request to know, including for data portability, twice in a 12-month period.
You can submit your request to opt-out of personal information sharing for cross-context behavioral advertising through:
You can also submit your request to opt-out of personal information sharing through an opt-out preference signal. We recognize the Global Privacy Control (GPC) signal as a valid opt-out preference signal. If your browser or device sends a GPC signal, we’ll treat it as a valid request to opt-out of sharing your personal information for cross-context behavioral advertising for that browser or device.
The GPC signal applies only to the specific browser or device transmitting the signal. It doesn’t automatically extend to any account you may have with us or to information we’ve collected through offline interactions. If you would like to opt out of sharing for your account or for information collected offline, please submit a separate request using the methods described above. Our Website doesn’t currently respond to “Do Not Track” browser signals. We recommend using the GPC signal or the opt-out mechanisms described in this Section 6.2 to manage your sharing preferences.
Only you, or someone legally authorized to act on your behalf, may make a request to know, delete, or correct related to your personal information. You may designate an authorized agent to make a request on your behalf by providing the agent with written permission signed by you. When an authorized agent submits a request, we may require the agent to provide proof of that written authorization (such as a signed letter or power of attorney), and we may independently verify your identity before processing the request. To submit a request through an authorized agent, the agent should contact us using the methods described in Section 6.1.
We can’t respond to your request to know, delete, or correct if we can’t verify your identity or authority to make the request and confirm the personal information relating to you. We’ll only use personal information provided in the request to verify the requestor’s identity or authority to make the request.
For requests to opt-out, we’ll ask for the information necessary to complete the request, which may include your name, email address, or other identifying information.
We will confirm receipt of your request within ten business days. If you don’t receive confirmation within that timeframe, please contact us at info@oningroup.com.
We endeavor to substantively respond to a verifiable request within 45 days of its receipt. If we require more time (up to another 45 days), we’ll inform you of the reason and extension period in writing. Our substantive response will tell you whether or not we’ve complied with your request. If we can’t comply with your request in whole or in part, we’ll explain the reason, subject to any legal or regulatory restrictions.
For data portability requests, we will select a format to provide your personal information that is readily useable and should allow you to transmit the information from one entity to another without hindrance.
We don’t charge a fee to process or respond to your verifiable request unless it’s excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we’ll tell you why we made that decision and provide you with a cost estimate before completing your request.
In response to your request to opt-out, we’ll process your request as soon as feasibly possible, but no later than 15 business days from the date we receive the request. We’ll only use personal information provided from your request to comply with the request.
We’ll also notify our service providers, contractors, and certain other downstream recipients of your request to opt-out and instruct them to comply with your request and forward the request to their own downstream recipients, if applicable.
Once you make a request to opt-out, we’ll wait at least 12 months before asking you to reauthorize personal information sharing. However, you may change your mind and opt back in at any time by contacting us using the methods described above or by adjusting your cookie preferences through our Website’s cookie consent mechanism.
We use commercially reasonable administrative, physical, and technical measures designed to protect your personal data from accidental loss or destruction and from unauthorized access, use, alteration, and disclosure. However, no website, mobile application, system, electronic storage, or online service is completely secure, and we can’t guarantee the security of your personal data transmitted to, through, using, or in connection with our Website.
The safety and security of your information also depends on you. Where we’ve given you (or where you’ve chosen) a password for access to certain parts of our Website, you’re responsible for keeping this password confidential. We ask you not to share your password with anyone.
Any transmission of personal data is at your own risk.
Our Website isn’t intended for children under 16 years of age. No one under age 16 may provide any personal information to or on the Website. We don’t knowingly collect personal information from children under 16. If you’re under 16, don’t use or provide any information on this Website or through any of its features. If we learn we’ve collected or received personal information from a child under 16 without verification of parental consent, we’ll delete that information. If you believe we might have any information from or about a child under 16, please contact us at info@oningroup.com.
We reserve the right to update this Privacy Policy at any time as we continue to develop our compliance program in response to legal developments under the CCPA and other applicable state privacy laws. If we make any material changes to this Privacy Policy, we’ll update the policy’s effective date and post the updated policy on our Website. We encourage you to check our Website periodically to review the current Privacy Policy in effect.
If you have any questions or comments about this policy, the ways in which we collect and use your information described here, your choices and rights regarding such use, or wish to exercise your rights under applicable state privacy law, please don’t hesitate to contact us at:
Phone: 877-280-5664
Email: info@oningroup.com
Postal Address:
The Ōnin Group
Attn: IT Department
3800 Colonnade Pkwy, #300
Birmingham, AL 35243
If you need to access this Privacy Policy in an alternative format due to a disability, please contact info@oningroup.com or 877-280-5664.