2.6 Social Security Number & Personal Data Protection Policy

THE COMPANY collects certain personal information, including Social Security Numbers (SSNs) and other sensitive identifiers, solely for legitimate business purposes such as payroll processing, tax reporting, background checks, onboarding, benefits administration, and employment verification. THE COMPANY is committed to protecting this information from unauthorized access, use, or disclosure in accordance with federal and state guidelines.

Protection Requirements

To safeguard Team Member information, the following standards apply:

SSNs and other sensitive personal information will only be requested, used, recorded, stored, or accessed when required for a legitimate business or legal purpose.
Documents containing SSNs will be stored securely (locked filing cabinet or encrypted digital storage) and kept separate from general personnel files.
Access to SSNs is strictly limited to authorized personnel who require the information for a specific job-related function.
SSNs and personal identifiers will never be emailed, texted, or transmitted electronically unless the data is encrypted and sent through a secure, approved system.
SSNs will not be printed or displayed on ID badges, timecards, schedules, work rosters, pay stubs, or any document accessible to unauthorized individuals.
Paper documents containing SSNs must be properly shredded or destroyed before disposal.
Digital documents containing SSNs must be stored only on secure, THE COMPANY-approved systems with password protection and encryption.
Screens displaying SSNs must be protected from public or unauthorized view (screen locking, privacy filters, etc.).
SSNs may not be written down, stored, or recorded in personal notebooks, binders, or unapproved digital devices (including personal phones).

Breach, Loss, or Unauthorized Access Reporting

Team Members must immediately report any suspected:

unauthorized access
loss or misplacement of documents
internal misuse
security breach
disclosure or attempted disclosure of SSNs or sensitive personal information

Reports must be made promptly to:

A Manager/Supervisor
District Manager
The Director of Operations
DGI Corporate Office Team Member

THE COMPANY will investigate all reports and take corrective steps to safeguard data.

Manager and Supervisor Responsibilities

Managers and Supervisors with access to SSNs or sensitive data must:

Maintain the highest standards of confidentiality
Ensure secure storage and limited access
Never leave documents or systems displaying SSNs unattended
Use only THE COMPANY-approved systems for storing or transmitting sensitive data
Report any potential breach immediately
Follow all retention and disposal requirements

Failure to follow these expectations is a serious violation of policy.

Disciplinary Action

Any unauthorized access, use, disclosure, or mishandling of SSNs or personal information may result in:

Corrective action
Disciplinary action up to and including termination
Potential civil or criminal legal consequences if required by law

THE COMPANY enforces strict zero-tolerance standards for intentional misuse of personal information.

Legal Compliance

This Policy is intended to meet or exceed the safeguards required under applicable federal and state privacy laws and best practices, including but not limited to:

Fair and Accurate Credit Transactions Act (FACTA) Red Flags Rule
Social Security Number Protection requirements
IRS and Department of Labor data-handling requirements
Applicable Georgia state data-privacy and disposal requirements

Where legal standards change, THE COMPANY will adjust this Policy accordingly.

1.1 Welcome to THE COMPANY

1.2 About THE COMPANY (Independent Franchisee Statement)

1.3 THE COMPANY Mission Statement

1.4 The SUBWAY® Story

1.5 What it Means to be a Team Member and Sandwich Artist®

1.6 The SUBWAY® Mission Statement

1.7 Business Philosophies

1.8 The SUBWAY® Product

1.9 Your Image is Our Image

1.10 Commitment to Hospitality

1.11 Commitment to Operational Excellence

1.12 You’re a Guest

1.13 Think Like a Guest While You’re Working

1.14 You Represent SUBWAY® - Every Guest, Every Visit

1.15 Our Commitment to Improvement/Suggestions/Complaints

1.16 Common Terms

1.17 Fun Facts

1.18 Purpose of This Handbook

1.19 How to Use and Access This Handbook

1.20 Handbook Interpretation

1.21 Policy Revisions, Modifications, and Updates

1.22 Acknowledgement of Receipt

1.23 Reporting Questions or Concerns

2.1 Equal Employment Opportunity (EEO) Policy

2.2 Diversity, Inclusion, & Belonging

2.3 Commitment to Civility and Respect

2.4 Anti-Harassment, Non-Discrimination and Retaliation Policy

2.5 Genetic Information Non-Discrimination Act (GINA)

2.6 Social Security Number & Personal Data Protection Policy

2.7 Commitment to Legal Employment and Work Authorization Compliance

2.8 E-Verify

2.9 Life-Threatening Illness

2.10 Expressing Breastmilk in the Workplace

2.11 Comprehensive Accommodation Policy

2.12 Business Practices/Ethical Code of Conduct

2.13 Team Member Privacy and Personal Activities

2.14 Conformity to Applicable Federal and State Laws, Severability, and Construction

2.15 Right-to-Know & Hazard Communication Policy

2.16 Proprietary and Non-Disclosure Agreement

2.17 Zero-Tolerance Violation Policy

2.18 Discipline Framework

2.19 Personal Hygiene & Health Reporting (FDA Big 6 Compliance)

2.20 Law Enforcement and Government Inquires Policy

3.1 Overview of Team Member Rights

3.2 At-Will Employment Statement

3.3 Handbook Not a Contract

3.4 Equal Employment Rights (Federal and Georgia)

3.5 Rights Under the National Labor Relations Act Policy (NLRA)

3.6 OSHA Workplace Safety Rights

3.7 Right-to-Know & Hazard Communication Rights

3.8 Wage and Hour Rights (Federal and Georgia)

3.9 Tip Reporting Rights (IRS Requirements)

3.10 Georgia Child Labor Rights

3.11 Immigration & I-9 Verification Rights

3.12 ADA, Pregnancy, and Religious Accommodation Rights

3.13 Lactation Rights (Federal and Georgia)

3.14 Leave & Civic Duty Rights

3.15 Whistleblower & Anti-Retaliation Rights

3.16 Personnel File Access Rights

3.17 Confidentiality of Medical, Health, & Sensitive Information

4.1 How We Communicate

4.2 Employer Contact Info

4.3 THE COMPANY Locations

4.4 THE COMPANY Management Contacts

4.5 Who to Contact?

4.6 Restaurant Phone Frequently Asked Questions

4.7 SUBWAY® Information Exchange Boards

4.8 Communication Tool Policy

4.9 Text Message Communication Policy

4.10 Electronic Communication and Document Delivery Policy

4.11 Whistleblower Policy

4.12 Team Member Communication with Management

4.13 Open Door Communication Policy

4.14 Parent and Third-Party Communicaiton Policy

4.15 Postings for Internal Position Openings

4.16 No Expectation of Privacy Policy

4.17 Conflict Resolution/Workplace Concerns Policy

4.18 Off-Duty Conduct & Social Media Clarification

4.19 Confidential Reporting Option

4.20 Privacy, Monitoring, & Workplace Conduct Improvements