Effective Date: May 25, 2018
Personal Information that Our Customers Collect
BY SUBMITTING, ENTERING, OR PROVIDING ANY PERSONAL INFORMATION, INCLUDING PERSONALLY IDENTIFIABLE INFORMATION, INTO THE SITES OR APPS, CUSTOMER REPRESENTS AND WARRANTS THAT IT HAS IMPLEMENTED AND WILL MAINTAIN PROCESSES AND PROCEDURES DESIGNED TO COMPLY WITH LAWS APPLICABLE TO ITS PROVISION OF SUCH INFORMATION TO US FOR SUBSEQUENT PROCESSING, INCLUDING BUT NOT LIMITED TO THE TELEPHONE CONSUMER PROTECTION ACT 47 U.S.C. § 227, THE GDPR, AS WELL AS ANY AMENDMENTS AND SUCCESSORS TO THE AFOREMENTIONED LAWS.
Personal Information that We Collect
Through the yello.co website, we may collect personal information directly from Yello Data Subjects located in the European Economic Area, who provide their personal data to Yello for marketing purposes (“Yello Data Subjects”). Such personal information will be transferred from the European Economic Area to the United States for processing by Yello. With respect to the personal information of Yello Data Subjects, Yello is the data controller, and Yello will process the data in accordance with applicable privacy laws, including the GDPR. The personal information from the Yello Data Subjects is concurrently and automatically stored and backed up from the yello.co website to servers that are under the control and in the possession of our hosting provider, who acts as our processor. Our legal basis for processing the personal data of Yello Data Subjects is that the Yello Data Subject(s) has given consent to the processing of his or her personal data for one or more specific purposes (such purposes are described in the next sentence). Our data processing and storage (storage achieved via our hosting provider) activities are limited to the minimum necessary for Yello’s management and completion of demo requests; the building of leads as related to product purchases; and/or the provision of thought leadership and blog content to those Yello Data Subjects who are voluntarily subscribed (such subscription is revocable upon written request to firstname.lastname@example.org) (the “Purposes”). The personal data of the Yello Data Subjects will not be shared with any third parties except for our employees and our client relationship management sub-processor, as necessary to achieve the Purposes. The personal data of the Yello Data Subjects will be stored for as long as necessary to achieve the Purposes, or until the Yello Data Subject requests otherwise in writing. It is important to note that the provision of personal data by Yello Data Subjects is not mandatory and Yello Data Subjects can refrain from such provision at any time, but such Yello Data Subjects may not be able to request a demo through the yello.co website as a result. If any Yello Data Subject has a request related to the aforementioned GDPR Principles or Purposes, or wishes to unsubscribe, he or she should promptly reach out to Yello’s marketing team at email@example.com. A Yello Data Subject may also file a complaint with the supervisory authority in his or her country of residence.
If our Customers utilize our Technology Management Services and/or our devices in connection with the Apps or the Sites, including but not limited to utilization through iPads or tablets, whether owned by us or a Customer, we may track, and you consent to us tracking, your physical location using Global Positioning System (GPS) technology that is installed and active on such device(s). Such tracking will be utilized for the following purposes: (i) locating device(s) in the event that they are lost or stolen; and/or (ii) locating devices(s) in an anonymized fashion for use on a device heat-map to be used for internal and external marketing purposes and which constitutes a map of broad-scale user activity across the globe. Such GPS tracking will not involve any access to your personal information nor will it involve the tracking of your activity or behavior on such device(s). If you object to such tracking, please promptly contact us via email at firstname.lastname@example.org.
In general, there are four types of cookies: (1) First-Party Cookies: First-party cookies are those set by the Websites themselves when you visit the applicable web page; (2) Third-Party Cookies: Third-party cookies are cookies that are set by a domain other than that of the Websites. Third-party cookies enable third-party features or functionality to be provided on or through the Websites (e.g. like interactive content and analytics). The parties that set these third-party cookies can recognize your computer both when it visits the Website, and also when it visits certain other websites; (3) Session Cookies: Session cookies are cookies that are created and active during a browser session. A browser session starts when you open the browser window and finishes when you close the browser window. Session cookies are created temporarily, so once you close the browser, all session cookies are deleted; (4) Persistent Cookies: Persistent cookies are cookies that remain on your computer or mobile device until you delete them manually or until they expire. They are not deleted when you close your browser.
1. Essential Cookies: Some cookies are essential for operation of a web page, and without these cookies, the services cannot be provided. We use essential cookies on the Sites, but not on the yello.co website or Apps. Thus, if a user does not have cookies enabled on their personal computer, he or she will still be able to access the yello.co website and Apps, but he or she may not be able to access all or parts of the Sites. The essential cookies used on the Sites are first-party, persistent and session cookies
2. Performance and Functionality Cookies: We utilize performance cookies to collect information about how you use the Websites – e.g. which pages you visit and if you experience any errors. These cookies are used to enhance the performance and functionality of the Websites and are non-essential to their use. However, without these cookies, certain functionality may become unavailable. Most of the performance and functionality cookies used on the Websites are first-party, persistent cookies.
3. Analytics Cookies: All of the information that analytics cookies collect is aggregated and therefore anonymous and is only used to help us improve how our Websites work, understand your interests, and measure how effective our content is. Most of the analytics cookies used on the Websites are first-party, persistent cookies.
4. Third-Party Cookies: We use third-party vendors to help it monitor traffic to the Websites (i.e. number of visitors, the pages they visit, and the length of time spent on the Websites). We may also use third-party cookies to help us with analytics, market research, revenue tracking, and improving site functionality on the Websites. Most of the third-party cookies used on the Websites are persistent cookies.
“Do Not Track” is a concept that has been promoted by regulatory agencies such as the U.S. Federal Trade Commission, for the Internet industry to develop and implement a mechanism for allowing Internet users to control the tracking of their online activities across websites by using browser settings. The World Wide Web Consortium has been working with industry groups, Internet browsers, technology companies, and regulators to develop a “Do Not Track” technology standard. While some progress has been made, it has been slow, and no standard has been adopted to this date. As such, we do not generally respond to “Do Not Track” signals.
For further information about cookies and online privacy matters, please refer to http://www.allaboutcookies.org and http://www.youronlinechoices.eu.
How We and Our Customers Use and Disclose the Information of Data Subjects
Additionally, it is important to note that we may be required to disclose the personal information of our Customers or their Data Subjects, including certain personally identifiable information, in response to a lawful request by public authorities or under any applicable law, including to meet national security or law enforcement requirements. Furthermore, a merger, acquisition, divestiture, or similar transaction may trigger the disclosure of the personal information of our Customers or their Data Subjects, including certain personally identifiable information.
How We Use and Disclose the Information of Our Customers
We use Customer information, including personally identifiable information, in order to administer our Customers’ accounts and allow them to use the Sites and Apps. We use Customer information to support and enhance our Customers’ use of the Sites and its features and the Apps, including, at times and as an example, tracking emails that our Customers send.
We may use Customer information to enable us to display advertisements to third parties’ target audiences. Even though we do not disclose your personally identifiable information for these purposes without your consent, if you click on or otherwise interact with an advertisement, the advertiser may assume you meet its target criteria.
We may also disclose and transfer Customer information, including personally identifiable information, as an asset in connection with a proposed or actual merger or sale (including any transfers made as part of an insolvency or bankruptcy proceeding) involving all or part of our business (whether as a going-concern or not) or as part of a corporate reorganization, stock sale or other change in control.
General Use and Disclosure the Information of Data Subjects or Customers
We reserve the right to disclose information, including personal information, in order to comply with a subpoena, court order, administrative or governmental order, or any other requirement of law, or when we, in our sole discretion, believe it is necessary in order to protect our rights or the rights of others, to prevent harm to persons or property, or to fight fraud and credit risk reduction. IF A CUSTOMER OR DATA SUBJECT USES A PUBLICLY ACCESSIBLE AREA OF THE WEBSITES OR APPS, HE OR SHE SHOULD BE AWARE THAT ANY PERSONALLY IDENTIFIABLE INFORMATION SUBMITTED THERE CAN BE READ, COLLECTED OR USED BY ANY PERSON FOR ANY PURPOSE. We are in no way responsible for the personally identifiable or other information submitted in these public forums. We may retain records of all publicly accessible areas of the Websites or Apps.
We also reserve the right to share the information of Customers or Data Subjects, including personal information, in connection with any corporate transaction, including any merger, consolidation, restructuring, the sale of stock and/or assets, or other corporate change or financing transaction including, whether during the course of any due diligence process or otherwise.
We may use non-personally identifiable information in the aggregate, so we can improve the Websites or Apps, and for business and administrative purposes. We may also use or share with third parties, for any purpose, aggregated data that contains no personally identifiable information. We do not make any decisions based solely on the automated processing of a Customer’s or Data Subject’s personal data.
We are located in the United States. By default, we utilize a hosting provider who is also located in the United States. In very limited circumstances and at our sole discretion, we may provide certain Customers with the option to elect that their data is hosted in Ireland. BY ACCESSING OR USING THE WEBSITES, ACCESSING OR USING THE APPS, OR OTHERWISE PROVIDING INFORMATION TO OUR CUSTOMERS OR US, THE CUSTOMERS, DATA SUBJECTS, AND YELLO DATA SUBJECTS CONSENT TO THE PROCESSING AND TRANSFER OF SUCH INFORMATION TO AND IN THE UNITED STATES.
Third Party Disclosures
We may disclose the personal information of our Customer’s Data Subjects to third parties as necessary to provide our services to our Customers. Such third parties may include vendors who we utilize for the provision of our services. The purpose of such disclosure is to provide our services to our Customers, and may include: the sub-processing of such personal information between the Websites, the Apps, and our and our Customers’ networks; the parsing of such personal information to allow our Customers to filter through the information that the Data Subjects voluntarily provide to our Customers via the Sites or Apps; and, generally, allowing our Customers to build a work candidate database based on the information provided by Data Subjects and manage their recruitment process.
When transferring personal information to a third party acting as a sub-processing agent (“agent”), we (i) transfer such data only for limited and specified purposes; (ii) ascertain that the agent is obligated to provide at least the same level of privacy protection as is required by the Privacy Shield and GDPR Principles (as discussed below), as applicable; (iii) take reasonable and appropriate steps to ensure that the agent effectively processes the personal information transferred in a manner consistent with the organization’s obligations under the applicable Privacy Shield and GDPR Principles; (iv) require the agent to notify the organization if it makes a determination that it can no longer meet its obligation to provide the same level of protection as is required by the applicable Privacy Shield or GDPR Principles; (v) upon written notice, including under (iv), take reasonable and appropriate steps to stop and remediate unauthorized processing; and (vi) provide a summary or a representative copy of the relevant privacy provisions of our contract with that agent to the Department of Commerce or Federal Trade Commission upon verified request.
Choices Regarding Customer Information
We strive to provide our Customers with choices regarding their personally identifiable information. We have created mechanisms to provide our Customers with control over such information:
- Tracking Technologies and Advertising. Customers can set their browser to refuse all or some browser cookies, or an alert when cookies are being sent. To learn how to manage cookie settings, visit the applicable browser’s settings and help pages.
- Promotional Offers and Newsletters from Us. If a Customer does not wish to have its contact information used by us to promote our own products or services or receive our newsletters, it can opt-out by contacting us at email@example.com. This opt-out does not apply to information provided to us as a result of product service experience requests.
Choices regarding Data Subject Information
Upon written request from a Data Subject, with proper verification of identity at our sole discretion (e.g. via certification from a notary public), we can promptly destroy, correct, amend and/or return, to such verified Data Subject, any and all personally identifiable information in our or our sub-processor’s control or possession, subject to both our right to retain such information as deemed permitted under applicable law or necessary to comply with legal obligations or the obligations detailed in our written agreements with Customers. We will use commercially reasonable efforts to respond to such requests within forty-five (45) days of receipt of such request and identity verification. All requests in this regard should be submitted via email to firstname.lastname@example.org.
How We Protect Information
We are committed to protecting the information we receive from our Customers and their Data Subjects. We have implemented commercially reasonable, appropriate technical and organizational measures to protect the confidentiality, security and integrity of data stored on or through the Websites and on the Apps, including from loss, misuse, and unauthorized access, disclosure, alteration and destruction, while considering the risks involved. Such risks include, but are not limited to, severity of foreseeable harm and likelihood that our processing could threaten the individual rights and freedoms of the Data Subjects. While no computer system is completely secure, we believe the measures we have implemented reduce the likelihood of security problems to a level appropriate to the type of data involved.
In addition, only those employees and third parties who need access to personal information in order to perform their duties are allowed such access.
Although we do our best to protect the personal information of our Customers, Yello Data Subjects, and Data Subjects, we cannot guarantee the security of personal information transmitted to the Sites or Apps. ANY TRANSMISSION OF PERSONAL INFORMATION IS AT THE CUSTOMER’S, YELLO DATA SUBJECTS’, OR THE DATA SUBJECTS’ OWN RISK. WE ARE NOT RESPONSIBLE FOR THE CIRCUMVENTION OF ANY PRIVACY SETTINGS OR SECURITY MEASURES CONTAINED ON THE WEBSITES OR APPS.
The safety and security of personal information also depends on the Customers and Data Subjects. Customers and Data Subjects are responsible for keeping their self-created passwords confidential, and Customer and Data Subjects must not share passwords with anyone. Customer and Data Subjects must also take all reasonable steps to ensure the protection of their personal information, including, but not limited to, the personally identifiable information, and must be careful about giving out information in public areas of the Websites, Apps, or elsewhere.
Accessing and Updating Personal Information and Preferences of Customers
Authorized Users of our Customers may access, update, correct, and/or delete registration and other personal information by logging into the Sites or Apps and modifying their user profile, or by sending us an email at email@example.com. Customers may also close their account at any time by contacting us at firstname.lastname@example.org. We will take commercially reasonable steps to implement our Customers’ requests promptly, but it may take some time to process.
While we will make efforts to accommodate requests to restrict our use of personal information, we reserve the right to erase all or any portion of a Customer or Data Subject’s information if we are not able to reasonably accommodate a requested restriction. Please note that in some instances, we may not be able to delete the personal information or our Customers or their Data Subjects except by closing such Customer’s user account. We will notify our Customers if we are not able to accommodate their requests or if we have elected to close a Customer account as a result of a failure to accommodate such request.
We do not store any Customer’s personal information for longer than is necessary to fulfill the purposes for which it was collected, which is a determination made solely by the applicable Customer, provided that we may retain copies of a Customer’s personal information even after it has closed its account in order to comply with legal obligations.
Children’s Privacy and Parental Controls
We do not solicit any personal information from children. IF A CUSTOMER OR DATA SUBJECT IS NOT 16 OR OLDER, HE OR SHE MUST NOT USE THE WEBSITES OR THE APPS. Parents should be aware there are parental control tools available online that can be used to prevent children from submitting information online without parental permission or from accessing material that is harmful to minors.
California Privacy Rights
California Civil Code Section §1798.83 permits Customers and Data Subjects who utilize the Websites or Apps and who are California residents to request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes. To make such a request, please send an e-mail to email@example.com.
General Data Protection Regulation
In line with the requirements of the GDPR, we have formally appointed a Data Protection Officer, Dylan Mombach, reachable via email at firstname.lastname@example.org, who will, amongst other things: monitor compliance with the GDPR, applicable Union or Member State data protection laws, and our policies related to the protection of personal data; provide advice, where requested and appropriate, regarding data protection impact assessments; reasonably cooperate with applicable supervisory authority; and act as the contact point on issues related to our processing of personal information.
We are open to entering into the Commission Decision C(2010)593 Standard Contractual Clauses (processors) with any of our Customers that are authorized to use the Sites or the Apps in the EEA. Please contact us via email at email@example.com to request entrance into the Standard Contractual Clauses or for more information regarding this topic.
Upon written request from a Data Subject, with proper verification of identity at our sole discretion (e.g. via certification from a notary public), we can promptly destroy, correct, amend and/or return to such verified Data Subject any and all personal information, including any personally identifiable information, in our or our sub-processor’s control or possession, subject to our right to retain such information as deemed necessary to comply with legal obligations. We will use commercially reasonable efforts to respond to such requests within forty-five (45) days of receipt of such request and proper identity verification. All requests in this regard should be submitted via email to firstname.lastname@example.org.
Data Subjects may also have the right to submit a GDPR complaint to their local data protection authority. Contact details for the EU data protection authorities can be found at http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm
Privacy Shield Frameworks
Our accountability for personal data that we receive in the United States under the Privacy Shield Frameworks, and subsequent transfers to a third party, is described in the Privacy Shield Principles. In particular, we remain responsible and liable under the Privacy Shield Principles for third-party sub-processors that process personal data on our behalf, and we remain responsible for using commercially reasonable efforts to ensure that such sub-processors process personal data in a manner inconsistent with the Principles, unless we prove that we are not responsible for the event giving rise to the damage.
With respect to personal data received or transferred pursuant to the Privacy Shield Frameworks, we are subject to the regulatory enforcement powers of the U.S. Federal Trade Commission.
Pursuant to the Privacy Shield Frameworks, EU and Swiss individuals have the right to obtain our confirmation of whether we maintain personal information relating to you in the United States. Upon written request, we will provide you with access to the personal information that we hold about you. You may also may correct, amend, or delete the personal information we hold about you. An individual who seeks access, or who seeks to correct, amend, or delete inaccurate data transferred to the United States under Privacy Shield, should direct their query to email@example.com, and we will respond within a reasonable timeframe.
In compliance with the Privacy Shield Principles, we commit to resolve complaints about your privacy and our collection or use of your personal information transferred to the United States pursuant to the Privacy Shield Principles. European Union and Swiss individuals with Privacy Shield inquiries or complaints should first contact at firstname.lastname@example.org or the mailing address below:
RECSOLU, Inc., DBA Yello
55 E. Monroe St., Suite 3600
Chicago, IL 60603
Attn: General Counsel
We have further committed to refer unresolved privacy complaints under the Privacy Shield Principles to an independent dispute resolution mechanism, the BBB EU PRIVACY SHIELD, operated by the Council of Better Business Bureaus. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit www.bbb.org/EU-privacy-shield/for-eu-consumers for more information and to file a complaint. This service is provided free of charge to you.
If your complaint involves human resources data transferred to the United States from the EU and/or Switzerland in the context of the employment relationship, and we do not address it satisfactorily, we commit to cooperate with the panel established by the EU data protection authorities (DPA Panel) and/or the Swiss Federal Data Protection and Information Commissioner, as applicable, and to comply with the advice given by the DPA panel and/or Commissioner, as applicable, with regard to such human resources data. To pursue an unresolved human resources complaint, you should contact the state or national data protection or labor authority in the appropriate jurisdiction. Complaints related to human resources data should not be addressed to the BBB EU PRIVACY SHIELD.
If your Privacy Shield complaint cannot be resolved through the above channels, under certain conditions, you may invoke binding arbitration for some residual claims not resolved by other redress mechanisms. See Privacy Shield Annex 1 at: https://www.privacyshield.gov/article?id=ANNEX-I-introduction
By using the Websites or the Apps, Customers and Data Subjects acknowledge that monetary damages may not be a sufficient remedy for unauthorized disclosure of personal information, including personally identifiable information, and that there is significant potential liability in cases of onward transfers of personal data (including personally identifiable information) and Customer data to third parties. Thus, Customers and Data Subjects hereby acknowledge that we shall be entitled, without waiving any other rights or remedies, to seek such injunctive or equitable relief as may be deemed proper by a court of competent jurisdiction.
RECSOLU, Inc., DBA Yello
55 E. Monroe St., Suite 3600
Chicago, IL 60603
Attn: General Counsel