Effective Date: May 25, 2018
Personal Information that Our Customers Collect
BY SUBMITTING, ENTERING, OR PROVIDING ANY PERSONAL INFORMATION, INCLUDING PERSONALLY IDENTIFIABLE INFORMATION, INTO THE SITE OR APPS, CUSTOMER REPRESENTS AND WARRANTS THAT IT HAS IMPLEMENTED AND WILL MAINTAIN PROCESSES AND PROCEDURES DESIGNED TO COMPLY WITH LAWS APPLICABLE TO ITS PROVISION OF SUCH INFORMATION TO US FOR SUBSEQUENT PROCESSING, INCLUDING BUT NOT LIMITED TO THE TELEPHONE CONSUMER PROTECTION ACT 47 U.S.C. § 227, THE GDPR, AS WELL AS ANY AMENDMENTS AND SUCCESSORS TO THE AFOREMENTIONED LAWS.
Personal Information that We Collect
Through use of the Site and/or Apps, we may also collect personal information directly from Yello Data Subjects located in the European Economic Area, who provide their personal data to Yello for marketing purposes (“Yello Data Subjects”). Such personal information will be transferred from the European Economic Area to the United States for processing by Yello. With respect to the personal information of Yello Data Subjects, Yello is the data controller, and Yello will process the data in accordance with applicable privacy laws, including the GDPR. The personal information from the Yello Data Subjects is concurrently and automatically stored and backed up from the Site and/or Apps to servers that are under the control and in the possession of our hosting provider, who acts as our processor. Our legal basis for processing the personal data of Yello Data Subjects is that the Yello Data Subject(s) has given consent to the processing of his or her personal data for one or more specific purposes (such purposes are described in the next sentence). Our data processing and storage (storage achieved via our hosting provider) activities are limited to the minimum necessary for Yello’s management and completion of demo requests; the building of leads as related to product purchases; and/or the provision of thought leadership and blog content to those Yello Data Subjects who are voluntarily subscribed (such subscription is revocable upon written request to firstname.lastname@example.org) (the “Purposes”). The personal data of the Yello Data Subjects will not be shared with any third parties except for our employees and our client relationship management sub-processor, as necessary to achieve the Purposes. The personal data of the Yello Data Subjects will be stored for as long as necessary to achieve the Purposes, or until the Yello Data Subject requests otherwise in writing. It is important to note that the provision of personal data by Yello Data Subjects is not mandatory and Yello Data Subjects can refrain from such provision at any time, but such Yello Data Subjects may not be able to access to the Site and Apps or request a demo through the Site or Apps as a result. If any Yello Data Subject has a request related to the aforementioned GDPR Principles or Purposes, or wishes to unsubscribe, he or she should promptly reach out to Yello’s marketing team at email@example.com. A Yello Data Subject may also file a complaint with the supervisory authority in his or her country of residence.
The Site and Apps also make use of a cookie technology designed to enhance the experience of Data Subjects and provide aggregate non-personally identifiable information about the use of the Site and Apps to us. By using the Site or Apps, our Customers and the Data Subjects hereby consent to such use and agree that we can place these types of cookies on their device(s).
If our Customers utilize our Technology Management Services and/or our devices in connection with the Apps or the Site, including but not limited to utilization through iPads or tablets, whether owned by us or a Customer, we may track, and you consent to us tracking, your physical location using Global Positioning System (GPS) technology that is installed and active on such device(s). Such tracking will be utilized for the following purposes: (i) locating device(s) in the event that they are lost or stolen; and/or (ii) locating devices(s) in an anonymized fashion for use on a device heat-map to be used for internal and external marketing purposes and which constitutes a map of broad-scale user activity across the globe. Such GPS tracking will not involve any access to your personal information nor will it involve the tracking of your activity or behavior on such device(s). If you object to such tracking, please promptly contact us via email at firstname.lastname@example.org.
How We and Our Customers Use and Disclose the Information of Data Subjects
Additionally, it is important to note that we may be required to disclose the personal information of our Customers or their Data Subjects, including certain personally identifiable information, in response to a lawful request by public authorities or under any applicable law, including to meet national security or law enforcement requirements. Furthermore, a merger, acquisition, divestiture, or similar transaction may trigger the disclosure of the personal information of our Customers or their Data Subjects, including certain personally identifiable information.
How We Use and Disclose the Information of Our Customers
We use Customer information, including personally identifiable information, in order to administer our Customers’ accounts and allow them to use the Site and Apps. We use Customer information to support and enhance our Customers’ use of the Site and its features and the Apps, including, at times and as an example, tracking emails that our Customers send.
We may use Customer information to enable us to display advertisements to third parties’ target audiences. Even though we do not disclose your personally identifiable information for these purposes without your consent, if you click on or otherwise interact with an advertisement, the advertiser may assume you meet its target criteria.
We may also disclose and transfer Customer information, including personally identifiable information, as an asset in connection with a proposed or actual merger or sale (including any transfers made as part of an insolvency or bankruptcy proceeding) involving all or part of our business (whether as a going-concern or not) or as part of a corporate reorganization, stock sale or other change in control.
General Use and Disclosure the Information of Data Subjects or Customers
We reserve the right to disclose information, including personal information, in order to comply with a subpoena, court order, administrative or governmental order, or any other requirement of law, or when we, in our sole discretion, believe it is necessary in order to protect our rights or the rights of others, to prevent harm to persons or property or to fight fraud and credit risk reduction. IF A CUSTOMER OR DATA SUBJECT USES A PUBLICLY ACCESSIBLE AREA OF THE SITE OR APPS, HE OR SHE SHOULD BE AWARE THAT ANY PERSONALLY IDENTIFIABLE INFORMATION SUBMITTED THERE CAN BE READ, COLLECTED OR USED BY ANY PERSON FOR ANY PURPOSE. We are in no way responsible for the personally identifiable or other information submitted in these public forums. We may retain records of all publicly accessible areas of the Site or Apps.
We reserve the right to share the information of Customers or Data Subjects, including personal information, in connection with any corporate transaction, including any merger, consolidation, restructuring, the sale of stock and/or assets, or other corporate change or financing transaction including, whether during the course of any due diligence process or otherwise.
We may use non-personally identifiable information in the aggregate, so we can improve the Site or Apps, and for business and administrative purposes. We may also use or share with third parties, for any purpose, aggregated data that contains no personally identifiable information. We do not make any decisions based solely on the automated processing of a Customer’s or Data Subject’s personal data.
We are located in the United States. By default, we utilize a hosting provider who is also located in the United States. In very limited circumstances and at our sole discretion, we may provide certain Customers with the option to elect that their data is hosted in Ireland. BY ACCESSING OR USING THE SITE, ACCESSING OR USING THE APPS, OR OTHERWISE PROVIDING INFORMATION TO OUR CUSTOMERS OR US, THE CUSTOMERS AND DATA SUBJECTS CONSENT TO THE PROCESSING AND TRANSFER OF SUCH INFORMATION IN THE UNITED STATES.
Third Party Disclosures
We may disclose the personal information of our Customer’s Data Subjects to third parties as necessary to provide our services to our Customers. Such third parties may include vendors who we utilize for the provision of our services. The purpose of such disclosure is to provide our services to our Customers, and may include: the sub-processing of such personal information between our Site, the Apps, and our and our Customers’ networks; the parsing of such personal information to allow our Customers to filter through the information that the Data Subjects voluntarily provide to our Customers via the Site or Apps; and, generally, allowing our Customers to build a work candidate database based on the information provided by Data Subjects and manage their recruitment process.
Our accountability for personal data that we receive in the United States under the Privacy Shield and subsequently transfers to a third party is described in the Privacy Shield Principles. In particular, we remain responsible and liable under the Privacy Shield Principles if third-party agents that it engages to process the personal data on its behalf do so in a manner inconsistent with the Principles, unless we prove that we are not responsible for the event giving rise to the damage.
When transferring personal information to a third party acting as a sub-processing agent, we (i) transfer such data only for limited and specified purposes; (ii) ascertain that the agent is obligated to provide at least the same level of privacy protection as is required by the Privacy Shield and GDPR Principles, as applicable; (iii) take reasonable and appropriate steps to ensure that the agent effectively processes the personal information transferred in a manner consistent with the organization’s obligations under the applicable Privacy Shield and GDPR Principles; (iv) require the agent to notify the organization if it makes a determination that it can no longer meet its obligation to provide the same level of protection as is required by the applicable Privacy Shield or GDPR Principles; (v) upon written notice, including under (iv), take reasonable and appropriate steps to stop and remediate unauthorized processing; and (vi) provide a summary or a representative copy of the relevant privacy provisions of our contract with that agent to the Department of Commerce or Federal Trade Commission upon verified request.
Choices Regarding Customer Information
We strive to provide our Customers with choices regarding their personally identifiable information. We have created mechanisms to provide our Customers with control over such information:
- Promotional Offers and Newsletters from Us. If a Customer does not wish to have its contact information used by us to promote our own products or services or receive our newsletters, it can opt-out by contacting us at email@example.com. This opt-out does not apply to information provided to us as a result of product service experience requests.
Choices regarding Data Subject Information
Upon written request from a Data Subject, with proper verification of identity at our sole discretion (e.g. via certification from a notary public), we can promptly destroy, correct, amend and/or return, to such verified Data Subject, any and all personally identifiable information in our or our sub-processor’s control or possession, subject to both our right to retain such information as deemed necessary to comply with legal obligations and the obligations detailed in our written agreements with Customers. We will use commercially reasonable efforts to respond to such requests within forty-five (45) days of receipt of such request and identity verification. All requests in this regard should be submitted via email to firstname.lastname@example.org.
How We Protect Information
We are committed to protecting the information we receive from our Customers and their Data Subjects. We have implemented commercially reasonable, appropriate technical and organizational measures to protect the confidentiality, security and integrity of data stored on the Site and on the Apps, including from loss, misuse, and unauthorized access, disclosure, alteration and destruction, while considering the risks involved; including, but not limited to, severity of foreseeable harm and likelihood that our processing could threaten the individual rights and freedoms of the Data Subjects. While no computer system is completely secure, we believe the measures we have implemented reduce the likelihood of security problems to a level appropriate to the type of data involved.
In addition, only those employees and third parties who need access to personal information in order to perform their duties are allowed such access.
Although we do our best to protect the personal information of our Customers and Data Subjects, we cannot guarantee the security of personal information transmitted to the Site or Apps. ANY TRANSMISSION OF PERSONAL INFORMATION IS AT THE CUSTOMER’S OR THE DATA SUBJECT’S OWN RISK. WE ARE NOT RESPONSIBLE FOR THE CIRCUMVENTION OF ANY PRIVACY SETTINGS OR SECURITY MEASURES CONTAINED ON THE SITE OR APPS.
The safety and security of personal information also depends on the Customers and Data Subjects. Customers and Data Subjects are responsible for keeping their self-created passwords confidential, and Customer and Data Subjects must not share passwords with anyone. Customer and Data Subjects must also take all reasonable steps to ensure the protection of their personal information, including, but not limited to, the personally identifiable information, and must be careful about giving out information in public areas of the Site or Apps or elsewhere.
Accessing and Updating Personal Information and Preferences of Customers
Authorized Users of our Customers may access, update, correct, and/or delete registration and other personal information by logging into the Site or Apps and modifying their user profile, or by sending us an email at email@example.com. Customers may also close their account at any time by contacting us at firstname.lastname@example.org. We will take commercially reasonable steps to implement our Customers’ requests promptly, but it may take some time to process.
While we make efforts to accommodate requests to restrict our use of personal information, we reserve the right to erase all or any portion of a Customer or Data Subject’s information if we are not able to reasonably accommodate a requested restriction. Please note that in some instances, we may not be able to delete the personal information or our Customers or their Data Subjects except by closing such Customer’s user account. We will notify our Customers if we are not able to accommodate their requests or if we have elected to close a Customer account as a result of a failure to accommodate such request.
We do not store any Customer’s personal information for longer than is necessary to fulfill the purposes for which it was collected, provided that we may retain copies of a Customer’s personal information even after it has closed its account in order to comply with legal obligations.
Children’s Privacy and Parental Controls
We do not solicit any personal information from children. IF A CUSTOMER OR DATA SUBJECT IS NOT 16 OR OLDER, HE OR SHE MUST NOT USE THE SITE OR THE APPS. Parents should be aware there are parental control tools available online that can be used to prevent children from submitting information online without parental permission or from accessing material that is harmful to minors.
California Privacy Rights
California Civil Code Section §1798.83 permits Customers and Data Subjects who utilize the Site or Apps and who are California residents to request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes. To make such a request, please send an e-mail to email@example.com.
General Data Protection Regulation
In line with the requirements of the GDPR, we have formally appointed a Data Protection Officer, Dylan Mombach, reachable via email at firstname.lastname@example.org, who will, amongst other things: monitor compliance with the GDPR, applicable Union or Member State data protection laws, and our policies related to the protection of personal data; provide advice, where requested and appropriate, regarding data protection impact assessments; reasonably cooperate with applicable supervisory authority; and act as the contact point on issues related to our processing of personal information.
We are open to entering into the Commission Decision C(2010)593 Standard Contractual Clauses (processors) with any of our Customers that are authorized to use the Site or the Apps in the EEA. Please contact us via email at email@example.com to request entrance into the Standard Contractual Clauses or for more information regarding this topic.
Upon written request from a Data Subject, with proper verification of identity at our sole discretion (e.g. via certification from a notary public), we can promptly destroy, correct, amend and/or return to such verified Data Subject any and all personal information, including any personally identifiable information, in our or our sub-processor’s control or possession, subject to our right to retain such information as deemed necessary to comply with legal obligations. We will use commercially reasonable efforts to respond to such requests within forty-five (45) days of receipt of such request and proper identity verification. All requests in this regard should be submitted via email to firstname.lastname@example.org.
Data Subjects may also have the right to submit a GDPR complaint to their local data protection authority. Contact details for the EU data protection authorities can be found at http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm
Privacy Shield Frameworks
With respect to personal data received or transferred pursuant to the Privacy Shield Frameworks, we are subject to the regulatory enforcement powers of the U.S. Federal Trade Commission.
Pursuant to the Privacy Shield Frameworks, EU and Swiss individuals have the right to obtain our confirmation of whether we maintain personal information relating to you in the United States. Upon request, we will provide you with access to the personal information that we hold about you. You may also may correct, amend, or delete the personal information we hold about you. An individual who seeks access, or who seeks to correct, amend, or delete inaccurate data transferred to the United States under Privacy Shield, should direct their query to email@example.com. If requested to remove data, we will respond within a reasonable timeframe.
We will also provide an individual opt-out or opt-in choice before we share your data with third parties other than our agents, or before we use it for a purpose other than which it was originally collected or subsequently authorized. To request to limit the use and disclosure of your personal information, please submit a written request to firstname.lastname@example.org.
In compliance with the Privacy Shield Principles, we commit to resolve complaints about your privacy and our collection or use of your personal information transferred to the United States pursuant to Privacy Shield. European Union and Swiss individuals with Privacy Shield inquiries or complaints should first contact at email@example.com or the mailing address below:
RECSOLU, Inc., DBA Yello
55 E. Monroe St., Suite 3600
Chicago, IL 60603
Attn: General Counsel
We have further committed to refer unresolved privacy complaints under the Privacy Shield Principles to an independent dispute resolution mechanism, the BBB EU PRIVACY SHIELD, operated by the Council of Better Business Bureaus. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit www.bbb.org/EU-privacy-shield/for-eu-consumers for more information and to file a complaint. This service is provided free of charge to you.
If your complaint involves human resources data transferred to the United States from the EU and/or Switzerland in the context of the employment relationship, and we do not address it satisfactorily, we commit to cooperate with the panel established by the EU data protection authorities (DPA Panel) and/or the Swiss Federal Data Protection and Information Commissioner, as applicable and to comply with the advice given by the DPA panel and/or Commissioner, as applicable with regard to such human resources data. To pursue an unresolved human resources complaint, you should contact the state or national data protection or labor authority in the appropriate jurisdiction. Complaints related to human resources data should not be addressed to the BBB EU PRIVACY SHIELD.
If your Privacy Shield complaint cannot be resolved through the above channels, under certain conditions, you may invoke binding arbitration for some residual claims not resolved by other redress mechanisms. See Privacy Shield Annex 1 at https://www.privacyshield.gov/article?id=ANNEX-I-introduction
By using the Site or the Apps, Customers and Data Subjects acknowledge that monetary damages may not be a sufficient remedy for unauthorized disclosure of personal information, including personally identifiable information, and that there is significant potential liability in cases of onward transfers of Privacy Shield data (including personal information and personally identifiable information) to third parties. Thus, Customers and Data Subjects hereby acknowledge that we shall be entitled, without waiving any other rights or remedies, to seek such injunctive or equitable relief as may be deemed proper by a court of competent jurisdiction.
RECSOLU, Inc., DBA Yello
55 E. Monroe St., Suite 3600
Chicago, IL 60603
Attn: General Counsel