Effective Date: July 25, 2019
To provide some background to our Customers and their Candidates, we process personal information on behalf of and in accordance with the instructions of our Customers (the data controllers), who may collect such information from Candidates during the employment recruitment process or otherwise. In addition, we act as a data controller with respect to some Candidate personal information that we make available to our Customers upon authorization from such Candidates. We and our Customers collect such information from Candidates using the Site or the Apps. The personal information from the Candidate(s) is concurrently and automatically stored and backed up from the Site and/or the Apps to servers that are under the control and in the possession of our hosting provider, who acts as our sub-processor. It is important to note that the provision of personal data by Customers or Candidates is not mandatory, and Customers and Candidates can refrain from such provision at any time and still maintain access to the Site and Apps.
Candidate Personal Information that Our Customers Collect
BY SUBMITTING, ENTERING, OR PROVIDING ANY PERSONAL INFORMATION INTO THE SITE OR APPS, CUSTOMER REPRESENTS AND WARRANTS THAT IT HAS IMPLEMENTED AND WILL MAINTAIN PROCESSES AND PROCEDURES DESIGNED TO COMPLY WITH LAWS APPLICABLE TO ITS PROVISION OF SUCH INFORMATION TO US FOR SUBSEQUENT PROCESSING, INCLUDING BUT NOT LIMITED TO THE TELEPHONE CONSUMER PROTECTION ACT 47 U.S.C. § 227, THE GDPR, AS WELL AS ANY AMENDMENTS AND SUCCESSORS TO THE AFOREMENTIONED LAWS.
Customer Personal Information that We Collect
Through use of the Site and/or Apps, we may also collect personal information directly from Yello Customers located in the European Economic Area, who provide their personal data to Yello for marketing purposes. Such personal information will be transferred from the European Economic Area to the United States for processing by Yello. With respect to the personal information of Yello Customers, Yello is the data controller, and Yello will process the data in accordance with applicable privacy laws, including the GDPR. The personal information from the Yello Customers is concurrently and automatically stored and backed up from the Site and/or Apps to servers that are under the control and in the possession of our hosting provider, who acts as our processor. Our legal basis for processing the personal data of Yello Customers is that the Yello Customer(s) has given consent to the processing of his or her personal data for one or more specific purposes (such purposes are described in the next sentence). Our data processing and storage (storage achieved via our hosting provider) activities are limited to the minimum necessary for Yello’s provision of services to our Customers; developing new services; management and completion of demo requests; the building of leads as related to product purchases; and/or the provision of thought leadership and blog content to those Yello Customers who are voluntarily subscribed (such subscription is revocable upon written request to firstname.lastname@example.org) (the “Purposes”). The personal data of the Yello Customers will be stored for as long as necessary to achieve the Purposes, or until the Yello Customer requests otherwise in writing. It is important to note that the provision of personal data by Yello Customers is not mandatory and Yello Customers can refrain from such provision at any time, but such Yello Customers may not be able to access the Site and Apps or request a demo through the Site or Apps as a result. If any Yello Customer has a request related to the aforementioned GDPR Principles or Purposes, or wishes to unsubscribe, he or she should promptly reach out to Yello’s marketing team at email@example.com. A Yello Customer may also file a complaint with the supervisory authority in his or her country of residence.
The Site and Apps also make use of a cookie technology designed to enhance the experience of users and provide aggregate de-identified information about the use of the Site and Apps to us. By using the Site or Apps, our U.S.-based Customers and users hereby consent to such use and agree that we can place these types of cookies on their device(s). By clicking “Got it!” on our pop-up message in our Site and Apps, our EU-based Customers and users consent to such use and agree that we can place these types of cookies on their device(s).
If our Customers utilize our Technology Management Services and/or our devices in connection with the Apps or the Site, including but not limited to utilization through iPads or tablets, whether owned by us or a Customer, we may track, and you, as a U.S.-based Customer, consent to us tracking, your physical location using Global Positioning System (GPS) technology that is installed and active on such device(s). Such tracking will be utilized for the following purposes: (i) locating device(s) in the event that they are lost or stolen; and/or (ii) locating devices(s) in an anonymized fashion for use on a device heat-map to be used for internal and external marketing purposes and which constitutes a map of broad-scale user activity across the globe. Such GPS tracking will not involve any access to your personal information nor will it involve the tracking of your activity or behavior on such device(s). If you object to such tracking, please promptly contact us via email at firstname.lastname@example.org.
Candidate Personal Information We Collect
We collect Candidate personal information when Candidates create a “Yello Passport” profile on the Site and enter their personal information and/or upload their resume. Our Customers may also transfer to us Candidates’ personal information to enable us to share such personal information with our Customers for recruitment and hiring purposes. With respect to such Candidates’ personal information that we obtain directly from Candidates vis-à-vis “Yello Passport” and Candidates’ personal information that our Customers transfer to us for recruitment and hiring purposes, Yello is the data controller, and Yello will process the data in accordance with applicable privacy laws, including the GDPR.
Our Collection, Use, and Disclosure of Customer Personal Information
We use Customer information in order to administer our Customers’ accounts and allow them to use the Site and Apps. We use Customer information to support and enhance our Customers’ use of the Site and its features and the Apps, including, at times and as an example, tracking emails that our Customers send.
We may use Customer information to enable us to display advertisements to third parties’ target audiences. Even though we do not disclose your personal data for these purposes without your consent, if you click on or otherwise interact with an advertisement, the advertiser may assume you meet its target criteria.
We may also disclose and transfer Customer personal data as an asset in connection with a proposed or actual merger or sale (including any transfers made as part of an insolvency or bankruptcy proceeding) involving all or part of our business (whether as a going-concern or not) or as part of a corporate reorganization, stock sale or other change in control.
How We and Our Customers Use and Disclose Candidate Personal Information
As part of our service offerings, we may disclose to our Customers any Candidates’ personal information provided to us via “Yello Passport.” By providing Candidates’ personal information to our Customers, our Customers will be able to contact such Candidates to inquire about potential future hiring opportunities.
General Use and Disclosure the Information of Candidates or Customers
We reserve the right to disclose information, including personal information, in order to comply with a subpoena, court order, administrative or governmental order, or any other requirement of law, or when we, in our sole discretion, believe it is necessary in order to protect our rights or the rights of others, to prevent harm to persons or property or to fight fraud and credit risk reduction. IF A CUSTOMER OR CANDIDATE USES A PUBLICLY ACCESSIBLE AREA OF THE SITE OR APPS, HE OR SHE SHOULD BE AWARE THAT ANY PERSONAL DATA SUBMITTED THERE CAN BE READ, COLLECTED OR USED BY ANY PERSON FOR ANY PURPOSE. We are in no way responsible for the personal data or other information submitted in these public forums. We may retain records of all publicly accessible areas of the Site or Apps. Furthermore, a merger, acquisition, divestiture, or similar transaction may trigger the disclosure of the personal information of our Customers or their Candidates.
We reserve the right to share the information of Customers or Candidates, including personal information, in connection with any corporate transaction, including any merger, consolidation, restructuring, the sale of stock and/or assets, or other corporate change or financing transaction including, whether during the course of any due diligence process or otherwise.
We may use de-identified information in the aggregate, so we can improve the Site or Apps, and for business and administrative purposes. We may also use or share with third parties, for any purpose, aggregated data that contains no personal data. We do not make any decisions based solely on the automated processing of a Customer’s or Candidate’s personal data.
We are located in the United States, which has not been determined by the European Commission to have an adequate level of data protection. By default, we utilize a hosting provider who is also located in the United States. In very limited circumstances and at our sole discretion, we may provide certain Customers with the option to elect that their data is hosted in Ireland. BY ACCESSING OR USING THE SITE, ACCESSING OR USING THE APPS, OR OTHERWISE PROVIDING INFORMATION TO OUR CUSTOMERS OR US, THE CUSTOMERS AND CANDIDATES CONSENT TO THE PROCESSING AND TRANSFER OF SUCH INFORMATION IN THE UNITED STATES.
Third Party Disclosures
For Candidates who consent to our disclosure of their personal information to our Customers as described above, we will disclose such personal information to our Customers for recruitment and hiring purposes, which will enable our Customers to contact the Candidates who consent for such purposes.
We may disclose the personal information of Candidates to third parties as necessary to provide our services to our Customers. Such third parties may include vendors who we utilize for the provision of our services. The purpose of such disclosure is to provide our services to our Customers, and may include: the sub-processing of such personal information between our Site, the Apps, and our and our Customers’ networks; the parsing of such personal information to allow our Customers to filter through the information that the Candidates voluntarily provide to our Customers via the Site or Apps; and, generally, allowing our Customers to build a work candidate database based on the information provided by Candidates and manage their recruitment process.
Our accountability for personal data that we receive in the United States under the Privacy Shield and subsequently transfers to a third party is described in the Privacy Shield Principles. In particular, we remain responsible and liable under the Privacy Shield Principles if third-party agents that it engages to process the personal data on its behalf do so in a manner inconsistent with the Principles, unless we prove that we are not responsible for the event giving rise to the damage.
When transferring personal information to a third party acting as a sub-processing agent, we (i) transfer such data only for limited and specified purposes; (ii) ascertain that the agent is obligated to provide at least the same level of privacy protection as is required by the Privacy Shield and GDPR Principles, as applicable; (iii) take reasonable and appropriate steps to ensure that the agent effectively processes the personal information transferred in a manner consistent with the organization’s obligations under the applicable Privacy Shield and GDPR Principles; (iv) require the agent to notify the organization if it makes a determination that it can no longer meet its obligation to provide the same level of protection as is required by the applicable Privacy Shield or GDPR Principles; (v) upon written notice, including under (iv), take reasonable and appropriate steps to stop and remediate unauthorized processing; and (vi) provide a summary or a representative copy of the relevant privacy provisions of our contract with that agent to the Department of Commerce or Federal Trade Commission upon verified request.
Choices Regarding Customer Information
We strive to provide our Customers with choices regarding their personal data. We have created mechanisms to provide our Customers with control over such information:
- Promotional Offers and Newsletters from Us. If a Customer does not wish to have its contact information used by us to promote our own products or services or receive our newsletters, it can opt-out by contacting us at email@example.com. This opt-out does not apply to information provided to us as a result of product service experience requests.
Choices regarding Candidate Information
Upon written request from a Candidate, with proper verification of identity at our sole discretion (e.g. via certification from a notary public), we can promptly destroy, correct, amend and/or return, to such verified Candidate, any and all personal data in our or our sub-processor’s control or possession, subject to both our right to retain such information as deemed necessary to comply with legal obligations and the obligations detailed in our written agreements with Customers. We will use commercially reasonable efforts to respond to such requests within forty-five (45) days of receipt of such request and identity verification. All requests in this regard should be submitted via email to firstname.lastname@example.org.
As described above, we will disclose the personal information of Candidates who provide their consent to our Customers for future hiring and recruitment opportunities, which will enable our Customers to contact such Candidates for these purposes. If a Candidate does not wish to be contacted by our Customers regarding future hiring and recruitment opportunities, he or she can choose not to provide his or her consent when prompted by us or by contacting us at email@example.com.
How We Protect Information
We are committed to protecting the information we receive from our Customers and Candidates. We have implemented commercially reasonable, appropriate technical and organizational measures to protect the confidentiality, security and integrity of data stored on the Site and on the Apps, including from loss, misuse, and unauthorized access, disclosure, alteration and destruction, while considering the risks involved; including, but not limited to, severity of foreseeable harm and likelihood that our processing could threaten the individual rights and freedoms of the Candidates. While no computer system is completely secure, we believe the measures we have implemented reduce the likelihood of security problems to a level appropriate to the type of data involved.
In addition, only those employees and third parties who need access to personal information in order to perform their duties are allowed such access.
Although we do our best to protect the personal information of our Customers and Candidates, we cannot guarantee the security of personal information transmitted to the Site or Apps. ANY TRANSMISSION OF PERSONAL INFORMATION IS AT THE CUSTOMER’S OR THE CANDIDATE’S OWN RISK. WE ARE NOT RESPONSIBLE FOR THE CIRCUMVENTION OF ANY PRIVACY SETTINGS OR SECURITY MEASURES CONTAINED ON THE SITE OR APPS.
The safety and security of personal information also depends on the Customers and Candidates. Customers and Candidates are responsible for keeping their self-created passwords confidential, and Customers and Candidates must not share passwords with anyone. Customers and Candidates must also take all reasonable steps to ensure the protection of their personal information and must be careful about giving out information in public areas of the Site or Apps or elsewhere.
Accessing and Updating Personal Information and Preferences of Customers
Authorized Users of our Customers may access, update, correct, and/or delete registration and other personal information by logging into the Site or Apps and modifying their user profile, or by sending us an email at firstname.lastname@example.org. Customers may also close their account at any time by contacting us at email@example.com. We will take commercially reasonable steps to implement our Customers’ requests promptly, but it may take some time to process.
While we make efforts to accommodate requests to restrict our use of personal information, we reserve the right to erase all or any portion of a Customer or Candidate’s information if we are not able to reasonably accommodate a requested restriction. Please note that in some instances, we may not be able to delete the personal information or our Customers or Candidates except by closing such Customer’s user account. We will notify our Customers if we are not able to accommodate their requests or if we have elected to close a Customer account as a result of a failure to accommodate such request.
We do not store any Customer’s personal information for longer than is necessary to fulfill the purposes for which it was collected, provided that we may retain copies of a Customer’s personal information even after it has closed its account in order to comply with legal obligations.
Children’s Privacy and Parental Controls
We do not solicit any personal information from children. IF A CUSTOMER OR CANDIDATE IS NOT 16 OR OLDER, HE OR SHE MUST NOT USE THE SITE OR THE APPS. Parents should be aware there are parental control tools available online that can be used to prevent children from submitting information online without parental permission or from accessing material that is harmful to minors. If we learn we have collected or received personal information from a child under 16 without verification of parental consent, we will delete that information. If you believe we might have any information from or about a child under 16, please contact us at firstname.lastname@example.org.
California Privacy Rights
California Civil Code Section §1798.83 permits Customers and Candidates who utilize the Site or Apps and who are California residents to request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes. To make such a request, please send an e-mail to email@example.com.
General Data Protection Regulation
In line with the requirements of the GDPR, we have formally appointed a Data Protection Officer, Greg Leighton, reachable via email at firstname.lastname@example.org, who will, amongst other things: monitor compliance with the GDPR, applicable Union or Member State data protection laws, and our policies related to the protection of personal data; provide advice, where requested and appropriate, regarding data protection impact assessments; reasonably cooperate with applicable supervisory authority; and act as the contact point on issues related to our processing of personal information.
We are open to entering into the Commission Decision C(2010)593 Standard Contractual Clauses (processors) with any of our Customers that are authorized to use the Site or the Apps in the EEA. Please contact us via email at email@example.com to request entrance into the Standard Contractual Clauses or for more information regarding this topic.
Upon written request from a Candidate, with proper verification of identity at our sole discretion (e.g. via certification from a notary public), we can promptly destroy, correct, amend and/or return to such verified Candidate any and all personal information in our or our sub-processor’s control or possession, subject to our right to retain such information as deemed necessary to comply with legal obligations. We will use commercially reasonable efforts to respond to such requests within thirty (30) days of receipt of such request and proper identity verification. All requests in this regard should be submitted via email to firstname.lastname@example.org.
Candidates may also have the right to submit a GDPR complaint to their local data protection authority. Contact details for the EU data protection authorities can be found at http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm.
Privacy Shield Frameworks
With respect to personal data received or transferred pursuant to the Privacy Shield Frameworks, we are subject to the regulatory enforcement powers of the U.S. Federal Trade Commission.
Pursuant to the Privacy Shield Frameworks, EU and Swiss individuals have the right to obtain our confirmation of whether we maintain personal information relating to you in the United States. Upon request, we will provide you with access to the personal information that we hold about you. You may also may correct, amend, or delete the personal information we hold about you. An individual who seeks access, or who seeks to correct, amend, or delete inaccurate data transferred to the United States under Privacy Shield, should direct their query to email@example.com. If requested to remove data, we will respond within a reasonable timeframe.
We will also provide an individual opt-out or opt-in choice before we share your data with third parties other than our agents, or before we use it for a purpose other than which it was originally collected or subsequently authorized. To request to limit the use and disclosure of your personal information, please submit a written request to firstname.lastname@example.org.
In compliance with the Privacy Shield Principles, we commit to resolve complaints about your privacy and our collection or use of your personal information transferred to the United States pursuant to Privacy Shield. European Union and Swiss individuals with Privacy Shield inquiries or complaints should first contact at email@example.com or the mailing address below:
RECSOLU, Inc., DBA Yello
55 E. Monroe St., Suite 3600
Chicago, IL 60603
Attn: General Counsel
We have further committed to refer unresolved privacy complaints under the Privacy Shield Principles to an independent dispute resolution mechanism, the BBB EU PRIVACY SHIELD, operated by the Council of Better Business Bureaus. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit www.bbb.org/EU-privacy-shield/for-eu-consumers for more information and to file a complaint. This service is provided free of charge to you.
If your complaint involves human resources data transferred to the United States from the EU and/or Switzerland in the context of the employment relationship, and we do not address it satisfactorily, we commit to cooperate with the panel established by the EU data protection authorities (DPA Panel) and/or the Swiss Federal Data Protection and Information Commissioner, as applicable and to comply with the advice given by the DPA panel and/or Commissioner, as applicable with regard to such human resources data. To pursue an unresolved human resources complaint, you should contact the state or national data protection or labor authority in the appropriate jurisdiction. Complaints related to human resources data should not be addressed to the BBB EU PRIVACY SHIELD.
If your Privacy Shield complaint cannot be resolved through the above channels, under certain conditions, you may invoke binding arbitration for some residual claims not resolved by other redress mechanisms. See Privacy Shield Annex 1 at https://www.privacyshield.gov/article?id=ANNEX-I-introduction.
RECSOLU, Inc., DBA Yello
55 E. Monroe St., Suite 3600
Chicago, IL 60603
Attn: General Counsel