Effective Date: December 14, 2021
To provide some background to our Customers and Candidates, we primarily process personal information on behalf of and in accordance with the instructions of our Customers, who may collect such information from Candidates during the employment recruitment process or otherwise. In addition, we act as a data controller with respect to some Candidate personal information that we make available to our Customers upon authorization from such Candidates. We and our Customers collect such information from Candidates using the Site or the Apps. We also work with partners, who obtain information from Candidates, and offer this information to our Customers. The personal information from the Candidate(s) is concurrently and automatically stored and backed up from the Site and/or the Apps to servers that are under the control and in the possession of our hosting provider, who acts as our sub-processor. It is important to note that the provision of personal data by Customers or Candidates is not mandatory, and Customers and Candidates can refrain from such provision at any time and still maintain access to the Site and Apps.
Click on the links below to jump to each section:
- How do we collect Candidate and Customer personal information?
- What personal information do we collect?
- How do we use Customer personal information?
- How do we use Candidate personal information?
- Do we disclose any personal information to outside parties?
- What choices do you have about your personal information?
- Location of our Site
- How long do we retain your personal information?
- Third party links
- How do we protect your information?
- Your California privacy rights
- European residents
- Do we collect information from children?
- Contacting us
How do we collect Candidate and Customer personal information?
Yello collects information relating to Candidates and Customers’ use of the Site and Apps in the following ways:
- Directly from Customers. We collect information from our Customers when they sign up to use our services or interact with us.
- From other third party sources. We may receive information about Candidates and Customers from our third-party service providers ( and may include sourcing partners), who help us to provide our services. Our sourcing partners may provide us with Candidate information, collected from the Candidates, which we may share with our Customers.
- Automatically as Customers and Candidates navigate the websites and apps. Information collected automatically may include usage details, email address, IP addresses, and information collected through cookies and other tracking technologies.
What personal information do we collect?
Candidate Personal Information
We collect Candidate personal information when Candidates register on the Site and enter their personal information and/or upload their resume. We may collect sensitive personal information of Candidates such as ethnic origin, race, religion, and gender. Our Customers and sourcing partners may also transfer Candidate personal information to us to enable us to share such personal information with our other Customers for recruitment and hiring purposes. Our sourcing partners may collect and share personal information, including sensitive personal information of Candidates such as ethnic origin, race, religion, and gender.
Customer Personal Information
How do we use Customer personal information?
We use Customer information in order to administer our Customers’ accounts and allow them to use the Site and Apps. We use Customer information to support and enhance our Customers’ use of the Site and its features and the Apps, including, at times and as an example, tracking emails that our Customers send.
We may use Customer information to enable us to display advertisements to third parties’ target audiences. Even though we do not disclose your personal data for these purposes without your consent, if you click on or otherwise interact with an advertisement, the advertiser may assume you meet its target criteria.
How do we use Candidate personal information?
We use Candidate personal information that we obtain directly from Candidates, from third party providers or otherwise with Candidates’ consent to share such personal information with our Customers so they can contact Candidates for recruitment and hiring purposes.
Do we disclose any personal information to outside parties?
We do not sell, trade, or transfer your personal information to third parties, except in the circumstances described below.
As part of our service offerings, we may disclose to our Customers any Candidates’ personal information provided to us, if Candidates consent to such disclosure. By providing Candidates’ personal information to our Customers, our Customers will be able to contact such Candidates to inquire about potential future hiring or recruitment opportunities.
We may share de-identified information and reports and analyses based on de-identified information publicly and with other companies.
Third-Party Service Providers
We may disclose personal information to our vendors and other third-party service providers that help us provide our services.
The purpose of such disclosure is to provide our services to our Customers, and may include: the sub-processing of such personal information between our Site, the Apps, and our and our Customers’ networks; the parsing of such personal information to allow our Customers to filter through the information that the Candidates voluntarily provide to our Customers via the Site or Apps; and, generally, allowing our Customers to build a work candidate database based on the information provided by Candidates and manage their recruitment process.
We may also disclose aggregated, de-identified information, and analyses and reports derived from such information, to service providers, advertisers, merchants, consumer and market research companies and other organizations. These service providers are responsible for their own compliance with data protection laws.
Legal Requirements and Business Transfers
We may disclose personal information (i) if we are required to do so by law, legal process, statute, rule, regulation, or professional standard, or to respond to a subpoena, search warrant, or other government official requests, (ii) when we believe disclosure is necessary or appropriate to prevent physical harm or financial loss, (iii) in connection with an investigation of a complaint, security threat, or suspected or actual illegal activity; (iv) in connection with an internal audit; or (v) in the event that Yello is subject to mergers, acquisitions, joint ventures, sales of assets, reorganizations, divestitures, dissolutions, bankruptcies, liquidations, or other types of business transactions. In these types of transactions, personal information may be shared, sold, or transferred, and it may be used subsequently by a third party.
What choices do you have about your personal information?
We offer certain choices about how we communicate with you and what personal information we obtain about you and share with others.
If you have created a profile or account on our Site or Apps, you can update your contact information after you log into your account.
If you no longer wish to receive promotional or informational emails from us, you may opt-out from receiving future emails from us by following the instructions for unsubscribing in the promotional or informational emails we send you or by contacting us at email@example.com. This opt-out does not apply to information provided to us as a result of product service experience requests.
Data Subject Access Requests (DSAR)
To the extent provided for in applicable data protection laws of Candidates’ countries of residence, upon written request from a Candidate, with proper verification of identity at our sole discretion (e.g. via certification from a notary public), we can promptly destroy, correct, amend and/or return, to such verified Candidate, any and all personal data in our or our sub-processor’s control or possession, subject to both our right to retain such information as deemed necessary to comply with legal obligations and the obligations detailed in our written agreements with Customers. We will use commercially reasonable efforts to respond to such requests within the prescribed period of time set forth in applicable data protection laws. All requests in this regard should be submitted via email to firstname.lastname@example.org.
Yello responds to DSARs over email, directly with the Candidate or an authorized representative of the Candidate. We will not log into third party portals or respond to requests within third party applications (including but not limited to: portals, etc).
Contact by our Customers
As described above, we will disclose to our Customers Candidates’ personal information who provide their consent, which will enable our Customers to contact such Candidates for hiring and recruitment purposes. If a Candidate does not wish to be contacted by our Customers regarding future hiring and recruitment opportunities, they can choose not to provide their consent when prompted by us or by contacting us at email@example.com.
Accessing and Updating Personal Information and Preferences
Authorized users of our Customers may access, update, correct, and/or delete registration and other personal information by logging into the Site or Apps and modifying their user profile, or by sending us an email at firstname.lastname@example.org. Customers may also close their account at any time by contacting us at email@example.com. We will take commercially reasonable steps to implement our Customers’ requests promptly, but it may take some time to process.
While we make efforts to accommodate requests to restrict our use of personal information, we reserve the right to erase all or any portion of a Customer or Candidate’s information if we are not able to reasonably accommodate a requested restriction. Please note that in some instances, we may not be able to delete the personal information or our Customers or Candidates except by closing such Customer’s user account. We will notify our Customers if we are not able to accommodate their requests or if we have elected to close a Customer account as a result of a failure to accommodate such request.
Do Not Track
Because there currently is not an industry or legal standard for recognizing or honoring Do Not Track (“DNT”) signals, we do not respond to them at this time.
You may opt-out of having your location data collected by Yello at any time by editing the appropriate setting on your mobile device (which is usually located in the settings of your device).
Location of our Site
Our Site is hosted and operated in the United States. However, we and our service providers may store information about individuals in the United States, or we may transfer it to, and store it within, other countries. In very limited circumstances and at our sole discretion, we may provide certain Customers with the option to elect that their data is hosted in Ireland.
Visitors from jurisdictions outside the United States visit us at their own choice and risk. If you are not a resident of the United States, you acknowledge and agree that we may collect and use your personal information outside your home jurisdiction, and that we may store your personal information in the United States or elsewhere. Please note that the level of legal protection provided in the United States from which you may access our Sites may not be as stringent as that under privacy standards or the privacy laws of other countries, possibly including your home jurisdiction.
How long do we retain your personal information?
Third party links
Occasionally, at our discretion, we may include or offer third party products or services on our Site or Apps. These third party sites have separate and independent privacy policies. We therefore have no responsibility or liability for the content and activities of these linked sites. We urge you to read the privacy policies of other websites before submitting any information to those websites.
How do we protect your information?
We are committed to protecting the information we receive from our Customers and Candidates. We have implemented commercially reasonable, appropriate technical and organizational measures to protect the confidentiality, security and integrity of data stored on the Site and on the Apps, including from loss, misuse, and unauthorized access, disclosure, alteration and destruction, while considering the risks involved; including, but not limited to, severity of foreseeable harm and likelihood that our processing could threaten the individual rights and freedoms of the Candidates. While no computer system is completely secure, we believe the measures we have implemented reduce the likelihood of security problems to a level appropriate to the type of data involved.
In addition, only those employees and third parties who need access to personal information in order to perform their duties are allowed such access.
Although we do our best to protect the personal information of our Customers and Candidates, we cannot guarantee the security of personal information transmitted to the Site or Apps. Any transmission of personal data is at the Customer’s or Candidate’s own risk. We are not responsible for the circumvention of any privacy settings or security measures contained on the Site or Apps. The safety and security of personal information also depends on the Customers and Candidates. Customers and Candidates are responsible for keeping their self-created passwords confidential, and Customers and Candidates must not share passwords with anyone. Customers and Candidates must also take all reasonable steps to ensure the protection of their personal information and must be careful about giving out information in public areas of the Site or Apps or elsewhere.
Your California privacy rights
California Civil Code Section §1798.83 permits Customers and Candidates who utilize the Site or Apps and who are California residents to request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes. To make such a request, please send an e-mail to firstname.lastname@example.org.
Pursuant to applicable California law, including the California Consumer Privacy Act (CCPA), Yello makes the following disclosures regarding the personal information collected and/or sold by Yello within the last twelve (12) months:
Candidate Personal Data:
|Category of Personal Information||Category of Source from Which Data is Collected||Purpose of Collection||Category of Third Parties to Whom Data is Disclosed||Category of Third Parties to Whom Data is Sold|
address, e-mail address, phone number, date of birth
religion, ethnic origin, gender
|Directly from Candidate or Customer or Yello Sourcing Partner||For use in Yello apps and to share with Customers for recruitment and hiring purposes||Our Customers and service providers, including Amazon Web Services, Citrix, Daxtra, Filestack, Gong.io, Google, Pendo, SendGrid, Looker, TokBox/Vonage, Twilio, UNICOM, Salesforce||Our Customers|
|Browsing information: IP address, browser information, geolocation data||Cookies||To gather information about the use of the Site and Apps||Our service providers, including: Amazon Web Services, Citrix, Daxtra, Filestack, Gong.io, Google, Pendo, SendGrid, Looker,TokBox/Vonage, Twilio, Salesforce||N/A|
Customer Personal Data:
|Category of Personal Information||Category of Source from Which Data is Collected||Purpose of Collection||Category of Third Parties to Whom Data is Disclosed||Category of Third Parties to Whom Data is Sold|
|Contact information: Name, mailing address, e-mail address, phone number||Directly from Customer||Marketing to Customers||Our service providers, including: Amazon Web Services, Citrix, Daxtra, Filestack, Gong.io, Google, Pendo, SendGrid, Looker, TokBox/Vonage, Twilio, UNICOM, Salesforce||N/A|
|Browsing information: IP address, browser information, geolocation data||Cookies||To gather information about the use of the Site and Apps||Our service providers, including: Amazon Web Services, Daxtra, Filestack, Google, Pendo, SendGrid, Looker, TokBox/Vonage, Twilio, Salesforce||N/A|
If you are a California resident, pursuant to the California Consumer Protection Act (CCPA), you have the right to request:
- the categories of personal information Yello has collected about you;
- the categories of sources from which your personal information is collected;
- the business or commercial purpose of collecting or selling your personal information;
- the categories of third parties with whom Yello shares your personal information;
- the specific pieces of personal information Yello has collected about you;
- the categories of personal information that Yello has sold about you and the categories of third parties to whom the personal information was sold, if applicable;
- deletion of your personal information; and
- an opt out of having your personal information sold to third parties.
If you, a Candidate who resides in California, do not want us to disclose your personal information to our Customers for recruitment or hiring purposes, you may opt-out by clicking the button on our Site labeled “Do Not Sell My Personal Information.” If you click the button to opt-out, we will not share your personal information with our Customers and you may not be able to utilize Yello.
To submit a request, please contact us at email@example.com.
However, Yello will not be required to comply with your request to delete your personal information if it is necessary for Yello to maintain your personal information in order to:
- complete the transaction for which the personal information was collected, provide a good or service requested by you, or reasonably anticipated within the context of Yello’s ongoing business relationship with you, or otherwise perform a contract between you and Yello;
- detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity or prosecute those responsible for that activity;
- debug to identify and repair errors that impair existing intended functionality;
- exercise free speech, ensure the right of another consumer to exercise their right of free speech, or exercise another right provided for by law;
- comply with the California Electronic Communications Privacy Act pursuant to Chapter 3.6 (commencing with Section 1546) of Title 12 of Part 2 of the Penal Code;
- engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when Yello’s deletion of the information is likely to render impossible or seriously impair the achievement of such research, if you have provided informed consent;
- to enable solely internal uses that are reasonably aligned with your expectations based on your relationship with the Yello;
- comply with a legal obligation; or
- otherwise use your personal information, internally, in a lawful manner that is compatible with the context in which you provided the information.
Yello will not discriminate against you in the event you exercise any of the aforementioned rights under CCPA, including, but not limited to, by:
- denying goods or services to you;
- charging different prices or rates for goods or services, including through the use of discounts or other benefits or imposing penalties;
- providing a different level or quality of goods or services to you; or
- suggesting that you will receive a different price or rate for goods or services or a different level or quality of goods or services.
If you are located in the EU, you have certain rights under EU data protection law with respect to your personal data, including the right to request access to, correct, and delete your personal data. You may also have the right to receive a copy of your personal data in a commonly used and machine-readable format, and to transmit such data to another controller. You also may object to processing of your personal data, or ask that we restrict the processing of your personal data in certain instances.
Upon written request from a Candidate or Customer, with proper verification of identity at our sole discretion (e.g. via certification from a notary public), we can promptly destroy, correct, amend and/or return to such verified Candidate or Customer any and all personal information in our or our sub-processor’s control or possession, subject to our right to retain such information as deemed necessary to comply with legal obligations. We will use commercially reasonable efforts to respond to such requests within thirty (30) days of receipt of such request and proper identity verification. All requests in this regard should be submitted via email to firstname.lastname@example.org. Please note that not all requests can be honored.
Our legal basis for processing the personal data of Candidates is that processing is necessary for the performance of a contract, or in order to take steps at the request of the Candidate. Yello processes Candidate personal data in order to fulfill contractual obligations with its Customers, who are Data Controllers, and have instructed Yello, as a data processor, to process the personal data of their Candidates. Our legal basis for processing personal data of Yello Customers is that the Yello Customer(s) has given consent to the processing of their personal data for one or more specific purposes including developing new services, management and completion of demo requests, the building of leads as related to product purchases, and/or the provision of thought leadership and blog content to those Yello Customers who are voluntarily subscribed (such subscription is revocable upon written request to email@example.com).
We have formally appointed a Data Protection Officer, Greg Leighton, reachable via email at Gregory.Leighton@quarles.com, who will, amongst other things: monitor compliance with the GDPR, applicable Union or Member State data protection laws, and our policies related to the protection of personal data; provide advice, where requested and appropriate, regarding data protection impact assessments; reasonably cooperate with applicable supervisory authority; and act as the contact point on issues related to our processing of personal information.
In light of CJEU Case C-311/18 (Schrems ii), we are amenable to entering into the Commission Decision C(2010)593 Standard Contractual Clauses (processors) with any of our Customers that are authorized to use the Site or the Apps in the EEA. Please contact us via email at firstname.lastname@example.org to request entrance into the Standard Contractual Clauses or for more information regarding this topic.
Candidates have the right to submit a GDPR complaint to their local data protection authority. Contact details for the EU data protection authorities can be found at http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm or https://edpb.europa.eu/about-edpb/board/members_en .
Yello commits to resolve complaints about our collection or use of your personal information. EU, Swiss and California individuals with inquiries or complaints should first contact Yello at:
RECSOLU INC., DBA Yello
55 E Monroe St
Chicago, IL 60603
Yello’s representatives in the EU:
Postal Address: The DPO Centre Europe Ltd, Alexandra House, 3 Ballsbridge Park, Dublin, D04C 7H2
Phone number: +353 1 631 9460
Yello’s representatives in the UK:
Postal Address: The DPO Centre Ltd, 50 Liverpool street, London, EC2M 7PY, UK
Phone number: +44 (0) 203 797 6340
Yello commits to cooperate with EU data protection authorities (DPAs) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) and to comply with the advice given by such authorities with regard to human resources data transferred from the EU and Switzerland in the context of the employment relationship.
Do we collect information from children?
We do not solicit any personal information from children. If a Customer or Candidate is not 16 or older, he or she must not use the Site or Apps. Parents should be aware there are parental control tools available online that can be used to prevent children from submitting information online without parental permission or from accessing material that is harmful to minors. If we learn we have collected or received personal information from a child under 16 without verification of parental consent, we will delete that information. If you believe we might have any information from or about a child under 16, please contact us at email@example.com.
Pursuant to CCPA, we will not sell the personal information of any consumer less than 16 years of age, unless the consumer, in the case of consumers between 13 and 16 years of age, or the consumer’s parent or guardian, in the case of consumers who are less than 13 years of age, has affirmatively authorized the sale of the consumer’s personal information.
RECSOLU, Inc., DBA Yello
55 E. Monroe St., Suite 3600
Chicago, IL 60603
Attn: General Counsel