Yello Privacy Policy

Effective Date: May 25, 2018

RECSOLU, Inc., DBA Yello (“we” or “us” or “our”) is committed to protecting the privacy of visitors and users of the yello.co website, the Yello Enterprise websites (accessed via recsolu.com) (the “Sites”) (collectively, with the yello.co website, the “Websites”), and our mobile and web recruiting applications (the “Apps”). We want our Customers and their Authorized Users (collectively, the or our “Customer(s)”) and their Data Subjects (“Data Subject(s)”) to have a positive experience while using the Websites and Apps. We respect and protect our Customers’ and Data Subjects’ rights to privacy as set forth in this Privacy Policy. This Privacy Policy applies to both the Websites and the Apps. This Privacy Policy does not apply to other websites to which we may link (including third-party sites, or other sites which may be operated by us).

To provide some background to our Customers and their Data Subjects, we are a data processor that processes personal information and/or personally identifiable information on behalf of and in accordance with the instructions of the data controllers (our Customers), who may collect such information from Data Subjects (often, candidates) during the recruitment process or otherwise. Our Customers collect such information from Data Subjects using the Sites or the Apps. We act only on and in accordance with instructions from the data controllers. The personal information from the Data Subject(s) is concurrently and automatically stored and backed up from the Sites and/or the Apps to servers that are under the control and in the possession of our hosting provider, who acts as our sub-processor. Our data processing and storage (storage achieved via our hosting provider) activities are limited to the minimum necessary for the performance of the contracts between our Customers and us. It is important to note that the provision of personal data by Customers or Data Subjects is not mandatory, and Customers and Data Subjects can refrain from such provision at any time and still maintain access to the Sites and Apps.  For more information regarding how a Data Subject’s information may be processed, please refer to the applicable Customer’s privacy policy.

Personal Information that Our Customers Collect

Our Customers collect the personal information of Data Subjects in a few different ways. One way in which they collect personal information is directly from the Data Subject(s) via the Sites or Apps. For example, a Data Subject may voluntarily provide personal information, including but not limited to, his or her name, email address, physical address, date of birth, image, educational background information, professional background information, and/or telephone number if he or she registers for a candidate account within the Sites or Apps, applies for an open position with our Customers through the Sites or Apps, or signs up for an interview through our Sites or Apps. Certain personally identifiable information may also be provided by a Data Subject on the Sites or on our Apps, including, but not limited to, through posting material on the Sites or the Apps, inputting search queries, or completing surveys, forms, or polls. At times, our Customers may collect sensitive personal data, such as the ethnic origin of Data Subjects, as well as biometric data, such as facial images of Data Subjects, through the use of our Sites or Apps. Personal data may also be collected by our Customers and submitted to us through the Sites or Apps via integrations with applicant tracking systems, job boards, or customer relationship management systems, as examples. Our Customers collect such data through our Sites or Apps for the purpose of building a work candidate database based on the information provided by Data Subjects and managing their recruitment process. As a data processor, we may gain authorized access to the personal information of the Data Subjects, including personally identifiable information, that was collected by our Customers and which is hosted in our sub-processor’s servers. BY SUBMITTING, ENTERING, OR PROVIDING ANY PERSONAL INFORMATION, INCLUDING PERSONALLY IDENTIFIABLE INFORMATION, INTO THE SITES OR APPS, YOU HEREBY CONSENT TO OUR PROCESSING, STORING, REPURPOSING, AND USE OF SUCH INFORMATION IN ACCORDANCE WITH THE TERMS OF THIS PRIVACY POLICY AND ONLY IN ACCORDANCE WITH THE INSTRUCTIONS OF OUR CUSTOMERS, THE DATA CONTROLLERS. SUCH PROCESSING, STORING, REPURPOSING, AND USE IS NECESSARY TO FULFILL THE PURPOSE OF THE CONTRACT(S) BETWEEN US, OUR CUSTOMER(S), AND/OR OUR SUB-PROCESSOR(S). IF A DATA SUBJECT DOES NOT WISH FOR PERSONALLY IDENTIFIABLE INFORMATION TO BE SHARED WITH US, OUR CUSTOMER(S), OR OUR SUB-PROCESSOR(S) THROUGH THE SITES OR THE APPS FOR THE PURPOSES DESCRIBED HEREIN, HE OR SHE MUST NOT PROVIDE OR UPLOAD SUCH INFORMATION TO THE SITES OR APPS.

BY SUBMITTING, ENTERING, OR PROVIDING ANY PERSONAL INFORMATION, INCLUDING PERSONALLY IDENTIFIABLE INFORMATION, INTO THE SITES OR APPS, CUSTOMER REPRESENTS AND WARRANTS THAT IT HAS IMPLEMENTED AND WILL MAINTAIN PROCESSES AND PROCEDURES DESIGNED TO COMPLY WITH LAWS APPLICABLE TO ITS PROVISION OF SUCH INFORMATION TO US FOR SUBSEQUENT PROCESSING, INCLUDING BUT NOT LIMITED TO THE TELEPHONE CONSUMER PROTECTION ACT 47 U.S.C. § 227, THE GDPR, AS WELL AS ANY AMENDMENTS AND SUCCESSORS TO THE AFOREMENTIONED LAWS.

Personal Information that We Collect

Through the yello.co website, we may collect personal information directly from Yello Data Subjects located in the European Economic Area, who provide their personal data to Yello for marketing purposes (“Yello Data Subjects”). Such personal information will be transferred from the European Economic Area to the United States for processing by Yello. With respect to the personal information of Yello Data Subjects, Yello is the data controller, and Yello will process the data in accordance with applicable privacy laws, including the GDPR. The personal information from the Yello Data Subjects is concurrently and automatically stored and backed up from the yello.co website to servers that are under the control and in the possession of our hosting provider, who acts as our processor. Our legal basis for processing the personal data of Yello Data Subjects is that the Yello Data Subject(s) has given consent to the processing of his or her personal data for one or more specific purposes (such purposes are described in the next sentence). Our data processing and storage (storage achieved via our hosting provider) activities are limited to the minimum necessary for Yello’s management and completion of demo requests; the building of leads as related to product purchases; and/or the provision of thought leadership and blog content to those Yello Data Subjects who are voluntarily subscribed (such subscription is revocable upon written request to marketing@yello.co) (the “Purposes”). The personal data of the Yello Data Subjects will not be shared with any third parties except for our employees and our client relationship management sub-processor, as necessary to achieve the Purposes. The personal data of the Yello Data Subjects will be stored for as long as necessary to achieve the Purposes, or until the Yello Data Subject requests otherwise in writing. It is important to note that the provision of personal data by Yello Data Subjects is not mandatory and Yello Data Subjects can refrain from such provision at any time, but such Yello Data Subjects may not be able to request a demo through the yello.co website as a result. If any Yello Data Subject has a request related to the aforementioned GDPR Principles or Purposes, or wishes to unsubscribe, he or she should promptly reach out to Yello’s marketing team at marketing@yello.co. A Yello Data Subject may also file a complaint with the supervisory authority in his or her country of residence.

If our Customers utilize our Technology Management Services and/or our devices in connection with the Apps or the Sites, including but not limited to utilization through iPads or tablets, whether owned by us or a Customer, we may track, and you consent to us tracking, your physical location using Global Positioning System (GPS) technology that is installed and active on such device(s). Such tracking will be utilized for the following purposes: (i) locating device(s) in the event that they are lost or stolen; and/or (ii) locating devices(s) in an anonymized fashion for use on a device heat-map to be used for internal and external marketing purposes and which constitutes a map of broad-scale user activity across the globe. Such GPS tracking will not involve any access to your personal information nor will it involve the tracking of your activity or behavior on such device(s). If you object to such tracking, please promptly contact us via email at privacy@yello.co.

Our Use of Cookies

Through the Websites, we automatically gather certain information about your use of the Websites through the use of cookies and web beacons (pixel tags), including how frequently you visit or interact with certain areas of the Websites, the date and time of your visits to the Websites, your location, and your IP address and browser information. This allows us to track your behavior and preferences regarding your use of the Websites, to analyze traffic on the Websites, and to improve content and display on the Websites. We do not use any cookies or web beacons on the Apps.

A “cookie” is a text file that websites send to a user’s computer or other Internet-connected device to uniquely identify the device and browser or to store information or settings in a browser. A “web beacon”, also known as an “Internet tag” or “pixel tag”, links web pages to web servers and their cookies and may be used to transmit information collected through cookies back to a web server. For example, cookies enable us to identify your device, authenticate your login details, and secure your access to the Websites. If you choose to register a user account in order to access certain areas of the Websites, we will use cookies to store the personal information in the user account you establish. Most cookies, however, won’t collect information that identifies you, and will instead collect more general information such as how users arrive at and use the Websites, or a user’s general location in connection with one of our devices. We use the term “cookies” in this Privacy Policy to refer to all files that collect information in this way.

By continuing to use the Websites, you are voluntarily agreeing to our third-party analytics vendors and us placing cookies on your computer or mobile device as set forth in this Privacy Policy. If you do not wish to accept cookies in connection with your use of the Websites, you must immediately stop using the Websites or disable cookies in your browser settings.

In general, there are four types of cookies: (1) First-Party Cookies: First-party cookies are those set by the Websites themselves when you visit the applicable web page; (2) Third-Party Cookies: Third-party cookies are cookies that are set by a domain other than that of the Websites. Third-party cookies enable third-party features or functionality to be provided on or through the Websites (e.g. like interactive content and analytics). The parties that set these third-party cookies can recognize your computer both when it visits the Website, and also when it visits certain other websites; (3) Session Cookies: Session cookies are cookies that are created and active during a browser session. A browser session starts when you open the browser window and finishes when you close the browser window. Session cookies are created temporarily, so once you close the browser, all session cookies are deleted; (4) Persistent Cookies: Persistent cookies are cookies that remain on your computer or mobile device until you delete them manually or until they expire. They are not deleted when you close your browser.

The general purposes behind our use of cookies on the Websites can be categorized as follows:
1. Essential Cookies: Some cookies are essential for operation of a web page, and without these cookies, the services cannot be provided. We use essential cookies on the Sites, but not on the yello.co website or Apps. Thus, if a user does not have cookies enabled on their personal computer, he or she will still be able to access the yello.co website and Apps, but he or she may not be able to access all or parts of the Sites. The essential cookies used on the Sites are first-party, persistent and session cookies
2. Performance and Functionality Cookies: We utilize performance cookies to collect information about how you use the Websites – e.g. which pages you visit and if you experience any errors. These cookies are used to enhance the performance and functionality of the Websites and are non-essential to their use. However, without these cookies, certain functionality may become unavailable. Most of the performance and functionality cookies used on the Websites are first-party, persistent cookies.
3. Analytics Cookies: All of the information that analytics cookies collect is aggregated and therefore anonymous and is only used to help us improve how our Websites work, understand your interests, and measure how effective our content is. Most of the analytics cookies used on the Websites are first-party, persistent cookies.
4. Third-Party Cookies: We use third-party vendors to help it monitor traffic to the Websites (i.e. number of visitors, the pages they visit, and the length of time spent on the Websites). We may also use third-party cookies to help us with analytics, market research, revenue tracking, and improving site functionality on the Websites. Most of the third-party cookies used on the Websites are persistent cookies.

You can withdraw your consent to the use of cookies on the Websites at any time by deleting the cookies using your Internet browser settings, where you can accept, reject, or remove cookies by adjusting applicable settings. Please refer to the “help” function of your Internet browser for more details on how to adjust your browser settings. Please note that if you use your browser settings to block all cookies, you may not be able to access all or parts of the Websites. It is important to note that unless you have adjusted your browser setting so that it will refuse cookies before utilizing the Websites, our system will issue cookies as soon as you visit the Websites. If you do not wish to accept cookies in connection with your use of the Websites, you must immediately stop using the Websites.

“Do Not Track” is a concept that has been promoted by regulatory agencies such as the U.S. Federal Trade Commission, for the Internet industry to develop and implement a mechanism for allowing Internet users to control the tracking of their online activities across websites by using browser settings. The World Wide Web Consortium has been working with industry groups, Internet browsers, technology companies, and regulators to develop a “Do Not Track” technology standard. While some progress has been made, it has been slow, and no standard has been adopted to this date. As such, we do not generally respond to “Do Not Track” signals.

For further information about cookies and online privacy matters, please refer to http://www.allaboutcookies.org and http://www.youronlinechoices.eu.

How We and Our Customers Use and Disclose the Information of Data Subjects

We will not use, share or disclose the information of Data Subjects to anyone except as described in this Privacy Policy, in compliance with the instructions of the applicable data controllers, as otherwise consented to by a Data Subject, or necessary to provide the Apps or Websites to the Customer(s), in accordance with applicable written agreements between us and our Customer(s). To learn more about how a Data Subject’s information is processed, please refer to the applicable Customer’s privacy policy.

Additionally, it is important to note that we may be required to disclose the personal information of our Customers or their Data Subjects, including certain personally identifiable information, in response to a lawful request by public authorities or under any applicable law, including to meet national security or law enforcement requirements. Furthermore, a merger, acquisition, divestiture, or similar transaction may trigger the disclosure of the personal information of our Customers or their Data Subjects, including certain personally identifiable information.

Data Subjects should be aware we have no control over third-party websites or links, and our Privacy Policy does not apply to these third-party websites or links. Please consult the privacy policy of such websites or links for information related to privacy in connection to such websites or links.

How We Use and Disclose the Information of Our Customers

We use Customer information, including personally identifiable information, in order to administer our Customers’ accounts and allow them to use the Sites and Apps. We use Customer information to support and enhance our Customers’ use of the Sites and its features and the Apps, including, at times and as an example, tracking emails that our Customers send.

We also use our Customer’s personally identifiable information for any purpose for which they provide it (for example, if a Customer wishes to share its email address or personal information with us for a particular purpose). In addition, we may send our Customers service or promotional communications, including notifying them of new services, offerings, or changes to the Websites, Apps, or this Privacy Policy. Our Customers can opt-out of receiving these emails by contacting us at privacy@yello.co.

We may use Customer information to enable us to display advertisements to third parties’ target audiences. Even though we do not disclose your personally identifiable information for these purposes without your consent, if you click on or otherwise interact with an advertisement, the advertiser may assume you meet its target criteria.

We may also disclose and transfer Customer information, including personally identifiable information, as an asset in connection with a proposed or actual merger or sale (including any transfers made as part of an insolvency or bankruptcy proceeding) involving all or part of our business (whether as a going-concern or not) or as part of a corporate reorganization, stock sale or other change in control.

Customers should be aware we have no control over third-party websites or links, and our Privacy Policy does not apply to these third-party websites or links. Please consult the privacy policy of such websites or links for information related to privacy in connection to such websites or links.

General Use and Disclosure the Information of Data Subjects or Customers

We reserve the right to disclose information, including personal information, in order to comply with a subpoena, court order, administrative or governmental order, or any other requirement of law, or when we, in our sole discretion, believe it is necessary in order to protect our rights or the rights of others, to prevent harm to persons or property, or to fight fraud and credit risk reduction. IF A CUSTOMER OR DATA SUBJECT USES A PUBLICLY ACCESSIBLE AREA OF THE WEBSITES OR APPS, HE OR SHE SHOULD BE AWARE THAT ANY PERSONALLY IDENTIFIABLE INFORMATION SUBMITTED THERE CAN BE READ, COLLECTED OR USED BY ANY PERSON FOR ANY PURPOSE. We are in no way responsible for the personally identifiable or other information submitted in these public forums. We may retain records of all publicly accessible areas of the Websites or Apps.

We also reserve the right to share the information of Customers or Data Subjects, including personal information, in connection with any corporate transaction, including any merger, consolidation, restructuring, the sale of stock and/or assets, or other corporate change or financing transaction including, whether during the course of any due diligence process or otherwise.

We may use non-personally identifiable information in the aggregate, so we can improve the Websites or Apps, and for business and administrative purposes. We may also use or share with third parties, for any purpose, aggregated data that contains no personally identifiable information. We do not make any decisions based solely on the automated processing of a Customer’s or Data Subject’s personal data.

We are located in the United States. By default, we utilize a hosting provider who is also located in the United States. In very limited circumstances and at our sole discretion, we may provide certain Customers with the option to elect that their data is hosted in Ireland. BY ACCESSING OR USING THE WEBSITES, ACCESSING OR USING THE APPS, OR OTHERWISE PROVIDING INFORMATION TO OUR CUSTOMERS OR US, THE CUSTOMERS, DATA SUBJECTS, AND YELLO DATA SUBJECTS CONSENT TO THE PROCESSING AND TRANSFER OF SUCH INFORMATION TO AND IN THE UNITED STATES.

Third Party Disclosures

We may disclose the personal information of our Customer’s Data Subjects to third parties as necessary to provide our services to our Customers. Such third parties may include vendors who we utilize for the provision of our services. The purpose of such disclosure is to provide our services to our Customers, and may include: the sub-processing of such personal information between the Websites, the Apps, and our and our Customers’ networks; the parsing of such personal information to allow our Customers to filter through the information that the Data Subjects voluntarily provide to our Customers via the Sites or Apps; and, generally, allowing our Customers to build a work candidate database based on the information provided by Data Subjects and manage their recruitment process.

When transferring personal information to a third party acting as a sub-processing agent (“agent”), we (i) transfer such data only for limited and specified purposes; (ii) ascertain that the agent is obligated to provide at least the same level of privacy protection as is required by the Privacy Shield and GDPR Principles (as discussed below), as applicable; (iii) take reasonable and appropriate steps to ensure that the agent effectively processes the personal information transferred in a manner consistent with the organization’s obligations under the applicable Privacy Shield and GDPR Principles; (iv) require the agent to notify the organization if it makes a determination that it can no longer meet its obligation to provide the same level of protection as is required by the applicable Privacy Shield or GDPR Principles; (v) upon written notice, including under (iv), take reasonable and appropriate steps to stop and remediate unauthorized processing; and (vi) provide a summary or a representative copy of the relevant privacy provisions of our contract with that agent to the Department of Commerce or Federal Trade Commission upon verified request.

Choices Regarding Customer Information

We strive to provide our Customers with choices regarding their personally identifiable information. We have created mechanisms to provide our Customers with control over such information:

  • Tracking Technologies and Advertising. Customers can set their browser to refuse all or some browser cookies, or an alert when cookies are being sent. To learn how to manage cookie settings, visit the applicable browser’s settings and help pages.
  • Promotional Offers and Newsletters from Us. If a Customer does not wish to have its contact information used by us to promote our own products or services or receive our newsletters, it can opt-out by contacting us at privacy@yello.co. This opt-out does not apply to information provided to us as a result of product service experience requests.

Choices regarding Data Subject Information

Upon written request from a Data Subject, with proper verification of identity at our sole discretion (e.g. via certification from a notary public), we can promptly destroy, correct, amend and/or return, to such verified Data Subject, any and all personally identifiable information in our or our sub-processor’s control or possession, subject to both our right to retain such information as deemed permitted under applicable law or necessary to comply with legal obligations or the obligations detailed in our written agreements with Customers. We will use commercially reasonable efforts to respond to such requests within forty-five (45) days of receipt of such request and identity verification. All requests in this regard should be submitted via email to privacy@yello.co.

How We Protect Information

We are committed to protecting the information we receive from our Customers and their Data Subjects. We have implemented commercially reasonable, appropriate technical and organizational measures to protect the confidentiality, security and integrity of data stored on or through the Websites and on the Apps, including from loss, misuse, and unauthorized access, disclosure, alteration and destruction, while considering the risks involved. Such risks include, but are not limited to, severity of foreseeable harm and likelihood that our processing could threaten the individual rights and freedoms of the Data Subjects. While no computer system is completely secure, we believe the measures we have implemented reduce the likelihood of security problems to a level appropriate to the type of data involved.

In addition, only those employees and third parties who need access to personal information in order to perform their duties are allowed such access.

Although we do our best to protect the personal information of our Customers, Yello Data Subjects, and Data Subjects, we cannot guarantee the security of personal information transmitted to the Sites or Apps. ANY TRANSMISSION OF PERSONAL INFORMATION IS AT THE CUSTOMER’S, YELLO DATA SUBJECTS’, OR THE DATA SUBJECTS’ OWN RISK. WE ARE NOT RESPONSIBLE FOR THE CIRCUMVENTION OF ANY PRIVACY SETTINGS OR SECURITY MEASURES CONTAINED ON THE WEBSITES OR APPS.

The safety and security of personal information also depends on the Customers and Data Subjects. Customers and Data Subjects are responsible for keeping their self-created passwords confidential, and Customer and Data Subjects must not share passwords with anyone. Customer and Data Subjects must also take all reasonable steps to ensure the protection of their personal information, including, but not limited to, the personally identifiable information, and must be careful about giving out information in public areas of the Websites, Apps, or elsewhere.

Accessing and Updating Personal Information and Preferences of Customers

Authorized Users of our Customers may access, update, correct, and/or delete registration and other personal information by logging into the Sites or Apps and modifying their user profile, or by sending us an email at privacy@yello.co. Customers may also close their account at any time by contacting us at privacy@yello.co. We will take commercially reasonable steps to implement our Customers’ requests promptly, but it may take some time to process.

While we will make efforts to accommodate requests to restrict our use of personal information, we reserve the right to erase all or any portion of a Customer or Data Subject’s information if we are not able to reasonably accommodate a requested restriction. Please note that in some instances, we may not be able to delete the personal information or our Customers or their Data Subjects except by closing such Customer’s user account. We will notify our Customers if we are not able to accommodate their requests or if we have elected to close a Customer account as a result of a failure to accommodate such request.

We do not store any Customer’s personal information for longer than is necessary to fulfill the purposes for which it was collected, which is a determination made solely by the applicable Customer, provided that we may retain copies of a Customer’s personal information even after it has closed its account in order to comply with legal obligations.

Children’s Privacy and Parental Controls

We do not solicit any personal information from children. IF A CUSTOMER OR DATA SUBJECT IS NOT 16 OR OLDER, HE OR SHE MUST NOT USE THE WEBSITES OR THE APPS. Parents should be aware there are parental control tools available online that can be used to prevent children from submitting information online without parental permission or from accessing material that is harmful to minors.

California Privacy Rights

California Civil Code Section §1798.83 permits Customers and Data Subjects who utilize the Websites or Apps and who are California residents to request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes. To make such a request, please send an e-mail to privacy@yello.co.

General Data Protection Regulation

We comply with the EU General Data Protection Regulation 2016/679 (the “GDPR”). We adhere to the GDPR Principles with respect to the Data Subjects’ rights to be informed about, access, rectify, erase (“be forgotten”), and restrict or object to the processing of their personal data in certain situations, as well as the principle of data portability with respect to such data (the “GDPR Principles”). Our legal basis for processing the personal data of Data Subjects is that such processing is necessary for the purposes of the legitimate interests pursued by the controllers (our Customers), and such interests are not overridden by the interests or fundamental rights and freedoms of the Data Subjects which require protection of personal data. The legitimate interest at hand is allowing our Customers to build a work candidate database based on the information provided by Data Subjects and to manage their recruitment processes (the “Data Controllers’ Legitimate Interests”). We have determined that the Data Controllers’ Legitimate Interests and the Data Subjects’ interest in being a part of our Customers’ recruitment processes so as to achieve employment are compatible with and override the interests or fundamental rights and freedoms of the Data Subjects that require protection of the personal data at hand. If there is any conflict between the terms in this Privacy Policy and the GDPR Principles, the GDPR Principles shall govern.

In line with the requirements of the GDPR, we have formally appointed a Data Protection Officer, Dylan Mombach, reachable via email at privacy@yello.co, who will, amongst other things: monitor compliance with the GDPR, applicable Union or Member State data protection laws, and our policies related to the protection of personal data; provide advice, where requested and appropriate, regarding data protection impact assessments; reasonably cooperate with applicable supervisory authority; and act as the contact point on issues related to our processing of personal information.

We are open to entering into the Commission Decision C(2010)593 Standard Contractual Clauses (processors) with any of our Customers that are authorized to use the Sites or the Apps in the EEA. Please contact us via email at contracts@yello.co to request entrance into the Standard Contractual Clauses or for more information regarding this topic.

Upon written request from a Data Subject, with proper verification of identity at our sole discretion (e.g. via certification from a notary public), we can promptly destroy, correct, amend and/or return to such verified Data Subject any and all personal information, including any personally identifiable information, in our or our sub-processor’s control or possession, subject to our right to retain such information as deemed necessary to comply with legal obligations. We will use commercially reasonable efforts to respond to such requests within forty-five (45) days of receipt of such request and proper identity verification. All requests in this regard should be submitted via email to privacy@yello.co.

Data Subjects may also have the right to submit a GDPR complaint to their local data protection authority. Contact details for the EU data protection authorities can be found at http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm

Privacy Shield Frameworks

RECSOLU Inc. dba Yello complies with the EU-US Privacy Shield Framework and the Swiss-US Privacy Shield Framework as set forth by the US Department of Commerce regarding the collection, use, and retention of personal information from European Union member countries and Switzerland transferred to the United States pursuant to Privacy Shield. We have certified to the Department of Commerce that we adhere to the Privacy Shield Principles with respect to such data. If there is any conflict between the policies in this privacy policy and Data Subject rights under the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program and the Privacy Shield Principles, and to view our certification page, please visit https://www.privacyshield.gov/.

Our accountability for personal data that we receive in the United States under the Privacy Shield Frameworks, and subsequent transfers to a third party, is described in the Privacy Shield Principles. In particular, we remain responsible and liable under the Privacy Shield Principles for third-party sub-processors that process personal data on our behalf, and we remain responsible for using commercially reasonable efforts to ensure that such sub-processors process personal data in a manner inconsistent with the Principles, unless we prove that we are not responsible for the event giving rise to the damage.

With respect to personal data received or transferred pursuant to the Privacy Shield Frameworks, we are subject to the regulatory enforcement powers of the U.S. Federal Trade Commission.

Pursuant to the Privacy Shield Frameworks, EU and Swiss individuals have the right to obtain our confirmation of whether we maintain personal information relating to you in the United States. Upon written request, we will provide you with access to the personal information that we hold about you. You may also may correct, amend, or delete the personal information we hold about you. An individual who seeks access, or who seeks to correct, amend, or delete inaccurate data transferred to the United States under Privacy Shield, should direct their query to privacy@yello.co, and we will respond within a reasonable timeframe.

We will also provide an individual opt-out or opt-in choice before we share your data with third parties other than our agents or as otherwise described in this Privacy Policy, or before we use it for a purpose other than which it was originally collected or subsequently authorized. To restrict our use or disclosure of your personal information, please immediately submit a written request to privacy@yello.co.

In compliance with the Privacy Shield Principles, we commit to resolve complaints about your privacy and our collection or use of your personal information transferred to the United States pursuant to the Privacy Shield Principles. European Union and Swiss individuals with Privacy Shield inquiries or complaints should first contact at privacy@yello.co or the mailing address below:

RECSOLU, Inc., DBA Yello
55 E. Monroe St., Suite 3600
Chicago, IL 60603
Attn: General Counsel

We have further committed to refer unresolved privacy complaints under the Privacy Shield Principles to an independent dispute resolution mechanism, the BBB EU PRIVACY SHIELD, operated by the Council of Better Business Bureaus. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit www.bbb.org/EU-privacy-shield/for-eu-consumers for more information and to file a complaint. This service is provided free of charge to you.

If your complaint involves human resources data transferred to the United States from the EU and/or Switzerland in the context of the employment relationship, and we do not address it satisfactorily, we commit to cooperate with the panel established by the EU data protection authorities (DPA Panel) and/or the Swiss Federal Data Protection and Information Commissioner, as applicable, and to comply with the advice given by the DPA panel and/or Commissioner, as applicable, with regard to such human resources data.  To pursue an unresolved human resources complaint, you should contact the state or national data protection or labor authority in the appropriate jurisdiction.  Complaints related to human resources data should not be addressed to the BBB EU PRIVACY SHIELD.

If your Privacy Shield complaint cannot be resolved through the above channels, under certain conditions, you may invoke binding arbitration for some residual claims not resolved by other redress mechanisms. See Privacy Shield Annex 1 at: https://www.privacyshield.gov/article?id=ANNEX-I-introduction

Injunctive Relief

By using the Websites or the Apps, Customers and Data Subjects acknowledge that monetary damages may not be a sufficient remedy for unauthorized disclosure of personal information, including personally identifiable information, and that there is significant potential liability in cases of onward transfers of personal data (including personally identifiable information) and Customer data to third parties. Thus, Customers and Data Subjects hereby acknowledge that we shall be entitled, without waiving any other rights or remedies, to seek such injunctive or equitable relief as may be deemed proper by a court of competent jurisdiction.

Privacy Policy Changes

Privacy laws and guidelines are part of a constantly changing environment. We reserve the right, at our discretion, to change, modify, add, or remove portions of this Privacy Policy at any time. Customers and Data Subjects are responsible for reviewing this Privacy Policy periodically to ensure that you are aware of our current privacy practices, although we may also elect to notify Customers’ Authorized Users of material changes to our Privacy Policy, by posting a pop-up banner on the Websites. Your continued use of the Websites or Apps following any changes signifies your consent to and acceptance of the then-current Privacy Policy as posted. If a Customer, Yello Data Subject, or Data Subject does not consent to the changes to the Privacy Policy, he or she must immediately discontinue access to or use of the Websites or the Apps, and may reach out to us at privacy@yello.co to object and/or to obtain for more information.

To address any questions that you have about this Privacy Policy, please contact us at:

Corporate Headquarters:

RECSOLU, Inc., DBA Yello
55 E. Monroe St., Suite 3600
Chicago, IL 60603
Attn: General Counsel
1-312-517-3232
contracts@yello.co