Effective from 04/10/2021
We know you use HireMe2 services to help you succeed in your next professional opportunity. You can trust that HireMe2 will always handle your personal information respectfully and responsibly so that you can interact with us in confidence.
Hireme2 (hereinafter "Company", "us", "we" or "our") is committed to protecting the privacy of our Users. This page represents our Privacy Policy (hereinafter "Privacy Policy"), including our privacy practices under GDPR regulation.
We take commercially reasonable measures to adhere to industry guidelines, and will continue to review and improve our Privacy Policy and procedures to ensure the safety and protection of consumer information. This Privacy Policy has been compiled to better serve those who are concerned with how their personal data are being collected and used, including how personal data under GDPR are being processed. Personal data is information that can be used on its own or with other information to identify, contact, or locate a single person, or to identify an individual in context. Our principles of data protection under GDPR apply to any information concerning an identified or identifiable natural person
If a User does not accept this Privacy Policy, incl. any part of it, the User must quit using our Services and can request that we remove such User’s personal data from our databases by sending us an e-mail request to privacy@hireme2.ai.
The following terminology applies to this Privacy Policy:
-
Personal Data" or "Data" are used interchangeably herein with (and to mean) personal data - any information relating to an identified or identifiable natural person.
-
"User" refers to the individuals (natural persons) using our Services. It must coincide with or be authorized by the legal or natural person, to whom the personal data refers.
-
“Applicant” refers to the individuals (natural persons) using our Application, who have not signed a contract for use of our Services.
-
“Client” refers to the companies (legal persons) using our Application, e.g. recruiting or other companies, who have signed contract for use of our Services.
-
"Application", "App" or "chatbot" refers to the Company's interactive online recruiting platform and its database, incl. all its features and software modules, e.g. browser extensions, etc.
This Privacy Policy also uses the general definitions given in our Terms & Conditions which can be found on our Website.
We may refer to this Privacy Policy in notices and consent requests related to special purpose web pages, mobile applications, or other resources. Under such circumstances, this Privacy Policy applies to information collected by us through such resources, as modified in the particular notice or consent request (e.g., with respect to the types of data collected or our uses or disclosures of such information).
Changes to This Privacy Policy
We can change this Privacy Policy at any time by updating this page. If we make any material or substantive changes in the way that we use the personal data collected through our Services, we will post a clear and conspicuous notice of those changes in this Privacy Policy.
It is recommended to check this page from time to time, referring to the date of the last modification listed at the top, to ensure that you accept any changes.
Unless stated otherwise, the then-current Privacy Policy applies to all personal data we currently collect, or previously collected and currently store and process.
Collection of Information
We collect information from you when, for example but without limitation, you use our App, perform search settings, place an order, respond to the chatbots, you communicate with HireMe2 in any form (e.g. emails, phone calls, others) or otherwise use our Services.
Generally, when accessing or using the Services, you may be asked to enter, and we may collect, certain information, including personal data, including but not limited to: username, password, names, email addresses, telephone numbers, ID numbers or information, geolocation information, street address, gender, occupation, interests, and any other data included in your profile or resume, including but not limited to application materials, qualifications, and answers to chatbot questions or answers you give to any questions or questionnaires presented to you, which you answer, or data and information you voluntarily provide in any chat feature or otherwise. We may also collect payment and billing information with final clients, who have a signed agreement with HireMe2 (e.g., credit card number and related verification information). By providing any personal data or other information, you consent to our collection, storage and use of such information in the manner and for the purposes described in this Privacy Policy and the Company's Terms and Conditions. In addition, you hereby consent to receive text messages (SMS), other messages via your accounts on third-party messaging applications, calls, and emails from Clients (if you are an Applicant) and from Applicants (if you are a Client) in connection with and through the Services at such phone numbers, email addresses, and other contact information you provide through or in connection with Services. As part of the standard operation of the Website and App, we may automatically collect and analyze information from your computer or mobile device, including, but not limited to, your browser type, operating system, IP address and the domain name from which you accessed the Services, and if you are accessing our Services with your mobile device, the type of mobile device. In addition, we may automatically record and analyze actions taken on the Website or through the App, including, but not limited to, date and times of use, clicks, page views, the amount of time you spend on each page, and search queries. For operation and maintenance purposes, we may collect files that record interaction with the Website or Application (system logs) or other personal data (such as IP address). By using our Services, you consent to our collection, storage and use of such information in the manner and for the purposes described in this Privacy Policy and the Company's Terms and Conditions.
Failure or refusal to provide certain personal data may make it impossible for you to effectively use our Services.
Users are responsible for any personal data of third parties obtained, published or shared through the Application or Website and confirm that they have such third-party's consent to provide such data to the Company.
If you are a Client, Company may request that you provide certain information in order to verify your account. This information includes, but is not limited to your Federal Employer Identification Number (EIN), Business Registration information, or a utility bill. This information will be used for internal purposes only, subject to any request by law enforcement or a court order.
An aspect of our Service permits communication between Company and job seekers or employees (“Applicants”), Company and prospective employers and recruiters (“Clients”), as well as communication directly between Applicants and Clients through the Services and also via third-party services and applications such as SMS, on Viber, Telegram, WhatsApp, Facebook Messenger, Avito Messenger and any other system/ platform. We have also integrated in our App (by the use of their public API) Office365, Google (GSuite), Exchange 2010 / 2016 (calendars, email), Zoom (web meetings), more than 20 ATSes and any other system/ platform. PLEASE NOTE THAT YOUR RELATIONSHIP WITH ANY OTHER THIRD-PARTY SERVICE, APPLICATION OR WEBSITE IS GOVERNED SOLELY BY YOUR AGREEMENT WITH SUCH THIRD-PARTY OR GDPR WHERE APPLICABLE.
Processing the Personal Data
We process the Data of Users in a proper manner and shall take appropriate security measures to prevent unauthorized access, disclosure, modification, or unauthorized destruction of the Data.
We process the Data of two categories of users of our App: Clients (business entities - employers, recruiters) and Applicants (natural persons - job applicants, employees, former employees). A Client has to create a profile in order to use our App. Applicants are not entitled to creating a profile and use or services by visiting a web address (URL), scanning a QR code or sending a text message.
The Data processing is carried out using computers and/or IT enabled tools, following organizational procedures and modes strictly related to the purposes indicated. In addition to the Company and its staff involved with the operation of the Services (e.g., administration, sales, marketing, legal or system administration staff), in some cases, the Data may be accessible to third parties (such as technical service providers, mail carriers, hosting providers, IT companies or communications agencies) appointed by us, if necessary, as data processors".
You acknowledge and agree that personal data you provide to us may be transferred outside of the country in which you reside. Your acceptance and agreement to this Privacy Policy will, among other things, constitute your consent to any such transfer. Any transfer of personal data which are undergoing processing or are intended for processing after transfer to a third country or to an international organization shall take place only if the conditions laid down in Chapter V of GDPR are complied with by the Company and the Data Processor, including for onward transfers of personal data from the third country or an international organization to another third country or to another international organization.
When acting in the capacity of personal data processors, we may store Data indefinitely, due to the fact that Clients that act as data controllers while using the App, determine the purposes and means, as well as duration, of processing of personal data. However, you may request that we suspend or remove your personal data at any time or contact the respective data controller. Our Company is GDPR compliant and all data subjects’ requests are duly processed.
Purposes and Use of Your Personal Data
The information we collect from you when you use our Services, Website or App is processed to allow us to better provide our Services, incl. for the following purposes:
-
Providing our App services. Our App is an interactive online recruiting platform which contains multiple instructions, codes and algorithms, the combination of which allows it to perform its assigned functions. The Company, acting as data processor, provides some or all of the Services described in this document, which also acts in the capacity of data processor.
-
If data subjects experience problems with the Services or have any questions about the use of the Services, they can send the Company a message which includes personal data such as name, e-mail address, etc.
-
Statistical use and improving performance. The Company uses data for analytics and measurement to understand how the Services are used, for example reviewing information about system crashes experienced by users allows us to identify and fix problems and provide better user experience;
-
To prevent or investigate security breaches or any illegal activities related to our Services.
-
To advertise our Services. We advertise our Services on our Website. From time to time we may contact you by e-mail or telephone and send you messages with relevant information about our Services.
Any personal data and other information shared by you with us may be shared with or transferred to any Company-affiliated entity (including those located outside the European Union or Switzerland), no matter where located, for the purpose of providing you Services and improving the Services. By using the Services and accepting this Privacy Policy, you consent to this transfer and acknowledge that the Services provided to you and the functionality of the Website and App could not be provided without such a transfer. If you do not wish your Data to be transferred in this way you should not use our Services, Website or App, and you shall provide us notice. Special rules in this regard apply to data subjects under GDPR.
You give us explicit consent that in the event that another company acquires all or substantially all of the assets of our business through a consolidation, merger, asset purchase, or other transaction, we reserve the right to transfer all data (including any personal data a User may have provided through the Services) that is in our possession or under our control to such acquiring party. Company's use of information received, and Company's transfer of information to any other app, from Google APIs will adhere to Google's Limited Use Requirements.
Information Security
Our Services are scanned on a regular basis for security holes and known vulnerabilities in order to make your use of our Services as safe as possible.
Your personal data are contained behind secured networks and is only accessible by a limited number of persons who have special access rights to such systems, and are required to keep the information confidential. In addition, all information you send is encrypted via Transport Layer Security (TLS) technology.
We follow generally accepted industry standards to protect against the unauthorized access to, retention of, and disclosure of Data. This includes undertaking necessary physical, electronic, and management activities required to protect data integrity, access, and use. Any Data that is stored on our servers is treated as confidential information.
Please keep in mind, however, that despite these reasonable efforts to protect Data on our servers, no method of transmission over the Internet is guaranteed to be 100% secure. Therefore, while we strive to protect your Data at all times, we cannot guarantee its absolute security and shall not be liable for any breach of security by an outside party.
Non-personal data
We may collect and process non-personally identifiable information (hereinafter "Non-personal data") regarding the User’s behavior while using our Services which may include:
-
Generalized data (e.g. user age range, etc.)
-
Aggregated statistics on the use of our Services
-
Partially or fully masked IP addresses
-
Anonymized data
Cookies
“Cookies” are unique alphanumeric identifiers that store information on your computer. A cookie is placed on your computer when your web browser accesses our website. We use cookies for tracking transactions and the user characteristics explained in detail throughout this Privacy Policy. If you choose, there are utilities available for purchase from independent software providers to install on your computer as well as tools/preferences you can choose through most web browsers to make website visits anonymous. Of course, cookies let you have a more satisfying website experience, so we recommend that you leave them turned on.
We may also add third-party cookies. Cookies contain anonymous, segmented data about a user’s demographics (like age, gender, and location), interests, lifestyle, household details, social media memberships, and online influences. The date in the cookies do not contain individual-level information, but rather general audience segments.
If you turn cookies off, some features will be disabled. It may affect the User's experience that make your Website visit more efficient and may not function properly.
HireMe2 usage of social media
If candidates are using our social media, candidates are accepting the terms and conditions, including privacy policy, of those social media platforms and applications.
Tracking
Our App does not track behavior of users, however please note that third-party behavioral tracking is possible. To determine whether any of the third-party services used by our App honor the DNT requests, please read the privacy policies of such third-party service provider.
Marketing and Advertising
From time to time we may contact you by e-mail or telephone and send you messages with relevant information about our Services.
As different legislations around the world have different legal requirements to marketing and advertising messages, we do our best to comply with all of them (e.g. we always seek prior consent if such is mandatory, etc.). It might turn out, however, that in certain cases we are not aware of certain details in this regard (e.g. we might consider opt-out regime applicable while in fact opt-in regime is applicable, etc.), in which cases we ask you to let us know.
Special rules apply for direct marketing under GDPR and we honor all requirements in this regard.
If you do not want to receive advertising or direct marketing messages from us, you may opt-out by clicking on the unsubscribe link at the bottom of our emails or by informing us by e-mail or telephone. If you do so, your contact details will be included in a stop list, so that we make sure not to contact you again, while all other personal details of yours will be deleted if you are not a Client of ours.
Please note that you are not permitted to unsubscribe or opt-out of non-advertising system messages (e.g. technical issues, security notices, etc.).
We also require from our Clients to comply with all laws and regulations governing communication with Applicants, incl. to obtain all necessary consents or approvals required to communicate with an Applicant, to refrain from using the Services to harvest, collect, gather, or assemble information or data regarding Applicants without consent, from communicating in any deceptive manner, etc. Applicants can report violations of these requirements by sending us an e-mail.
Transfer or Disclosure of Information to Third Parties
Any personal data and other information shared by Applicants with chatbots is sent to relevant, prospective Clients that match the respective employment goals. GDPR data subjects give their consent for this purpose of processing of their personal data and they are informed of their right to request access, rectification, erasure (‘right to be forgotten’), restriction of processing, objection against processing and data portability.
In addition, we may use other companies, including affiliates and third parties, to help us perform the Services and to improve the Website, App, and any other Services. These third parties may include, but are not limited to, service providers and vendors, such as:
-
Systems provided by XOR. XOR is a company located 333 West San Carlos Street, San Jose, CA 95110, United States. HireMe2 (under the name Ivy Global AI) has signed an explicit agreement with XOR under which XOR is obliged to comply with GDPR and all related personal data related legislation.
-
-
Hosting providers. Companies that provide space for and host our Website (WIX and GoDaddy).
-
Google, Instagram, Facebook and LinkedIn. When visitors come on our Website, which contains Google Analytics, Facebook Pixel and LinkedIn Ads code, some data are sent to Google, Facebook and LinkedIn - anonymized and aggregated to provide analytics and measurement reports to the Company.
In the course of providing such services, those companies may have access to personal data, and such personal data may be transferred to other countries only when this is required for the proper functioning of our Services and when allowed by the applicable legislation.
These companies (e.g., service providers and vendors) as well as potential Clients using our Services, are contractually required to treat such personal data in accordance with this Privacy Policy. However, we will not be liable (to the fullest extent permitted by law) for any damages that may result from the misuse of any information, including personal data, by these companies.
In addition, we may disclose a User's information to third parties and law enforcement agencies when we reasonably believe we are obligated to do so by law, and in order to investigate, prevent, or take action regarding suspected or actual prohibited activities, including, but not limited to, fraud and threats, including potential or perceived threats, to ours or others' rights, property or safety. We have the obligation to send personal data to official authorities upon verified request or legal process related to criminal investigations or alleged or suspected illegal activities. If we are subject to a merger or acquisition with/by another company, your personal data may be processed by these companies in connection with such transaction.
Non-personal data (e.g. aggregated or anonymized statistics) may be provided to other parties for marketing, advertising, or other uses. We may disclose non-personal data collected through our Services, and information derived from it, to our customers. This information cannot be used to contact or identify any person individually. Further, all of our customers have warranted that they shall use any non-personal data they receive in compliance with applicable laws and regulations.
We do not include or offer third-party products or services on our Website.
Right of Users
Users have the right, at any time, to know whether their personal data have been stored and can contact the Company regarding the contents and origin of such Data; to verify its accuracy; to request such Data be supplemented, cancelled, updated or corrected; or to transform such Data into an anonymous format. Such requests should be sent to the Company at the contact information set out below at the end of this page.
Users have the right to do the following things:
Manage or delete your account
-
You may review, update, or modify your account information, including profile and contact information, at any time by emailing privacy@hireme2.ai. You may delete your account by emailing privacy@hireme2.ai.
Opting out of email marketing
-
You may unsubscribe from our emails at any time by following the instructions included in those emails. If you opt-out of receiving such communications, note that we may continue to send Clients non-promotional emails (such as order confirmation emails or emails about changes to our legal terms).
Fair Information Practices
The Fair Information Practices Principles form the backbone of privacy law in the United States and the concepts they include have played a significant role in the development of data protection laws around the globe. Understanding the Fair Information Practice Principles and how they should be implemented is critical to comply with the various privacy laws that protect personal information.
In order to be in line with Fair Information Practices we will take the following responsive action, should a data breach occur: we will notify Users via email - within 7 business days, or we will notify the Users via in-site notification - within 7 business days. In data breach cases covered by GDPR we notify within 72 hours the Users when required and the data controllers (when we act as data processor) or the authorities (when we act as data controller).
We also agree to the Individual Redress Principle, which requires that individuals have the right to legally pursue enforceable rights against data collectors and processors who fail to adhere to the law. This principle requires not only that individuals have enforceable rights against data users, but also that individuals have recourse to courts or government agencies to investigate and/or prosecute non-compliance by data processors.
Privacy Shield Framework Compliance
Our System complies with the EU-US Privacy Shield Framework and Swiss-US Privacy Shield Framework as set forth by the US Department of Commerce (DOC) regarding the collection, use, and retention of personal information transferred from the EU and Switzerland to the US. Our Company has certified to the Department of Commerce (DOC) that it adheres to the Privacy Shield Principles (“the Principles”). If there is any conflict between the terms in this privacy policy and the Privacy Shield Principles (excluding where GDPR is applicable), the Privacy Shield Principles shall govern.
In regards to our system, it follows up procedures (self-assessment) for verifying that the attestations and assertions we make about our Privacy Shield privacy practices are true and those privacy practices have been implemented as represented and in accordance with the Privacy Shield Principles. Such verification shall indicate that our published privacy policy regarding personal information received from the EU or Switzerland is accurate, comprehensive, prominently displayed, completely implemented and accessible and conforms to the Privacy Shield Principles. A statement verifying the self-assessment is signed by a corporate officer or other authorized representative of the Company at least once a year and made available upon request by individuals or in the context of an investigation or a complaint about non-compliance. We shall retain our records on the implementation of our Privacy Shield privacy practices and make them available upon request in the context of an investigation or a complaint about non-compliance to the independent body responsible for investigating complaints or to the agency with unfair and deceptive practices jurisdiction.
If we cease to exist as a separate legal entity as a result of a merger or a takeover, we shall notify the Department of this in advance where the notification shall also indicate whether the acquiring entity or the entity resulting from the merger will continue to be bound by the Privacy Shield Principles by the operation of law governing the takeover or merger or elect to self-certify its adherence to the Privacy Shield Principles or put in place other safeguards, such as a written agreement that will ensure adherence to the Privacy Shield Principles. If we leave the Privacy Shield for any reason, we shall remove all statements implying that the Company continues to participate in the Privacy Shield or is entitled to the benefits of the Privacy Shield.
Privacy Shield definitions
-
“Personal data” and “personal information” are data about an identified or identifiable individual that are within the scope of GDPR, received by an organization in the United States from the European Union or Switzerland, and recorded in any form.
-
“Processing” of personal data means any operation or set of operations which is performed upon personal data, whether or not by automated means, such as collection, recording, organization, storage, adaptation or alteration, retrieval, consultation, use, disclosure or dissemination, and erasure or destruction.
-
“Controller” means a person or organization which, alone or jointly with others, determines the purposes and means of the processing of personal data.
The privacy practices described below have been developed based on the Privacy Shield Principles and we confirm our commitment to subject to the Principles all personal data received from the EU and Switzerland in reliance on the Privacy Shield.
Personal data we collect
-
When you use our Website (visit pages, send enquiries, etc.):
-
Records of your interaction with the Website (system logs);
-
Actions taken on the Website, including date and time of use, clicks, page views, the amount of time you spend on each page, and search queries;
-
Data from your computer or mobile device, including, but not limited to, your browser type, operating system, IP address and the domain name from which you accessed the Website, and if you are accessing our Website with your mobile device, the type of mobile device;
-
Cookies, incl. third-party cookies, that contain anonymous data for statistical use;
-
Any comments or other information you provide when you post opinions, queries or other information on the Website;
-
Identifying information such as your name, e-mail address, etc. when you send us a message or open a support ticket.
-
-
When you interact with our chatbots:
-
Any information which you voluntarily send to chatbots for the purpose of the job interview, incl. CV, diplomas, qualification data, etc.;
-
Any information which you are asked to and then you send to chatbots for the purpose of the job interview. You have the right not to send what you have been asked about by chatbots;
-
Sensitive information that you are not obligated to but you agree to send when asked by chatbots, incl. self-presentations, video interviews, etc.;
-
Any content that you generate, incl. questions that you ask and answers to questions you have been asked.
-
Purposes for processing personal data
-
Providing our App services. Our App is an interactive online recruiting platform which contains multiple instructions, codes and algorithms, the combination of which allows it to perform its assigned functions, e.g. it automatically asks questions, responds to queries. This AI software product provided by the Company decreases manual labor for recruiters and the time of the hiring process by involving Applicants in an interactive conversation that both asks questions. The Company, acting as data processor, provides some or all of the Services described in this point via subcontractor, which also acts in the capacity of data processor.
-
Technical support and assistance. To follow up with users after correspondence / opening a support ticket on our Website / in the App’s interface. If data subjects experience problems with the Services or have any questions to the use of the Services, they can send the Company a message which includes personal data such as name, e-mail address, etc.
-
Statistical use and improving performance. The Company uses data for analytics and measurement to understand how the Services are used, for example reviewing information about system crashes experienced by users allows us to identify and fix problems and provide better user experience;
-
To prevent or investigate security breaches or any illegal activities related to our Services.
-
To advertise our Services. We advertise our Services on our Website. From time to time we may contact you by e-mail or telephone and send you messages with relevant information about our Services.
Data integrity and purpose limitation
Personal data we process are limited to the information that is relevant for the purposes of processing. We shall not process personal information in a way that is incompatible with the purposes for which it has been collected or subsequently authorized by the individual. To the extent necessary for those purposes, we take reasonable steps to ensure that personal data are reliable for its intended use, accurate, complete, and current, as long as we retain such information. Information may be retained in a form identifying or making identifiable the individual only for as long as it serves a purpose of processing.
Data Retention
How long we retain your Personal Data depends on the type of data and the purpose for which we process the data. We will retain your personal data for the period necessary to fulfill the purposes outlined in this Privacy Notice unless a longer retention period is required or permitted by law.
Security of processing
We take all reasonable and appropriate measures to protect personal data from loss, misuse and unauthorized access, disclosure, alteration and destruction, taking into due account the risks involved in the processing and the nature of the personal data.
Disclosure of personal information to third parties
When acting as data controller under GDPR, the Company may forward your personal data to third parties but we minimize the amount of personal data we disclose to what is relevant and necessary to accomplish the specified purpose. We do not send your personal data to third parties for their own marketing and advertising purposes without your consent.
Your personal data may be received by the following recipients in their capacity of data controllers or processors:
-
Subcontractors of the Company acting as data processors (chatbots operations and maintenance).
-
Clients of the Company (employers). The core function of our App allows communication between employers and job seekers via chatbot. It is impossible for job seekers to apply for a job opportunity unless they send their personal data via our chatbots..
-
Telecoms and third-party messaging applications. Chatbots can operate in two system environments - browsers or messaging applications. If a candidate chooses to use messaging applications, then his personal data are processed by these messaging applications (or telecommunication operators in case of SMS service) which provide internet connectivity required by the messaging applications. Presently, chatbots can be used with the following messaging applications:
-
SMS
-
Viber
-
Telegram
-
WhatsApp
-
Facebook Messenger
-
Avito Messenger
-
-
Twilio. This is a cloud communications platform as a service (CPaaS) which allows to make and receive phone calls, send and receive text messages, and perform other communication functions using its web service APIs. Twilio hosts telephony infrastructure and provides connectivity between HTTP and the public switched telephone network (PSTN) through its APIs. Our platform can use its own Twilio account (with per-client dedicated numbers) but also allows clients to connect their own Twilio accounts. Separate Twilio numbers can be used for an entire company (all recruiters and communication) and personalized numbers for each recruiter. We have integrated Twilio in our App with the following functionality:
-
Messaging. Our App sends and receives SMS with Twilio Programmable Messaging API. This also includes WhatsApp messages.
-
Voice calls. Our App is using Twilio Voice API for voice calls (CallTran) functionality. Clients can initiate calls to Applicants from the application. Voice calls are being recorded and transcribed. Transcribe log is added to the Inbox chat as in a form of text messages (separately from the Applicant and from the recruiter). Call records are available for Clients as mp3 files for downloading.
-
Video calls. The App is using Twilio Video for video calls. Video calls are also being recorded and available for Clients in mp4 files. A recruiter can initiate a call and if the Applicant accepts it, then a video room is created, participants are joined and can talk to each other. Applicants have to allow access to their cameras and microphones for this feature to work.
-
-
Hosting providers. Companies that provide space for and host our Website.
-
Google, Instagram, Facebook and LinkedIn. When visitors come on our Website, which contains Google Analytics, Facebook Pixel and LinkedIn Ads code, some data are sent to Google, Facebook and LinkedIn - anonymized and aggregated to provide analytics and measurement reports to the Company.
-
Law enforcement agencies. We have the obligation to send personal data to official authorities upon verified request or legal process related to criminal investigations or alleged or suspected illegal activities.
-
Other companies which could get involved in M&A. If we are subject to a merger or acquisition with/by another company, your personal data may be processed by these companies.
We do not intend to transfer personal data to a third country or international organization except as set forth herein. If we transfer personal data to a third country, it shall take place only if, subject to the other provisions of GDPR, the conditions laid down in Chapter V of GDPR are complied with by the Company or other third parties in their capacity of processors, including for onward transfers of personal data from the third country or an international organization to another third country or to another international organization.
Obligatory contracts for onward transfers
In cases when personal data are transferred from the EU or Switzerland to outside the EU or Switzerland only for processing purposes, we, in our capacity of data processor, conclude contracts, regardless of our participation in the Privacy Shield. In the contracts we make sure that we:
-
Act only on instructions from the controller
-
Provide appropriate technical and organizational measures to protect personal data against accidental or unlawful destruction or accidental loss, alternation, unauthorized disclosure or access, and understands whether onward transfer is allowed
-
Taking into account the nature of the processing, assist the controller in responding to individuals exercising their rights under the Principles
Because adequate protection is provided by Privacy Shield participants, contracts with Privacy Shield participants for mere processing do not require prior authorization (or such authorization will be granted automatically by the EU Member States), as would be required for contracts with recipients not participating in the Privacy Shield or otherwise not providing adequate protection.
For transfers between controllers, the recipient controller need not be a Privacy Shield organization or have an independent recourse mechanism. The Privacy Shield organization must enter into a contract with the recipient third-party controller that provides for the same level of protection as is available under the Privacy Shield, not including the requirement that the third-party controller be a Privacy Shield organization or have an independent recourse mechanism, provided it makes available an equivalent mechanism.
Following the CJEU’s judgement in the Schrems II case (C-311/18), we rely upon standard contractual clauses for transfers to third countries and all contracts we sign with Clients and subcontractors include standard contractual clauses as appendix. If you are a Client of ours and have signed a contract with us before the CJEU’s judgement in the Schrems II case was issued, then by accepting the present Privacy Policy, you also accept the terms of the standard contractual clauses. If a Client does not accept the standard contractual clauses, the Client must quit using our Services and let us know by e-mail. The standard contractual clauses are available to all Clients upon e-mail request sent to us.
Limiting the use and disclosure of personal data (opt-in and opt-out)
When acting as controller we allow individuals whose personal data are collected in the EU or Switzerland and transferred to the US to decide, by either opt-in or opt-out, as may be required by relevant local laws, rules or regulations (including, the Privacy Shield Principles), whether their personal data may be disclosed to a third-party that is not an agent or used for a purpose that is materially different from the purpose for which it was originally collected or subsequently authorized by that individual.
For sensitive personal data, we give individuals the opportunity to affirmatively and explicitly consent (opt-in) to permit us to disclose such data to a third-party that is not an agent or use such data for a purpose other than the purpose for which it was originally collected or subsequently authorized by the individual.
We shall not seek to obtain affirmative express consent (opt-in) with respect to sensitive data where the processing is:
-
In the vital interests of the data subject or another person
-
Necessary for the establishment of legal claims or defenses
-
Related to data that are manifestly made public by the individual
We provide you the opportunity to consent to having your personal data used for certain purposes when we ask for this data and you have the right to 'opt-out' at any time, incl. by explicitly notifying us by e-mail.
Requirements to disclose
We may disclose personal data when this is necessary to conform to legal requirements or to respond to lawful requests by public authorities, including to meet national security or law enforcement requirements.
Liability in cases of onward transfers to third parties
We remain responsible and liable under the Privacy Shield Principles if a third-party that we engage to process personal information on our behalf does so in a manner inconsistent with the Privacy Shield Principles, unless we are not responsible for the matter giving rise to the damage.
We shall enter into a contract with any third-party controller that provides that such data may only be processed for limited and specified purposes consistent with the consent provided by the individual and that the recipient will provide the same level of protection as the Principles and will notify us if it makes a determination that it can no longer meet this obligation.
To transfer personal data to a third-party acting as an agent, we shall:
-
Transfer such data only for limited and specified purposes
-
Ascertain that the agent is obligated to provide at least the same level of privacy protection as is required by the Principles
-
Take reasonable and appropriate steps to ensure that the agent effectively processes the personal information transferred in a manner consistent with our obligations under the Principles
-
Require the agent to notify us if it makes a determination that it can no longer meet its obligation to provide the same level of protection as is required by the Principles
-
Upon notice take reasonable and appropriate steps to stop and remediate unauthorized processing
-
Provide a summary or a representative copy of the relevant privacy provisions of the contract with that agent to the Department upon request.
Right of individuals to access their personal data
Upon request sent to our e-mail address, we send data subjects confirmation as to whether personal data concerning them are being processed, and if they are processed:
-
The purposes of the processing
-
The categories of personal data concerned
-
The recipients or categories of recipient to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organizations
-
Where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period
-
The existence of the right to request from us rectification or erasure of personal data or restriction of processing of personal data concerning any data subject or to object to such processing
-
The right to lodge a complaint with a supervisory authority
-
Where the personal data are not collected from the data subject, any available information as to their source
-
The existence of automated decision-making, including profiling
Right of access
We provide individuals access to their personal information we hold, as well as we can, upon request, correct, amend, or delete that information where it is inaccurate, or has been processed in violation of the Principles, except where the burden or expense of providing access would be disproportionate to the risks to the individual’s privacy in the case in question, or where the rights of persons other than the individual would be violated.
Access shall be provided in the form of disclosure of the relevant personal information to the individual and shall not require access by the individual to our databases. We shall not provide access unless we have been supplied with sufficient information to allow us to confirm the identity of the person making the request.
Individuals have the right to:
-
Obtain confirmation of whether or not we are processing personal data relating to them
-
Have communicated to them such data so that they could verify its accuracy and the lawfulness of the processing
-
Have the data corrected, amended or deleted where it is inaccurate or processed in violation of the Principles
The right of access to personal data may be restricted in exceptional circumstances where the legitimate rights of persons other than the individual would be violated or where the burden or expense of providing access would be disproportionate to the risks to the individual’s privacy in the case in question. Expense and burden are important factors and should be taken into account but they are not controlling factors in determining whether providing access is reasonable.
Confidential commercial information is information that we protect from disclosure, where disclosure would help a competitor in the market and therefore, we may deny or limit access to the extent that granting full access would reveal such confidential commercial information. Where confidential commercial information can be readily separated from other personal information subject to an access request, we shall redact the confidential commercial information and make available the non-confidential information.
We can restrict access in specific cases to the extent that disclosure is likely to interfere with the safeguarding of important countervailing public interests, such as national security, defense or public security. In addition, where personal information is processed solely for research or statistical purposes, access may be denied.
Other reasons for denying or limiting access are:
-
Interference with the execution or enforcement of the law or with private causes of action, including the prevention, investigation or detection of offenses or the right to a fair trial
-
Disclosure where the legitimate rights or important interests of others would be violated
-
Breaching a legal or other professional privilege or obligation
-
Prejudicing employee security investigations or grievance proceedings or in connection with employee succession planning and corporate re-organizations
-
Prejudicing the confidentiality necessary in monitoring, inspection or regulatory functions connected with sound management, or in future or ongoing negotiations
We can provide an electronic copy of the personal data undergoing processing free of charge to individuals but for any further copies requested by them we may charge a reasonable fee based on administrative costs. The fee we may charge shall not be excessive and it may be justified, for example, where requests for access are manifestly excessive, in particular because of their repetitive character. Access may not be refused on cost grounds if the individual offers to pay the costs.
Personal data related inquiries or complaints
Our Company has committed to cooperate with the panel established by the EU data protection authorities (DPAs) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to unresolved Privacy Shield complaints concerning data transferred from the EU and Switzerland. We are subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC).
In compliance with the Privacy Shield Principles, we commit to resolve complaints about our collection or use of your personal data. EU and Swiss individuals with inquiries or complaints regarding our Privacy Shield commitment should first contact us by sending an email to privacy@hireme2.ai. We take the responsibility to respond to a complaint within 45 days of receiving it.
For complaints that cannot be resolved between us and the complainant, we agree to participate in the dispute resolution procedures of the panel established by the EU data protection authorities (DPAs) or Swiss Federal Data Protection and Information Commissioner (FDPIC) pursuant to the Privacy Shield Principles - independent dispute resolution bodies designated to address complaints and provide appropriate recourse free of charge to the individual.
US Federal Trade Commission Enforcement
Our Privacy Shield compliance is subject to the investigatory and enforcement powers of the US Federal Trade Commission (FTC).
CAN SPAM Act
The CAN-SPAM Act is a law that sets the rules for commercial email, establishes requirements for commercial messages, gives recipients the right to have emails stopped from being sent to them, and spells out tough penalties for violations.
According to the requirements of this act, we hereby notify you that we collect your email address in order to:
-
Send information, respond to inquiries, and/or other requests or questions;
-
Process orders and to send information and updates pertaining to orders;
-
Send you additional information related to our product and/or service;
-
Market to our mailing list or continue to send emails to our clients after the original transaction has occurred.
To be in accordance with CAN SPAM Act, we agree to the following:
-
Not to use false or misleading subjects or email addresses;
-
Identify the message as an advertisement in some reasonable way;
-
Include the physical address of our business or Website headquarters;
-
Monitor third-party email marketing services for compliance, if one is used;
-
Honor opt-out/unsubscribe requests quickly;
-
Allow Users to unsubscribe by using the link at the bottom of each email.
If at any time you would like to unsubscribe from receiving future emails, you can email us at info@hireme2.ai and we will promptly remove you from all future correspondence.
California Residents - and CalOPPA (California Online Privacy Protection Act)
California Online Privacy Protection Act (CalOPPA) is the first state law in the US to require commercial websites and online services to post a privacy policy. The law's reach stretches well beyond California to require any person or company in the United States (and conceivably the world) that operates websites collecting personal data from California consumers to post a conspicuous privacy policy on its website stating exactly the information being collected and those individuals or companies with whom it is being shared.
See more at: http://consumercal.org/california-online-privacy-protection-act-caloppa/#sthash.0FdRbT51.dpuf
According to CalOPPA, we agree to the following:
-
Users can visit our Website anonymously;
-
Once this Privacy Policy is created, we will add a link to it on our home page or as a minimum, on the first significant page after entering our Website;
-
Our Privacy Policy link includes the word 'Privacy' and can easily be found on the page specified above;
-
Users will be notified of any Privacy Policy changes: on our Privacy Policy page;
-
Users can change their personal information: (a) by logging into their account; or (b) by email or chatting with us via support feature in our Services.
California law permits residents of California to request notice of how their information is shared with third parties for direct marketing purposes or to opt-out of such sharing. If you are a California resident and would like a copy of this notice or to opt-out, please submit a written request at privacy@hireme2.ai.
COPPA (Children Online Privacy Protection Act)
When it comes to the collection of personal data from children under the age of 13 years old, the Children's Online Privacy Protection Act (COPPA) puts parents in control. The Federal Trade Commission, United States' consumer protection agency, enforces the COPPA Rule, which spells out what operators of websites and online services must do to protect children's privacy and safety online.
We are sensitive to the issue of children’s privacy. Therefore, our Website and Services are neither developed for, nor directed at, children under the age of 13 years old. If you believe your child has provided us with personal data, and you would like to have the data removed, please get in touch with us at the contact information set out below.
Processing of Personal Data of Data Subjects under GDPR
This section does not apply to companies (incl. Clients) but only to data subjects under GDPR (Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the Protection of Natural Persons with Regard to the Processing of Personal Data and on the Free Movement of Such Data, and Repealing Directive 95/46/EC (General Data Protection Regulation). In all circumstances when GDPR is applicable, in the event of contradiction between any provision in this Privacy Policy and a provision from this section of the Privacy Policy, the provision from this section prevails, regardless of any provision to the contrary in any other part of the Privacy Policy. In all cases when GDPR is applicable, in the event of contradiction between any provision of GDPR and a provision from the Privacy Policy, GDPR provision shall prevail, regardless of any provision to the contrary in any other part of the Privacy Policy.
We honor the following principles relating to processing of personal data, which data are:
-
Processed lawfully, fairly and in a transparent manner;
-
Collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes;
-
Adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed;
-
Accurate and, where necessary, kept up to date;
-
Kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed;
-
Processed in a manner that ensures appropriate security of the personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organizational measures.
For the purposes of this section “personal data” means any information relating to an identified or identifiable natural person (“data subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person and “processing” means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
Representative in the EU and Data protection officer of the Company is Trifonov Law Offices LLC which can be contacted at gdpr@trifonov.info or 21, Mali Bogdan Str., Plovdiv, Bulgaria.
The Company processes the following personal data through the Services:
-
When you use our Website (visit pages, send enquiries, etc.):
-
Records of your interaction with the Website (system logs);
-
Actions taken on the Website, including date and time of use, clicks, page views, the amount of time you spend on each page, and search queries;
-
Data from your computer or mobile device, including, but not limited to, your browser type, operating system, IP address and the domain name from which you accessed the Website, and if you are accessing our Website with your mobile device, the type of mobile device;
-
Cookies, incl. third-party cookies, that contain anonymous data for statistical use;
-
Any comments or other information you provide when you post opinions, queries or other information on the Website;
-
Identifying information such as your name, e-mail address, etc. when you send us a message or open a support ticket.
-
-
When you use our platform and its modules, as follows:
-
HireMe2. A software platform for recruiters at Clients’ companies and for job candidates. Human recruiters decide whether they want to initiate conversation with the candidates for job purposes.
-
HireMe2 Talent Pool Engagement. With the consent of Applicants, Clients keep Applicants’ profiles and build employee pools to fill new job openings faster by sharing job openings with past candidates who might be qualified for the role.
-
HireMe2 Screening. Feature allowing recruiters to predefine questions that matter most to the Clients and indicate whether they are requirements or preferences.
-
HireMe2 Video Interviewing. With this feature candidates can prerecord video interviews.
-
-
Please note that when data subjects use our Website, we collect and process data in the capacity of data controller, while when data subjects interact with chatbots we collect and process data in the capacity of data processor (in which case Clients that are using chatbots for recruitment purposes act as data controllers). When demo versions of chatbot are used (where no real employers are present and no real data are used), the Company acts in the capacity of data controller. All requests by data subjects regarding their personal data, collected by Clients (data controllers) in chatbots and processed by the Company that runs and maintains the platform (data processor) shall be filed directly to the respective data controller.
The Company processes personal data for the following purposes:
-
Providing our App services. Our App is an interactive online recruiting platform which contains multiple instructions, codes and algorithms, the combination of which allows it to perform its assigned functions. This AI software product provided by the Company decreases manual labor for recruiters and the time of the hiring process by involving Applicants in an interactive conversation that both asks questions (predefined by Clients or HireMe2).
-
Technical support and assistance. To follow up with users after correspondence / opening a support ticket on our Website / in the App’s interface. If data subjects experience problems with the Services or have any questions to the use of the Services, they can send the Company a message which includes personal data such as name, e-mail address, etc.
-
Statistical use and improving performance. The Company uses data for analytics and measurement to understand how the Services are used, for example reviewing information about system crashes experienced by users allows us to identify and fix problems and provide better user experience;
-
To prevent or investigate security breaches or any illegal activities related to our Services.
-
To advertise our Services. We advertise our Services on our Website. From time to time we may contact you by e-mail or telephone and send you messages with relevant information about our Services.
We are processing personal data on the following legal grounds:
-
Legitimate interests. We have legitimate interests to process your personal data with the purpose of improving our Services (by analyzing how the Services are used, for example reviewing information about system crashes, etc.) to meet the needs of our users except where such interests are overridden by the interests or fundamental rights and freedoms of data subjects which require protection of personal data;
-
Consent. When you visit our Website, you agree that we collect and process certain data for statistical and other similar purposes. We seek your consent to contact you by e-mail or telephone and send you advertising messages with relevant information about our Services.
-
Contract and consent. When chatbots are used by Applicants, recruiters at Clients’ companies collect and process their personal data in the capacity of data controllers, based on the consent given by Applicants or on any other legal ground considered by the data controllers to be applicable. The Company processes the aforementioned personal data collected by data controllers in its capacity of data processor, based on contracts between the Company and the said data controllers. The same personal data are processed by subcontractors of the Company in their capacity of data processors, based on contracts between the Company and its subcontractors.
When acting as data controller, the Company may forward your personal data to third parties but we minimize the amount of personal data we disclose to what is relevant and necessary to accomplish the specified purpose. We do not send your personal data to third parties for their own marketing and advertising purposes without your consent. Your personal data may be received by the following recipients in their capacity of data controllers or processors:
-
Subcontractors of the Company acting as data processors (chatbots operations and maintenance).
-
Clients of the Company (employers). The core function of our Service allows communication between employers and job seekers. It is impossible for job seekers to apply for a job position unless they send their personal data to the respective employer.
-
Hosting providers. Companies that provide space for and host our Website (i.e. WIX).
-
Law enforcement agencies. We have the obligation to send personal data to official authorities upon verified request or legal process related to criminal investigations or alleged or suspected illegal activities.
-
Other companies which could get involved in M&A. If we are subject to a merger or acquisition with/by another company, your personal data may be processed by these companies.
We do not intend to transfer personal data to a third country or international organization except as set forth herein. If we transfer personal data to a third country, it shall take place only if, subject to the other provisions of GDPR, the conditions laid down in Chapter V of GDPR are complied with by the Company or other third parties in their capacity of processors, including for onward transfers of personal data from the third country or an international organization to another third country or to another international organization.
When the company acts in its capacity of personal data controller, in the general case we store your personal data for as long as necessary to provide the Services (until hosting, system or other similar logs expire) but we have fixed storage duration for the cases in which data subjects manually provide personal data, incl. sensitive data. Personal data of Applicants who explicitly provide it to chatbots for the purpose of job interviews or communication with employers (questions, answers, any other text information, documents, audio or video files, etc.) are in the general case kept for 3 months and then deleted by the Company (personal data processor), unless otherwise decided by a Client (personal data controller). Applicants’ behavior is not tracked by the Company as part of their interaction with chatbots.
We care about the following rights of data subjects:
-
Right of access by data subjects. Upon request sent to our e-mail address, we send data subjects confirmation as to whether personal data concerning them are being processed, and if they are processed:
-
the purposes of the processing;
-
the categories of personal data concerned;
-
the recipients or categories of recipient to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organizations;
-
where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
-
the existence of the right to request from us rectification or erasure of personal data or restriction of processing of personal data concerning any data subject or to object to such processing;
-
the right to lodge a complaint with a supervisory authority;
-
where the personal data are not collected from the data subject, any available information as to their source;
We can provide an electronic copy of the personal data undergoing processing free of charge to data subjects but for any further copies requested by data subjects we may charge a reasonable fee based on administrative costs.
-
Right to rectification. Data subjects can ask us to rectify inaccurate personal data concerning them by sending us an e-mail request. Data subjects have the right to have incomplete personal data completed, including by means of providing a supplementary statement sent by e-mail.
-
Right to erasure (‘right to be forgotten’). Data subjects can request erasure of their personal data. We take the obligation to erase personal data without undue delay where one of the following grounds applies:
-
the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
-
a data subject withdraws his consent on which the processing is based and there is no other legal ground for processing;
-
a data subject objects to the processing and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing;
-
the personal data are proven to have been unlawfully processed;
-
the personal data have to be erased for compliance with a legal obligation in EU or Member State law to which the Company is subject;
-
the personal data have been collected in relation to the offer of information society services.
-
Right to restriction of processing. Data subjects can request restriction of processing in the following cases:
-
the accuracy of personal data is contested by a data subject, for a period enabling us to verify the accuracy of the personal data;
-
the processing is found to be unlawful and a data subject opposes the erasure of the personal data and requests the restriction of their use instead;
-
we no longer need the personal data for the purposes of the processing, but they are required by a data subject for the establishment, exercise or defense of legal claims;
-
a data subject has objected to processing, pending the verification whether the legitimate grounds of the Company override those of the data subject.
If we honor such request, personal data shall only be stored by us but not processed, unless with the data subject's consent or for the establishment, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest.
-
Right to data portability. Data subjects have the right to receive their personal data which they have provided. Data subjects use our Services without registration or creating a profile so they can receive by the respective data controller the same data which they have sent during a chatbot interview.
-
Right to object. Data subjects have the following rights in this regard:
-
right to object to processing of their personal data which processing is necessary for the performance of a task carried out in the public interest or is necessary for the purposes of the legitimate interests pursued by the Company or by a third-party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data;
-
if personal data are processed for direct marketing purposes, data subjects have the right to object at any time to processing of their personal data in which case the personal data shall no longer be processed for such purposes.
-
Right to withdraw consent. Data subjects have the right to withdraw their consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.
-
Right to lodge a complaint. Data subjects can send complaints to our Data protection officer if they have any concerns regarding any personal data or privacy issues related to our Services: privacy@hireme2.ai.
The Company shall communicate any rectification or erasure of personal data or restriction of processing carried out in accordance with the rules in this Privacy Policy to each recipient to whom the personal data have been disclosed, unless this proves impossible or involves disproportionate effort. We will inform any data subject about those recipients upon request.
Data subjects agree that they have no obligation to provide personal data while using our Services. If no data are provided some aspects of our Services may be limited (for example in cases when cookies are not allowed by data subject’s browser) or useless (for example if an Applicant does not provide personal data to chatbot, then the respective employer at Client’s company cannot contact the Applicant to hire him which is the main purpose of job interviews).
Profiling decision making depends entirely on theClients. Every Client can have different preferences as to the skills of any Applicant (e.g. languages spoken, diplomas and qualification, etc.), then it is up to recruiters or HRs to decide which Applicant would best fit to their needs.
We do not intend to further process your personal data for any purpose other than that for which the personal data are collected. Should we decide to use your personal data for other purposes, we will ask for your consent prior to using it.
Additional Information about this Privacy Policy
More details concerning the collection or processing of Personal Data may be requested from HireMe2. at any time. Please see the contact information below at the end of this page.
Contact Us
If there are any questions, concerns or complaints regarding this Privacy Policy, you can contact us using the information below.
HireMe2
Hireme2 is located in Harvard square at: 125 Mount Auburn St., Cambridge, MA 02138.
Please also feel free to contact us if you have any questions, concerns or complaints about our data collection or processing practices of our Services, or if you want to report any security violations to us.