Effective September 26, 2018
This Policy explains how we may Process your information. This Policy may be amended or updated from time to time, so please check it regularly for updates.
2. What Categories of Information We May Process
We may Process your personal details (e.g., your name), demographic data (e.g., your age), your contact details (e.g., your address), records of your consents, information about your interactions with our content or potential advertising, and any views or opinions you provide to us.
We may also Process information about you from your use of our Services (e.g., the type of device you are using, the internet service provider, etc.), including your interactions with content on the Services.
“Personal Information” means information that is about any individual, or from which any individual is directly or indirectly identifiable.
“Process“, “Processing” or “Processed” means anything that is done with any Personal Information, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
We may Process the following categories of Personal Information about you:
- Personal details: your name, username or log in details, password, areas or topics of interest, and photograph (if you or another user posts a photo on the Service).
- Demographic information: gender, age/date of birth, nationality, salutation, job title, employer company information, education, work experience and other professional information, and language preferences.
- Contact details: postal address, telephone and/or mobile number, email address, and your public social media handles or profile(s).
- Consent records: records of any consents you may have given, together with the date and time, means of consent and any related information (e.g., the subject matter of the consent).
- Location information: location data that describes the precise geographic location of your device (“Precise Location Data“).
- Employer details: where you interact with us in your capacity as an employee, the contact information of your employer company to the extent relevant.
- Views and opinions: any views and opinions that you or other users choose to send to us, or publicly post on social media platforms or in the Services, including on forums.
We also collect other kinds of information from you or other sources, which we refer to as “Other Information” in this Policy, which may include but is not limited to:
- Information about your use of the Services, such as usage data and statistical information, which may be aggregated.
- Non-precise information about the approximate physical location (for example, at the city or zip code level) of a user’s computer or device derived from the IP address of such computer or device (“GeoIP Data“).
- Device identification (“ID”), which is a distinctive number associated with a smartphone or similar handheld device, but is different than a hardware serial number.
- Internet Protocol (“IP”) address, which is a unique string of numbers automatically assigned to your device whenever you access the Internet.
- Internet connection means, such as internet service provider (“ISP”), mobile operator, WiFi connection, service set identifier (“SSID”), International Mobile Subscriber Identity (“IMSI”) and International Mobile Equipment Identity (“IMEI”).
- Device type, settings and software used.
- Log files, which may include IP addresses, browser type, ISP referring/exit pages, operating system, date/time stamps and/or clickstream data, including any clicks on customized links.
- Web Beacons, which are electronic files that allow a website to count users who have visited that page or to access certain cookies.
- Pixel Tags, also known as clear GIFs, beacons, spotlight tags or web bugs, which are a method for passing information from the user’s computer to a third party website.
- Local Shared Objects, such as Flash cookies, and Local Storage, such as HTML5.
- Mobile analytics to understand the functionality of our mobile applications and software on your phone.
Under certain circumstances and depending on applicable law, some of this Other Information may constitute Personal Information. Personal Information together with Other Information is hereinafter referred to as “User Information“.
3. Sensitive Personal Information
We do not collect or otherwise Process Personal Information about race or ethnicity, political opinions, religious or philosophical beliefs, trade union membership, physical or mental health, sexual life, any actual or alleged criminal offences or penalties, or any other information that may be deemed to be sensitive under GDPR (collectively, “Sensitive Personal Information“) in the ordinary course of our business. Where it becomes necessary to Process Sensitive Personal Information under GDPR, we would rely on one of the following legal bases:
- Compliance with applicable law: We may Process your Sensitive Personal Information where the Processing is required or permitted by applicable law.
- Detection and prevention of crime: We may Process your Sensitive Personal Information where the Processing is necessary for the detection or prevention of crime (including the prevention of fraud).
- Establishment, exercise or defense of legal rights: We may Process your Sensitive Personal Information where the Processing is necessary for the establishment, exercise or defense of legal rights.
- Consent: We may Process your Sensitive Personal Information where we have, in accordance with applicable law, obtained your prior, express consent prior to Processing your Sensitive Personal Information.
Children. The Services are not intended for use by children, especially those under 13. No one under the age of 13 should provide any Personal Information or use our public discussion areas, forums or chats. If, notwithstanding these prohibitions, your children disclose information about themselves in our public discussion areas, consequences may occur that are not intended for children (for example, they may receive unsolicited messages from other parties). If it is discovered that we have collected Personal Information from someone under 13, we will delete that information immediately.
4. Purposes for Which We May Process Your Information
The purposes for which we may Process User Information, subject to applicable law, include:
- Provision of the Services to You: providing the Services to you from HR KIT® or our partners including (i) offering of contests, as well as chat areas, forums and communities, (ii) posting of your personal testimonial alongside other endorsements, (iii) display of your personal reviews of events, products or services, (iv) allowing you to search for other website members using information you may already know about that member such as username, full name, employer company or position and identify users matching that criteria, (v) management of your account, and (vi) customer support and relationship management.
- Offering and Improving the Services: operating and managing the Services for you, providing personalized content to you, communicating and interacting with you via the Services, identifying issues with the Services and planning improvements to or creating new Services, and notifying you of changes to any of our Services.
- Surveys: engaging with you for the purposes of obtaining your views on our Services.
- Communications: communicating with you via any means (including via email, telephone, text message, social media, post or in person) regarding news items and other information in which you may be interested, subject to ensuring that such communications are provided to you in compliance with applicable law, maintaining and updating your contact information where appropriate, and obtaining your prior, opt-in consent where required.
- IT Administration: administration of HR KIT®’ information technology systems, network and device administration, network and device security, implementing data security and information systems policies, compliance audits in relation to internal policies, identification and mitigation of fraudulent activity, and compliance with legal requirements.
- Security: electronic security measures (including monitoring of login records and access details) to help mitigate the risk of and provide the ability to identify and rectify a security incident.
- Investigations: detecting, investigating and preventing breaches of policy, and criminal offences, in accordance with applicable law.
- Legal Proceedings: establishing, exercising and defending legal rights.
5. Cookies and Similar Tracking Technologies
We may Process your User Information by placing or reading Cookies and similar technologies on the Services and Channels. Certain tracking technologies enable us to assign a unique identifier to you, and relate information about your use of the Services to Other Information about you, including your User Information for the purposes of learning more about you so we can provide you with relevant content. We and our partners also use these technologies to analyze trends, administer the Services, collect and store information such as user settings, anonymous browser identifiers and video viewing history, supplement to our server logs and other methods of traffic and response measurement, track users’ location and movements around the Services, gather demographic information about our user base, and to improve our understanding of traffic on the Services, visitor behavior, and responses to promotional campaigns.
Tracking technologies on the Services may be deployed by HR KIT® and/or by our service providers or partners. Certain tracking technologies enable us to assign a unique identifier to you, and relate information about your use of the Services to other information about you, including your User Information. We may match information collected from you through different means or at different times and use such information along with offline and online information obtained from other sources (including from third parties), including, but not limited to, demographic information and updated contact information, for the purposes of learning more about you so we can provide you with relevant content.
We and our partners (including but not limited to e-commerce partners, affiliates, and analytics providers) also may use technologies such as pixel tags, e-tags, IP addresses, Local Shared Objects, Local Storage, Flash cookies and HTML5 to analyze trends, administer the Services, collect and store information such as user settings, anonymous browser identifiers and video viewing history, supplement our server logs and other methods of traffic and response measurement, track users’ location and movements around the Services, gather demographic information about our user base, and to improve our understanding of traffic on the Services, visitor behavior, and responses to promotional campaigns. We may receive reports based on the use of these technologies by these third party companies on an individual and aggregated basis. For example, we may connect information about your IP address to known corporate or User Information and use the associated information related to aggregate content preferences to assist in our efforts to provide services to you.
We may use mobile analytics software to collect data and to better understand the functionality of our mobile software, devices and applications on your phone and other devices. This software may record information such as how often you use the application, the events that occur within the application, aggregated usage, performance data, and where the application was downloaded from. We may link this information to User Information.
6. What is the Lawful Basis for Processing Personal Information
We may Process your User Information where: you have given your consent, the Processing is necessary for a contract between you and us, the Processing is required by applicable law, the Processing is necessary to protect the vital interests of any individual, or where we have a valid legitimate interest in the Processing.
In Processing your User Information in connection with the purposes set out in this Policy, we may rely on one or more of the following legal bases, depending on the circumstances:
- Consent: We may Process your User Information where we have obtained your prior, express consent to the Processing (this legal basis is only used in relation to Processing that is entirely voluntary – it is not used for Processing that is necessary or obligatory in any way),
- Contractual necessity: We may Process your User Information where the Processing is necessary in connection with any contract that you may enter into with us,
- Compliance with applicable law: We may Process your User Information where the Processing is required by applicable law,
- Vital interests: We may Process your User Information where the Processing is necessary to protect the vital interests of any individual, or
- Legitimate interests: We may Process your User Information where we have a legitimate interest in carrying out the Processing for the purpose of managing, operating or promoting our business, and that legitimate interest is not overridden by your interests, fundamental rights, or freedoms.
7. What Information We Disclose to Third Parties
We may disclose your User Information to: legal and regulatory authorities, our external advisors, parties who Process User Information on our behalf (“Processors“), any party as necessary in connection with legal proceedings, any party as necessary for investigating, detecting or preventing criminal offences, and any third party providers of advertising, plugins or content used on the Services.
We may disclose your User Information to other entities within the Company group, for legitimate business purposes (including operating the Services, and providing services to you), in accordance with applicable law. In addition, we may disclose your User Information to:
- legal and regulatory authorities, upon request, or for the purposes of reporting any actual or suspected breach of applicable law or regulation,
- outside professional advisors (such as accountants, auditors, or lawyers), subject to binding contractual obligations of confidentiality,
- third party Processors (such as analytic providers, data centers, etc.), located anywhere in the world, subject to the requirements noted below in Section 8,
- any relevant party, law enforcement agency or court, to the extent necessary for the establishment, exercise or defense of legal rights,
- any relevant party for the purposes of prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, including safeguarding against and the prevention of threats to public security,
- any relevant third party acquirer(s), in the event that we sell or transfer all or any relevant portion of our business or assets (including in the event of a reorganization, dissolution or liquidation),
- other third parties, GDPR compliant (e.g., third party providers of goods and services, content publishers and retailers).
With respect to surveys, in the event that responses are publicly disclosed, users will be notified at the time they take the survey. Otherwise we will disclose only aggregate information regarding its users’ responses in surveys to other participants in the survey. Where surveys allow users to submit written comments, and where HR KIT® advises users of the possibility of such disclosure at the time they take the survey, HR KIT® reserves the right to disclose any information provided by users, provided that no User Information identifying a specific user is disclosed.
HR KIT® may use third party service companies to perform related services when you interact with the Services. Often, these third party companies employ cookies and other technologies to measure the effectiveness of website, app and email and to create a record of interaction with our content that they use in conjunction with other sites or applications, or for reporting website traffic, app use, statistics and/or other activities on the Services. We also engage third party providers to assist with the segmentation of this data.
We may engage third party providers to assist with the collection, storage and segmentation of Online Data and the providers are required to maintain the confidentiality of this information. These third party providers may collect User Information from our Services for their own purposes, including but not limited to monitoring fraud around the web.
We may also engage third parties for the purpose of recognizing our users and delivering interest-based content to them. We may share your User Information with our partners such as your name, postal address, email, or other identifier. Our partners may also: (i) collect information directly from your device, such as your IP address, device ID, and information about your browser or operating system, (ii) combine User Information about you received from HR KIT® with information about you from other sites or services, and (iii) place or recognize a unique cookie on your browser.
If we engage a third-party Processor to Process your User Information, the Processor will be subject to binding contractual obligations to: (i) only Process the User Information in accordance with our prior written instructions, and (ii) use measures to protect the confidentiality and security of the User Information, together with any additional requirements under applicable law.
8. International Transfers of Information
Because of the international nature of our business, we may need to transfer your User Information within the HR KIT®, and to third parties as noted in Section 7 above, in connection with the purposes set out in this Policy. For this reason, we may transfer your User Information to other countries that may have different laws and data protection compliance requirements to those that apply in the country in which you are located.
9. Data Security
We have implemented appropriate technical and organizational security measures designed to protect your User Information against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, unauthorized access, and other unlawful or unauthorized forms of Processing, in accordance with applicable law. In certain instances we may use Secure Sockets Layer encryption and/or transfer certain User Information in a non-human readable format to provide protection. However, we cannot guarantee there will not be a breach, and we are not responsible for any breach of security or for the actions of any third parties.
Because the internet is an open system, the transmission of information via the internet is not completely secure. Although we will implement reasonable measures to protect your information, we cannot guarantee the security of your data transmitted to us using the internet (e.g when you are connected to free or home or guest WiFi). Any such transmission is at your own risk and you are responsible for ensuring that any Personal Information that you send to us are sent securely.
10. Data Accuracy
We take every reasonable step to ensure that your User Information that we Process is accurate and, where necessary, kept up to date, and any of your User Information that we Process that you inform us is inaccurate (having regard to the purposes for which they are Processed) is erased or rectified.
11. Data Minimization
We take every reasonable step to ensure that your User Information that we Process is limited to the User Information reasonably necessary in connection with the purposes set out in this Policy or as required to provide you services or access to the Services.
12. Data Retention
We take every reasonable step to ensure that your User Information is only Processed for the minimum period necessary for the purposes set out in this Policy. The criteria for determining the duration for which we will keep your User Information are as follows: we will retain copies of your User Information in a form that permits identification only for as long as is necessary in connection with the purposes set out in this Policy, unless applicable law requires a longer retention period. Unless there is a specific legal requirement for us to keep the information, we plan to retain it for no longer than is necessary to fulfill a legitimate business need.
13. What Can I Do to Control My Information?
You have certain rights including: the right not to provide your Personal Information to us, the right of access to your Personal Information, the right to request rectification of inaccuracies, the right to request the erasure, or restriction of Processing, of your Personal Information, the right to object to the Processing of your Personal Information, the right to have your Personal Information transferred to another controller, the right to withdraw consent, and the right to lodge complaints with supervisory authorities. We may require proof of or need to verify your identity before we can give effect to these rights.
You may directly take steps to change your preferences as follows:
Push Notifications. We send you push notifications from time-to-time in order to update you about any events or promotions that we may be running. If you no longer wish to receive these types of communications, you may turn them off at the device level. To ensure you receive proper notifications, we will need to collect certain information about your device such as operating system and user identification information.
Your Newsletter and Email Subscriptions. You can opt out or unsubscribe to a newsletter or other email list at any time by following the instructions at the end of the newsletters or emails you receive. On some Services, member service-related communications are an integral part of such Services to which you subscribe and you may continue to receive emails as part of that particular portion of the Services unless you cancel your account, even if you opt out of the newsletters or email list. If you have provided more than one email address to us, you may continue to be contacted unless you request to unsubscribe each email address you have provided.
Cookies and Pixel Tags. You may stop or restrict cookies and pixel tags on your computer or purge cookies from your browser by adjusting your web browser preferences. However, if you “turn off,” purge, or disable cookies or pixel tags, although you may still use the Services, you may not be able to use all of the features, functions, or services available on the Services.
Location Based Services. You may opt-out of having your Precise Location Data collected by HR KIT®. at any time by editing the appropriate setting on your mobile device (which is usually located in the Settings area of your device).
EU Residents. GDPR provides certain rights for EU residents. You may decline to share certain information with us, in which case we may not be able to provide some of the features and functionality of the Services. These rights include, in accordance with applicable law, the right to object to or request the restriction of processing of your information, and to request access to, rectification, erasure and portability of your own information. Where we process your information on the basis of your consent, you have the right to withdraw that consent (noting that such withdrawal does not affect the lawfulness of any Processing performed prior to the date on which we receive notice of such withdrawal, and does not prevent the Processing of your Personal Information in reliance upon any other available legal bases). Requests should be submitted by contacting us (using the contact instructions in Section 15 below). If you are an EU resident and have any unresolved privacy concern that we have not addressed satisfactorily after contacting us, you have the right to contact the appropriate EU Supervisory Authority and lodge a complaint.
15. Contact Details
If you have any comments, questions or concerns about any of the information in this Policy, or any other issues relating to the Processing of User Information carried out by us, or on our behalf, please contact:
Our Data Protection Officer may be contacted at firstname.lastname@example.org.
© 2018 HR KIT® All Rights Reserved