We, at Active-You Threed Ltd., are committed to respecting our customers’ and their users’ (candidates and/or employees) privacy, protecting their personal information and making sure it is used properly by us.
“Personal Information” means details which identify you or could be used to identify you or your Users, such as name and contact details, email address, residence, employment and education history, profile picture, resume, raw data from recruitments process and tests, test results, information from social media sites, etc.
“Non Personal Information” means information that is not Personal Information, such as anonymized information.
“Users” means your candidates and/or employees using our Services and whose Personal and Non Personal Information is provided to us and/or loaded to our system or otherwise used in the course of the Services.
“GDPR” means the General Data Protection Regulation (EU) 2016/679, as amended from time to time.
“Services” means use of our products or services, including through the Assense product.
This Policy was originally written in English. If you are reading a translation and it conflicts with the English version, please note that the English version prevails.
- Personal Information about you, including your representatives, that we collect, use, or otherwise process regarding your relationship with us as a customer or potential customer; and
- Information we receive through the Services, including Personal Information about your Users, if and to the extent that we will have access to such information for the purpose of providing the Services and/or such information will be stored with us or on our behalf (for example, where we provide our customers with hosting or cloud services).
- THE TYPES OF PERSONAL INFORMATION THAT WE COLLECT
PERSONAL INFORMATION THAT YOU PROVIDE TO US
Customer information. We will ask you to provide certain Personal Information in order for us to perform the Services. The nature of the Services you are requesting will determine the kind of Personal Information we might ask for, though such information may include (by way of a non-exhaustive list):
name, company name, job position, contact details (including email address and telephone number) and password.
User information. The Services offered by us require us to obtain Personal Information about your Users in order to perform the Services we have been engaged to provide. Such Personal Information may include (by way of a non-exhaustive list):
name, contact details (including email address and telephone number), residence, employment and education history, profile picture, and resume.
User’s video interview.
Any other data the User or you choose to share, e.g. link for portfolio (for artists for example), questions asked by you in the interview.
PERSONAL INFORMATION THAT WE COLLECT OR GENERATE
In addition to the information you provide to us, we may gather additional Personal Information. This includes (by way of a non-exhaustive list):
a file with your contact history when you, or someone on your behalf, contacts us;
raw data from the use of the Services relating to the recruitment process and tests, including information collected through our mixed reality experiences, such as: head movement and gaze, eye gaze tracking, blinks and pupil size, User’s position and orientation, interaction with the virtual environment – clicks and choices and the User test results.
PERSONAL INFORMATION WE OBTAIN FROM OTHER SOURCES
Third parties. We may obtain Personal Information about you and/or your Users from third parties, such as companies contracted by us to assist in the provision of the Services, companies who provide details to us under their privacy polices providing information to be shared with us, or public information that we collect as part of the Service from third party sites such as Facebook and LinkedIn, or any other means.
We also use first and third party “cookies” as part of the Services to track your representative’s use of the Services, such as the number of jobs opened through the Services, the number of candidates assigned through the Services, etc.
Gifs. We may use GIFs in order to collect information. Clear GIFs are tiny graphics with a unique identifier, similar in function to cookies. In contrast to cookies, which are stored on your computer’s hard drive, clear GIFs are embedded invisibly on web pages.
- ANONYMIZED DATA
In addition to the categories of Personal Information described above, we will also process further anonymized information and data that is not processed by reference to a specific individual. We may collect this anonymized data in the following ways:
- Information that your browser sends when you use our Service (“Log Data”). This Log Data may include, but is not limited to, browser type, the web page you were visiting and information you search.
- In order to operate and improve our Website, we may use web analytics services to help us understand how people use the Website, which recognise your browser or device. The information collected is anonymous and only used for statistical purposes, and it helps us to analyse patterns of user activity and to develop a better user experience.
- Other websites and applications may also place or read cookies on your computer’s browser. Please see below the section “SHARING INFORMATION WITH OTHERS”.
5. HOW WE USE PERSONAL INFORMATION
Customer information. Personal Information is used for the following primary purposes (as may be updated from time to time): to (i) provide the Services, including, without limitation, creating your account and profile and disclosure of such profile (including Personal Information and Non-Personal Information) to such persons designated by you for the purpose of the Services; (ii) monitor and analyze use of the Services and study and analyze the functionality of the Services; (iii) for the technical administration and troubleshooting of the Services and to provide support and maintain the Services, (iv) provide service announcements and market the Services; (v) enforce our Terms of Service, policies and other contractual arrangements, to comply with court orders and warrants, and prevent misuse of the Services, and to take any action in any legal dispute and proceeding.; (vi) better understand your needs both on an aggregated and individualized basis in order to improve and continue developing our Services; (vii) communicate with you and contact you to obtain feedback from you regarding the Services; (viii) disclose to third party vendors, service providers, contractors or agents who perform functions on our behalf with respect to the Services; and (ix) as otherwise authorized by you.
We may use your email address to contact you when necessary, including in order to send you reminders, offers and to provide you information and notices about the Services. Note that we may include commercial, advertising and marketing information, whether by email, SMS, fax or other communication means, subject to receiving your prior written consent. For your choices regarding marketing information see “ADVERTISING AND MARKETING MATERIAL – CHOICE”.
User information. Personal Information is used for the following primary purposes (as may be updated from time to time): to (i) provide the Services; (ii) monitor and analyze use of the Services and study and analyze the functionality of the Services; (iii) for the technical administration and troubleshooting of the Services and to provide support and maintain the Services, (iv) personalize your hiring scenarios and tests and adapt the Services to your needs; (v) enforce our Terms of Service, policies and other contractual arrangements, to comply with court orders and warrants, and prevent misuse of the Services, and to take any action in any legal dispute and proceeding.; (vi) better understand your needs both on an aggregated and individualized basis in order to improve and continue developing our Services; (vii) disclose to third party vendors, service providers, contractors or agents who perform functions on our behalf with respect to the Services; (viii) enable the Service’s tools and features; and (xi) as otherwise authorized by you.
- HOW WE USE NON PERSONAL INFORMATION
We may use information that is Non Personal Information for the same purposes we use Personal Information (where applicable) and in addition in order to (i) compile anonymous or aggregate information, (ii) disclose to third party vendors, service providers, contractors or agents who perform tasks on our behalf in connection with the Services, (iii) monitor and analyze use of the Services and for the technical administration and troubleshooting of the Services, and (iv) provide us with statistical data.
From time to time, we may use additional or alternative analytics services. We will provide a notice of these changes on our Website, and to you through email or other available electronic means.
We use anonymous, statistical or aggregated information, which may be based on extracts of your Personal Information, for legitimate business purposes including for testing, development, improvement, control and operation of the Services. We may share such information with third parties on our behalf. It has no effect on your or your Users’ privacy, because there is no reasonable way to extract data from the aggregated information that can be associated with you or your Users. We will share your Personal Information only subject to the terms of this Policy, or subject to your prior informed consent.
- THE LEGAL BASIS FOR USE OF INFORMATION
We will only process Personal Information where we have a legal basis to do so. The legal basis will depend on the reason or reasons we collected and need to use your, and your Users’, Personal information. In almost all cases the legal basis will be:
- To provide the Services and otherwise perform our agreement we have with you.
- There is a legitimate interest to use the Personal Information in relation to our Services.
- To comply with a legal obligation.
- Because you consented to us using the Personal Information for a particular purpose.
More information on each legal basis is provided below.
More information on the basis of processing:
- Processing Personal Information is required for performing an agreement to which you are a party and rendering the Services or in order to take steps at your request before entering an agreement, for example: (1) We must process your User’s Personal Information collected by the Services in order to provide our evaluation report of your User; (2) We need information about your means of payment in order to collect payment for the Services.
- Processing the Personal Information is required for fulfilling our or a third party’s legitimate interests, for example: (1) we retain historical information about you and the Users to defend ourselves in legal procedures; (2) we collect information about use of our Website in order to identify and prevent its abuse; (3) we record conversations with customers calling the Customer Service Centre in order to monitor and improve service quality provided by the Centre.
- Processing the Personal Information is necessary in order to fulfil a legal obligation that applies to us, for example: for some services we may need to obtain a governmental license in certain jurisdictions, and collecting certain Personal Information may be required for that purpose.
- You consent to the processing of Personal Information for one or more specific purposes, for example: (1) to the extent that you consent, we will send you newsletters with updates; (2) to the extent that a User has consented, we may retain his/her Personal Information even if the candidate was not selected for the job.
In cases where the legal basis for processing Personal Information is your or your Users’ consent, you and your User have the right at any time to withdraw the consent given to process Personal Information by using the following link: [email@example.com]
It is hereby clarified that if you or your Users withdraw consent as noted, it is possible that we will not be able to provide you with some of the Services you ordered or to provide them in the manner intended, and you accept such outcome.
It is hereby clarified that the legal bases detailed above are the legal bases for actions to process Personal Information, carried out by us in accordance with the GDPR. If processing of Personal Information is subject to other applicable laws, then the legal basis for processing Personal Information may differ according to those applicable laws.
For more information, see section 12 (YOUR RIGHTS) below.
- SHARING INFORMATION WITH OTHERS
We do not sell, rent or lease your Personal Information. We may share your Personal Information with service providers and other third parties, if necessary to fulfil the purposes for collecting the information, such as cloud vendors, subcontractors providing us processing services, etc., provided that any such third party will commit to protect your privacy as required under the applicable laws and this Policy.
We may also share Personal Information with companies or organizations affiliated with us, such as subsidiaries and parent companies, with the express provision that their use of such Personal Information must comply with this Policy.
Additionally, a merger, acquisition or any other structural change may require us to transfer your Personal Information to another entity, provided that the receiving entity will comply with this Policy.
- SHARING INFORMATION WITH AUTHORITIES
We may need to disclose Personal Information in response to lawful requests by public authorities or law enforcement officials, including meeting national security or law enforcement requirements. We cooperate with government and law enforcement officials to enforce and comply with the law.
- TRANSFER OF DATA OUTSIDE YOUR TERRITORY
We may store, process or maintain information in various sites worldwide, including through cloud based service providers worldwide. Where the GDPR applies and we transfer Personal Information to another country outside the EEA, we will ensure that it is protected and transferred in a manner consistent with legal requirements. In relation to data being transferred outside of Europe, for example, this may be done in one of the following ways:
- the country that we send the data to might be approved by the European Commission as offering an adequate level of protection for Personal Information (Israel is an approved country);
- the recipient might have signed up to a contract based on “model contractual clauses” approved by the European Commission, obliging them to protect your Personal Information;
- where the recipient is located in the US, it might be a certified member of the EU-US Privacy Shield scheme; or
- in other circumstances the law may permit us to otherwise transfer your Personal Information outside Europe.
- You can obtain more details of the protection given to your Personal Information when it is transferred outside Europe (including a copy of the standard data protection clauses which we have entered into with recipients of your Personal Information) by contacting us as described in paragraph 20
If you are located in a jurisdiction where transfer of your Personal Information to another jurisdiction requires your consent, then you provide us your express and unambiguous consent to such transfer or the storage, processing or maintenance of the information in other jurisdictions by using the Services. By using the Services you also confirm that you have obtained such required consents from your Users.
- YOUR RIGHTS
In all of the above cases in which we collect, use or store your Personal Information, you may have the following rights and, in most cases, you can exercise them free of charge.
At any time, you may contact us at: firstname.lastname@example.org and request to know what Personal Information we keep about you or your Users (As long as personal information is kept about the users). We will make good-faith efforts to locate the data that you request to access.
Under your right of access, you may obtain confirmation from us of whether we are processing Personal Data related to you or to your Users, receive a copy of that data, so that you could verify its accuracy and the lawfulness of its processing, request the correction, amendment or deletion of the data if it is inaccurate, incomplete, outdated or processed in violation of applicable law.
However, we may retain certain information as deemed required by us in accordance with applicable laws, or for legitimate business reasons, for the duration as required under applicable laws.
For the avoidance of doubt, you recognize that you are the controller in respect of your Users’ Personal Information and you are responsible for handling all Users’ requests made in accordance with the applicable law in regard to their Personal Information, and any direct request we receive from your Users will be forwarded to you.
In addition, we may delete any Personal Information pursuant to our policies, as in effect from time to time.
- RESPONSE TO REQUESTS
When you ask us to exercise any of your rights under this Policy and the applicable law, we may need to ask you to provide us certain credentials to make sure that you are who you claim you are, to avoid disclosure to you of Personal Information related to others and to ask you questions to better understand the nature and scope of data that you request to access.
We may redact from the data which we will make available to you, any Personal Information related to others.
- INFORMATION SECURITY
We take the safeguarding of the Personal very seriously, and use a variety of systems, applications and procedures to protect the information from loss, theft, damage or unauthorized use or access when it is in our possession or control, including reasonable physical, technical and organizational measures which restrict access to the information. These measures provide sound industry standard security. However, although we make efforts to protect your privacy, we cannot guarantee that the Services will be immune from any wrongdoings, malfunctions, unlawful interceptions or access, or other kinds of abuse and misuse.
You should take steps to protect against unauthorized access to your password, phone, and computer by, among other things, signing off after using a shared computer, choosing a robust password that nobody else knows or can easily guess, and keeping your log-in and password private. In addition, you should take steps to protect against unauthorized access to Personal Information stored on your premises as well as defining limited access rights to such information on a need to know basis.
If you receive an e-mail asking you to update your information with respect to the Services, do not reply and please contact us at email@example.com.
- DATA RETENTION
We retain different types of information for different periods, depending on the purposes for processing the information, our legitimate business purposes as well as pursuant to legal requirements under the applicable law. We may retain Personal Information for as long as necessary to support the collection and the use purposes of this Policy and for other legitimate business purposes, For example, for storing information, for documentation, for managing internet security, for legal proceeding and for tax purposes. We may store non-personal aggregate information without time limit. In any event as long as you use the services, we will retain information about you and your users, unless we are legally required to delete it, or if you or your users seek to exercise your rights to delete the information. It should be clarified that You are the controller of the preservation and deletion of your Users’ Personal Information, the platform will allow you to update, delete, and modify your Users’ Personal Information. You are responsible for setting policy of how to delete your Users’ personal information as required by applicable law, for each user type – candidates and employees, and to implement such policy by using the tools available on the platform.
- AUTOMATED DECISION MAKING
The Services use technological means via algorithms without any human involvement. The hiring, assignment or mobility decisions regarding your Users will not be based solely on our Services and will include human intervention. In any event, you may express your opinion or ask for more information regarding our report or other input. Your users may ask that the decision be reviewed by a person at your organization. By using the Services you consent and undertake to obtain to consent of your Users to such automated decision making.
- ADVERTISING AND MARKETING MATERIAL; CHOICE
If you opt-in and indicated on the Website or in our customer agreement that you agree to receive updates and/or advertising and/or marketing materials from us, we may use your contact details (which are included in your Personal Information) for the purpose of delivering advertisements and marketing materials by email or otherwise, all in accordance with the provisions set forth in the Communications (Telecommunications and Broadcasts) Law, 5742-1982, or the Privacy and Electronic Communications Regulations or the relevant applicable law.
At any time, you may unsubscribe our mailing lists or newsletters by sending us an opt-out request to the following link: [firstname.lastname@example.org].
At any time, you may choose (opt out) whether your Personal Information is (i) to be disclosed to a third party, other than to third parties who act as our agents or sub-processors to perform tasks on our behalf and under our instructions, or (ii) to be used for a purpose that is materially different from the purposes for which it was originally collected, pursuant to this Policy, or subsequently authorized by you. You may exercise your choice by using the following link: [email@example.com].
- OUR POLICY TOWARD CHILDREN
Our Services are not meant to be used by or for persons under 18, as such, we do not knowingly collect personal information from minors younger than 18. Insofar as Personal Information may be collected based on your or your Users’ consent, the data subject must be above the age of 16 (or above the age of 13 if this is the legal requirement in your country). If these age requirements are not met, you are required to obtain the consent of the parent or guardian to provide and process information in accordance with this Policy; lacking such consent, we will not supply you with Services.
If we need to adapt the Policy to legal requirements, the amended Policy will become effective immediately or as required.
Your continued use of the Services following such notice shall constitute your consent to any changes made and a waiver of any claim or demand in relation to such changes. If you do not agree to the new or different terms, you should not use and are free to discontinue using the Services.
- APPLICABLE LAW AND DISPUTE RESOLUTION
- CONTACT US
For further information about this Policy, please contact our firstname.lastname@example.org.
We work hard to handle your information responsibly. If you are unhappy about the way we do this, please contact us and we will make good-faith efforts to address your concerns. If you are not satisfied with the response you receive from us, you may escalate your concerns to the applicable privacy regulator in your jurisdiction. Upon request, we will provide you with the contact information for that regulator.
Copyright © 2018, Active-You Threed Ltd. (“Actiview”). All rights reserved.