EU General Data Protection Regulation (GDPR)
The GDPR (EU regulation 2016/679) provides strong guarantees and rights related to the personal data of all EU individuals. Before or on May 25th 2018–when the GDPR starts applying, Work4 will, as a data controller or processor (where applicable), further its commitments to privacy to:
- – Ensure all of the personal data it processes is acquired in a compliant way,
- – Ensure technical and organizational safeguards to protect this data,
- – Work in conjunction with our clients to assist and ensure data uses and transfers preserve the rights of EU individuals,
- – Provide means for the same individuals to exercise all of their rights over their personal data (access, erasure, portability, etc.), as defined in the GDPR, and ensure such requests are processed in a timely manner.
For all legal purposes, Work4 SAS is the subsidiary company acting as the EU representative mandated by the parent company Work4 Labs, Inc. to be addressed by supervisory authorities and data subjects, on all issues related to processing, for the purposes of ensuring compliance with the EU General Data Protection Regulation.
U.S.-EU Privacy Shield Statement
Work4 complies with the EU-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union to the United States, respectively. Work4 Labs, Inc has certified to the Department of Commerce that it adheres to the Privacy Shield Principles. To learn more about the Privacy Shield programs, and to view our certification, please visit https://www.privacyshield.gov. Work4 Labs, Inc. is committed to subjecting all personal data it receives from data exporters in any European Union (EU) or European Economic Areas (EEA) member states, under the Privacy Shield Framework, to its applicable Privacy Shield Principles. To learn more about the Privacy Shield Framework and the Privacy Shield Principles, please visit the U.S. Department of Commerce’s Privacy Shield website at https://www.privacyshield.gov.
Work4 Labs, Inc. is responsible for the processing of personal data it receives from data exporters under each Privacy Shield Framework, and subsequently transfers to a third party acting as an agent on its behalf. Work4 Labs, Inc. fully complies with the Privacy Shield Principles. The Company adheres to the Privacy Shield Principles of notice, choice, accountability for onward transfer, security, data integrity and purpose limitation, access and recourse, and enforcement and liability. With respect to personal data received or transferred pursuant to the Privacy Shield Frameworks, Work4 Labs, Inc. is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission. In certain situations, Work4 Labs, Inc. may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
Work4 has further committed to cooperate with the panel established by the EU data protection authorities (DPAs) with regard to unresolved Privacy Shield complaints concerning human resources data transferred from the EU in the context of the employment relationship.
Under certain conditions which are more fully described on the Privacy Shield website https://www.privacyshield.gov/article?id=How-to-Submit-a-Complaint, you may invoke binding arbitration for an unresolved dispute you may have with us.
Information You Provide To Us
We collect the following categories of personal information from our customers, customers’ candidates and Site/blog visitors :
- – Customer candidate contact Information such as but not limited to name, email address, mailing address, phone number, employment history, education history, details on professional experience, and other potentially identifiable information (excluding health information protected as “sensitive data” under EU law).
- – Billing Information such as credit or debit card number and billing address
- – Identifiers such as user name, account number, password, IP addresses
We also collect the following information from our customers:
- – Information about a customer’s business such as company name, company size, business type, and contact information
- – Demographic information of our customers, customers’ candidates and Site visitors such as age, education, gender, interests, postal code, veteran status, union affiliation, and financial background check results (if applicable)
- – Email addresses, names, contact information, and information on the ATS used and recruitment improvement needs of visitors who request a demo on the Work4 website
Information We Collect Automatically
We do not sell or rent your personal information to third parties for their marketing purposes without your prior explicit consent. We may use your personal information to contact you with your consent. If you do not wish to receive communications from us, you can opt out of receiving them through opt-out mechanisms included in those communications at any time. We or service providers working on our behalf may use the information we collect from and about you for any of the following purposes:
- – to provide the Service to our customers;
- – to keep record of customer activity;
- – to keep record of customer information;
- – to administer a customer’s accounts;
- – to communicate with you regarding your use of the Work4 Service;
- – to fulfill customer’ requests for information;
- – to respond to your inquiries;
- – to contact you when necessary;
- – to review Work4 Service usage and operations and conduct internal marketing and operational research;
- – to address problems with the Work4 Service, our business or our products and services;
- – to protect the security or integrity of the Work4 Service and our business, including detecting and addressing fraud and abuse;
- – to otherwise operate, maintain and provide the features and functionality of the Work4 Service.
We may share the information we collect from and about you with third parties as described above, at your direction, and in the following instances:
- – To employers which have posted jobs for which you’ve expressed an interest or requested additional information;
- – To our parent and subsidiary companies to provide the Work4 Service;
- – As necessary, if we believe that there has been a violation of our terms for the Work4 Service or of our rights or the rights of any third party;
- – As necessary, to identify, investigate, prevent or take action regarding illegal activities or suspected fraud or other abuse of the Work4 Services;
- – To respond to judicial process and provide information to law enforcement agencies or in connection with an investigation, as permitted by law, or otherwise as required by law; and
- – In the event that Work4 goes through a business transaction, such as a merger, an acquisition by another company, or a sale of all or a portion of its assets, your information may be one of the transferred assets.
We do not store personally identifiable information longer than required for the adequate provision of our services. In particular, we do not retain Customer candidate Information longer than one year after they are submitted. If you wish to ask to remove personally identifiable information, please contact us at: firstname.lastname@example.org.
We do not knowingly collect or maintain personally identifiable information from persons under 16 years of age, and no part of the Work4 Service is directed to persons under the age of 16. If we learn that personally identifiable information of persons less than 16 years of age has been collected without verifiable parental consent, then we will take the appropriate steps to delete such information.
Work4 takes appropriate steps to ensure data privacy and security through various hardware and software methodologies. However, we cannot ensure or warrant against all risks with regards to the security of that information, so information you choose to transmit to Work4 and which we store is provided to us at your own risk, and Work4 does not guarantee that such information may not be accessed, disclosed, altered, or destroyed by breach of any of our safeguards. In addition other Internet sites or services that may be accessible through Work4 have separate data and privacy practices independent of us, and therefore we disclaim any responsibility or liability for their security features, policies or actions.
In the case of a personal data breach, Work4 will notify the event to the relevant supervisory authority (the CNIL in France) no later than 72 hours after becoming aware of it, unless the personal data breach is unlikely to result in a risk to the rights and freedoms of natural persons, in conformity with the GDPR.
In compliance with the Privacy Shield Principles, Work4 commits to resolve complaints about our collection or use of your personal information. EU individuals with inquiries or complaints regarding our Privacy Shield policy should first contact Work4 at: email@example.com. For complaints that cannot be resolved between Work4 and the complainant, as well as for complaints concerning human resources data transferred from the EU in the context of the employment relationship, Work4 will cooperate with the panel established by the EU data protection authorities (DPAs).
For Work4 personal user data requests under the GDPR, please contact us at: firstname.lastname@example.org
Last updated: May 21st, 2018.