Last updated 5/25/2018
If you are an EU resident, Koru processes your Personal Information in accordance with the EU data protection legislation, including national or international legislation implementing the EU General Data Protection Regulation (“GDPR”).
Koru provides predictive hiring services on behalf of our business customers (“Clients”) to assess the fitness of a job applicant, and to facilitate the Client’s hiring process (the “Services”). We may process Personal Information in order to provide our Services (the “Client Data”) to clients. Koru will only process Client Data on behalf of and under the instructions of our Clients, as set out in our client agreements, or where otherwise required by applicable laws. In these cases, our Clients are the data controllers of their respective Client Data, and we are the data processor for such data. We process Client Data in order to identify job-relevant strengths and competencies, fit between job applicants and job opportunities, and potential areas of learning and development. Subject to our client agreements, we may use aggregate data and anonymized information in order to improve our Services and for research, analytics and other purposes, provided such information does not identify a particular individual.
INFORMATION WE COLLECT
We may collect Personal Information directly from you or third parties, and automatically through the use of our Site. You do not have to provide us with your personal information to access much of our Site. However, if you choose not to disclose certain information, you may be unable to access certain options, offers, and services that require our interaction with you.
Information collected directly. We may collect personal information about you directly from you or from your company. For example, when you fill out a ‘Contact Us’ form, register for an account, signup for our mailing lists, register for events we host or sponsor, post comments on our Sites, or otherwise provide us information through the Sites.
- name, company name, and title/position
- payment and billing information
- email address, phone number, mailing address and contact details
- job title, other company information (such as country and industry sector)
- employment, leadership, and educational experience
- preferences and interests
- business affiliations
- customer (and authorized user) account information (to access various parts of the Services, and to create events and webinars) – name, email address, telephone number, company name, and other information necessary to confirm that you are an authorized user of a client (where relevant)
- other information related to your request or inquiry
Information from Third Parties. We may collect name, company, position applied for, education history, employment history, contact details and other details from third parties, such as our clients, in order to provide the Services. Subject to applicable law and where clients have instructed us to, we may also obtain such information from public sources and social networking platforms. As noted above, however, this information is Client Data, for which we are a processor.
HOW WE USE YOUR INFORMATION
We use your information, including your personal information, primarily to provide our services to you and to communicate with you (including for marketing purposes). In particular, we may use your information as follows:
- Providing Support and Services: to provide and operate our Site and services, communicate with you about your use of the Site and our services, provide troubleshooting and technical support, respond to your inquiries, fulfill your orders and requests, process your payments, communicate with you, and for similar service and support purposes.
- Responding to Your Requests: for the purpose for which you provided the information to us, such as to respond to your inquiries and to provide information in response to your request.
- Analytics and Improvement: To better understand how users access and use our services, both on an aggregated and individualized basis, to administer, monitor, and improve our services, for our internal purposes, and for other research and analytical purposes.
- Personalization: to tailor the content and information that we may send or display to you, to offer location customization (where permitted by applicable law), and to otherwise personalize your experiences while using our website.
- Marketing and Promotional Purposes: for example, where permitted by law, we may use your information, such as your email address, phone number, or mailing address to contact you about services or information we think may interest you. If you are located in a jurisdiction that requires opt-in consent to receive electronic marketing messages or calls, we will only contact you for direct marketing if you have opted-in.
- Advertising: to advertise our services on third party sites and social media services.
- Protect Our Legal Rights and Prevent Misuse: to protect our customers, employees or property — for instance, to prevent, detect and investigate fraud, misuse, harassment or other types of unlawful activities, where we believe necessary to investigate, prevent or take action regarding illegal activities, suspected fraud, situations involving potential threats to the safety or legal rights of any person or third party, or violations of this policy and our applicable terms of service and agreements.
- Comply with Legal Obligations: To comply with the law or legal proceedings. For example, we may disclose information in response to subpoenas, court order, and other lawful requests by regulators and law enforcement, including responding to national security or law enforcement disclosure requirements.
- General Business Operations: Where necessary to the administration of our general business, accounting, recordkeeping and legal functions.
- Koru Job Rematching: Users outside of the EEA may have the opportunity to choose to participate in the Koru job rematching program, to receive notifications and suggestions about other open positions for which they are a good match, and to have us share information with the employers for those positions; we only do this if and individual has consented to participate.
We also create and use anonymous and de-identified information to assess, improve and develop our business, products and services, and for similar research and analytics purposes. This information is not generally subject to the restrictions in this Policy, provided it does not identify and could not be used to identify a particular individual.
|Purpose of Processing (see above)||Legal Bases of Processing (EU Users)*|
|Providing Support and Services|
Responding to Your Requests
|· Necessary to Enter into or Perform a Contract with You (upon your request, or as necessary to make the Services available)|
· Our Legitimate Business Interests*
|Analytics and Improvement||· Our Legitimate Business Interests**|
· Establish, defend or protect our legal interests
|Personalization||· Our Legitimate Business Interests**|
|Marketing & Promotional Purposes|
|· Our Legitimate Business Interests**|
· With Your Consent
|Protect Our Rights and Prevent Misuse|
Comply with Legal Obligation
|· Compliance with law|
· Establish, defend or protect our legal interests
|General Business Operations||· Our Legitimate Business Interests**|
· Establish, defend or protect our legal interests
· Compliance with law
*For the personal data from the EU that we process, this column describes the relevant legal bases for such processing under GDPR (and local implementing laws of EU member states); this does not limit or modify the obligations, rights and requirements under the privacy laws of non-EU jurisdictions.
** For the personal data from the EU, the processing is in our legitimate interests, which are not overridden by your interests and fundamental rights. Our legitimate interests include assessing and improving our products and services, understanding our clients’ needs and interests so that we can make our services more useful to clients, providing clients with news, information and marketing materials that are more relevant, providing training opportunities for employees, improving how we analyze and assess the success of client campaigns, developing trend and benchmark reports, and similar purposes.
Users in some jurisdictions outside the EU may be able to opt-in to the Koru job re-matching network. This service provides users the opportunity to be connected to additional employers with whom they are a good job match.
WHEN WE DISCLOSE YOUR INFORMATION
We do not sell your personal information to third parties. In general, we disclose the personal information we collect as follows:
- Affiliates.We may disclose the information we collect from you to our affiliates (companies related by common ownership or control), whose handling of your personal information is subject to this Policy.
- Service Providers.We may disclose the information we collect from you to third party service providers who perform functions on our behalf. Third party service providers will only process your personal data in accordance with our instructions and will implement adequate security measures to protect your personal data.
- Enterprise users. If you use access or communicated with us about our Services on behalf of your company (our client), we may share personal information about your access, and your communications or requests, with the relevant enterprise client. We also share all Client Data with the relevant client on whose behalf we have collected it.
- In Response to Legal Process.We may disclose the information we collect from you in order to comply with the law, judicial proceedings, a court order, or other legal process, such as in response to a subpoena.
- Business Transfers.We may disclose or transfer information, including personal information, as part of any merger, sale, and transfer of our assets, acquisition or restructuring of all or part of our business, bankruptcy, or similar event, including related to due diligence conducted prior to such event where permitted by law.
We may share aggregate or de-identified information with third parties for research, marketing, analytics and other purposes, provided such information does not identify a particular individual.
INFORMATION WE TRACK AUTOMATICALLY
We also collect information automatically by using cookies, pixel tags, log files, and similar tracking technologies when you visit our Site. Read more about that in 3, 2, 1 …
Clear GIFs, pixel tags. Clear GIFs are tiny graphics with a unique identifier, similar in function to cookies but are embedded invisibly on web pages. We may use clear GIFs (also referred to as web beacons, web bugs or pixel tags), in connection with our Services to, among other things, track the activities users of our Services, help us manage content, and compile statistics about usage of our Services. We and our third party service providers also use clear GIFs in HTML emails to our customers, to help us track email response rates, identify when our emails are viewed, and track whether our emails are forwarded.
Log Files. Most browsers collect certain information, such as your IP address, device type, screen resolution, operating system version, and internet browser type and version. Such information is gathered automatically and stored in log files.
Koru works with different third party ad networks, analytics companies, measurement services and. We and these third party ad companies may use automatic web-tracking tools to collect activity information on our Services (as well as on third party sites and services), as well as IP address, device ID, cookie and advertising IDs, and other identifiers, general location information, and, with your consent, your device’s geolocation information; we and these third party ad companies use this information to provide you more relevant ads and content and to evaluate the success of such ads and content.
We may send you promotional emails from time to time, but we will obtain your consent where required by law to do so. If you wish, you may opt-out of such communications by following the opt-out instructions contained in the respective email. If you opt-out of receiving emails about recommendations or other information we think may interest you, we may still send you emails about your account or Services you have requested or received from us.
HOW YOUR INFORMATION IS STORED OR TRANSFERRED
Koru is headquartered in the United States, and has operations, entities and service providers in the United States and other jurisdictions. As such, we and our service providers may transfer your Personal Information to, or access it in, jurisdictions (including the United States, Ireland and Costa Rica) that may not provide adequate levels of data protection as your home country. We will take steps to ensure that your personal data receives an adequate level of protection in the jurisdictions in which we process it, including through appropriate written data processing terms and/or data transfer agreements, by putting in place Standard Contractual Clauses as approved by the European Commission. You have a right to obtain details of the mechanism under which your personal information is transferred outside of the EEA; you may request such details by contacting us as set forth in the “Contact us” section below.
YOUR PREFERENCES AND CHOICES
Access, Amend and Correct. If you wish to access personal information that you have submitted to us, to request the correction of any inaccurate information you have submitted to us, or to request deletion of your information. If you are a registered member of the Site, you may review and update most of your Personal Information by clicking the “Update My Profile” icon on your membership page. You may also send your request to email@example.com. We will review your request and make reasonable efforts to respond to it as soon as practicable. We may ask you for additional information so that we can confirm your identity.
Direct Marketing. You can let us know if you do not want us to send you information by clicking the unsubscribe link at the bottom of the email; you may also let us know about your communication preferences (email, phone, and postal mail), by shooting an email to firstname.lastname@example.org. Please identify all the email addresses, postal address information, and phone numbers that you would like to unsubscribe.
Third-Party-Sharing. If you have opted in to Koru job re-matching network, and you no longer want us to share your personal information with potential employers, you can let us know if you do not want us to share your personal information with other companies by either emailing email@example.com.
Complaints. We will take steps to try to resolve any complaint you raise regarding our treatment of your personal information. You also have the right to raise a complaint with the privacy regulator in your jurisdiction.
Users in the European Economic Area.
Individuals in the EEA have the below rights with respect to their personal information.
- Access. You can ask us to: confirm whether we are processing your personal data; give you a copy of that data; provide you with other information about your personal data such as what data we have, what we use it for, who we disclose it to, whether we transfer it abroad and how we protect it, how long we keep it for, what rights you have, how you can make a complaint, where we got your data from and whether we have carried out any profiling, to the extent that such information has not already been provided to you in this Policy.
- Correction. You can ask us to rectify inaccurate Information. We may seek to verify the accuracy of the data before rectifying it.
- Erasure. You can ask us to erase your personal data, but only where: it is no longer needed for the purposes for which it was collected; you have withdrawn your consent (where the data processing was based on consent); following a successful right to object (see ‘Objection’ below); it has been processed unlawfully; or to comply with a legal obligation to which we are subject. We are not required to comply with your request to erase your personal data if the processing of your personal data is necessary: for compliance with a legal obligation; or for the establishment, exercise or defense of legal claims. There are certain other circumstances in which we are not required to comply with your erasure request, although these two are the most likely circumstances in which we would deny that request.
- Restriction. You can ask us to restrict (i.e. keep but not use) your personal data, but only where: its accuracy is contested (see ‘Rectification’ above), to allow us to verify its accuracy; the processing is unlawful, but you do not want it erased; it is no longer needed for the purposes for which it was collected, but we still need it to establish, exercise or defend legal claims; you have exercised the right to object, and verification of overriding grounds is pending. We can continue to use your personal data following a request for restriction, where: we have your consent; to establish, exercise or defend legal claims; or to protect the rights of another natural or legal person.
- Right to object. You can ask us to stop processing your personal information, and we will do so (i) to the extent that we are relying on our legitimate interests to use your personal information, you have the right to object to such use, unless we can either demonstrate compelling legitimate grounds for the use that override your interests, rights and freedoms or where we need to process the data for the establishment, exercise or defense of legal claims, and (ii) where we are processing your personal information for direct marketing purposes.
- Portability. You can ask us to provide your personal data to you in a structured, commonly used, machine-readable format, or you can ask to have it ‘ported’ directly to another Data Controller, but only where our processing is based on your consent and the processing is carried out by automated means.
- Withdrawal of Consent. You can withdraw your consent in respect of any processing of personal data that is based upon a consent, which you have previously provided.
Please contact us as set out in the “Contact Us” section below to exercise one of these rights. If we receive any requests from an individuals related to the Client Data, we will forward the request to the relevant clients.
The security of your Personal Information is very important to us. We employ security measures to protect your information both online and offline from access by unauthorized persons and against unlawful processing, accidental loss, destruction and damage. Unfortunately, the Internet is the Internet, and you acknowledge that we cannot guarantee the complete security of the information you provide us.
We will retain your Personal Information as long as necessary for purposes for which the personal data was collected by us, as explained in this Policy or as required to comply with legal obligations or resolve claims and disputes. In general, we will retain relevant Personal Information of clients and Site visitors for at least three years from the date of our last interaction with you and in compliance with our obligations under applicable laws. Our clients instruct us on how long to retain Client Data, which we handle as a data processor. We may retain personal data for longer where required by our regulatory obligations, professional indemnity obligations, or where we believe necessary to establish, defend, or protect our legal rights and interests or those of others.
We do not knowingly collect or solicit Personal Information from anyone under the age of sixteen (16) or knowingly allow such persons to register. If we become aware that we have collected Personal Information from a child under the relevant age without parental consent, we will take steps to delete that information.
CHANGES TO THIS POLICY
CALIFORNIA PRIVACY RIGHTS
California law permits users who are California residents to request and obtain from us once a year, free of charge, a list of the third parties to whom we have disclosed their personal information (if any) for their direct marketing purposes in the prior calendar year, as well as the types of personal information disclosed to those parties. If you are a California resident and would like to request this information, please submit your request in an email to firstname.lastname@example.org.
Or by mail at: 200 1st Avenue W, Suite 240, Seattle, WA 98119