EFFECTIVE DATE: May 22, 2020
By visiting the Site, or interacting and engaging with any of our Services, you agree and understand that your personal information will be handled as described in this Policy. Your use of our Site or Services, and any dispute over privacy, is subject to this Policy, including its applicable limitations on damages and the resolution of disputes.
We continuously revise this Policy to reflect changes in Hire Value Inc.’s personal data collection and handling practices. The latest version of the Policy is provided here with an effective date as set forth above.
1. The Information We Collect About You
1.1 We collect information about you directly from you and from third parties, as well as automatically, through your use of our Site or Services.
2. Information We Collect Directly from You
2.1 Certain areas and features of our Services require registration. To submit a request for us to contact you, you must provide your email address and name.
2.2 We also may collect additional optional information from you; however, you are not required to provide us with this information.
2.3 It is important that the personal data (personal data, or personal information, means any information about you through which you can be identified; it does not include data where the identity has been removed such as anonymous data) we hold about you is accurate and current.
2.4 Please keep us informed if your personal data changes during your relationship with us.
3.Information We Collect Automatically
3.1 We may automatically collect information about your use of our Services through cookies, web beacons, log files, and other technologies including,
3.1.1 your domain name; your browser type and operating system; page views; links you click; IP address; location information; the length of time you visit our Site; referring URL; access date and time; mobile device ID; advertising ID (IDFA, IDFV, or GAID); location and language information; device name and model; operating system type, name, and version.
3.2 We may combine this information with other information that we have collected about you, including, where applicable, your user name, name, and other personal information. Please see the section “Cookies and Other Tracking Mechanisms” below for more information.
4. Information We Don’t Collect
4.1 We do not collect any Special Categories of Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, genetic and biometric data).
4.2 Nor do we collect any information about criminal convictions and offences.
5.How We Use Your Information
5.1 We will only use your personal data when the law allows us to. Most commonly, we will use your information, including your personal information, for the following purposes: To communicate with you about your use of our Services, to respond to your inquiries, to fulfill your requests, and for other customer service purposes.
5.2 To tailor the content and information that we may send or display to you, to offer location customization, and personalized help and instructions, and to otherwise personalize your experiences while using the Site or our Services.
5.3 For marketing and promotional purposes. For example, we may send you news and newsletters, special offers, and promotions, or to otherwise contact you about products or information we think may interest you via email, and ads. We also may use the information that we learn about you to assist us in advertising our Services on third-party websites.
5.4 To better understand how users access and use our Site and Services, both on an aggregated and individualized basis, in order to improve our Site and Services and respond to user desires and preferences, and for other research and analytical purposes.
6.How We Store and Share Your Information
6.1 We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. We store and share your information, including personal information, as follows:
7. Service Providers and Partners
7.1 We may disclose the information we collect from you to third-party business and technology partners, vendors, service providers, contractors or agents who perform functions on our behalf.
7.1.1 All information provided will be protected to align with data privacy concepts, and the partner or service provider must agree to the GDPR requirements if any personal data will be originating from or processed in the EU.
184.108.40.206 We require all third parties to respect the security of your personal data and to treat it in accordance with the law.
220.127.116.11 We do not allow our third-party service providers and partners to use personal data of EU data subjects for their own purposes and only permit them to process personal data originating from or processed in the EU for specified purposes and in accordance with our instructions.
8. Business Transfers
8.1 If we are acquired by or merged with another company, if substantially all of our assets are transferred to another company, or as part of a bankruptcy proceeding, we may transfer the information we have collected from you to the other company.
9. In Response to Legal Process
9.1 We also store and may disclose the information we collect from you in order to comply with the law, a judicial proceeding, court order, or other legal processes, such as in response to a court order or a subpoena.
10. To Protect Us and Others
11. Retention period
11.1 To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data.
11.2 The purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
12. Cookies and Other Tracking
13.1 Currently, our Site does not recognize browser “do-not-track” requests. You may, however, disable certain tracking as discussed in this section (e.g., by disabling cookies or opting out of ad networks.)
14.1 Cookies are alphanumeric identifiers that we transfer to your computer’s hard drive through your web browser for record-keeping purposes.
14.3 The Help portion of the toolbar on most browsers will tell you how to prevent your computer from accepting new cookies, how to have the browser notify you when you receive a new cookie, or how to disable cookies altogether.
14.3.1 If you disable cookies some features of our Site may not function.
15. Clear GIFs
15.1 Clear GIFs (a.k.a. web beacons, web bugs or pixel tags) are tiny graphics with a unique identifier, similar in function to cookies.
15.1.1 In contrast to cookies, though, clear GIFs are embedded invisibly on web pages, not stored on your hard drive.
15. 2 We might use clear GIFs to track the activities of Site visitors, help us manage content, and compile statistics about usage.
15.3 We and our third-party service providers also might use clear GIFs in HTML emails to our customers, to help us track email response rates, identify when our emails are viewed, and track whether our emails are forwarded.
16. Third-Party Analytics
16.1 We also use automated devices and applications to evaluate usage of our Site. We use these tools to gather non-personal information about users to help us improve our services, performance and user experiences.
16.2.1 This Policy does not cover such third parties’ use of the data.
17. User-Generated Content
17.1 We invite you to post content on our Site, including, but not limited to your comments, pictures, and any other information that you would like to be available on our Site.
17.2 If you post content to our Site, all of the information that you post will be available to all users on our Site.
17.3 If you post your own content on our Site,
17.3.1 your posting may become public and Hire Value Inc. cannot prevent such information from being used in a manner that may violate this Policy, the law, or your personal privacy.
18. Third-Party Links
18.1 Our Site and Services may contain links to third-party websites.
18.1.1 Any access to and use of such linked websites is not governed by this Policy but instead is governed by the privacy policies of those third-party websites.
18.1.2 We do not control and are not responsible for the information practices of such third-party websites.
18.1.3 When you leave our website, we encourage you to read the privacy notice of every website you visit.
19. Access to My Personal Information
19.1 You may access, correct, erase, withdraw, or modify personal information that you have submitted by logging into your account and updating your profile information.
19.1.1 Please note that copies of information that you have updated, modified or deleted may remain viewable in cached and archived pages of the Site for a period of time.
20. What Choices Do I Have Regarding Use of My Personal Information?
20.1 You have the rights of access, correction, erasure, restriction, withdrawal, objection, and data portability of your personal information.
20.1.1 For example, we may send periodic promotional or informational emails to you.
20.1.2 You may opt-out of such communications by following the opt-out instructions contained in the email. Please note that it may take up to 10 business days for us to process opt-out requests.
20.1.3 If you opt-out of receiving emails about recommendations or other information we think may interest you, we may still send you emails about your account or any Services you have requested or received from us.
20.1.4 You also have the right to withdraw consent for us to use your personal information.
18.104.22.168 To withdraw your consent or erase your personal information, please go to your personal profile, to confirm the withdrawal or erasure.
22.214.171.124 You will not have to pay a fee to access your personal data (or to exercise any of the other rights).
126.96.36.199.1 However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive.
188.8.131.52.2 Alternatively, we may refuse to comply with your request in these circumstances.
184.108.40.206 We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights).
220.127.116.11 This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it.
18.104.22.168 We may also contact you to ask you for further information in relation to your request to speed up our response.
21. Special Information for California Consumers
21.1 California residents may request a list of certain third parties to which we have disclosed personally identifiable information about you for their own direct marketing purposes.
21.1.1 You may make one request per calendar year.
21.2 In your request, please attest to the fact that you are a California resident and provide a current California address for your response. You may request this information in writing by contacting us at Shelley@hirevalueinc.com.
21.2.1 Please allow up to thirty (30) days for a response.
22. European Union (EU) General Data Protection Regulation (GDPR)
22.1 Hire Value Inc. may at times be subject to GDPR, which is the European Union’s General Data Protection Regulation, as a controller or processor, of personal data as described below:
22.1.1 The GDPR considers data protection as a fundamental human right of an individual, which includes a “right to the protection” of their personal data. Any data subjects (i.e. anyone) based in the EU, or anyone handling or targeting the personal data of an EU-based individual must have processes, technology, and automation to effectively protect such personal data.
22.1.2 The GDPR applies to a controller or a processor who is based or established in the EU, or to a company not based in the EU but who offers goods or services from outside the EU borders in the EU or who monitors the behaviour of personal data in the EU.
22.1.3 To avoid fragmentation and ambiguity, GDPR has set a baseline for data protection by requiring anyone processing the personal data of an individual that is in the EU to follow the requirements set forth in the GDPR.
22.2 In compliance with GDPR, Hire Value Inc. has implemented data security processes set forth below to ensure the following are properly identified and processed:
23. GDPR Definitions
23.1 Data Subject: A person who can be identified directly or indirectly by means of an identifier. For example, an identifier can be a National Provider Identifier (NPI) number, a user name, or a web cookie.
23.2 Personal Data: Any personal information, including sensitive personal information, relating to a Data Subject. For example, email address, name or phone number.
23.3 Controller: A natural or legal person, public authority, agency or any other body which alone or jointly with others determines the purposes and means of the processing of personal data. For example, a controller can be an organization that works with Hire Value Inc. and determines the processing of personal data provided to Hire Value Inc. Hire Value Inc. is a controller for its third-party partners when Hire Value Inc. determines the processing of personal data provided to the third-party.
23.4 Processor: A natural or legal person, agency or any other body which processes Personal Data on behalf of the Controller. For example, a developer, a tester, or an analyst. A Processor can also be a cloud service provider or an outsourcing company.
23.5 Recipient: A natural or legal person, agency or any other body to whom the personal data is disclosed. For example, an individual, an attorney, an insurance agent, or an agency.
23.6 Enterprise: Any natural or legal person engaged in economic activity. This essentially includes all organizations whether in the public or private sector, whether in the EU or outside of the EU.
23.7 Third-party: Any natural or legal person, agency or any other body other than the Data Subject, the Controller, the Processor and the persons who, under the direct authority of the Controller or the Processor, are authorized to process the data. For example, partners or subcontractors.
23.8 Supervisory Authority: An independent public authority established by an EU member state (known as the National Data Protection Authority under the current EU Data Protection Directive), or auditing agency.
24. Key GDPR Data Security Requirements
24.1 Hire Value Inc.’s key GDPR data security requirements can be broadly classified into three categories:
24.1.2 Prevention, and
24.2 The GDPR also requires compliance with the data protection principles to enhance the quality and rigour of the protection of the data. This section summarizes key data security requirements discussed in the GDPR and adopted by Hire Value Inc.
24.3 Specifically, we have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorized way, altered or disclosed.
24.4 In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know.
24.4.1 They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
24.4.2 We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
24.4.3 More on these security measures, limitations, and procedures are described below.
25. Assess Security Risks
25.1 Data protection impact assessments lay a foundation for preventing breaches by evaluating the gaps and risks.
25.2 GDPR mandates that Controllers perform Data Protection Impact Assessments when certain types of processing of Personal Data are likely to present a “high risk” to the data subject.
25.3 Hire Value Inc.’s assessment includes a systematic and extensive evaluation of processes, profiles, and how these tools safeguard the Personal Data, and when applicable a data processing agreement with Controllers and Processors.
26. Prevent Attacks
26.1 At various places in the regulation, the GDPR reiterates the importance of preventing security breaches. The GDPR recommends several techniques to prevent an attack from succeeding:
26.1.1 Encryption: The GDPR considers encryption as one of the core techniques to render the data unintelligible to any person who is not authorized to access the personal data. When applicable, Hire Value Inc. encrypts personal data it collects to render it unintelligible if accessed without authorization, and as applicable when processing or transferring the data to a Processor.
22.214.171.124 The GDPR provides that in the event of a data breach, the Controller does “not” need to notify data subjects if data is encrypted and rendered unintelligible to any person accessing it.
26.1.2 Anonymization and Pseudonymization: Data anonymization is the technique of completely scrambling or obfuscating the data, and pseudonymization refers to reducing the linkability of a data set with the original identity of a data subject.
26.1.3. The GDPR states that anonymization and pseudonymization techniques can reduce the risk of accidental or intentional data disclosure by making the information un-identifiable to an individual or entity. Where applicable, Hire Value Inc. anonymizes and pseudonyms the personal data it processes.
126.96.36.199 This includes aggregating the data to be personally unidentifiable, such that the Personal Data is rendered anonymous and unlinkable to the original identity of a data subject.
26.1.4 Privileged User Access Control: The GDPR implies controlling privileged users who have access to Personal Data to prevent attacks from insiders and compromised user accounts.
188.8.131.52 Hire Value Inc. limits access to Personal Data to specific individuals within the organizations, and with instructions as to the sensitivity of the Personal Data to prevent attacks and compromises of the Personal Data.
26.1.5 Fine-grained Access Control: In addition to privileged user control, the GDPR recommends adopting a fine-grained access control methodology to ensure that the Personal Data is accessed selectively and only for a defined purpose.
184.108.40.206 This kind of fine-grained access control can help organizations minimize unauthorized access to Personal Data. Hire Value Inc. selectively uses Personal Data for the specific purpose for which it is required.
26.1.6 Data Minimization: The GDPR recommends minimizing the collection and retention of Personal Data as much as possible to reduce the compliance boundary. While collecting, processing, or sharing Person Data, Controllers and Processors must be frugal and limit the amount of information to the necessities of a specific activity.
220.127.116.11 Hire Value Inc. minimizes the Personal Data it collects by considering what is adequate and relevant to what is necessary for relation to the purposes for which they are processed.
26.1.7 Monitor to Detect Breaches: While preventive security measures help Hire Value Inc. minimize the risk of attack, they cannot eliminate the possibility that a data breach may occur. Thereby Hire Value Inc. monitors and alerts to detect such breaches through recording or auditing of the activities on the Personal Data and maintaining it so that processors and third parties must not be able to tamper or destroy the audit records.
18.104.22.168 In the case of a Personal Data breach, Hire Value Inc. shall without undue delay and, where feasible, not later than 72 hours after having become aware of it, notify the supervisory authority of any Personal Data breach.
26.2 The three broad categories of security guidelines (assessment, prevention, and detection) help Hire Value Inc. address threats from multiple angles and secure the data from unauthorized access.
27. Transfer of EU data subjects personal data to third parties outside the EU
27.1 Many of our external third parties are based outside the European Economic Area (EEA) so their processing of EU data subjects’ personal data will involve a transfer of data outside the EEA.
27.2 Whenever we transfer an EU data subject’s personal data to external third parties based outside of the EEA, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:
27.3 We will only transfer EU data subjects’ personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission.
27.3.1 For further details, see European Commission: Adequacy of the protection of personal data in non-EU countries. (https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/adequacy-protection-personal-data-non-eu-countries_en)
27.4 Where we use certain service providers, we may use specific contracts approved by the European Commission which give personal data the same protection it has in Europe.
27.4.1 For further details, see European Commission: Model contracts for the transfer of personal data to third countries. (https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/model-contracts-transfer-personal-data-third-countries_en)
27.5 Where we use providers based in the US, we may transfer data to them if they are part of the Privacy Shield which requires them to provide similar protection to personal data shared between the EU and the US.
27.5.1 For further details, see European Commission: EU-US Privacy Shield. (https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/eu-us-privacy-shield_en
28. Contact Us
28.1 You have the right to make a complaint at any time to your respective supervisory authority. (http://ec.europa.eu/newsroom/article29/item-detail.cfm?item_id=612080)
28.2 We would, however, appreciate the chance to deal with your concerns before you approach the supervisory authority so please contact us in the first instance.
28.3 If you have questions about the privacy aspects of our Website, Services or would like to make a complaint, please contact us at Shelley@hirevalueinc.com.
29. Changes to this Policy
29.1 Policy is current as of the Effective Date set forth above.
29.2 We may change this Policy from time to time, so please be sure to check back periodically.
29.3 We will post any changes to this Policy on our Site, at https://www.hirevalueinc.com/privacy-policy/.
29.4 If we make any changes to this Policy that materially affect our practices with regard to the personal information we have previously collected from you,
29.4.1 we will endeavour to provide you with notice in advance of such change by highlighting the change on our Site or contacting you via email from Shelley@hirevalueinc.com.