Effective Date: 11/17/2023
When, in the below text, we refer to "JobDiva, Inc. and its subsidiaries," the term "subsidiaries" refers to JobDiva's UK subsidiary, known as "JobDiva, Ltd."
Roles and Responsibilities:
While JobDiva, Inc.'s clients control the data—which comprises resumes, CVs, contact information, identifiable information and other attributes of data subjects—JobDiva, Inc. and its subsidiaries process these data, meaning that JobDiva, Inc. supplies the technological means for holding, entering, updating, organizing, delivering, transmitting, displaying and lastly protecting the data via security measures. That JobDiva, Inc.'s clients control the data means that they have the right to access, own, manage, or leverage this data. Though controller and processor entail two different relationships to data and data subjects, JobDiva, Inc. and its subsidiaries fulfill all responsibilities that follow from their processor role. JobDiva, Inc. and its subsidiaries expect and require their clients who control the data to fulfill their data privacy responsibilities likewise.
JobDiva, Inc. and its subsidiaries process data only in conformity to the below set of principles.
At all times, a Privacy Officer of JobDiva is designated, who develops, implements and maintains organization-wide governance and privacy program, which aim comply with all applicable laws and regulations regarding the collection, use, maintenance, sharing and disclosure of personal information. Serving as the current Privacy Officer is Emily Clark, Chief of Product.
JobDiva, Inc. participates in and has certified its compliance with the EU-U.S. and Swiss-U.S. Data Privacy Framework Principles. JobDiva, Inc. is committed to subjecting all personal data received from European Union (EU) member countries and Switzerland, respectively, to the Frameworks' Principles. To learn more about the Data Privacy Frameworks, and to view our certification, visit the Data Privacy Framework List here: https://www.dataprivacyframework.gov/s/.
JobDiva, Inc. is responsible for the processing of personal data we receive under each Data Privacy Framework. JobDiva, Inc. complies with the Data Privacy Framework Principles for all onward transfers of personal data from the EU and Switzerland, including the onward transfer liability provisions.
With respect to personal data received or transferred pursuant to the Data Privacy Frameworks, JobDiva, Inc is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission. In certain situations, JobDiva, Inc. may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
JobDiva, Inc. may also disclose your personal information as required by law, such as to comply with a subpoena or other legal process, when we believe in good faith that such disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud or respond to a government request.
Under certain conditions, described on the Data Privacy Framework website and in the below test, you may be entitled to invoke binding arbitration when other dispute resolution procedures have been exhausted.
A Detailed Guide:
Why Do We Process Data?
"JobDiva" is an Applicant Tracking, Talent Management, and Customer Relations Management System. JobDiva's toolbox of software solutions allows staffing professionals to source, locate and recruit talent of whom they and their customers are in need. JobDiva also includes a robust contact relationship management system (CRM) that tracks the communication between JobDiva clients and data subjects, who include JobDiva, Inc.'s clients' customers as well as their partners, third parties, job candidates and active employees.
Using JobDiva, staffing professionals—JobDiva, Inc.'s clients—can hire applicants or submit the resumes of job seekers to their own customers for consideration.
What Kinds of Data Do We Process?
Through JobDiva, Inc's software service, JobDiva, Inc.'s customers acquire, manage and access several types of data attributed to job candidates, customer contacts, prospects, and third parties that are participants in the hiring process. (The types and identities of such third parties are discussed below). Also through JobDiva, job applicants and candidates can transmit their resumes, CVs, on-boarding documents and other forms of personal information to clients of JobDiva, Inc. and its subsidiaries. Such data can include: name, phone number, email address, address, resumes, CVs and other personal information. Resumes and CVs may include past work, salary history, hobbies, publications and educational experience as well as career-pertinent information, or information that an employer may find relevant.
Regarding JobDiva’s SMS Service
JobDiva partners with trusted telecom providers to allow the JobDiva clients to communicate with their contacts, candidates, and employees via SMS or MMS regarding employment opportunities and/or their present job assignments. SMS is not meant to be used for large data transfers, such as candidates’ CVs/resumes or other large files.
Data surrounding the opt-in consent for SMS communication is never transferred to third-party entities.
In some cases, personal information of employees, such as mobile phone numbers, may be conveyed to trusted background check or payroll partners for the purposes of communication, access and validation. Otherwise, JobDiva never shares mobile numbers or any other data for marketing purposes or any other purposes. Furthermore, JobDiva never sells personal data for marketing or any other purposes. Whether employees’ data is conveyed to trusted partners or not, the employees remain part of the talent platform and/or managed workforce of JobDiva clients, and the JobDiva clients can continue to engage with them vis SMS or MMS regarding employment—as their original opt-in is not rescinded by the recipient.
Whose Data is Processed by JobDiva?
Who are the different data subjects affected by JobDiva, Inc.'s data processing?
- JobDiva Clients and Their Staff: JobDiva, Inc.'s clients—and their staff members—will use JobDiva to make recruiting decisions and analyses. These rights apply to them.
- Applicants: When individuals apply to a job using a client's career portal, they become JobDiva data subjects. These rights apply to them.
- Candidates: Candidates are data subjects whose resumes, CVs, on-boarding documents, payroll data or any qualifying information have been obtained, stored and controlled by JobDiva clients in the clients' own databases. These rights apply to them.
- Hired Employees: When individuals are hired by JobDiva, Inc.'s clients as employees, they become data subjects. Typically, these individuals are candidates and/or applicants first. Subsequently, JobDiva, Inc. clients can process payroll and benefit information about them by utilizing resources within JobDiva. These rights apply to them.
- Customers of Clients, Their Suppliers, Their Partners and Their Staff: When the data related to individuals who count as customers of JobDiva, Inc.'s clients are contained in JobDiva —"contacts" of "companies," in JobDiva's nomenclature—these individuals become data subjects. These rights apply to them.
JobDiva, Inc. and its subsidiaries provide their clients the secure means to control and process data about these five categories securely. One client's data about its data subjects is not accessible to other clients unless available to them through other sources, means or platforms not controlled by JobDiva and obtained by them from these sources, means and platforms using JobDiva or otherwise.
What Are Data Subjects' Rights?
JobDiva, Inc. and its subsidiaries furnish their clients the means, by which they can provide their data subjects (you) access to or transparency with respect to the data that JobDiva clients retain regarding the data subjects. In other words, JobDiva, Inc. and its subsidiaries supply their clients the technological means and resources by which they can provide data subjects transparency about any data held about them, and by which clients can update such data if requested by data subjects.
JobDiva, Inc.'s software provides data subjects identifiable contact information for any specified data holder (that is, the JobDiva, Inc client), with whom the data subject may then communicate with inquiries or complaints regarding their data. As data controllers, JobDiva, Inc.'s clients are expected to uphold several responsibilities (referred to elsewhere in this policy) in maintaining privacy and transparency. JobDiva, Inc. and its subsidiaries will act on any client violation that is drawn to our attention by demanding client compliance. Deliberate and repeated violations by a client can be a cause for JobDiva, Inc. to terminate its services for a client.
Your Data, Your Choice
JobDiva does not own or sell data. If a JobDiva client is holding your data, it’s because you are or have been considered for a job opportunity. This is a contractual requirement of working with JobDiva. No client of JobDiva is allowed to hold information or reach out to you based on information stored in JobDiva for anything other than employment-related opportunities. Doing so is a violation of their contract with us, and you can report these violations to email@example.com.
The JobDiva client should only transfer personal data to a third party when it relates to the recruiting lifecycle: such as screening you for real positions (for example, asking you to take a skills assessment on a testing tool where the client has assigned you a test) or for hiring you (for example, payroll platforms). Each of the platforms a JobDiva client connects with should be intrinsically related to recruiting, are in contract with our clients, and have enforceable privacy policies in place to protect any personal information they handle.
If you have concerns about where your data has been disclosed and why, you can email firstname.lastname@example.org to make this request or via mail or telephone:
44 Wall Street, 16th Floor
New York, NY 10005
In compliance with the Data Privacy Framework principles, JobDiva, Inc. commits to resolve complaints about our collection or use of your personal information. EU and Swiss individuals with inquiries or complaints regarding our Data Privacy Framework policy should first contact JobDiva, Inc.
JobDiva, Inc. has further committed to refer unresolved any Data Privacy Framework complaints to the European Union's Data Protection Authorities. If you do not receive timely acknowledgement of your complaint from us, or if we have not addressed your complaint to your satisfaction, please contact or visit the EU's register of Data Protection Authorities for more information or to file a complaint—or, if local to the USA, contact the Federal Trade Commission, which has agreed to serve as an American liaison with the Data Protection Authorities. The services of these regulatory bodies will be provided at no cost to you.
Whom Should I Contact If I Feel My Rights Have Been Violated?
Data subjects who feel that their rights have been violated are encouraged to contact the JobDiva, Inc. client controlling their data as a first recourse. If a data subject believes that a data controller who is a client of JobDiva, Inc. and its subsidiaries has violated his or her rights, and the controller has not responded satisfactorily, the data subject should contact JobDiva, Inc. by emailing email@example.com.
44 Wall Street, 16th Floor
New York, NY 10005
JobDiva, Inc. has further committed to refer unresolved any Data Privacy complaints to the European Union's Data Protection Authorities. If you do not receive timely acknowledgement of your complaint from us, or if we have not addressed your complaint to your satisfaction, please contact or visit the EU's register of Data Protection Authorities for more information or to file a complaint—or, if local to the USA, contact the Federal Trade Commission, which has agreed to serve as an American liaison with the Data Protection Authorities. The services of these regulatory bodies will be provided at no cost to you.
What Is My Recourse If I Feel My Privacy Has Been Violated?
- JobDiva Inc.'s first recourse, if a complaint is judged to not be unfounded, frivolous, or to pertain to a JobDiva, Inc. client and not to JobDiva, Inc. itself, is to forward such a complaint to the US Federal Trade Commission, if the complaint comes from a US national; or to the relevant Data Protection Authority (DPA), if the complaint comes from an EU national. JobDiva, Inc. and its subsidiaries pledge to respond to all complaints within forty-five (45) days. JobDiva, Inc. and its subsidiaries will provide detailed evidence for all claims about its privacy practices. If the Commission or DPA, whichever applies, judges the complaint to have validity, JobDiva, Inc. will execute its portion of the Commissioner's ruling within twenty-five (25) days of its issuance.
- If the complainant is not satisfied with the Commission or DPA's resolution of his or her complaint, he or she can pursue private arbitration. JobDiva, Inc. and its subsidiaries will carry out any conclusions reached by the arbitration panel. Solutions decided by arbitration will usually deal with data access, correction, deletion, or data relinquishment—not monetary awards.
JobDiva, Inc. and its subsidiaries also pledge to annually perform at least one internal review on their privacy and data-protection practices. These reviews will be available to relevant individuals and authorities at their request.
All authorities investigating a complaint that implicates JobDiva, Inc. and its subsidiaries will be free to audit their security procedures and protections—by visiting their offices.
JobDiva, Inc. commits without reserve to cooperating with the EU Data Protection Authorities (DPAs) and the Swiss Federal Data Protection and Information Commissioner (FDPIC). We pledge to comply with the advice given by such authorities with regard to human resources (HR) and non-HR data transferred from the EU and Switzerland in the context of the employment relationship.
How Does JobDiva Protect My Data?
JobDiva, Inc. and its subsidiaries take rigorous precautions in protecting data, including methods both technical and physical.
JobDiva, Inc.'s security precautions use Secure Socket Layer (SSL) methods to encrypt data. During data transfers, data are encrypted using HTTPS. JobDiva, Inc. is also equipped with an encryption mechanism for the data at rest. SHA-256 is used for passwords, and advanced database encryption is applied to key data elements, like HR-related data.
Password encryption is performed in such a way that even JobDiva, Inc.'s internal technology staff cannot read them. And to preserve password security, JobDiva, Inc.'s visitors are prompted to change their passwords every 90 days. In addition, JobDiva, Inc. disables a user's account after several unsuccessful logins attempts. JobDiva, Inc. also produces a CAPTCHA if it detects unusual suspicious activity.
JobDiva, Inc.'s software includes several layers of permission-based access. Thus, a particular login might be blocked from accessing certain data of a sensitive nature. Each JobDiva, Inc. web page accessed over HTTPS is also equipped with session validation to authenticate the user, and to prevent any data exposure without the proper login and permission.
JobDiva, Inc. also logs the access and activity of clients and maintains a report that could show unusual activity in the system.
The database servers exist within the JobDiva, Inc. internal network, which is protected by advanced up-to-date Firewalls that allow for intrusion prevention, packet filtering, application control, and other network security options.
JobDiva, Inc.'s system is hosted by secured cloud services and professional data centers. JobDiva, Inc.'s data centers are in full compliance with the latest security and privacy requirements. These data centers are compliant with SOC2, PCI-DSS, FISMA NIST SP 800-53, and ISO, among others. They are monitored 24/7 and equipped with motion-detecting cameras for surveillance. The servers are locked inside a cage, and access is only available to authorized personnel. They are controlled by a biometric check. Logs of who visits the data center and cages are kept.
Data subjects who feel that their data is at risk or who suspect an incident has occurred which could jeopardize the security of data should contact JobDiva, Inc. immediately by emailing firstname.lastname@example.org.
A Detailed Guide:
JobDiva, Inc. clients are controllers of the data that JobDiva, Inc., as a software and recruitment service provider, processes for them. EU and US JobDiva clients have overlapping responsibilities, outlined herein; the main differences appertain to the regulatory mechanisms to which their data subjects will need to turn. That JobDiva, Inc. clients control the data that JobDiva and its subsidiaries process means that such clients own, manage or leverage data, for which JobDiva, Inc. provides them the technological means. Controllers decide the purposes and ends of processed data.
As controllers, JobDiva, Inc. clients are expected to fulfill several responsibilities with respect to protecting the data they hold, and which JobDiva, Inc. processes.
Why Do Controllers Have Responsibilities?
It is extremely important that, in a world more permeated than ever by big data, data subjects trust those who process and control their information. More broadly, upholding data rights is both a business imperative and a legal necessity, and the failure to do so can result in major consequences.
JobDiva, Inc. and its subsidiaries expect their clients to uphold their responsibilities as data controllers. The below terms appear in JobDiva, Inc.'s Terms of Service, which is part of JobDiva, Inc.'s service agreement with its clients. Failure by clients to conform could result in the termination of JobDiva, Inc.'s service.
Which Data for Data Subjects (You) Do JobDiva, Inc. Clients Manage and Control?
As described above, data subjects are those individuals whose data passes through JobDiva, Inc. and its subsidiaries: JobDiva, Inc. clients' staff; applicants; candidates; hired employees; and customers of clients, their suppliers, partners and staff, and other third parties' staff with whom the JobDiva client interact in conducting theirbusiness. When controllers uphold the below principles, data security for JobDiva, Inc. data subjects is protected. Data subject types are detailed below.
- JobDiva, Inc. Clients' Staff: JobDiva, Inc.'s clients' staff members will use JobDiva to make recruiting decisions and analyses. These rights apply to them, because their data is controlled in clients' specific JobDiva databases.
- Applicants: When individuals apply to a job using a client's career portal, they become data subjects for the specific clients to whose portals they've applied. These rights apply to them.
- Candidates: Candidates are data subjects whose resumes, CVs, on-boarding documents, payroll data or any other qualifying information have been obtained, stored and controlled by JobDiva clients in the clients' own databases. These rights apply to them.
- Hired Employees: When individuals are hired by JobDiva, Inc.'s clients as employees, they become data subjects for those clients. Typically, these individuals are candidates and/or applicants first. Subsequently, JobDiva, Inc. clients can process payroll and benefit information about them by leveraging resources within JobDiva, Inc. These rights apply to them.
- Customers of Clients, Their Suppliers, Their Partners and Their Staff and Other Third Parties' Staffing with Whom JobDiva, Inc. Clients Interact in Conducting Their Business: When the data related to individuals who count as customers, suppliers, partners and other third parties of JobDiva, Inc.'s clients are contained in JobDiva—"contacts" of "companies," in JobDiva, Inc.'s nomenclature—these individuals become data subjects for those clients. Then these rights apply to them.
Your Data, Your Choice
JobDiva does not sell data. The personal data JobDiva holds itself consists either of a) candidate and applicant material who are or have been under consideration for employment opportunities at JobDiva, , b) standard Contact Relationship Management information related to prospecting and selling JobDiva’s software service, and c) client data used exclusively for servicing clients of our software.
JobDiva has strict guidelines for working with third-party applications, including having in place a confidentiality agreement. Third-parties are only used to help JobDiva in its standard business functions, as relates to our software service. The third parties have no right to utilize the data except for the purpose of servicing JobDiva within the strictures of sales and service of our platform.
Which Responsibilities Do Controllers Have?
- Transparency: If data subjects request copies of the data that JobDiva, Inc. or the JobDiva Inc. clients control regarding themselves, the information must be provided to the data subjects within thirty days of their request—except in cases where the subject's data contains proprietary client information or private data about other data subjects. Any denial of data disclosure should be communicated back to the data subject along with the legal explanations for the denial and options regarding how to appeal such a denial.
- Choice and Correction of Data: If data subjects would like to update the information held about them by JobDiva, Inc. clients, and these updates would not impact the privacy of other data subjects, then such clients should make these changes within thirty days. JobDiva, Inc. and its subsidiaries provide their clients the tools to execute such changes upon request by data subjects. JobDiva, Inc. also provides its clients with the tools that enable their data subjects to update information about themselves online. Clients are expected to hold only data that is relevant to their business purposes, for purposesconsistent with the reasons why it was acquired.
- Public Notice: JobDiva, Inc. and its subsidiaries provide their clients the ability to declare and announce their commitment to privacy—for instance, on their customized career portals. While JobDiva, Inc. and its subsidiaries will provide their clients a public declaration of intent to protect privacy, JobDiva, Inc. and its subsidiaries can only be responsible for JobDiva, Inc.'s actions and take no responsibility for the privacy practices of their clients. However, JobDiva, Inc. and its subsidiaries volunteer to assist in the resolution of any dispute and reserve the right to terminate their services to any client who might violate the privacy of data subjects.
- Purpose Limitation: If a JobDiva, Inc. client plans to use data subjects' data for purposes different from those that are either publicly defined or agreed upon between themselves and such data subjects, they must notify these data subjects. Such a notification must allow data subjects to choose whether their data should be used in the manner that the JobDiva, Inc. client has described.
What About Partnering with Third Parties?
Due to the requirements of the recruiting process, JobDiva, Inc. clients might partner with several types of third parties while hiring job candidates; JobDiva's software is responsible for technologically processing the personal information transmitted to such third parties. We do so in order to facilitate the recruitment process for our clients.
These types of third parties will usually include:
- Benefits Companies: These companies provide benefits such as insurance and workman's compensation to candidates. Examples include Blue Cross Blue Shield and Cigna.
- Background Check Companies: These companies check candidates' backgrounds for criminal and commercial records. Examples include Sterling BackCheck and easyBackgrounds.
- Cloud Emails: These companies include cloud-based email inboxes. Examples include Gmail and Outlook 365.
- Payroll Companies: These companies process payroll and human resources information. Examples include ADP and Paychex.
If a JobDiva, Inc. client partners with a third party, it is the client's responsibility to ensure that this third party will adhere to these privacy standards so far as they apply to the protection of data subjects' data. JobDiva, Inc. and its subsidiaries provide the technological means for integration, while clients must verify the third parties' privacy terms.
Clients should opt to include terms for such adherence in contracts with third parties. Third-party processing of personal data should be limited to relevant business purposes. If a third party will not follow or stops following the privacy terms set out by the JobDiva, Inc. client, and by JobDiva, Inc. and its subsidiaries, a JobDiva client should attempt to prevent all further control or processing of data subjects' data by the third party. Continued utilization of a violating third party by a JobDiva, Inc. client could because for termination of JobDiva, Inc.'s services.
Recourse Mechanisms for Controllers
JobDiva, Inc. clients must have recourse mechanisms. A data subject (you) has the right to recourse from the following mechanisms.
- The complainant (a data subject who could be you) can lodge his or her complaint with the JobDiva, Inc. client. The JobDiva, Inc. client must reply within forty-five days. If the response fails to satisfy the complainant, he or she can lodge it with regulatory bodies.
- If a complainant is in the US, he or she can contact the US Federal Trade Commission with his or her complaint. If a complainant is in the EU/UK, he or she can contact his or her local Data Protection Authority (DPA). A JobDiva, Inc. client must provide the data subject and the relevant authority explanation and evidence, where possible, relating to their data protection practices. JobDiva, Inc. and its subsidiaries pledge to assist in such communication under the direction of their client. Should an authority judge make a request for data or evidence, a JobDiva, Inc. client must cooperate with their ruling to the extent possible within twenty-five days of its issuance.
iii. If a complainant is not satisfied with these authorities' remedy for his or her complaint, he or she can pursue private arbitration with JobDiva, Inc.'s client and a private arbitration panel. JobDiva, Inc.'s client will abide by the arbitration panel's ruling. Note that such rulings will usually consist of determinations on data access, correction, deletion, or data relinquishment, and not monetary awards.
JobDiva, Inc. and its subsidiaries expect JobDiva, Inc. clients to faithfully follow through on all decisions handed down by regulatory bodies. If a client does not do so, they risk the termination of their JobDiva, Inc. service and possible legal action by the complainant.
United Kingdom Data Protection