44 Wall Street
New York, NY 10005
Effective Date: 11/01/2017
When, in the below text, we refer to "JobDiva, Inc. and its subsidiaries," the term "subsidiaries" refers to JobDiva's UK subsidiary, known as "JobDiva, Ltd."
Roles and Responsibilities:
While JobDiva, Inc.'s clients control the data—which comprises resumes, CVs, contact information, identifiable information and other attributes of data subjects—JobDiva, Inc. and its subsidiaries process these data, meaning that JobDiva, Inc. supplies the technological means for holding, entering, updating, organizing, delivering, transmitting, displaying and lastly protecting the data via security measures. That JobDiva, Inc.'s clients control the data means that they have the right to access, own, manage, or leverage this data. Though controller and processor entail two different relationships to data and data subjects, JobDiva, Inc. and its subsidiaries fulfill all responsibilities that follow from their processor role. JobDiva, Inc. and its subsidiaries expect and require their clients who control the data to fulfill their data privacy responsibilities likewise.
JobDiva, Inc. and its subsidiaries process data only in conformity to the below set of principles.
JobDiva, Inc. participates in and has certified its compliance with the EU-U.S. and Swiss-U.S. Privacy Shield Framework. JobDiva, Inc. is committed to subjecting all personal data received from European Union (EU) member countries and Switzerland, respectively, to the Frameworks' Principles. To learn more about the Privacy Shield Frameworks, and to view our certification, visit the U.S. Department of Commerce's Privacy Shield List (https://www.privacyshield.gov).
JobDiva, Inc. is responsible for the processing of personal data we receive under each Privacy Shield Framework. JobDiva, Inc. complies with the Privacy Shield Principles for all onward transfers of personal data from the EU and Switzerland, including the onward transfer liability provisions.
With respect to personal data received or transferred pursuant to the Privacy Shield Frameworks, JobDiva, Inc is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission and/or the U.S. Department of Transportation. In certain situations, JobDiva, Inc. may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
JobDiva, Inc. may also disclose your personal information as required by law, such as to comply with a subpoena or other legal process, when we believe in good faith that such disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud or respond to a government request.
Under certain conditions, described on the Privacy Shield website and in the below test, you may be entitled to invoke binding arbitration when other dispute resolution procedures have been exhausted.
A Detailed Guide:
Why Do We Process Data?
"JobDiva" is an Applicant Tracking, Talent Management, and Customer Relations Management System. JobDiva's toolbox of software solutions allows staffing professionals to source, locate and recruit talent of whom they and their customers are in need. JobDiva also includes a robust contact relationship management system (CRM) that tracks the communication between JobDiva clients and data subjects, who include JobDiva, Inc.'s clients' customers as well as their partners, third parties, job candidates and active employees.
Using JobDiva, staffing professionals—JobDiva, Inc.'s clients—can hire applicants or submit the resumes of job seekers to their own customers for consideration.
What Kinds of Data Do We Process?
Through JobDiva, Inc's software service, JobDiva, Inc.'s customers acquire, manage and access several types of data attributed to job candidates, customer contacts, prospects, and third parties that are participants in the hiring process. (The types and identities of such third parties are discussed below). Also through JobDiva, job applicants and candidates can transmit their resumes, CVs, on-boarding documents and other forms of personal information to clients of JobDiva, Inc. and its subsidiaries. Such data can include: name, phone number, email address, address, resumes, CVs and other personal information. Resumes and CVs may include past work, salary history, hobbies, publications and educational experience as well as career-pertinent information, or information that an employer may find relevant.
What Are the Types of Data Subjects Processed by JobDiva?
Who are the different data subjects affected by JobDiva, Inc.'s data processing?
- JobDiva Clients and Their Staff: JobDiva, Inc.'s clients—and their staff members—will use JobDiva to make recruiting decisions and analyses. These rights apply to them.
- Applicants: When individuals apply to a job using a client's career portal, they become JobDiva data subjects. These rights apply to them.
- Candidates: Candidates are data subjects whose resumes, CVs, on-boarding documents, payroll data or any qualifying information have been obtained, stored and controlled by JobDiva clients in the clients' own databases. These rights apply to them.
- Hired Employees: When individuals are hired by JobDiva, Inc.'s clients as employees, they become data subjects. Typically, these individuals are candidates and/or applicants first. Subsequently, JobDiva, Inc. clients can process payroll and benefit information about them by utilizing resources within JobDiva. These rights apply to them.
- Customers of Clients, Their Suppliers, Their Partners and Their Staff: When the data related to individuals who count as customers of JobDiva, Inc.'s clients are contained in JobDiva —"contacts" of "companies," in JobDiva's nomenclature—these individuals become data subjects. These rights apply to them.
JobDiva, Inc. and its subsidiaries provide their clients the secure means to control and process data about these five categories securely. One client's data about its data subjects is not accessible to other clients unless available to them through other sources, means or platforms not controlled by JobDiva and obtained by them from these sources, means and platforms using JobDiva or otherwise.
What Are Data Subjects' Rights?
JobDiva, Inc. and its subsidiaries furnish their clients the means, by which they can provide their data subjects (you) access to or transparency with respect to the data that JobDiva clients retain regarding the data subjects. In other words, JobDiva, Inc. and its subsidiaries supply their clients the technological means and resources by which they can provide data subjects transparency about any data held about them, and by which clients can update such data if requested by data subjects.
JobDiva, Inc.'s software provides data subjects identifiable contact information for any specified data holder (that is, the JobDiva, Inc client), with whom the data subject may then communicate with inquiries or complaints regarding their data. As data controllers, JobDiva, Inc.'s clients are expected to uphold several responsibilities (referred to elsewhere in this policy) in maintaining privacy and transparency. JobDiva, Inc. and its subsidiaries will act on any client violation that is drawn to our attention by demanding client compliance. Deliberate and repeated violations by a client can be a cause for JobDiva, Inc. to terminate its services for a client.
Whom Should I Contact If I Feel My Rights Have Been Violated?
Data subjects who feel that their rights have been violated are encouraged to contact the JobDiva, Inc. client controlling their data as a first recourse. If a data subject believes that a data controller who is a client of JobDiva, Inc. and its subsidiaries has violated his or her rights, and the controller has not responded satisfactorily, the data subject should contact JobDiva, Inc. by emailing email@example.com.
In compliance with the Privacy Shield principles, JobDiva, Inc. commits to resolve complaints about our collection or use of your personal information. EU and Swiss individuals with inquiries or complaints regarding our Privacy Shield policy should first contact JobDiva, Inc. at:
44 Wall Street, Floor 18
New York, NY 10005
JobDiva, Inc. has further committed to refer unresolved any Privacy Shield complaints to the European Union's Data Protection Authorities. If you do not receive timely acknowledgement of your complaint from us, or if we have not addressed your complaint to your satisfaction, please contact or visit the EU's register of Data Protection Authorities for more information or to file a complaint—or, if local to the USA, contact the Federal Trade Commission, which has agreed to serve as an American liaison with the Data Protection Authorities. The services of these regulatory bodies will be provided at no cost to you.
What Is My Recourse If I Feel My Privacy Has Been Violated?
- JobDiva Inc.'s first recourse, if a complaint is judged to not be unfounded, frivolous, or to pertain to a JobDiva, Inc. client and not to JobDiva, Inc. itself, is to forward such a complaint to the US Federal Trade Commission and/or the US Department of Transportation, if the complaint comes from a US national; or to the relevant Data Protection Authority (DPA), if the complaint comes from an EU national. JobDiva, Inc. and its subsidiaries pledge to respond to all complaints within forty-five (45) days. JobDiva, Inc. and its subsidiaries will provide detailed evidence for all claims about its privacy practices. If the Commission or DPA, whichever applies, judges the complaint to have validity, JobDiva, Inc. will execute its portion of the Commissioner's ruling within twenty-five (25) days of its issuance.
- If the complainant is not satisfied with the Commission or DPA's resolution of his or her complaint, he or she can pursue private arbitration. JobDiva, Inc. and its subsidiaries will carry out any conclusions reached by the arbitration panel. Solutions decided by arbitration will usually deal with data access, correction, deletion, or data relinquishment—not monetary awards.
JobDiva, Inc. and its subsidiaries also pledge to annually perform at least one internal review on their privacy and data-protection practices. These reviews will be available to relevant individuals and authorities at their request.
All authorities investigating a complaint that implicates JobDiva, Inc. and its subsidiaries will be free to audit their security procedures and protections—by visiting their offices.
JobDiva, Inc. commits without reserve to cooperating with the EU Data Protection Authorities (DPAs) and the Swiss Federal Data Protection and Information Commissioner (FDPIC). We pledge to comply with the advice given by such authorities with regard to human resources data transferred from the EU and Switzerland in the context of the employment relationship.
How Does JobDiva Protect My Data?
JobDiva, Inc. and its subsidiaries take rigorous precautions in protecting data, including methods both technical and physical.
JobDiva, Inc.'s security precautions use Secure Socket Layer (SSL) methods to encrypt data. During data transfers, data are encrypted using HTTPS. JobDiva, Inc. is also equipped with an encryption mechanism for the data at rest. SHA-256 is used for passwords, and advanced database encryption is applied to key data elements, like HR-related data.
Password encryption is performed in such a way that even JobDiva, Inc.'s internal technology staff cannot read them. And to preserve password security, JobDiva, Inc.'s visitors are prompted to change their passwords every 90 days. In addition, JobDiva, Inc. disables a user's account after several unsuccessful logins attempts. JobDiva, Inc. also produces a CAPTCHA if it detects unusual suspicious activity.
JobDiva, Inc.'s software includes several layers of permission-based access. Thus, a particular login might be blocked from accessing certain data of a sensitive nature. Each JobDiva, Inc. web page accessed over HTTPS is also equipped with session validation to authenticate the user, and to prevent any data exposure without the proper login and permission.
JobDiva, Inc. also logs the access and activity of clients and maintains a report that could show unusual activity in the system.
The database servers exist within the JobDiva, Inc. internal network, which is protected by advanced up-to-date Firewalls that allow for intrusion prevention, packet filtering, application control, and other network security options.
JobDiva, Inc.'s system is hosted by secured cloud services and professional data centers. JobDiva, Inc.'s data centers are in full compliance with the latest security and privacy requirements. These data centers are compliant with SOC2, PCI-DSS, FISMA NIST SP 800-53, and ISO, among others. They are monitored 24/7 and equipped with motion-detecting cameras for surveillance. The servers are locked inside a cage, and access is only available to authorized personnel. They are controlled by a biometric check. Logs of who visits the data center and cages are kept.
JobDiva, Inc. clients are controllers of the data that JobDiva, Inc., as a software and recruitment service provider, processes for them. EU and US JobDiva clients have overlapping responsibilities, outlined herein; the main differences appertain to the regulatory mechanisms to which their data subjects will need to turn. That JobDiva, Inc. clients control the data that JobDiva and its subsidiaries process means that such clients own, manage or leverage data, for which JobDiva, Inc. provides them the technological means. Controllers decide the purposes and ends of processed data.
As controllers, JobDiva, Inc. clients are expected to fulfill several responsibilities with respect to protecting the data they hold, and which JobDiva, Inc. processes.
Why Do Controllers Have Responsibilities?
It is extremely important that, in a world more permeated than ever by big data, data subjects trust those who process and control their information. More broadly, upholding data rights is both a business imperative and a legal necessity, and the failure to do so can result in major consequences.
JobDiva, Inc. and its subsidiaries expect their clients to uphold their responsibilities as data controllers. The below terms appear in JobDiva, Inc.'s Terms of Service, which is part of JobDiva, Inc.'s service agreement with its clients. Failure by clients to conform could result in the termination of JobDiva, Inc.'s service.
Which Data for Data Subjects (You) Do JobDiva, Inc. Clients Manage and Control?
As described above, data subjects are those individuals whose data passes through JobDiva, Inc. and its subsidiaries: JobDiva, Inc. clients' staff; applicants; candidates; hired employees; and customers of clients, their suppliers, partners and staff, and other third parties' staff with whom the JobDiva client interact in conducting theirbusiness. When controllers uphold the below principles, data security for JobDiva, Inc. data subjects is protected. Data subject types are detailed below.
- JobDiva, Inc. Clients' Staff: JobDiva, Inc.'s clients' staff members will use JobDiva to make recruiting decisions and analyses. These rights apply to them, because their data is controlled in clients' specific JobDiva databases.
- Applicants: When individuals apply to a job using a client's career portal, they become data subjects for the specific clients to whose portals they've applied. These rights apply to them.
- Candidates: Candidates are data subjects whose resumes, CVs, on-boarding documents, payroll data or any other qualifying information have been obtained, stored and controlled by JobDiva clients in the clients' own databases. These rights apply to them.
- Hired Employees: When individuals are hired by JobDiva, Inc.'s clients as employees, they become data subjects for those clients. Typically, these individuals are candidates and/or applicants first. Subsequently, JobDiva, Inc. clients can process payroll and benefit information about them by leveraging resources within JobDiva, Inc. These rights apply to them.
- Customers of Clients, Their Suppliers, Their Partners and Their Staff and Other Third Parties' Staffing with Whom JobDiva, Inc. Clients Interact in Conducting Their Business: When the data related to individuals who count as customers, suppliers, partners and other third parties of JobDiva, Inc.'s clients are contained in JobDiva—"contacts" of "companies," in JobDiva, Inc.'s nomenclature—these individuals become data subjects for those clients. Then these rights apply to them.
Which Responsibilities Do Controllers Have?
- Transparency: If data subjects request copies of the data that JobDiva, Inc. clients control regarding them, such clients must give the data subjects this information within thirty days of their requests—except in cases where the data subject's data contains proprietary client information or private data about other data subjects.
- Choice and Correction of Data: If data subjects would like to update the information held about them by JobDiva, Inc. clients, and these updates would not impact the privacy of other data subjects, then such clients should make these changes within thirty days. JobDiva, Inc. and its subsidiaries provide their clients the tools to execute such changes upon request by data subjects. JobDiva, Inc. also provides its clients with the tools that enable their data subjects to update information about themselves online. Clients are expected to hold only data that is relevant to their business purposes, for purposesconsistent with the reasons why it was acquired.
- Public Notice: JobDiva, Inc. and its subsidiaries provide their clients the ability to declare and announce their commitment to privacy—for instance, on their customized career portals. While JobDiva, Inc. and its subsidiaries will provide their clients a public declaration of intent to protect privacy, JobDiva, Inc. and its subsidiaries can only be responsible for JobDiva, Inc.'s actions and take no responsibility for the privacy practices of their clients. However, JobDiva, Inc. and its subsidiaries volunteer to assist in the resolution of any dispute and reserve the right to terminate their services to any client who might violate the privacy of data subjects.
- Purpose Limitation: If a JobDiva, Inc. client plans to use data subjects' data for purposes different from those that are either publicly defined or agreed upon between themselves and such data subjects, they must notify these data subjects. Such a notification must allow data subjects to choose whether their data should be used in the manner that the JobDiva, Inc. client has described.
What About Partnering with Third Parties?
Due to the requirements of the recruiting process, JobDiva, Inc. clients might partner with several types of third parties while hiring job candidates; JobDiva's software is responsible for technologically processing the personal information transmitted to such third parties. We do so in order to facilitate the recruitment process for our clients.
These types of third parties will usually include:
- Benefits Companies: These companies provide benefits such as insurance and workman's compensation to candidates. Examples include Blue Cross Blue Shield and Cigna.
- Background Check Companies: These companies check candidates' backgrounds for criminal and commercial records. Examples include Sterling BackCheck and easyBackgrounds.
- Cloud Emails: These companies include cloud-based email inboxes. Examples include Gmail and Outlook 365.
- Payroll Companies: These companies process payroll and human resources information. Examples include ADP and Paychex.
If a JobDiva, Inc. client partners with a third party, it is the client's responsibility to ensure that this third party will adhere to these privacy standards so far as they apply to the protection of data subjects' data. JobDiva, Inc. and its subsidiaries provide the technological means for integration, while clients must verify the third parties' privacy terms.
Clients should opt to include terms for such adherence in contracts with third parties. Third-party processing of personal data should be limited to relevant business purposes. If a third party will not follow or stops following the privacy terms set out by the JobDiva, Inc. client, and by JobDiva, Inc. and its subsidiaries, a JobDiva client should attempt to prevent all further control or processing of data subjects' data by the third party. Continued utilization of a violating third party by a JobDiva, Inc. client could because for termination of JobDiva, Inc.'s services.
Recourse Mechanisms for Controllers
JobDiva, Inc. clients must have recourse mechanisms. A data subject (you) has the right to recourse from the following mechanisms.
- The complainant (a data subject who could be you) can lodge his or her complaint with the JobDiva, Inc. client. The JobDiva, Inc. client must reply within forty-five days. If the response fails to satisfy the complainant, he or she can lodge it with regulatory bodies.
- If a complainant is in the US, he or she can contact the US Federal Trade Commission and/or the US Department of Transportationwith his or her complaint. If a complainant is in the EU/UK, he or she can contact his or her local Data Protection Authority (DPA). A JobDiva, Inc. client must provide the data subject and the relevant authority explanation and evidence, where possible, relating to their data protection practices. JobDiva, Inc. and its subsidiaries pledge to assist in such communication under the direction of their client. Should an authority judge make a request for data or evidence, a JobDiva, Inc. client must cooperate with their ruling to the extent possible within twenty-five days of its issuance.
iii. If a complainant is not satisfied with these authorities' remedy for his or her complaint, he or she can pursue private arbitration with JobDiva, Inc.'s client and a private arbitration panel. JobDiva, Inc.'s client will abide by the arbitration panel's ruling. Note that such rulings will usually consist of determinations on data access, correction, deletion, or data relinquishment, and not monetary awards.
JobDiva, Inc. and its subsidiaries expect JobDiva, Inc. clients to faithfully follow through on all decisions handed down by regulatory bodies. If a client does not do so, they risk the termination of their JobDiva, Inc. service and possible legal action by the complainant.