1. Glossary of terms
Term/Acronym |
Definition |
Automated Decision-Making (ADM) |
means when a decision based solely on automated processing, including profiling, which produces legal effects or similarly affects a Data Subject. |
CCPA |
means the California Consumer Privacy Act of 2018. |
Confidential Information |
means non-public information that derives independent value from not being generally known to the public, but does not include any information that (i) was or subsequently becomes publicly available without breach of any confidentiality obligations, (ii) was known prior to the disclosure of such information, (iii) was or is subsequently obtained from another source without breach of any confidentiality obligation, or (iv) is independently developed without reference to any Sensitive and/or Confidential Information. |
Consent |
means a statement or a clear affirmative action, performed by the Data Subject, that signifies their agreement to the Processing of their Personal Data. Consent should be freely given, specific, informed, and be an unambiguous indication of the Data Subject’s wishes. |
Data Breach |
Please refer to the TextRecruit’ Incident Response Policy. |
Data Controller |
means the person or organization that determines the purpose and means of the Processing of Personal Data. |
Data Processor |
means the person or organization that Processes Personal Data on behalf of the Data Controller. |
Data Subject |
means an identified or identifiable natural person whose rights are protected by applicable data protection and privacy laws, including, but not limited to, a “Consumer” as defined in the CCPA. |
Dispose |
and its cognates mean the discarding or abandonment of Sensitive and/or Confidential Information; or the sale, donation, or transfer of any medium, including computer equipment, upon which this Sensitive and/or Confidential Information is stored. |
GDPR |
means the (a) Regulation (EU) 2016/679 on the protection of natural persons with regard to Processing of Personal Data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation), and (b) the UK GDPR. |
Need to Know Parties (NKP) |
means TextRecruit consultants, vendors, partners, or other third parties that are provided Information by TextRecruit on a need-to-know basis subject to confidentiality obligations. |
Personal Data |
means any information relating, directly or indirectly, to an identified or identifiable Data Subject, where such information is protected under applicable law or regulation. |
Personal Identifiable Information (PII) |
means a Data Subject’s first name or first initial and last name in combination with any one or more of the following data elements: (i) social security number; (ii) driver’s license number or state-issued identification card number; or (iii) account number, credit or debit card number, in combination with any required security code, access code, or password that would permit access to a Data Subject’s financial account. |
Personnel |
means TextRecruit employees (part-time and full-time), interns, directors, and members. |
Process |
and its cognates mean any operation or set of operations which is performed on Personal Data, whether or not by automatic means, such as collection, recording organization, structuring, storage, adaption or alteration, retrieval, consultation, use disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction. |
Processor |
means a specific NKP that Processes Personnel Data with respect to TextRecruit’ corporate operations. |
Security Incident |
Please refer to the TextRecruit’ Incident Response Policy. |
Sensitive Information |
means to Personal Data, PII, and SPD. |
Sensitive Personal Data (SPD) |
is a form of Personal Data and means any information revealing a Data Subject’s genetic or biometric data, racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, sexual orientation and lifestyle, or criminal convictions or offenses. |
Subject Access Request (SAR) |
means request made by or on behalf of a Data Subject for information which they are entitled to ask for under applicable law or regulation, including, but not limited to, the GDPR, the UK GDPR or the CCPA. |
Subprocessor |
means a specific NKP that processes subscriber Personal Data in connection with any product or service delivered by TextRecruit, including the TextRecruit Talent Platform. |
Subscriber Data |
Please refer to the TextRecruit Subscription Agreement, which may be found at www.TextRecruit.com/gc. |
UK GDPR |
means the EU GDPR as amended and incorporated into UK law under the UK European Union (Withdrawal) Act 2018, if in force. |
2. TextRecruit’s Commitment to Privacy
TextRecruit, Inc. (“TextRecruit”) recognizes the importance of protecting and ensuring the integrity of Sensitive and Confidential Information, including Personal Data. Sensitive and Confidential Information is gathered, used, stored, shared, secured, retained, and disposed of in accordance with applicable laws and regulations, privacy best practices, and the terms of the agreement between TextRecruit and the subscriber.
This Data Security & Privacy Statement (“Statement”) explains how we process, gather, use, store, share, secure, retain, and dispose of Sensitive and Confidential information, including Personal Data, on behalf of our subscribers’ and their users. To this end, TextRecruit has adopted this statement and program designed to secure and limit unauthorized disclosure of such confidential, proprietary, and/or Personal Data.
EU-U.S. and Swiss-U.S. Privacy Shield
TextRecruit complies with the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks (“Privacy Shield Frameworks”) as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Economic Area, the UK and Switzerland to the United States. TextRecruit has certified to the U.S. Department of Commerce that it adheres to the Privacy Shield Principles.
EU’s General Data Protection Regulation, UK GDPR (if in force) and CCPA
TextRecruit complies with the EU-GDPR, the UK GDPR and the CCPA Frameworks, by and through the Privacy Shield Frameworks, as applicable, regarding the legal safeguards required to protect EU, UK and California residents’ Personal Data.
3. Who Are We?
TextRecruit delivers a tool that allows subscribers to send text messages as part of the talent acquisition lifecycle or for other employment purposes as determined by the subscriber. TextRecruit is dedicated to meeting the privacy and data protection needs of its subscribers, in order to protect Sensitive and Confidential Information for our subscribers’ users.
4. Types of Sensitive Information Processed
TextRecruit processes information on behalf of its subscribers. The type of information generally processed by TextRecruit includes the following categories of data.
To this end, Text Recruit recognizes that processing Sensitive Information varies by country and implements the following principles of data protection based upon the agreement between the subscriber and Text Recruit, and the subscriber’s requirements.
Text Recruit processes Personal Data as defined by the EU GDPR on behalf of its subscribers. Personal Data includes the following data types: Internal Data; External Data; Financial Data; Social Data; Historical Data; and Tracking Data.
Examples of Types of Personal Data
Internal Data |
External Data |
Financial Data |
Social Data |
Historical Data |
Tracking Data |
|
Attitude
|
|
|
|
|
5. How We Process Confidential and Sensitive Information
Personnel and NKPs shall only use Confidential and Sensitive Information for a legitimate business purpose in the performance of their duties, including (without limitation):
5.1. Processing of Personal Data
TextRecruit recognizes the importance of processing Personal Data, and values the lawful, accurate, and secure processing of Personal Data. Therefore, to assist its subscribers in complying with applicable laws and regulations, TextRecruit’s Subscription is enabled to Process Personal Data on behalf of its subscribers and in accordance with the following Data Protection Principles:
These Data Protection Principles must be followed at all times when Processing or using Personal Data.
Through appropriate management and strict application of criteria and controls, TextRecruit by and through the TextRecruit Subscription:
Lastly, where TextRecruit processes Personal Data on behalf of its subscribers, TextRecruit serves as a Service Provider as defined in CCPA Section 1798.140(v). Under those same circumstances, TextRecruit’ subscribers are considered to be a Business as defined in CCPA Section 1798.140(c).
As such, subscribers disclose Personal Data to TextRecruit solely for: (i) a valid business purpose; and (ii) TextRecruit to provide the Subscription. Except as agreed upon in writing by TextRecruit and each subscriber, TextRecruit is prohibited from: (i) selling Personal Data; (ii) retaining, using, or disclosing the Personal Data for a commercial purpose other than providing the Subscription; and (iii) retaining, using, or disclosing the Personal Data outside of the Subscription Agreement between TextRecruit and subscriber.
Under no circumstances envisioned in the Subscription Agreement is either party considered to be a Third Party as defined in CCPA Section 1798.140(w).
5.2. Subject Access Rights
Under the applicable law or regulation, including, but not limited to the GDPR, the UK GDPR (if in force), and the CCPA, a Data Subject may request details about his/her Personal Data which TextRecruit processes on behalf of a subscriber. These rights may include: the right to be informed that processing is being undertaken, to access one’s Personal Data, to prevent processing in certain circumstances, and to correct, rectify, block, or erase Personal Data.
TextRecruit assists its subscribers in fulfilling Subject Access Requests in accordance with the terms of the agreement between TextRecruit and the subscriber.
5.3. Privacy By Design
TextRecruit embeds privacy considerations into business processes and systems through appropriate physical, technological, and procedural controls reasonably designed to ensure Personal Data is processed and secured in accordance with applicable law or regulation, including, but not limited to, the GDPR, the UK GPDR (if in force), and the CCPA.
TextRecruit implements various security measures through its information security policies and procedures that ensures that unauthorized access or disclosure of Sensitive and/or Confidential Information does not happen by accident or design.
6. Safeguarding of Confidential and Sensitive Information
In addition to processing Personal Data in accordance with the principles provided for in the Section titled, “Types of Sensitive Information Processed,” TextRecruit adheres to the below data privacy principles for all Sensitive and/or Confidential Information, including PII and SPD. To this end TextRecruit, implements physical, procedural, and information technology safeguards as follows:
7. Responsibilities of Personnel
Unauthorized disclosure of Sensitive and Confidential Information is strictly prohibited. Personnel, Processors, and Sub-processors should not disclose Sensitive and Confidential Information obtained in the course of their work with Text Recruit, or access Sensitive and Confidential Information without appropriate permissions. The terms of the agreement between Text Recruit and the subscriber dictates how Sensitive and Confidential Information is obtained and/or disclosed.
Personnel shall use reasonable efforts to safeguard Sensitive and Confidential Information and keep it private and confidential, including, but not limited to, taking the following actions as appropriate:
8. Disposal of Information
9. Accountability and Liability
10. Data Backup and Disaster Recovery
Text Recruit, through its incident response policies and procedures shall notify the subscriber without undue delay when it becomes aware of a Personal Data Breach affecting the subscribers Personal Data.
Additionally, TextRecruit implements an Incident Response Policy and Procedure that ensures a consistent and effective approach to the management of a Security Incident including a Data Breach. Data Breaches usually occur through the unauthorized or accidental use or disclosure of Sensitive and/or Confidential Information by Personnel or by a deliberate attack on the Company’s systems.
Security Incidents, including Data Breaches, are handled in accordance with the terms of the agreement between TextRecruit and the subscriber and TextRecruit’ Incident Response Procedures.
[1] This Statement supersedes and replaces the privacy statement previously referred to as the Data Security & Privacy Policy.
[2] Text Recruit does not govern the content of text messages. The content of text messages is controlled by the privacy practices of the subscriber.
iCIMS Acquires Opening.io. Introducing iCIMS Talent Logic. Learn more about our new transformative AI Solution.
|