We at Empirical Hire Ltd. ("Empirical Hire" or "us," "our," "we") recognize and respect the importance of maintaining the privacy of our customers ("Customers") and their employees and candidates assessed through our System ("Employees" and "Candidates," respectively). This Privacy Notice describes the types of information we collect from you when you use or are assessed through our integrated organizational employee assessment tools ("System") and/or use our services ("Services"), as well as when you visit our website ("Site"). This Privacy Notice also explains how we collect, process, transfer, store and disclose the information collected, as well as your ability to control certain uses of the collected information. If not otherwise defined herein, capitalized terms have the meaning given to them in the Terms of Service, available at https://test.empiricalhire.com/api/html/terms_en ("Terms"). "You" means anyone using the System for any reason, including Employees and Candidates participating in an Assessment, users serving as an administrator of the System, and anyone generating or using reports via the System.
Empirical Hire is the data controller in respect of the processing activities outlined in this Privacy Notice relating to Personal Data (as defined below) of Candidates, Employees, Administrators and Users collected and processed for the purpose of developing and improving our products and services. Our registered office is 114 Yigal Alon St., Tel Aviv-Yafo, Israel 6744320 and our registration number is 515688182.
When we process information in the context of providing Services to our Customers, the applicable Customer serves as an independent and separate controller with respect to the Personal Data (as defined below) of such Customer's Employees and Candidates assessed through System and/or Services, as well as Administrators and other Users using the System and/or Services.
Our representative in the European Union is Maetzler Rechtsanwalts GmbH & Co KG, contact details: c/o Empirical Hire Ltd., Schellinggasse 3/10, 1010 Vienna, Austria.
By clicking on the button marked "I agree," you signify your assent to the terms of this Privacy Notice.
"Personal Data" means any information that refers, is related to, or is associated with an identified or identifiable individual or as otherwise may be defined by applicable law.
The key points listed below are presented in further detail throughout this Privacy Notice. These key points do not substitute the full Privacy Notice.
Personal Data We Collect.
Users and Administrators: When you register, we collect Personal Data provided by you, such as your name, email address and job title. We also collect Personal Data when you use the System and/or Services, or contact us with questions or complaints. When you use our System and/or Services, we automatically collect information about your use of the System and/or Services. We use the information (including Personal Data) we collect and/or receive mainly to administer and provide the System and/or Services, contact you with administrative information and improve the System and Services. Processing your Personal Data is necessary for (1) the performance of the Terms and the provision of the Services to you; and (2) our legitimate interests to develop our products, review usage, perform analytics, market of our products and services prevent fraud, and for our recordkeeping and protection of our legal rights.
Candidates and Employees: When you participate in an Assessment, we collect information included in your CV and employment questionnaire. If you provide us with such information, for example, in your CV, we collect information relating to your political opinions, religious beliefs, and trade union membership, which are subject to special protections under the law. We will only collect such data if you provide your consent. We use the information (including Personal Data) we collect and/or receive to provide the Customer with the System and/or Services and to improve the System and Services. Processing your Personal Data is necessary for the performance of the Terms and our legitimate interests to develop our products and services. Processing of data relating to your political opinions, religious beliefs, and trade union membership is based upon your explicit consent.
Website Visitors: We collect Personal Data when you visit our Site, or contact us with questions or complaints. When you visit our Site, we automatically collect your IP address and operating system and other information about your use of the System and/or Services. We use the information (including Personal Data) we collect and/or receive mainly to administer and provide the Site, contact you with administrative information or respond to your inquiries and to improve the Site. We process this Personal Data based on our legitimate interests.
Sharing the Personal Data We Collect. We share the Personal Data we collect with our service providers and subcontractors who assist us in the operation of the System and process the information on our behalf and under our instructions. When we act as a processor on behalf of our Customers, we will share your Personal Data with the applicable Customer, which acts as an independent and separate controller with respect to the collection of your Personal Data.
International Transfer. We use service providers and/or subcontractors and/or cooperate with or have business partners and affiliates located in countries other than your own, and send them your Personal Data. We will ensure that we have agreements in place with such parties that ensure the same level of privacy and data protection as set forth in this Privacy Notice.
Security. We have implemented and maintain appropriate technical and organization security measures aimed at reducing the risks of damage and unauthorized access or use of Personal Data, but they do not provide absolute information security. Such measures include physical, electronic, and procedural safeguards (such as secure servers, firewalls and SSL encryption), compliance with ISO 27001, access control, and other internal security policies.
Your Rights. Subject to applicable law and in addition to other rights as set forth below, you may have a right to access, update, delete, and/or obtain a copy of the Personal Data we have collected about you. You have the right to object at any time to processing your personal data for certain purposes. You also have the right to withdraw your consent to processing, if provided, at any time by contacting us as detailed in this Privacy Notice.
Data Retention. We retain Personal Data for as long as necessary for the purposes set forth in this Privacy Notice. To determine the appropriate retention period, we consider the amount, nature, and sensitivity of the Personal Data, the potential risk of harm from unauthorized use or disclosure of your Personal Data, the purposes for which we process your Personal Data and whether those purposes can be achieved through other means, as well as applicable legal requirements.
Children. We do not knowingly collect personally-identifiable information from children under the age of sixteen (16). In the event that you become aware that an individual under the age of sixteen (16) has enrolled without parental permission, please advise us immediately.
Third-Party Applications and Services. All use of third-party applications or services is at your own risk and subject to such third party's privacy policies.
Communications. Subject to your consent and applicable law, we may send you e-mail or other messages about us or our Services. You can stop receiving future communications from us by following the UNSUBSCRIBE link located at the bottom of each communication, by emailing us at email@example.com, or through your account settings.
Changes to the Privacy Notice. We may change this Privacy Notice from time to time and shall notify you of such changes.
Comments and Questions. If you have any comments or questions about this Privacy Notice, or if you wish to exercise your legal rights with respect to your Personal Data, please contact us at firstname.lastname@example.org or visit: https://gdpr-rep.eu/q/16380349.
Personal Data We Collect, Uses and Legal Basis
Depending on your usage, we collect different types of data and we and any of our third-party sub-contractors and service providers use the data we collect for different purposes. It is your voluntary decision whether to provide us with certain Personal Data, but if you refuse to provide such information we may not be able to register you to the System and/or provide you with the Site or Services.
Users and Administrators:
1. Registration Data: In order to use our System and/or receive related Services, you will be required to register and provide us with the following Personal Data: name, email address, job title and the Customer on whose behalf you are using the System.
How we use this data: (1) to provide you with the System and/or Services; (2) to respond to your inquiries and requests and to contact and communicate with you; and (3) to prevent fraud, protect the security of our System and Services, and address any problems with the System and/or Services.
Legal Basis: We process this Personal Data for the purpose of (1) performing the Terms, which is considered performance of a contract with you and providing the System and Services to you, including responding to your inquiries and requests and providing customer support and (2) our legitimate interests to prevent fraud.
2. Automatically Collected Data: When you use the System, certain information may be automatically gathered about your use of the System, such as your browsing history and any information regarding your viewing history on our System.
How we use this data: (1) to develop new products or services and conduct analyses to improve our current content, products, and Services, (2) to review the usage and operations of our System and Services; (3) to use your data in an aggregated, non-specific format for analytical purposes (as detailed below); and (4) to prevent fraud, protect the security of our System and Services, and address any problems with the System and/or Services.;
Legal Basis: We process this Personal Data for our legitimate interests to develop our products, review usage, perform analytics, prevent fraud, and for our recordkeeping and protection of our legal rights.
3. Contact Information: When you request information from us, sign up for a demo on our Site or contact us for any other reason, we will collect any data you provide, such as your email address and the content of your inquiry.
How we use this data: To respond to your request or inquiry.
Legal Basis: We process this Personal Data based on our legitimate interests.
Candidates and Employees:
1. Employment Information: When you participate in an Assessment, we also collect information included in the CV you provide to the Customer, as well as in your employment questionnaire. Such information includes your name, address, phone number, email address, ID number, gender, date of birth, marital status, military service, education, employment history and similar matters and information that you may provide to us. If the applicable Customer is based in the United States, if you elect to provide such information when completing an employment questionnaire, we will also collect information regarding your ethnicity. Additionally, if you are an Employee, we collect information provided by the Customer with respect to your performance in your employment position.
How we use this data: (1) to provide the Customer with the System and/or Services; and (2) to develop new products or services and conduct analyses to improve our current content, products, and Services
Legal Basis: We process this Personal Data for the purpose of (1) performing the Terms, which is considered performance of a contract with the Customer and providing the System and Services to the Customer; and (2) our legitimate interests to develop our products and services.
2. Special Categories of Data: When you participate in an Assessment, we also collect data relating to your religious beliefs, political opinions or trade union membership you may provide us in your CV. Such collection is subject to your explicit consent.
How we use this data:
This data may be collected in the course of the providing the System and Services to the Customer, in the event you provide us with such information in your CV.
Legal Basis: We process this Personal Data based on your explicit consent. You may withdraw your consent by contacting us at email@example.com. We will process your request as soon as reasonably possible, however it may take a few days for us to update our records before any opt out is effective.
1. Automatically Collected Data: When you visit our Site certain information may be automatically gathered about your computer or mobile device, such as operating system, IP address, device ID, and subject to your consent as may be required under applicable law, (geo) location, as well as your browsing and viewing history on our Site.
How we use this data: (1) to develop new products or services and conduct analyses to improve our current content, products, Site and Services; (2) to review the usage and operations of our Site; (3) to use your data in an aggregated, non-specific format for analytical purposes (as detailed below); and (4) to prevent fraud, protect the security of our Site, and address any problems with the Site;
Legal Basis: We process this Personal Data for our legitimate interests to develop our products, review usage, perform analytics, prevent fraud, and for our recordkeeping and protection of our legal rights.
2. Contact Information: When you request information from us, sign up for a demo on our Site, or contact us for any other reason, we will collect any data you provide, such as your email address and the content of your inquiry.
How we use this data: To respond to your request or inquiry.
Legal Basis: When you request information or a demo from us we process your Personal Data to perform a contract with you.
By analyzing all information we receive, including all information concerning users, we may compile statistical information across a variety of platforms and users ("Statistical Information"). Statistical Information helps understand trends and customer needs so that new products and services can be considered and so that existing products and services can be tailored to customer desires. Statistical Information is anonymous and aggregated and we will not link Statistical Information to any Personal Data. We may share such Statistical Information with our partners, without restriction, on commercial terms that we can determine in our sole discretion.
Best Practices Analytics
Subject to each Customer's election, Empirical Hire may use the data provided by Customer or its behalf, including Personal Data on an anonymized basis in combination with anonymized data of other Customers to create "Best Practices" analytics. Each Customer that elect to receive Best Practices analytics agrees to the use of any data provided and/or collected on its behalf by Empirical Hire to create the Best Practices Analytics.
We may use your Personal Data as required or permitted by any applicable law.
Sharing the Personal Data We Collect
We share your information, including Personal Data, as follows:
Business Partners, Service Providers, Affiliates, and Subcontractors
We disclose information, including Personal Data we collect from and/or about you, to our trusted service providers, business partners, affiliates, subcontractors, who use such information to: (1) help us provide you with the System and/or Services; and (2) aid in their understanding of how users are using our System and/or Services.
Such service providers, business partners, affiliates, and subcontractors provide us with IT and system administration services, messaging services, data backup, security, and storage services, and data analysis services
When you participate in an Assessment though our System and/or Services, we also disclose your Personal Data to the applicable Customer, which acts as an independent and separate controller with respect to the collection of your Personal Data.
We may transfer our databases containing your Personal Data if we sell our business or part of it, including in cases of liquidation. Information about our users, including Personal Data, may be disclosed as part of, or during negotiations of, any merger, sale of company assets or acquisition and shall continue being subject to the provisions of this Privacy Notice.
Law Enforcement Related Disclosure
We will fully cooperate with any law enforcement authorities or court order requesting or directing us to disclose the identity, behavior or (digital) content and information of or related to an individual, including in the event of any user suspected to have engaged in illegal or infringing behavior. We may also share your Personal Data with third parties: (i) if we believe in good faith that disclosure is appropriate to protect our rights, property or safety (including the enforcement of the Terms and this Privacy Notice); (ii) to protect the rights, property or safety of third parties; (iii) when required by law, regulation subpoena, court order or other law enforcement related issues; or (iv) as is necessary to comply with any legal and/or regulatory obligation. You can request such Personal Data as specified herein by emailing us at firstname.lastname@example.org.
Other Uses or Transfer of Your Information
We allow you to use our System and Services in connection with third-party services, sites, and/or applications, including your internal systems. If you use our System and/or Services with or through such third-parties, we may receive information (including Personal Data) about you from those third parties. Please note that when you use third-parties outside of our System and/or Services, their own terms and privacy policies will govern your use of those services.
We use subcontractors and service providers and have business partners and affiliates who are located in countries other than your own, such as Israel, the European Union and United States and send them information we receive (including Personal Data). We conduct such international transfers for the purposes described above. We will ensure that these third parties will be subject to written agreements ensuring the same level of privacy and data protection as set forth in this Privacy Notice, including appropriate remedies in the event of the violation of your data protection rights in such third country.
Whenever we transfer your Personal Data to third parties based outside of the European Economic Area ("EEA"), we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:
We will only transfer your Personal Data to countries that have been deemed to provide an adequate level of protection for Personal Data by the European Commission.
Where we use certain service providers, we may use specific contracts approved by the European Commission which give Personal Data the same protection it has in the EEA.
Where we use service providers based in the US, we may transfer data to them if they have been certified by the EU-US Privacy Shield, which requires them to provide similar protection to Personal Data shared between the Europe and the US or any other arrangement which has been approved by the European Commission.
Please contact us at email@example.com if you would like further information on the specific mechanism used by us when transferring your Personal Data out of the EEA.
We have implemented and maintain appropriate technical and organization security measures, policies and procedures designed to reduce the risk of accidental destruction or loss, or the unauthorized disclosure or access to personal information appropriate to the nature of such information. The measures we take include:
Safeguards – The physical, electronic, and procedural safeguards we employ to protect your data include secure servers, firewalls, and SSL encryption of data.
Access Control – We dedicate efforts for a proper management of system entries and limit access only to authorized personnel on a need to know basis of least privilege rules, review permissions quarterly, and revoke access immediately after employee termination.
Internal Policies – We maintain and regularly review and update our privacy related and information security policies.
Personnel – We require new employees to sign non-disclosure agreements according to applicable law and industry customary practice.
Encryption – We encrypt the data in transit using secure SSL protocols.
Standards and Certifications – We are compliant with ISO 27001 (Information Security Management).
Database Backup – Our databases are backed up on a periodic basis for certain data and are verified regularly. Backups are encrypted and stored within the production environment to preserve their confidentiality and integrity, are tested regularly to ensure availability, and are accessible only by authorized personnel.
However, no method of transmission over the Internet or method of electronic storage is 100% secure. Therefore, while we strive to use commercially acceptable means to protect your Personal Data, we cannot guarantee its absolute security.
As the security of information depends in part on the security of the computer you use to communicate with us and the security you use to protect user IDs and passwords, please take appropriate measures to protect this information.
Your Rights - How to Access and Limit Our Use of Certain Information
Subject to certain exemptions, and in some cases dependent upon the processing activity we are undertaking, you have certain rights in relation to the Personal Data that we or other controllers hold about you, as detailed below. For any requests to exercise such rights with respect to information held by other controllers, please contact the applicable controller directly. If you wish for us to notify all independent separate controllers, please specify that request when you contact us in order to exercise any of your rights. We will investigate and attempt to resolve complaints and disputes and make every reasonable effort to honour your wish to exercise your rights as quickly as possible and in any event, within the timescales provided by data protection laws. We reserve the right to ask for reasonable evidence to verify your identity before we provide you with any information and/or comply with any of your requests, as detailed below:
Right of Access and Data Portability. You have a right to know what Personal Data we collect about you and, in some cases, to have the information communicated to you. Subject to the limitations in applicable law, you may be entitled to obtain from us a copy of the Personal Data you provided to us (excluding information that we obtained from other sources) in a structured, commonly-used, and machine-readable format, and you may have the right to (request that we) transmit such Personal Data to another party. Subject to applicable law, we may charge you with a fee. Please note that we may not be able to provide you with all the information you request, for instance, if the information includes Personal Data about another person. Where we are not able to provide you with information that you have asked for, we will endeavor to explain to you why.
Right to Correct Personal Data. Subject to the limitations in applicable law, you may request that we update, complete, correct or delete inaccurate, incomplete, or outdated Personal Data and/or that we suspend the use of Personal Data, the accuracy of which you may contest, while we verify the status of that Personal Data.
Deletion of Personal Data ("Right to Be Forgotten"). In certain circumstances you have a right to have Personal Data that we hold about you deleted. Subject to applicable law, we will delete Personal Data concerning a user within a reasonable time from the receipt of a written (including via email) request by such user to delete such collected Personal Data. We cannot restore information once it has been deleted. Please note that to ensure that we do not collect any further Personal Data, you should also terminate your account with us and clear our cookies from any device where you have used our System. We may retain certain Personal Data (including following your request to delete) for audit and record-keeping purposes, as well as other purposes, all as permissible and/or required under applicable law. We may also retain your information in an anonymized form.
Account Deactivation. You may deactivate your account through the System and/or Services, or by contacting us using the information below. In order to deactivate your account, we may ask you for additional information.
Right to Restrict Processing: You may request at any time that we limit the processing of your Personal Data if you believe that either: (i) the Personal Data is inaccurate and wish us to limit processing until we verify its accuracy; (ii) the processing is unlawful, but you do not wish us to erase the Personal Data; (iii) we no longer need the Personal Data for the purposes for which it was collected, but you still need it for the establishment, exercise, or defense of a legal claim; (iv) you have exercised your Right to Object (below) and we are in the process of verifying our legitimate grounds for processing. We may continue to use your Personal Data after a restriction request either: (a) with your consent; (b) for the establishment, exercise or defense of legal claims; or (c) to protect the rights of another natural or legal person.
Right to Object. Subject to applicable law, you may have the right to object to processing of your Personal Data for certain purposes.
Withdrawal of Consent. You may withdraw your consent in connection with any processing of your Personal Data based on a previously granted consent.
Supervisory Authority. You may have the right to submit a complaint to the relevant supervisory data protection authority.
Subject to applicable law and our (regulatory) obligations, we retain information as necessary for the purposes set forth above. We may delete information from our systems without notice to you once we deem it is no longer necessary for the purposes set forth in this Privacy Notice. We may also retain your information in an anonymized form. In addition, retention by any of our processors may vary in accordance with the processor's retention policy.
In some circumstances, we may store your Personal Data for longer periods of time, for instance where we are required to do so in accordance with legal, regulatory, tax, audit, accounting requirements and so that we have an accurate record of your dealings with us in the event of any complaints or challenges, or if we reasonably believe there is a prospect of litigation relating to your Personal Data or dealings. To determine the appropriate retention period, we consider the amount, nature, and sensitivity of the Personal Data, the potential risk of harm from unauthorized use or disclosure of your Personal Data, the purposes for which we process your Personal Data, and whether those purposes can be achieved through other means, as well as applicable legal requirements.
Please contact us at firstname.lastname@example.org if you would like details regarding the retention periods for different types of your Personal Data.
Cookies and Similar Technologies
What are Cookies?
A cookie is a small piece of text that is sent to a user's browser or device. The browser provides this piece of text to the device of the originating user when this user returns.
A "session cookie" is temporary and will remain on your device until you leave the Site and/or System.
A "persistent" cookie may be used to help save your settings and customizations across visits. It will remain on your device until you delete it.
First-party cookies are placed by us, while third-party cookies may be placed by a third party. We use both first- and third-party cookies.
Information may also be collected through web beacons, which are small graphic images ("pixel tags"), which usually work together with cookies in order to identify users and user behavior. These may be shared with third parties.
We may use the terms "cookies" to refer to all technologies that we may use to store data in your browser or device or that collect information or help us identify you in the manner described above.
The specific names and types of the cookies, web beacons, and other similar technologies we use may change from time to time. However, the cookies we use generally fall into one of the following categories:
Type of Cookie
Why We Use These Cookies
These cookies are necessary in order to allow the Site and System to work correctly. They enable you to access the System, move around, and access different services, features, and tools. Examples include remembering previous actions (e.g. entered text) when navigating back to a page in the same session. These cookies cannot be disabled.
These cookies remember your settings and preferences and the choices you make (such as language or regional preferences) in order to help us personalize your experience and offer you enhanced functionality and content.
These cookies can help us identify and prevent security risks. They may be used to store your session information to prevent others from changing your password without your login information.
These cookies can help us collect information to help us understand how you use our System, for example whether you have viewed messages or specific pages and how long you spent on each page. This helps us improve the performance of our Site and System.
These cookies collect information regarding your activity on our Site and System to help us learn more about which features are popular with our users and how our Site and System can be improved.
How to Adjust Your Preferences
Most Web browsers are initially configured to accept cookies, but you can change this setting so your browser either refuses all cookies or informs you when a cookie is being sent. In addition, you are free to delete any existing cookies at any time. Please note that some features of the Site or Services may not function properly when cookies are disabled or removed.
First Party Cookies
User identification session cookie (Security)
Third Party Cookies
Google Analytics (Analytics)
Intercom (Necessary, Functionality)
Third-Party Applications and Services
All use of third-party applications or services is at your own risk and subject to such third party's privacy policies.
Subject to applicable law, we may send you e-mail or other messages and/or a newsletter about us or our Services. You will be given the opportunity to unsubscribe from commercial messages and stop receiving future communication from us by following the UNSUBSCRIBE link in any such email or message, by emailing us at email@example.com. Please note that we reserve the right to send you service-related communications, including service announcements and administrative messages relating to your account, without offering you the opportunity to opt out of receiving them. Should you not wish to receive such communications, you may cancel your account.
We do not knowingly collect Personal Data from children under the age of sixteen (16). In the event that you become aware that an individual under the age of sixteen (16) has enrolled without parental permission, please advise us immediately.
Changes to the Privacy Notice
We may update this Privacy Notice from time to time to keep it up to date with legal requirements and the way we operate our business, and we will place any updates on this webpage. Please come back to this page every now and then to make sure you are familiar with the latest version. If we make fundamental changes to this Privacy Notice, we will seek to inform you by notice on our Site or by email.
Comments and Questions
If you have any comments or questions about this Privacy Notice or if you wish for us to amend or delete your Personal Data, or exercise any other of your legal rights, please contact us at firstname.lastname@example.org or visit: https://gdpr-rep.eu/q/16380349.
Last updated: February 2020