This policy describes how Hireproof processes your data.
Personal data refers to any information relating to a natural person (“data subject”) that can identify them directly or indirectly. Personal data, data subject, controller and other key terms are defined in the General Data Protection Regulation (2016/679, “GDPR”). Hireproof complies with the GDPR in all processing of personal data in conjunction with other applicable national data protection legislation (“data protection legislation”).
Controller: Hireproof Oy
Business ID: 3198028-3
Address: Revontulentie11 G 19, 02100 Espoo, Finland
Why do we process personal data?
We may process personal data for the following purposes:
- Delivery of our products and services for you based on contract or its preparation, for example, when you use our services.
- Managing and analyzing the customer relationship and use of the Hireproof solution based on Hireproof’s legitimate interest.
- Communication with you, for example, to send you alerts and notifications relating to our products and services, inform you that our product and services have changed, and ask for your feedback on our products and services based on contract or its preparation or Hireproof’s legitimate interest.
- Complying and fulfilling our legal duties and obligations such as tax law and accounting-related obligations based on statutory obligations.
- Ensuring the security of our products, services, and IT environments and preventing abuses based on statutory obligation or Hireproof’s legitimate interest.
- Provision of information and materials related to our products and services, for example by newsletters and direct marketing based on Hireproof’s legitimate interest or consent.
- Direct marketing based on Hireproof’s legitimate interest in sending you promotional material about products and services you might be interested in. The data subject has the right to refuse personal data being used for direct marketing and may at any time recall prior consent.
For processing activities that are based on a legitimate interest, we have carefully balanced such legitimate interest with the data subjects' right to privacy and concluded that our interest outweighs the data subjects’ rights and freedoms.
Where the processing is such that consent is required by the applicable legislation, we will state so and obtain the consent, and this will be the legal basis for the processing. However, you have the right to withdraw that consent at any time without affecting the lawfulness of processing based on consent before its withdrawal. If such withdrawal means that we are no longer able to provide our services, we may cease to provide the services.
What data is collected, stored, and processed?
The following personal data from the data subjects will be processed:
- First and last name
- Contact information (postal address, e-mail address, phone numbers)
- Job title and employer (past and current)
- Username and password
- Information on the use of the Hireproof solution as well as content created by you
- Technical data sent to Hireproof by your digital devices (such as computers and mobile devices) as well as information related to cookies and other similar technologies
- Recordings, transcripts and/or notes of interactions (meetings, phone calls, etc.) with Hireproof personnel as well as e-mail and chat correspondence
- Direct marketing preferences
- Campaigns and promotions directed to you, as well as their use
- Information of data subjects who have made purchases, given feedback and/or made complaints related to Hireproof solution
- Purchase history (incl. contracts) billing, and payment collection data
Where do we gather your personal data from?
The personal data is mainly collected directly from the data subjects themselves, for example, at the time of registration or use of the Hireproof solution or when contacting us.
The personal data may also be collected automatically when the data subject uses our products and services e.g., when using our online services.
In addition, and with the permission of the data subject, data may be collected in other ways in a marketing context.
Personal data may be updated and supplemented by collecting data from private and public sources.
How long do we process your personal data?
We retain personal data only for a period that is necessary to achieve the purposes for which personal data is processed unless there is a legal obligation to retain personal data for a longer period of time(for example, responsibilities and obligations under specific legislation, accounting or reporting obligations). Hireproof may retain information for a longer period of time if it is required, for example, to exercise a legal claim, to defend a legal claim, or to settle a similar dispute. In general, we observe the following criteria for retaining and deleting personal data:
- Hireproof solution users’ personal data is retained for the duration of using the Hireproof’s services and thereafter for a maximum period of 2 years following the last login.
- Electronic marketing subscribers’ personal data is retained until the subscription is withdrawn.
Detailed retention times can be provided upon requests.
We evaluate the necessity and accuracy of the personal data on a regular basis and endeavor to ensure that the incorrect and unnecessary personal data are corrected or deleted.
Is your data shared with others?
In addition, we may share the personal data in connection with any merger, sale of our assets, or financing or acquisition of all or a portion of our business and in connection with other similar arrangements.
The personal data is also disclosed to third parties if required under any applicable law or regulation or order by competent authorities, and to investigate possible infringing use of the products and services as well as to guarantee the safety of the Hireproof products and services. In the event of emergencies or other unexpected circumstances, Hireproof may be required to disclose the personal data of registered persons in order to protect human life, health, and property.
List of the processors and other recipients:
- Intercom, Inc., provider of the Intercom chat service incorporated in the Hireproof solution
- Mixpanel, for application analytics
- Sentry, for tracking errors that users face in the application
Is data transferred outside the European Union or the European Economic area?
Hireproof does not, as a rule, transfer personal data outside the European Union (EU) or the European Economic Area (EEA).
In case personal data is transferred outside the European Union (EU) or the European Economic Area (EEA), such transfers are either made to a country that is deemed to provide a sufficient level of privacy protection by the European Commission or transfers are carried out by using appropriate safeguards such as standard data protection clauses (SCC) adopted, including any supplementary measures, where assessed to be necessary, or otherwise approved by the EU Commission or competent data protection authority in accordance with the GDPR.
How is the data protected?
Securing the integrity and confidentiality of personal data is important to Hireproof. We have taken adequate technical and organizational measures in accordance with industry standards in order to keep personal data safe and to secure it against unauthorized access, loss, misuse, or alteration by third parties, such as by firewalls, physical security measures, access controls, assignment of access rights, encryption and active monitoring of the aforementioned measures.
Nevertheless, considering the cyber threats in the modern-day online environment, we cannot give a full guarantee that our security measures will prevent illegally and maliciously operating third parties from obtaining access to personal data or absolute security of the personal data during its transmission or storage on our systems.
All parties processing personal data have a duty of confidentiality in matters related to the processing of personal data. Access to personal data is restricted to those employees and parties who need it to perform their duties. We also require our service providers to have appropriate methods in place to protect personal data.
Automated decision-making and profiling
Hireproof does not use any automated decision-making or any profiling pursuant to Article 22GDPR.
Rights of data subjects
The data subject has a number of rights under applicable data protection laws.
Right of access and right of inspection
The data subject has the right to obtain confirmation as to whether or not personal data concerning them is being processed.
The data subject has the right to inspect and view data concerning them and, upon a request, the right to obtain the data in a written or electric form. This applies to information that the data subject has provided to Hireproof insofar as the processing is based on a contract/consent.
Right to rectification and right to erasure
The data subject has the right to demand the rectification of inaccurate personal data concerning them and to have incomplete personal data completed.
Right to data portability
The data subject has the right to receive the personal data that they have provided to Hireproof in a structured, commonly used, and machine-readable format and, if desired, transmit that data to another controller. The right to data portability applies to the processing of personal data based on consent or a contract.
Right to restriction of processing
The data subject has the right, under conditions defined by data protection legislation, to request the restriction of processing of their personal data. In situations where personal data suspected to be incorrect cannot be corrected or removed, or if the removal request is unclear, we will limit access to such data.
Right to object to processing
The data subject has the right to object to the processing of data where Hireproof is relying on its legitimate interests as the legal ground for the processing. For example, the data subject may object to their personal data being used for marketing purposes.
Right to withdraw consent
In cases where the processing is based on the data subjects’ consent, the data subject has the right to withdraw their consent to such processing at any time.
Right to lodge a complaint with a supervisory authority
The data subject has the right to lodge a complaint with a competent data protection authority if the data subject considers that the processing of personal data relating to the data subject infringes current legislation.
However, we request that the matter will be dealt with Hireproof in the first instance.
The relevant authority in Finland is the Data Protection Ombudsman (www.tietosuoja.fi).
Identity will be checked before the information is given out, which is why we may have to ask for additional details. The request will be responded to within a reasonable time and, where possible, within one month of the request and the verification of identity.
If the data subject’s request cannot be met, the refusal shall be communicated to the data subject in writing. We may refuse a request (for example, erasure of data) due to a statutory obligation or a statutory right of Hireproof, such as an obligation or a claim relating to our services.
If you have any questions relating to our data protection policies or wish to exercise your rights, please do not hesitate to contact us.
|Version history||Change description||Date|
|1.0||Document created||November 18, 2021|
|1.1||Improved readability; updated the list of data processors according to product changes||May 4, 2022|