Privacy Shield Policy

Last Updated on April 9, 2018

Crelate, Inc. (Crelate) is committed to the principles of the EU-U.S. Privacy Shield Framework. This Privacy Shield Policy applies to EU-based customers and their corresponding users of Crelate (“Subscribers” or “Users”), EU-based candidates and employees (“Individuals”) whose data may be stored in Crelate by our Subscribers and EU-based visitors to our public website (“Visitors”). With regards to Individuals, Crelate is a Data Processor which stores and processes data on behalf of its Subscribers, which are Data Controllers. As a Data Processor, we may store and process personal data and HR related information on behalf of our Subscribers. With regards to our Subscribers, Crelate is a Data Controller and may store and process personal information about our Users. With regards to Visitors, Crelate is a Data Controller and may store and process personal information about visitors to our website. This policy applies to the Crelate application, available at jobs.crelate.com, app.crelate.com and our public website at www.crelate.com.  For information about what we collect on Visitors, please view our Public Website Privacy Policy is available here.

Important: Crelate may update this privacy statement via this website and we encourage you to periodically review this page for the most recent information on our privacy policies and practices.

 

Our adherence to Privacy Shield

Crelate, Inc. complies with the EU-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union to the United States. Crelate, Inc. has certified to the Department of Commerce that it adheres to the Privacy Shield Principles. If there is any conflict between the terms in this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov.

 

Notice

Crelate informs Subscribers and Individuals that Crelate participates in the EU-U.S. Privacy Shield Framework and that we commit to subject all personal data received from the EU to the Privacy Shield Principles. This Privacy Shield Policy describes how Crelate uses Subscribers’ and Individuals’ respective personal information, the types of third parties Crelate may share personal information with, our liability for onward transfer, who to contact with regard to privacy concerns, how disputes can be resolved, the enforcement authority we are subject to, how and when personal information may be accessed, our commitment to security, and the choices and means we offer for limiting the user and disclosure of personal information.

Crelate informs Individuals that Crelate is a contractual agent of our Subscribers and performs data processing and tasks on behalf of and under the instruction of our Subscribers.

 

Choice

Crelate does not process personal information for purposes other than for the purpose(s) for which it was originally collected or subsequently authorized by its Subscribers. Crelate does not disclose personal data to third parties unless the Subscriber affirmatively and explicitly consents (“opts-in”) to the processing. Where necessary, Crelate will provide Subscribers with the opportunity to withdraw consent (“opt-out”) at which point, their personal information will no longer be disclosed to third parties.

As an agent of our Subscribers, Crelate will refer Individuals to the relevant Subscriber when questions of Choice apply.

 

Onward Transfer and Accountability

Crelate will only share personal information about Subscribers or Individuals with third parties who are acting on our behalf (“Crelate Agents” or (“Crelate Third Parties”) in a manner that is described in our Terms of Service, Web Site Privacy Policy, and this Privacy Shield Policy. Crelate will take commercially reasonable efforts to ensure that Crelate Third Parties adhere to the Privacy Shield Principals or are in the European Union or other country considered “adequate” for privacy by the European Union Commission and are therefore required to comply with the European Union General Data Protection Regulations.

Where Crelate is made aware that a Crelate Third Party or Crelate Agent to whom it has provided EU personal information is processing or disclosing that information in a manner contrary to this policy, Crelate will take commercially reasonable steps to prevent or stop the processing or disclosure.

Crelate does not sell Subscriber, Individual, or personal information to third parties. In situations defined in the Privacy Shield Principles, we may be liable for the actions of the agent.

Refer to the section Our Third Parties below for a list of the third parties and the types of data we may transfer to them.

 

Security

Crelate, Inc. takes commercially reasonable and appropriate measures to protect personal information in its possession from loss, misuse and unauthorized access, disclosure, alteration, and destruction, taking into due account the risks involved in the processing and the nature of the personal data.

 

Access

Crelate provides hosted talent management and recruiting software to a variety of businesses. Crelate stores, processes and handles personal information on behalf of its Subscribers. The exact information that is stored within Crelate is at the discretion of our Subscribers, but will typically include contact information, resumes, and other information necessary in the process of hiring, vetting potential employees and personal information about current and past employees. Crelate acknowledges the right of EU individuals to access their personal data.

For Subscribers, upon written request, Crelate will provide details of personal information held. Crelate will take reasonable steps to allow Subscribers to correct, amend or remove their personal information.

EU Subscribers, Individuals and Visitors may request access or an identification of personal information held by contacting Crelate using the contact information listed under Point of Contact below.

For Individuals, Crelate will make reasonable efforts to assist individuals requesting access to their personal information by connecting them to the appropriate EU-based Subscriber. Crelate Subscribers are obligated to handle requests per our Terms of Service.

Crelate is not obligated to assist Subscribers, Individuals or Visitors to access personal information when the burden or expense of providing such access would be disproportionate to the risks to the individual’s privacy in the case in question, or where the rights of persons other than the individual would be violated.

 

Data Integrity and Purpose Limitation

Crelate will make commercially reasonable steps to ensure that any personal information it processes (including any processing through its agents or third parties) is limited by the purpose(s) for which such personal information has been collected.

 

Dispute Resolution

In compliance with the Privacy Shield Principles, Crelate commits to resolve complaints about our collection or use of your personal information. European Union individuals with inquiries or complaints regarding our Privacy Shield policy should first contact Crelate, Inc at privacy@crelate.com.

If Subscribers and Visitors do not receive timely acknowledgement of their complaint, or if their complaint is not satisfactorily addressed by Crelate, these EU individuals may bring a complaint before BBB EU Privacy Shield, an independent recourse mechanism located in the United States.  For more information and to file a complaint go to www.bbb.org/EU-privacy-shield/for-eu-consumers/. The services of BBB EU Privacy Shield are provided at no cost to you.

Finally, as a last resort and under limited conditions, Subscribers and Visitors with residual complaints may have the right to invoke binding arbitration. Please see the Privacy Shield website for details.

 

Enforcement

As part of this agreement, Crelate is subject to the investigatory and enforcement powers of the United States Federal Trade Commission (FTC).

 

Cooperation with Law Enforcement

Crelate may be required to disclose personal information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

 

Point of Contact

If you have questions, comments or complaints related to Crelate’s Privacy Policy or the handling of personal information contact us by email at privacy@crelate.com. Correspondence may be mailed to:
Crelate, Inc.
Attention: Privacy and Security Operations
805 Kirkland Ave
STE #100
Kirkland, WA 98033

 

Our Third Parties

Crelate uses the following Third-Party Service Providers in conjunction with providing its service to our Subscribers, Visitors and Individuals.

Analytics – Crelate uses various web analytic providers to measure the usage and engagement of our service by users.

Hosting and Monitoring – Crelate uses various cloud infrastructure, monitoring and hosting providers to provide its services and maintain the performance and availability of its services.

Job Boards and other integrations – Crelate provides its Subscribers integration to a range of Third-parties. In most cases, Subscribers must opt-in to have their personal data shared with these services.

Email and Marketing Platforms – Crelate uses marketing platforms to communicate with Subscribers and Visitors that have opted in for such communications.  See our Website Privacy Policy for details.

Customer Success and Payments – Crelate uses various cloud-based customer support and payment providers in connect with providing support for Subscribers and Visitors and processing payments from Subscribers.

 

In all cases, the Third-Parties may collect some or all of the following information in connection with providing their service: cookies, location, IP address, usage and personal data.

For information on Third Parties related to our Public Website, please refer to our Website Privacy Policy. Note that Crelate may be liable for the onward transfer of EU personal data to third parties unless the organization proves that it is not responsible for the event giving rise to the damage.