Posted/Revised: September 23, 2018
1. OUR APPROACH TO PRIVACY
1.2 Criteria operates an employee and applicant testing platform that allows potential or current employees to take aptitude, personality and skills tests through our website at www.ondemandassessment.com (the "Service").
2. IDENTITY OF THE DATA CONTROLLER
2.1 We provide you access to the Service on behalf of your employer or prospective employer (the "Employer"). As such, most of the personal information we collect about you when you use the Service is collected on behalf of the Employer. The Employer is therefore the data controller in respect of the personal information referred to in paragraph 3 below.
2.2 We do, however, collect some personal information for our own purposes, such as where we collect certain personal information to monitor and improve our Service. Criteria is the data controller in respect of the personal information referred to in paragraph 4 below.
3. PERSONAL INFORMATION WE COLLECT ABOUT YOU ON BEHALF OF THE EMPLOYER
The personal information we may collect
3.1 We collect personal information on behalf of the Employer that you voluntarily submit directly to us when you use our Service. This can include information you provide to us when you fill in a form on our Service, respond to questions, take a test on our Service or upload any documents (such as CVs) through the Service.
3.2 We will indicate to you if the provision of certain personal information is mandatory or optional. If you choose not to provide any personal information marked as mandatory, the Employer may not be able to process your application or perform some of its obligations to you.
3.3 The list below sets out the categories of personal information we collect about you on behalf of the Employer:
(a) Contact information, such as your name or Test Event ID and e-mail address.
(b) Test responses and results. Your responses to test questions and the associated score, report or other performance evaluation.
(c) Any other personal information the Employer may request or you provide in connection with your application , such as information contained in any documents you upload to the Service.
3.4 The Employer may use this information to:
(a) open and maintain your candidate records (if you are an applicant) or update and maintain your employment records (if you are an existing employee of the Employer);
(b) communicate with you as part of the testing process;
(c) process your application or otherwise assess your suitability for a particular role;
(d) conduct identity and background checks (if you are an applicant);
(e) monitor and improve its application and/or training processes.
3.5 The processing of the above personal information is necessary for:
(a) the performance of a contract and to take steps prior to entering into a contract; and
(b) the Employer's legitimate interests, namely managing applications or human resources records.
The categories of recipients to which the Employer may transfer your personal information
3.6 As required in accordance with how the Employer uses your personal information, the Employer may share your personal information with the following:
(a) Affiliates of the Employer. Personal information may be transferred to the Employer's subsidiaries, its parent company and subsidiaries of its parent company in connection with:
(i) the provision of centralised human resources management;
(ii) group business planning, budgeting, reporting and strategy;
(iii) group-level legal and regulatory compliance and managing associated risks, providing legal advice and in connection with potential or actual litigation; and
(iv) reporting, assessing and responding to claims for risk management.
(b) Service providers and advisors. Third party vendors and other service providers that perform services for the Employer or on the Employer's behalf, which may include identifying and serving targeted advertisements, providing mailing, email or chat services, tax and accounting services, payments processing, data enhancement services, fraud prevention, web hosting, or providing analytic services. Your personal information may be disclosed in connection with:
(i) managing the application process;
(ii) storing the results of various application processes to assess the suitability of candidates for a role;
(iii) the provision of centralised human resources management;
(iv) the provision of centralised IT infrastructure; and
(v) legal and regulatory compliance and managing associated risks, including providing legal advice in connection with potential or actual litigation.
(c) Purchasers and third parties in connection with a business transaction . Personal information may be disclosed to third parties in connection with a transaction, such as a merger, sale of assets or shares, reorganisation, financing, change of control or acquisition of all or a portion of the Employer's business.
(d) Law enforcement, regulators and other parties for legal reasons . Third parties as required by law or if we reasonably believe that such action is necessary to (i) comply with the law and the reasonable requests of law enforcement; (ii) detect and investigate illegal activities and breaches of agreements; and/or (iii) exercise or protect the rights, property, or personal safety of the Employer, its users or others.
3.7 The Employer might use the personal information we collect about you on its behalf for other purposes in connection with processing your application or maintaining human resources records. Please refer to any further privacy notices provided by the Employer for further information about how the Employer will use your personal information, including the personal information we collect through the Service on its behalf.
4. PERSONAL INFORMATION WE COLLECT ABOUT YOU FOR OUR OWN PURPOSES
Personal information we may collect
4.1 We collect your contact information, such as your name or Test Event ID and e-mail address that you voluntarily submit directly to us when you fill in a form or respond to questions on our Service. We may use this information to communicate with you in connection with the testing process.
4.2 The processing of this personal information is necessary for:
(a) the performance of a contract and to take steps prior to entering into a contract; and
(b) our legitimate interests, namely administering the Service and communicating with users.
4.3 If you are in the USA, we may also collect information about your age, sex, gender, education level, primary language, and ethnicity (your "Demographic Information"). You can choose not to provide all or some of this information, and we will not inform the Employer that you have or have not chosen to provide this information. We may use this information to:
(a) monitor and improve our Service; and
(b) provide additional services to the Employer, such as monitoring and improving its application processes.
Personal information we may collect automatically
4.4 We also automatically collect the following personal information indirectly about how you access and use the Service and information about the device you use to access the Service:
(a) Information about how you access and use the Service. For example, the website from which you came and the website to which you are going when you leave our website, how frequently you access the Service, the time you access our Service and how long you use it for, the approximate location that you access the Service from, whether you access the Service from multiple devices, and other actions you take on the Service.
(b) Information about your device. We also collect information about the computer, tablet, smartphone or other electronic device you use to connect to our Service. This information can include details about the type of device, unique device identifying numbers, operating systems, browsers and applications connected to our Service through the device, your Internet service provider or mobile network, your IP address and your device's telephone number (if it has one).
4.5 We may use the information we collect automatically to present our Service to you on your device and to determine products and services that may be of interest to you for marketing purposes. We may also use the personal information we collect from you to monitor and improve our Service and business, and to help us to develop new products and services.
4.6 The processing of the personal information we collect from you automatically is necessary for our legitimate interests, namely: to tailor our Service to the user and to improve our Service generally; to monitor and resolve issues; for marketing purposes; to communicate with users; to contact users; and for the detection and prevention of fraud.
4.7 We may anonymize and aggregate any of the personal information we collect (so that it does not directly identify you). We may use anonymized information for purposes that include testing our IT systems, research, data analysis, improving our Service and developing new products and features. We may also share such anonymized information with others.
The categories of recipients to which we may transfer your personal information
4.8 As required in accordance with how we use it, we may share your personal information with the following:
(a) The Employer. We may share your Contact Information with the Employer for the purpose of providing our services to the Employer.
(b) Service providers and advisors. We may share your personal information with third party vendors and other service providers that perform services for us or on our behalf, which may include providing mailing, email or chat services, fraud prevention, web hosting, or providing analytic services.
(c) Purchasers and third parties in connection with a business transaction . Other than your Demographic Information, your personal information may be disclosed to third parties in connection with a transaction, such as a merger, sale of assets or shares, reorganisation, financing, change of control or acquisition of all or a portion of our business.
(d) Law enforcement, regulators and other parties for legal reasons . We may share your personal information with third parties as required by law or if we reasonably believe that such action is necessary to (i) comply with the law and the reasonable requests of law enforcement; (ii) detect and investigate illegal activities and breaches of agreements; and/or (iii) exercise or protect the rights, property, or personal safety of Criteria, its users or others.
5. COOKIES AND SIMILAR TECHNOLOGIES
5.2 Cookies are pieces of code that allow for personalisation of our website experience by saving your information such as user ID and other preferences. A cookie is a small data file that we transfer to your computer's hard disk for record-keeping purposes.
5.3 We use the following types of cookies:
(a) Strictly necessary cookies. These are cookies that are required for the operation of our website, such as:
(i) Enabling you to log into secure areas of our website and progress through our testing process. We use a cookie called "ci_session" for this purpose. This cookie stores encrypted session data to track your session through test completion. This cookie is installed when you first access a test on our Service, and is deleted when you finish the test or close your browsing window.
(c) Functionality cookies. These are used to recognise you when you return to our website. This enables us to personalise our content for you, greet you by name and remember your preferences (for example, your choice of language or region). We create a cookie named, "cookieTest" that stores a value of True and expires after one (1) day. This cookie is set to determine whether the user's browser has cookies enabled.
(a) Cookie settings in Internet Explorer
(b) Cookie settings in Firefox
(c) Cookie settings in Chrome
(d) Cookie settings in Safari web and iOS.
5.5 We may also employ clear gifs (also known as web beacons) which are used to anonymously track the online usage patterns of our users. In addition, we may also use clear gifs in HTML-based emails sent to our users to track which emails are opened and which links are clicked by recipients. The information allows for more accurate reporting and improvement of our Service.
5.6 To learn more about cookies, clear gifs/web beacons and related technologies and how you may opt-out of some of this tracking, you may wish to visit http://www.allaboutcookies.org.
5.7 If you only want to limit third party advertising cookies and similar technologies, you can opt out of receiving certain targeted advertising by visiting the following links (please bear in mind that there are many more companies listed on these sites than those that drop cookies via our website):
(a) Your Online Choices ( http://www.youronlinechoices.com/ )
(b) Network Advertising Initiative ( http://www.networkadvertising.org/ )
(c) Digital Advertising Alliance ( http://www.aboutads.info/consumers )
5.8 Deleting or blocking cookies may not be effective for all types of tracking technologies, such as Local Storage Objects (LSOs) like Flash objects or HTML5.
5.9 We do not track your online activities after you leave our web site. For that reason, we do not take any action in response to a Do Not Track signal in your browser settings.
6. STORING AND TRANSFERRING YOUR PERSONAL INFORMATION
6.1 Security. We implement appropriate technical and organisational measures to protect your personal information against accidental or unlawful destruction, loss, change or damage. All personal information we collect will be stored on our secure servers and all transfers of personal information are protected by TLS encryption technology. We will never send you unsolicited emails or contact you by phone requesting your account ID, password, credit or debit card information or national identification numbers.
6.2 Retention Periods. We will store the personal information we collect for our own purposes for no longer than necessary for the purposes set out and in accordance with our legal obligations and legitimate business interests. The Employer may have its own policies regarding how long they store the information we collect on its behalf - please refer to any privacy policies provided by the Employer or contact the Employer directly using the contact details below to find out more.
6.3 International Transfers of your Personal Information. As we are located in the USA, any information we collect from you for our own purposes or on behalf of an Employer will initially be collected and stored in the USA. If you are in the EU or EEA, this may mean that your personal information will be stored in a jurisdiction that offers a level of protection that may, in certain instances, be less protective of your personal information than the jurisdiction you are typically resident in.
6.5 Privacy Shield. We comply with the EU-U.S. Privacy Shield framework and Swiss-U.S. Privacy Shield framework as set forth by the U.S. Department of Commerce regarding the collection, use and retention of personal information received from European Union countries and Switzerland (the "Privacy Shield"). We have certified that we adhere to the Privacy Principles of notice, choice, accountability for onward transfer, security, data integrity, purpose limitation, access, and recourse, enforcement and liability ("Principles"). If there is any conflict between the policies in this policy and the Principles, the Principles shall govern. To learn more about Privacy Shield, please visit the U.S. Department of Commerce Privacy Shield website: https://www.privacyshield.gov/. For more information regarding our Privacy Shield certification, please see: https://www.privacyshield.gov/list.
7. YOUR RIGHTS IN RESPECT OF YOUR PERSONAL INFORMATION
7.1 If you are resident in the European Union, in accordance with European Union privacy law, you have the following rights in respect of your personal information that we or the Employer holds:
(a) Right of access. You have the right to obtain:
(i) confirmation of whether, and where, we are processing your personal information;
(ii) information about the categories of personal information we are processing, the purposes for which we process your personal information and information as to how we determine applicable retention periods;
(iii) information about the categories of recipients with whom we may share your personal information; and
(iv) a copy of the personal information we hold about you.
(b) Right of portability. You have the right, in certain circumstances, to receive a copy of the personal information you have provided to us in a structured, commonly used, machine-readable format that supports re-use, or to request the transfer of your personal data to another person.
(c) Right to rectification. You have the right to obtain rectification of any inaccurate or incomplete personal information we hold about you without undue delay.
(d) Right to erasure. You have the right, in some circumstances, to require us to erase your personal information without undue delay if the continued processing of that personal information is not justified.
(e) Right to restriction. You have the right, in some circumstances, to require us to limit the purposes for which we process your personal information if the continued processing of the personal information in this way is not justified, such as where the accuracy of the personal information is contested by you.
(f) Right to object. You have a right to object to any processing based on our legitimate interests where there are grounds relating to your particular situation. There may be compelling reasons for continuing to process your personal information, and we will assess and inform you if that is the case. You can object to marketing activities for any reason.
8. JURISDICTION AND ENFORCEMENT
8.1 As part of our participation in the Privacy Shield, we are subject to the investigatory and enforcement powers of the US Federal Trade Commission (FTC).
8.2 You also have the right to lodge a complaint to your local data protection authority. Further information about how to contact your local data protection authority is available at http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm.
8.4 We have further committed to refer unresolved privacy complaints under the Privacy Shield Principles to an independent dispute resolution mechanism, the JAMS Privacy Shield Program. Under certain conditions specified by the Principles, you may also be able to invoke binding arbitration to resolve your complaint. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit https://www.jamsadr.com/eu-us-privacy-shield for more information and to file a complaint.
9. LINKS TO THIRD PARTY SITES
Our Service may, from time to time, contain links to and from third party websites, including those of other users, our partner networks, advertisers, partner merchants, news publications, retailers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for their policies. Please check the individual policies before you submit any information to those websites.
10. OUR POLICY TOWARDS CHILDREN
10.1 Our Service is not directed at persons under 18 and we do not knowingly collect personal information from children under 18. If you become aware that your child has provided us with personal information, without your consent, then please contact us using the details below so that we can take steps to remove such information and terminate any account your child has created with us.
11. CHANGES TO THIS POLICY
12. NOTICE TO YOU
If we need to provide you with information about something, whether for legal, marketing or other business-related purposes, we will select what we believe is the best way to get in contact with you. We will usually do this through email or by placing a notice on our Service.
13. CONTACTING THE EMPLOYER
If you have any questions, comments and requests regarding your personal information collected by us on behalf of the Employer as set out in paragraph 3, please contact the Employer directly.
14. CONTACTING US
If you are based in the EU, the Criteria Corp representative is Criteria Corp EU LTD located at 9th Floor, 107 Cheapside, London, England, England, EC2V 6DN. Regardless of your location, if you have any questions, comments and requests regarding your personal information, please contact us at criteriaprivacy [at] criteriacorp.com.