Privacy Policy
TRUSTe Privacy Certification

JobDiva's Privacy Policy

44 Wall Street

18th Floor

New York, NY 10005

Effective Date: 11/01/2017

Background

Definitions:

JobDiva, Inc.'s Privacy Policy affects data processing for individuals—or, in the vocabulary of privacy law, "data subjects"—who pass through https://www.jobdiva.com and any other websites owned by JobDiva, Inc. and its subsidiaries. Data subjects include JobDiva, Inc.'s clients and their staff, their customers and customers' staff, job applicants, candidates, and anyone who browses on the JobDiva, Inc. website. The privacy policy can be viewed online here.

When, in the below text, we refer to "JobDiva, Inc. and its subsidiaries," the term "subsidiaries" refers to JobDiva's UK subsidiary, known as "JobDiva, Ltd."

Roles and Responsibilities:

While JobDiva, Inc.'s clients control the data—which comprises resumes, CVs, contact information, identifiable information and other attributes of data subjects—JobDiva, Inc. and its subsidiaries process these data, meaning that JobDiva, Inc. supplies the technological means for holding, entering, updating, organizing, delivering, transmitting, displaying and lastly protecting the data via security measures. That JobDiva, Inc.'s clients control the data means that they have the right to access, own, manage, or leverage this data. Though controller and processor entail two different relationships to data and data subjects, JobDiva, Inc. and its subsidiaries fulfill all responsibilities that follow from their processor role. JobDiva, Inc. and its subsidiaries expect and require their clients who control the data to fulfill their data privacy responsibilities likewise.

Purpose:

This Privacy Policy articulates the protections, provisions, and data subject rights for the data JobDiva processes for clients, all of which conform to the EU-US Privacy Shield and Swiss-US Privacy Shield programs—a set of rules agreed upon by the US Department of Commerce, governing data transferred between the EU, Switzerland and the US.

JobDiva, Inc. and its subsidiaries process data only in conformity to the below set of principles.

Guiding Principles

An Overview:

What follows is an overview of the JobDiva, Inc. Privacy Policy. It abridges what is detailed in-depth further on.

This Privacy Statement applies to www.jobdiva.com, www.jobdivahr.com and www.jobdiva.co.uk, all owned and operated by JobDiva, Inc. and its subsidiaries (collectively as "JobDiva", "We", "Our" or "Us"). This Privacy Statement describes how JobDiva collects and uses the personal information you provide. (In this section of JobDiva, Inc.'s Privacy Policy, we sometimes refer to data subjects in the second person, i.e., as "you.") It also describes the choices available to you regarding your use of, access to, and updates of your personal information. The use of information collected through our service shall be limited to the purpose of providing the service for which JobDiva's client has engaged JobDiva.

Certification:

JobDiva, Inc. and its subsidiaries participate in and have certified their compliance with the EU-U.S. Privacy Shield Framework. JobDiva, Inc. and its subsidiaries are committed to subjecting all personal data received from European Union (EU) member countries and Switzerland, respectively, to the Framework's Principles.  To learn more about the Privacy Shield Frameworks, and to view our certification, visit the U.S. Department of Commerce's Privacy Shield List (https://www.privacyshield.gov).

JobDiva, Inc. and its subsidiaries are responsible for the processing of personal data we receive under each Privacy Shield Framework. JobDiva, Inc. and its subsidiaries comply with the Privacy Shield Principles for all onward transfers of personal data from the EU and Switzerland, including the onward transfer liability provisions.

With respect to personal data received or transferred pursuant to the Privacy Shield Frameworks, JobDiva, Inc and its subsidiaries are subject to the regulatory enforcement powers of the U.S. Federal Trade Commission and/or the U.S. Department of Transportation. In certain situations, we may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

We may also disclose your personal information as required by law, such as to comply with a subpoena or other legal process, when we believe in good faith that such disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud or respond to a government request.

Under certain conditions, described on the Privacy Shield website and in the below test, you may be entitled to invoke binding arbitration when other dispute resolution procedures have been exhausted.  

 

 

 

Changes to This Privacy Policy:

We may update this Privacy Policy to reflect changes to our information practices. If we make any material changes we will notify you by email (sent to the e-mail address specified in your account) or by means of a notice on this website prior to the change becoming effective. We encourage you to periodically review this page for the latest information on our privacy practices.

 

JobDiva's Processor Privacy Policy

 A Detailed Guide:

JobDiva, Inc.'s clients, with whom you may have had a relationship, act as controllers for and proprietors of your data. JobDiva clients may have also received your data from third parties with whom you and JobDiva, Inc. clients may have had a relationship. As a processor of data, JobDiva, Inc.'s Privacy Policy applies to the technological tools we provide our clients for controlling, managing and retaining data. JobDiva, Inc. and its subsidiaries provide their clients the technology to enter, update, organize, deliver, transmit, display and secure data related to their staff and their customers, applicants, candidates, and any other data subjects (i.e., you) whose information they control. As a processor, JobDiva, Inc.'s central role is to provide its clients the ability to comply with the data privacy requirements outlined herein.

Why Do We Process Data?

"JobDiva" is an Applicant Tracking, Talent Management, and Customer Relations Management System. JobDiva's toolbox of software solutions allows staffing professionals to source, locate and recruit talent of whom they and their customers are in need. JobDiva also includes a robust contact relationship management system (CRM) that tracks the communication between JobDiva clients and data subjects, who include JobDiva, Inc.'s clients' customers as well as their partners, third parties, job candidates and active employees.

Using JobDiva, staffing professionals—JobDiva, Inc.'s clients—can hire applicants or submit the resumes of job seekers to their own customers for consideration.

What Kinds of Data Do We Process?

Through JobDiva, Inc's software service, JobDiva, Inc.'s customers acquire, manage and access several types of data attributed to job candidates, customer contacts, prospects, and third parties that are participants in the hiring process. (The types and identities of such third parties are discussed below). Also through JobDiva, job applicants and candidates can transmit their resumes, CVs, on-boarding documents and other forms of personal information to clients of JobDiva, Inc. and its subsidiaries. Such data can include: name, phone number, email address, address, resumes, CVs and other personal information. Resumes and CVs may include past work, salary history, hobbies, publications and educational experience as well as career-pertinent information, or information that an employer may find relevant.

In addition, JobDiva, Inc. and its subsidiaries collects cookie from visitors to our site. Cookies help us analyze visitors' traffic.

What Are the Types of Data Subjects Processed by JobDiva?

Who are the different data subjects affected by JobDiva, Inc.'s data processing?

·         JobDiva Clients and Their Staff: JobDiva, Inc.'s clients—and their staff members—will use JobDiva to make recruiting decisions and analyses. These rights apply to them.

·         Applicants: When individuals apply to a job using a client's career portal, they become JobDiva data subjects. These rights apply to them.

·         Candidates: Candidates are data subjects whose resumes, CVs, on-boarding documents, payroll data or any qualifying information have been obtained, stored and controlled by JobDiva clients in the clients' own databases. These rights apply to them.

·         Hired Employees: When individuals are hired by JobDiva, Inc.'s clients as employees, they become data subjects. Typically, these individuals are candidates and/or applicants first. Subsequently, JobDiva, Inc. clients can process payroll and benefit information about them by utilizing resources within JobDiva. These rights apply to them.

·         Customers of Clients, Their Suppliers, Their Partners and Their Staff: When the data related to individuals who count as customers of JobDiva, Inc.'s clients are contained in JobDiva —"contacts" of "companies," in JobDiva's nomenclature—these individuals become data subjects. These rights apply to them.

JobDiva, Inc. and its subsidiaries provide their clients the secure means to control and process data about these five categories securely. One client's data about its data subjects is not accessible to other clients unless available to them through other sources, means or platforms not controlled by JobDiva and obtained by them from these sources, means and platforms using JobDiva or otherwise.

What Are Data Subjects' Rights?

JobDiva, Inc. and its subsidiaries furnish their clients the means, by which they can provide their data subjects (you) access to or transparency with respect to the data that JobDiva clients retain regarding the data subjects. In other words, JobDiva, Inc. and its subsidiaries supply their clients the technological means and resources by which they can provide data subjects transparency about any data held about them, and by which clients can update such data if requested by data subjects.

JobDiva, Inc.'s software provides data subjects identifiable contact information for any specified data holder (that is, the JobDiva, Inc client), with whom the data subject may then communicate with inquiries or complaints regarding their data. As data controllers, JobDiva, Inc.'s clients are expected to uphold several responsibilities (referred to elsewhere in this policy) in maintaining privacy and transparency. JobDiva, Inc. and its subsidiaries will act on any client violation that is drawn to our attention by demanding client compliance. Deliberate and repeated violations by a client can be a cause for JobDiva, Inc. to terminate its services for a client.

Whom Should I Contact If I Feel My Rights Have Been Violated?

Data subjects who feel that their rights have been violated are encouraged to contact the JobDiva, Inc. client controlling their data as a first recourse. If a data subject believes that a data controller who is a client of JobDiva, Inc. and its subsidiaries has violated his or her rights, and the controller has not responded satisfactorily, the data subject should contact JobDiva, Inc. by emailing privacy@jobdiva.com.

JobDiva, Inc. and its subsidiaries pledge to work with any data subject in this situation to help him or her protect his or her privacy, and to ensure that any client controlling his or her data is meeting the standard of strict privacy guidelines that are in line with this Privacy Policy. JobDiva, Inc. and its subsidiaries reserve the right to terminate their services with any controller who is found to be in violation of any public law or this Privacy Policy.

Should JobDiva, Inc. and its subsidiaries change the way they process data such that the privacy guarantees enshrined herein would be somehow altered, this privacy policy will be amended accordingly.

In compliance with the Privacy Shield principles, JobDiva, Inc. commits to resolve complaints about our collection or use of your personal information. EU and Swiss individuals with inquiries or complaints regarding our Privacy Shield policy should first contact JobDiva, Inc. at:

privacy@jobdiva.com

Natasa Herbert

44 Wall Street, Floor 18

New York, NY 10005

212-306-0140

JobDiva, Inc. has further committed to refer unresolved Privacy Shield complaints to TrustArc (formerly TrustE), an alternative dispute resolution provider located in the United States. If you do not receive timely acknowledgement of your complaint from us, or if we have not addressed your complain to your satisfaction, please contact or visit TrustArc for more information or to file a complaint. The services of TrustArc will be provided at no cost to you.

What Is My Recourse If I Feel My Privacy Has Been Violated?

All JobDiva, Inc.'s data subjects have maximum recourse to independent mechanisms for enforcement. Whenever individuals are affected by any breach of the principles set forth in this Privacy Policy, they have recourse to the following forms of enforcement.

I.                     JobDiva Inc.'s first recourse, if a complaint is judged to not be unfounded, frivolous, or to pertain to a JobDiva, Inc. client and not to JobDiva, Inc. itself, is to forward such a complaint to the US Federal Trade Commission and/or the US Department of Transportation, if the complaint comes from a US national; or to the relevant Data Protection Authority (DPA), if the complaint comes from an EU national. JobDiva, Inc. and its subsidiaries pledge to respond to all complaints within forty-five (45) days. JobDiva, Inc. and its subsidiaries will provide detailed evidence for all claims about its privacy practices. If the Commission or DPA, whichever applies, judges the complaint to have validity, JobDiva, Inc. will execute its portion of the Commissioner's ruling within twenty-five (25) days of its issuance.

 

II.                   If the complainant is not satisfied with the Commission or DPA's resolution of his or her complaint, he or she can pursue private arbitration. JobDiva, Inc. and its subsidiaries will carry out any conclusions reached by the arbitration panel. Solutions decided by arbitration will usually deal with data access, correction, deletion, or data relinquishment—not monetary awards.

JobDiva, Inc. and its subsidiaries also pledge to annually perform at least one internal review on their privacy and data-protection practices. These reviews will be available to relevant individuals and authorities at their request.

All authorities investigating a complaint that implicates JobDiva, Inc. and its subsidiaries will be free to audit their security procedures and protections—by visiting their offices.

If at any point local or regional law overrides the data protections laid out in JobDiva, Inc.'s Privacy Policy, JobDiva, Inc. and its subsidiaries pledge to comply with these ordinances, with the exception that, should these laws in any way violate JobDiva, Inc.'s adherence to the principles described in the Privacy Policy, it will notify its clients in areas wherein those laws apply. Clients can refuse to give their consent to these changes, and if so, JobDiva, Inc. and its subsidiaries will not process their data in these areas.

JobDiva, Inc. commits without reserve to cooperating with the EU Data Protection Authorities (DPAs) and the Swiss Federal Data Protection and Information Commissioner (FDPIC). We pledge to comply with the advice given by such authorities with regard to human resources data transferred from the EU and Switzerland in the context of the employment relationship.

How Does JobDiva Protect My Data?

JobDiva, Inc. and its subsidiaries take rigorous precautions in protecting data, including methods both technical and physical.

JobDiva, Inc.'s security precautions use Secure Socket Layer (SSL) methods to encrypt data. During data transfers, data are encrypted using HTTPS. JobDiva, Inc. is also equipped with an encryption mechanism for the data at rest. SHA-256 is used for passwords, and advanced database encryption is applied to key data elements, like HR-related data.

Password encryption is performed in such a way that even JobDiva, Inc.'s internal technology staff cannot read them. And to preserve password security, JobDiva, Inc.'s visitors are prompted to change their passwords every 90 days. In addition, JobDiva, Inc. disables a user's account after several unsuccessful logins attempts. JobDiva, Inc. also produces a CAPTCHA if it detects unusual suspicious activity.

JobDiva, Inc.'s software includes several layers of permission-based access. Thus, a particular login might be blocked from accessing certain data of a sensitive nature. Each JobDiva, Inc. web page accessed over HTTPS is also equipped with session validation to authenticate the user, and to prevent any data exposure without the proper login and permission.

JobDiva, Inc. also logs the access and activity of clients and maintains a report that could show unusual activity in the system.

Internal data access is permitted only for key JobDiva, Inc. members, and only for the purposes of data maintenance, updates, changes, releases and technical support. These members' employment agreements require them to uphold data privacy, data confidentiality and the terms of JobDiva, Inc.'s Privacy Policy. Besides the technical expertise necessary to access the special database servers, server and database access require multiple levels of username/password authentication, which is only known to key individuals.

The database servers exist within the JobDiva, Inc. internal network, which is protected by advanced up-to-date Firewalls that allow for intrusion prevention, packet filtering, application control, and other network security options.

JobDiva, Inc.'s system is hosted by secured cloud services and professional data centers. JobDiva, Inc.'s data centers are in full compliance with the latest security and privacy requirements. These data centers are compliant with SOC2, PCI-DSS, FISMA NIST SP 800-53, and ISO, among others. They are monitored 24/7 and equipped with motion-detecting cameras for surveillance. The servers are locked inside a cage, and access is only available to authorized personnel. They are controlled by a biometric check. Logs of who visits the data center and cages are kept.

JobDiva, Inc.'s Controller Privacy Policy

JobDiva, Inc. clients are controllers of the data that JobDiva, Inc., as a software and recruitment service provider, processes for them. EU and US JobDiva clients have overlapping responsibilities, outlined herein; the main differences appertain to the regulatory mechanisms to which their data subjects will need to turn. That JobDiva, Inc. clients control the data that JobDiva and its subsidiaries process means that such clients own, manage or leverage data, for which JobDiva, Inc. provides them the technological means. Controllers decide the purposes and ends of processed data.

As controllers, JobDiva, Inc. clients are expected to fulfill several responsibilities with respect to protecting the data they hold, and which JobDiva, Inc. processes.

Why Do Controllers Have Responsibilities?

It is extremely important that, in a world more permeated than ever by big data, data subjects trust those who process and control their information. More broadly, upholding data rights is both a business imperative and a legal necessity, and the failure to do so can result in major consequences.

JobDiva, Inc. and its subsidiaries expect their clients to uphold their responsibilities as data controllers. The below terms appear in JobDiva, Inc.'s Terms of Service, which is part of JobDiva, Inc.'s service agreement with its clients. Failure by clients to conform could result in the termination of JobDiva, Inc.'s service.

Which Data for Data Subjects (You) Do JobDiva, Inc. Clients Manage and Control?

As described above, data subjects are those individuals whose data passes through JobDiva, Inc. and its subsidiaries: JobDiva, Inc. clients' staff; applicants; candidates; hired employees; and customers of clients, their suppliers, partners and staff, and other third parties' staff with whom the JobDiva client interact in conducting theirbusiness. When controllers uphold the below principles, data security for JobDiva, Inc. data subjects is protected. Data subject types are detailed below.

·         JobDiva, Inc. Clients' Staff: JobDiva, Inc.'s clients' staff members will use JobDiva to make recruiting decisions and analyses. These rights apply to them, because their data is controlled in clients' specific JobDiva databases.

·         Applicants: When individuals apply to a job using a client's career portal, they become data subjects for the specific clients to whose portals they've applied. These rights apply to them.

·         Candidates: Candidates are data subjects whose resumes, CVs, on-boarding documents, payroll data or any other qualifying information have been obtained, stored and controlled by JobDiva clients in the clients' own databases. These rights apply to them.

·         Hired Employees: When individuals are hired by JobDiva, Inc.'s clients as employees, they become data subjects for those clients. Typically, these individuals are candidates and/or applicants first. Subsequently, JobDiva, Inc. clients can process payroll and benefit information about them by leveraging resources within JobDiva, Inc. These rights apply to them.

·         Customers of Clients, Their Suppliers, Their Partners and Their Staff and Other Third Parties' Staffing with Whom JobDiva, Inc. Clients Interact in Conducting Their Business: When the data related to individuals who count as customers, suppliers, partners and other third parties of JobDiva, Inc.'s clients are contained in JobDiva—"contacts" of "companies," in JobDiva, Inc.'s nomenclature—these individuals become data subjects for those clients. Then these rights apply to them.

Which Responsibilities Do Controllers Have?

·         Transparency: If data subjects request copies of the data that JobDiva, Inc. clients control regarding them, such clients must give the data subjects this information within thirty days of their requests—except in cases where the data subject's data contains proprietary client information or private data about other data subjects.

·         Access to Data: JobDiva, Inc. and its subsidiaries provide at least two routes for furnishing copies of the data subjects' data. JobDiva, Inc.'s Candidate Portal websites let applicants and candidates access and edit certain information, such as contact information and availability, which JobDiva, Inc. clients will then retain. Secondly, JobDiva, Inc. clients can email or print, scan and mail or email data subjects information that is stored in their own client JobDiva, Inc. database—again, so long as the data does not contain the client's proprietary information or private data about other data subjects. JobDiva, Inc. and its subsidiaries provide their clients the technological means for adhering to this Privacy Policy.

·         Choice and Correction of Data: If data subjects would like to update the information held about them by JobDiva, Inc. clients, and these updates would not impact the privacy of other data subjects, then such clients should make these changes within thirty days. JobDiva, Inc. and its subsidiaries provide their clients the tools to execute such changes upon request by data subjects. JobDiva, Inc. also provides its clients with the tools that enable their data subjects to update information about themselves online. Clients are expected to hold only data that is relevant to their business purposes, for purposesconsistent with the reasons why it was acquired.

·         Public Notice: JobDiva, Inc. and its subsidiaries provide their clients the ability to declare and announce their commitment to privacy—for instance, on their customized career portals. While JobDiva, Inc. and its subsidiaries will provide their clients a public declaration of intent to protect privacy, JobDiva, Inc. and its subsidiaries can only be responsible for JobDiva, Inc.'s actions and take no responsibility for the privacy practices of their clients. However, JobDiva, Inc. and its subsidiaries volunteer to assist in the resolution of any dispute and reserve the right to terminate their services to any client who might violate the privacy of data subjects.

·         Purpose Limitation: If a JobDiva, Inc. client plans to use data subjects' data for purposes different from those that are either publicly defined or agreed upon between themselves and such data subjects, they must notify these data subjects. Such a notification must allow data subjects to choose whether their data should be used in the manner that the JobDiva, Inc. client has described.

What About Partnering with Third Parties?

Due to the requirements of the recruiting process, JobDiva, Inc. clients might partner with several types of third parties while hiring job candidates; JobDiva's software is responsible for technologically processing the personal information transmitted to such third parties. We do so in order to facilitate the recruitment process for our clients.

These types of third parties will usually include:

·         Benefits Companies: These companies provide benefits such as insurance and workman's compensation to candidates. Examples include Blue Cross Blue Shield and Cigna.

·         Background Check Companies: These companies check candidates' backgrounds for criminal and commercial records. Examples include Sterling BackCheck and easyBackgrounds.

·         Cloud Emails: These companies include cloud-based email inboxes. Examples include Gmail and Outlook 365.

·         Payroll Companies: These companies process payroll and human resources information. Examples include ADP and Paychex.

If a JobDiva, Inc. client partners with a third party, it is the client's responsibility to ensure that this third party will adhere to these privacy standards so far as they apply to the protection of data subjects' data. JobDiva, Inc. and its subsidiaries provide the technological means for integration, while clients must verify the third parties' privacy terms.

Clients should opt to include terms for such adherence in contracts with third parties. Third-party processing of personal data should be limited to relevant business purposes. If a third party will not follow or stops following the privacy terms set out by the JobDiva, Inc. client, and by JobDiva, Inc. and its subsidiaries, a JobDiva client should attempt to prevent all further control or processing of data subjects' data by the third party. Continued utilization of a violating third party by a JobDiva, Inc. client could because for termination of JobDiva, Inc.'s services.

Whenever JobDiva, Inc. clients decide to process data with a third party, they become responsible for monitoring and enforcing JobDiva, Inc.'s privacy policy with respect to the third party.  

Recourse Mechanisms for Controllers

JobDiva, Inc. clients must have recourse mechanisms. A data subject (you) has the right to recourse from the following mechanisms.

i.                     The complainant (a data subject who could be you) can lodge his or her complaint with the JobDiva, Inc. client. The JobDiva, Inc. client must reply within forty-five days. If the response fails to satisfy the complainant, he or she can lodge it with regulatory bodies.

ii.                   If a complainant is in the US, he or she can contact the US Federal Trade Commission and/or the US Department of Transportation with his or her complaint. If a complainant is in the EU/UK, he or she can contact his or her local Data Protection Authority (DPA). A JobDiva, Inc. client must provide the data subject and the relevant authority explanation and evidence, where possible, relating to their data protection practices. JobDiva, Inc. and its subsidiaries pledge to assist in such communication under the direction of their client. Should an authority judge make a request for data or evidence, a JobDiva, Inc. client must cooperate with their ruling to the extent possible within twenty-five days of its issuance.

iii.                 If a complainant is not satisfied with these authorities' remedy for his or her complaint, he or she can pursue private arbitration with JobDiva, Inc.'s client and a private arbitration panel. JobDiva, Inc.'s client will abide by the arbitration panel's ruling. Note that such rulings will usually consist of determinations on data access, correction, deletion, or data relinquishment, and not monetary awards.

JobDiva, Inc. and its subsidiaries expect JobDiva, Inc. clients to faithfully follow through on all decisions handed down by regulatory bodies. If a client does not do so, they risk the termination of their JobDiva, Inc. service and possible legal action by the complainant.

If at any point local or regional law for data subjects overrides the data protections enshrined in this Privacy Policy, JobDiva, Inc. clients must comply with these ordinances, with the exception that, should these laws in any way violate this Privacy Policy's principles, they will notify data subjects in areas wherein those laws and regulations apply. Data subjects (you) can choose whether to authorize the control and transmission of their data in those areas.

 

 

 

 

 

 

 

Request a free Demo!
*required fields
Request Demo
Submit RFP!
Upload
(less than 10MB)
I have read and accepted the Privacy Statement and Terms of Use.
*required fields
Submit
Download our free ebook!
*required fields
Download