Privacy Policy for Insight Portfolio Companies
Criteria Corp
PRIVACY POLICY FOR INSIGHT PORTFOLIO COMPANIES
1. OUR APPROACH TO PRIVACY
1.1 Criteria Corp. ("Criteria", "we", "our", or "us") is committed to protecting and respecting your privacy. This privacy policy sets out how we collect, store, process, transfer, share and use data that identifies or is associated with you ("personal information") and information regarding our use of cookies and similar technologies.
1.2 Criteria operates an employee and applicant testing platform that allows companies to invite potential or current employees to take aptitude, personality and skills tests through our website at www.ondemandassessment.com (the "Service").
1.3 Before accessing or using our Service, please ensure that you have read and understood our collection, storage, use and disclosure of your personal information as described in this privacy policy.
2. IDENTITY OF THE DATA CONTROLLER
2.1 Criteria provides you access to the Service on behalf of your employer or prospective employer (the "Employer") and Insight Venture Management, L.L.C (“Insight”), a company described in Section 3.1(a) below. As such, most of the personal information we collect about you when you use the Service is collected on behalf of the Employer or Insight. The Employer or Insight is therefore the data controller in respect of the personal information referred to in paragraph 3 below.
2.2 Criteria does, however, collect some personal information for our own purposes, such as where we collect certain personal information to monitor and improve our Service. Criteria is the data controller in respect of the personal information referred to in Section 4 below. This only applies to data that has not been anonymized.
3. PERSONAL INFORMATION WE COLLECT ABOUT YOU ON BEHALF OF THE EMPLOYER AND INSIGHT
3.1 The Controllers.
- The Employer. We collect personal information (other than the Demographic Information, described below) on behalf of the Employer for the purpose of providing our services to the Employer. The Employer might use the personal information we collect about you on their behalf for purposes in connection with processing your application, maintaining human resources records, and improving and monitoring the Employer's services and application processes, as necessary for its legitimate interests, namely: managing applications or human resources records. Please refer to any further privacy notices provided by the Employer for further information about how the Employer will use your personal information, including the personal information we collect through the Service.
- Insight Venture Management, L.L.C. ("Insight"). We collect your personal information, (including, if you consent, the Demographic Information) on behalf of Insight, the management company for an equity investor in the Employer, for the purpose of providing our services to Insight. For more information about how Insight may process, disclose, or otherwise use the personal information it receives from us through the Service, please refer to Insight’s privacy policy at https://www.insightpartners.com/privacy-policy/.
The personal information we may collect from you on behalf of the Employer or Insight directly
3.2 We collect personal information on behalf of the Employer or Insight that you voluntarily submit directly to us when you use our Service. This can include information you provide to us when you fill in a form on our Service, respond to questions, take a test on our Service or upload any documents (such as CVs) through the Service.
3.3 We will indicate to you if the provision of certain personal information is mandatory or optional. If you choose not to provide any personal information marked as mandatory, we may not be able to perform our obligations to you, and the Employer may not be able to process your application or perform some of its obligations to you.
3.4 The list below sets out the categories of personal information we may collect about you on behalf of the Employer or Insight:
a. Contact information, such as your name or Test Event ID and e-mail address.
b. Test responses and results. Your responses to test questions and the associated score, report or other performance evaluation.
c. Demographic Information, including your age, gender, education level, primary language, and ethnicity. We may provide this information to the Employer, but only in aggregated, anonymized form. You can choose not to provide all or some of this information, and we will not inform the Employer that you have or have not chosen to provide this information.
d. Any other personal information the Employer may request or you provide in connection with your application, such as information contained in any documents you upload to the Service.
4. PERSONAL INFORMATION WE COLLECT ABOUT YOU FOR OUR OWN PURPOSES
Personal information we may collect from you
4.1 We collect your contact information, such as your name or Test Event ID and e-mail address that you voluntarily submit directly to us when you fill in a form or respond to questions on our Service. We may use this information to communicate with you in connection with the testing process.
4.2 The processing of this personal information is necessary for:
(a) the performance of a contract and to take steps prior to entering into a contract; and
(b) our legitimate interests, namely administering the Service and communicating with users.
4.3 If you are in the USA, we may also collect information about your age, sex, gender, education level, primary language, and ethnicity (your "Demographic Information"). You can choose not to provide all or some of this information, and we will not inform the Employer that you have or have not chosen to provide this information. We may use this information to:
(a) monitor and improve our Service; and
(b) provide additional services to the Employer, such as monitoring and improving its application processes.
Personal information we may collect automatically
4.4 We also automatically collect the following personal information indirectly about how you access and use the Service and information about the device you use to access the Service:
(a) Information about how you access and use the Service. For example, the website from which you came and the website to which you are going when you leave our website, how frequently you access the Service, the time you access our Service and how long you use it for, the approximate location that you access the Service from, whether you access the Service from multiple devices, and other actions you take on the Service.
(b) Information about your device. We also collect information about the computer, tablet, smartphone or other electronic device you use to connect to our Service. This information can include details about the type of device, unique device identifying numbers, operating systems, browsers and applications connected to our Service through the device, your Internet service provider or mobile network, your IP address and your device's telephone number (if it has one).
4.5 We may use the information we collect automatically to present our Service to you on your device and to determine products and services that may be of interest to you for marketing purposes. We may also use the personal information we collect from you to monitor and improve our Service and business, and to help us to develop new products and services.
4.6 The processing of the personal information we collect from you automatically is necessary for our legitimate interests, namely: to tailor our Service to the user and to improve our Service generally; to monitor and resolve issues; for marketing purposes; to communicate with users; to contact users; and for the detection and prevention of fraud.
4.7 We may anonymize and aggregate any of the personal information we collect (so that it does not directly identify you). We may use anonymized information for purposes that include testing our IT systems, research, data analysis, improving our Service and developing new products and features. We may also share such anonymized information with others.
The categories of recipients to which we may transfer your personal information
4.8 As required in accordance with how we use it, we may share your personal information with the following:
(a) The Employer. We may share your Contact Information with the Employer for the purpose of providing our services to the Employer.
(b) Service providers and advisors. We may share your personal information with third party vendors and other service providers that perform services for us or on our behalf, which may include providing mailing, email or chat services, fraud prevention, web hosting, or providing analytic services.
(c) Purchasers and third parties in connection with a business transaction. Other than your Demographic Information, your personal information may be disclosed to third parties in connection with a transaction, such as a merger, sale of assets or shares, reorganization, financing, change of control or acquisition of all or a portion of our business.
(d) Law enforcement, regulators and other parties for legal reasons. We may share your personal information with third parties as required by law or if we reasonably believe that such action is necessary to (i) comply with the law and the reasonable requests of law enforcement; (ii) detect and investigate illegal activities and breaches of agreements; and/or (iii) exercise or protect the rights, property, or personal safety of Criteria, its users or others.
(e) With other companies and brands owned or controlled by Criteria, including but not limited to JobFlare®, and other companies owned by or under the common ownership as Criteria, which also includes our subsidiaries (i.e., any organization we own or control) or our ultimate holding company (i.e., any organization that owns or controls us) and any subsidiaries it owns. These companies will use your personal information in the same way as we can under this policy.
5. COOKIES AND SIMILAR TECHNOLOGIES
5.1
What Are Cookies? Cookies are pieces of code that allow for personalization of our website experience by saving your information such as user ID and other preferences. A cookie is a small data file that we transfer to your computer's hard disk for record-keeping purposes.
5.2 Our website uses cookies to distinguish you from other users of our website. This helps us to provide you with a good experience when you browse our website and also allows us to improve our website. We use the following types of cookies:
a. Strictly necessary cookies. These are cookies that are required for the operation of our website. They include, for example, cookies that enable you to log into secure areas of our website, use a shopping cart or make use of e-billing services. Www.HireSelect.com and www.OnDemandAssessment.com do not use any cookies, however www.criteriacorp.com may use cookies as described above.
b. Analytical/performance cookies. They allow us to recognize and count the number of visitors and to see how visitors move around our website when they are using it. This helps us to improve the way our website works, for example, by ensuring that users are finding what they are looking for easily.
c. Google Analytics. We use a tool called “Google Analytics” to collect information about use of this site. Google Analytics collects information such as how often users visit this site, what pages they visit when they do so, and what other sites they used prior to coming to this site. We use the information we get from Google Analytics only to improve this site. Google Analytics collects only the IP address assigned to you on the date you visit this site, rather than your name or other identifying information. We do not combine the information collected through the use of Google Analytics with personally identifiable information. Although Google Analytics plants a permanent cookie on your web browser to identify you as a unique user the next time you visit this site, the cookie cannot be used by anyone but Google. Google’s ability to use and share information collected by Google Analytics about your visits to this site is restricted by the Google Analytics Terms of Use (as amended for government websites) and the Google Privacy Policy. You can prevent Google Analytics from recognizing you on return visits to this site by disabling cookies on your browser.
d. Functionality cookies. These are used to recognize you when you return to our website. This enables us to personalize our content for you, greet you by name and remember your preferences (for example, your choice of language or region).
e. Testing. We create a cookie named, “cookieTest” that stores a value of True and expires after one (1) day. This cookie is set to determine whether the user’s browser has cookies enabled.
f. We also create a cookie named, "ci_session" that stores encrypted session data when a user enters an Event ID or submits her information to begin a test. The cookie does not collect any information. It simply stores some of the IDs that are assigned to the test taker including the Test Event ID and Test Taker ID. This is used to track the user’s session through test completion. The cookie is cleared when the test is complete, or the browser window is closed.
5.3 Managing Cookies. The cookies we use are designed to help you get the most from our Service but if you do not wish to receive cookies, most browsers allow you to change your cookie settings. Please note that if you choose to refuse cookies you may not be able to use the full functionality of our Service. These settings will typically be found in the "options" or "preferences" menu of your browser. In order to understand these settings, the following links may be helpful, otherwise you should use the "Help" option in your browser for more details.
a. Cookie settings in Internet Explorer
b. Cookie settings in Firefox
c. Cookie settings in Chrome
d. Cookie settings in Safari web and iOS.
5.4 Use of WebBeacons and Other Tracking Tools. We may also employ clear gifs (also known as web beacons) which are used to anonymously track the online usage patterns of our users. In addition, we may also use clear gifs in HTML-based emails sent to our users to track which emails are opened and which links are clicked by recipients. The information allows for more accurate reporting and improvement of our Service.
5.5 Information on Cookies ands Related Technologies. To learn more about cookies, clear gifs/web beacons and related technologies and how you may opt-out of some of this tracking, you may wish to visit https://www.allaboutcookies.org.
5.6 Opting-Out. If you only want to limit third party advertising cookies and similar technologies, you can opt out of receiving certain targeted advertising by visiting the following links (please bear in mind that there are many more companies listed on these sites than those that drop cookies via our website):
a. Your Online Choices (https://www.youronlinechoices.com/)
b. Network Advertising Initiative (https://www.networkadvertising.org/)
c. Digital Advertising Alliance (https://www.aboutads.info/consumers)
5.7 Do Not Track. Please note that at this time we do not respond to the browser “Do Not Track” (“DNT”) signal if enabled in your web browser. Third parties accessed through out website of the Service may have their own third-party cookies, and they may or may not respond to the DNT signal.
6. STORING AND TRANSFERRING YOUR PERSONAL INFORMATION
6.1 Security. We implement appropriate technical and organizational measures to protect your personal information against accidental or unlawful destruction, loss, change or damage. All personal information we collect will be stored on our secure servers. All transfers of personal information are protected by TLS encryption technology. We will never send you unsolicited emails or contact you by phone requesting your account ID, password, credit or debit card information or national identification numbers.
6.2 Retention Periods. We will store the personal information we collect for our own purposes for no longer than necessary for the purposes set out and in accordance with our legal obligations and legitimate business interests. Your Employer may have their own policies regarding how long they store the information we collect on their behalf â please refer to any privacy policies provided by your Employer or contact your Employer directly using the contact details below to find out more.
6.3 International Transfers of your Personal Information. As we are located in the USA, any information we collect from you for our own purposes or on behalf of an Employer will initially be collected and stored in the USA. If you are in the EU or EEA, this may mean that your personal information will be stored in a jurisdiction that offers a level of protection that may, in certain instances, be less protective of your personal information than the jurisdiction you are typically resident in.
6.4 We will take reasonable steps to ensure that your personal information is treated securely and in accordance with applicable law and this privacy policy.
6.5 Privacy Shield. We comply with the EU-U.S. Privacy Shield framework and Swiss-U.S. Privacy Shield framework as set forth by the U.S. Department of Commerce regarding the collection, use and retention of personal information received from European Union countries and Switzerland (the "Privacy Shield"). We have certified that we adhere to the Privacy Principles of notice, choice, accountability for onward transfer, security, data integrity, purpose limitation, access, and recourse, enforcement and liability ("Principles"). If there is any conflict between the policies in this policy and the Principles, the Principles shall govern. To learn more about Privacy Shield, please visit the U.S. Department of Commerce Privacy Shield website: https://www.privacyshield.gov/. For more information regarding our Privacy Shield certification, please see: https://www.privacyshield.gov/list.
7. YOUR RIGHTS IN RESPECT OF YOUR PERSONAL INFORMATION
Residents of the European Union.
7.1 If you are resident in the European Union, in accordance with European Union privacy law, you have the following rights in respect of your personal information that we hold on our own behalf or on behalf of the Employer:
a. Right of access. The right to obtain access to your personal information;
b. Right of portability. The right, in certain circumstances, to receive a copy of the personal information you have provided to us in a structured, commonly used, machine-readable format that supports re-use, or to request the transfer of your personal information to another person;
c. Right to rectification. The right to obtain rectification of your personal information without undue delay where that personal information is inaccurate or incomplete.
d. Right to erasure. The right, in certain circumstances, to obtain the erasure of your personal information without undue delay in certain circumstances, such as where the personal information is no longer necessary in relation to the purposes for which it was collected or processed.
e. Right to restriction. The right, in certain circumstances, to restrict the processing undertaken by us on your personal information in certain circumstances, such as where the accuracy of the personal information is contested by you, for a period enabling us to verify the accuracy of that personal information.
7.2 If you wish to exercise one of these rights, please contact us at https://gdpr-rep.eu/q/14974834; or Criteria Corp c/o Maetzler Rechtsanwalts GmbH & Co KG, Schellinggasse 3/10, 1010 Vienna, Austria. Please add the following subject to all correspondence: GDPR-REP ID: 14974834. We will, in our capacity as a data controller, honor your requests according to applicable law. We will also contact the Employer and Insight, who may also have obligations to fulfil your requests with respect to their control of your data.
California Residents
7.3 If you are a resident of the State of California, you may exercise the rights described below. By choosing to exercise your rights as described below, you are declaring that you (or the person on whose behalf you are submit the request) are a California resident as defined in the California Consumer Privacy Act of 2018, Civil Code Section 1798.100 (“CCPA”).
(a) Right to Know. You have the right to ask us for a copy of your Personal Information collected over the past 12 months and for information about how we collect, use, disclose, and sell it. We do not share Personal Information with third parties for their own direct marketing purposes without your permission. Please refer to the following sections of our privacy policy for specific information on how we collect, use, disclose, and sell Personal Information over the past twelve (12) months:(i) categories of Personal Information we collected: Sections 3.1, 4.1, 4.4, 5.1, and 5.4(ii) sources of Personal Information: Sections 3.1, 4.1, 4.4, and 5.1 (iii) how we used Personal Information: Sections 3.4, 4.1, 4.5, 4.6, 4.7, and 5.3(iv) how we share Personal Information: Sections 4.8 and 5.3.
(b) Right to Deletion. You have the right to request for us to delete any of your Personal Information. If you delete your Personal Information, you will permanently lose access to your Personal Information and/or Criteria customer account. We may deny your deletion request when permitted by applicable law including, without limitation, when Personal Information is needed to comply with our legal obligations, meet regulatory requirements, support our business operations, resolve disputes, maintain security, prevent fraud and abuse, enforce our Terms and Conditions of Use, fulfill your request to “unsubscribe” from further messages from us, or confirm that we have deleted your Personal Information. We retain anonymized information after your account has been closed. We cannot disclose or delete specific pieces of Personal Information if the disclosure would create a substantial, articulable, and unreasonable risk to the security of personal information, your account with us or the security of our systems.
(c) Right to Opt-Out of the Sale of Your Personal Information. You have the right to ask that we not sell your Personal Information. Criteria does not sell or rent personal information to third parties for money. We do, however, share your Personal information as we have described in this privacy policy to make the Criteria Service available to you.
(d) Right to Non-Discrimination. Criteria will not discriminate against customers or users who exercise their rights under the CCPA.
7.4 Exercising your Rights. If you wish to exercise one of these rights, please email us at: help@criteriacorp.com. Please include your name and email address with your request. Before we can process any such request, we will need to verify your identity through the email address or telephone number associated with your use of our Service, and confirm your request prior to fulfilling any such request and reserve the right to deny a request where we are unable to satisfactorily complete this process. If you authorize someone to make a request on your behalf, we may also deny your request if we are unable to verify that the individual making the request is authorized to act on your behalf. Once your identity and request have been verified by Criteria, we will attempt to notify the Employer and Insight for additional processing of your request.
Residents of Other Jurisdictions
7.5 Residents in other jurisdictions may have similar rights to the above. If you would like to exercise one of these rights, please contact us and Insight using the contact details at the end of this privacy policy. We will comply with any request to the extent required under applicable law.
8. JURISDICTION AND ENFORCEMENT
8.1 As part of our participation in the Privacy Shield, we are subject to the investigatory and enforcement powers of the US Federal Trade Commission (FTC).
8.2 You also have the right to lodge a complaint to your local data protection authority. Further information about how to contact your local data protection authority is available at http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm.
8.3 In compliance with the EU-US and Swiss-US Privacy Shield Principles, we commit to resolve complaints about your privacy and our collection or use of your personal information. European Union or Swiss individuals with inquiries or complaints regarding this privacy policy should first contact us using the contact information listed below.
8.4 We have further committed to refer unresolved privacy complaints under the Privacy Shield Principles to an independent dispute resolution mechanism, the JAMS Privacy Shield Program. Under certain conditions specified by the Principles, you may also be able to invoke binding arbitration to resolve your complaint. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit https://www.jamsadr.com/eu-us-privacy-shield for more information and to file a complaint.
9. LINKS TO THIRD PARTY SITES
Our Service may, from time to time, contain links to and from third party websites, including those of other users, our partner networks, advertisers, partner merchants, news publications, retailers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for their policies. Please check the individual policies before you submit any information to those websites.
10. OUR POLICY TOWARDS CHILDREN
Our Service is not directed at persons under 16 and we do not knowingly collect personal information from children under 16. If you become aware that your child has provided us with personal information, without your consent, then please contact us using the details below so that we can take steps to remove such information and terminate any account your child has created with us.
11. CHANGES TO THIS POLICY
We may update this privacy policy from time to time and so you should review this page periodically. When we change this privacy policy in a material way, we will update the "last modified" date at the end of this privacy policy. Changes to this privacy policy are effective when they are posted on this page.
12. NOTICE TO YOU
If we need to provide you with information about something, whether for legal, marketing or other business related purposes, we will select what we believe is the best way to get in contact with you. We will usually do this through email or by placing a notice on our Service.
13. CONTACTING CRITERIA AND INSIGHT
13.1 Criteria’s Corporate Offices are located at:
Criteria Corp
750 N. San Vicente Blvd, Suite 1500
West Hollywood, CA USA 90069
Criteria Corp EU c/o Maetzler Rechtsanwalts GmbH & Co KG
Attorneys at Law
Schellinggasse 3/10, 1010 Vienna, Austria
Please add the following subject to all correspondence: GDPR-REP ID: 14974834
If you are based in the EU, you may also contact us at: https://gdpr-rep.eu/q/14974834. Regardless of your location, please contact help@criteriacorp.com if you have any questions, comments, or requests regarding your personal information.
13.2 If you have any questions, comments and requests regarding how Insight uses your personal information, you may contact Insight directly at datainquiries@insightpartners.com.
This privacy policy was last modified on 23 September, 2020.