Privacy Policy

Criteria Corp

Privacy Policy

For the previous version 17 January 2022 version of this Privacy Policy, click here.

Effective: DEC 05 2023


This Privacy Policy has been updated to reflect new changes in privacy rights for individuals residing in certain states.
Please see our Supplemental State Specific Privacy Policy and Notices for more information.

 

1. OUR APPROACH TO PRIVACY

1.1 Criteria Corp. and its affiliate entity- Criteria Australia Pty Ltd an Australian corporation (ABN 58 089 022 202) formerly known as Revelian  (collectively, “Criteria”“we”“our”, or “us”) is committed to protecting and respecting your privacy. This privacy policy sets out how we collect, store, process, transfer, share and use data that identifies or is associated with you (“personally identifiable information” or “PII”) and information regarding our use of cookies and similar technologies.

1.2 Criteria operates an employee and applicant testing platform that allows employers to instruct potential or current employees to take aptitude, personality and skills tests; and also provides related services through our product suite, accessible to mobile devices, tablets, and other connected devices (collectively, the "Criteria Service").

1.3 Before accessing or using the Criteria Service, please ensure that you have read and understood our collection, storage, use and disclosure of your personal information as described in this privacy policy.

1.4 Residents of the European Union have the additional rights set forth in the GDPR Privacy Notice.  Residents of California, Virginia, Colorado, Utah, Connecticut and Nevada may have additional rights which are set forth in the Supplemental State Specific Privacy Policy and Notices. Please see these Supplemental Privacy Notices for each of these jurisdictions following the main Privacy Policy.

 

2. PERSONAL INFORMATION WE COLLECT

2.1 Information collected in two ways. Criteria collects your information in two ways:

  • Directly (for example, when you provide information when you use or visit the Criteria Service).
  • Indirectly (for example, through technology used within the Criteria Service).

2.2 The personal information you provide. We collect personal information that you voluntarily submit directly to us when you use the Criteria Service. This can include information you provide to us when you register for an account and user profile, fill in a form on the Criteria Service, create or edit your user profile on the Criteria Service, correspond with us by phone, e-mail or otherwise, subscribe to our mailing lists, newsletters or other forms of communications, respond to a survey, post comments in forums, enter a promotion, or use some other feature of the Criteria Service.

a.  Required PII. We will indicate to you if the provision of certain personal information is mandatory or optional. If you choose not to provide any personal information marked as mandatory, we may not be able to provide some features of the Criteria Service to you or respond to your other requests.

b.  Categories of PII You Provide. The list below sets out the categories of personal information we collect about you:

  • Contact information, such as your name, phone number, address, and e-mail address.
  • Employment information, such as the name of the company you work for, and information about the business unit you work for, your job title and function.
  • Correspondence and comments. When you contact us directly, e.g. by email, phone, mail or when you complete an online form, we will record your comments and opinions.
  • Video interview information, such as image, likeness, voice data, video, and other data gathered during the video interviews.

c.  Use of PII You Provide. 

CRITERIA DOES NOT USE YOUR PII FOR MARKETING PURPOSES AND DOES NOT SELL OR SHARE YOUR PII WITH ANY THIRD PARTIES FOR MARKETING PURPOSES.

We may use this information to:

  • operate, maintain and provide to you the features and functionality of the Criteria Service;
  • communicate with you, including sending statements and invoices, communications, news, and alerts;
  • deal with enquiries and complaints made by you relating to the Criteria Service;
  • address your questions, issues and concerns and improve the Criteria Service
  • respond to law enforcement requests and as required by applicable law, court order or governmental regulations; and
  • monitor and improve the Criteria Service.

d. Required Processing of PII You Provide.  The processing of the above personal information is necessary for:

  • the performance of a contract and to take steps prior to entering into a contract; and
  • our legitimate interests, namely administering and improving the Criteria Service, for communicating with users.

2.3  Personal information we collect automatically.  We also automatically collect the following personal information indirectly about how you access and use the Criteria Service and information about the device you use to access the Criteria Service:

a.  Categories of PII Collected Automatically

  • Information about how you access and use the Criteria Service.
    This includes information such as the website from which you came and the website to which you are going when you leave our website, how frequently you access the Criteria Service, the time you access the Criteria Service and how long you use it for, the approximate location that you access the Criteria Service from, whether you access the Criteria Service from multiple devices, and other actions you take on the Criteria Service.
  • Information about your device. We also collect information about the computer, tablet, smartphone or other electronic device you use to connect to the Criteria Service. This information can include details about the type of device, unique device identifying numbers, operating systems, browsers and applications connected to the Criteria Service through the device, your Internet service provider or mobile network, your IP address and your device's telephone number (if it has one).

b.   Use of PII Collected Automatically.  We may use the information we collect automatically to present the Criteria Service to you on your device and to determine products and services that may be of interest to you to improve your experience. We may also use the personal information we collect from you to monitor and improve the Criteria Service and business, and to help us to develop new products and services and to respond to law enforcement requests and as required by applicable law, court order or governmental regulations.

c.   Required Processing of PII Collected Automatically.  The processing of the personal information we collect from you automatically is necessary for our legitimate interests, namely: to tailor the Criteria Service to the user and to improve the Criteria Service generally; to monitor and resolve issues; to communicate with users; to contact users; and for the detection and prevention of fraud.

2.4  Personal Information we may receive from third parties. Any personal information that we may obtain from other third-party sources will be processed by us in accordance with this privacy policy and applicable laws.

2.5  Use of Anonymized PII.  We may anonymize and aggregate any of the personal information we collect (so that it does not directly identify you). We may use anonymized information for purposes that include testing our IT systems, benchmarking and market research, product research, customer support, service improvement, data analysis, and developing new products and features. We may also share such anonymized information with others for similar reasons.

 

3.0  HOW WE SHARE YOUR PERSONAL INFORMATION

3.1  Service Providers and Subprocessors. The Criteria Service only shares your personal information with its vendors, suppliers and other service providers that perform services for us or on our behalf and not for other purposes.  For example, we may share your personal information with the following:

Amazon Web Services, Inc - as our data storage and services provider.  You can read more about how Amazon Web Services uses your personal information here: https://aws.amazon.com/compliance/data-privacy-faq/

Office 365 for email communications. You can read more about how Office/Microsoft uses your personal information here: https://privacy.microsoft.com/en-us/privacystatement

Google as we use “Google Analytics” to help us understand how our customers use this site. You can read more about how Google uses your personal information here: https://www.google.com/intl/en/policies/privacy/.   

In addition, we may share personal information you provide with third party vendors and other service providers that assist us by providing mailing, email or chat services, tax and accounting services, payments processing, data enhancement services, fraud prevention, web hosting, or providing analytic services.  These third parties are listed on the Criteria subprocessor list which can be found on our Data Processing Addendum located at Data Processing Addendum | Criteria Corp

3.2  Employers.  We share personal information of job applicants that use the Criteria Service in connection with their job search or relationship with employer-customers of Criteria. Such personal information will be handled and processed in accordance with the terms of a separate privacy policy (“Applicant Privacy Policy”) located at

https://www.ondemandassessment.com/home/privacy.  In addition, employer-customers of Criteria agree to comply with all their responsibilities under applicable data privacy laws and protection regulations.

We will only share the scores job applicants receive on an assessment with the potential employer for which they took the assessment.  We will not share the scores with any other prospective employer or any other third party unless the relevant parties expressly give consent to have us do so.

3.3  Criteria EntitiesWe may share personal information as needed with other companies, brands, websites or properties owned or controlled by Criteria, including but not limited to the Criteria Australia Pty Ltd. and any other our subsidiaries (i.e., any organization we own or control) or our ultimate holding company (i.e., any organization that owns or controls us) and any subsidiaries it owns.  These companies will use your personal information in the same way as we can under this policy.  

3.4  Publicly Available Information.  We may share content that you post on this website or on the Criteria Service that is intended to make that content publicly available and searchable by individuals. For example, we may share job posting or similar information contained within that job posting with third parties, subject to our agreement with any such third parties-including employer-customers. We also reserve the right to share information aggregated from public sources.

3.5  Third-Party Sites You Link to from Criteria’s Website If you use certain third-party sites or services that you link to from our website, then all information you provide via the link is provided to that third party, and is subject to the third-party’s privacy policy and terms of service.  WE ARE NOT RESPONSIBLE FOR THE INFORMATION COLLECTION, USE, DISCLOSURE OR OTHER PRIVACY PRACTICES OF ANY THIRD PARTY.

3.6  Purchasers and Third Parties.  Personal information may be disclosed to third parties in connection with a transaction, such as a merger, sale of assets or shares, reorganization, financing, change of control or acquisition of all or a portion of our business.

3.7  Law enforcement, regulators and other parties for legal reasons. We may disclose personal information to third parties as required by law or if we reasonably believe that such action is necessary to (a) comply with the law and the reasonable requests of law enforcement; (b) detect and investigate illegal activities and breaches of agreements; and/or (c) exercise or protect the rights, property, or personal safety of Criteria, its users or others.

3.8  Legitimate Interests. Personal information may be disclosed when it is reasonably necessary to achieve our legitimate business interests.

3.9  Consent. We may share personal information if you have given us specific consent to use your personal information for a specific purpose.

 

4. TRACKING TECHNOLOGIES

4.1   We may use various methods and technologies to store or collect Personal Information (“Tracking Technologies”). Tracking Technologies may set, change, alter or modify settings or configurations on your Device. A few of the Tracking Technologies used on the Site), include, but are not limited to, the following (as well as future-developed tracking technology or methods that are not listed here):

Cookies.  Cookies are essential for personalizing your website experience by storing information like your user ID and preferences. They are small data files that we transfer to your computer's hard disk for record-keeping purposes.  We must and will seek your consent for all but strictly necessary cookies and those used solely for transmitting communications over electronic networks.   For more details about the cookies we use and your choices regarding them, please refer to our separate Cookie Policy.

Bots.  We may use bots such as ChatBots to facilitate your engagement with our Service.  These bots may have their own cookies, but you will always have the option to make choices regarding the use of cookies on our Service, unless they fall within the consent exemption mentioned above.

WebBeacons and Other Tracking Tools. We may also employ clear gifs (also known as web beacons) which are used to anonymously track the online usage patterns of our users. In addition, we may also use clear gifs in HTML-based emails sent to our users to track which emails are opened and which links are clicked by recipients. The information allows for more accurate reporting and improvement of our Criteria Service.

 4.2 Opting-Out.  If you only want to limit third party advertising cookies and similar technologies, you can opt out of receiving certain targeted advertising by visiting the following links (please bear in mind that there are many more companies listed on these sites than those that drop cookies via our website):

4.3  Do Not Track.  Please note that at this time, we do not respond to the browser “Do Not Track” (DNT) signal if enabled in your web browser.  Third parties accessed through our website or the Criteria Service may have their own third-party cookies, and they may or may not respond to the DNT signal.

 

5. STORING AND TRANSFERRING YOUR PERSONAL INFORMATION

5.1 Security. We implement appropriate technical and organizational measures to protect your personal information against accidental or unlawful destruction, loss, change or damage. All personal information we collect will be stored on our secure servers. All transfers of personal information are protected by TLS encryption technology. We will never send you unsolicited emails or contact you by phone requesting your account ID, password, credit or debit card information or national identification numbers.

5.2 Retention Periods. We retain information from or about you for so long as necessary to fulfill the purposes outlined in this Privacy Policy. When the information is no longer necessary for these purposes, we delete it or keep it in a form that does not identify you, unless we are required by law to keep this information for a longer period. When determining the retention period, we take into account various criteria, such as the type of products and services requested by or provided to you, the nature and length of our relationship with you, possible re-enrolment with our products or services, the impact on the services we provide to you if we delete some information from or about you, mandatory retention periods provided by law and the statute of limitations. Further details are set forth in our Terms of Service.

5.3 International Transfers of your Personal Information. Many of the features of the Criteria Service are provided and hosted in the United States and/or Australia. If you are located outside of the United States (including the EU, UK or EEA), this may mean that your personal information will be stored and processed in a jurisdiction that offers a level of protection that may, in certain instances, be less protective of your personal information than the jurisdiction you are typically resident in.  By visiting or using the Criteria Service, you consent to storage of your data on servers located in the United States and/or Australia. If you are using the Services from outside the United States, you consent to the transfer, storage, and processing of your data in and to the United States or other countries. Your data is also processed outside of the UK, Switzerland, and the EEA by Criteria affiliated companies, or our service providers, including to process transactions, facilitate payments, and provide support services as described in Section 3. We have entered into data processing agreements with our service providers that restrict and regulate their processing of your data on our behalf. By submitting your data or using the Criteria Services, you consent to this transfer, storage, and processing by Criteria and its processors.

5.4 Our Commitment.  We will take reasonable steps to ensure that your personal information is treated securely and in accordance with applicable law and this privacy policy.  If you are a resident of the EEA, the UK or Switzerland, we will protect your personal information when it is transferred outside of the EEA, the UK or Switzerland by either processing it in a territory which the European Commission has determined provides an adequate level of protection for personal information; or by relying on the Standard Contractual Clauses approved by the European Commission.

 

6.0  YOUR CHOICES RELATING TO YOUR PERSONAL INFORMATION

You can choose to access and delete your personal information. However, you might not be able to use the Criteria Service or take advantage of many of our features. If you would like to access or delete your personal information, please follow the specific instructions listed below for residents of certain jurisdictions or contact us as indicated at the end of this privacy policy, and we will consider your request in accordance with applicable laws. We reserve the right to keep any data as necessary to preserve and protect our rights to the extent permitted by law (for example, to preserve our business records or preserve records of a dispute) or to comply with obligations under local law. A closed account does not necessarily mean that all of the data is expunged from our systems.

 

7. LINKS TO THIRD PARTY SITES

Our Criteria Service may, from time to time, contain links to and from third party websites, including those of other users, our partner networks, advertisers, partner merchants, news publications, retailers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for their policies. Please check the individual policies before you submit any information to those websites.

 

8. OUR POLICY TOWARDS CHILDREN

Our Criteria Service is not directed at persons under 16 and we do not knowingly collect personal information from children under 16. If you become aware that your child has provided us with personal information, without your consent, then please contact us using the details below so that we can take steps to remove such information and terminate any account your child has created with us.

 

9. CHANGES TO THIS POLICY

We may update this privacy policy from time to time and so you should review this page periodically. When we change this privacy policy in a material way, we will update the "Effective" date at the beginning of this privacy policy. Changes to this privacy policy are effective when they are posted on this page.

 

10. NOTICE TO YOU

If we need to provide you with information about something, whether for legal, marketing or other business-related purposes, we will select what we believe is the best way to get in contact with you. We will usually do this through email or by placing a notice on our Criteria Service.

 

11. JURISDICTION AND ENFORCEMENT

11.1   While we hope that you will work with us to resolve any complaints that you may have, you also have the right to lodge a complaint to your local data protection authority.  For EU residents, further information about how to contact your local data protection authority is available at http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm.

11.2  Residents of Australia.  If you are a resident of Australia and you have a complaint, you may refer it to the office of the Australian Information Commissioner (“OAIC”). You can contact OAIC by visiting www.oaic.gov.au; forwarding an email to enquiries@oaic.gov.au; telephoning 1300 363 992; or writing to OAIC at GPO Box 5218, Sydney NSW 2001.

 

12. CONTACTING US

For any questions, comments and requests regarding your personal information, please contact us at:

For any country/region (except Australia and Asia Pacific Region):

Criteria Corp
750 N San Vicente Blvd. Suite 1500
West Hollywood, California USA 90069
Email: privacy@criteriacorp.com 

 

For Australia and Asia Pacific Region:

Criteria Australia Pty Ltd Level 18, 333 Ann Street Brisbane, QLD 4000, with a copy to:
Criteria Corp, 750 North San Vicente Blvd. Suite 1500 East Tower, West Hollywood, CA 90069.
Email: Privacy@criteriacorp.com

 

GDPR Privacy Notice

Residents of the European Union.  If you are resident in the European Union, in accordance with European Union privacy law, you have the following rights in respect of your personal information that we hold under the General Data Protection Regulation (GDPR):

a. Right of access. You have the right to obtain:

(i) confirmation of whether, and where, we are processing your personal information;

(ii) information about the categories of personal information we are processing, the purposes for which we process your personal information and information as to how we determine applicable retention periods;

(iii) information about the categories of recipients with whom we may share your personal information; and

(iv) a copy of the personal information we hold about you.

b. Right of portability. You have the right, in certain circumstances, to receive a copy of the personal information you have provided to us in a structured, commonly used, machine-readable format that supports re-use, or to request the transfer of your personal data to another person.

c. Right to rectification. You have the right to obtain rectification of any inaccurate or incomplete personal information we hold about you without undue delay.

d. Right to erasure. You have the right, in some circumstances, to require us to erase your personal information without undue delay if the continued processing of that personal information is not justified.

e. Right to restriction. You have the right, in some circumstances, to require us to limit the purposes for which we process your personal information if the continued processing of the personal information in this way is not justified, such as where the accuracy of the personal information is contested by you.

f. Right to object. You have a right to object to any processing based on our legitimate interests where there are grounds relating to your particular situation. There may be compelling reasons for continuing to process your personal information, and we will assess and inform you if that is the case.

  • g.   Exercising Your Rights.  We value your privacy and your rights as a data subject and have therefore appointed Prighter Group with its local partners as our privacy representative and your point of contact. Prighter gives you an easy way to exercise your privacy-related rights (e.g. requests to access or erase personal data). If you want to contact us via our representative, Prighter or make use of your data subject rights, please visit the following website.  https://prighter.com/q/14974834

 

We will, to the extent we are acting in our capacity as a data controller, honor your requests according to applicable law. In most cases we will not be acting as a data controller, but rather a data processor for the employer-customer, and as such we will also notify the employer-customer(s) associated with your personal information, who may have the obligations to fulfil your requests with respect to their control of your personal information.

h.   Data Processing Addendum.  If you are an employer that has contracted with us to use the Criteria Service with residents of the European Union, U.K. or Switzerland, Criteria will commit to process  the data of such residents consistent with the Standard Contractual Clauses for data transfers between EU and non-EU countries; and the UK Addendum https://ico.org.uk/media/for-organisations/documents/4019539/international-data-transfer-addendum.pdf  provided that you execute Criteria’s Data Processing Addendum (“DPA”) prior to using the Criteria Service. 

 

Supplemental State Specific Privacy Policy and Notices

This Supplemental State Specific Privacy Policy and Notices (“Supplemental State Specific Policy”) applies only to information collected about individuals residing in California, Colorado, Virginia, Utah, Nevada or Connecticut (“Consumer(s),” “you,” “your”) and supplements the information contained in the Privacy Policy.  It provides information required under the California Consumer Privacy Act of 2018 and as amended by the California Privacy Rights Act of 2020 (collectively, the “CCPA”), the Colorado Privacy Act of 2021 (the “CPA”), the Virginia Consumer Data Protection Act of 2021 (the “VCDPA”), the Utah Consumer Privacy Act of 2022 (the “UCPA) the Connecticut Data Privacy Act of 2022 (“CDPA”) and the Nevada Privacy Act (the “NPA”)  (all of which are collectively referred to as the “State Privacy Laws”) and any and all regulations arising therefrom.

This Supplemental Policy describes Criteria’s practices regarding the collection, use, and disclosure of Personal Information and provides instructions for submitting data subject requests. Some portions of this Supplemental Policy apply only to consumers of states covered by the State Privacy Laws, and where indicated, some are even more state-specific.

Definitions Used in this Policy

“Consumer” means a natural person who resides in California, Colorado, Virginia, Utah, Nevada and Connecticut and to whom we offer the Services. For purposes of this Supplemental Policy, this term includes natural persons who reside in California and engage with us as part of business-to-business transactions.

“Personal Information “or ”Personal Data” means information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular Consumer or household. Personal Information includes “personal data” as that term is defined in the CPA, VCDPA, UCPA, NPA and CDPA. Personal Information also includes “Sensitive Personal Information,” as defined below.

“Sensitive Personal Information” means Personal Information that reveals a Consumer’s: 1) Social security, driver’s license, state identification card, or passport number; 2) Account log-in, financial account number, debit card number, or credit card number in combination with any required security or access code, password, or credentials allowing access to the individual’s account; 3) Precise geolocation; 4) Racial or ethnic origin; 5) Religious beliefs; 5) Union membership; 6) Contents of email or text messages, unless we are the intended recipient; 7) Genetic data; 8) Biometric information used to uniquely identify the Consumer, and 9) Health, sex life, or sexual orientation. Sensitive Personal Information also includes “sensitive data” as that term is defined in the CCPA, CPA, VCDPA, UCPA, and CDPA.

“Third Party” means a person or organization which is not a Consumer, Vendor, or an entity owned or controlled by us and as defined by the CCPA, CPA, VCDPA, UCPA, ICDPA and CDPA.

“Vendor” means a “service provider,” “contractor,” or “processor” which collects, stores, or otherwise handles data for us, as those terms are defined in the CCPA, CPA, VCDPA, UCPA, NPA and CDPA.

Other terms used in this Supplemental Policy may be defined under the CCPA, CPA, VCDPA, UCPA, NPA or CDPA, and they shall have the meanings described in those statutes. If there are variations between such definitions in different laws, the definition that applies in your state will apply.  For example, if you are a California consumer, terms defined in the CCPA shall apply to you if they are used in this Supplemental Policy.

The Personal Information We Collect and Disclose

The chart below shows the categories of Personal Information we may collect; examples of Personal Information in each category; types of sources from which each category of Personal Information is collected; the business purposes for which each category of Personal Information is collected; and the types of Vendors or Third parties with whom that category of Personal Information is shared. As this chart shows, we may share or sell Personal Information to Third Parties or disclose certain Personal Information to Vendors for business purposes.

Type of Information

Sources of Information

How We Use Information

How We Share Information

Identifiers (such as a name, address, unique personal identifier, email, phone number)

Section 2.1(b), Section 2.2(a), Section 2.3, Section 2.4, as well as, the following sections of the Applicant Privacy Policy: Sections 2.3, 3.1, 3.4, 3.7, and 5.3.

Section 2.1, Section 2.2, Section 2.3, Section 2.4, Section 5.2, Section 5.4, as well as, the following sections of the Applicant Privacy Policy: Sections 2.4, 2.5, 2.6, 2.7, 3.5, 3.6, 3.7, 3.8, 5.3 and 5.5.

Section 3, Section 5.2, Section 5.5, as well as, the following sections of the Applicant Privacy Policy: Sections 3.8, 5.3 and 5.5.

Customer records such account and password Information

Section 2.1(b), Section 2.2(a), Section 2.3, Section 2.4, as well as, the following sections of the Applicant Privacy Policy: Sections 2.3, 3.1, 3.4, 3.7, and 5.3.

Section 2.1, Section 2.2, Section 2.3, Section 2.4, Section 5.2, Section 5.4, as well as, the following sections of the Applicant Privacy Policy: Sections 2.4, 2.5, 2.6, 2.7, 3.5, 3.6, 3.7, 3.8, 5.3 and 5.5.

Section 3, Section 5.2, Section 5.5, as well as, the following sections of the Applicant Privacy Policy: Sections 3.8, 5.3 and 5.5.

Commercial information such as records of products or services purchased, obtained, or considered

Section 2.1(b), Section 2.2(a), Section 2.3, Section 2.4, as well as, the following sections of the Applicant Privacy Policy: Sections 2.3, 3.1, 3.4, 3.7, and 5.3.

Section 2.1, Section 2.2, Section 2.3, Section 2.4, Section 5.2, Section 5.4, as well as, the following sections of the Applicant Privacy Policy: Sections 2.4, 2.5, 2.6, 2.7, 3.5, 3.6, 3.7, 3.8, 5.3 and 5.5.

Section 3, Section 5.2, Section 5.5, as well as, the following sections of the Applicant Privacy Policy: Sections 3.8, 5.3 and 5.5.

Internet/electronic activity

Section 2.1(b), Section 2.2(a), Section 2.3, Section 2.4, as well as, the following sections of the Applicant Privacy Policy: Sections 2.3, 3.1, 3.4, 3.7, and 5.3.

Section 2.1, Section 2.2, Section 2.3, Section 2.4, Section 5.2, Section 5.4, as well as, the following sections of the Applicant Privacy Policy: Sections 2.4, 2.5, 2.6, 2.7, 3.5, 3.6, 3.7, 3.8, 5.3 and 5.5.

Section 3, Section 5.2, Section 5.5, as well as, the following sections of the Applicant Privacy Policy: Sections 3.8, 5.3 and 5.5.

Geolocation

Section 2.1(b), Section 2.2(a), Section 2.3, Section 2.4, as well as, the following sections of the Applicant Privacy Policy: Sections 2.3, 3.1, 3.4, 3.7, and 5.3.

Section 2.1, Section 2.2, Section 2.3, Section 2.4, Section 5.2, Section 5.4, as well as, the following sections of the Applicant Privacy Policy: Sections 2.4, 2.5, 2.6, 2.7, 3.5, 3.6, 3.7, 3.8, 5.3 and 5.5.

Section 3, Section 5.2, Section 5.5, as well as, the following sections of the Applicant Privacy Policy: Sections 3.8, 5.3 and 5.5.

Demographic Information

Section 2.1(b), Section 2.2(a), Section 2.3, Section 2.4, as well as, the following sections of the Applicant Privacy Policy: Sections 2.3, 3.1, 3.4, 3.7, and 5.3.

Section 2.1, Section 2.2, Section 2.3, Section 2.4, Section 5.2, Section 5.4, as well as, the following sections of the Applicant Privacy Policy: Sections 2.4, 2.5, 2.6, 2.7, 3.5, 3.6, 3.7, 3.8, 5.3 and 5.5.

Section 3, Section 5.2, Section 5.5, as well as, the following sections of the Applicant Privacy Policy: Sections 3.8, 5.3 and 5.5.

Sensory data, such as audio, electronic, visual, or other similar information

Section 2.1(b), Section 2.2(a), Section 2.3, Section 2.4, as well as, the following sections of the Applicant Privacy Policy: Sections 2.3, 3.1, 3.4, 3.7, and 5.3.

Section 2.1, Section 2.2, Section 2.3, Section 2.4, Section 5.2, Section 5.4, as well as, the following sections of the Applicant Privacy Policy: Sections 2.4, 2.5, 2.6, 2.7, 3.5, 3.6, 3.7, 3.8, 5.3 and 5.5.

Section 3, Section 5.2, Section 5.5, as well as, the following sections of the Applicant Privacy Policy: Sections 3.8, 5.3 and 5.5.

Inferences about preferences, characteristics

Section 2.1(b), Section 2.2(a), Section 2.3, Section 2.4, as well as, the following sections of the Applicant Privacy Policy: Sections 2.3, 3.1, 3.4, 3.7, and 5.3.

Section 2.1, Section 2.2, Section 2.3, Section 2.4, Section 5.2, Section 5.4, as well as, the following sections of the Applicant Privacy Policy: Sections 2.4, 2.5, 2.6, 2.7, 3.5, 3.6, 3.7, 3.8, 5.3 and 5.5.

Section 3, Section 5.2, Section 5.5, as well as, the following sections of the Applicant Privacy Policy: Sections 3.8, 5.3 and 5.5.

Sensitive Information such as social security number, driver’s license number, Account log-in, debit, or credit card number in combination with password or PIN, precise geolocation, racial/ethnic origins, religious or philosophical beliefs, union membership, contents of e-mails or texts to others, genetic/biometric data, health information, sex life/sexual orientation data

Section 2.1(b), Section 2.2(a), Section 2.3, Section 2.4, as well as, the following sections of the Applicant Privacy Policy: Sections 2.3, 3.1, 3.4, 3.7, and 5.3.

Section 2.1, Section 2.2, Section 2.3, Section 2.4, Section 5.2, Section 5.4, as well as, the following sections of the Applicant Privacy Policy: Sections 2.4, 2.5, 2.6, 2.7, 3.5, 3.6, 3.7, 3.8, 5.3 and 5.5.

Section 3, Section 5.2, Section 5.5, as well as, the following sections of the Applicant Privacy Policy: Sections 3.8, 5.3 and 5.5.

 

Your Rights to Your Personal Information

As required by the State Privacy Laws, we provide detailed information below regarding the data subject rights available to California, Colorado, Utah, Nevada, Connecticut and Virginia consumers.   Generally, the rights which you have can be categorized as follows: 

•           Confirm whether we process their personal information.

•           Access and delete certain personal information.

•           Data portability.

•           Opt-out of personal data processing for targeted advertising and sales

•           Correct inaccuracies in their personal information, taking into account the information’s nature processing purpose.

•           Opt-out of profiling in furtherance of decisions that produce legal or similarly significant effects

Processing of Sensitive Information:  We must obtain your express consent prior to collecting and processing certain categories of sensitive personal data such as precise geolocation data, data about protected characteristics and genetic or biometric data. 

Non-Discrimination: Criteria will not discriminate against customers who exercise their rights under the State Privacy Laws.

Personal Information of Minors

Our Services are not intended for children or minors under the age of 16. Accordingly, we do not knowingly store information from minors under the age of  16 except as required pursuant to applicable law.

Financial Incentives for Consumers

We do not have any programs which provide financial incentives for consumers.

 

PRIVACY NOTICE FOR CALIFORNIA RESIDENTS

If you are a California resident, you have the following rights:

Right to Know.  You have the right to ask us for a copy of your personal information collected over the past 12 months and for information about how we collect, use, disclose, and sell it.  We do not share personal information with third parties for their own direct marketing purposes. . 

Right to Deletion. You have the right to request for us to delete any of your personal information. If you delete your personal information, you will permanently lose access to your personal information and/or Criteria customer account.  We may deny your deletion request when permitted by applicable law or for business purposes including, without limitation, when personal information is needed to comply with our legal obligations, meet regulatory requirements, support our business operations, resolve disputes, maintain security, prevent fraud and abuse, enforce our Terms and Conditions of Use, fulfill your request to “unsubscribe” from further messages from us, or confirm that we have deleted your personal information. We retain anonymized information after your account has been closed.  We cannot disclose or delete specific pieces of personal information if the disclosure would create a substantial, articulable, and unreasonable risk to the security of personal information, your account with us or the security of our systems.

Right to Correction. You have the right to update or modify certain of your personal information.  If you have a customer account, you may update or modify your personal information by accessing your account and making the changes in your account settings.  If you do not have a customer account and are TestTaker, user of our website or Criteria Service, then you may request that your personal information be updated by emailing us at: (i) https://ondemandassessment.com/candidate-request if you use the Criteria Service for an  employer based in any country (except Australia or the Asia-Pacific region); or(ii) Privacy@criteriacorp.com if you use the Criteria Service for an employer based in Australia or the Asia-Pacific region.

Request Information:  You have the right to request certain information regarding the Personal Information we have collected about you. You may make such a request up to twice in a 12- month span. Please note that there are circumstances in which we may not be able to comply with your request, including when we cannot verify your request or when there is a conflict with our own obligations to comply with other legal or regulatory requirements. We will notify you following submission of your request, if this is the case.

Right to Limit the Use of Your Sensitive Personal Information. You have the right to instruct us to limit the use and disclosure of your Sensitive Personal Information to only that which is necessary to perform the services or provide the goods reasonably expected by an average Consumer or for specific business purposes defined by applicable law. However, we do not use Sensitive Personal Information for purposes beyond those authorized by the CCPA.

Right to Non-discrimination. You have a right to exercise the above rights and we will not discriminate against you for exercising these rights. Please note that a legitimate denial of a request to access, delete, or opt-out is not discriminatory, nor is charging a fee for excessive or repetitive requests, as permitted by the CCPA.

Right to Appeal. You have the right to appeal our decisions about your data subject requests.

If any of the rights described in the sections above apply to you, you may make a request by contacting us as specified below in Instructions to Exercise your Rights.

Additional California Privacy Rights

Shine the Light Request. California Civil Code Section § 1798.83 permits users of our website who are California residents to request certain information regarding our disclosure of personal information to other parties for their direct marketing purposes. To make such a request, please send an email to us as specified below with the subject “Shine the Light Request.”

 

PRIVACY NOTICE FOR NEVADA RESIDENTS

If you are a Nevada resident, you have the right to request opt-out of the sale of Personal Information that we may collect through our websites or online applications. If you are a Nevada resident and wish to make this request, contact us as set forth below.

 

PRIVACY NOTICE FOR VIRGINIA RESIDENTS

If you are a Virginia resident, you have the following rights:

Right To Confirm whether or not a controller is processing your personal data and to access such personal data;

Right To Correct inaccuracies in your personal data;

Right To Delete your personal data;

Right To Obtain a Copy of your personal data that you previously provided to us in a portable, and if technically feasible, readily usable format, if processing is carried out by automated means;

Right To Opt Out of the processing of your personal data for purposes of (i) targeted advertising, (ii) the sale of personal data, or (iii) profiling in furtherance of decisions that produce legal or similarly significant effects concerning the consumer.

Right to Non-Discrimination: Criteria will not discriminate against customers who exercise their rights. Specifically, if you exercise your rights, we will not deny you access to the site or Services, charge you different prices or rates for products or Services or provide you a different level or quality of products or Services.

Sensitive Information Opt-In: We must also obtain your express consent prior to collecting and processing certain categories of sensitive personal data such as precise geolocation data, data about protected characteristics and genetic or biometric data. We do not generally collect this type of information from consumers, except when you choose to provide specific health diagnosis to request accommodation for test taking.

If you are a resident of Virginia and wish to exercise any of your rights under the VCDPA, you or your authorized agent may make a request to confirm, access, correct, delete, obtain a copy, or opt-out of the processing of your personal data for targeting advertising, sale, or profiling by submitting a request as described below in Instructions to Exercise your Rights.

If you use an authorized agent to submit your request, we may require proof of the written authorization you have given. We also may require you to confirm your identity and your residency in order to obtain the information, and you are only entitled to make this request up to twice annually. For emails, please include “Virginia Privacy Rights” as the subject line. You must include your full name, email address, and attest to the fact that you are a Virginia resident. We will process your request within 45 days or let you know if we need additional time or cannot process your request. If we are unable to honor your request for any reason, we will notify you of the reason within the request time period.

If we decline to take action on your request, you can appeal our decision by submitting an appeal and we will review your request and respond within 60 days of the receipt of your appeal with a written explanation of the reasons for our decision. If your appeal is denied, you may contact the Virginia Attorney General to submit a complaint.

 

PRIVACY NOTICE FOR COLORADO RESIDENTS

If you are a Colorado resident, you are provided with the following notification:   

Sales and Targeted Advertising We do not sell your personal information in exchange for monetary compensation.

Profiling.  To the extent we engage in automated processing or profiling to prevent, detect, protect against or respond to fraudulent or unlawful activity, we are not required to offer the right to opt out.  We otherwise do not engage in profiling that requires an opt-out as defined under the CPA.

 

PRIVACY NOTICE FOR CONNECTICUT RESIDENTS

If you are a Connecticut resident, you have the following rights.

Right to Access: You may have the right to confirm whether or not we are processing your Personal Data and to access such Personal Data.

Right to Correction: You may have the right to correct inaccuracies in your Personal Data, taking into account the nature of the Personal Data and the purposes of the processing of your Personal Data.

Right to Deletion: You may have the right to delete the Personal Data provided to us by you.

Right to Data Portability: You may have the right to obtain a copy of the Personal Data that you previously provided to us in a portable and, to the extent technically feasible, readily usable format that allows you to transmit your Personal Data to another controller without hindrance, where the processing is carried out by automated means.

Right to Opt-Out of Sale, Targeted Advertising, and Profiling: For purposes of the CTDPA, a “sale” includes disclosing Personal Data to a third party in exchange for monetary compensation or other valuable consideration. We do not “sell” Personal Information under this definition. Connecticut residents have the right to opt out of the processing of your Personal Data by us for decisions that produce legal or similarly significant effects concerning you. We do not process Personal Data for such profiling.

Right to Appeal: If we decline to take action regarding your request, you have the right to appeal. We will notify you providing our reasons and instructions for how you can appeal the decision. If the appeal is denied, we will provide a way for you contact the Attorney General to submit a complaint.

If any of the rights described in the sections above apply to you, you may make a request by contacting us as specified below in Instructions to Exercise your Rights.

Please indicate that you are making a request pursuant to your “Colorado Privacy Rights” and provide us with the following information: (1) first and last name; (2) email address; and (3) zip code. We will take steps to verify your request by matching the information provided by you with the information we have in our records.

 

UTAH PRIVACY NOTICE

If you are a Utah resident, you have the following rights:

Right to Access: You may have the right to confirm whether or not we are processing your Personal Data and to access such Personal Data.

Right to Correction: You may have the right to correct inaccuracies in your Personal Data, taking into account the nature of the Personal Data and the purposes of the processing of your Personal Data.

Right to Deletion: You may have the right to delete the Personal Data provided to us by you.

Right to Data Portability: You may have the right to obtain a copy of the Personal Data that you previously provided to us in a portable and, to the extent technically feasible, readily usable format that allows you to transmit your Personal Data to another controller without hindrance, where the processing is carried out by automated means. Right to Opt-Out of Sale, Targeted Advertising, and Profiling: For purposes of UCPA, a “sale” includes disclosing Personal Data to a third party in exchange for monetary compensation. We do not “sell” Personal Information under this definition. Utah residents have the right to opt out of the processing of your Personal Data by us for decisions that produce legal or similarly significant effects concerning you. We do not process Personal Data for such profiling.

If any of the rights described in the sections above apply to you, you may make a request by contacting us as specified below in Instructions to Exercise your Rights.

Please indicate that you are making a request pursuant to your “Utah Privacy Rights” and provide us with the following information: (1) first and last name; (2) email address; and (3) zip code. We will take steps to verify your request by matching the information provided by you with the information we have in our records.

Instructions to Exercise your Rights.

 If you would like to make any of the data requests listed above or if you wish to exercise one of these rights, please contact us at: (i) https://ondemandassessment.com/candidate-request if you use the Criteria Service for an employer based in any country (except Australia or the Asia-Pacific region); or (ii) Privacy@criteriacorp.com if you use the Criteria Service for an employer based in Australia or the Asia-Pacific region.

Before we can process any such request, we will need to verify your identity through the email address or telephone number associated with your use of our website or Criteria Service account and confirm your request prior to fulfilling any such request and reserve the right to deny a request where we are unable to satisfactorily complete this process.

If you authorize someone to make a request on your behalf, we may also deny your request if we are unable to verify that the individual making the request is authorized to act on your behalf. Once your identity and request have been verified, we will attempt to notify the employer-customer(s) associated with your personal information for additional processing of your request.

Changes to Our Supplemental Policy

Criteria reserves the right to amend this Supplemental Policy at our discretion and at any time. When we make changes to this Supplemental Policy, we will post an updated policy on our website with the revised date.

 

 

Cookie Policy 

What are Cookies. Cookies are pieces of code that allow for personalization of our website experience by saving your information such as user ID and other preferences. A cookie is a small data file that we transfer to your computer's hard disk for record-keeping purposes.

Use of Cookies.  Our website uses cookies to distinguish you from other users of our website. This helps us to provide you with a good experience when you browse our website and also allows us to improve our website.  We use the following types of cookies:

a. Strictly necessary cookies. These are cookies that are required for the operation of our website. They include, for example, cookies that enable you to log into secure areas of our website, use a shopping cart or make use of e-billing services. Consent is not required for the use of strictly necessary cookies.

b.  Analytical/performance cookies. They allow us to recognize and count the number of visitors and to see how visitors move around our website when they are using it. This helps us to improve the way our website works, for example, by ensuring that users are finding what they are looking for easily.

c. Google Analytics. We may use a tool called "Google Analytics" to collect information about use of this site. Google Analytics collects information such as how often users visit this site, what pages they visit when they do so, and what other sites they used prior to coming to this site. We use the information we get from Google Analytics only to improve this site. Google Analytics collects only the IP address assigned to you on the date you visit this site, rather than your name or other identifying information. We do not combine the information collected through the use of Google Analytics with personally identifiable information. Although Google Analytics plants a permanent cookie on your web browser to identify you as a unique user the next time you visit this site, the cookie cannot be used by anyone but Google. Google's ability to use and share information collected by Google Analytics about your visits to this site is restricted by the Google Analytics Terms of Use (as amended for government websites) and the Google Privacy Policy. You can prevent Google Analytics from recognizing you on return visits to this site by disabling cookies on your browser.

d. Functionality cookies. These are used to recognize you when you return to our website. This enables us to personalize our content for you, greet you by name and remember your preferences (for example, your choice of language or region).

e. Testing.  We create a cookie named, "cookieTest" that stores a value of True and expires after one (1) day. This cookie is set to determine whether the user's browser has cookies enabled. We also create a cookie named, "ci_session" that stores encrypted session data when a user enters an Event ID or submits her information to begin a test. The cookie does not collect any information. It simply stores some of the IDs that are assigned to the test taker including the Test Event ID and Test Taker ID. This is used to track the user's session through test completion. The cookie is cleared when the test is complete, or the browser window is closed.

Managing Cookies. The cookies we use are designed to help you get the most from our Criteria Service but if you do not wish to receive cookies, most browsers allow you to change your cookie settings. Please note that if you choose to refuse cookies or if you opt out of even strictly necessary cookies, you may not be able to use the full functionality of our Criteria Service. These settings will typically be found in the "options" or "preferences" menu of your browser. In order to understand these settings, the following links may be helpful, otherwise you should use the "Help" option in your browser for more details.

  • Cookie settings in Internet Explorer and Microsoft Edge
  • Cookie settings in Firefox
  • Cookie settings in Chrome
  • Cookie settings in Safari web and iOS.

Cookies Used