Posted/Revised: January 02, 2020
Effective: January 1, 2020
1. OUR APPROACH TO PRIVACY
1.2 Criteria operates an employee and applicant testing platform that allows employers to instruct potential or current employees to take aptitude, personality and skills tests through our website at http://www.criteriacorp.com (the "Criteria Service").
2. IDENTITY OF THE DATA CONTROLLER
2.1 Criteria Corp is the data controller for all Personal Information we hold about you; except for purposes of Personal Information of residents of the European Union for which Criteria Corp EU Ltd. is the data controller.
3. PERSONAL INFORMATION WE COLLECT
3.1 The personal information you provide.We collect personal information that you voluntarily submit directly to us when you use the Criteria Service. This can include information you provide to us when you register for an account and user profile, fill in a form on the Criteria Service, create or edit your user profile on the Criteria Service, correspond with us by phone, e-mail or otherwise, subscribe to our mailing lists, newsletters or other forms of marketing communications, respond to a survey, post comments in forums, enter a promotion, or use some other feature of the Criteria Service.
c. Use of PI You Provide. We may use this information to:
d. Required Processing of PI You Provide. The processing of the above personal information is necessary for:
3.2 Personal information we collect automatically. We also automatically collect the following personal information indirectly about how you access and use the Criteria Service and information about the device you use to access the Criteria Service:
a. Categories of PI Collected Automatically
b. Use of PI Collected Automatically. We may use the information we collect automatically to present the Criteria Service to you on your device and to determine products and services that may be of interest to you for marketing purposes. We may also use the personal information we collect from you to monitor and improve the Criteria Service and business, and to help us to develop new products and services.
Required Processing of PI Collected Automatically. The processing of the personal information we collect from you automatically is necessary for our legitimate interests, namely: to tailor the Criteria Service to the user and to improve the Criteria Service generally; to monitor and resolve issues; for marketing purposes; to communicate with users; to contact users; and for the detection and prevention of fraud.
3.4 Use of Anonymized PI. We may anonymize and aggregate any of the personal information we collect (so that it does not directly identify you). We may use anonymized information for purposes that include testing our IT systems, research, data analysis, improving the Criteria Service and developing new products and features. We may also share such anonymized information with others.
4.0 HOW WE SHARE YOUR PERSONAL INFORMATION
Both www.hireselect.com and www.ondemandassessment.com may share your Personal Information with the following:
Amazon Web Services, Inc and Wildbit, LLC, both of whom have CCPA-compliant privacy policies.
In addition, solely for purposes of responding to or processing information requests we receive on these sites, we may share Personal Information you provide with the following:
Marketo, Chili Piper, LeadIQ, Outreach, Vertify, ZoomInfo, Gong, Zoom, Nextiva, Rackspace, Linked In, Capterra, G2, Glassdoor, ChurnZero, Facebook, and Twitter.
4.2 Service providers and advisors. We share Personal Information with third party vendors and other service providers that perform services for us or on our behalf, which may include identifying and serving targeted advertisements, providing mailing, email or chat services, tax and accounting services, payments processing, data enhancement services, fraud prevention, web hosting, or providing analytic services.
4.3 Criteria Entities. We may share Personal Information as needed with other companies, brands, websites or properties owned or controlled by Criteria, including but not limited to the Criteria Service, Criteria Corp EU, Ltd., and other companies owned by or under the common ownership as Criteria, which also includes our subsidiaries (i.e., any organization we own or control) or our ultimate holding company (i.e., any organization that owns or controls us) and any subsidiaries it owns. These companies will use your personal information in the same way as we can under this policy.
4.4 Publicly Available Information. We may share content that you post on this website or on the Criteria Service that is intended to make that content publicly available and searchable by individuals. For example, we may share job posting or similar information contained within that job posting with third parties, subject to our agreement with any such third parties-including employer-customers. We also reserve the right to share information aggregated from public sources.
4.6 Purchasers and Third Parties. Personal information may be disclosed to third parties in connection with a transaction, such as a merger, sale of assets or shares, reorganisation, financing, change of control or acquisition of all or a portion of our business.
4.7 Law enforcement, regulators and other parties for legal reasons. Third parties as required by law or if we reasonably believe that such action is necessary to (a) comply with the law and the reasonable requests of law enforcement; (b) detect and investigate illegal activities and breaches of agreements; and/or (c) exercise or protect the rights, property, or personal safety of Criteria, its users or others.
5. COOKIES AND SIMILAR TECHNOLOGIES
5.1 What are Cookies. Cookies are pieces of code that allow for personalisation of our website experience by saving your information such as user ID and other preferences. A cookie is a small data file that we transfer to your computer's hard disk for record-keeping purposes.
d. Functionality cookies. These are used to recognize you when you return to our website. This enables us to personalise our content for you, greet you by name and remember your preferences (for example, your choice of language or region).
e. Testing. We create a cookie named, "cookieTest" that stores a value of True and expires after one (1) day. This cookie is set to determine whether the user's browser has cookies enabled.We also create a cookie named, "ci_session" that stores encrypted session data when a user enters an Event ID or submits her information to begin a test. The cookie does not collect any information. It simply stores some of the IDs that are assigned to the test taker including the Test Event ID and Test Taker ID. This is used to track the user's session through test completion. The cookie is cleared when the test is complete, or the browser window is closed.
5.4 Use of WebBeacons and Other Tracking Tools.We may also employ clear gifs (also known as web beacons) which are used to anonymously track the online usage patterns of our users. In addition, we may also use clear gifs in HTML-based emails sent to our users to track which emails are opened and which links are clicked by recipients. The information allows for more accurate reporting and improvement of our Criteria Service.
5.5 Information on Cookies and Related Technologies. To learn more about cookies, clear gifs/web beacons and related technologies and how you may opt-out of some of this tracking, you may wish to visit http://www.allaboutcookies.org.
5.6 Opting-Out. If you only want to limit third party advertising cookies and similar technologies, you can opt out of receiving certain targeted advertising by visiting the following links (please bear in mind that there are many more companies listed on these sites than those that drop cookies via our website):
5.7 Do Not Track. Please note that at this time, we do not respond to the browser “Do Not Track” (DNT) signal if enabled in your web browser. Third parties accessed through our website or the Criteria Service may have their own third-party cookies, and they may or may not respond to the DNT signal.
6. STORING AND TRANSFERRING YOUR PERSONAL INFORMATION
6.1 Security. We implement appropriate technical and organisational measures to protect your personal information against accidental or unlawful destruction, loss, change or damage. All personal information we collect will be stored on our secure servers. All transfers of personal information are protected by TLS encryption technology. We will never send you unsolicited emails or contact you by phone requesting your account ID, password, credit or debit card information or national identification numbers.
6.2 Retention Periods. We will store the personal information we collect for no longer than necessary for the purposes set out and in accordance with our legal obligations and legitimate business interests.
6.3 International Transfers of your Personal Information. As we are located in the USA, any information we collect from you will initially be collected and stored in the USA. If you are in the EU or EEA, this may mean that your personal information will be stored in a jurisdiction that offers a level of protection that may, in certain instances, be less protective of your personal information than the jurisdiction you are typically resident in.
6.5 Privacy Shield. We comply with the EU-U.S. Privacy Shield framework and Swiss-U.S. Privacy Shield framework as set forth by the U.S. Department of Commerce regarding the collection, use and retention of personal information received from European Union countries and Switzerland (the "Privacy Shield"). We have certified that we adhere to the Privacy Principles of notice, choice, accountability for onward transfer, security, data integrity, purpose limitation, access, and recourse, enforcement and liability ("Principles"). If there is any conflict between the policies in this policy and the Principles, the Principles shall govern. To learn more about Privacy Shield, please visit the U.S. Department of Commerce Privacy Shield website: https://www.privacyshield.gov/. For more information regarding our Privacy Shield certification, please see: https://www.privacyshield.gov/list.
7.0 YOUR CHOICES RELATING TO YOUR PERSONAL INFORMATION
8. YOUR RIGHTS IN RESPECT OF YOUR PERSONAL INFORMATION
8.1 Residents of the European Union. If you are resident in the European Union, in accordance with European Union privacy law, you have the following rights in respect of your personal information that we hold:
a. Right of access. You have the right to obtain:
(i) confirmation of whether, and where, we are processing your personal information;
(ii) information about the categories of personal information we are processing, the purposes for which we process your personal information and information as to how we determine applicable retention periods;
(iii) information about the categories of recipients with whom we may share your personal information; and
(iv) a copy of the personal information we hold about you.
b. Right of portability. You have the right, in certain circumstances, to receive a copy of the personal information you have provided to us in a structured, commonly used, machine-readable format that supports re-use, or to request the transfer of your personal data to another person.
c. Right to rectification. You have the right to obtain rectification of any inaccurate or incomplete personal information we hold about you without undue delay.
d. Right to erasure. You have the right, in some circumstances, to require us to erase your personal information without undue delay if the continued processing of that personal information is not justified.
e. Right to restriction. You have the right, in some circumstances, to require us to limit the purposes for which we process your personal information if the continued processing of the personal information in this way is not justified, such as where the accuracy of the personal information is contested by you.
f. Right to object. You have a right to object to any processing based on our legitimate interests where there are grounds relating to your particular situation. There may be compelling reasons for continuing to process your personal information, and we will assess and inform you if that is the case. You can object to marketing activities for any reason.
g. Exercising Your Rights. If you wish to exercise one of these rights, please contact us at Criteria Corp Eu Ltd, 9th Floor 107 Cheapside London, United Kingdom EC2V 6DN (44 20 7862 4844).
h. Data Processing Addendum. Our Data Processing Addendum is located at:
https://www.criteriacorp.com/dpa.htm and our CCPA Data Processing Addendum is located
8.2 California Residents. If you are a resident of the State of California, you may exercise the rights described below. By choosing to exercise your rights as described below, you are declaring that you are a California resident as defined in the California Consumer Privacy Act of 2018, Civil Code Section 1798.100 (“CCPA”).
b. Right to Deletion. You have the right to request for us to delete any of your Personal Information. If you delete your Personal Information, you will permanently lose access to your Personal Information and/or Criteria customer account. We may deny your deletion request when permitted by applicable law or for business purposes including, without limitation, when Personal Information is needed to comply with our legal obligations, meet regulatory requirements, support our business operations, resolve disputes, maintain security, prevent fraud and abuse, enforce our Terms and Conditions of Use, fulfill your request to “unsubscribe” from further messages from us, or confirm that we have deleted your Personal Information. We retain anonymized information after your account has been closed. We cannot disclose or delete specific pieces of Personal Information if the disclosure would create a substantial, articulable, and unreasonable risk to the security of personal information, your account with us or the security of our systems.
c. Right to Correction. You have the right to update or modify certain of your personal information. If you have a customer account, you may update or modify your Personal Information by accessing your account and making the changes in your account settings. If you do not have a customer account and are TestTaker, user of our website or Criteria Service, then you may request that your Personal Information be updated by emailing us at: email@example.com
e. Right to Non-Discrimination. Criteria will not discriminate against customers or users who exercise their rights under the CCPA.
g. CCPA DPA Addendum. The CCPA Data Processing Addendum is located at:
9. JURISDICTION AND ENFORCEMENT
9.1 As part of our participation in the Privacy Shield, we are subject to the investigatory and enforcement powers of the US Federal Trade Commission (FTC).
9.2 You also have the right to lodge a complaint to your local data protection authority. Further information about how to contact your local data protection authority is available at http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm.
9.4 We have further committed to refer unresolved privacy complaints under the Privacy Shield Principles to an independent dispute resolution mechanism, the JAMS Privacy Shield Program. Under certain conditions specified by the Principles, you may also be able to invoke binding arbitration to resolve your complaint. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit https://www.jamsadr.com/eu-us-privacy-shield for more information and to file a complaint.
10. LINKS TO THIRD PARTY SITES
Our Criteria Service may, from time to time, contain links to and from third party websites, including those of other users, our partner networks, advertisers, partner merchants, news publications, retailers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for their policies. Please check the individual policies before you submit any information to those websites.
11. OUR POLICY TOWARDS CHILDREN
Our Criteria Service is not directed at persons under 16 and we do not knowingly collect personal information from children under 16. If you become aware that your child has provided us with personal information, without your consent, then please contact us using the details below so that we can take steps to remove such information and terminate any account your child has created with us.
12. CHANGES TO THIS POLICY
13. NOTICE TO YOU
If we need to provide you with information about something, whether for legal, marketing or other business-related purposes, we will select what we believe is the best way to get in contact with you. We will usually do this through email or by placing a notice on our Criteria Service.
14. CONTACTING US
750 N San Vicente Blvd. Suite 1500
West Hollywood, California USA 90069
Criteria Corp EU, Ltd
9th Floor 107 Cheapside London
United Kingdom Ec2v 6dn
0 80 0014 8268If you are based in the UK, you may contact us by calling 0 80 0014 8268. Regardless of your location, please contact firstname.lastname@example.org if you have any questions, comments and requests regarding your personal information.