Yello Privacy Policy
Effective Date: April 17, 2017
RECSOLU, Inc., DBA Yello (“we” or “us” or “our”) is committed to protecting the privacy of visitors and users of the yello.co site (the “Site”) and our mobile recruiting applications (the “Mobile Apps”). We want our Customers and their Authorized Users (the or our “Customer(s)”) and their Data Sources (“Data Source(s)”) to have a positive experience while using the Site or Mobile Apps. We respect and protect our Customers’ and Data Sources’ rights to privacy as set forth in this Privacy Policy. This Privacy Policy applies to the Site and the Mobile Apps. This Privacy Policy does not apply to other websites to which we may link (including third-party sites or other sites which may be operated by us).
We comply with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union and Switzerland to the United States, respectively. We have certified to the Department of Commerce that we adhere to the Privacy Shield Principles with respect to data received from the European Union or Switzerland in reliance on Privacy Shield with respect to notice, choice, accountability for onward transfer, security, data integrity and purpose limitation, access, and recourse, enforcement and liability (“Privacy Shield Principles”). If there is any conflict between the terms in this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov/.
We are open to entering into the Commission Decision C(2010)593 Standard Contractual Clauses (processors) with any of our Customers that are authorized to use the Site or the Mobile Apps in the EEA. Please contact us via email at contracts@yello.co to request entrance into the Standard Contractual Clauses or for more information regarding this topic.
To provide some background to our Customers and their Data Sources, we are a data processor that processes personally identifiable information on behalf of and in accordance with the instructions of the data controllers (our Customers), who may collect such information from Data Sources (often, candidates) during the recruitment process or otherwise. Our Customers collect such information from Data Sources using the Site or the Mobile Apps. We act only on and in accordance with instructions from the data controllers. The personal information from the Data Source(s) is concurrently and automatically stored and backed up from the Site and/or the Mobile Apps to servers that are under the control and in the possession of our hosting provider, who acts as our subprocessor. Our data processing activities are limited to the minimum necessary for the performance of the contracts between our Customers and us. For more information regarding how a Data Source’s information is processed, please refer to the applicable Customer’s privacy policy.
Upon written request from a Data Source, with proper verification of identity at our sole discretion (e.g. via certification from a notary public), we can promptly destroy, correct, amend and/or return to such verified Data Source any and all personal information, including any personally identifiable information, in our or our subprocessor’s control or possession, subject to our right to retain such information as deemed necessary to comply with legal obligations. We will use commercially reasonable efforts to respond to such requests within forty-five (45) days of receipt of such request and proper identity verification. All requests in this regard should be submitted via email to privacy@yello.co.
Personal Information that Our Customers Collect
Our Customers collect the personal information of Data Sources in a few different ways. One way in which they collect personal information is directly from the Data Source(s). For example, a Data Source may voluntarily provide personal information, including but not limited to, his or her name, email address, physical address, date of birth, image, educational background information, professional background information, and telephone number if he or she registers for a candidate account within the Site or Mobile Apps, applies for an open position with our Customers through the Site or Mobile Apps, or signs up for an interview through our Site or Mobile Apps. Certain personally identifiable information may also be provided by a Data Source on the Site or on our Mobile Apps, including, but not limited to, through posting material on the Site or the Mobile Apps, inputting search queries, or completing surveys, forms, or polls. Our Customers collect such data through our Site or Mobile Apps purpose of building a work candidate database based on the information provided by Data Sources and managing their recruitment process. As a data processor, we may gain authorized access to the personal information of the Data Sources, including personally identifiable information, that was collected by our customers and which is hosted in our subprocessor’s servers. BY SUBMITTING, ENTERING, OR PROVIDING ANY PERSONAL INFORMATION, INCLUDING PERSONALLY IDENTIFIABLE INFORMATION, INTO THE SITE OR MOBILE APPS, YOU THEREBY CONSENT TO OUR PROCESSING, STORING, REPURPOSING, AND USE OF SUCH INFORMATION IN ACCORDANCE WITH THE TERMS OF THIS PRIVACY POLICY AND ONLY IN ACCORDANCE WITH THE INSTRUCTIONS OF OUR CUSTOMERS, THE DATA CONTROLLERS. SUCH PROCESSING, STORING, REPURPOSING, AND USE IS NECESSARY TO FULFILL THE PURPOSE OF THE CONTRACT(S) BETWEEN US, OUR CUSTOMERS, AND/OR OUR SUBPROCESSOR. IF A DATA SOURCE DOES NOT WISH FOR PERSONALLY IDENTIFIABLE INFORMATION TO BE SHARED WITH US, OUR CUSTOMERS, OR OUR SUBPROCESSOR THROUGH THE SITE OR THE MOBILE APPS FOR THE PURPOSES DESCRIBED HEREIN, HE OR SHE MUST NOT PROVIDE OR UPLOAD SUCH INFORMATION TO THE SITE OR MOBILE APPS.
Personal Information that We Collect
Through the Site and Mobile Apps, we automatically gather certain information about the use of the Site and Mobile Apps, such as how frequently certain areas of the Site or Mobile Apps are visited and the date and time of Site or Mobile App visits, IP addresses and browser information, including through the use of cookies, web beacons and other technologies. Most browsers can be set to prevent cookies or to notify a Data Source when one is being placed; however, cookies are necessary to access and use the Site and Mobile Apps. A browser may allow a Data Source to delete the cookies after using the Site or Mobile Apps.
The Site and Mobile Apps also make use of a cookie technology designed to enhance the experience of Data Sources and provide aggregate non-personally identifiable information about the use of the Site and Mobile Apps to us. By using the Site or Mobile Apps, our Customers and the Data Sources hereby agree that we can place these types of cookies on their device(s).
If our Customers utilize our Technology Management Services and/or our devices in connection with the Mobile Apps or the Site, including but not limited to utilization through iPads or tablets, whether owned by us or a Customer, we may track, and you consent to us tracking, your physical location using Global Positioning System (GPS) technology that is installed and active on such device(s). Such tracking will be utilized for the following purposes: (i) locating device(s) in the event that they are lost or stolen; and/or (ii) locating devices(s) in an anonymized fashion for use on a device heat-map to be used for internal and external marketing purposes and which constitutes a map of broad-scale user activity across the globe. Such GPS tracking will not involve any access to your personal information nor will it involve the tracking of your activity or behavior on such device(s). If you object to such tracking, please promptly contact us via email at privacy@yello.co or at contracts@yello.co.
How We and Our Customers Use and Disclose the Information of Data Sources
We will not use, share or disclose the information of Data Sources to anyone except as described in this Privacy Policy, in compliance with the instructions of the applicable data controllers, or as otherwise consented to by a Data Source. To better understand how a Data Source’s information is processed, please refer to the applicable Customer’s privacy policy.
Additionally, it is important to note that we may be required to disclose the personal information of our Customers or their Data Sources, including certain personally identifiable information, in response to a lawful request by public authorities or under any applicable law, including to meet national security or law enforcement requirements.
Data Sources should be aware we have no control over third-party websites or links, and our Privacy Policy does not apply to these third-party websites or links. Please consult the privacy policy of such websites or links for information related to privacy in connection to such websites or links.
How We Use and Disclose the Information of Our Customers
We use Customer information, including personally identifiable information, in order to administer our Customers’ accounts and allow them to use the Site and Mobile Apps. We use Customer information to support and enhance our Customers’ use of the Site and its features and the Mobile Apps, including, at times and as an example, tracking emails that our Customers send.
We also use our Customer’s personally identifiable information for any purpose for which they provide it (for example, if a Customer wishes to share its email address or personal information with us for a particular purpose). In addition, we may send to our Customers, service or promotional communications, including notifying them of new services, offerings, or changes to the Site, Mobile Apps, or this Privacy Policy. Our Customers can opt-out of receiving these emails by contacting us at privacy@yello.co.
We may use Customer information to enable us to display advertisements to third parties’ target audiences. Even though we do not disclose your personally identifiable information for these purposes without your consent, if you click on or otherwise interact with an advertisement, the advertiser may assume you meet its target criteria.
We may also disclose and transfer Customer information, including personally identifiable information, as an asset in connection with a proposed or actual merger or sale (including any transfers made as part of an insolvency or bankruptcy proceeding) involving all or part of our business (whether as a going-concern or not) or as part of a corporate reorganization, stock sale or other change in control.
Customers should be aware we have no control over third-party websites or links, and our Privacy Policy does not apply to these third-party websites or links. Please consult the privacy policy of such websites or links for information related to privacy in connection to such websites or links.
General Use and Disclosure the Information of Data Sources or Customers
We reserve the right to disclose information, including personal information, in order to comply with a subpoena, court order, administrative or governmental order, or any other requirement of law, or when we, in our sole discretion, believe it is necessary in order to protect our rights or the rights of others, to prevent harm to persons or property or to fight fraud and credit risk reduction. IF A CUSTOMER OR DATA SOURCE USES A PUBLICLY ACCESSIBLE AREA OF THE SITE OR MOBILE APPS, HE OR SHE SHOULD BE AWARE THAT ANY PERSONALLY IDENTIFIABLE INFORMATION SUBMITTED THERE CAN BE READ, COLLECTED OR USED BY ANY PERSON FOR ANY PURPOSE. We are in no way responsible for the personally identifiable or other information submitted in these public forums. We may retain records of all publicly accessible areas of the Site or Mobile Apps.
We use non-personally identifiable information in the aggregate, so we can improve the Site or Mobile Apps, and for business and administrative purposes. We may also use or share with third parties, for any purpose, aggregated data that contains no personally identifiable information.
We are located in the United States. BY ACCESSING OR USING THE SITE, ACCESSING OR USING THE MOBILE APPS, OR OTHERWISE PROVIDING INFORMATION TO OUR CUSTOMERS OR US, THE CUSTOMERS AND DATA SOURCES CONSENT TO THE PROCESSING AND TRANSFER OF SUCH INFORMATION IN THE UNITED STATES.
Third Party Disclosures
We may disclose the personal information of our Customer’s Data Sources to third parties as necessary to provide our services to our Customers. Such third parties may include vendors who we utilize for the provision of our services. The purpose of such disclosure is to provide our services to our Customers, and may include the subprocessing of such personal information between our Site, the Mobile Apps, and our and our Customer’s networks; the parsing of such personal information to allow our Customers to filter through the information that the Data Sources voluntarily provide to our Customers via the Site or Mobile Apps, and, generally, allowing our Customers to build a work candidate database based on the information provided by Data Sources and manage their recruitment process. We are liable for appropriate onward transfers of personal data to third parties.
When transferring personal information to a third party acting as an agent, we (i) transfer such data only for limited and specified purposes; (ii) ascertain that the agent is obligated to provide at least the same level of privacy protection as is required by the Privacy Shield Principles; (iii) take reasonable and appropriate steps to ensure that the agent effectively processes the personal information transferred in a manner consistent with the organization’s obligations under the Principles; (iv) require the agent to notify the organization if it makes a determination that it can no longer meet its obligation to provide the same level of protection as is required by the Principles; (v) upon notice, including under (iv), take reasonable and appropriate steps to stop and remediate unauthorized processing; and (vi) provide a summary or a representative copy of the relevant privacy provisions of our contract with that agent to the Department of Commerce or Federal Trade Commission upon verified request.
Choices Regarding Customer Information
We strive to provide our Customers with choices regarding their personally identifiable information. We have created mechanisms to provide our Customers with control over such information:
- Tracking Technologies and Advertising. Customers can set their browser to refuse all or some browser cookies, or an alert when cookies are being sent. To learn how to manage cookie settings, visit the applicable browser’s settings and help pages. If a Customer disables or refuses cookies, please note that the Site or Mobile Apps may then be inaccessible or not function properly.
- Promotional Offers and Newsletters from us. If a Customer does not wish to have its contact information used by us to promote our own products or services or receive our newsletters, it can opt-out by contacting us at privacy@yello.co. This opt-out does not apply to information provided to us as a result of product service experience requests.
Choices regarding Data Source Information
Upon written request from a Data Source, with proper verification of identity at our sole discretion (e.g. via certification from a notary public), we can promptly destroy, correct, amend and/or return, to such verified Data Source, any and all personally identifiable information in our or our subprocessor’s control or possession, subject to our right to retain such information as deemed necessary to comply with legal obligations. We will use commercially reasonable efforts to respond to such requests within forty-five (45) days of receipt of such request and identity verification. All requests in this regard should be submitted via email to privacy@yello.co.
How We Protect Information
We are committed to protecting the information we receive from our Customers and their Data Sources. We follow reasonable technical and management practices to help protect the confidentiality, security and integrity of data stored on our system on the Site and on the Mobile Apps, including from loss, misuse, and unauthorized access, disclosure, alteration and destruction. While no computer system is completely secure, we believe the measures we have implemented reduce the likelihood of security problems to a level appropriate to the type of data involved.
In addition, only those employees and third parties who need access to personal information in order to perform their duties are allowed such access.
Although we do our best to protect the personal information of our Customers and Data Sources, we cannot guarantee the security of personal information transmitted to the Site or Mobile Apps. ANY TRANSMISSION OF PERSONAL INFORMATION IS AT THE CUSTOMER’S OR THE DATA SOURCE’S OWN RISK. WE ARE NOT RESPONSIBLE FOR THE CIRCUMVENTION OF ANY PRIVACY SETTINGS OR SECURITY MEASURES CONTAINED ON THE SITE OR MOBILE APPS.
The safety and security of personal information also depends on the Customers and Data Sources. Where we have given the Customer or Data Sources (or where they have chosen) a password for access to certain parts of the Site or Mobile Apps, the aforementioned Customer or Data Source is responsible for keeping this password confidential. Customer and Data Sources must not share passwords with anyone. Customer and Data Sources must also take all reasonable steps to ensure the protection of their personal information, including, but not limited to, the personally identifiable information, and must be careful about giving out information in public areas of the Site or Mobile Apps or elsewhere.
Accessing and Updating Personal Information and Preferences of Customers
Authorized Users of our Customers may access and update, correct or delete registration and other personal information by logging into the Site or Mobile Apps and modifying their user profile, or by sending us an email at privacy@yello.co. Customers may also close their account at any time by contacting us at privacy@yello.co. We will take commercially reasonable steps to implement our Customers’ requests promptly, but it may take some time to process.
While we make efforts to accommodate requests to restrict our use of personal information, we reserve the right to delete all or any portion of a Customer or Data Source’s information if we are not able to reasonably accommodate a requested restriction. Please note that in some instances we may not be able to delete the personal information or our Customers or their Data Sources except by closing such Customer’s user account. We will notify our Customers if we are not able to accommodate their requests or if we have elected to close a Customer account as a result of a failure to accommodate such request.
We may retain copies of a Customer’s personal information even after it has closed its account in order to comply with legal obligations, pursuant to our data retention practices and for a reasonable period following such closure to be able to address any potential disputes.
Children’s Privacy and Parental Controls
We do not solicit any personal information from children. IF A CUSTOMER OR DATA SOURCE IS NOT 16 OR OLDER, HE OR SHE MUST NOT USE THE SITE OR THE MOBILE APPS. Parents should be aware there are parental control tools available online that can be used to prevent children from submitting information online without parental permission or from accessing material that is harmful to minors.
California Privacy Rights
California Civil Code Section § 1798.83 permits Customers and Data Sources who utilize the Site or Mobile Apps and who are California residents to request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes. To make such a request, please send an e-mail to privacy@yello.co.
Subject to Federal Trade Commission’s Authority
It is important to note that we are subject to the investigatory and enforcement power of the Federal Trade Commission, which protects consumers by stopping unfair, deceptive or fraudulent practices in the marketplace.
Dispute Resolution
In compliance with the EU-U.S. and Swiss-U.S. Privacy Shield Principles, we commit to resolve complaints about your privacy and our collection or use of your personal information. European Union or Swiss individuals with inquiries or complaints regarding this Privacy Policy should first contact at privacy@yello.co or the mailing address below:
RECSOLU, Inc., DBA Yello
55 E. Monroe St., Suite 3600
Chicago, IL 60603
Attn: General Counsel
We have further committed to refer unresolved privacy complaints under the EU-U.S. and Swiss-U.S. Privacy Shield Principles to an independent dispute resolution mechanism, the BBB EU PRIVACY SHIELD, operated by the Council of Better Business Bureaus. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit http://www.bbb.org/EU-privacy-shield/for-eu-consumers (applicable to Data Sources and Customers in the European Union and Switzerland) for more information and to file a complaint. You can also visit the U.S. Department of Commerce’s Privacy Shield website at https://www.privacyshield.gov/ to learn more information on the Privacy Shield program.
Injunctive Relief
By using the Site or the Mobile Apps, Customers and Data Sources acknowledge that monetary damages may not be a sufficient remedy for unauthorized disclosure of personal information, including personally identifiable information, and that there is significant potential liability in cases of onward transfers of Privacy Shield data (including personal information and personally identifiable information) to third parties. Thus, Customers and Data Sources hereby acknowledge that we shall be entitled, without waiving any other rights or remedies, to seek such injunctive or equitable relief as may be deemed proper by a court of competent jurisdiction.
Arbitration as Last Resort
Only under certain limited conditions and as a last resort, individuals may seek redress from the Privacy Shield Panel, a binding arbitration mechanism.
Human Resources Data and EU/Swiss Data Protection Authorities
We process human resources data from the EU or Switzerland for use in the context of the employment relationship under the Privacy Shield. We commit to cooperate with EU data protection authorities (DPAs) or Swiss Federal Data Protection and Information Commissioner (FDPIC), as applicable, with regard to human resources data transferred from the EU or Switzerland in the context of the employment relationship and to comply with the advice given by such authorities with respect to such data.
In the event we are unable to accommodate an EU individual’s request regarding HR data received by us within the context of the work relationship between us and our Customers, or our Customers and their Data Sources, we further commit to working with the Data Protection Authorities (DPAs) who cover the jurisdiction that the data originated from. For information on how to contact your jurisdiction’s DPA, visit http://ec.europa.eu/justice/data-protection/article-29/structure/data-protection-authorities/.
In the event we are unable to accommodate a Swiss individual’s request regarding HR data received by us within the context of the work relationship between us and our Customers, or our Customers and their Data Sources, we further commit to working with the Swiss Federal Data Protection and Information Commissioner (FDPIC) who covers the jurisdiction the data originated from. For information on how to contact your jurisdiction’s Commissioner, visit https://www.edoeb.admin.ch/org/00146/00147/index.html?lang=en.
Privacy Policy Changes
If we decide to change our Privacy Policy, we will post the revised Privacy Policy here. Customers and Data Sources are responsible for periodically visiting the Site and this Privacy Policy to check for any changes. In addition, Customers are responsible for ensuring that we have an up-to-date active and deliverable e-mail address on file. Continued use of the Site or Mobile Apps indicates consent to the then current Privacy Policy as posted. If a Customer or Data Source does not consent to the changes to the Privacy Policy, he or she must not continue to access or use the Site or the Mobile Apps, and may reach out to us at privacy@yello.co to object and/or to obtain for more information.
To address any questions that you have about this Privacy Policy, please contact us at:
RECSOLU, Inc., DBA Yello
55 E. Monroe St., Suite 3600
Chicago, IL 60603
Attn: General Counsel
1-312-517-3232
contracts@yello.co
