Version (Effective): October 9, 2023
This Privacy and Cookies Policy applies to all data collections and other data processing of Bullhorn, Inc., in particular through www.bullhorn.com and through its service platforms www.bullhornstaffing.com, https://[Customer Name].bbo.bullhornstaffing.com, https://www.salesduel.com, and https://prod.vms-express.com (each referred to herein as a “Site”) owned and operated by it.
1. Collected Personal Data and How We Use It
1.1. We may collect and/or process the following categories of personal data from our customers, customers’ candidates and Site visitors:
|Type of Data||Description||Duration||Entity that Collects your Data||Purpose of Collection / Processing|
|Identifiers||Data relating to an identified or identifiable natural person . Examples are names, email addresses, residential addresses, job title, employer, contact details, age, sex, date of birth, physical descriptions, identifiers issued by public bodies, e.g. SSN and NI numbers. For our customers, we may also collect information about a customer’s business such as company name, company size, business type, and contact information.||See Sec. 5||Bullhorn or Bullhorn’s Customers||See Sec. 1.2.1 – 1.2.10|
|Education and Professional Training||Data related to education and professional training. Examples are academic records, qualifications, skills, training records, and professional expertise.||See Sec. 5||Bullhorn or Bullhorn’s Customers||See Sec. 1.2.1 – 1.2.10|
|Employment||Data relating to employment. Examples are business role, employment and career history, recruitment and termination details, attendance record, health and safety records, performance appraisals, training records, agency employer, security records or other information necessary to determine an individual’s fitness for employment.||See Sec. 5||Bullhorn or Bullhorn’s Customers||See Sec. 1.2.1 – 1.2.10|
|Financial||Data relating to financial affairs. Examples are income, salary, billing rate, payments, benefits, bank or other information necessary to process payroll for an individual. For our customers, personal information may also include payment processing information such as credit or debit card number, bank information, and billing address.||See Sec. 5||Bullhorn or Bullhorn’s Customers||See Sec. 1.2.1 – 1.2.10|
|Goods or Services Provided||Data relating to goods and services which have been provided. Examples that may contain personal data are details of the goods or services supplied, licenses issued, agreements and contracts.||See Sec. 5||Bullhorn or Bullhorn’s Customers||See Sec. 1.2.1 – 1.2.10|
|IT Information||Data relating to an individual’s use of technology or software including IP addresses, any information about the computing or mobile device an individual is using, location data gathered from such devices, connection data, usernames and passwords, and social media handles.||See Sec. 5||Bullhorn or Bullhorn’s Customers||See Sec. 1.2.1 – 1.2.10|
|Special Categories||Data that is considered sensitive or special categories of personal data (Art. 9 GDPR), personally identifiable information, or sensitive personal data under applicable law. This category of personal data is typically collected to comply with legal requirements or to determine fitness for employment.||See Sec. 5||Bullhorn or Bullhorn’s Customers||See Sec. 1.2.1 – 1.2.10|
1.3. Bullhorn may use, disclose, distribute, and publish aggregated and/or anonymized data for statistical, analytical, machine learning and product and Service testing and enhancement purposes. Bullhorn employs reasonable and technically appropriate measures designed to prevent the re-identification of such personal data by a third-party. Anonymized and/or aggregated data may be shared with third parties for research and other purposes.
1.6. Bullhorn may disclose personal data to companies that assist us in providing our Service (i.e. our sub-processors, subcontractors and third-party service providers) or third-party partners that our customers may engage directly to provide you with their services or content (i.e. marketplace partners and other third-party service providers that integrate with our Service). These third-party service providers or partners may provide content or services through the Service or integrate with our Service and, accordingly, may need access to your personal data to provide their services to you. A list of sub-processors engaged by the Company can be found at https://www.bullhorn.com/legal/sub-processors/. A list of marketplace partners that our customers may engage can be found at https://www.bullhorn.com/marketplace/. To determine which partners/third-party service providers are used by a customer, please contact the customer that you interact with directly.
1.8. Personal data may be disclosed or distributed to another party with which Bullhorn enters, or may enter, into a corporation transaction. If Bullhorn is acquired in a merger, acquisition, or sale of all or substantially all its assets, you will be notified via email, on our Site and/or by a notice on our Service of any change in the uses of your personal data, as well as any change in the choices you may have regarding your personal data. The disclosure of personal data to another party as set forth herein may involve the transfer of such personal data outside the state, province, country or other jurisdiction in which Bullhorn stores or otherwise processes personal data, subject to Bullhorn taking steps to provide that any such transfer is made only in compliance with applicable laws. In the unlikely event of a bankruptcy, insolvency or liquidation, the database containing personal data may be treated as an asset of Bullhorn and may be subject to transfer to a third party.
1.9. Customers are solely responsible for maintaining the confidentiality and security of their user credentials and passwords. Customers or Site visitors may opt-out of receiving sales, promotional or advertising emails from us by selecting the opt-out link located in the message body of all our electronic communications. Customers or Site visitors may also email email@example.com directly with a request to be removed from such communications.
1.10. We may also track and analyze information that doesn’t directly identify you as a person and aggregate usage and volume statistical information from our Site visitors, customers’ candidates and customers and provide such information in anonymized (or aggregated) form to third parties.
1.11. We are a service provider to our customers and have no direct relationship with the customer candidate or any individual whose personal data a customer processes. If you are a candidate or individual of one of our customers and would no longer like to be contacted by a person or entity that uses our Service, please contact the customer that you interact with directly. If you are a customer and would like to update your account, please contact us at firstname.lastname@example.org. For the CredentialPass service, we are a data controller and you may contact us directly to discontinue being contacted by us or to update your account.
1.12 Marketing: Bullhorn may also ask Site visitors to provide certain information, such as email addresses to use and receive content from the Site. Bullhorn will provide Site visitors with the ability to opt-in or opt-out of future communications from the Company as required by applicable law. If you would like to discontinue receiving this information, you may update your email preferences by using the “Unsubscribe” link found in emails we send to you or at your member profile on our Site or by contacting us at email@example.com.
3. Access to Personal Data Controlled by Bullhorn
Upon request and within 30 days, or as otherwise required by applicable law, Bullhorn will provide you with information about whether we hold, or process on behalf of a third party, any of your personal data. In addition, Bullhorn will take the steps required by the law to permit customers to correct, amend, delete, or receive a copy of their personal data or to transfer and to restrict the use of their personal data . To exercise any of these rights, please contact firstname.lastname@example.org. In accordance with customer agreements, Bullhorn will, upon request, provide our customers with a copy of their personal data stored by Bullhorn upon expiration or termination of the customer agreements, unless prohibited by applicable law. For the CredentialPass service, for which we are a data controller, you may contact us directly to withdraw your consent to the use/processing of your data or to correct, amend, delete or receive a copy of personal data.
4. Access to Personal Data Controlled by our Customers
Bullhorn acknowledges that you have the right to access your personal data and to withdraw consent to the use/processing of your personal data. You have the right to withdraw your consent under data protection law at any time. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the withdrawal. In most cases, Bullhorn has no direct relationship with the individuals whose personal data it processes for customers. We recommend that an individual who seeks access, or who seeks to correct, amend, delete or receive a copy of personal data should direct their query to the Bullhorn customer (the data controller).
If requested to remove data by our customer, we will respond within 30 days or as otherwise required by applicable law. Individuals may also submit such inquiries or requests directly to Bullhorn at no cost for them by contacting email@example.com.
5. Data Retention by Bullhorn
6. Data Security
Bullhorn employs reasonable and appropriate security measures to protect against the loss, misuse, and unauthorized alteration of the personal data it processes. Bullhorn also implements an advanced security method based on dynamic data and encoded session identifications, and hosts the Service in a secure server environment that uses a firewall and other advanced technology to protect against interference or access from outside intruders. Finally, Bullhorn provides individual usernames and passwords that must be entered each time a customer logs on. You are responsible for keeping your credentials safe and must contact us or our relevant customer immediately if you believe they are compromised. These safeguards help protect against unauthorized access, maintain data accuracy, and provide for the appropriate use of personal data. Nevertheless, no method of transmission over the Internet, or method of electronic storage, is one hundred percent (100%) secure. Therefore, we cannot guarantee absolute security. If you have any questions about the security of our Service, please contact us at firstname.lastname@example.org.
7. Links to Third Party Sites
8. No Services for Minors
The Site is not directed to minors and we do not knowingly collect information from minors. By using the Site, you hereby represent that you are at least the age of legal majority in your place of residence. All information provided to us will be treated as if it was provided by an adult. We will use commercially reasonable efforts to delete information associated with a minor as soon as practicable if we learn that a minor has submitted information about themselves to us.
9. Note for Residents of California and Certain Other States
The law in certain states including California, Connecticut, Colorado, Virginia, and Utah permits their residents who provide us with personal information to request certain information including the categories of personal information we collect, the sources from which your personal information is collected, how we use your personal information, the categories of third parties with whom we share your personal information, and whether we sell your personal information or otherwise disclose such information to third parties for their direct marketing purposes. See Section 1 above for the categories of personal information we collect, the sources of such information and how we use your personal information. To request access, correction of inaccurate information, or deletion of your personal information, please contact the Company’s Data Protection Officers. See Section 15 for contact details. You also have the right to not be discriminated against if you make privacy requests and the right to appeal any decision that we make about your privacy requests.
Opt-Out of Sharing for Cross-Context Behavioral or Targeted Advertising. As described above in Section 2, we may share your personal information with third-parties to show you advertising on other sites. You have the right to opt-out of sharing for cross-context behavioral or targeted advertising, and can do so by opting out of Targeting Cookies through our Privacy Preference Center, available at Cookie Settings.
Our website will also recognize Global Privacy Control (GPC) signals. You can access more information about GPC at https://globalprivacycontrol.org/.
12. Data Transfers Outside the EEA, U.K. and Switzerland
Bullhorn Group Companies have entered into Standard Contractual Clauses and Switzerland and UK Addendums (collectively, “SCC”) among them as authorized by the European Commission under the GDPR and UK GDPR for the transfer of personal data from Bullhorn Group Companies in the EEA, UK, and Switzerland to Bullhorn Group Companies outside these territories. The SCC set forth the adequate safeguards for the protection of privacy and fundamental rights and freedoms of European, British and Swiss individuals for such data transfers outside the EEA, UK and Switzerland. Please use the contact information in Sec. 15 below to obtain more information on these contractual arrangements.
Bullhorn observes the regulatory developments affecting these data transfers to data importers outside the EEA, U.K. and Switzerland . Please visit this website frequently for updates or modifications of this Policy.
13. Bullhorn’s Compliance with the EU-U.S. and EU-Swiss Data Privacy Framework and UK Extension
Bullhorn, Inc. and its other US entities are responsible for the processing of personal data it receives from data exporters under the DPF, and subsequently transfers to a third party acting as an agent on its behalf. Bullhorn, Inc. and its other US entities fully comply with the DPF Principles and the SCC. With respect to personal data received or transferred pursuant to the DPF, Bullhorn, Inc. and its other US entities are subject to the regulatory enforcement powers of the U.S. Federal Trade Commission. In certain situations, Bullhorn, Inc. and its other US entities may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
The Company adheres to the DPF Principles of notice, choice, accountability for onward transfer, security, data integrity and purpose limitation, access and recourse, and enforcement and liability as described herein.
14. Lead Data Protection Agency
Bullhorn, International Ltd., Bond International Software (UK) Ltd., Cube19 Ltd., Innovantage Systems Ltd., Invenias Ltd., Sirenum Ltd., and Sourcebreaker Ltd. are registered with the UK Information Commissioner’s Office. Connexys Holding BV is registered with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens, AP). You have the right to lodge a complaint with your local data processing authority, for the ICO see https://ico.org.uk/make-a-complaint/ and for the AP see https://autoriteitpersoonsgegevens.nl/een-tip-of-klacht-indienen-bij-de-ap.
Bullhorn has appointed Data Protection Officers, who are responsible for matters relating to data privacy and protection. The Data Protection Officers can be contacted by email at DPO@bullhorn.com or by mail at: Bullhorn, Inc., 100 Summer Street, 17th Floor, Boston, MA 02110, Attn: Data Protection Officer, Legal or K.P. van der Mandelelaan 68-70, 3062 MB Rotterdam, Netherlands, Attn: Data Protection Officer.