Bullhorn Privacy and Cookies Policy

Version: May 24, 2018

This Privacy and Cookies Policy applies to all data collections and other data processing of Bullhorn, Inc., in particular through www.bullhorn.com and through its service platforms www.bullhornstaffing.com, https://bbo.bullhornstaffing.com, https://www.salesduel.com, and https://prod.vms-express.com (each referred to herein as a “Site”) owned and operated by it. For purposes of this Privacy Policy any reference to “Bullhorn” (or “our” or “us” or “we”) shall mean Bullhorn, Inc., Bullhorn, International Limited, Bullhorn International, Inc., Peoplenet Corporation, Total Resources Solutions BV, Connexys BV, Connexys GmbH, Talent Rover, LLC, Talent Rover Ireland Limited, Jobscience, Inc. and /or their subsidiaries, as applicable (collectively, “Bullhorn” or “Company”). This Privacy Policy describes how Bullhorn collects, uses, shares and safeguards the personal data you provide to us. It also describes your choices regarding use, access and correction of your personal data. The use of personal data collected through our service shall be limited to the purpose of providing the Bullhorn service for which the customer has engaged Bullhorn as set out in the Master Subscription Agreement, Terms of Service, and other agreements with the customer and this Privacy Policy (“Bullhorn Service” or “Service”).

1. Collected Personal Data

1.1. We collect the following categories of personal data from our customers, customers’ candidates and Site visitors:

• 1.1.1.    Personal data – Included in this category are classes of data which identify an individual and their personal characteristics. Examples are names, addresses, job title, employer, contact details, age, sex, date of birth, physical descriptions, identifiers issued by public bodies, e.g. SSN and NI numbers. We may collect names, email addresses and contact information of visitors who register for the Bullhorn Community, in blog entries and of our customers’ users and their recipients. For our customers, we may also collect information about a customer’s business such a company name, company size, business type, and contact information.
• 1.1.2.    Education and professional training information – Included in this category are matters which relate to the education and professional training of an individual. Examples are academic records, qualifications, skills, training records, and professional expertise.
• 1.1.3.    Employment information – Included in this category are matters relating to the employment of an individual. Examples are business role, employment and career history, recruitment and termination details, attendance record, health and safety records, performance appraisals, training records, agency employer, security records or other information necessary to determine an individual’s fitness for employment.
• 1.1.4.    Financial details – Included in this category are matters relating to the financial affairs of an individual. Examples are income, salary, billing rate, payments, benefits, bank or other information necessary to process payroll for an individual. For our customers, information may also include payment processing information such as credit or debit card number, bank information, and billing address.
• 1.1.5.    Goods or services provided – Included in this category are classes of data relating to goods and services which have been provided. Examples are details of the goods or services supplied, licenses issued, agreements and contracts.
• 1.1.6.    IT information – Included in this category is any information relating to an individual’s use of technology or software including IP addresses, any information about the computing or mobile device an individual is using, location data gathered from such devices, connection data, usernames and passwords, and social media handles.
• 1.1.7.    Special Categories – Included in this category are classes of data that are considered sensitive data, personally identifiable information, or sensitive personal data under applicable law. This category of personal data is typically collected to comply with legal requirements or to determine fitness for employment.
• 1.1.8. We may also collect from you, personal data about your contacts such as email addresses. If you believe that one of your contacts has provided us with your personal data and you would like to request that it be removed from our database, please contact us at privacy@bullhorn.com.

1.2. Personal data is collected and used for Bullhorn’s legitimate business purposes and to comply with the Company’s contractual and legal obligations, including establishing, managing and providing the Bullhorn Service to our customers. Personal data is used by Bullhorn for the purposes described in this Privacy Policy, or for additional purposes that Bullhorn has advised you of, and / or for which Bullhorn has obtained your consent with respect to the use or disclosure of your personal data. Specifically, we use the personal data collected only for the following purposes:

• 1.2.1. Provide the Service to our customers, including through third parties.
• 1.2.2. Facilitate the services provided to our customers by Bullhorn partners.
• 1.2.3. Keep records of customer activity.
• 1.2.4. Keep records of customer information.
• 1.2.5. Administer a customer's accounts, including payment.
• 1.2.6. Respond to a customer's service or support requests.
• 1.2.7. For marketing, promotional and sales purposes.
• 1.2.8. For data security purposes.
• 1.2.9. Bullhorn does not use personal data for automated decision making.

1.3. We will only share your personal data with third parties (our agents) in the ways that are described in our customer agreements and this Privacy Policy. We do not sell your personal data to third parties. Additionally, our employees are trained and subject to confidentiality obligations and only have access to personal data as necessary.

1.4.  We may email information regarding updates to the Service or service offerings to our customers in accordance with the terms and conditions of each customer’s agreements with us or site visitors in accordance with the terms described in this Privacy Policy.

1.5. Other third parties, such as content or third party service providers, may provide content or services through the Service and may need access to your personal data to provide their services to you. Customers will be using a Service to host data and information. Bullhorn will not use or disclose your personal data, except (i) to the extent necessary to provide the Service to you or as requested by you, or (ii) pursuant to law, as determined by Bullhorn in its sole discretion, or (iii) by a court order, or (iv) in connection with third party cookies as described in Section 2.3.5 of this Privacy Policy. Individual customer or customer candidate records may at times be viewed or accessed by Bullhorn’s authorized employees or  agents only for the purpose(s) of (i) providing the Service and related professional services to customer or customer candidates, (ii) resolving a support issue affecting any of them, (iii) to inspect and resolve a suspected violation of customer agreements with a customer, or (iv) as may be required by law, as determined by Bullhorn in its sole discretion, judicial proceeding, subpoena, legal process or binding court order. We also reserve the right to disclose your personal data when we believe, in our sole discretion, that disclosure is necessary to protect our rights and/or comply with a judicial proceeding, subpoena, court order, or legal process.

1.6. Personal data may be disclosed or distributed to another party with which Bullhorn enters, or may enter, into a corporation transaction. If Bullhorn is acquired in a merger, acquisition, or sale of all or substantially all its assets, you will be notified via email, on our Site and/or by a prominent notice on our Service of any change in the uses of your personal data, as well as any choices you may have regarding your personal data. The disclosure of personal data to another party as set forth herein may involve the transfer of such personal data outside the state, province, country or other jurisdiction in which Bullhorn stores or otherwise processes personal data, subject to Bullhorn taking steps to provide that any such transfer is made only in compliance with applicable laws. In the unlikely event of a bankruptcy, insolvency or liquidation, the database containing personal data may be treated as an asset of Bullhorn and may be subject to transfer to a third party.

1.7. Bullhorn may disclose personal data to companies that assist us in providing our Service or that partner with us to provide you their services or content. In this context, any such transfers to third parties are governed by our vendor agreements with them, which provide standards of care for the protection for personal and confidential information that are not less stringent than the standards contained in our customer agreements, and in no event, less than a reasonable standard of care in accordance with the Privacy Shield Framework and other applicable law. Such third-party companies are authorized to use your personal data only as necessary to provide these services to us and/or you and for the purposes for which the personal data was collected. Personal data may be transferred to third parties outside the state, province, country or other jurisdiction in which Bullhorn stores personal data, subject to Bullhorn taking steps to provide that any such transfer is made in full compliance with applicable laws. In the case of partners with whom you contract directly, their policies regarding personal data will govern your relationship with them as stated in the applicable agreement between you and the partner and we will not be responsible for any actions or omission of these partners.

1.8. Customers are solely responsible for maintaining the confidentiality and security of their user registration and password. Customers or Site visitors may opt-out of receiving sales, promotional or advertising emails from us by selecting the opt-out link located in the message body of all our electronic communications. Customers or Site visitors may also email privacy@bullhorn.com directly with a request to be removed from such communications. We may also track and analyze information that doesn’t directly identify you as a person and aggregate usage and volume statistical information from our Site visitors, customers’ candidates and customers and provide such information in aggregated form to third parties.

1.9. We are a service provider to our customers and have no direct relationship with the customer candidate or any individual whose personal data a customer processes. If you are a candidate or individual of one of our customers and would no longer like to be contacted by a person or entity that uses our Service, please contact the customer that you interact with directly. If you are a customer and would like to update your account, please contact us at privacy@bullhorn.com.

1.10. Marketing: Bullhorn may also ask website visitors who register for the Bullhorn Community, to provide certain information, such as email addresses to use and receive content from the site. Bullhorn will provide these visitors with the ability to opt-in or opt-out of future communications from the Company as required by applicable law. If you would like to discontinue receiving this information, you may update your email preferences by using the “Unsubscribe” link found in emails we send to you or at your member profile on our Site or by contacting us at privacy@bullhorn.com.

2. How We Use Cookies, Log Files, Social Media Plug-ins and Other Tracking Technologies

2.1. Technologies such as cookies or similar technologies are used by Bullhorn and our partners, affiliates, or our service providers. These technologies are used in analyzing trends, administering the site, tracking users' movements around the site and to gather demographic information about our user base as a whole. We may receive reports based on the use of these technologies by these companies on an individual as well as aggregated basis.

2.2. Log in files: We gather certain information automatically and store it in log files. This information includes internet protocol (IP) addresses, browser type, internet service provider (ISP), referring/exit pages, operating system, date/time stamp, clickstream data, the files viewed on our site (e.g., HTML pages, graphics, etc.), to analyze trends in the aggregate and administer the Site. We do link these automatically-collected data sets to personal data of you that we may have already stored.

2.3. Cookies: We use cookies to remember users' settings (e.g. language preference), and for your authentication when you visit the Site or use the Service, as the case may be. The following information will help you to understand the different types of cookies used:

2.3.1. Strictly necessary cookies are required for the operation of the Site. These include, for example, cookies which are necessary for users to create an account or login to secure areas of the Site, and cookies that are required to show error or success messages to users.

2.3.2. Session cookies containing encrypted information to allow the system to uniquely identify you while you are logged in. Session cookies exist only during an online session. They disappear from your computer when you close your browser software or turn off your computer. This information allows Bullhorn to process your transactions and requests. Session cookies help us make sure you are who you say you are after you’ve logged in and are required to use the Bullhorn application.

2.3.3. Persistent cookies that only Bullhorn can read and use, to identify the fact that you are a Bullhorn customer or a visitor, who has registered for the Bullhorn Community, to identify and maintain your preferences such as language, country and last check out or to receive certain types of content. Persistent cookies remain on your computer after you’ve closed your browser or turned off your computer. They include such information as a unique identifier for your browser. We are careful about the security and confidentiality of the information stored in persistent cookies. For example, we do not store account numbers or passwords in persistent cookies. Users or visitors who disable their Web browsers’ ability to accept cookies will be unable to use all aspects of our service or the Bullhorn Community.

2.3.4 Targeting cookies which store a user’s username, the referring user if using the referral network and the referral source to the Site.

2.3.5. The following third party cookies could be used:

• HubSpot - the Site uses cookies from HubSpot to track user behaviors and market to users based on their behaviors.
• DoubleClick - the Site uses cookies from DoubleClick to track user behaviors and market to users based on their behaviors.
• Marketo: the Site uses cookies from Marketo to improve user experience and shorten contact forms for visitors that have previously visited the Site.
• LinkedIn: the Site uses cookies from LinkedIn to track user behaviors and market to users based on their behaviors.
• Optimizely: the Site uses cookies from Optimizely to track users’ reactions to A/B tests. A/B tests are the creation of two or more versions of a website or portion thereof to determine which one performs better.
• Google Analytics: the site uses cookies from Google Analytics to track anonymous interactions and visits.

Please note that other third parties may also use cookies. These cookies are likely to be analytical/performance cookies or targeting cookies and include, for example, those from advertising networks or providers of external services.

2.4. Opt-out: You can control the use of cookies at the individual browser level. If you reject cookies, you may still use our Site, but your ability to use some features or areas of our Site may be limited. Many browsers allow a private mode to be activated through which the cookies are always erased after the visit. Depending on each browser, this private mode can have different names. The following is a list of the most common browsers that support the minimum recommended level of encryption TLS 1.2. Each browser type has a different name for “private mode”:

• Internet Explorer 11 and later versions = In Private
• Safari 7 and later versions = Private Navigation/Browsing
• Opera 17 and later versions = Private Navigation/Browsing
• Mozilla Firefox 27 and later versions = Private Navigation/Browsing
• Google Chrome 30 and later versions = Incognito

 

2.5. Targeted Advertisement: We partner with third parties to either display advertising on our Site or to manage our advertising on other sites. Our third-party partners may use cookies or similar technologies to gather information about your activities on this Site and other websites to provide you advertising based upon your browsing activities and interests. If you wish to not have this information used for the purpose of serving you interest-based ads, you may opt-out by clicking http://preferences-mgr.truste.com (or if located in the European Union click or http://www.youronlinechoices.eu). Please note this does not opt you out of generic ads. You will continue to receive generic ads.

2.6. Social Media (Features) and Widgets: Our Site includes social media features, such as LinkedIn. These features may collect your IP address, which page you are visiting on our Site, and may set a cookie to enable the feature to function properly. Social media features are either hosted by a third party or hosted directly on our Site. Your interactions with these features are governed by the privacy statement of the company providing it.

2.7. Blogs: Our Site offers publicly accessible blogs or community forums. You should be aware that any information you provide in these areas may be read, collected, and used by others who access them. To request removal of your personal data from our blog or community forum, contact us at privacy@bullhorn.com. In some cases, we may not be able to remove your personal data, in which case we will let you know if we are unable to do so and why. Alternatively, if you used a third-party application to post such information, you can remove it, either by logging into the application and removing the information, or by contacting the appropriate third party application.

3. Access to Personal Data Controlled by Bullhorn

Upon request and within 30 days, or as otherwise required by applicable law, Bullhorn will provide you with information about whether we hold, or process on behalf of a third party, any of your personal data. In addition, Bullhorn will take reasonable steps to permit customers to correct, amend, delete, or receive a copy of their personal data. To request this access, please contact privacy@bullhorn.com. In accordance with customer agreements, Bullhorn will, upon request, provide our customers with a copy of their personal data stored by Bullhorn upon expiration or termination of the customer agreements, unless applicable law determines otherwise.

4. Access to Personal Data Controlled by our Customers

Bullhorn acknowledges that you have the right to access your personal data and to withdraw consent to the use/processing of your personal data. In most cases, Bullhorn has no direct relationship with the individuals whose personal data it processes for customers. We recommend that an individual who seeks access, or who seeks to correct, amend, delete or receive a copy of personal data should direct his/her query to the Bullhorn customer (the data controller). If requested to remove data by our customer, we will respond within 30 days or as otherwise required by applicable law.  Individuals may also submit such inquiries or requests directly to Bullhorn at no cost for them by contacting privacy@bullhorn.com.

5. Data Retention by Bullhorn

We will retain personal data for as long as a customer’s account is active or as needed to provide the Service to our customer, as required under customer agreements and / or for as long as Bullhorn needs the personal data to fulfill the purposes for which the Company initially collected it, unless otherwise required by applicable law or court order. We will also retain this personal data as necessary to comply with our legal and/or contractual obligations, comply with court orders, resolve disputes, and enforce our agreements. When the purpose for which Bullhorn is processing the personal data is fulfilled, expires or is terminated, Bullhorn will either delete or anonymize/de-identify any personal data in accordance with our customer agreements, this Privacy Policy and applicable law. In the event we cannot delete or anonymize/de-identify your personal data, we will inform you of the reasons, subject to any legal restrictions.

6. Data Security

Bullhorn employs reasonable and appropriate security measures to protect against the loss, misuse, and alteration of the personal data it processes. When the Service is accessed using Microsoft Internet Explorer versions 8.0 or higher, Transport Layer Security (TSL) technology protects information using both server authentication and data encryption to help provide that personal data is safe, and secure while in transit. Bullhorn also implements an advanced security method based on dynamic data and encoded session identifications, and hosts the Service in a secure server environment that uses a firewall and other advanced technology to protect against interference or access from outside intruders. Finally, Bullhorn provides individual usernames and passwords that must be entered each time a customer logs on. These safeguards help protect against unauthorized access, maintain data accuracy, and provide for the appropriate use of personal data. Nevertheless, no method of transmission over the Internet, or method of electronic storage, is one hundred percent (100%) secure, however. Therefore, we cannot guarantee absolute security. If you have any questions about security on our Service, please contact us at privacy@bullhorn.com.

7. Links to Third Party Sites

Our Service includes links to other Web sites whose privacy practices may differ from those at www.bullhornstaffing.com and https://bbo.bullhornstaffing.com. If you submit personal data to any of these sites, your information is governed by the applicable third-party’s privacy policies and we are not responsible for it. We therefore encourage you to carefully read any notices provided through a hyperlink and the privacy policy of any Web site you visit and raise questions directly with these other providers.

8. No Services for Minors

We do not knowingly collect information from minors. To use the Site, you must be the age of legal majority in your place of residence. By using the Site, you hereby represent that you are at least the age of legal majority in your place of residence. We do not use an application or other mechanism to determine the age of users of the Site.  All information provided to us will be treated as if it was provided by an adult. We will use commercially reasonable efforts to delete information associated with a minor as soon as practicable if we learn that a minor has submitted information about himself/herself to us.

9. Note for California Residents

California law permits California residents who provide us with personal data to request certain information regarding our disclosure of such information to third parties for their direct marketing purposes. We do not, at this time, disclose such information to third parties for their direct marketing purposes. If we change this policy, we will update this provision and provide instructions on how you may make a request for details

10. Do-Not-Track Disclosure

There are many methods where web browser signals and similar mechanisms can indicate your choice to disable tracking. But we may not be aware of or able to honor every such mechanism. Because there is not yet a common understanding of how to interpret web browser-based “Do Not Track” (DNT) signals other than cookies, we may not respond to undefined DNT signals to our Sites or online services. More information about “do not track” is available at www.allaboutdnt.org concerning such information.

11. Severability

The invalidity or unenforceability of any provisions of this Privacy Policy in any country shall not affect the validity or enforceability of any other provision of this Privacy Policy, which shall remain in full force and effect.

12. Changes in this Privacy Policy

We may update this privacy statement to reflect changes to our information practices that will become effective upon posting. If we make material changes to this policy, we will notify you here, by email, or by means of a notice through the Service prior to the change becoming effective. We encourage you to periodically review this page for the latest information on our privacy practices.

13. Bullhorn’s EU-U.S. Privacy Shield / Swiss-U.S. Privacy Shield Framework Policy Statement

Bullhorn, Inc. participates in and has certified its compliance with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal data transferred from the European Union and Switzerland to the United States, respectively. Bullhorn’s Privacy Shield certification can be found at https://www.privacyshield.gov/participant?id=a2zt0000000GnYbAAK&status=Active. If there is any conflict between the terms in this Privacy Policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield Framework and the Privacy Shield Principles, please visit the U.S. Department of Commerce’s Privacy Shield website, https://www.privacyshield.gov/. Bullhorn, Inc. is committed to subjecting all personal data it receives from data exporters in any European Union (EU), Switzerland or European Economic Areas (EEA) member state, under the Privacy Shield Framework, to its applicable Privacy Shield Principles.

Bullhorn, Inc. is responsible for the processing of personal data it receives from data exporters under each Privacy Shield Framework, and subsequently transfers to a third party acting as an agent on its behalf. Bullhorn, Inc. fully complies with the Privacy Shield Principles. With respect to personal data received or transferred pursuant to the Privacy Shield Frameworks, Bullhorn, Inc. is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission. In certain situations, Bullhorn, Inc. may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

The Company adheres to the Privacy Shield Principles of notice, choice, accountability for onward transfer, security, data integrity and purpose limitation, access and recourse, and enforcement and liability as described herein.

• Notice – Bullhorn discloses the personal data categories being collected from EU/ EEA and Swiss customers, candidate customers and Site visitors, the purpose(s) of the data collection and other data processing, and any third party with whom these personal data may be shared as further described above in Section 1 of this policy.
• Choice – Bullhorn offers all its customers, candidate customers and Site visitors to opt-out of any transfer of data to third parties or use of collected data for purposes other than originally stated for and authorized unless explicitly permitted by the affected individual. We also offer the individuals covered by the Privacy Shield choices for limiting the use and disclosure of their personal data. (See Sections 1 and 2 above). Any covered individual can email us at privacy@bullhorn.com directly with his/her choice request, or can write us using the address indicated at the end of this policy with his/her choice.
• Onward Transfer and Accountability – Bullhorn will disclose personal data covered by the Privacy Shield to its agents only pursuant to the Notice and Choice principle to the extent applicable to the transfer unless the onward transfer is authorized in advance by informed, written consent by the individual affected by it. Before transferring personal data to an agent we will (i) provide that the transfer of such data is only for the limited and specified purposes the personal data were collected for; (ii) ascertain that the agent is obligated to provide at least the same level of privacy protection as is required by the Privacy Shield Principles; (iii) take reasonable and appropriate steps to provide that the agent effectively processes the personal data transferred in a manner consistent with our obligations under the Privacy Shield Principles; (iv) require the agent to notify us if it makes a determination that it can no longer meet its obligation to provide the same level of protection as is required by the Privacy Shield Principles; and (v) upon notice, take reasonable and appropriate steps to stop and remediate unauthorized processing. In the cases set forth in the Privacy Shield Principles, we will be liable for the actions of the agent.
• Security – Bullhorn will take reasonable precautions in its protection of data and any misuse, loss, destruction, alteration, and unauthorized access or disclosure. See Section 6 above for more details.
• Access – Bullhorn will provide access free of charge for its customers and customers’ candidates to their personal data and allow them to correct, amend, or request deletion of personal data where such personal data is inaccurate, unless the cost of such access is prohibitive in relation to the risk of privacy or where the rights of another individual would be violated. See Sections 3 and 4 above for more details on the access request.
• Data Integrity and Purpose Limitation – Bullhorn will take all reasonable steps to provide that any personal data it processes (including any processing through is agents) is limited by the purpose(s) for which such personal data has been collected.
• Recourse, Enforcement and Liability – Bullhorn will attempt to reasonably resolve any concerns related to the processing of his/her personal data directly with the individual. In the event a resolution cannot be reached, EU, Swiss or EEA customers may engage Bullhorn's independent recourse mechanism, our U.S.-based third party dispute resolution provider (free of charge) at https://feedback-form.truste.com/watchdog/request if you have any unresolved dispute with us.       These customers may also file a complaint with the supervisory authority in the state, province, territory and/or country in which they reside. Under certain conditions which are more fully described on the Privacy Shield website https://www.privacyshield.gov/article?id=How-to-Submit-a-Complaint, you may be entitled to invoke binding arbitration for an unresolved dispute you may have with us.

14. 14. Data Protection Officers

Bullhorn has appointed Data Protection Officers in the United States and European Union, who are responsible for matters relating to data privacy and protection. The Data Protection Officers can be contacted by email at DPO@bullhorn.com, or by mail at: Bullhorn, Inc., 100 Summer Street, 17^th Floor, Boston, MA 02110, Attn: Data Protection Officer, Legal or K.P. van der Mandelelaan 68-70, 3062 MB Rotterdam, Netherlands, Attn: Data Protection Officer, Legal.

Any questions or complaints concerning Bullhorn's Privacy Policy or handling of personal data can be directed to: privacy@bullhorn.com or Bullhorn, Inc., 100 Summer Street, 17^th Floor, Boston, MA 02110, Tel: 1-617-478-9100, Attn: Dept. of Information Security & Compliance/Legal. In addition, you have the right to lodge a complaint with your location data processing authority.