㽶Ƶ Privacy Policy
Version (Effective): June, 2024
This Privacy and Cookies Policy applies to all data collections and other data processing of 㽶Ƶ., in particular through www.bullhorn.com and through its service platforms , https://[ܲٴdz].bbo.bullhornstaffing.com, , and (each referred to herein as a “Site”) owned and operated by it.
For purposes of this Privacy Policy any reference to “㽶Ƶ” (or “our” or “us” or “we”) shall mean 㽶Ƶ. (US), Able Software, Inc. (US), BHV Investments, Inc. (US), Bond International Software (UK) Ltd. (UK), Bond International Software Inc. (US), Bond US Inc. (US), 㽶Ƶ GmbH (Germany), 㽶Ƶ International, Inc. (US – Australia branch), 㽶Ƶ Japan KK (Japan), 㽶Ƶ, International Ltd. (UK), Connexys BV (Netherlands), Cube19 Inc. (US), Cube19 Ltd. (UK), Easy Software 㽶Ƶ, LLC (US), Erecruit Holdings LLC (US), Herefish, Inc. (US), Innovantage Systems Ltd. (UK), Invenias Inc. (US), Invenias Ltd. (UK), Jobscience, Inc. (US), Linden Technology Holdings, Inc. (Canada), Mployee BV (Netherlands), Peoplenet Corp. (US), Sendouts, LLC (US), Sirenum Ltd. (UK), SourceBreaker Ltd. (UK), Talent Rover Ireland Ltd. (Ireland), Talent Rover, LLC (US), TempBuddy Ltd. (UK), Tempbuddy Research and Development SL (Spain), The Code Works Holdings Inc. (US), Total Resources 㽶Ƶ BV (Netherlands), and /or their subsidiaries, as applicable (collectively, “㽶Ƶ” or “Company” or “㽶Ƶ Group Company”). This Privacy Policy describes how 㽶Ƶ collects, uses, shares and otherwise processes the personal data you provide to us or to our customers. It also describes your choices regarding use, access, correction and deletion of your personal data. The use of personal data collected through our service shall be limited to the purpose of providing the 㽶Ƶ service for which the customer has engaged 㽶Ƶ as set out in the Master Subscription Agreement, Terms of Service, and other agreements with the customer and this Privacy Policy (“㽶Ƶ Service” or “Service”).
1. Collected Personal Data and How We Use It
1.1. We may collect and/or process the following categories of personal data from our customers, customers’ candidates and Site visitors:
Type of Data | Description | Duration | Entity that Collects your Data | Purpose of Collection / Processing |
---|---|---|---|---|
Identifiers | Data relating to an identified or identifiable natural person . Examples are names, email addresses, residential addresses, job title, employer, contact details, age, sex, date of birth, physical descriptions, identifiers issued by public bodies, e.g. SSN and NI numbers. For our customers, we may also collect information about a customer’s business such as company name, company size, business type, and contact information. | See Sec. 5 | 㽶Ƶ or 㽶Ƶ’s Customers | See Sec. 1.2.1 – 1.2.10 |
Education and Professional Training | Data related to education and professional training. Examples are academic records, qualifications, skills, training records, and professional expertise. | See Sec. 5 | 㽶Ƶ or 㽶Ƶ’s Customers | See Sec. 1.2.1 – 1.2.10 |
Employment | Data relating to employment. Examples are business role, employment and career history, recruitment and termination details, attendance record, health and safety records, performance appraisals, training records, agency employer, security records or other information necessary to determine an individual’s fitness for employment. | See Sec. 5 | 㽶Ƶ or 㽶Ƶ’s Customers | See Sec. 1.2.1 – 1.2.10 |
Financial | Data relating to financial affairs. Examples are income, salary, billing rate, payments, benefits, bank or other information necessary to process payroll for an individual. For our customers, personal information may also include payment processing information such as credit or debit card number, bank information, and billing address. | See Sec. 5 | 㽶Ƶ or 㽶Ƶ’s Customers | See Sec. 1.2.1 – 1.2.10 |
Goods or Services Provided | Data relating to goods and services which have been provided. Examples that may contain personal data are details of the goods or services supplied, licenses issued, agreements and contracts. | See Sec. 5 | 㽶Ƶ or 㽶Ƶ’s Customers | See Sec. 1.2.1 – 1.2.10 |
IT Information | Data relating to an individual’s use of technology or software including IP addresses, any information about the computing or mobile device an individual is using, location data gathered from such devices, connection data, usernames and passwords, and social media handles. | See Sec. 5 | 㽶Ƶ or 㽶Ƶ’s Customers | See Sec. 1.2.1 – 1.2.10 |
Special Categories | Data that is considered sensitive or special categories of personal data (Art. 9 GDPR), personally identifiable information, or sensitive personal data under applicable law. This category of personal data is typically collected to comply with legal requirements or to determine fitness for employment. | See Sec. 5 | 㽶Ƶ or 㽶Ƶ’s Customers | See Sec. 1.2.1 – 1.2.10 |
1.2. Personal data are collected and used for 㽶Ƶ’s legitimate business purposes as the controller and, as the processor, to comply with the Company’s contractual and legal obligations, including establishing, managing and providing the 㽶Ƶ Service to our customers. Personal data are used by 㽶Ƶ for the purposes described in this Privacy Policy, or for additional purposes that 㽶Ƶ has advised you of, and/or for which 㽶Ƶ has obtained your revocable consent with respect to the use or disclosure of your personal data. Specifically, we process the personal data collected only for the following purposes:
1.3. 㽶Ƶ may use, disclose, distribute, and publish aggregated and/or anonymized data for statistical, analytical, machine learning and product and Service testing and enhancement purposes. 㽶Ƶ employs reasonable and technically appropriate measures designed to prevent the re-identification of such personal data by a third-party. Anonymized and/or aggregated data may be shared with third parties for research and other purposes.
1.4. We will only share your personal data with third parties (our agents) in the ways that are described in our customer agreements and this Privacy Policy. We do not sell your personal data to third parties. See also Sec. 9 below. 㽶Ƶ does not use personal data for automated decision-making, including profiling (Art. 22 GDPR). Additionally, our employees are trained on privacy obligations and subject to confidentiality obligations and only have access to personal data as necessary for our business purposes and their own duties.
1.5. 㽶Ƶ will use and disclose your personal data as follows, (i) to the extent necessary to provide the Service to you or as requested by you, or (ii) pursuant to law, as determined by 㽶Ƶ in its sole discretion, or (iii) by a court order, or (iv) in connection with third party cookies as described in Section 2.1 of this Privacy Policy. Customer or customer candidate records may at times be viewed or accessed by 㽶Ƶ’s authorized employees or agents for the following purpose(s) of (i) providing the Service and related professional services to a customer or customer candidates, (ii) resolving a support issue affecting any of them, (iii) to inspect and resolve a suspected violation of customer agreements with a customer, or (iv) as may be required by law, as determined by 㽶Ƶ in its sole discretion, judicial proceeding, subpoena, legal process or binding court order. We also reserve the right to disclose your personal data when we believe, in our sole discretion, that disclosure is necessary to protect our rights and/or comply with a judicial proceeding, subpoena, court order, or legal process.
1.6. 㽶Ƶ may disclose personal data to companies that assist us in providing our Service (i.e. our sub-processors, subcontractors and third-party service providers) or third-party partners that our customers may engage directly to provide you with their services or content (i.e. marketplace partners and other third-party service providers that integrate with our Service). These third-party service providers or partners may provide content or services through the Service or integrate with our Service and, accordingly, may need access to your personal data to provide their services to you. A list of sub-processors engaged by the Company can be found at /legal/sub-processors/. A list of marketplace partners that our customers may engage can be found at /marketplace/. To determine which partners/third-party service providers are used by a customer, please contact the customer that you interact with directly.
1.7. Any transfers by 㽶Ƶ to sub-processors are governed by our vendor agreements with them, which provide standards of care for the protection for personal and confidential information that are not less stringent than the standards contained in our customer agreements, and in no event, less than a reasonable standard of care in accordance with the Standard Contractual Clauses as set forth in Section 13 of this Privacy Policy, the Data Privacy Framework and other applicable law. Our sub-processors are authorized to use your personal data only as necessary to provide these services to us and/or you and for the purposes for which the personal data was collected. Personal data may be transferred to third parties outside the state, province, country or other jurisdiction in which 㽶Ƶ stores personal data, subject to 㽶Ƶ taking steps to provide that any such transfer is made in compliance with applicable laws. In the case of partners/third-party service providers with whom 㽶Ƶ customers contract directly, their policies regarding personal data will govern your relationship with them as stated in the applicable agreement between the 㽶Ƶ customer and the partner/third-party service provider and we will not be responsible for any actions or omission of these partners/third-party service provider. Under the Standard Contractual Clauses, the Data Privacy Framework Principles and other applicable law, you have the right to opt out of (i) disclosures of your personal data to third parties; or (ii) use of your personal data for a purpose that is materially different from the purpose(s) for which it was originally collected or subsequently authorized by you. Please note your options below (see Sections 9 and 13) regarding how to exercise these rights.
1.8. Personal data may be disclosed or distributed to another party with which 㽶Ƶ enters, or may enter, into a corporation transaction. If 㽶Ƶ is acquired in a merger, acquisition, or sale of all or substantially all its assets, you will be notified via email, on our Site and/or by a notice on our Service of any change in the uses of your personal data, as well as any change in the choices you may have regarding your personal data. The disclosure of personal data to another party as set forth herein may involve the transfer of such personal data outside the state, province, country or other jurisdiction in which 㽶Ƶ stores or otherwise processes personal data, subject to 㽶Ƶ taking steps to provide that any such transfer is made only in compliance with applicable laws. In the unlikely event of a bankruptcy, insolvency or liquidation, the database containing personal data may be treated as an asset of 㽶Ƶ and may be subject to transfer to a third party.
1.9. Customers are solely responsible for maintaining the confidentiality and security of their user credentials and passwords. Customers or Site visitors may opt-out of receiving sales, promotional or advertising emails from us by selecting the opt-out link located in the message body of all our electronic communications. Customers or Site visitors may also email privacy@bullhorn.com directly with a request to be removed from such communications.
1.10. We may also track and analyze information that doesn’t directly identify you as a person and aggregate usage and volume statistical information from our Site visitors, customers’ candidates and customers and provide such information in anonymized (or aggregated) form to third parties.
1.11. We are a service provider to our customers and have no direct relationship with the customer candidate or any individual whose personal data a customer processes. If you are a candidate or individual of one of our customers and would no longer like to be contacted by a person or entity that uses our Service, please contact the customer that you interact with directly. If you are a customer and would like to update your account, please contact us at privacy@bullhorn.com. For the CredentialPass service, we are a data controller and you may contact us directly to discontinue being contacted by us or to update your account.
1.12 Marketing: 㽶Ƶ may also ask Site visitors to provide certain information, such as email addresses to use and receive content from the Site. 㽶Ƶ will provide Site visitors with the ability to opt-in or opt-out of future communications from the Company as required by applicable law. If you would like to discontinue receiving this information, you may update your email preferences by using the “Unsubscribe” link found in emails we send to you or at your member profile on our Site or by contacting us at privacy@bullhorn.com.
2. How We Use Cookies and Social Media Plug-ins
Cookies are used by 㽶Ƶ and our partners, affiliates, or service providers. These technologies are used in analyzing trends, administering the Site, remembering users’ settings (e.g. language preference), authentication when you visit the Site or use the Service, tracking users’ movements around the Site and to gather demographic or other information about our user base as a whole. We may review and analyze information collected from cookies on an individual, as well as aggregated basis. Specific details regarding the types of cookies used by 㽶Ƶ and related information is set forth in 㽶Ƶ’s Cookie Policy, posted at /legal/bullhorn-cookie-policy/.
3. Access to Personal Data Controlled by 㽶Ƶ
Upon request and within 30 days, or as otherwise required by applicable law, 㽶Ƶ will provide you with information about whether we hold, or process on behalf of a third party, any of your personal data. In addition, 㽶Ƶ will take the steps required by the law to permit customers to correct, amend, delete, or receive a copy of their personal data or to transfer and to restrict the use of their personal data . To exercise any of these rights, please contact privacy@bullhorn.com. In accordance with customer agreements, 㽶Ƶ will, upon request, provide our customers with a copy of their personal data stored by 㽶Ƶ upon expiration or termination of the customer agreements, unless prohibited by applicable law. For the CredentialPass service, for which we are a data controller, you may contact us directly to withdraw your consent to the use/processing of your data or to correct, amend, delete or receive a copy of personal data.
4. Access to Personal Data Controlled by our Customers
㽶Ƶ acknowledges that you have the right to access your personal data and to withdraw consent to the use/processing of your personal data. You have the right to withdraw your consent under data protection law at any time. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the withdrawal. In most cases, 㽶Ƶ has no direct relationship with the individuals whose personal data it processes for customers. We recommend that an individual who seeks access, or who seeks to correct, amend, delete or receive a copy of personal data should direct their query to the 㽶Ƶ customer (the data controller).
If requested to remove data by our customer, we will respond within 30 days or as otherwise required by applicable law. Individuals may also submit such inquiries or requests directly to 㽶Ƶ at no cost for them by contacting privacy@bullhorn.com.
5. Data Retention by 㽶Ƶ
We will retain personal data for as long as a customer’s account is active or as needed to provide the Service to our customer, as required under customer agreements and/or for as long as 㽶Ƶ needs the personal data to fulfill the purposes for which the personal data was initially collected, unless otherwise required by applicable law or court order. We will also retain this personal data as necessary to comply with our legal and/or contractual obligations, comply with court orders, resolve disputes, and enforce our agreements. When the purpose for which 㽶Ƶ is processing the personal data is fulfilled, expires or is terminated, 㽶Ƶ will delete (or render unusable) any personal data in accordance, as applicable, with our customer agreements, this Privacy Policy and applicable law. In the event we cannot delete your personal data or render it unusable, we will inform you of the reasons, subject to any legal restrictions.
6. Data Security
㽶Ƶ employs reasonable and appropriate security measures to protect against the loss, misuse, and unauthorized alteration of the personal data it processes. 㽶Ƶ also implements an advanced security method based on dynamic data and encoded session identifications, and hosts the Service in a secure server environment that uses a firewall and other advanced technology to protect against interference or access from outside intruders. Finally, 㽶Ƶ provides individual usernames and passwords that must be entered each time a customer logs on. You are responsible for keeping your credentials safe and must contact us or our relevant customer immediately if you believe they are compromised. These safeguards help protect against unauthorized access, maintain data accuracy, and provide for the appropriate use of personal data. Nevertheless, no method of transmission over the Internet, or method of electronic storage, is one hundred percent (100%) secure. Therefore, we cannot guarantee absolute security. If you have any questions about the security of our Service, please contact us at privacy@bullhorn.com.
7. Links to Third Party Sites
Our Service includes links to other websites whose privacy practices may differ from those on our Site. If you submit personal data to any of these sites, your information is governed by the applicable third-party’s privacy policies and we are not responsible for it. We therefore encourage you to carefully read any notices provided through a hyperlink and the privacy policy of any website you visit and raise questions directly with these other providers.
8. No Services for Minors
The Site is not directed to minors and we do not knowingly collect information from minors. By using the Site, you hereby represent that you are at least the age of legal majority in your place of residence. All information provided to us will be treated as if it was provided by an adult. We will use commercially reasonable efforts to delete information associated with a minor as soon as practicable if we learn that a minor has submitted information about themselves to us.
9. Note for Residents of California and Certain Other States
The law in certain states including California, Connecticut, Colorado, Virginia, and Utah permits their residents who provide us with personal information to request certain information including the categories of personal information we collect, the sources from which your personal information is collected, how we use your personal information, the categories of third parties with whom we share your personal information, and whether we sell your personal information or otherwise disclose such information to third parties for their direct marketing purposes. See Section 1 above for the categories of personal information we collect, the sources of such information and how we use your personal information. To request access, correction of inaccurate information, or deletion of your personal information, please contact the Company’s Data Protection Officers. See Section 15 for contact details. You also have the right to not be discriminated against if you make privacy requests and the right to appeal any decision that we make about your privacy requests.
Opt-out of Sale. We do not, at this time, sell your personal information or disclose your personal information to third parties for their direct marketing purposes. Accordingly, no opt out is necessary at this time. Although we currently do not sell your personal information, if you would still like to record your opt-out of sale, you may do so at /opt-out-ccpa/. If we change this policy, we will update this Section and provide instructions on how you may make a request for details regarding the sale of your personal information. The categories of third parties with whom we may share your personal information are described in this Privacy Policy. See Sec. 1.6 above.
Opt-Out of Sharing for Cross-Context Behavioral or Targeted Advertising. As described above in Section 2, we may share your personal information with third-parties to show you advertising on other sites. You have the right to opt-out of sharing for cross-context behavioral or targeted advertising, and can do so by opting out of Targeting Cookies through our Privacy Preference Center, available at Cookie Settings.
Our website will also recognize Global Privacy Control (GPC) signals. You can access more information about GPC at .
10. Severability
The invalidity or unenforceability of any provisions of this Privacy Policy in any country shall not affect the validity or enforceability of any other provision of this Privacy Policy, which shall remain in full force and effect.
11. Changes in this Privacy Policy
We may update this Privacy Policy to reflect changes to our privacy practices that will become effective upon posting. If we make material changes to this policy, we will notify you here, by email, or by means of a notice through the Service prior to the change becoming effective. We encourage you to periodically review this page for the latest information on our privacy practices.
12. Data Transfers Outside the EEA, U.K. and Switzerland
㽶Ƶ Group Companies have entered into Standard Contractual Clauses and Switzerland and UK Addendums (collectively, “SCC”) among them as authorized by the European Commission under the GDPR and UK GDPR for the transfer of personal data from 㽶Ƶ Group Companies in the EEA, UK, and Switzerland to 㽶Ƶ Group Companies outside these territories. The SCC set forth the adequate safeguards for the protection of privacy and fundamental rights and freedoms of European, British and Swiss individuals for such data transfers outside the EEA, UK and Switzerland. Please use the contact information in Sec. 15 below to obtain more information on these contractual arrangements.
㽶Ƶ observes the regulatory developments affecting these data transfers to data importers outside the EEA, U.K. and Switzerland . Please visit this website frequently for updates or modifications of this Policy.
13. 㽶Ƶ’s Compliance with the EU-U.S. and Swiss-U.S. Data Privacy Framework and UK Extension to the EU-U.S. DPF
In addition to the SCC as set forth in Section 13 of this Privacy Policy, 㽶Ƶ. and its other US entities that process personal data participate in and have certified their compliance with the EU-U.S. Data Privacy Framework (DPF), the Swiss-U.S. DPF, and the UK Extension to the EU-U.S. DPF (UK Extension) as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal data transferred from the European Economic Area (EEA), United Kingdom (UK), and Switzerland to the United States, respectively, for the purposes of showing our customers that we adhere to a stringent privacy framework. The entities that have certified their compliance are 㽶Ƶ., Able Software, Inc., Erecruit Holdings, LLC, Bond International Software, Inc., 㽶Ƶ International, Inc., Invenias, Inc., Peoplenet Corporation, Cube19, Inc., Talent Rover, LLC, Jobscience Inc., Herefish, Inc., and Bond US Inc. (collectively, “㽶Ƶ US Entities”). 㽶Ƶ US Entities’ DPF certification can be found . If there is any conflict between the terms in this Privacy Policy, the SCC and the DPF Principles, the following order of precedence (the first of the following having the highest order of priority) shall apply: the DPF Principles, SCC, and the Privacy Policy. To learn more about the DPF, please visit the U.S. Department of Commerce’s Data Privacy Framework Program website, .
㽶Ƶ US Entities are responsible for the processing of personal data it receives from data exporters under the DPF, and subsequently transfers to a third party acting as an agent on its behalf. 㽶Ƶ US Entities fully comply with the DPF Principles and the SCC. With respect to personal data received or transferred pursuant to the DPF, 㽶Ƶ US Entities are subject to the regulatory enforcement powers of the U.S. Federal Trade Commission. In certain situations, 㽶Ƶ US Entities may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
㽶Ƶ US Entities to the DPF Principles of notice, choice, accountability for onward transfer, security, data integrity and purpose limitation, access and recourse, and enforcement and liability as described herein.
14. Lead Data Protection Agency
㽶Ƶ, International Ltd., Bond International Software (UK) Ltd., Cube19 Ltd., Innovantage Systems Ltd., Invenias Ltd., Sirenum Ltd., and Sourcebreaker Ltd. are registered with the UK Information Commissioner’s Office. Connexys Holding BV is registered with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens, AP). You have the right to lodge a complaint with your local data processing authority, for the ICO see and for the AP see .
15. Data Protection Officers/Privacy Policy Contact
㽶Ƶ has appointed Data Protection Officers, who are responsible for matters relating to data privacy and protection. The Data Protection Officers can be contacted by email at DPO@bullhorn.com or by mail at: 㽶Ƶ., 100 Summer Street, 17th Floor, Boston, MA 02110, Attn: Data Protection Officer, Legal or K.P. van der Mandelelaan 68-70, 3062 MB Rotterdam, Netherlands, Attn: Data Protection Officer.
Any questions or complaints concerning 㽶Ƶ’s Privacy Policy can be directed to: privacy@bullhorn.com or 㽶Ƶ., 100 Summer Street, 17th Floor, Boston, MA 02110, Tel: 1-617-478-9100, Attn: Legal.