Last updated: April 13, 2018
Greenhouse Software, Inc. (“Greenhouse”) have subscribed to and will comply with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework (the “Privacy Shield Frameworks”) as set forth by the U.S. Department of Commerce regarding the processing of Personal Information (as defined below) that is transferred from the European Economic Area (“EEA”) and Switzerland to the United States, respectively. Greenhouse has certified to the Department of Commerce that it adheres to the Privacy Shield Principles (the “Principles”). If there is any conflict between this Policy and the Principles, the Principles will govern. To learn more about the Privacy Shield Frameworks, and to view our certification, please visit www.privacyshield.gov.
This Privacy Shield Policy applies to Greenhouse, which is subject to the investigatory and enforcement powers of the Federal Trade Commission.
Personal information received from the EEA and Switzerland
We may receive and process Personal Information in different capacities.
- As a data controller, we collect and process EEA Personal Information directly from individuals, either via our publicly available websites, including http://www.greenhouse.io/, or in the context of our relationships with customers, partners, and vendors.
- As a data processor, we process and host EEA Personal Information obtained from our customers (“Customer Data”) when providing recruitment software applications (collectively, the " Services") to our customers. In that context, we only process Personal Information on behalf and instructions of our customers, which are data controllers. The Master Subscription Agreement defines the roles and responsibilities of the parties for the processing of Personal Information in the context of the Services.
Greenhouse commit to subject to the Principles all Personal Information received from the EEA in reliance on the Privacy Shield (which includes both types of activities).
When we process Customer Data, customers determine the categories of data they upload in our systems and the purposes of the processing. For example, they may collect or upload various information regarding job applicants, such as names, contact details, education and job history, at their own discretion. Accordingly, customers are responsible for providing notice to you to whom the Personal Information processed in the context of the Services relates.
Data integrity and purpose limitation
We take reasonable steps to limit the collection and usage of Personal Information to that which is relevant for the intended purposes for which it was collected, and to ensure that such Personal Information is reliable, accurate, complete and current.
When we process Customer Data, we process and retain Personal Information only as necessary to provide our Services as permitted in the Master Subscription Agreement, or as required or permitted under applicable law.
When processing Customer Data, we disclose Personal Information as provided in the Master Subscription Agreement. Greenhouse uses a limited number of third-party service providers, acting as agent, to assist us in providing our services to customers, in particular to provide data storage services.
In case of disclosure to an agent, we remain responsible for the processing of Personal Information received under the Privacy Shield and subsequently transferred to that agent if it processes such Personal Information in a manner inconsistent with the Principles, unless we prove that we are not responsible for the event giving rise to the inconsistent processing.
We may also disclose Personal Information as may be required or permitted under the Principles and under applicable law, including in response to lawful requests by public authorities, such as to meet national security or law enforcement requirements.
We use reasonable and appropriate measures to protect your Personal Information from loss, misuse and unauthorized access, disclosure, alteration and destruction, taking into account the risks involved in the processing and the nature of the Personal Information.
Choice and access
Where appropriate, Greenhouse provide you with access to the Personal Information that we maintain about you and to correct, amend or delete that information when it is inaccurate or has been processed in violation of the Principles by sending a written request as indicated in “Contact Information” below. We will review your request in accordance with the Principles, and may limit or deny access to Personal Information where providing such access is unreasonably burdensome or expensive under the circumstances, or as otherwise permitted by the Principles.
If we intend to use your Personal Information for a purpose that is materially different from the purposes listed in this policy or if we intend to disclose it to a third party acting as a controller not previously identified, we will offer you the opportunity to opt-out of such uses and/or disclosures where it involves non-sensitive information or opt-in where sensitive information is involved.
When we process Customer Data, we only process and disclose the data as specified in the Master Subscription Agreement. Customers control the type of information we obtain, how that information is disclosed and used, and how it can be modified. Accordingly, if you want to request access, to limit use or to limit disclosure, please contact the customer who submitted your data to our Services. If you provide us with the name of the customer, we will refer your request to that customer, and will support them as needed in responding to your request.
Recourse and enforcement
We conduct an annual self-assessment of our Personal Information practices to verify that the attestations and assertions made in this Privacy Shield Policy are true and have been implemented as represented.
If you have any questions or concerns, we encourage you to write to us as indicated below. We will investigate and attempt to resolve complaints and disputes regarding use and disclosure of Personal Information in accordance with the Principles. If an issue cannot be resolved our internal dispute resolution mechanism, you may contact or submit a complaint, at no cost, to Privacy Trust, which serves as our third-party non-profit alternative dispute resolution provider located in the United States. For residual complaints not fully or partially resolved by other means, you may be able to invoke binding arbitration as detailed in the Principles.
Greenhouse is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC).
Changes to the privacy shield policy
If you have any comments or questions about our Privacy shield notice, or to exercise your rights, feel free to contact us at firstname.lastname@example.org, or at the mailing address below.
Greenhouse Software, Inc.
18 West 18th St., 11th Floor
New York, NY 10011 USA