Effective starting: Jan 15, 2023 (view archived versions)
- What this policy covers
Your privacy is important to us, and so is being transparent about how we collect, use, and share information about you. This policy is intended to help you understand:
- What information we collect about you
- How we use the information we collect
- How we share information we collect
- How we store and secure the information we collect
- How to access and control your information
- How we transfer information we collect internationally
- Other important privacy information
This Privacy Policy covers the information we collect about you when you use our products or services, or otherwise interact with us (for example, by attending our events), unless a different policy is displayed. “BizMerlinHR”, “ClayHR”, “we” and “us” refers to BizMerlinHR Inc. We offer a wide range of products, including our flagship cloud-based HRM product. We refer to all of these products, together with our other services and websites as “Services” in this policy.
This policy also explains your choices about how we use information about you. Your choices include how you can object to certain uses of information about you and how you can access and update certain information about you. If you do not agree with this policy, do not access or use our Services or interact with any other aspect of our business.
Where we provide the Services under contract with an organization (for example your employer) that organization controls the information processed by the Services. For more information, please see the Notice to End Users below.
- What information we collect about you
We collect information about you when you provide it to us, when you use our Services, and when other sources provide it to us, as further described below.
2.1 Information you provide to us
We collect information about you when you input it into the Services or otherwise provide it directly to us.
Account and Profile Information: We collect information about you when you register for an account, create or modify your profile, set preferences, sign-up for or make purchases through the Services. For example, you provide your contact information and, in some cases, billing information when you register for the Services. You also have the option of adding a display name, profile photo, job title, and other details to your profile information to be displayed in our Services. We keep track of your preferences when you select settings within the Services.
Content you provide through our products: The Services include the ClayHR (previously known as BizMerlinHR) products you use, where we collect and store content that you post, send, receive and share. This content includes any information about you that you may choose to include. Examples of content we collect and store include: the summary and description added to a job description, the assessments and the comments made, resumes you store performance appraisals you create, the feedback you give, comments you enter, and any feedback you provide to us. Content also includes the files and links you upload to the Services.
Content you provide through our websites: The Services also include our websites owned or operated by us. We collect other content that you submit to these websites, which include social media or social networking websites operated by us. For example, you provide content to us when you provide feedback or when you participate in any interactive features, surveys, contests, promotions, sweepstakes, activities, or events.
Information you provide through our support channels: The Services also include our customer support, where you may choose to submit information regarding a problem you are experiencing with a Service. Whether you designate yourself as a technical contact, open a support ticket, speak to one of our representatives directly or otherwise engage with our support team, you will be asked to provide contact information, a summary of the problem you are experiencing, and any other documentation, screenshots or information that would be helpful in resolving the issue.
Payment Information: We collect certain payment and billing information when you register for certain paid Services. For example, we ask you to designate a billing representative, including name and contact information, upon registration. You might also provide payment information, such as payment card details, which we collect via secure payment processing services.
2.2. Information we collect automatically when you use the Services
We collect information about you when you use our Services, including browsing our websites and taking certain actions within the Services.
Your use of the Services: We keep track of certain information about you when you visit and interact with any of our Services. This information includes the features you use; the links you click on; the type, size and filenames of attachments you upload to the Services; frequently used search terms; and how you interact with others on the Services. We also collect information about the teams and people you work with and how you work with them, like who you collaborate with and communicate with most frequently.
Device and Connection Information: We collect information about your computer, phone, tablet, or other devices you use to access the Services. This device information includes your connection type and settings when you install, access, update, or use our Services. We also collect information through your device about your operating system, browser type, IP address, URLs of referring/exit pages, device identifiers, and crash data. We use your IP address and/or country preference in order to approximate your location to provide you with a better Service experience. How much of this information we collect depends on the type and settings of the device you use to access the Services. Server and data center Service administrators can disable the collection of this information via the administrator settings or prevent this information from being shared with us by blocking transmission at the local network level.
Cookies and Other Tracking Technologies: ClayHR (previously known as BizMerlinHR) and our third-party partners, such as our advertising and analytics partners, use cookies and other tracking technologies (e.g., web beacons, device identifiers, and pixels) to provide functionality and to recognize you across different Services and devices. For more information, please see our Cookies Policy, which includes information on how to control or opt out of these cookies and tracking technologies.
Information we receive from other sources: We receive information about you from other Service users, from third-party services, and from our business and channel partners.
Other users of the Services: Other users of our Services may provide information about you when they submit content through the Services. For example, you may be mentioned in a Job position opened by someone else. We also receive your email address from other Service users when they provide it in order to invite you to the Services. Similarly, an administrator may provide your contact information when they designate you as the billing or technical contact on your company’s account.
Other services you link to your account: We receive information about you when you or your administrator integrate or link a third-party service with our Services. For example, if you create an account or log into the Services using your Google credentials, we receive your name and email address as permitted by your Google profile settings in order to authenticate you. You or your administrator may also integrate our Services with other services you use, such as to allow you to access, store, share and edit certain content from a third-party through our Services. For example, you may authorize our Services to access, display and store files from a third-party document-sharing or document signing service within the Services interface. Or you may authorize our Services to connect with a third-party job portal so that the positions and candidates are accessible to you through the Services. You may authorize our Services to sync accounting tools, project management tools, CRM tools, background verification tools, and other such tools, with the Services or invite them to collaborate with you on our Services. The information we receive when you link or integrate our Services with a third-party service depends on the settings, permissions and privacy policy controlled by that third-party service. You should always check the privacy settings and notices in these third-party services to understand what data may be disclosed to us or shared with our Services.
ClayHR Partners: We work with a global network of partners who provide consulting, implementation, training and other services around our products. Some of these partners also help us to market and promote our products, generate leads for us, and resell our products. We receive information from these partners, such as billing information, billing and technical contact information, company name, modules you have purchased or may be interested in, evaluation information you have provided, what events you have attended, and what country you are in.
Other Partners: We receive information about you and your activities on and off the Services from third-party partners, such as advertising and market research partners who provide us with information about your interest in and engagement with, our Services and online advertisements.
- How we use the information we collect
How we use the information we collect depends in part on which Services you use, how you use them, and any preferences you have communicated to us. Below are the specific purposes for which we use the information we collect about you.
To provide the Services and personalize your experience: We use information about you to provide the Services to you, including processing transactions with you, authenticating you when you log in, providing customer support, and operating and maintaining the Services. For example, we use the name and picture you provide in your account to identify you to other Service users. Our Services also include tailored features that personalize your experience, enhance your productivity, and improve your ability to collaborate effectively with others by automatically analyzing the activities of your team to provide search results, activity feeds, notifications, connections, and recommendations that are most relevant for you and your team. For example, we may use your stated job title and activity to return search results we think are relevant to your job function. We may use your email domain to infer your affiliation with a particular organization or industry to personalize the content and experience you receive on our websites. Where you use multiple Services, we combine information about you and your activities to provide an integrated experience, such as to allow you to find information from one Service while searching from another or to present the relevant product information as you travel across our websites.
For research and development: We are always looking for ways to make our Services smarter, faster, secure, integrated, and useful to you. We use collective learnings about how people use our Services and feedback provided directly to us to troubleshoot and identify trends, usage, activity patterns, and areas for integration and improvement of the Services. We automatically analyze and aggregate frequently used search terms to improve the accuracy and relevance of suggested topics that auto-populate when you use the search feature. In some cases, we apply these learnings across our Services to improve and develop similar features or to better integrate the services you use. We also test and analyze certain new features with some users before rolling the feature out to all users.
To communicate with you about the Services: We use your contact information to send transactional communications via email and within the Services, including confirming your purchases, reminding you of subscription expirations, responding to your comments, questions and requests, providing customer support, and sending you technical notices, updates, security alerts, and administrative messages. We send you email notifications when a task in a workflow is assigned to you. We also provide tailored communications based on your activity and interactions with us. For example, certain actions you take in the Services may automatically trigger a feature or third-party app suggestion within the Services that would make that task easier. We also send you communications as you onboard to a particular Service to help you become more proficient in using that Service. These communications are part of the Services and in most cases, you cannot opt-out of them. If an opt-out is available, you will find that option within the communication itself or in your account settings.
To market, promote and drive engagement with the Services: We use your contact information and information about how you use the Services to send promotional communications that may be of specific interest to you, including by email and by displaying ClayHR ads on other companies’ websites and applications, as well as on platforms like Facebook and Google. These communications are aimed at driving engagement and maximizing what you get out of the Services, including information about new features, survey requests, newsletters, and events we think may be of interest to you. We also communicate with you about new product offers, promotions, and contests. You can control whether you receive these communications as described below under “Opt-out of communications.”
Customer support: We use your information to resolve technical issues you encounter, respond to your requests for assistance, analyze crash information, and repair and improve the Services.
For safety and security: We use information about you and your Service use to verify accounts and activity, monitor suspicious or fraudulent activity, and identify violations of Service policies.
To protect our legitimate business interests and legal rights: Where required by law or where we believe it is necessary to protect our legal rights, interests, and the interests of others, we use information about you in connection with legal claims, compliance, regulatory, and audit functions, and disclosures in connection with the acquisition, merger or sale of a business.
With your consent: We use information about you where you have given us consent to do so for a specific purpose not listed above. For example, we may publish testimonials or featured customer stories to promote the Services, with your permission.
Legal bases for processing under the General Data Protection Regulation (for EEA, UK users):
If you are an individual in the European Economic Area (EEA) or UK, we collect and process information about you only where we have legal bases for doing so under applicable EU/UK laws. The legal bases depend on the Services you use and how you use them. This means we collect and use your information only where:
- We need it to provide you the Services, including to operate the Services, provide customer support and personalized features, and protect the safety and security of the Services;
- It satisfies a legitimate interest (which is not overridden by your data protection interests), such as for research and development, to market and promote the Services, and to protect our legal rights and interests;
- You give us consent to do so for a specific purpose; or
- We need to process your data to comply with a legal obligation.
If you have consented to our use of information about you for a specific purpose, you have the right to change your mind at any time, but this will not affect any processing that has already taken place. Where we are using your information because we or a third party (e.g. your employer) have a legitimate interest to do so, you have the right to object to that use though, in some cases, this may mean no longer using the Services.
To exercise your privacy rights under GDPR or to make a privacy complaint, EEA and UK individuals should contact us by email at [email protected]. You may also contact the appropriate Supervisory Authority at http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm
- How we share information we collect
We make collaboration tools, and we want them to work well for you. This means sharing information through the Services and with certain third parties. We share information we collect about you in the ways discussed below, including in connection with possible business transfers, but we are not in the business of selling information about you to advertisers or other third parties.
4.1 Sharing with other Service users
When you use the Services, we share certain information about you with other Service users.
For collaboration: You can create content, which may contain information about you, and grant permission to others to see, share, edit, copy and download that content based on settings you or your administrator (if applicable) select. Some of the collaboration features of the Services display some or all of your profile information to other Service users when you share or interact with specific content. For example, when you comment on a goal or feedback, we display your profile picture and name next to your comments so that other users with access to the page or issue understand who made the comment. When you send a task, a message, or a workflow item to another user, the recipient can view any information in your profile card. Similarly, when you publish feedback, your name is displayed, and Service users with permission to view the page can view your profile information as well. Please be aware that some aspects of the Services like a public goal, a public job board, or a public template can be made publicly available, meaning any content posted, including information about you that you include in the publicly viewable portion, can be publicly viewed and indexed by and returned in search results of search engines. You can confirm whether certain Service properties are publicly visible from within the Services or by contacting the relevant administrator.
Managed accounts and administrators: If you register or access the Services using an email address with a domain that is owned by your employer or organization, and such organization wishes to establish an account or site, certain information about you including your name, profile picture, contact info, content and past use of your account may become accessible to that organization’s administrator and other Service users sharing the same domain. If you are an administrator for a particular site or group of users within the Services, we may share your contact information with current or past Service users, for the purpose of facilitating Service-related requests.
Community Forums: Our websites offer publicly accessible blogs, a knowledge base. You should be aware that any information you provide on these websites – including profile information associated with the account you use to post the information – may be read, collected, and used by any member of the public who accesses these websites. Your posts and certain profile information may remain even after you terminate your account. We urge you to consider the sensitivity of any information you input into these Services. To request the removal of your information from publicly accessible websites operated by us, please contact us as provided below. In some cases, we may not be able to remove your information, in which case we will let you know if we are unable to and why.
4.2. Sharing with third parties
We share information with third parties that help us operate, provide, improve, integrate, customize, support and market our Services.
Service Providers: We work with third-party service providers to provide website and application development, hosting, maintenance, backup, storage, virtual infrastructure, payment processing, analysis, and other services for us, which may require them to access or use information about you. If a service provider needs to access information about you to perform services on our behalf, they do so under close instruction from us, including policies and procedures designed to protect your information.
ClayHR Partners: We work with third parties who provide consulting, sales, and technical services to deliver and implement customer solutions around the Services. We may share your information with these third parties in connection with their services, such as assisting with billing and collections, providing localized support, and providing customizations. We may also share information with these third parties where you have agreed to that sharing.
Third-Party Apps and Integrations: You, your administrator, or other Service users may choose to add new functionality or change the behavior of the Services by installing or integrating with third-party apps within the Services. Doing so may give third-party apps access to your account and information about you like your name and email address, and any content you choose to use in connection with those apps. If you are a technical or billing contact listed on an account, we share your details with the third-party app provider upon integration or installation. Third-party app policies and procedures are not controlled by us, and this privacy policy does not cover how third-party apps use your information. We encourage you to review the privacy policies of third parties before connecting to or using their applications or services to learn more about their privacy and information-handling practices. If you object to information about you being shared with these third parties, please uninstall the app or remove the integration.
Links to Third-Party Sites: The Services may include links that direct you to other websites or services whose privacy practices may differ from ours. If you submit information to any of those third-party sites, your information is governed by their privacy policies, not this one. We encourage you to carefully read the privacy policy of any website you visit.
Social Media Widgets: The Services may include links that direct you to other websites or services whose privacy practices may differ from ours. Your use of and any information you submit to any of those third-party sites is governed by their privacy policies, not this one.
Third-Party Widgets: Some of our Services contain widgets and social media features, such as the Twitter “tweet” button. These widgets and features collect your IP address, and which page you are visiting on the Services, and may set a cookie to enable the feature to function properly. Widgets and social media features are either hosted by a third party or hosted directly on our Services. Your interactions with these features are governed by the privacy policy of the company providing it.
With your consent: We share information about you with third parties when you give us consent to do so. For example, we often display personal testimonials of satisfied customers on our public websites. With your consent, we may post your name alongside the testimonial.
Compliance with Enforcement Requests and Applicable Laws; Enforcement of Our Rights: In exceptional circumstances, we may share information about you with a third party if we believe that sharing is reasonably necessary to (a) comply with any applicable law, regulation, legal process or governmental request, including to meet national security requirements, (b) enforce our agreements, policies, and terms of service, (c) protect the security or integrity of our products and services, (d) protect us, our customers or the public from harm or illegal activities, or (e) respond to an emergency which we believe in good faith requires us to disclose information to assist in preventing the death or serious bodily injury of any person.
Business Transfers: We may share or transfer information we collect under this privacy policy in connection with any merger, sale of company assets, financing, or acquisition of all or a portion of our business to another company. You will be notified via email and/or a prominent notice on the Services if a transaction takes place, as well as any choices you may have regarding your information.
- How we store and secure the information we collect
5.1. Information storage and security
We use data hosting service providers in the United States and Canada to host the information we collect, and we use technical measures to secure your data. For more information on where we store your information, please see our “Security and Reliability” page.
While we implement safeguards designed to protect your information, no security system is impenetrable and due to the inherent nature of the Internet, we cannot guarantee that data, during transmission through the Internet or while stored on our systems or otherwise in our care, is absolutely safe from intrusion by others.
5.2. How long do we keep information
How long we keep the information we collect about you depends on the type of information, as described in further detail below. After such time, we will either delete your information or, if this is not possible (for example, because the information has been stored in backup archives), then we will isolate your information from any further use until deletion is possible.
Account information: We retain your account information for as long as your account is active and a reasonable period thereafter in case you decide to re-activate the Services. We also retain some of your information as necessary to comply with our legal obligations, to resolve disputes, to enforce our agreements, to support business operations, and to continue to develop and improve our Services. Where we retain information for Service improvement and development, we take steps to eliminate information that directly identifies you, and we only use the information to uncover collective insights about the use of our Services, not to specifically analyze personal characteristics about you.
Information you share on the Services: If your account is deactivated or disabled, some of your information and the content you have provided will remain in order to allow your team members or other users to make full use of the Services. For example, we continue to display feedback you provided to others or comments you entered during performance management and continue to display the content you provided.
Managed accounts: If the Services are made available to you through an organization (e.g., your employer), we retain your information as long as required by the administrator of your account. For more information, see “Managed accounts and administrators” above.
Marketing information: If you have elected to receive marketing emails from us, we retain information about your marketing preferences for a reasonable period of time from the date you last expressed interest in our Services, such as when you last opened an email from us or ceased using your ClayHR account. We retain information derived from cookies and other tracking technologies for a reasonable period of time from the date such information was created.
- How to access and control your information
You have certain choices available to you when it comes to your information. Below is a summary of those choices, how to exercise them, and any limitations.
6.1. Your choices
You have the right to request a copy of your information, to object to our use of your information (including for marketing purposes), to request the deletion or restriction of your information, or to request your information in a structured, electronic format. Below, we describe the tools and processes for making these requests. You can exercise some of the choices by logging into the Services and using settings available within the Services or your account. Where the Services are administered for you by an administrator (see “Notice to End Users” below), you may need to contact your administrator to assist with your requests first. For all other requests, you may contact us as provided in the Contact Us section below to request assistance.
Your request and choices may be limited in certain cases: for example, if fulfilling your request would reveal information about another person, or if you ask to delete information that we or your administrator are permitted by law or have compelling legitimate interests to keep. Where you have asked us to share data with third parties, for example, by installing third-party apps, you will need to contact those third-party service providers directly to have your information deleted or otherwise restricted. If you have unresolved concerns, you may have the right to complain to a data protection authority in the country where you live, where you work or where you feel your rights were infringed.
Access and update your information: Our Services and knowledge base give you the ability to access and update certain information about you from within the Service. You can update your profile information within your profile settings and modify content that contains information about you using the editing tools associated with that content.
Deactivate your account: If you choose to deactivate/terminate Your Account, via means provided for cancellation on the ClayHR website via Your Account, or by electronic mail to the account manager, and you request that we delete Your Content, we will do so. After the Content is deleted, residual copies of information may remain in our system for up to six months for backup purposes. This information is not accessible in ordinary processing and is only used in the case of a true disaster, such as data center loss.
Delete your information: Our Services and knowledge base give you the ability to delete certain information about you from within the Service. For example, you can remove certain content that contains information about you, and you can remove certain profile information within your profile settings. Please note, however, that we may need to retain certain information for record-keeping purposes, to complete transactions, or to comply with our legal obligations.
Request that we stop using your information: In some cases, you may ask us to stop accessing, storing, using, and otherwise processing your information where you believe we don’t have the appropriate rights to do so. For example, if you believe a Services account was created for you without your permission or you are no longer an active user, you can request that we delete your account as provided in this policy. Where you gave us consent to use your information for a limited purpose, you can contact us to withdraw that consent, but this will not affect any processing that has already taken place at the time. You can also opt out of our use of your information for marketing purposes by contacting us, as provided below. When you make such requests, we may need time to investigate and facilitate your request. If there is a delay or dispute as to whether we have the right to continue using your information, we will restrict any further use of your information until the request is honored or the dispute is resolved, provided your administrator does not object (where applicable). If you object to information about you being shared with a third-party app, please disable the app or contact your administrator to do so.
Opt-out of communications: You may opt out of receiving promotional communications from us by using the unsubscribe link within each email, updating your email preferences within your Service account settings menu, or by contacting us as provided below to have your contact information removed from our promotional email list or registration database. Even after you opt-out from receiving promotional messages from us, you will continue to receive transactional messages from us regarding our Services. You can opt-out of some notification messages in your account settings.
You may be able to opt-out of receiving personalized advertisements from other companies that are members of the Network Advertising Initiative or who subscribe to the Digital Advertising Alliance’s Self-Regulatory Principles for Online Behavioral Advertising. For more information about this practice and to understand your options, please visit:
http://www.aboutads.info
http://optout.networkadvertising.org
and http://www.youronlinechoices.eu
Turn off Cookie Controls: Relevant browser-based cookie controls are described in our Cookies Policy.
Send “Do Not Track” Signals: Some browsers have incorporated “Do Not Track” (DNT) features that can send a signal to the websites you visit indicating you do not wish to be tracked. Because there is not yet a common understanding of how to interpret the DNT signal, our Services do not currently respond to browser DNT signals. You can use the range of other tools we provide to control data collection and use, including the ability to opt out of receiving marketing from us as described above.
Data portability: Data portability is the ability to obtain some of your information in a format you can move from one service provider to another (for instance, when you transfer your mobile phone number to another carrier). Depending on the context, this applies to some of your information, but not to all of your information. You have the option to export the information from the various reports and APIs available to you through your application.
- How we transfer information we collect internationally
7.1. International transfers of information we collect
We collect information globally. We may transfer, process, and store your information outside of your country of residence, to wherever we or our third-party service providers operate for the purpose of providing you the Services. Whenever we transfer your information, we take steps to protect it. These transfers are governed using the standard contractual clauses, information about which can be found here: www.clayhr.com/policies/standard-contractual-clauses
- Other important privacy information
8.1. Notice to End Users
Many of our products are intended for use by organizations. Where the Services are made available to you through an organization (e.g. your employer), that organization is the administrator of the Services and is responsible for the accounts and/or Service sites over which it has control. If this is the case, please direct your data privacy questions to your administrator, as your use of the Services is subject to that organization’s policies. We are not responsible for the privacy or security practices of an administrator’s organization, which may be different from this policy.
Administrators are able to:
- require you to reset your account password;
- restrict, suspend or terminate your access to the Services;
- access information in and about your account;
- access or retain information stored as part of your account;
- install or uninstall third-party apps or other integrations
In some cases, administrators can also:
- restrict, suspend or terminate your account access;
- change the email address associated with your account;
- change your information, including profile information;
- restrict your ability to edit, restrict, modify or delete information
Even if the Services are not currently administered to you by an organization, if you use an email address provided by an organization (such as your work email address) to access the Services, then the owner of the domain associated with your email address (e.g. your employer) may assert administrative control over your account and use of the Services at a later date. Please contact your organization or refer to your administrator’s organizational policies for more information.
8.2. Our policy towards children
The Services are not directed to individuals under 16. We do not knowingly collect personal information from children under 16. If we are notified that a child under 16 has provided us with personal information, we will take steps to delete such information. If you become aware that a child has provided us with personal information, please contact ClayHR support.
- ClayHR and the EU-U.S. PRIVACY SHIELD
ClayHR (previously known as BizMerlinHR) complies with the EU-U.S. Privacy Shield Framework and Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union and Switzerland to the United States. ClayHR has certified to the U.S. Department of Commerce that it adheres to the Privacy Shield Principles. If there is any conflict between the terms in this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification, please visit: https://www.privacyshield.gov/
In compliance with the Privacy Shield Principles, we commit to resolve complaints about our collection or use of your personal information. EU and Swiss individuals with inquiries or complaints regarding our Privacy Shield policy should first contact ClayHR at:
BizMerlinHR Inc.| 11710 Plaza America Dr. | Suite 2000 | Reston VA 20190
E-Mail: [email protected]
We have further committed to refer unresolved privacy complaints under the Privacy Shield Principles to an independent dispute resolution mechanism, the BBB EU PRIVACY SHIELD, operated by BBB National Programs. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit https://bbbprograms.org/privacy-shield-complaints/ for more information and to file a complaint. This service is provided free of charge to you.
We commit to cooperate with EU data protection authorities (DPAs) and comply with the advice given by such authorities with regard to human resources data transferred from the EU in the context of the employment relationship.
For human resources data of EU residents, we have agreed to cooperate with local supervisory authorities. We have chosen to cooperate with EU supervisory authorities and comply with the information and advice provided to it by an informal panel of supervisory authorities in relation to such unresolved complaints (as further described in the Privacy Shield Principles). Please contact us to be directed to the relevant supervisory authority contacts.
As further explained in the Privacy Shield Principles, a binding arbitration option will also be made available to you in order to address residual complaints not resolved by any other means. ClayHR is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission (FTC).
ClayHR is responsible for the processing of Personal Information it receives, under each Privacy Shield Framework, and subsequently transfers to a third party acting as an agent on its behalf. The company complies with the Privacy Shield Principles for all onward transfers of Personal Information from the EU, the UK, and Switzerland, including the onward transfer liability provisions.
- California-Specific Disclosures
The disclosures in this section apply solely to individual residents of the State of California and provide additional information about how we collect, use, disclose, and otherwise process personal information within the scope of the California Consumer Privacy Act of 2018, as amended, including its implementing regulations (“CCPA“). Unless otherwise expressly stated, all terms in this section have the same meaning as defined in the CCPA.
a. Sensitive Personal Information
Certain data elements we collect and use to provide the Service may be deemed “sensitive personal information” under CCPA. These include your username and password to access your account and the content of any messages you send through our email integration feature. We do not use or disclose such sensitive personal information to “infer” characteristics as defined under the CCPA, or for any purpose other than that which is necessary to provide the Service as specified in the CCPA.
b. Sales and Sharing of Personal Information (Targeted Advertising)
We use cookies and similar tracking technologies that enable certain advertising networks, social media companies, analytics services, and other third-party businesses to collect and disclose your personal information directly from your browser or device when you visit or interact with our Service or otherwise engage with us online. In some cases, we may upload personal information to certain of these partners for advertising or analytics purposes.
To opt out of these “sales” or “sharing” of personal information (as these terms are defined under the CCPA or other applicable US state privacy laws), you must:
- Toggle cookies off in our cookie preference center or enable Global Privacy Control (“GPC”) on your browser; and
- Submit a request using this form or email [email protected].
Note that the above opt-out right does not apply where we have appropriately limited our partners to be our “service providers” or “processors” (as these terms are defined under the CCPA or other applicable US state privacy laws).
To learn more about GPC, please visit http://globalprivacycontrol.org.
c. California Privacy Rights
As a California resident, you may be able to exercise the following rights in relation to the personal information about you that we have collected (subject to certain limitations at law):
- The Right to Know any or all of the following information relating to your personal information we have collected and disclosed in the last 12 months, upon verification of your identity:
- The specific pieces of personal information we have collected about you;
- The categories of personal information we have collected about you;
- The categories of sources of personal information;
- The categories of personal information that we have disclosed to third parties for a business purpose, and the categories of recipients to whom this information was disclosed;
- The categories of personal information we have sold or shared and the categories of third parties to whom the information was sold or shared; and
- The business or commercial purposes for collecting, selling, or sharing personal information.
- The Right to Request Deletion of personal information we have collected from you, subject to certain exceptions.
- The Right to Request Correction of inaccurate personal information.
- The Right to Opt Out of Personal Information Sales or Sharing with third parties now or in the future.
You also have the right to be free of discrimination for exercising these rights. However, please note that if the exercise of these rights limits our ability to process personal information (such as in the case of a deletion request), we may no longer be able to provide you our Service or engage with you in the same manner.
d. How to Exercise Your California Privacy Rights
Please see Section 10.b. above to exercise your right to opt out of personal information sales or sharing.
To exercise your rights to know, correct, or delete, please submit a request by:
- Emailing [email protected] with the subject line “California Rights Request” or
- Filling out a Data Subject Request using this form.
We will need to verify your identity before processing your request. In order to verify your identity, we will generally require either the successful login to your account (if applicable) and/or the matching of sufficient information you provide us to the information we maintain about you in our systems. Although we try to limit the personal information collected in connection with a request to know, correct, or delete, certain requests may require us to obtain additional personal information from you. In certain circumstances, we may decline a request to exercise the right to know, correct, or delete, particularly where we are unable to verify your identity or locate your information in our systems, or as permitted by law.
e. Minors Under Age 16
We do not sell or share the personal information of consumers we know to be less than 16 years of age. Please contact us at [email protected] to inform us if you, or your minor child, are under the age of 16.
f. California’s “Shine the Light” Law
In addition to the rights described above, California’s “Shine the Light” law (Civil Code Section §1798.83) permits California residents that have an established business relationship with us to request certain information regarding our disclosure of certain types of personal information to third parties for their direct marketing purposes during the immediately preceding calendar year.
To make such a request, please send an email to [email protected].
- Disclosures to residents of Colorado, Connecticut, Virginia, and Utah
The disclosures in this section apply solely to individual residents of the States of Colorado, Connecticut, Virginia, and Utah. Privacy laws in these states give residents certain rights with respect to their personal data when they take effect over the course of 2023. Those rights include:
- Right to Access Information. You have the right to access and obtain a copy of your personal data.
- Right to Request Deletion. You have the right to request that we delete personal data provided by or obtained about you.
- Right to Correct. You have the right to correct inaccuracies in your personal data.
- Right to Opt-Out of Targeted Advertising. You may ask us not to use or disclose your information for the purposes of targeting advertising to you based on your personal data obtained from your activity across different businesses, services, websites, etc.
- Right to Opt Out of Personal Information Sales to third parties.
To submit a request to exercise your access, deletion, or correction of privacy rights, please email us at [email protected] with the subject line “Privacy Rights Request” and let us know in which state you live, or complete this form. Please see Section 10.b. for a description of how to exercise your right to opt out of targeted advertising or sales.
Residents of Colorado, Connecticut, and Virginia may appeal a refusal to take action on a request by contacting us by email at [email protected].
- Nevada-Specific Disclosures
For residents of the State of Nevada, Chapter 603A of the Nevada Revised Statutes permits a Nevada resident to opt-out of future sales of certain covered information that a website operator has collected or will collect about the resident. Although we do not currently sell covered information, please contact us at [email protected] to submit such a request.
- Canada-Specific Disclosures
If you live in Canada, you have the following rights:
- Right to Access. You can ask us: (i) To confirm that we have personal information about you, and (ii) To provide you with a copy of that information.
- Right to Correct. You can ask us to correct any inaccurate or incomplete personal information that we have about you.
You may submit a request by contacting us at [email protected] with the subject line “Canadian Privacy Rights Request”. Before we honor your request, we will need to verify your identity.
- Changes to our Privacy Policy
We may change this privacy policy from time to time. We will post any privacy policy changes on this page and, if the changes are significant, we will provide more prominent notice by adding a notice on the Services homepages, and login screens, or by sending you an email notification. We will also keep prior versions of this Privacy Policy in an archive for your review. We encourage you to review our privacy policy whenever you use the Services to stay informed about our information practices and the ways you can help protect your privacy.
If you disagree with any changes to this privacy policy, you will need to stop using the Services and deactivate your account(s), as outlined above.
- Contact Us
Your information is controlled by BizMerlinHR Inc. If you have questions or concerns about how your information is handled, please direct your inquiry to BizMerlinHR Inc, which we have appointed to be responsible for facilitating such inquiries.
BizMerlinHR Inc |11710 Plaza America Dr. | Suite 2000 | Reston VA 20190
E-Mail: [email protected]
Cookie Policy: https://www.clayhr.com/policies/cookie-policy
Security and Reliability Page: https://www.clayhr.com/policies/security-and-reliability-safeguards