Last Updated: May 22, 2018
Collection and Use of Personal Information
Users may submit employment applications and resumes to the Company via the website. Any information so received by the Company will be used only for the purpose of considering the submitting party as a prospective candidate for employment with the Company. The Company does not seek to collect personally identifiable information about any site visitor; when such information is submitted to the Company by an individual, the Company maintains the confidentiality of all personally identifiable information in accordance with all applicable laws. Consistent with the requirements of the EU’s General Data Protection Regulation, an individual who consents to Validant’s collection and processing of personal data may withdraw that consent at any time by contacting firstname.lastname@example.org.
When you use the website located at www.validant.com, we may collect basic information about you such as your IP address and geographic location. We only use such information on an anonymized basis for analytics purposes in connection with improving our services. You may also provide us with certain employment information in connection with an application for employment with Validant.
We use the information we collect and receive from you to provide you with the Online Services; to communicate with you; to operate, maintain, and enhance the Online Services; and to fulfill your specific requests. For example, if you send us an email message requesting information about Validant, we will use your email address and other information you supply to respond to your request. If you send us a resume or curriculum vitae (CV) to apply online for a position with Validant, we will use the information that you provide to match you with available Validant job opportunities. Your personal information is not used for other purposes, unless we obtain your permission, or unless otherwise required or permitted by law or professional standards.
Consultant Candidate Data
Validant collects and uses personal information provided by consultant candidates as requested to assess suitability for current and future projects with Validant’s clients. This requires us to collect personal details from candidates, which may include (but are not limited to) name, address, telephone number, e-mail address, education, employment history, CV and any other information required to match the candidate with a project. The personal information will expressly be used for the purpose of matching the candidate profile against potential opportunities and will only be disclosed to prospective clients if the candidate agrees to be considered for a specific opportunity.
Listed below are the various ways in which Validant may use and process personal data for the purpose of connecting consultant candidates with client projects, where appropriate and in accordance with local laws and requirements. This list is not exhaustive.
- Collecting candidate data from the candidate and other sources, such as LinkedIn and other recruitment platforms
- Storing candidate details (and updating when necessary) in our database, so that we can contact the candidate about possible projects
- Keeping records of conversations, so that Validant can provide targeted project opportunities to the candidate
- Assessing data about the candidate against compatible project opportunities
- With candidate consent, sending candidate information to Validant’s client, so that the candidate may be considered for a project
We may use personal data for the above purposes as necessary in connection with Validant’s legitimate business activities.
Employee Personal Data
Employee Personal Information means any personal information that is processed as part of an individual’s working relationship with Validant, for example, pertaining to a current, past or prospective employee of the Company processed in the context of an employment relationship or potential employment relationship with Validant.
Employee personal information may be collected or accessed in a number of ways, including:
- Directly from the employee (whether in writing or verbally)
- Through the use of Company office, computer and telephone equipment, including mobile phone, smart phones and tablet devices, and software, including electronic messaging, and email.
Processing for Employment Purposes
Validant will not process employee personal information for purposes other than the employment purposes as set out in this policy without first informing employees and giving them the opportunity to object to such processing.
Validant will process only employee personal information that is relevant considering the employment purposes for which it is to be processed. In general, much of the processing of employee personal information will fall into the category of human resources purposes, which may include (but not be limited to):
- Recruiting and hiring job applicants
- Managing employee communications and relations
- Providing compensation and benefits
- Administering payroll
- Processing corporate expenses and reimbursements
- Managing employee participation in human resources plans and programs
- Carrying out obligations under employment contracts
- Managing employee performance
- Conducting training and talent development
- Managing the employee termination process
- Conducting ethics and disciplinary investigations
- Responding to employee grievances and claims
- Complying with applicable legal obligations, including government reporting and specific local law requirements; and
- Other general human resources purposes
Validant may also obtain and process personal data about employees’ emergency contacts and other individuals (such as spouse, family members, dependents and beneficiaries) to the extent employees provide such information to Validant. Validant processes this information to comply with its legal obligations and for benefits administration and other internal administrative purposes.
Where processing of personal information is not for employment purposes, Validant will obtain the individual’s consent prior to the processing. Validant will not process the personal information more than necessary under the circumstances. Validant will not process employee personal information that qualifies as sensitive personal information for purposes incompatible with those given in this policy unless the employee in question has explicitly consented to the processing or the processing is necessary for one of the reasons listed here.
Validant is committed to cooperating with EU data protection authorities (DPA) and will comply with advice given by such authorities with regard to human resources data transferred from the EU in the context of the employment relationship.
Validant uses Google Analytics, a third party usage analytics tool. More information about how Google Analytics is used by Validant can be found here: http://www.google.com/analytics/learn/privacy.html
Sharing and Transfer of PII
We do not share personal information with unaffiliated third parties, except as stated in this Privacy Statement, including as necessary for our legitimate professional and business needs, to carry out your requests, as required or permitted by law or professional standards, or otherwise with your consent.
In some instances, Validant may share PII about you with various third-party service providers and vendors working on our behalf. These third parties include providers of administrative, identity management, website hosting, data analysis, data back-up and security management services. Validant requires these entities to safeguard PII in the same manner as Validant.
In the context of an onward transfer, Validant, as a Privacy Shield organization (as described below), has responsibility for the processing of personal information it receives under the Privacy Shield and subsequently transfers to a third party acting as an agent on its behalf. Validant shall remain liable under the Privacy Shield Principles (“Principles”) if its agent processes such personal information in a manner inconsistent with the Principles, unless Validant proves that it is not responsible for the event giving rise to the damage.
Validant may also disclose PII in order to respond to lawful requests of government or law enforcement agencies, including to meet national security or law enforcement requirements or where disclosure is required by applicable laws, court orders, or government regulations. In the event that the ownership of Validant or an affiliate or their assets changes as the result of a merger, acquisition, or sale of assets, information owned or controlled by Validant may be transferred to another company. Information may also be shared in connection with the consideration, negotiation, or completion of a corporate transaction in which we are acquired by or merged with another company or we sell, liquidate, assign or transfer all or a portion of our assets. These disclosures may also be needed for data privacy or security audits and/or to investigate or respond to a complaint or security threat. Validant does not sell PII to any third parties. Also, Validant will not transfer the PII you provide to any third parties for their own direct marketing use.
Validant and our service providers may use personal information in an aggregated, anonymized form for research and development. This data does not identify you individually, but rather helps to identify trends in user preferences and behaviors. In addition, we may share de-identified reports on user demographics and traffic patterns, as well as de-identified information, with third parties.
If you have submitted personal information to Validant, consistent with applicable law, you have the right to reasonable access to that data to correct any inaccuracies. You can also make a request to update or remove information about you and we will make all reasonable and practical efforts to comply with your request, so long as it is consistent with applicable law and professional standards. To request access to or correction, updating, or removal of your personal information please contact us at email@example.com. In general, Validant has thirty (30) days to respond to your request.
Data Security and Integrity
Validant has and requires its service providers to have security policies and procedures in place to help protect personal information from unauthorized loss, misuse, alteration, or destruction. Despite Validant’s efforts, however, security cannot be guaranteed against all threats. We seek to limit access to your personal information to those who have a need to know. Those individuals who have access to the data are required to maintain the confidentiality of such information. It is Validant’s policy to only retain personal information only for so long as the information is needed for the purpose for which it was obtained, or until that person asks that the information be deleted, consistent with applicable laws.
EU-U.S. Privacy Shield Framework
In compliance with the Privacy Shield Principles, Validant commits to resolve complaints about our collection or use of your personal information. EU individuals with inquiries or complaints regarding our Privacy Shield policy should first contact Validant at: firstname.lastname@example.org (attn: Data Protection Officer).
Validant has further committed to refer unresolved Privacy Shield complaints to JAMS, an alternative dispute resolution provider located in the United States. If you do not receive timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your satisfaction, please contact or visit JAMS for more information or to file a complaint. The services of JAMS are provided at no cost to you. Under certain conditions, you may have the ability to invoke binding arbitration.
We use reasonable organizational, technical and administrative measures designed to protect Personal Information within our organization. Unfortunately, no data transmission or storage system can be guaranteed to be 100% secure. If you have reason to believe that your interaction with us is no longer secure, please immediately notify us by emailing email@example.com.
Use of Site by Minors
The Site is not directed to individuals under the age of 18 and, we do not knowingly collect Personal Information from individuals under 18.
The Site is controlled and operated by us from the United States and is not intended to subject us to the laws or jurisdiction of any state, country or territory other than that of the United States.
Revisions to the Policy