Policy Effective Date: 7/7/23 (No updates since the last review)
Claravine values the privacy of the users, employers, job seekers, and others who visit and use the Service (collectively or individually, “You” or “Users”).
TABLE OF CONTENTS
- THE INFORMATION WE COLLECT
- THE WAY WE USE INFORMATION
- WHEN WE DISCLOSE INFORMATION
- YOUR CHOICES, RIGHTS AND RESPONSIBILITIES
- OUR COMMITMENT TO DATA SECURITY
- OUR COMMITMENT TO CHILDREN’S PRIVACY
- INTERNATIONAL VISITORS
- HOW TO COMPLAIN
- CLASS ACTION WAIVER
- CONTACT INFORMATION
The Information We Collect; Personal Data
User-Provided Information, including Personally Identifiable Information (PII): Due to the nature and scope of our product, you may provide to Claravine what is generally called “personally identifiable” information (such as your name, email address, postal mailing address, home/mobile telephone number, etc.) when using the Service, such as when you register an account on the Service, log in to the Service or otherwise use the features and functionality of the Service. As permitted by applicable law in the country from which you access our Website and use our services, we may collect, use, store and transfer different kinds of personal data about you. We have grouped these into the following categories of “personal data”:
Contact Data: such as email addresses, email address, and telephone numbers.
Identity Data: such as first name, last name, username or similar identifier.
Marketing and Communications Data: such as your preferences in receiving marketing from us and your communication preferences.
Profile Data: such as your username and password, orders made by you, preferences, user- generated content, feedback and survey responses.
Technical Data: such as Device IDs, your login data, access dates and times, browser type and version, device information, cookie data, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access the Website.
Usage Data: such as information about how you use our Website, products and services.
Use of Information Across Parties for the Service: In using the Service, the information we collect can be considered PII, and may be shared between Claravine and a third party for the Service we are providing.
When we share information with (to) a 3rd party, we do so because it is necessary to perform our contractual obligations or ensure the Service works for you. Such Personal Information is then subject to that third party’s own data collection, use, and disclosure policies. We do ensure that we work with known, quality partners, but should you wish to know more about the specific privacy policies of these providers, including whether these providers may collect or share Personally Identifiable Information between providers, you may enquire with us using the procedures described below.
In this context, third parties may collect personally identifiable information about a user’s online activities, over time and across different sites, services, and applications, when that user uses our site, service, or application.
When you do accept our cookies, we are able to customize your experience based on those cookies. We use a marketing automation platform owned by Salesforce known as the Marketing Customer Engagement Platform which manages cookies, allowing us to see the pages you visit, the content you engage with such as videos, emails you respond to, and other activities you engage in on our website, as well as the date and time of all those activities. The cookies are generally anonymous, unless the context requires otherwise (such as if you are responding to an email), but if you intentionally fill out a form that gives us information about you, such as your contact information, then the cookies you approve will be attached to that information so we can better customize your experience. If you fill out a form without accepting cookies, then the information from your form will be kept independent of any cookies.
Response to Do Not Track Signals: – Certain web browsers may provide an option by which you may have the browser inform websites or internet services you visit that you do not wish to have information (which may or may not contain PII) about your activities tracked by cookies or other persistent identifiers across time and across third-party Internet websites, online or cloud computing services, online applications, or mobile applications. These are commonly called “do not track” signals. For users located in the European Economic Area, Claravine will request specific permission before tracking behavior despite a user’s Do Not Track settings. For all other users, Claravine will not respond to do not track signals.
Third Party Web Beacons: To bring you the best experience and product set possible, we may also implement and integrate technology on the Service that uses “clear gifs,” “web beacons,” or other similar techniques, and which may allow Claravine to read and write cookies to your browser, or implement similar tracking mechanisms, in connection with your use of the Service.
Other System Information Automatically Collected: When you access the Service or open one of our HTML emails, we may automatically record certain information from your system by using different types of tracking technology. This “automatically collected” information may include your Internet Protocol address, a unique device or user ID, the version of software installed, system type, the content and pages that you access on the Service, and the dates and times that you visit the Service. This other technology is always anonymous, unless you give us specific consent, by filling out a form, for example. It includes things like Google Analytics, Adobe Analytics, Mutiny, and MouseFlow, all of which help us with user engagement and heat mapping, and all of which are anonymous.
The Way We Use Information
Claravine uses the information that you provide or that we collect to operate, maintain, enhance, and provide all of the features and services found on the Service as well as to track user-generated content.
We will use your email address and other provided contact information, without further consent, for administrative communications such as notifying you of major Service updates, for customer service purposes, to contact you regarding any content and other materials that you have posted to, transmitted through, or downloaded from the Service.
Claravine uses all of the information that you provide or that we collect to understand the usage trends and preferences of our Users, to improve the way the Service works and looks, and to create new features and functionality.
Claravine may use “Automatically Collected” information and “Cookies” information, alone or in combination with other information we have collected from you, to: (a) personalize the service, such as remembering your information so that you will not have to re-enter it during your visit or the next time you access the Service; (b) monitor aggregate site usage metrics such as total number of visitors and pages accessed; and (d) provide such metrics to users as they pertain to such user’s content.
Claravine may use your email address or other personally identifiable information to send (a) messages about the Service, and (b) promotional messages related to the Service and the activities of third parties we work with.
Claravine acknowledges that you have the right to access your personal information. If requested to remove data, we will respond within the timeframe required by relevant laws, including any available extensions. We may transfer personal information to companies that help us provide our service. Transfers to subsequent third parties are covered by our service agreements with our enterprise clients.
We will retain personal information that we process on behalf of our enterprise clients for as long as needed to provide services to such client. Claravine will retain this personal information as necessary to comply with our legal obligations, resolve disputes, enforce our agreements, and in accordance with our internal record keeping policies.
Personal Data. Other than data required to provide you an account on the Service, Claravine does not require you to provide any personal data. You agree that, except for personal data required to issue you an account on the Service, or necessary to provision the support services, you will not transmit to Claravine any personal data about yourself of from your employees, customer’s employees, agents, contractors, or affiliates. For purposes of this paragraph personal data means: any information relating to an identified or identifiable natural person, including, but not limited to: any information that is clearly about a particular person and can be used to identify such person, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. You will indemnify and hold Claravine harmless from any third-party claim brought against Claravine or its affiliates arising out of your transmittal to Claravine of personal data except as allowed under this paragraph.
When We Disclose Information
Claravine does not share your personally identifiable information with other organizations for their marketing or promotional uses without your prior consent.
Claravine may disclose your information if required to do so by law or in the good-faith belief that such action is necessary to comply with state and federal laws (such as U.S. Copyright law) or respond to a court order, judicial or other government subpoena, or warrant in the manner required by the requesting entity.
Claravine also reserves the right to disclose User information that we believe, in good faith, is appropriate or necessary: to take precautions against liability; to protect Claravine from fraudulent, abusive, or unlawful uses; to investigate and defend ourselves against third-party claims or allegations; to assist government enforcement agencies; to protect the security or integrity of the Service; or to protect the rights, property, or personal safety of Claravine, our users, or others.
Your Choices, Rights and Responsibilities
Right Not To Share Information: You may, of course, decline to share your personally identifiable information with Claravine, in which case Claravine will not be able to provide to you some of the features and functionality found on the Service.
Right to Correct, Update, Delete Personal Information: You have the right to ask us to change, correct, or delete personal data. You may also ask us to delete and remove personal data where there is no good reason for us to continue to process it. If you choose to ask us to delete and remove your personal data, Claravine may not be able to provide to you some or all of the features and functionality found on the Service.
If you are an authorizer licensed user of the Services, You may update or correct your user information and preferences at any time by accessing your account preferences page through the Service. Please note that while changes to your account are reflected promptly in active user databases, we may retain all information that we collect or that you provide for a variety of purposes, including backups and archiving, prevention of fraud and abuse, and analytics.
To protect your privacy and security, we take reasonable steps to verify your identity before granting you account access or making corrections to your information.
Please note, we may not always be able to comply with your request for erasure and in such circumstances, will notify our reasons to you. If you choose to ask us to alter, remove or delete your Personal Information you may contact us in one of the following ways: a) using the messaging functionality in your user account to contact us directly, if available, b) emailing us at: firstname.lastname@example.org, or c) calling us directly at: 385-286-0800. We will respond to you in writing within the time frame required by the relevant law.
Your Responsibilities: You are responsible for maintaining the secrecy of your unique password and account information at all times.
Our Commitment To Data Security
Claravine uses certain physical, managerial, and technical safeguards designed to preserve the integrity and security of your personal information. We cannot, however, ensure or warrant the security of any information you transmit to Claravine, and you do so at your own risk. Claravine cannot guarantee that information you provide or that we collect may not be accessed, disclosed, altered, or destroyed by breach of any of our physical, technical, or managerial safeguards.
If Claravine learns of a security systems breach, then we may attempt to notify you electronically so that you can take appropriate protective steps. Claravine may post a notice on the Service if a security breach occurs. Depending on where you live, you may have a legal right to receive notice of a security breach in writing. To receive a free written notice of a security breach you should notify us at email@example.com.
Commitment To Children’s Privacy
If you are under 16 years of age, then you may not use or access the Service at any time or in any manner.
Protecting the privacy of young children is especially important. For that reason, Claravine does not knowingly collect or maintain personally identifiable information from persons under 16 years-of-age. If Claravine learns that personally-identifiable information of persons less than 16-years-of-age has been collected on or through the service, then Claravine will take the appropriate steps to delete this information.
If you are the parent or legal guardian of a child under 16 who you believe has registered an account on the Service, then please contact Claravine at firstname.lastname@example.org to have that child’s account terminated and information deleted.
For users visiting the service from the European Economic Area (EEA) or any other non-U.S. territories, please note that any data you enter into the Service will be transferred outside the European Economic Area or such other non-U.S. territory for use by Claravine and its affiliates for any of the purposes described herein. In addition, because Claravine operates globally, we may make information we gather available to worldwide business units and affiliates. By providing any data on the Service, you hereby expressly consent to such transfers of your data to the United States or other countries.
Specific State Laws and General Data Protection Regulation (GDPR) Compliance
California’s Shine the Light Law
Nevada’s Online Privacy Protection Act
GDPR. As part of the General Data Protection Regulation (GDPR), a new legal framework for handling and protecting the personal data of European Union residents coming into effect on May 25, 2018, some countries in Europe have recently implemented regulations increasing their age of digital consent. To bring our Services in line with these regulations, we’ve revised the minimum age requirement to use Claravine to 16 in those countries and all others that have increased the age of digital consent. Please check your local law to see if you meet the age requirement.
Data Controller and Data Processor. Claravine does not own, control or direct the use of any of the Client Data stored or processed by a Client or User via the Service. Only the Client or Users are entitled to access, retrieve and direct the use of such Client Data. Claravine is largely unaware of what Client Data is actually being stored or made available by a Client or User to the Service and does not directly access such Client Data except as authorized by the Client, or as necessary to provide Services to the Client and its Users.
The Client or the User is the data controller under the Regulation for any Client Data containing personal data, meaning that such party controls the manner such personal data is collected and used as well as the determination of the purposes and means of the processing of such personal data. The Client and the User are responsible for informing data subjects of the lawful basis under which they are processing the data subjects’ personal data.
Claravine is not responsible for the content of the personal data contained in the Client Data or other information stored on its servers (or its subcontractors’ servers) at the discretion of the Client or User nor is Claravine responsible for the manner in which the Client or User collects, handles disclosure, distributes or otherwise processes such information.
Rights Under the GDPR
The only situation where Claravine is acting as a controller under the GDPR is when an employee of one of our clients is accessing the Services or when an individual who is a potential user of our Services is browsing our website. In those events, we may act as a controller when we process personal data regarding those data subjects. When we do so, our “lawful basis” for processing that information is our contract with our client and our legitimate interest in processing personal data (when the data subject is an employee of one of our clients) or a potential user’s consent given via our cookies policy (when the data subject is a potential user who is using our website). When we are acting as either a controller or a processor, the data subjects have the following rights under the GDPR:
- Right to Information. The right to know what personal data we hold about you and how we use it.
- Right to Access. The right to be provided with a copy of your personal data (subject to certain restrictions).
- Right of Rectification. The right to require us to correct any incomplete or inaccurate personal data we hold about you, though we may need to verify the accuracy of the new data you provide to us. If you have a user account with us, you also have the option of correcting your information directly in your account.
- Right to erasure/be forgotten. This enables you to ask us to delete or remove personal data where there is no good reason for us to continue to process it. Note, however, that we may not always be able to comply with your request for erasure and in such circumstances, will notify our reasons to you.
- Right to restrict processing. The right to require us to restrict processing of your personal data, i.e., you can request that we suspend the processing of your personal data in the following scenarios: (a) if you want us to establish the data’s accuracy; (b) where our use of the data is unlawful but you do not want us to erase it; (c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
- Right to request data portability, In certain circumstances, you have the right to request the transfer of your personal data to you or to a third party in a commonly used machine-readable format. Note, however, that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
- Right to object to processing. You have the right to object to the processing of your personal data in the following circumstances: (i) at any time to your personal data being processed for direct marketing (including profiling); or (ii) in certain other situations, to our continued processing of your personal data, e.g., our processing of your personal data when such processing is based on our legitimate interests. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.
- Right to withdraw consent at any time. You have the right to withdraw your consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.
Method for Requesting Information Pursuant to Your Rights. Upon request, Claravine will provide you with information about whether we hold any of your personal information. If you would like to exercise any of the data subject access rights in the table above (each, an “Access Request”) please send an email to email@example.com, and we will send you a Data Subject Access Request Form. We will respond to your request within a reasonable timeframe.
No Fee Usually Required. You will not usually be required to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
What We May Need from You. Once we receive your Access Request, we may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
Time Limit to Respond. We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
Breach Reporting. Claravine will notify you in the event of a data breach, as required by applicable law. We maintain incident response policies and procedures, including a breach notification process, which enables us to notify affected customers as needed. If you’ve entered into an EU Data Processing Agreement, you will be notified as detailed in those agreements.
Under the GDPR, Claravine is legally obliged to notify the Supervisory Authority within 72 hours of the data breach. Individuals have to be notified if adverse impact is determined. In addition, Claravine must notify any affected clients without undue delay after becoming aware of a personal data breach.
However, Claravine does not have to notify the data subjects if anonymized data is breached. Specifically, the notice to data subjects is not required if the data controller has implemented pseudonymization techniques like encryption along with adequate technical and organizational protection measures to the personal data affected by the data breach.
How to Complain
Data Subjects Based in the European Economic Area. The General Data Protection Regulation also gives you the right to lodge a complaint with a supervisory authority, in particular in the European Union (or European Economic Area) country where you work, normally live or where any alleged infringement of data protection laws occurred.
Class Action Waiver
No Class Actions. YOU AND CLARAVINE AGREE THAT EACH MAY BRING CLAIMS AGAINST THE OTHER ONLY IN YOUR OR ITS INDIVIDUAL CAPACITY, AND NOT AS A PLAINTIFF OR CLASS MEMBER IN ANY PURPORTED CLASS OR REPRESENTATIVE PROCEEDING.
Limitation of Liability; Damages
LIMITATIONS OF LIABILITY. UNDER NO CIRCUMSTANCES, INCLUDING, BUT NOT LIMITED TO, NEGLIGENCE, WILL CLARAVINE OR ITS AFFILIATES, CONTRACTORS, EMPLOYEES, AGENTS, OR THIRD-PARTY PARTNERS, LICENSORS, OR SUPPLIERS BE LIABLE TO YOU FOR ANY SPECIAL, INDIRECT, INCIDENTAL, CONSEQUENTIAL, PUNITIVE, RELIANCE, OR EXEMPLARY DAMAGES (INCLUDING WITHOUT LIMITATION DAMAGES ARISING FROM ANY UNSUCCESSFUL COURT ACTION OR LEGAL DISPUTE, LOST BUSINESS, LOST REVENUES, OR LOSS OF ANTICIPATED PROFITS OR ANY OTHER PECUNIARY OR NON- PECUNIARY LOSS OR DAMAGE OF ANY NATURE WHATSOEVER) ARISING OUT OF OR RELATING TO VIOLATION OF THESE TERMS OR ANY OTHER PRIVACY REGULATION OR LAW, OR ANY OTHER INTERACTIONS YOU MAY HAVE WITH CLARAVINE, EVEN IF CLARAVINE OR A CLARAVINE AUTHORIZED REPRESENTATIVE HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. APPLICABLE LAW MAY NOT ALLOW THE LIMITATION OR EXCLUSION OF LIABILITY OR INCIDENTAL OR CONSEQUENTIAL DAMAGES, SO THE ABOVE LIMITATION OR EXCLUSION MAY NOT APPLY TO YOU. IN SUCH CASES, CLARAVINE’S LIABILITY WILL BE LIMITED TO THE FULLEST EXTENT PERMITTED BY APPLICABLE LAW
LIMITATION OF DAMAGES. IN NO EVENT WILL CLARAVINE’S OR ITS AFFILIATES’, CONTRACTORS’, EMPLOYEES’, AGENTS’, OR THIRD-PARTY PARTNERS’, LICENSORS’, OR SUPPLIERS’ TOTAL LIABILITY TO YOU FOR ALL DAMAGES, LOSSES, AND CAUSES OF ACTION ARISING OUT OF OR RELATING TO THE TERMS OR YOUR USE OF THE SERVICE OR YOUR INTERACTION WITH OTHER SERVICE USERS (WHETHER IN CONTRACT, TORT INCLUDING NEGLIGENCE, WARRANTY, OR OTHERWISE), EXCEED THE AMOUNT PAID DIRECTLY BY YOU, IF ANY, FOR ACCESSING THE SERVICE DURING THE TWELVE MONTHS IMMEDIATELY PRECEDING THE DATE OF THE CLAIM OR ONE HUNDRED DOLLARS, WHICHEVER IS GREATER.
BASIS OF THE BARGAIN. YOU ACKNOWLEDGE AND AGREE THAT CLARAVINE HAS OFFERED ITS PRODUCTS AND SERVICES, SET ITS PRICES, AND ENTERED INTO THE TERMS IN RELIANCE UPON THE WARRANTY DISCLAIMERS AND THE LIMITATIONS OF LIABILITY SET FORTH HEREIN, THAT THE WARRANTY DISCLAIMERS AND THE LIMITATIONS OF LIABILITY SET FORTH HEREIN REFLECT A REASONABLE AND FAIR ALLOCATION OF RISK BETWEEN YOU AND CLARAVINE, AND THAT THE WARRANTY DISCLAIMERS AND THE LIMITATIONS OF LIABILITY SET FORTH HEREIN FORM AN ESSENTIAL BASIS OF THE BARGAIN BETWEEN YOU AND CLARAVINE. CLARAVINE WOULD NOT BE ABLE TO PROVIDE THE SERVICE TO YOU ON AN ECONOMICALLY REASONABLE BASIS WITHOUT THESE LIMITATIONS.
LIMITATIONS BY APPLICABLE LAW. SOME JURISDICTIONS DO NOT ALLOW THE EXCLUSION OF IMPLIED WARRANTIES, SO THE ABOVE EXCLUSIONS MAY NOT APPLY TO YOU. YOU MAY ALSO HAVE OTHER RIGHTS THAT VARY FROM STATE TO STATE AND JURISDICTION TO JURISDICTION.
Assignment. This Agreement may not be assigned by you without the prior written approval of Claravine but may be assigned without your consent by Claravine to (i) a parent or subsidiary, (ii) an acquirer of assets, or (iii) a successor by merger. Any purported assignment in violation of this section shall be void. Any actual or proposed change in control of you that results or would result in a direct competitor of Claravine directly or indirectly owning or controlling 50% or more of you shall entitle Claravine to terminate this Agreement for cause immediately upon written notice.
Choice of Law; Venue. With respect to U.S. Customers, this Agreement shall be governed by Utah State law and controlling United States federal law, without regard to the choice or conflicts of law provisions of any jurisdiction, and any disputes, actions, claims or causes of action arising out of or in connection with this Agreement or the Service shall be subject to the exclusive jurisdiction of the state and federal courts located in Salt Lake County Utah.
Entire Agreement; Severable. No text or information set forth on any other purchase order, preprinted form or document (other than an Order Form, if applicable) shall add to or vary the terms and conditions of this Agreement. This Agreement, together with any applicable Order Form, comprises the entire agreement between you and Claravine and supersedes all prior or contemporaneous negotiations, discussions or agreements, whether written or oral, between the parties regarding the subject matter contained herein. If any provision of this Agreement is held by a court of competent jurisdiction to be invalid or unenforceable, then such provision(s) shall be construed, as nearly as possible, to reflect the intentions of the invalid or unenforceable provision(s), with all other provisions remaining in full force and effect.
Independence. No joint venture, partnership, employment, or agency relationship exists between you and Claravine as a result of this agreement or use of the Service.
No Waiver. The failure of Claravine to enforce any right or provision in this Agreement shall not constitute a waiver of such right or provision unless acknowledged and agreed to by Claravine in writing.