We at Comeet Technologies, Inc. (“Comeet“, “we”, “us”, “our”) develop and operate a recruiting and applicant tracking platform (the “Platform”) that helps companies to manage their recruiting processes (the “Customer”).
This Privacy Notice (the “Notice“) is intended for the Customer’s employees, staff, contractor and/or any other third party using Comeet’s Platform on behalf of the Customer, and describes the ways in which the Customer handles your Personal Data (as described below). It also describes the rights and options available to you with respect to your Personal Data.
We do not offer our products or services for use by children and, therefore, we do not knowingly collect Personal Data from, and/or about children under the age of eighteen (18). If you are under the age of eighteen (18), do not provide any Personal Data to us.
Table of contents
Personal Data processed
Who will process your Personal Data?
Security and Personal Data retention
International data transfers
Interactions with third party services
Changes to this Notice
The Customer is the data controller of the Personal Data on the Platform. Comeet is the data processor acting on behalf of the Customer.
Please note that this Notice covers the Platform’s privacy practices in general matters. For the avoidance of doubt, for the purposes of this Notice, the “Customer” are companies which executed agreements with Comeet to receive Comeet’s services. If your Personal Data is provided to us as a result of our relationships with Customer, please note that the Customer is the responsible party for obtaining the required consents and complying with any applicable laws and regulations with respect to the collection, processing, transfer and use of your Personal Data. The Customer may have an additional privacy notice explaining its own specific privacy practices related to your personal data (the “Customer’s Notice”). We are not responsible for the privacy practices or the content of the Customer. Please be aware that the Customer can collect Personal Data from you. Accordingly, we encourage you to read the terms and conditions and privacy policies of the Customer.
We greatly respect your privacy, which is why we make every effort to provide a platform that would live up to the highest of user privacy standards. Please read this Notice carefully, so you can fully understand our practices and your rights in relation to personal data. “Personal Data” or “Personal Information” means any information that can be used, alone or together with other data, to uniquely identify any living human being. Important note: Nothing in this Notice is intended to limit in any way your statutory right, including your rights to a remedy or means of enforcement.
2. PERSONAL DATA PROCESSED
We process Personal Data about you if you create an account, access and/or use the Platform.
Personal Data we collect: If you were assigned a user account to access and use the Platform on behalf of a Customer and/or you provide your details to be able to use Comeet’s Platform. In such cases, we will process the following Personal Data (in accordance with your privileges and uses of the Platform), such as: your user account credentials, as well as additional information such as your full name, work email address, position, work phone number, and any other information that you and/or the Customer will decide to provide us with. We will also collect and process information that could contain your Personal Data, such as: internal communication you create for use within the Customer, communication with candidates and sources, candidate evaluations, interview questions, among others. All of the above Personal Data is referred to as “User Account Information”.
Why this Personal Data is collected and for what purposes: We will use your User Account Information to verify your identity and enable you to access the Platform (when you have a registered account in Comeet’s Platform), to operate it and provide you and the Customer features and functionality as well as to respond to any support requests or inquiries you may have. We also use it to facilitate our internal managerial, archival, administrative and audit activities and to prevent fraudulent and unlawful use of the Platform.
Legal basis (GDPR only, if applicable): Comeet is the data processor, therefore, Comeet does not need to provide a legal basis under this use case. Comeet has an agreement in place with the Customer. For the avoidance of doubt, under CCPA, Comeet is considered a service provider and the Customer is the business (if applicable).
Consequences of not providing the Personal Data: We may receive such Personal Data directly from you or from the Customer. You are not legally required to provide us your information, however, we will not be able to allow you to use the Platform without this Personal Data.
We also collect information about your use of the Platform.
Personal Data we collect: When you use the Platform we will collect statistical usage information, as well as other information about your use of the Platform, including: IP address from which you accessed the Platform, time and date of access, type of browser used, language use, links clicked, and actions taken while using the Platform (“Usage Information”).
Why this Personal Data is collected and for what purposes: We will use the Usage Information for quality assurance and business development purposes of the Platform and for improvement of the Platform and its user experience. We also use the Usage Information for aggregated content and benchmarks that help recruiters, managers and candidates.
Legal basis (GDPR only, if applicable): The legal basis under EU law for processing this is our legitimate interest in developing, enhancing and maintaining the Platform.
Consequences of not providing the Personal Data: We cannot provide you with some features and functions of our Platform.
Finally, please note that some of the abovementioned Personal Data will be used for detecting, taking steps to prevent, and prosecution of fraud or other illegal activity, to identify and repair errors, to conduct audits, and for security purposes. Personal Data may also be used to comply with applicable laws, with investigations performed by the relevant authorities, law enforcement purposes, and/or to exercise or defend legal claims. In certain cases, we may or will anonymize or de-identify your Personal Data and further use it for internal and external purposes, including, without limitation, to improve the services and for research purposes. “Anonymous Information” means information which does not enable identification of an individual user, such as aggregated information about the use of our services. To the maximum extent permitted by law, we reserve the right to use Anonymous Information and/or disclose it to third parties without restrictions (for example, in order to improve our services and enhance your experience with them).
3. WHO WILL PROCESS YOUR PERSONAL DATA?
We will not share your Personal Data with third-party recipients, except as listed below, or if you give your explicit consent.
We will share your information with the Customer.
We will share your Personal Data with the Customer, on behalf of which you use the Platform.
Your Personal Data will be handled by our service providers helping us operate the Platform.
We will share your Personal Data with our service providers who assist us with operating the Platform. These companies are authorized to use your Personal Data only as necessary to provide these services to us. A detailed list of those service providers is available here.
We may share your Personal Data with applicable authorities.
To the extent necessary, with regulators, courts or competent authorities, to comply with applicable laws, regulations and rules (including, without limitation, federal, state or local laws), and requests of law enforcement, regulatory and other governmental agencies or if required to do so by court order. In addition, if you have abused your rights to use the Platform, or violated any applicable law and/or the commercial terms that we have in place with the Customer, we may share your Personal Data with competent authorities and with third parties (such as legal counsels and advisors), for the purpose of handling of the violation and/or breach. The legal basis under EU law for processing your Personal Data for this purpose is our legitimate interests in defending and enforcing against violation and breaches that are harmful to our business and/or processing is necessary for compliance with a legal obligation to which the controller is subject.
We will share your information in any event of change in Comeet’s structure.
If the operation of the Platform is organized within a different framework, or through another legal structure or entity (such as due to a merger or acquisition of all or a portion of our business by or to another company; or during negotiations of, any sale of company assets, consolidation or restructuring, financing; or in the event of bankruptcy or a comparable event), we may share your Personal Data only as required to enable the structural change in the operation of the Platform. The legal basis under EU law for processing your data for this purpose is our legitimate interests in our business continuity.
We also share Personal Data with our affiliated companies.
4. SECURITY AND PERSONAL DATA RETENTION
We retain your Personal Information as per the Customer’s instructions, and thereafter as needed for record-keeping matters. We will retain your Personal Information for as long as your user account is active or as otherwise instructed by the Customer. Thereafter, we will continue to retain your Personal Information to the extent necessary to comply with our legal obligations, resolve disputes, establish and defend legal claims and enforce the applicable commercial agreement, this Notice and other agreements we may have with the Customer.
We implement measures to secure your Personal Information. We implement measures to reduce the risks of damage, loss of information and unauthorized access or use of information. However, these measures do not provide absolute information security. Therefore, although efforts are made to secure your Personal Information, it is not guaranteed, and you cannot expect that the Platform will be immune from information security risks.
5. INTERNATIONAL DATA TRANSFER
General transfers rule: If you are an EU resident and we transfer your Personal Data from within the European Union to locations outside the European Union, we will rely on i) Adequacy Decisions as adopted by European Commission on the basis of Article 45 of Regulation (EU) 2016/679 (GDPR), or ii) Standard Contractual Clauses issued by the European Commission. Comeet also continually monitors the circumstances surrounding such transfers in order to ensure that these maintain, in practice, a level of protection that is essentially equivalent to the one guaranteed by the GDPR.
External transfers: Where we transfer your Personal Data outside of EU/EEA, for example to third parties who help provide our products and services, we will obtain contractual commitments from them to protect your Personal Data. Where we receive requests for information from law enforcement or regulators, we carefully validate these requests before any Personal Data is disclosed. The safeguards for international data transfers to Comeet’s sub-processors are set out in Comeet’s list of sub-processors available here.
Internal transfers: We ensure transfers within the Comeet group will be covered by an agreement entered into by members of the Comeet group (an intra-group agreement) which contractually obliges each member to ensure that Personal Data receives an adequate and consistent level of protection wherever it is transferred to. Comeet is located in the United States and such entity is involved in processing your Personal Data there.
6. YOUR RIGHTS
You have the right to access, update or delete your information and obtain a copy of your information. You have certain rights (which may be subject to certain exemptions or derogations, including, some of which only apply to individuals protected by the GDPR). If you want to exercise your rights, you should contact the Customer.
If you wish to exercise any of these rights, or other GDPR rights, with respect to the Usage Information that Comeet collects, you may contact us at support@Comeet.co.
Deactivate your account. Should you ever decide to deactivate your account, you may do so by contacting the Customer.
7. INTERACTIONS WITH THIRD PARTY SERVICES
We enable you to interact with third party websites, applications and products or services that are not owned or controlled by us (each a “Third Party Service”), including, without limitation, the third party integration companies. We are not responsible for the privacy practices or the content of such Third Party Services. Please be aware that Third Party Services can collect Personal Data from you. Accordingly, we encourage you to read the terms and conditions and privacy policies of each Third Party Service. In addition, you will find additional information of Comeet’s terms for integrating with Third Parties Service here.
8. CHANGES TO THIS NOTICE
This Notice can be changed and/or updated from time to time. We ask you to check back periodically for the latest version of this Notice. If we implement significant changes to the use of your Personal Data in a manner different from that stated at the time of collection, we and/or the Customer will make market-standard efforts to notify you of such changes by posting a notice on the Platform, website or by other means.
9. CONTACT US
Comeet’s address is 26 Broadway st., Brooklyn, New York, United States. We can be reached by email at email@example.com.
General Data Protection Regulation (GDPR) – European Representative. Pursuant to Article 27 of Europe’s General Data Protection Regulation (GDPR), Comeet Technologies Inc. has appointed a European Data Protection Office (EDPO) as its GDPR representative in the EU. You can contact the EDPO regarding matters pertaining to the GDPR by sending an email to firstname.lastname@example.org, using EDPO’s online request form, or writing to EDPO at Avenue Huart Hamoir 71, 1030 Brussels, Belgium.
UK General Data Protection Regulation (GDPR) – UK Representative. Pursuant to Article 27 of the UK GDPR, Comeet Technologies Inc. has appointed EDPO UK Ltd as its UK GDPR representative in the UK. You can contact EDPO UK regarding matters pertaining to the UK GDPR by: using EDPO UK’s online request form or writing to EDPO UK at 8 Northumberland Avenue, London WC2N 5BY, United Kingdom.