HCR SOFTWARE PRIVACY STATEMENT
INTRODUCTION AND SCOPE
Human Capital Resource Software Inc., including its affiliates and subsidiaries (each, “HCR Software”), is committed to the protection of the personal information that we collect and/or maintain in the course of our business activities. As part of this commitment, we have set out this Privacy Statement to describe the manner in which we treat our customers’ employee (and prospective employee) personal information when hosted on our cloud-based talent management services offerings (“HCR Software CompensationXL”), as well as the personal information we collect via other means, such as through our website at https://compensationxl.com (“Website”). This Privacy Policy describes how HCR Software collects, uses, shares and secures the personal information you provide as well as the human resources data transferred to us for processing on behalf of our Customers. It also describes your choices regarding use, access and correction of your personal information. As used in this Privacy Statement, “personal information or personal data” means information about an identifiable individual. The use of information collected through our service shall be limited to the enabling the compensation planning and reporting functions for which the Customer has engaged HCR Software.
Collection and Use of Information
1. HCR Software’s CompensationXL allows our Customers to upload information about their organization’s employees and prospective employees (collectively, “Employees”), including names, performance reviews and compensation information. Our customers choose the types of Employee information they upload into the HCR Software CompensationXL. We do not collect or use the Employee information of our customers for any purpose other than as described in this Privacy Statement, to provide the compensation management services our customers request or as otherwise described in the agreement between us and our customer.
2. Website
We may collect and use the following information obtained via our Website or our other online activities:
1. If you contact us with a question, comment or complaint, we may collect your name and contact information (such as your email address or mailing address) in order for us to respond to your request. We may also keep a record of the correspondence in order to assist you again in the future.
2. If you request information or a demo we may collect your name, job title, email address and certain information about your company. We use this information to contact you and otherwise facilitate your free trial, demo, or participation in the webinar, as applicable.
3. Information We Collect Automatically
It is important to note that, while you can generally visit our Website without telling us who you are or submitting any personal information, we do collect the following information via our Website and/or via our online activities:
Server log files: We automatically collect server log information when you visit our website. This includes the IP (Internet protocol) addresses of all visitors to our Website and other related information such as page requests, browser type, operating system and average time spent on our Website. We use this information to help us understand our Website activity, and to monitor and improve our Website.
Cookies and Similar Technologies: Our Website, like many other commercial websites, uses a standard technology called a “cookie”. A cookie is a small data file that a website can send to a browser, which may then be stored on your computer system. When you browse our Website, we may use a cookie to help us provide you with better customer service by (i) identifying your browser as one that has visited our Website before; and (ii) saving and remembering any preferences that you may have set during previous visits to our Website. Cookies help make your visit to our Website more user friendly. Any personal information collected about you through our use of cookies will be treated in accordance with this Privacy Statement. You can set your browser to reject cookies or to notify you when you receive a cookie, which will give you the opportunity to decide whether you want to accept the cookie or not. Note that if you reject cookies, it may not be possible for you to use HCR Software services which require registration.
Our Website may also use a technology called “tracer tags” or “Web Beacons”. This technology allows us to understand which pages you visit on our Website. These tracer tags are used to help us optimize and tailor our Website for you and other future visitors to our Website. HCR Software and its partners use cookies and similar technologies to analyze trends, administer the website, track users’ movements around the website, and to gather demographic information about our user base as a whole. You can control the use of cookies at the individual browser level, but if you choose to disable cookies, it may limit your use of certain features or functions on our website or service. Our CompensationXL application uses session variables only on the server to verify successful authentication. These variables expire when the connection times out.
Advertising Choices and Control
We may use third parties to serve our advertisements on other websites. These companies may use cookies and similar technologies, tracer tags or web beacons to collect information (such as web pages you visit and your response to ads) when you visit our Website and use that information to serve advertisements tailored to your interests on our website or other third-party websites. If you wish to opt-out of interest-based advertising click here (or if located in the European Union click here). Please note you will continue to receive generic ads that are no longer tailored to your interest.
Links to other Websites
Our Website may contain links to other websites that are provided and maintained exclusively by third parties. We carefully select the third party websites to which we link; however, as such third party websites are not subject to this Privacy Statement, we are not responsible for either such third parties’ content or privacy practices. We encourage you to read the privacy policy of every website you visit.
Social Media Widgets
Our websites include social media features, such as YouTube videos, the Facebook Like button, and widgets such as the Share this button or interactive mini-programs that run on our websites. These features may collect your IP address, which page you are visiting on our websites, and may set a cookie to enable the feature to function properly. Social media features and widgets are either hosted by a third party or hosted directly on our websites. Your interactions with these features are governed by the privacy statement of the company providing it.
Consent
Depending on the situation, HCR Software may obtain consent to the collection of personal information in different ways. Express consent may be obtained verbally, online or in writing. Implied consent may be obtained through your use of HCR Software CompensationXL or other HCR Software services, or when you approach us to obtain information, inquire about or request services from us. We will indicate when your consent is a condition of obtaining a service.
Opt Out
You may sign-up to receive email or newsletter or other communications from us. If you would like to discontinue receiving this information, you may update your email preferences by using the “Unsubscribe” link found in emails we send to you or by contacting us at privacy@hcrsoftware.com.
We may also send you service related email announcements on rare occasions when it is necessary to do so. For instance, if our service is temporarily suspended for maintenance, we might send you an email. You do not have an option to opt out of these emails, which are not promotional in nature.
Transfers and Disclosures of Personal Information
As a matter of practice, HCR Software does not disclose, trade, rent, sell or otherwise transfer personal information provided to us, except as set out in this Privacy Statement and, in the case of information provided to us via HCR Software CompensationXL, also as provided in our agreement with HCR Software with our customer.
HCR Software will offer individuals the opportunity to choose (opt-out) whether their personal information is (a) to be disclosed to a non-agent third party, or (b) to be used for a purpose other than the purpose for which it was originally collected or subsequently authorized by the individual. HCR Software will provide individuals with reasonable mechanisms to exercise their choices.
With respect to both CompensationXL and our Website, the following applies:
Service Providers
We may disclose or transfer personal information to our partners, consultants and suppliers who provide services on our behalf (collectively, our “service providers”). Our service providers are given only the information they need to perform their designated functions, and we do not authorize them to use or disclose personal information for their own purposes.
These services may include:
• Providing and managing cloud computing infrastructure
• Monitoring and Securing cloud computing infrastructure
• Fulfilling subscription services and ensuring the resilience of data transfers to subsequent third parties are covered by the service agreements with our Customers.
Commitment to Subject to the Principles
We subject to the Principles all European and Swiss Services Personal Data that we receive from the EEA and Switzerland in reliance on the respective Data Privacy Framework. We also receive some data in reliance on other compliance mechanisms, including data processing agreements based on the EU Standard Contractual Clauses.
Type of third parties to which we disclose personal data and purposes:
As a data processor, HCR Software will disclose Services Personal Data only as instructed by the data controller. In some cases we may share Services Personal Data with our subcontractors to provide the HCR Software service to our Customers. If HCR Software goes through a business transition, such as a merger, acquisition by another company or sale of all or a portion of its assets. In all cases, Services Personal Data may only be transferred in accordance with the Customer agreement. In such an event, you will be notified via email and/or a prominent notice on our website of any change in ownership, incompatible new uses of your personal data, and choices you may have regarding your personal data.
Liability
If a third party service provider providing services on HCR Software’s behalf processes personal data from the EEA or Switzerland in a manner inconsistent with the Data Privacy Framework Principles, HCR Software will be liable unless we can prove that we are not responsible for the event giving rise to the damages.
EU–U.S. and Swiss–U.S. Privacy Shield Statement
HCR Software complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. HCR Software has[have] certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) under the UK Extension to the EU-U.S. DPF. HCR Software has[have] certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/.
HCR Software is responsible for the processing of personal data it receives, under the DPF, and subsequently transfers to a third party acting as an agent on its behalf. HCR Software complies with the DPF Principles for all onward transfers of personal data from the EU, UK, and Switzerland, including the onward transfer liability provisions.
The Federal Trade Commission has jurisdiction over HCR Software’s compliance with the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF. In certain situations, HCR Software may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
In compliance with the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF, HCR Software commits to refer unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF to TRUSTe, an alternative dispute resolution provider based in the United States. If you do not receive timely acknowledgment of your DPF Principles-related complaint from us, or if we have not addressed your DPF Principles-related complaint to your satisfaction, please visit https://feedback-form.truste.com/watchdog/request for more information or to file a complaint. These dispute resolution services are provided at no cost to you. For complaints regarding DPF compliance not resolved by any of the other DPF mechanisms, you have the possibility, under certain conditions, to invoke binding arbitration. Further information can be found on the official DPF website.
In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, HCR Software commits to cooperate and comply respectively with the advice of the panel established by the EU data protection authorities (DPAs) and the UK Information Commissioner’s Office (ICO) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to unresolved complaints concerning our handling of human resources data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF in the context of the employment relationship.
Legal Requirement to Disclose
With respect to personal data received or transferred pursuant to the Data Privacy Framework, HCR Software is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission. We and our service providers may provide personal information in response to a search warrant or other legally valid inquiry or order, or to an investigative body in the case of a breach of an agreement or contravention of law, or as otherwise required or permitted by applicable law.
We may also disclose personal information where necessary for the establishment, exercise or defense of legal claims and to investigate or prevent actual or suspect loss or harm to persons, data or property. In certain situations, we may be required to disclose your personal data as required by law, such as to comply with a subpoena or other legal process, when we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to a government request. In certain situations, HCR Software may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
HCR Software will notify Customer of such request unless prohibited by law.
Safeguarding
We understand that data security is an important issue and we are committed to safeguarding the personal information provided to us, whether through CompensationXL or our Website. In addition, with respect to the personal information provided to us by way of our HCR Software CompensationXL, HCR Software has implemented information security program that includes written policies and procedures, and security controls, as further described in our Information Security White Paper which is available upon request. We follow generally accepted standards to protect the personal information submitted to us, both during transmission and once it is received. If you have any questions about the security of your personal information, you can contact us at https://www.dataprivacyframework.gov/.
GDPR
As a data processor serving many multi-national companies with employees in the EU, HCR Software is committed to full compliance with GDPR regulations and the protection of our customers’ human resources data. In the context of GDPR and with respect to personal data, HCR Software is a data processor acting on behalf of and under the direction of our customers, who are the data controllers. When HCR Software processes data received from a customer or prospective customer, HCR Software does so only pursuant to the customer’s or prospective customer’s instructions and prior authorization.
To ensure that EU citizens are able to exercise their data privacy rights, HCR Software’s data protection officer coordinates heavily with our customers’ data protection officers and, where appropriate, their EU member representatives. EU citizens with privacy concerns may contact our data protection officer from our website.
Retention and Storage
1. HCR Software CompensationXL Personal information provided to HCR Software by way of our cloud-based compensation management services offerings is stored in the United States. We will retain personal data we process on behalf of our Customers for as long as needed to provide the Services covered under our agreement. HCR Software. will retain this personal information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.
2. Website & Other Personal information that we collect via our Website or other means may be transferred to, stored and processed at various locations around the world, by staff who work for us or for one of our service providers. Such staff may be engaged in, among other things, providing demos, managing contests or other promotions and making hiring decisions on behalf of HCR Software. We may retain your information for as long as your account is active or as needed to provide you services, comply with our legal obligations, resolve disputes and enforce our agreements.
Accuracy and Access
Access to Data Controlled by our HCR Software Customers:
HCR Software acknowledges that you have the right to access your personal information. HCR Software has no direct relationship with the individuals whose personal data it processes. HCR Software’s Customers, not HCR Software, control what personal information is contained in CompensationXL. Accordingly, if we receive a request from an individual to access, update, delete or update personal information we maintain on behalf of a particular customer as part of our cloud-based talent management services offerings, we will direct that individual to the relevant HCR Software customer for assistance. If requested to remove data we will respond within a reasonable timeframe.
Access to Data Submitted via our Website:
Upon request HCR Software will provide you with information about whether we hold any of your personal information. If you submit personal information via our Website or otherwise provide us with your personal information, you may request access, updating or correction of your personal information by submitting a written request and satisfactory identification to our Privacy Officer (see “Contact Us” below). If you find any errors in your personal information, please contact our Privacy Officer as soon as possible. We will respond to your request within a reasonable timeframe.
Changes to this Privacy Statement
This Privacy Statement may be updated periodically to reflect changes to our personal information practices. The revised Privacy Statement will be posted on this Website. If we make any material changes, we will notify you by email (sent to the e-mail address specified in your account) or by means of a notice on this website prior to the change becoming effective. We encourage you to periodically check this Privacy Statement to ensure that you are aware of the most recent version.
Contact Us
HCR Software has appointed a Chief Privacy Officer responsible for overseeing the implementation of the privacy program in the organization.Please contact the Privacy Officer with any questions or concerns that you may have about this Privacy Statement or our personal information practices. Our Privacy Officer may be contacted via email at privacy@hcrsoftware.com.
If you have an unresolved EEA or Swiss privacy or data use concern involving HR data that we have not addressed satisfactorily, please contact the relevant EU data protection authority or the Swiss Federal Data Protection and Information Commissioner, as applicable.
1500 Beach Boulevard
Unit 224
Jacksonville Beach
Florida 32250
Privacy Statement was last updated on October 21, 2024