HCR SOFTWARE PRIVACY STATEMENT
INTRODUCTION AND SCOPE
Collection and Use of Information
1. HCR Software’s CompensationXL allows our Customers to upload information about their organization’s employees and prospective employees (collectively, “Employees”), including names, performance reviews and compensation information. Our customers choose the types of Employee information they upload into the HCR Software CompensationXL. We do not collect or use the Employee information of our customers for any purpose other than as described in this Privacy Statement, to provide the compensation management services our customers request or as otherwise described in the agreement between us and our customer.
We may collect and use the following information obtained via our Website or our other online activities:
1. If you contact us with a question, comment or complaint, we may collect your name and contact information (such as your email address or mailing address) in order for us to respond to your request. We may also keep a record of the correspondence in order to assist you again in the future.
2. If you request information or a demo we may collect your name, job title, email address and certain information about your company. We use this information to contact you and otherwise facilitate your free trial, demo, or participation in the webinar, as applicable.
3. Information We Collect Automatically
It is important to note that, while you can generally visit our Website without telling us who you are or submitting any personal information, we do collect the following information via our Website and/or via our online activities:
Server log files: We automatically collect server log information when you visit our website. This includes the IP (Internet protocol) addresses of all visitors to our Website and other related information such as page requests, browser type, operating system and average time spent on our Website. We use this information to help us understand our Website activity, and to monitor and improve our Website.
Advertising Choices and Control
Links to other Websites
Social Media Widgets
Our websites include social media features, such as YouTube videos, the Facebook Like button, and widgets such as the Share this button or interactive mini-programs that run on our websites. These features may collect your IP address, which page you are visiting on our websites, and may set a cookie to enable the feature to function properly. Social media features and widgets are either hosted by a third party or hosted directly on our websites. Your interactions with these features are governed by the privacy statement of the company providing it.
Depending on the situation, HCR Software may obtain consent to the collection of personal information in different ways. Express consent may be obtained verbally, online or in writing. Implied consent may be obtained through your use of HCR Software CompensationXL or other HCR Software services, or when you approach us to obtain information, inquire about or request services from us. We will indicate when your consent is a condition of obtaining a service.
You may sign-up to receive email or newsletter or other communications from us. If you would like to discontinue receiving this information, you may update your email preferences by using the “Unsubscribe” link found in emails we send to you or by contacting us at [email protected].
We may also send you service related email announcements on rare occasions when it is necessary to do so. For instance, if our service is temporarily suspended for maintenance, we might send you an email. You do not have an option to opt out of these emails, which are not promotional in nature.
Transfers and Disclosures of Personal Information
As a matter of practice, HCR Software does not disclose, trade, rent, sell or otherwise transfer personal information provided to us, except as set out in this Privacy Statement and, in the case of information provided to us via HCR Software CompensationXL, also as provided in our agreement with HCR Software with our customer.
HCR Software will offer individuals the opportunity to choose (opt-out) whether their personal information is (a) to be disclosed to a non-agent third party, or (b) to be used for a purpose other than the purpose for which it was originally collected or subsequently authorized by the individual. HCR Software will provide individuals with reasonable mechanisms to exercise their choices.
With respect to both CompensationXL and our Website, the following applies:
We may disclose or transfer personal information to our partners, consultants and suppliers who provide services on our behalf (collectively, our “service providers”). Our service providers are given only the information they need to perform their designated functions, and we do not authorize them to use or disclose personal information for their own purposes.
These services may include:
• Providing and managing cloud computing infrastructure
• Monitoring and Securing cloud computing infrastructure
• Fulfilling subscription services and ensuring the resilience of data transfers to subsequent third parties are covered by the service agreements with our Customers.
Commitment to subject to the Principles
We subject to the Principles all European and Swiss Services Personal Data that we receive from the EEA and Switzerland in reliance on the respective Data Privacy Framework. We also receive some data in reliance on other compliance mechanisms, including data processing agreements based on the EU Standard Contractual Clauses.
Type of third parties to which we disclose personal data and purposes:
As a data processor, HCR Software will disclose Services Personal Data only as instructed by the data controller. In some cases we may share Services Personal Data with our subcontractors to provide the HCR Software service to our Customers. If HCR Software goes through a business transition, such as a merger, acquisition by another company or sale of all or a portion of its assets. In all cases, Services Personal Data may only be transferred in accordance with the Customer agreement. In such an event, you will be notified via email and/or a prominent notice on our website of any change in ownership, incompatible new uses of your personal data, and choices you may have regarding your personal data.
If a third party service provider providing services on HCR Software’s behalf processes personal data from the EEA or Switzerland in a manner inconsistent with the Data Privacy Framework Principles, HCR Software will be liable unless we can prove that we are not responsible for the event giving rise to the damages.
EU–U.S. Data Privacy Framework with UK Extension, and Swiss -U.S. Data Privacy Framework.
To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/.
HCR Software is responsible for the processing of personal data it receives, under the DPF, and subsequently transfers to a third party acting as an agent on its behalf. HCR Software complies with the DPF Principles for all onward transfers of personal data from the EU, UK, and Switzerland, including the onward transfer liability provisions
The Federal Trade Commission [OR U.S. Department of Transportation] has jurisdiction over HCR Software’s compliance with the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF. In certain situations, HCR Software may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
In compliance with the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF, HCR Software commits to refer unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF to TRUSTe, an alternative dispute resolution provider based in the United States. If you do not receive timely acknowledgment of your DPF Principles-related complaint from us, or if we have not addressed your DPF Principles-related complaint to your satisfaction, please visit https://feedback-form.truste.com/watchdog/request for more information or to file a complaint. These dispute resolution services are provided at no cost to you.
For complaints regarding DPF compliance not resolved by any of the other DPF mechanisms, you have the possibility, under certain conditions, to invoke binding arbitration. Further information can be found on the official DPF website.
Information Related to Data Collected through the HCR Software CompensationXL
HCR Software collects personal data about EU and Swiss data subjects that our customers and their authorized users either enter into HCR Software’s Enterprise Applications or provide to HCR Software under a professional services engagement to be input into or accessed within the Service (collectively, “Services Personal Data”).
HCR Software acts as a data processor with respect to this data. HCR Software processes Services Personal Data to provide and support the Service for which the Customer has engaged HCR Software. HCR software processes Services Personal Data as instructed by its Customers, and does not control or own the Services Personal Data it processes.
Information Related to Data Collected for our Customers:
HCR Software collects information under the direction of its Customer, and has no direct relationship with the individuals whose personal data it processes. If you are a customer of one of our Customers and would no longer like to be contacted by one of our Customers that use our service, please contact the Customer that you interact with directly. We may transfer personal data to companies that help us provide our service. Transfers to subsequent third parties are covered by the service agreements with our Customers.
Legal Requirement to Disclose
With respect to personal data received or transferred pursuant to the Data Privacy Framework, HCR Software is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission. We and our service providers may provide personal information in response to a search warrant or other legally valid inquiry or order, or to an investigative body in the case of a breach of an agreement or contravention of law, or as otherwise required or permitted by applicable law.
We may also disclose personal information where necessary for the establishment, exercise or defense of legal claims and to investigate or prevent actual or suspect loss or harm to persons, data or property. In certain situations, we may be required to disclose your personal data as required by law, such as to comply with a subpoena or other legal process, when we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to a government request. In certain situations, HCR Software may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
HCR Software will notify Customer of such request unless prohibited by law.
We understand that data security is an important issue and we are committed to safeguarding the personal information provided to us, whether through CompensationXL or our Website. In addition, with respect to the personal information provided to us by way of our HCR Software CompensationXL, HCR Software has implemented information security program that includes written policies and procedures, and security controls, as further described in our Information Security White Paper which is available upon request. We follow generally accepted standards to protect the personal information submitted to us, both during transmission and once it is received. If you have any questions about the security of your personal information, you can contact us at [email protected].
As a data processor serving many multi-national companies with employees in the EU, HCR Software is committed to full compliance with GDPR regulations and the protection of our customers’ human resources data. In the context of GDPR and with respect to personal data, HCR Software is a data processor acting on behalf of and under the direction of our customers, who are the data controllers. When HCR Software processes data received from a customer or prospective customer, HCR Software does so only pursuant to the customer’s or prospective customer’s instructions and prior authorization.
To ensure that EU citizens are able to exercise their data privacy rights, HCR Software’s data protection officer coordinates heavily with our customers’ data protection officers and, where appropriate, their EU member representatives. EU citizens with privacy concerns may contact our data protection officer from our website.
Retention and Storage
1. HCR Software CompensationXL Personal information provided to HCR Software by way of our cloud-based compensation management services offerings is stored in the United States. We will retain personal data we process on behalf of our Customers for as long as needed to provide the Services covered under our agreement. HCR Software. will retain this personal information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.
2. Website & Other Personal information that we collect via our Website or other means may be transferred to, stored and processed at various locations around the world, by staff who work for us or for one of our service providers. Such staff may be engaged in, among other things, providing demos, managing contests or other promotions and making hiring decisions on behalf of HCR Software. We may retain your information for as long as your account is active or as needed to provide you services, comply with our legal obligations, resolve disputes and enforce our agreements.
Accuracy and Access
Access to Data Controlled by our HCR Software Customers:
HCR Software acknowledges that you have the right to access your personal information. HCR Software has no direct relationship with the individuals whose personal data it processes. HCR Software’s Customers, not HCR Software, control what personal information is contained in CompensationXL. Accordingly, if we receive a request from an individual to access, update, delete or update personal information we maintain on behalf of a particular customer as part of our cloud-based talent management services offerings, we will direct that individual to the relevant HCR Software customer for assistance. If requested to remove data we will respond within a reasonable timeframe.
Access to Data Submitted via our Website:
Upon request HCR Software will provide you with information about whether we hold any of your personal information. If you submit personal information via our Website or otherwise provide us with your personal information, you may request access, updating or correction of your personal information by submitting a written request and satisfactory identification to our Privacy Officer (see “Contact Us” below). If you find any errors in your personal information, please contact our Privacy Officer as soon as possible. We will respond to your request within a reasonable timeframe.
Changes to this Privacy Statement
This Privacy Statement may be updated periodically to reflect changes to our personal information practices. The revised Privacy Statement will be posted on this Website. If we make any material changes we will notify you by email (sent to the e-mail address specified in your account) or by means of a notice on this website prior to the change becoming effective. We encourage you to periodically check this Privacy Statement to ensure that you are aware of the most recent version.
HCR Software has appointed a Chief Privacy Officer responsible for overseeing the implementation of the privacy program in the organization. Please contact the Privacy Officer with any questions or concerns that you may have about this Privacy Statement or our personal information practices. Our Privacy Officer may be contacted via email at [email protected].
If you have an unresolved EEA or Swiss privacy or data use concern involving HR data that we have not addressed satisfactorily, please contact the relevant EU data protection authority or the Swiss Federal Data Protection and Information Commissioner, as applicable.
Privacy Statement was last updated on August 30, 2023