Privacy and Security Policy

As of July 2023, the EU-U.S. Data Privacy Framework (“DPF”) Principles, including the Supplemental Principles and Annex I of the Principles, (collectively, “2023 Framework”) became effective. We continue to monitor developments on the United Kingdom (Data Bridge) and Swiss adoption of the 2023 Framework. Spark Hire expressly commits to the principles of the EU-US DPF, Swiss-US DPF, as well as the interim UK-US extension and/or bridge (collectively, “DPF Frameworks”).

Previously, when the European Union Court of Justice (“ECJ”) held the EU-US Privacy Shield arrangement to be insufficient to guarantee the privacy of EU citizens with respect to information collected by companies in the United States in 2021, Spark Hire remained compliance with the Privacy Shield which remained active in the United States.

Spark Hire has always respected the privacy of its customers – regardless of a specific arrangement or framework. Spark Hire has also always strived to maintain a high level of privacy protection and, with respect to our EU customers, including compliance with EU data protection laws (currently, the General Data Protection Regulation (“GDPR”)) and the use of Standard Contractual Clauses (SCCs). In the same decision invalidating the Privacy Shield, the ECJ held the SCCs to be sufficient. Based on the foregoing, and because Spark Hire made representations to authorities in the United States with respect to Privacy Shield (including the inclusion of certain language), we continued to reference Privacy Shield in our policies and continue to adhere to its principles. At the same time, Spark Hire shall continue to abide by the GDPR and enter into SCCs with any business customer – particularly our EU business customers – to ensure them and their EU customers that Spark Hire will adequately protect the privacy of their information. Should you have any questions, please direct them to [email protected].

Since its inception, Spark Hire has valued the trust its customers place in it to professionally and securely provide services and store data related to their employment and recruiting. With this trust in mind, Spark Hire invested time and resources to become compliant with the programs that bridged the gap between United States and European Union privacy laws. Spark Hire also examines the developing law in jurisdictions outside the U.S. and EU. In this context, Spark Hire decided to become compliant with the General Data Protection Regulation that became effective in the EU in May 2018. Also, should any business customer – particularly any EU business customer – request that Spark Hire enter into a supplemental SCC, Spark Hire has and will continue to accommodate such a request. Finally, Spark Hire adheres to the Privacy Shield Principles.

In our efforts to heighten the protections we provide our customers around the world, we regularly implement new changes to our policies and practices. We will keep you informed as we do so.

As always, if you have any questions or concerns about our handling of your personal information, you may contact our privacy officer at [email protected].

This Privacy and Security Policy is provided for the benefit of customers and clients of Spark Hire, Inc. (“Spark Hire”) as well as other consumers and parties who seek information from or about Spark Hire and/or its website(s), particularly sparkhire.com (“Website” or “sparkhire.com”), and/or applications (“Apps”) (collectively, “Spark Hire Services”).

1. OPENING STATEMENTS

1.1 Definitions.

Across its various policies, applications, and Website, Spark Hire strives to use the same definitions for particular terms. By doing so, Spark Hire seeks to make its policies and governing documents consistent and user-friendly. For this reason, Spark Hire provides the definitions for these terms in one location and directs you to our Terms of Use for such definitions.

1.2 Our Commitment to Privacy

At Spark Hire, we respect the privacy and the confidentiality of our customers’ information, particularly our customers’ PII (also commonly referred to as personally identifiable information) (“PII”). We are committed to keeping confidential the PII you share with us. This Privacy and Security Policy explains how Spark Hire collects, uses, discloses and protects the information we obtain.

1.3 Applicability of Privacy and Security Policy

Our Privacy and Security Policy applies to all individuals and entities from whom or for the benefit of whom we receive PII, whether it be collected through our corporate owned websites; Apps; traditional mailing and/or faxing channels; telephone or electronic communications; from some other medium; and/or from our clients.

1.4 Website and Apps Not Directed to Minors

The Website is a professional website directed toward employers and staffing companies (either directly as customers of Spark Hire or through Staffing Customers that use Spark Hire Services) seeking to interview and/or hire individual panelists, individual job seekers, individual consultants, or consultant groups or consultant groups for employment. In this context, the website also accepts individuals as customers who respond to certain invitations to use Spark Hire Services. As such, an individual must be aged sixteen (16) or over to create an account through the Website. As such, the Website is not directed toward children or minors. This also applies to all Spark Hire Apps.

1.5 EU-US and Swiss-US 2023 Data Privacy Framework, Privacy Shield, and GDPR.

Spark Hire values the trust its European Union (“EU”) customers place in it to professionally and securely provide services and store data. As such, Spark Hire maintains an ongoing commitment to EU privacy laws and policies. In fact, Spark Hire maintains an ongoing commitment to treat all personal data received, from the European Union or elsewhere, under the principles of the EU General Data Protection Regulation (“GDPR”).

As noted above, Spark Hire has consistently sought certification and complied with the frameworks developed by the EU-U.S. governments relating to data privacy. This include the Safe Harbor, Privacy Shield, and the 2023 DPF Frameworks. Even when the ECJ invalidated the Privacy Shield framework, Spark Hire continued to certify to the United States Department of Commerce that it adheres to the Privacy Shield Principles. It shall continue to do so and shall continue to refer to such principles in its policies. To learn more about the Privacy Shield program, please visit https://www.privacyshield.gov/. A list of Privacy Shield compliant entities can be found at https://www.privacyshield.gov/list.

Spark Hire commits to and shall comply with the 2023 DPF Frameworks. To learn more about the 2023 Data Privacy Framework, please visit https://www.dataprivacyframework.gov/. To search a list of 2023 Data Privacy Framework compliant entities, please visit https://www.dataprivacyframework.gov/s/participant-search. Spark Hire will cooperate with the United States Department of Commerce International Trade Administration (“ITA”) on any DPF matters. Further, if the ITA finds issue with Spark Hire’s compliance with 2023 DPF Frameworks, Spark Hire shall make public any such reports.

Additionally, Spark Hire has proceeded one step further in its efforts to meet the heightened requirements of EU data protection. Spark Hire makes every effort to comply fully with the applicable principles of the EU GDPR. It also enters into SCCs with any business customer that wishes to do so.

It also subjects itself to the investigatory and enforcement powers of the Federal Trade Commission, Department of Commerce, Department of Transportation, and/or any other applicable enforcement and/or investigatory authority.

2. PERSONAL INFORMATION COLLECTED AND HOW IT IS USED

2.1 Personally Identifiable Information or PII

is any information that would, by itself, identify you or tend to identify you as a particular individual or entity. This PII may include, but not be limited to, your name, your address, credit card number, bank account information, and/or personal identification number (such as a social security number or driver’s license number). Where you participate in interviews and/or recorded interviews, this will also include your voice.

2.1.1 PII does not include any public information that is readily attainable through federal, state or local public record distribution channels.

2.1.2 PII does not include any information that, by itself, could not identify you as a particular individual or entity.

2.1.3 PII also does not include raw data that becomes aggregated for statistical purposes and cannot, thereafter, be identified with you as a unique individual or entity.

2.1.4 Spark Hire does consider your Internet Protocol (“IP”) address to be PII and will treat it as such.

2.2 Information Collected

2.2.1 Spark Hire collects information that is considered PII and other information that, by itself, would not be considered personally identifiable information (“Non-PII”).

2.2.2 When you create an account and register for any of our Spark Hire Services (whether through a Website, App, or other portal), we collect information submitted by you including, but not limited to, your full name, company name (if applicable), email address, phone number, and IP address. We use this information to identify our customers and send notifications related to the use of our Spark Hire Services. We reserve the right to request additional information from you.

2.2.3 For our business customers, Spark Hire shall also collect information relating to one or more of your financial accounts for purposes of processing payments to provide you with Spark Hire Services. This information may likely contain both PII and Non-PII depending on the nature of the account holder information.

2.2.4 Spark Hire provides its services for free to individuals invited to use Spark Hire by one of its business customers. As this constitutes the only basis for which individuals can use Spark Hire Services at this time, there exists no reason for an individual customer to provide financial information to Spark Hire or any of its business customers inviting such individuals to use Spark Hire Services. Based on the foregoing, business customers of Spark Hire are expressly prohibited from requesting and/or collecting consumer financial information through any Spark Hire Services. Should any consumer be requested to provide such information, please report it immediately to Spark Hire at [email protected].

2.3 Collecting and Using Personally Identifiable Information

2.3.1 Spark Hire will explain how it intends to use PII either before it collects the information (such as in this Privacy and Security Policy) or contemporaneously with the solicitation of such information. Exceptions may exist where the intended use is obvious to a reasonable person.

2.3.2 Generally, Spark Hire collects personal identifiable information when an individual registers with or uses any of the Spark Hire Services. This information typically includes, at a minimum, a full name, company name (if applicable), email address, phone number, mobile phone number, and any additional information provided by the account holder that could identify that account holder. For persons seeking employment, it should be recognized that a collection of information that would otherwise be considered non-PII could transform into PII (eg employment history, employment position at a company). Consequently, an individual account holder must be cautious in making public through any of the Spark Hire Services information that could identify them where they seek to keep private their search for employment. The same can be said of consultants and employers in certain circumstances.

2.3.3 We will use the PII collected only for the purposes explained to you. Further, we limit the collection of PII to only that information which is necessary for the purposes explained to you.

2.3.4 Generally, we use the PII collected and/or received about you in connection with our Apps, Website, Spark Hire Services, and their various features. We also use information collected and/or received about you in connection with other users and advertisers that purchase ads through the Apps or on the Website.

For example, we may use the information we receive about you (a) as part of our efforts to keep Spark Hire safe and secure; (b) to provide Spark Hire Services; (c) to make suggestions to you and other users on Spark Hire; and (d) provide support.

Granting us this permission not only allows us to provide Spark Hire as it exists today, but it also allows us to provide you with innovative features and services we develop in the future that use the PII we receive about you in new ways.

We may use your PII to communicate with you for the foregoing and other reasons by email, text message, phone call, or other electronic, written or oral communication method, unless you expressly indicate to Spark Hire not to use a particular method of communication.

While you are allowing us to use the PII we receive about you, you always own all of your information. Your trust is important to us, which is why we don’t share PII we receive about you with others unless we have received your express permission for the information to be used for such purpose.

Additionally, we may use aggregated information derived from PII to improve the Spark Hire Services and any related matters thereto.

2.3.5 Unless we are required to do so by law, we shall not obtain your consent before collecting PII about you from parties other than Spark Hire. Rather, Spark Hire shall presume that you have previously provided such consent to any such third party from whom Spark Hire obtains such information. This only applies to information provided by third parties to Spark Hire. Spark Hire does not provide third parties with access to your account information and only shares your information with third parties where we have your consent to do so.

2.3.6 In the normal course of its business operations, Spark Hire restricts the use of your PII to Spark Hire’s personnel and its Strategic Partners. However, by using Spark Hire Services, you may necessarily disclose PII to potential employers and Staffing Customers when they access your information, profiles, interviews, and other Content. Indeed, as individuals will only be using Spark Hire Services at the invitation of an employer or staffing company, you necessarily will be providing such entity with information when you respond to the invitation.

2.3.7 Where an Employer or Staffing Customer asks an Individual Customer for references, the names of any references provided as well as information obtained from those references will be provided to the requesting Employer or Staffing Customer. Spark Hire has no control over information provided by third parties to the Employer or Staffing Customers. Further, Spark Hire will not monitor such information. Spark Hire expressly encourages Individual Customers to choose wisely the individuals you provide as references. Please see our Terms of Use for more information on the terms governing references .

2.3.8 We shall not sell your PII in the normal course of business operations. Should all or any part of Spark Hire’s business operations be sold, this paragraph shall not by itself restrict the transfer of your PII as part of the Website sold to a third party. However, the ability to transfer such information may be governed by law in your applicable jurisdiction. In such cases, Spark Hire shall comply with applicable law, provide notice, and seek consent prior to any such transfer.

2.3.9 We may also use the PII you provide in registering with and using Spark Hire to inform you by electronic mail, phone, text or other communication method of additional products and services about which you might be interested, which may include our periodic e-newsletters and other promotional communications from Spark Hire.

2.4 Disclosing Personal Information

2.4.1 We do not share PII we obtain from your use of our Spark Hire Services with others except as described in this Privacy Policy and the Terms of Use.

2.4.2 General.

2.4.2.1 Spark Hire may use PII in the normal course of providing the Spark Hire Services; to operate or improve the Apps, Website and/or Spark Hire Services; to outsource certain services to Strategic Partners; to complete a transaction that has been requested; to develop aggregate information; and/or as otherwise disclosed to you.

2.4.2.2 Spark Hire may provide PII to other persons where (a) we have your consent; (b) the disclosure is necessary to complete a transaction requested; (c) we have obtained information from a third party (presuming that you have previously provided such consent to any such third party from whom Spark Hire obtains such information); (d) we are required or permitted to do so by law; (e) the Apps, Website and/or Spark Hire Services are used in a manner that violates the Terms of Use or used for purposes other than those for which they were specifically intended; and/or (f) the terms of this Privacy and Security Policy and/or the Terms of Use otherwise permit and/or provide for such disclosure.

2.4.2.3 In particular, by the very nature of the Spark Hire Services, information submitted by our customers seeking employment or employees will be shared with other customers as applicable to the customers’ particular use of Spark Hire Services.

2.4.2.4 Additionally, Staffing Customers that use Spark Hire Services may provide their employer customers, Third-Party Customers, limited information about Spark Hire customers for the specific purpose of matching individuals using Spark Hire Services to the needs of their employer Third-Party Customers. In some cases, Third-Party Customers may not be Spark Hire Customers. Spark Hire requires its Staffing Customers to ensure that their Third-Party Customers agree to process the information at the same level of privacy protection as provided by Spark Hire to its customers. Upon notice of unauthorized processing by Third-Party Customers or Spark Hire Customers, Spark Hire will take reasonable and appropriate steps to stop and remediate unauthorized processing.

2.4.2.5 In some cases, Spark Hire Customers may be able to download your videos and other public information, including, but not limited to, (a) references obtained from third parties and/or (b) transcripts from videos and/or interviews obtained through Spark Hire Services, and store them on their computers and servers. Other Spark Hire Customers may also be able to use shared links by which they provide related parties who might not also be Spark Hire Customers access to your content.

2.4.3 Strategic Partners. Spark Hire may employ, engage or retain certain trusted third parties (“Strategic Partners”) to perform functions and/or provide services on its behalf, such as web hosting, integrated services, transcript production, or advertising. Spark Hire will share PII with these Strategic Partners only to the extent necessary to perform the functions and/or provide the services for which they have been employed, engaged or retained. Spark Hire shall also secure contractual obligations from our Strategic Partners to maintain the privacy and security of the PII shared with them at the same level of privacy protection as provided by Spark Hire to its customers. Upon notice of unauthorized processing by a Strategic Partner, Spark Hire will take reasonable and appropriate steps to stop and remediate unauthorized processing. Some of the Strategic Partners that may receive access to your PII to provide the Spark Hire Services have been listed below.

2.4.4 Business Transfers. Spark Hire reserves the right to sell, transfer or otherwise share some or all of its assets, including PII, in connection with a sale of assets; a merger, acquisition, or reorganization; or, filing for bankruptcy. You will have the opportunity to opt out of any such transfer if the planned processing of your information by the purchaser differs materially from that set forth in this Privacy and Security Policy.

2.4.5 Legal Compliance. Spark Hire may be required to disclose any information about you and/or Content created by you in response to lawful requests by public authorities, including to meet national security or law enforcement requirements. We may also disclose any information about you and/or Content created by you as we, in our sole discretion, believe necessary or appropriate to: (1) comply with an order from a court of competent jurisdiction, regulatory agency, and/or other governmental authority; (2) respond to claims, court orders, or other legal process (including subpoenas); (3) to enforce the terms of this and other Spark Hire agreements as well as to protect the property and rights of Spark Hire, its Strategic Partners or other third parties; (4) to protect, in Spark Hire’s sole discretion, the public or any person from harm; (5) to investigate, prevent, stop, or take other action regarding any action perceived to be fraudulent, illegal, unethical, or legally actionable in Spark Hire’s sole discretion; and/or, generally, (6) to comply with the law.

2.4.6 Notice. Unless restricted from doing so, Spark Hire will attempt to notify you before it releases any of your PII or Content pursuant to (1) and (2) in paragraph 2.4.5 only. In such cases, Spark Hire will also provide you with general information on how you may seek to block such a release of information and/or direct you to resources that can provide such general information. The provision of such general information to you is not and should not be construed as providing you with legal advice. Additionally, Spark Hire is under no other obligation to assist you in challenging or opposing a release of your information

2.4.7 Onward Transfer Liability. 2.4.7 Onward Transfer Liability. Spark Hire may be liable for onward transfers of personal data to third parties in violation of this policy, the DPF Frameworks, Privacy Shield, and other legal and contractual obligations to which it agrees.

2.5 Non-Personally Identifiable Information

2.5.1 In addition to collecting PII as previously described, Spark Hire also collects other non-PII.

2.5.2 Non-PII collected by Spark Hire may be utilized without restriction

2.5.3 Although non-PII can be used in a number of ways, you can be assured that the use of the non-PII cannot identify you as a particular individual.

2.5.4 Because non-PII cannot be used to identify you, Spark Hire may in its discretion provide non-PII to other persons or entities.

Information Obtained From Use of Spark Hire’s Websites

2.6. Cookies

2.6.1. Cookies can be defined as bits of data stored on your computer that allow website(s) to identify your browser and session.

2.6.1.2. If you reject all cookies, you may not be able to use the Spark Hire Services or products that require you to “sign in” and you may not be able to take full advantage of all offerings.

2.6.1.3. Most web browsers automatically accept and collect Cookies. However, most browsers also allow you to configure them to accept all cookies, reject all cookies, or notify you when a cookie is set. Depending upon your web browser’s security settings, you may have the ability to reject all cookies.

2.6.1.4 The Spark Hire Website uses its own cookies for a number of purposes including, but not limited to:

A. Requiring you to re-enter your password after a certain period of time has elapsed to protect you against others accidentally accessing your account contents;

B. Keep track of preferences specified by our users while using the Spark Hire Website;

C. Estimate and report our total audience size and traffic; and,

D. Conduct research to improve the content and services provided on the Spark Hire Website.

E. Identify to Third Parties that you have visited our Website

2.6.1.5. Many of our Strategic Partners may use Cookies. Spark Hire maintains no control over the use of Cookies by our strategic partners and third-party advertisers. For information on how these third parties utilize Cookies collected, you should examine their respective privacy policies.

2.6.1.6 More specifically, when you use Spark Hire Services, cookies may be placed on your computing device that informs third parties you visited our services. Because of this, you may receive advertisements relating to Spark Hire. Although Spark Hire provides these ads to third parties and requests that they be placed when the advertising services find our cookies, we do not control the timing, location, and placement of the ads. So, though Spark Hire controls generally when and to what type of individual or cookie receives an ad, we do not control whether a specific user or consumer receives an ad. Should you wish to cease receiving such advertisements, you should opt out of these re-targeting services directly on the third party websites or platforms where possible.

2.6.2. Google AdWords Marketing

2.6.2.1. Spark Hire may use, from time to time, Google Adwords marketing campaigns to promote its products and services. In particular, Spark Hire intends to use Google AdWords “Remarketing” campaigns

2.6.2.2. In using Google Adwords marketing campaigns, Google will place a cookie on your computer when you visit Spark Hire’s website(s). As you leave Spark Hire’s website(s), this cookie will later enable banners and other materials to appear through which you can return to Spark Hire’s website(s).

2.6.2.3. The foregoing being said, through the use of any Google AdWords marketing campaign, Spark Hire:

A. SHALL NOT run an interest-based advertising campaign that collects PII;

B. SHALL NOT use or associate PII with remarketing lists, cookies, data feeds, or other anonymous identifiers;

C. SHALL NOT use or associate targeting information, such as demographics or location, with any PII collected from any Google AdWords ad or landing page associated with it;

D. SHALL NOT target children under the age of 13 through any Google AdWords campaign;

E. SHALL NOT share any PII with Google through Spark Hire’s remarketing tag or any product data feeds which might be associated with Spark Hire’s ads;

F. SHALL NOT, when creating a remarketing list, use any sensitive information (as defined by Google), or products associated with such sensitive information, about visitors to Spark Hire’s Website(s), any of its Webpages, or Apps, whether Spark Hire collected it directly or associated it with a visitor, based on the visitor’s profile or behavior on Spark Hire’s website(s), webpages, and/or through its Apps;

G. SHALL NOT create a remarketing list or ad that seeks to reach people through prohibited methods; and,

H. SHALL NOT create or produce ad content that implies knowledge of PII or sensitive information.

2.6.2.4. Spark Hire has no objection to Google providing notice or labels to disclose interest-based advertising to its users.

2.6.2.5. Spark Hire has no objection to Google displaying to its users the remarketing lists, including those of Spark Hire, upon which they appear.

2.6.2.6. For your protection, Google will not disclose Spark Hire remarketing lists or other similar audience lists to another advertiser without Spark Hire’s consent. At this time, Spark Hire shall not permit such disclosures.

2.6.3. Browser and Session Information

Spark Hire may collect information about your browser and session at the Website and/or using the Website Services.

2.6.4. IP Addresses

2.6.4.1. Spark Hire maintains a log of Internet Protocol (IP) addresses when Spark Hire computers, servers, Services, and/or websites (including, the Website) have been accessed. An IP address by itself does not allow us to collect additional PII about you.

2.6.4.2. IP addresses may be used for various purposes including, but not limited to:

A. Diagnose and prevent service or technology problems reported by our users or engineers that are associated with the IP addresses controlled by a specific web company or ISP;

B. Estimate the total number of users visiting a Spark Hire computer, server and/or website from specific geographical regions.

C. Help determine which users have access privileges to certain content, services or resources offered; and,

D. Monitor and prevent fraud and abuse.

2.6.4.3. OTHER THAN YOUR IP ADDRESS, SPARK HIRE DOES NOT DIRECTLY COLLECT ANY PERSONALLY IDENTIFIABLE INFORMATION ABOUT YOU UNLESS YOU VOLUNTARILY PROVIDE US WITH THIS INFORMATION.

2.7 Data Retention

2.7.1. Spark Hire shall use commercially reasonable efforts to maintain storage information subject to the terms of this Privacy and Security Policy and the Terms of Use.

2.7.2. The length of time for which Spark Hire retains PII and other information will vary depending on the nature of the services for which the information has been collected and the nature of the information.

2.7.3. Although this period may extend beyond the end of your relationship with Spark Hire, it will be retained for only so long as necessary for Spark Hire to respond to any issues arising from your relationship with Spark Hire.

2.7.4. When Spark Hire no longer needs or requires your personal information in the normal course of business operations and/or due diligence, or where a business customer no longer needs or requires your personal information and either consents or requests to the deletion of such content, Spark Hire will destroy, delete, erase or convert information to an anonymous form without notice to you.

2.7.5. Depending on the package of services purchased, Spark Hire may delete information including, but not limited to, stored messages, interviews, videos, audio, other content, and records of your account without notice to you. Spark Hire recommends that you back up on your own computer any critical and important information prior to allowing your Spark Hire Services to terminate or expire.

2.7.6. Should your account be terminated, Spark Hire may immediately and permanently delete all stored messages, interviews, videos, audio, other content, and records of your account without notice to you.

2.7.7 The foregoing being said, the employer or staffing company for whom you have provided information may be required to retain information beyond Spark Hire’s direct use of such information. Because of this, Spark Hire must defer to the specific employer or staffing companies’ retention requirements.

2.7.8 Should Spark Hire leave the DPF, it shall continue to comply with the DPF Frameworks as to data subject to the DPF Frameworks and collected prior to such departure or, alternatively, delete the data.

3. CONSENT

3.1. Spark Hire may obtain personal information about you through a variety of sources. For each source or method, the manner of consent may differ.

3.2. In general, Spark Hire operates on an “Opt-IN” basis. That is, Spark Hire will obtain your consent to use information provided to it by describing the intended use and requesting that you indicate your agreement.

3.3. At any time, you may expressly inform Spark Hire you do not wish your information to be used in a particular manner through account settings. While there is no penalty to change your settings, Spark Hire may not be able to provide certain services without the ability to use your information in particular internal settings.

3.4. Where Spark Hire obtains information about a consumer from its customers or other third parties, Spark Hire presumes that the consumer has previously provided appropriate consent to the party from whom Spark Hire obtains the information. In any case, the consumer can be assured that this Privacy and Security Policy applies to any information obtained from a third party.

With respect to references, if an Individual Customer provides a requesting Employer or Staffing Customer with the names of third party references, Spark Hire presume you authorize the provision of such information through our Spark Hire Services to our third-party Strategic Partner(s) who handle references requests as well as the requesting Employer or Staffing Customer. Moreover, Spark Hire also presumes such Individual Customer authorizes any information about you from such third party references to be shared with the requesting parties through Spark Hire Services.

With respect to videos, video interviews, and/or video content (collectively, “Video Content”), Spark Hire presumes that the Individual Customer providing information about themselves in such Video Content consents to the sharing of information with the applicable Employer and Staffing Customers. Further, as Spark Hire may provide the ability to obtain transcripts of such Video Content, the Individual Customer consents to the sharing of such information by video or transcript format.

3.5 If Spark Hire sent you an initial SMS message(s) inviting you to create a Spark Hire Account with respect to an employment opportunity, Spark Hire obtained your mobile number from an employer and/or staffing company who also represented to Spark Hire that it obtained your consent to send SMS messages in relation to the employment opportunity and that this consent extended to Spark Hire. For any SMS messages Spark Hire sends you following the creation of your Spark Hire Account, you provided consent by the Terms of Use and/or express consent provided to Spark Hire. At any time, you may decline to receive SMS messages.

3.6 You have the right to object to targeted marketing.

3.7 Control of your Personal Data. For any of the various ways in which you can control your personal data, particularly by limiting the collection, use, disclosure, and retention of your personal data (including, but not limited to, as described in sections 2.3.4, 2.4.6, 3.2, 3.3, 3.4, 4.1, 4.2, and 4,5), Spark Hire has a designated Privacy Officer to which you should submit all inquiries and requests at [email protected].. This is the most efficient means of submitting a request. Our Privacy Officer and legal counsel both receive emails sent to [email protected]..

You also have the limited ability to change aspects of your information through your account.

Finally, we direct you specifically to our limitations on deleting information described in 4.5.

4. ACCESS

4.1 You have the right to access your personal data. Subject to certain limitations imposed by applicable privacy laws, you have the right to request that Spark Hire provide you with a copy of your account and/or personal information and/or information regarding how we have used that personal information.

 

4.2 Any requests for access to information should be directed to our Privacy Officer at the contact information provided below.

 

4.3 We will make every effort to respond to your request in a reasonable timeframe consistent with applicable law.

 

4.4. We provide you the means to correct much information that Spark Hire may have about you. Where you cannot change incorrect information about you in our system, you may request incorrect information to be corrected at any time by contacting [email protected].

 

4.5. We respect the right to delete information. However, as the employer or staffing company has obtained such information for their purposes and Spark Hire serves as a Data Processor (AND NOT Data Controller), any requests for deletion of data made to Spark Hire will be forwarded to the relevant data controller for handling.

 

5. SECURITY

5.1. Spark Hire takes the issue of protecting your anonymity and personal information very seriously. Spark Hire protects the information it obtains about you with appropriate, commercially reasonable safeguards and security measures consistent with standard information practices. These measures include commercially reasonable technical and procedural steps to protect your data from misuse, unauthorized access or disclosure, loss, alteration, or destruction.

5.2 For security purposes, Spark Hire does not disclose all of its security measures. Be assured that Spark Hire does employ commercially reasonable industry standard measures to protect your information. Spark Hire may routinely complete audits of its systems.

5.3 Data Breaches.

5.3.1 Should there ever be a data breach of Spark Hire, Spark Hire shall inform (a) its data controllers, (b) the owner or licensee of any breached information, or (c) as otherwise required by law. Given Spark Hire operates as a data processor for employers and/or staffing companies that operate as data controllers, and given consumers or data subjects provide Spark Hire their personal information in connection with a specific employer(s) or staffing company(ies), Spark Hire shall most often inform the applicable employers and staffing companies as the data controllers. For our European Union customers, in particular, this will be the case. In such cases, the disclosure to the consumer or data subject will be from the applicable data controllers (eg the employers or staffing customers). In other circumstances, Spark Hire may disclose a data breach to the owner or licensee of such information or as otherwise required by law. This may, at times, include disclosure to data subjects.

5.3.2 When Spark Hire informs any data controller of a breach of data or information held by Spark Hire as their data processor, the data controller shall within five (5) business days of being so informed (a) make a determination whether such data breach must be reported under applicable law and, where the data controller determines such data breach to be reportable, (b) report such data breach to the relevant authorities and data subjects.

5.3.3 Further, the data controller shall hold harmless and indemnify Spark Hire from any claims arising from a delay or failure to report such breach to data subjects. This indemnification includes a duty to defend.

5.3.4 Following any disclosure by the data controller to the relevant authorities and/or data subjects pursuant to 5.3.2, the data controller shall inform Spark Hire that such disclosure has occurred.

5.3.5 By using Spark Hire, each data controller agrees to these terms. Where an owner or licensee of consumer data is neither a data controller or data subject, such owner or licensee agrees to these terms as well.

5.4 Bug Bounty.

5.4.1 Security researchers who have found bugs on our platform are encouraged to report their findings to [email protected] and may be eligible for a reward in the case of valid vulnerabilities. For more information on our bug bounty program, please read our Bug Bounty Policy. When you’ve found a vulnerability, please consider the following:

A) Ensure the vulnerability relates directly to Spark Hire or an official library. Although we’ll try to help, we can’t be responsible for issues that arise in libraries written by third-party developers. Those questions are best suited to individual library authors.

B) Disclose the vulnerability safely and discreetly. Once you find a vulnerability, get in touch and report it to us quickly. Please avoid making details of the vulnerability public.

C) Don’t exploit the vulnerability to negatively affect other users. If you’ve discovered a vulnerability that could negatively impact other users, please report it to us immediately and avoid testing it on anyone else.

D) Provide as much information as possible. The more information you send our way, the easier it is to verify the validity of a security report. Screenshots, video recordings, and detailed steps to reproduce your experience tend to be the best ways of conveying the vulnerability.

6. DISPUTE RESOLUTION

6.1 Should you have any complaints with respect to Spark Hire Services’ compliance with our Privacy and Security Policy, our commitments under the DPF Frameworks and Privacy Shield, any applicable SCC obligations, and/or our GDPR commitments, we encourage you to contact us directly to resolve any such complaints. Spark Hire is committed to remedying any issues as they arise and expressly commits to resolve complaints about our collection or use of your personal information. We value our customers and their privacy. As such, this commitment reflects our general business philosophy but also complies with DPF Frameworks (and previously the Privacy Shield) and other applicable principles. Consequently, we want to hear from you should you have any issues regarding our privacy practices. You may send an email to [email protected]. Should we receive such an inquiry, we must respond to you within forty-five (45) days.

6.2 Spark Hire has further committed to refer to JAMS, an alternative dispute resolution provider located in the United States, any unresolved complaints with respect to Spark Hire Services’ compliance with our Privacy and Security Policy, our DPF Frameworks (and previously Privacy Shield) commitments, any applicable SCC obligations, and/or our GDPR commitments. If you do not receive timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your satisfaction, please contact or visit JAMS for more information:

JAMS
https://www.jamsadr.com/jams-chicago

You can submit a case or file a complaint at:
https://www.jamsadr.com/file-an-eu-us-privacy-shield-or-safe-harbor-claim

The services of JAMS are provided at no cost to you for any matters relating to the privacy of your data, our Privacy and Security Policy, our DPF Frameworks (and previously Privacy Shield) commitments, any applicable SCC obligations, and/or our GDPR commitments.

JAMS has been identified by us as an independent recourse mechanism to hear any such disputes.

6.3 Should you have any unresolved complaints with respect to Spark Hire Service’s compliance with our Privacy and Security Policy, our DPF Frameworks (and previously Privacy Shield) commitments, any applicable SCC obligations, and/or our GDPR commitments, you may also contact the Federal Trade Commission (“FTC”) (https://www.ftccomplaintassistant.gov/) as the appropriate statutory body that has jurisdiction over any claims related to our privacy practices. In fact, Spark Hire is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC). However, the FTC does not generally resolve individual consumer complaints.

6.4 For any of our European Union and UK customers, you also have the right to lodge a complaint with the applicable supervising authority. In compliance with the DPF Frameworks (and previously the Privacy Shield Framework), you may be able to invoke binding arbitration in the event of unresolved complaints.

6.5 For general cases unrelated to the privacy of your data, our Privacy and Security Policy, our DPF Frameworks (and previously Privacy Shield) commitments, any applicable SCC obligations, and/or our GDPR commitments, you can still file a complaint at with JAMS at https://www.jamsadr.com/about/submit-a-case. Please note that use of a private mediation service such as JAMS for complaints unrelated to the subjects specified in 6.1-6.4, you will likely require fees to be paid.

7. DISCLAIMER AS TO THIRD-PARTY CONTENT

Although our corporate owned websites may contain links to other third-party websites and/or may be advertised on such third-party websites, Spark Hire is not responsible for the privacy practices or the content of such websites and specifically disclaims any such responsibility. Spark Hire does not monitor the privacy practices or content of these websites. If you have any questions about the privacy practices of a website other than a Spark Hire owned website, you need to contact the Privacy Officer of the website about which you have a question.

As stated above, Spark Hire cannot control the targeted advertising you receive when you leave our Spark Hire Services. Depending on your settings, you may receive Spark Hire advertisements off of our website because your browser contains retained data from Spark Hire Services. While Spark Hire provides third parties with advertisements and your computing devices may retain data that you visited Spark Hire Services, we cannot control the computers or servers owned by third parties. You can adjust settings with some of these Third Parties to opt out of targeted advertising. You can also choose to use an incognito or other function that precludes retention of browser information. But. Modifications of your browser settings may affect the quality of Spark Hire Services you receive.

8. INCORPORATION OF OTHER APPLICABLE TERMS

8.1 Your use of our Apps, Website and Spark Hire Services is subject to this Privacy and Security Policy as well as the Terms of Use, the terms of which are incorporated into this Privacy and Security Policy by reference. You should carefully review the Terms of Use.

8.2 As a business customer of Spark Hire, you expressly agree that you shall and have met any and all requirements specified above that have been imposed upon it as to the quality and sufficiency of efforts to protect data and individual privacy.

8.3 DATA PROCESSING AGREEMENT (EU CUSTOMERS ONLY). For those Spark Hire customers using PII from EU residents, we include here as part of our Privacy and Security Policy our Data Processing Agreement.

8.4 STANDARD CONTRACTUAL CLAUSES (EU CUSTOMERS ONLY). For our EU Customers, we will provide a copy of the EY Standard Contractual Clauses upon request.

9. PRIVACY OF CHILDREN

We make it a practice not to knowingly obtain and/or retain information about individuals under the age of sixteen (16). Indeed, no part of Spark Hire Services is directed to anyone under the age of sixteen (16).

10. ADDITIONAL INFORMATION

10.1 When you post content on and/or through the Spark Hire Services, you have the ability to post content which may include personally identifiable information or PII about yourself. You are responsible for the information you (a) post online; (b) post through use of the Spark Hire Services; or, (c) share with another website that you link to from our Website. You do so at your own risk. Spark Hire warns you to be careful in posting information accessible to the public.

10.2 If you post personal information online that is accessible to the public, you may receive unsolicited messages from other parties or other unwanted and possibly harmful contact. Spark Hire warns you to be careful in posting information accessible to the public.

11. CUSTOMER OBLIGATIONS

11.1 By using the Spark Hire Services, you agree to use any information about any other Spark Hire Customer, particularly PII, obtained through Spark Hire Services in a manner consistent with the Terms of Use, this Privacy and Security Policy, and the privacy protections provided for in such policies.

12. REVISIONS TO PRIVACY AND SECURITY POLICY

12.1. Spark Hire reserves the right to revise, amend, or modify this Privacy and Security Policy, our Terms of Use, and other online policies and agreements at any time and in any manner.

12.2. Spark Hire shall provide notice of such changes by posting the revised policies to the applicable Spark Hire owned websites and by either (a) providing you a message the next time you login into your account or (b) sending you electronic mail to the email address you provided when creating your account.

12.3. With respect to this Privacy and Security Policy, you should visit our website at sparkhire.com from time to time to review the then-current terms. At any time, the current-posted policies govern and shall be binding.

13. CALIFORNIA CONSUMER PRIVACY ACT (“CCPA”)

13.1 Spark Hire continuously keeps abreast of privacy and security developments. And, while certain laws may not specifically apply to Spark Hire or its operations, it strives to implement best practices across its business operations.

13.2 California enacted the CCPA to protect the privacy of its consumers. The CCPA applies to businesses that meet certain criteria. While Spark Hire does not meet these criteria, Spark Hire nonetheless acknowledges the principles of the CCPA. In fact, Spark Hire has for some time reflected the principles of the CCPA in its business practices and policies. Specifically, our Privacy and Security Policy addresses the requirements of the CCPA.

13.3 Nonetheless, in this section, we emphasize certain of our business practices that align with specific aspects of the CCPA to make them more prominent for our California customers.

13.2 Subject to our Section 4.5 above, individuals have the right to request deletion of their personal information. You may request that your personal information be deleted at any time by contacting [email protected]. However, consistent with Section 4.5, the request for deletion of information will be sent to the applicable data controller.

13.3. Spark Hire will not discriminate against anyone for exercising their privacy rights provided under any law, particularly the CCPA. Indeed, Spark Hire does not discriminate against any of its customers.

13.4. Spark Hire does not provide financial incentives in exchange for the use of your personal data and does not sell your personal information.

For Additional Information or Questions, Contact Our Privacy Officer

Spark Hire has a designated Privacy Officer. If you have additional questions or concerns regarding how Spark Hire is managing or using your personal information, please send your concerns in writing to our Privacy Officer by e-mail at [email protected].

Revised: September 18, 2023

For those Spark Hire customers using PII from EU residents, we include below our Data Processing Agreement.


SCHEDULE 1

DATA PROCESSING AGREEMENT

For those Spark Hire customers using PII from EU residents, we include here as part of our Privacy and Security Policy our Data Processing Agreement.

INTRODUCTION

This Spark Hire Data Processing Agreement (“DPA”) reflects the parties’ agreement with respect to the terms governing the processing of personal data and is included as a subsection of the Spark Hire Privacy and Security Policy (“Privacy Policy”). As such, the terms of the Privacy and Security Policy and Spark Hire Terms of Use (“Terms of Use”) apply to this DPA.

In all cases, Spark Hire (“Processor”), or a third party acting on behalf of the Processor, acts as the processor of personal data and the employer or staffing company for whom Personally Identifiable Information (“PII”) is obtained from Individuals shall be the Controller. The terms of this DPA shall follow the terms of the Privacy Policy and the Terms of Use and any terms not otherwise defined in the DPA shall follow the definitions used in the Terms of Use.

THIS DPA INCLUDES:

(i) Standard Contractual Clauses, attached hereto as SCHEDULE 1.

  • (a) APPENDIX 1 to the Standard Contractual Clauses, specifying the types of personal data processed by Spark Hire.
  • (b) APPENDIX 2 to the Standard Contractual Clauses, which includes a description of the technical and organizational security measures implemented by Spark Hire.

(ii) List of Subcontractors, attached hereto as SCHEDULE 2.

1. Scope and Responsibility

The Processor will process personal data on behalf of Controller, as necessary to perform the services pursuant to the Privacy Policy, the DPA, and the Terms of Use (“Policies”). Processing shall include such actions as may be specified in the Policies.

The Processor will process personal data for the duration of the Policies and other relevant contracts unless otherwise agreed upon in writing.

The Controller shall be entitled to demand the modification, deletion, blocking and making available of personal data during and after the applicable term in accordance with the further specifications of such agreement on return and deletion of personal data.

The terms of this DPA shall equally apply if testing or maintenance of automatic processes or of processing equipment is performed on behalf of Controller, and access to personal data in such context cannot be excluded.

2. Obligations of Processor

The Processor shall collect, process and use personal data only within the scope of Controller’s instructions. If the Processor thinks that an instruction of the Controller infringes the E.U. General Data Protection Regulation, any applicable SCC obligations, and/or the any of the DPF Frameworks (previously, Privacy Shield) protections, it shall point this out to the Controller without delay.

The Processor shall structure the Processor’s internal corporate organization to ensure compliance with the E.U. General Data Protection Regulation, any applicable SCC obligations, and/or any of the DPF Frameworks (previously, Privacy Shield) protections. Such measures hereunder shall include, but not be limited to,

a) preventing unauthorized access to personal data processing systems (physical access control);

b) preventing unauthorized processing or use of personal data (logical access control);

c) ensuring that persons entitled to use a personal data processing system gain access only to such personal data as they are entitled to access, and that, in the course of processing or use and after storage, personal data cannot be read, copied, modified or deleted without authorization (data access control);

d) ensuring that personal data cannot be read, copied, modified or deleted without authorization during electronic transmission, transport or storage on storage media, and that the target entities for any transfer of personal data by means of data transmission facilities can be established and verified (data transfer control);

e) ensuring proper records are maintained to document whether and by whom personal data has been entered into, modified in, or removed from personal data processing systems (entry control);

f) ensuring that personal data is processed solely in accordance with the instructions of the Controller (control of instructions);

g) ensuring that personal data is protected against accidental destruction or loss (availability control);

h) ensuring that personal data collected for different purposes can be processed separately (separation control);

An overview of the above listed technical and organizational measures shall be attached to this DPA as APPENDIX 2.

The Processor shall ensure that any personnel entrusted with processing Controller’s personal data have undertaken to comply with the principle of data secrecy in accordance with the protections under the E.U. General Data Protection Regulation, any applicable SCC obligations, and/or any of the DPF Frameworks (previously, Privacy Shield), and have been duly instructed on them.

Spark Hire has identified a Data Protection Officer in its Privacy and Security Policy.

Processor shall, without undue delay, inform the Controller in case of a serious interruption of operations or violations by the Processor or persons employed by it of provisions to protect personal data or of terms specified in this DPA. In such an event, the Processor shall implement the measures necessary to secure the Personal Data and to mitigate potential adverse effects on the data subjects without undue delay.

The Controller shall retain title as to any carrier media provided to Processor as well as any copies or reproductions thereof. The Processor shall store such media safely and protect them against unauthorized access by third parties. The Processor shall, upon Controller’s request, provide to Controller all information on Controller’s personal data and personal information. Processor shall be obliged to securely delete any test and scrap material based on an instruction issued by the Controller on a case-by-case basis. Where the Controller so decides, the Processor shall hand over such material to the Controller or store it on the Controller’s behalf.

The Processor shall be obliged to audit and verify the fulfillment of the above-entitled obligations and shall maintain an adequate documentation of such verification.

3. Obligations of Controller

The Controller and the Processor shall be separately responsible for conforming with such statutory data protection regulations as are applicable to them in accordance with the protections under the E.U. General Data Protection Regulation, any applicable SCC obligations, and/or the DPF Frameworks (previously, Privacy Shield).

The Controller shall inform the Processor without undue delay and comprehensively about any errors or irregularities related to statutory provisions on the processing of personal data detected during a verification of the results of such processing.

The Controller shall, upon instruction or termination or expiration of the Terms, stipulate, within a period of time set by the Processor, the reasonable measures to return data carrier media or to delete stored data.

4. Enquiries by Data Subjects to Controller

Where the Controller, based upon applicable data protection law, is obliged to provide information to an individual about the collection, processing or use or its personal data, the Processor shall assist the Controller in making this information available, provided that: (i) the Controller has instructed the Processor in writing to do so, and (ii) the Controller reimburses the Processor for the costs arising from this assistance.

Where a data subject requests the Processor to correct, delete or block personal data, the Processor shall refer such data subject to the Controller.

5. Subcontractors

The Processor shall be entitled to subcontract the Processor’s obligations defined in the Policies to third parties only with the Controller’s written consent (which shall be affirmed by a Controller’s agreement to the policies).

Controller consents to Processor’s subcontracting to Processor’s affiliated companies and third parties, as listed in SCHEDULE 2, of Processor’s contractual obligations hereunder.

If the Processor intends to instruct subcontractors other than the companies listed in SCHEDULE 2, the Processor must notify the Controller thereof in writing (email to the email address(es) on record in Processor’s account information for Controller is sufficient) and must give the Controller the possibility to object against the instruction of the subcontractor within 30 days after being notified. The objection must be based on reasonable grounds (e.g. if the Controller proves that significant risks for the protection of its Personal Data exist at the subcontractor). If the Processor and the Controller are unable to resolve such objection, either party may terminate the Terms of Use by providing written notice to the other party.

The provisions of this section also apply if the Processor uses a subcontractor in a third country. The Controller hereby authorizes the Processor, to agree in the name and on behalf of the Controller with a subcontractor which processes or uses the personal data of the Controller outside of the EEA, to enter into EU Standard Contractual Clauses for the Transfer of Personal Data to Processors Established in Third Countries dated 5 February 2010. This applies accordingly from the date of this authorization with respect to EU Standard Contractual Clauses (Processors) already concluded by the Processor with such subcontractors.

6. Duties to Inform

Where the Processor’s personal data becomes subject to search and seizure, an attachment order, confiscation during bankruptcy or insolvency proceedings, or similar events or measures by third parties while being processed, the Processor shall inform the Controller without undue delay. Processor shall, without undue delay, notify to all pertinent parties in such action, that any personal data affected is the Controller’s sole property and area of responsibility.

In case of any conflict, the regulations of this DPA shall take precedence over the regulations of the Policies. Where individual regulations of this DPA are invalid or unenforceable, the validity and enforceability of the other regulations of this DPA shall not be affected.

The Standard Contractual Clauses in SCHEDULE 1 will apply to the processing of Personal Data by Processor under the Policies. Upon the incorporation of this DPA into the Terms of Use, the parties are agreeing to the Standard Contractual Clauses in SCHEDULE 1 and all appendixes attached. In the event of any conflict or inconsistency between this DPA and the Standard Contractual Clauses, the Standard Contractual Clauses shall prevail.

The Standard Contractual Clauses apply only to personal data that is transferred from the European Economic Area (EEA) to outside the EEA, either directly or via onward transfer, to any country or recipient: (i) not recognized by the European Commission as providing an adequate level of protection for personal data (as described in the EU Data Protection Directive), and (ii) not covered by a suitable framework recognized by the relevant authorities or courts as providing an adequate level of protection for personal data, including but not limited to binding corporate rules for processors.

7. Parties to this DPA

This DPA is an amendment to and forms part of the Privacy and Security Policy.

The legal entity agreeing to this DPA as Controller represents that it is authorized to agree to and enter into this DPA for, and is agreeing to this DPA solely on behalf of, the Controller.


SCHEDULE 2

Standard Contractual Clauses

Spark Hire has implemented the EU sanctioned Standard Contractual Clauses and will make them available upon request

List of Subprocessors

  • Amazon Web Services, Inc.
  • Authorize.net
  • Chargify LLC
  • ChurnZero, Inc.
  • Cronofy Ltd
  • Drift.com, Inc.
  • Elevio Pty. Ltd.
  • FullStory, Inc
  • Google LLC
  • HubSpot, Inc.
  • LinkedIn Corporation
  • Mailgun Technologies, Inc.
  • Merge API, Inc.
  • Pusher Ltd.
  • Rev.com, Inc.
  • Rollbar
  • RTS
  • Salesforce.com, inc.
  • Twilio Inc.
  • Zendesk, Inc.