1. THE INFORMATION SMASHFLY COLLECTS:
User–provided Information: You may provide to SmashFly what is generally called “personally identifiable” information (such as your name, email address, postal mailing address, and telephone number(s)) to communicate with SmashFly or request information, or enter contests or other promotions SmashFly may sponsor, and to use the features and functionality of the SmashFly Website. You may also provide to SmashFly demographic information; information related to your web site such as the name, description and primary language of the site; and company name, telephone number, e–mail address, mailing address, and personal contacts within your company.
SmashFly also provides an area for people looking for a job at SmashFly. In applying for a job or asking for information about a job we may require personal information from you such as your address or e–mail address.
More information about flash cookies is available on the Adobe website at:http://www.adobe.com/special/products/flashplayer/security/index.html
2. THE WAY SMASHFLY USES INFORMATION
SmashFly uses the information that you provide or that we collect to operate, maintain, enhance, and provide all of the features and services found on the SmashFly Website, to respond to your requests and/or communications, and to comply with our legal obligations (e.g. the Digital Millennium Copyright Act).
We will use your email address, without further consent, for transactional or administrative communications such as notifying you of major SmashFly Website updates, new releases or product/service information, or to respond to your questions or communications.
If you opt in to receive promotional communications or newsletters from us, you will be able to opt out of receiving these by clicking on the “unsubscribe” link in the promotional email or newsletter received from us. SmashFly uses all of the information that we collect to understand the usage trends and preferences of our Users, to improve the way the SmashFly Website works and looks, and to create new features and functionality.
SmashFly may use “Automatically Collected” information and “Cookies” information to: (a) automatically update the SmashFly application on your system; (b) remember your information so that you will not have to re–enter it during your visit or the next time you access the SmashFly Website; (c) monitor aggregate site usage metrics such as total number of visitors and pages accessed; and (d) track your entries, submissions, and status in any promotions or other activities.
Information submitted to SmashFly as part of applications for employment or for partner candidates is used by SmashFly to evaluate your qualifications for the positions sought.
SmashFly also supplements personal information collected with information from marketing databases.
3. WHEN SMASHFLY DISCLOSES INFORMATION:
SmashFly does not share your personally identifiable information with other organizations for their marketing or promotional uses without your prior express consent. Please be aware, however, that any personally identifiable information that you voluntarily choose to display on any publicly available portion of the SmashFly Website becomes publicly available and may be read, collected and used by others without restriction. We are not responsible for the personally identifiable information you choose to submit in these forums.
We also have testimonials on our site. Any user that has provided a testimonial on our site allows us to post their testimonial and personal information on the site.
SmashFly may share aggregate statistical information gathered from you and other Users with advertisers, business partners, sponsor or other third parties. For example, we may tell an advertiser that X number of visitors visited a certain area on a web site or that Y number of men and Z number of women filled out registration forms. We share such information only on an aggregate and anonymous basis.
SmashFly may disclose User information if required to do so by law or in the good–faith belief that such action is necessary to comply with state and federal laws or respond to a court order, judicial or other government subpoena warrant, or legal process in the manner required by the requesting entity.
SmashFly also reserves the right to disclose User information that we believe, in good faith, is appropriate or necessary to take precautions against liability; protect SmashFly from fraudulent, abusive, or unlawful uses; to investigate and defend ourselves against third–party claims or allegations; to assist government enforcement agencies as allowed by law; to protect the security or integrity of the SmashFly Website; or to protect the rights, property, or personal safety of SmashFly, our Users, or others.
4. YOUR CHOICES:
You may, of course, decline to share your personally–identifiable information with SmashFly, in which case SmashFly may not be able to provide to you some of the features and functionality found on the SmashFly Website. You may update, correct, or delete your user information and preferences by sending us a request at: info@SmashFly.com. We will respond to your request within 30 days.
You do not need to set up a user id and password to use our web sites because we do not require you to establish your identity when you visit our sites.
5. WEB BEACONS
Our web pages contain electronic image requests (called a “single–pixel gif” or “web beacon” request) that allow us to count page views and to access cookies. Any electronic image viewed as part of a web page, including an ad banner, can act as a web beacon. Web beacons are typically 1–by–1 pixel files, but their presence can usually be seen within a browser by clicking on “View” and then on “Source.” We also include web beacons in HTML–formatted newsletters that we send to opt–in subscribers in order to count how many newsletters have been read. SmashFly web beacons do not collect, gather, monitor or share any personally identifiable information about our web site visitors, they are just the technique we use to compile anonymous information about web site usage.
6. OUR COMMITMENT TO DATA SECURITY:
SmashFly uses commercially reasonable physical, administrative, and technical safeguards to preserve the integrity and security of your personal information. We cannot, however, ensure or warrant the security of any information you transmit to SmashFly, and you do so at your own risk. Once we receive your transmission of information, SmashFly exercises commercially reasonable efforts to ensure the security of our systems. However, please note that this is not a guarantee that such information may not be accessed, disclosed, altered, or destroyed by breach of any of our physical, technical, or administrative safeguards.
If SmashFly learns of a security systems breach, then we may attempt to notify you directly and/or SmashFly may post a notice on the SmashFly Website if a security breach occurs.
7. OUR COMMITMENT TO CHILDREN’S PRIVACY:
IF YOU ARE UNDER 13 YEARS OF AGE, THEN PLEASE DO NOT USE OR ACCESS THE SMASHFLY WEBSITE AT ANY TIME OR IN ANY MANNER.
SmashFly does not knowingly collect or maintain personally identifiable information from persons under 13 years–of–age. If SmashFly learns that personally–identifiable information of persons less than 13–years–of–age has been collected on or through the SmashFly Website, then SmashFly will take the appropriate steps to delete this information.
If you are the parent or legal guardian of a child under 13 who uses the SmashFly Website, then please contact SmashFly at info@SmashFly.com (or the physical address listed in Section 13 below) to have that child’s information deleted.
8. INTERNATIONAL VISITORS:
For Users visiting the SmashFly Website from the European Economic Area or other non–U.S. territories, please note that any data you enter into the SmashFly Website will be transferred outside the European Economic Area or such other non–U.S. territory for use by SmashFly and its affiliates for any of the purposes described herein. In addition, because SmashFly operates globally, we may make information we gather available to worldwide business units and affiliates. By providing any data on the SmashFly Website, you hereby expressly consent to such transfers of your data to the United States or other countries.
9. IN THE EVENT OF MERGER OR SALE:
In the event that SmashFly is acquired by or merged with a third–party entity, we reserve the right, in any of these circumstances, to transfer or assign the information that we have collected from Users to the merger or sale entity as part of that merger, acquisition, sale, or other change of control.
11. EFFECTIVE DATE, DATE LAST MODIFIED:
12. UNSOLICITED E–MAILS:
SmashFly does not send unsolicited e–mails to non–public addresses or to anyone who has asked us not to contact him or her. Any newsletters that we send are only sent to those who have subscribed to them. To stop receiving e–mails or newsletters from SmashFly, either click on an unsubscribe link on the e–mail or newsletter itself or send a request to be unsubscribed toinfo@SmashFly.com.
13. SMASHFLY CONTACT INFORMATION:
SmashFly Privacy Shield Policy
SmashFly Technologies, Inc. (“SmashFly”) has adopted this Privacy Shield Policy (“Policy”) to establish and maintain an adequate level of Personal Data privacy protection. This Policy applies to the processing of Personal Data that SmashFly obtains from Customers located in the European Union.
The Federal Trade Commission (FTC) has jurisdiction over SmashFly’s compliance with the Privacy Shield.
All SmashFly employees who handle Personal Data from Europe are required to comply with the Principles stated in this Policy.
Capitalized terms are defined in Section 14 of this Policy.
This Policy applies to the processing of Individual Customer Personal Data that SmashFly receives in the United States concerning Individual Customers who reside in the European Union. SmashFly provides products and services to businesses and consumers.
This Policy does not cover data from which individual persons cannot be identified or situations in which pseudonyms are used. (The use of pseudonyms involves the replacement of names or other identifiers with substitutes so that identification of individual persons is not possible.)
RESPONSIBILITIES AND MANAGEMENT
SmashFly has designated the Information Technology (“IT”) department to oversee its information security program; IT works very closely with the Contracts and Legal (“C&L”) team to ensure compliance with the EU Privacy Shield program. C&L shall review and approve any material changes to this program as necessary. Any questions, concerns, or comments regarding this Policy also may be directed to legal@SmashFly.com.
SmashFly will maintain, monitor, test, and upgrade information security policies, practices, and systems to assist in protecting the Personal Data that it collects. SmashFly personnel will receive training, as applicable, to effectively implement this Policy. Please refer to Section 7 for a discussion of the steps that SmashFly has undertaken to protect Personal Data.
RENEWAL / VERIFICATION
SmashFly will renew its EU Privacy Shield certifications annually, unless it subsequently determines that it no longer needs such certification or if it employs a different adequacy mechanism.
Prior to the re-certification, SmashFly will conduct an in-house verification to ensure that its attestations and assertions with regard to its treatment of Individual Customer Personal Data are accurate and that the company has appropriately implemented these practices. Specifically, as part of the verification process, SmashFly will undertake the following:
- Ensure that this Policy continues to comply with the Privacy Shield principles
- Confirm that Individual Customers are made aware of the process for addressing complaints and any independent dispute resolution process (SmashFly may do so through its publicly posted website, Individual Customer contract, or both)
- Review its processes and procedures for training Employees about SmashFly’s participation in the Privacy Shield program and the appropriate handling of Individual’s Personal Data
SmashFly will prepare an internal verification statement on an annual basis.
COLLECTION AND USE OF PERSONAL DATA
SmashFly provides various solutions to its Individual Customers who purchase its products and services. SmashFly collects Personal Data from Individual Customers when they purchase its products, register with our website, log-in to their account, complete surveys, request information or otherwise communicate with us. For example, SmashFly individual customers may choose to seek live support or post to a message board.
The Personal Data that we collect may vary based on the Individual Customer’s interaction with our website and request for our services. As a general matter, SmashFly collects the following types of Personal Data from its Individual Customers and their employment candidates: contact information, including, a contact person’s name, home email address, home mailing address, personal telephone number, title, and company name. Contact information from Individual Customers using our core recruitment marketing product would include work email and telephone numbers. No payment information is requested or obtained, as our core product enables our customers to better obtain and communicate with candidates for employment.
When Individual Customers use our services online, we will collect their IP address and browser type. We may associate IP address and browser type with a specific customer. We also may collect Personal Data from persons who contact us through our website to request additional information; in such a situation, we would collect contact information (as discussed above) and any other information that the person chooses to submit through our website.
The information that we collect from Individual Customers is used for selling the products and services they buy from us, managing transactions, reporting, invoicing, renewals, other operations related to providing services and products to the Individual Customer.
SmashFly serves as a service provider. In our capacity as a service provider, we will receive, store, and/or process Personal Data. In such cases, we are acting as a data processor and will process the personal information on behalf of and under the direction of our partners and/or agents. The information that we collect from our Individual Customers in this capacity is used for managing transactions, reporting, invoicing, renewals, other operations related to providing services to the Individual Customer, and as otherwise requested by our partner and/or agent.
SmashFly uses Personal Data that it collects directly from its Individual Customers and for its partners indirectly in its role as a service provider for the following business purposes, without limitation:
- maintaining and supporting its products, delivering and providing the requested products/services, and complying with its contractual obligations related thereto (including managing transactions, reporting, invoices, renewals, and other operations related to providing services to an Individual Customer);
- satisfying governmental reporting, tax, and other requirements (e.g., import/export);
- storing and processing data, including Personal Data, in computer databases and servers located in the United States;
- verifying identity (e.g., for online access to accounts);
- as requested by the Individual Customer;
- for other business-related purposes permitted or required under applicable local law and regulation;
- and as otherwise required by law.
DISCLOSURES / ONWARD TRANSFERS OF PERSONAL DATA
Except as otherwise provided herein, SmashFly discloses Personal Data only to Individual Customers and Third Parties who reasonably need to know such data only for the scope of the initial transaction and not for other purposes. Such recipients must agree to abide by confidentiality obligations.
SmashFly may provide Personal Data to Third Parties that act as agents, consultants, and contractors to perform tasks on behalf of and under our instructions. For example, SmashFly may store such Personal Data in the facilities operated by Third Parties. Such Third Parties must agree to use such Personal Data only for the purposes for which they have been engaged by SmashFly and they must either:
- comply with the Privacy Shield principles or another mechanism permitted by the applicable EU data protection law(s) for transfers and processing of Personal Data;
- or agree to provide adequate protections for the Personal Data that are no less protective than those set out in this Policy;
SmashFly also may disclose Personal Data for other purposes, or to other Third Parties when a Data Subject has consented to or requested such disclosure. Please be aware that SmashFly may be required to disclose an individual’s personal information in response to a lawful request by public authorities, including to meet national security or law enforcement requirements. SmashFly is liable for appropriate onward transfers of personal data to third parties.
SmashFly does not collect Sensitive Data from its Individual Customers or their employment candidates.
DATA INTEGRITY AND SECURITY
SmashFly uses reasonable efforts to maintain the accuracy and integrity of Personal Data and to update it as appropriate. SmashFly has implemented physical and technical safeguards to protect Personal Data from loss, misuse, and unauthorized access, disclosure, alternation, or destruction. For example, electronically stored Personal Data is stored on a secure network with firewall protection, and access to SmashFly’s electronic information systems requires user authentication via password or similar means. SmashFly also employs access restrictions, limiting the scope of employees who have access to Individual Customer Personal Data.
Further, SmashFly uses secure encryption technology to protect certain categories of personal data. Despite these precautions, no data security safeguards guarantee 100% security all of the time.
ACCESSING PERSONAL DATA
SmashFly personnel may access and use Personal Data only if they are authorized to do so and only for the purpose for which they are authorized.
RIGHT TO ACCESS, CHANGE OR DELETE PERSONAL DATA
- Right to Access. Individual Customers have the right to know what Personal Data about them is included in the databases and to ensure that such Personal Data is accurate and relevant for the purposes for which SmashFly collected it. Individual Customers may review their own Personal Data stored in the databases and correct, erase, or block any data that is incorrect, as permitted by applicable law and SmashFly policies. Upon reasonable request and as required by the Privacy Shield principles, SmashFly allows Individual Customers access to their Personal Data, in order to correct or amend such data where inaccurate. Individual Customers may edit their Personal Data by logging into their account profile or by contacting SmashFly by phone or email. In making modifications to their Personal Data, Data Subjects must provide only truthful, complete, and accurate information. To request erasure of Personal Data, Individual Customers should submit a written request to SmashFly’s headquarters office in Concord, Massachusetts.
- Requests for Personal Data. SmashFly will track each of the following and will provide notice to the appropriate parties under law and contract when either of the following circumstances arise: (a) legally binding request for disclosure of the Personal Data by a law enforcement authority unless prohibited by law or regulation; or (b) requests received from the Data Subject. If SmashFly receives a request for access to his/her Personal Data from an Individual Customer, then, unless otherwise required under law or by contract with such Individual Customer, SmashFly will refer such Data Subject to the Individual Customer.
- Satisfying Requests for Access, Modifications, and Corrections. SmashFly will endeavor to respond in a timely manner to all reasonable written requests to view, modify, or inactivate Personal Data.
CHANGES TO THIS POLICY
This Policy may be amended from time to time, consistent with the Privacy Shield Principles and applicable data protection and privacy laws and principles. We will make employees available of changes to this policy either by posting to our intranet, through email, or other means. We will notify Customers if we make changes that materially affect the way we handle Personal Data previously collected, and we will allow them to choose whether their Personal Data may be used in any materially different manner.
QUESTIONS OR COMPLAINTS
EU Individual Customers may contact SmashFly with questions or complaints concerning this Policy at the following address:
ENFORCEMENT AND DISPUTE RESOLUTION
In compliance with the US-EU Privacy Shield Principles, SmashFly commits to resolve complaints about your privacy and our collection or use of your personal information. EU individuals with questions or concerns about the use of their Personal Data should contact us at: legal@SmashFly.com.
If a Customer’s question or concern cannot be satisfied through this process SmashFly has further committed to refer unresolved privacy complaints under US-EU Privacy Shield to an independent dispute resolution mechanism operated by JAMS.
If you do not receive timely acknowledgement of your complaint, or if your complaint is not satisfactorily addressed by SmashFly, EU individuals may bring a complaint before the JAMS Online Privacy Shield. Information about how to file a complaint before the JAMS program can be found at: https://www.jamsadr.com/file-an-eu-us-privacy-shield-or-safe-harbor-claim. Finally, as a last resort and in limited situations, EU individuals may seek redress from the Privacy Shield Panel, a binding arbitration mechanism.
SmashFly commits to cooperate with EU data protection authorities (DPAs) and comply with the advice given by such authorities with regard to human resources data transferred from the EU in the context of the employment relationship.
If you do not receive timely acknowledgement of your complaint, or if your complaint is not satisfactorily addressed please visit: https://www.jamsadr.com/file-an-eu-us-privacy-shield-or-safe-harbor-claim for more information and to file a complaint.
“Individual Customer” means an Individual customer or client of SmashFly from the EU. The term also shall include any individual agent, representative, of an individual customer of SmashFly and all employee of SmashFly where SmashFly has obtained his or her Personal Data from such Individual Customer as part of its business relationship with SmashFly.
“Data Subject” means an identified or identifiable natural living person. An identifiable person is one who can be identified, directly or indirectly, by reference to a name, or to one or more factors unique to his or her personal physical, psychological, mental, economic, cultural or social characteristics.
“Employee” means an employee (whether temporary, permanent, part-time, or contract), former employee, independent contractor, or job applicant of SmashFly or any of its affiliates or subsidiaries, who is also a resident of a country within the European Economic Area.
“Europe” or “European” refers to a country in the European Union.
“Personal Data” as defined under the European Union Directive 95/46/EC means data that personally identifies or may be used to personally identify a person, including an individual’s name in combination with country of birth, marital status, emergency contact, salary information, terms of employment, job qualifications (such as educational degrees earned), address, phone number, e-mail address, user ID, password, and identification numbers. Personal Data does not include data that is de-identified, anonymous, or publicly available.
“Sensitive Data” means Personal Data that discloses a Data Subject’s medical or health condition, race or ethnicity, political, religious or philosophical affiliations or opinions, sexual orientation, or trade union membership.
“Third Party” means any individual or entity that is neither SmashFly nor a SmashFly employee, agent, contractor, or representative.
Version 1 – September 15, 2016