As the operators of the Workable website, Workable, Inc., a Delaware corporation, with offices at 33 Farnsworth Street, Fourth Floor, Boston, MA 02210 ("We", "Us", “Workable”) is committed to protecting and respecting your privacy. This Privacy and Cookies Policy ("Policy") relates to services provided through our website and application (“Services”) and sets out the basis on which the personal data collected from you, or that you provide to Us will be processed by Us. Please read the following carefully to understand our views and practices regarding your personal data and how We will treat it.
For the purpose of, the General Data Protection Regulation (“GDPR”), from the GDPR implementation date or, until GDPR implementation date, the Data Protection Act 1998 (collectively the “Data Protection Laws”):
- in respect of the personal data of users of the Website and the Services and business contacts and prospects of Workable, the Data Controller is Workable Inc.;
As We are based in the USA, We have appointed Workable Software Limited to be Our representative within the EEA. Their contact details are Workable Software Limited registered in England and Wales with Company Registration Number 08125469 and having its registered office address at 21a Kingly Street, Second Floor, London, W1B 5QA.
Information we collect from you
We collect and process some or all of the following types of information from you:
- Information that you provide by filling in forms on the workable.com website (“Website”). This includes information provided at the time of registering to use the Website, subscribing to our Services, posting material or requesting further information or services. We may also ask you for information when you report a problem with the Website.
- If you contact Us, We may keep a record of that correspondence.
- We may also ask you to complete surveys that We use for research purposes, although you do not have to respond to them.
- Details of all actions that you carry out through the Website and of the provision of services to you.
- Details of your visits to the Website including, but not limited to, traffic data, location data, weblogs and other communication data, the site that referred you to our site and the resources that you access.
The provision of your full name and e-mail address, your employer and/or your place of work and the url of the business that you work for is required from you when you register to use our Services We will inform you at the point of collecting information from you, whether you are required to provide the information to Us.
Information we collect from other sources
From time to time we also obtain personal data from other sources as follows:
- names and contact details of Customer personnel who will be added as account members for the Customer’s account, may be added by existing account members;
- names and contact details of individual contacts at prospective Customers from third party data providers and/or public sources, such as social networks, company websites and other online sources.
Uses made of your information
Where you are using our Services on behalf of an Employer, we rely on legitimate interests in performing our contract with our Customer as the lawful basis on which We collect and use your personal data.
We use information held about you in the following ways:
- To ensure that content from the Website is presented in the most effective manner for you and for your computer.
- To provide you with information, products or services that you request from us or which we feel may interest you or our Customer.
- To carry out our obligations arising from any contracts entered into between our Customer (on whose behalf you are using the Services) and Us.
- To notify you about changes to our Services and provide you with information that is relevant to your use of the Services.
- Where you or your employer are a prospective Customer, to provide you with information about our Services for marketing purposes.
Disclosure of your information
We may disclose your personal information to any member of our group, which means our subsidiaries, our ultimate holding company and its subsidiaries, as defined in section 1159 of the UK Companies Act 2006 (where applicable). Where any such member of our group is outside the EU this transfer will be on the basis of a contract including the Model Contractual Clauses in accordance with the Data Protection Laws.
We may disclose your personal information to third parties:
- in the event that we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets;
- if we or substantially all of our assets are acquired by a third party, in which case personal data held by us about our customers will be one of the transferred assets;
- if we are under a duty to disclose or share your personal data in order to comply with any legal obligation or in order to enforce or apply our Website Terms and Conditions and other agreements, but we will endeavour to minimise such disclosure to only that reasonably necessary and, where possible, to provide you with notice of such disclosure; and/or
- to protect the rights, property, or safety of Workable Technology Limited, the Website, our users and any third party we interact with to provide the Website.
The third parties described above may access, process, or store personal data and We may be liable if they fail to meet the obligations under the Privacy Shield and we are responsible for the event giving rise to damage.
How we store your personal data
We take appropriate measures to ensure that all personal data is kept secure including security measures to prevent personal data from being accidentally lost, or used or accessed in an unauthorised way, for the duration of your use of our Services. We limit access to your personal data to those who have a genuine business need to know it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.
We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where We are legally required to do so.
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to the Website, therefore any transmission remains at your own risk. Once we have received your information, we will use strict procedures and security features in order to prevent unauthorised access.
Keeping your personal data up to date
If your personal details change you may update them by accessing the relevant page of the Website, or by contacting Us using the contact details below.
We will endeavour to update your personal data within thirty (30) days of any new or updated personal data being provided to Us, in order to ensure that the personal data We hold about you is as accurate and up to date as possible.
Where we store your personal data
The data that We collect from you and process as a result of your use of the Services may be transferred to, and stored at, a destination outside the European Economic Area ("EEA"). It may also be processed by staff operating outside the EEA who work for Us or for one of our suppliers. Such staff maybe engaged in, among other things, the fulfilment of your orders, the processing of your payment details and the provision of support services. By submitting your personal data, you agree to this transfer, storing or processing.
In particular, your data may be accessible to i) Workable’s staff in the USA, or ii) may be stored by Workable’s hosting service provider on servers in the USA as well as in the EU. The USA does not have the same data protection laws as the United Kingdom and EEA.
If you would like further information please contact Us (see ‘Contact’ below). We will not otherwise transfer your personal data outside of the United Kingdom OR EEA or to any organisation (or subordinate bodies) governed by public international law or which is set up under any agreement between two or more countries.
How long we keep your personal data
We will hold all the data for so long as we have an obligation to the Customer to provide the Services, and thereafter until such time as we delete the Customer’s account in accordance with our Customer Terms and Conditions.
Your personal information will be deleted on one of the following occurrences:
- deletion of your personal information by you (or by another person engaged by the Customer); or
- receipt of a written request by you (or another person engaged by the Customer) to us.
Under the General Data Protection Regulation you have a number of important rights free of charge. In summary, those include rights to:
- access to your personal data and to certain other supplementary information that this Policy is already designed to address
- require Us to correct any mistakes in your information which We hold
- require the erasure of personal data concerning you in certain situations
- receive the personal data concerning you which you have provided to Us, in a structured, commonly used and machine-readable format and have the right to transmit those data to a third party in certain situations
- object at any time to processing of personal data concerning you for direct marketing
- object to decisions being taken by automated means which produce legal effects concerning you or similarly significantly affect you
- object in certain other situations to our continued processing of your personal data
- otherwise restrict our processing of your personal data in certain circumstances
- claim compensation for damages caused by our breach of any data protection laws.
For further information on each of those rights, including the circumstances in which they apply, see the Guidance from the UK Information Commissioner’s Office (ICO) on individuals rights under the General Data Protection Regulation.
If you would like to exercise any of those rights, please:
- contact us using our Contact details below
- let Us have enough information to identify you,
- let Us have proof of your identity and address. Where you are a user of our Services you should email us from the email address that you used to register with Workable. Receipt of an email from this address will usually be sufficient to confirm your identity. In all other cases we may request one or more identification documents, such as a copy of your driving licence or passport and a recent utility or credit card bill; and
- let Us know the information to which your request relates.
Third Party Websites
EU-US Privacy Shield Framework
Inquiries and complaints
In compliance with the Privacy Shield Principles, We are committed to resolve complaints about our collection or use of your personal information. EU and Swiss individuals with inquiries or complaints regarding our Privacy Shield policy should first contact Us using our Contact details below.
We are also further committed to cooperate with the panel established by the EU data protection authorities (DPAs) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to unresolved Privacy Shield complaints concerning data transferred from the EU and Switzerland and you may have the possibility to engage in binding arbitration through the Privacy Shield Panel.
Our commitments under the Privacy Shield are subject to the investigatory and enforcement powers of the United States Federal Trade Commission.
IP Addresses and cookies
We may collect information about your computer, including where available your IP address, operating system and browser type, for system administration, customer support and to collect aggregate information for internal reporting purposes.
The cookies we use are "analytical" cookies. Some of the common uses for our cookies are as follows:
- to recognise and count the number of visitors and to see how visitors move around the site when they are using it. This helps us to improve the way our Website works, for example by ensuring that users are finding what they are looking for easily.
- to identify and authenticate a user across different pages of our Website, within our own Website, in a session or across different sessions. This is so that the user does not need to provide a password on every page the user visits; and
- to be able to retrieve a user’s previously stored data, for example, information that the user previously submitted to the Website, so as to facilitate reuse of this information by the user.