HR Avatar Privacy Policy - Updated: April, 2024, Last Review: April 10, 2024
|
| HR Avatar, Inc. is a Virginia “C” corporation and we are committed to the security, availability, confidentiality, and processing integrity of all information collected on our web sites.
|
What this Privacy Policy Covers
|
This policy covers how this web site treats personal information that we collect and receive, including information related to your past use of this web site and its services. Personal information is information about you that is personally identifiable like your name, address, email address, or phone number, and that is not otherwise publicly available. This policy does not apply to the practices of companies that the company owning this web site does not own or control, or to people that the company that owns this web site does not employ or manage.
|
Information Collection and Use (What do we collect?)
|
General
|
This web site uses information for the following general purposes: to customize the content you see, fulfill your requests for services, including pre-employment testing, improve our services, contact you, and conduct research.
|
Information you provide
|
The information collected is determined by your role: CUSTOMER, TEST-TAKER, or REFERENCE-PROVIDER.
|
Role Definitions
|
CUSTOMER - Employers and account users who register with the site to administer assessments to learn more about test-takers and job applicants.
|
HR Avatar collects CUSTOMER name, email address, work phone number, country, company web site, and mobile phone number if they wish to receive text notifications.
|
TEST-TAKER - Individuals who are asked to perform an assessment for employment or skills evaluation. HR Avatar offers assessment services that can be used to make inferences about a test taker’s knowledge, skills, abilities, personality, and behavioral history to assist with the pre-employment decision-making process. Test takers are informed that they are providing data for the stated purposes, and they consent to an information disclosure and release form before they begin. Test takers may choose to provide this data by answering questions, sharing audio recordings, video recordings, and other related methods.
|
HR Avatar collects TEST-TAKER name, email address, and optional demographic information, including gender, ethnicity, birth year, and race. Optional demographic information provided is not shared with the customer and is only used for test fairness analysis.
|
REFERENCE-PROVIDER - Individuals who are asked to provide ratings and comments regarding the past performance of TEST-TAKERS. HR Avatar offers automated reference checking services in which REFERENCE-PROVIDERS are asked for numerical ratings and written comments regarding the TEST-TAKER's past work performance. This information is shared with CUSTOMERs to assist with the employment decision-making process regarding the TEST-TAKER. REFERENCE PROVIDERS are informed that they are providing data for the stated purposes, and they consent to an information disclosure and release form before they begin.
|
HR Avatar collects REFERENCE-PROVIDER name, email address, and mobile phone number to assist with the reference checking process.
|
How do we collect your data?
|
Depending on your role, we may obtain your data either directly from you via a web form, or from another CUSTOMER or a TEST-TAKER also via web form. In certain cases, we receive your data via automated interfaces (APIs) with 3rd party systems that perform functions on behalf of a CUSTOMER. For example, a company may have a recruitment system that automatically initiates assessments or reference checks via our API.
|
Automatic information
|
This web site automatically receives information from your browser and records it in our database and/or in our server logs. Data recorded includes your IP address, this web site's cookie information, the page you request, login info, e-mail address, password, photos, telephone number, computer, and connection information such as browser type and version, operating system and platform, purchase history, the full Uniform Resource Locators (URL) clickstream to, through, and from our web site, including date and time, cookie number, and products you viewed or searched for. If you have any other questions about our Privacy Policy, please e-mail us at privacy@hravatar.com. For additional information on our use of web site cookies, please click here.
|
HR Avatar does not link IP addresses to personally identifiable information on its web site; however, we reserve the right to link IP addresses and other information supplied by the Internet Service Provider (ISP) to personally identifiable information in order to protect the integrity of our system and for security purposes.
|
The Internet is a global environment. By using this site and sending information to us electronically, you consent to trans-border and international transmission of any data that you may choose to supply us. Information transmissions to this site and emails sent to us may not be secure. Given the inherent operation and nature of the Internet, all Internet transmissions are done at the user’s own risk.
|
E-mail Communications
|
If you do not want to receive e-mail or other mail from us, please unsubscribe using the links found at the bottom of various emails we send, or by contacting us at privacy@hravatar.com.
|
Children's Online Privacy Protection
|
HR Avatar does not offer services to children. Should we determine a test-taker or account owner is under 13 years of age, we will deny further access to our systems except for completing online assessments, which are allowed for all ages. This web site is designed for pre-employment testing, and it is unlikely that persons under employable age will use its services. This web site does not collect information on age, with the exception of demographic data, which is provided voluntarily with the test taker’s consent for HR Avatar to comply with EEOC guidelines to ensure tests do not discriminate against protected groups. Demographic data is not routinely shared with prospective employers and does not affect test scores.
|
Information Sharing and Disclosure (How will we use your data?)
|
This web site does NOT rent, sell, or share personal information about you with other people or non-affiliated companies except to provide services you've requested, when we have your permission, or under the following circumstances: We may provide the information to trusted partners who work on behalf of or with this web site and with whom we maintain confidentiality agreements. These companies may use your personal information either to score assessments we have administered, or to help us communicate with you about offers from us and from our marketing partners. However, these companies do not have any independent right to share this information. We also believe it is necessary to share information in order to investigate, prevent, or take action regarding illegal activities, suspected fraud, situations involving potential threats to the physical safety of any person, violations of our terms of use, or as otherwise required by law. We will transfer information about you if our company is acquired by or merged with another company. In this event, we will notify you before information about you is transferred and becomes subject to a different privacy policy. This web site currently does not, but reserves the right to, display targeted advertisements based on personal information.
|
Changes to the Privacy Policy
|
HR Avatar does not promulgate update notices to its privacy policy. However, the date of the last revision and review are included at the top of the policy document. Also, marked up versions of the policy showing all changes by date are available on request.
|
Information Security
|
HR Avatar is dedicated to safeguarding the confidentiality of your information. We use a variety of industry-standard administrative, physical, and security technologies and procedures to help protect your personal information from unauthorized access, use, or disclosure. We also require you to enter a password to access your account information. HR Avatar strives to protect the security of your information during transmission by using Secure Sockets Layer (SSL) software, which encrypts information you input on protected sites.
|
All payment transactions are processed through a gateway provider and credit card information is not stored or processed on our servers.
|
It is important for you to protect against unauthorized access to your password and to your computer. Be sure to sign off when finished using a shared computer.
|
How do we store your data?
|
The HR Avatar data is housed in secure data storage hosted by Amazon Web Services AWS, a secure cloud-based service for data storage and persistence. Data access is restricted to members of a virtual private cloud that includes application servers and administrators who sign in using both Amazon secure authentication and encrypted passwords. Data is also backed up using Google Cloud for data redundancy.
|
Cloud Service Provider Terms and Conditions are available here:
Amazon AWS https://aws.amazon.com/service-terms/
Google Cloud: https://cloud.google.com/terms/.
|
Cookie Policy
|
This web site may set and access cookies on your computer. This web site may, in the future, let other companies that show advertisements on some of our pages set and access their cookies on your computer. Other companies' use of their cookies is subject to their own privacy policies, not this one. Advertisers or other companies do not have access to this web site's cookies.
|
Do Not Track (DNT)
|
Some Internet browsers offer a ‘do not track’ feature. When enabled, your browser sends a signal to the websites you visit directing the sites to not track your activity. There is no common understanding of how to respond to these signals. Additionally, most of our services depend on session cookies, which can be considered to be tracking data. Therefore, our websites currently do not respond to ‘do not track’ signals.
|
Data Rights
|
Your Ability to Edit and Delete Your Account Information and Preferences
|
General
|
CUSTOMERS can edit your account Information at any time to maintain accuracy. We reserve the right to send you certain communications relating to this service, such as service announcements and administrative messages that are considered part of your account, without offering you the opportunity to opt-out of receiving them. However, you can opt-out from our promotional emails and periodic newsletter at any time. You can deactivate your account by filling out a contact request form.
|
TEST TAKERS cannot change inputs once they are submitted. If a test taker requests to make a change, it has to be provided as a supplement and will be coordinated with the CUSTOMER.
|
Email Opt-Out
|
We reserve the right to send you certain communications relating to this service, such as service announcements and administrative messages that are considered part of your account, without offering you the opportunity to opt-out of receiving them. However, you can deactivate your account by filling out a contact request form. Additionally, we may send promotional emails including our periodic newsletter, which you can opt-out from at any time by clicking on the Unsubscribe link at the bottom of each email, or by unchecking the appropriate checkbox on your account information page.
|
Confidentiality and Security
|
We limit access to personal information about you to employees who we believe reasonably need to come into contact with that information to provide services to you or in order to do their jobs. We have physical, electronic, and procedural safeguards that comply with federal regulations to protect personal information about you. Your Account Information is password-protected. In certain areas this web site may use industry-standard SSL-encryption to protect data transmissions.
|
For EU, UK and Swiss Individuals: Privacy Shield Notice for Personal Data Transfers to the United States
https://www.privacyshield.gov/
https://www.bbb.org/EU-privacy-shield/rules-and-policies/
|
HR Avatar complies with the EU-U.S. Data Privacy Framework program (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework program (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. HR Avatar has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF. HR Avatar has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework program Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/.
|
The Federal Trade Commission has jurisdiction over HR Avatar’s compliance with the Privacy Shield.
|
BBB National Programs administers the BBB National Programs Data Privacy Framework Services Program and Dispute Resolution Procedure. HR Avatar is a participant in this procedure, which can be utilized by web site users from the EU that have privacy issues that they have not been able to resolve with HR Avatar directly.
|
Principles
|
Notice
|
When HR Avatar collects your personal information, we’ll give you timely and appropriate notice describing what personal information we’re collecting, how we’ll use it, and the types of third parties with whom we may share it.
|
Onward Transfer
|
HR Avatar will not disclose your information to unaffiliated third parties without first obtaining your permission, unless of course it’s to meet national security or law enforcement requirements. In cases of onward transfer to third parties of data of EU individuals received pursuant to the EU-US Privacy Shield, we are liable for appropriate onward transfers of personal data to third parties.
|
Security
|
HR Avatar takes appropriate physical, technical, and organizational measures around security, availability, processing integrity, and confidentiality to protect personal information from loss, misuse, unauthorized access or disclosure, alteration or destruction.
|
Data Integrity
|
HR Avatar takes appropriate steps to make sure the personal information in our records is accurate.
|
Relevance
|
HR Avatar collects only as much personal information as we need for specific, identified purposes, and we won’t use it for other purposes without obtaining your consent.
|
Retention
|
HR Avatar keeps your personal information for as long as required to fulfill the purposes for which it was collected, or as permitted by law, and as specified by HR Avatar's data retention time frame (3 years) for accounts created after July 1, 2019.
|
Access and Choice
|
Pursuant to the Privacy Shield Frameworks, EU individuals have the right to obtain our confirmation of whether we maintain personal information relating to you in the United States. Upon request, we will provide you with access to the personal information that we hold about you. You may also may correct, amend, or delete the personal information we hold about you. An individual who seeks access, or who seeks to correct, amend, or delete inaccurate data transferred to the United States under Privacy Shield, should direct their query to privacy@hravatar.com. If requested to remove data, we will respond within a reasonable time frame.
|
We will provide an individual opt-out choice, or opt-in for sensitive data, before we share your data with third parties other than our agents, or before we use it for a purpose other than which it was originally collected or subsequently authorized. To request to limit the use and disclosure of your personal information, please submit a written request to privacy@hravatar.com.
|
Enforcement
|
HR Avatar regularly reviews how we’re meeting these privacy promises, and we provide an independent way to resolve complaints about our privacy practices. HR Avatar is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC).
|
Independent Recourse
|
n compliance with the EU-US Data Privacy Framework Principles, HR Avatar commits to resolve complaints about your privacy and our collection or use of your personal information transferred to the United States pursuant to the DPF Principles. European Union, Swiss and United Kingdom individuals with DPF inquiries or complaints should first contact HR Avatar at:
|
Privacy Administrator
Privacy Administrator
|
HR Avatar has further committed to refer unresolved privacy complaints under the DPF Principles to an independent dispute resolution mechanism, Data Privacy Framework Services, operated by BBB National Programs. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit https://bbbprograms.org/programs/all-programs/dpf-consumers/ProcessForConsumers for more information and to file a complaint. This service is provided free of charge to you.
|
If your DPF complaint cannot be resolved through the above channels, under certain conditions, you may invoke binding arbitration for some residual claims not resolved by other redress mechanisms. See https://www.dataprivacyframework.gov/s/article/G-Arbitration-Procedures-dpf?tabset-35584=2
|
Standard Contractual Clauses
|
The European Commission’s SCCs, otherwise known as model contracts or clauses, are contract terms developed and approved by the European Commission as ensuring adequate protection for data subjects in accordance with the EU Data Protection Directive 95/46/EC when transferring personal data from the EEA to the U.S. If you are an HR Avatar client, or the client of one of HR Avatar’s authorized distributors or partners, transferring personal data in connection with HR Avatar products and services, please promptly complete, sign and return a copy of the HR Avatar Standard Contractual Clauses to privacy@HRAvatar.com.
|
European Union General Data Protection Regulation (GDPR)
|
HR Avatar is currently in the process of implementing updates to comply with GDPR guidelines.
|
The General Data Protection Regulation (GDPR) creates consistent data protection rules across Europe. It applies to all companies that process personal data about individuals in the EU, regardless of where the company is based. Processing is defined broadly and refers to anything related to personal data, including how a company handles and manages data, such as collecting, storing, using and destroying data.
|
Only a small percentage of HR Avatar test-takers reside within the EU. However, HR Avatar takes GDPR compliance seriously first because it’s a legal requirement for any testing of EU residents, and second because it is a practical way to enhance our privacy protection for all of our clients.
|
HR Avatar’s system was designed from the start with a "Privacy By Design" philosophy. To ensure full GDPR compliance, we are committed to the following guidelines, in addition to the aforementioned principles regarding Information Collection and Use:
|
Transparency
|
Where personal data is collected, HR Avatar explains the purpose for the data collection, and the submitter provides consent to providing the data.
|
Information and Access to Personal Data
|
In addition to information users why their data is collected, every HR Avatar site provides a link to a form, contact information, and phone number to contact HR Avatar for questions relating to technical support, privacy, and personal data questions.
|
Test results are property of the CUSTOMER
|
HR Avatar does use third party processors in order to analyze data, or provide data backup and redundancy services. These third-party processors are VoiceVibes (receives encrypted data), Amazon AWS, Google Cloud Services.
|
Rectification and Erasure
|
CUSTOMERS, or account owners, have the ability to update their account information as needed, to ensure information is accurate and up to date. CUSTOMERS may also notify HR Avatar to request updates. CUSTOMERS may also notify HR Avatar if they would like to close accounts and request immediate data pseudonymization.
|
TEST-TAKERS have the right to complete incomplete personal data, for example complete an incomplete test event, as permitted by CUSTOMERS.
|
A test taker can request information provided, including personal identifying information, photos/videos, and test responses - but not scores. However, TEST-TAKERS cannot update information in the test once submitted. These data are treated as one-time submissions and obfuscated after a specified period of time. TEST-TAKERS may request data obfuscation. This process requires confirmation of the request will be coordinated through the HR Avatar Data Protection Officer and the CUSTOMER.
|
Right to Object
|
At any time, a person may decline to register for an account or complete the assessment or survey. CUSTOMERS may also withdraw consent by notifying support@hravatar.com. This process requires confirmation of the request will be coordinated through the HR Avatar Data Protection Officer and the CUSTOMER.
|
GDPR Complaints
|
You may also have the right to make a GDPR complaint to the relevant Supervisory Authority. A list of Supervisory Authorities is available here: http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm. If you need further assistance regarding your rights, please contact us using the contact information provided below and we will consider your request in accordance with applicable law. In some cases our ability to uphold these rights for you may depend upon our obligations to process personal information for security, safety, fraud prevention reasons, compliance with regulatory or legal requirements, or because processing is necessary to deliver the services you have requested. Where this is the case, we will inform you of specific details in response to your request.
|
Closed Testing Accounts
|
CUSTOMERs may request that a testing account be placed in Closed status. Additionally, any testing account may be placed in Closed status after the maximum allowed period of inactivity has been reached (see below). As of 1 July 2018, pseudonymization of user names, email addresses, and phone numbers for administrative users of closed testing accounts, as well as all TEST-TAKERS in that account, will occur. If users re-open their accounts, they will be able to access reports, but they will not be able to identify the personal information tied to the reports. Videos and audio recordings tied to reports, as well as any stored PDF reports, will be permanently deleted.
|
Automatic Closure of Inactive Accounts
|
As a protection against unauthorized access, any testing account that has been inactive for more than two years is automatically placed in Disabled status. When an account is in disabled status, users may not sign in to their account, but all data is preserved. Users can re-activate their account at no cost and without losing any data by contacting HR Avatar.
|
Any testing account (in any status) that has exceeded the maximum allowed period of inactivity of 60 months (5 years) is automatically placed in Closed status. All user information for administrative users and TEST-TAKERS within Closed accounts will be pseudonymized immediately upon closure. PDF reports, videos and audio recordings tied to test results will be permanently deleted.
|
TEST-TAKER Data
|
As of July 2018, account-specific pseudonymization of test taker name, email, phone number will occur in all test results based on parameters set by the CUSTOMER. To be clear, individual test results are not deleted, however, all identifying information is pseudonymized after a account-administrator-defined period of months. For TEST-TAKERS determined to be located within the EU, all identifying information is pseudonymized after a maximum of 24 months (2 years), regardless of the account setting. Videos and audio recordings tied to reports, as well as PDF-formatted reports are permanently deleted during the pseudonymization process. The default time period prior to pseudonymization for accounts created before 1 July 2018 is 5 years, the default setting for all accounts created after 1 July 2018 and before 6 February 2019 is 3 years, and for all accounts created after 5 February 2019 is 2 years. Administrative users for active accounts are never pseudonymized unless requested directly or unless the account is closed either by request or because of inactivity.
|
As of July 2019, new HR Avatar accounts will only retain test-taker data for a maximum of 3 years. Test-Taker data, including data that has been pseudonymized, will be permanently removed once it has been available in the account for 3 years. Existing accounts created August 2014 to June 2019 will retain data for a maximum of 4 years.
|
Data Protection Officer
|
HR Avatar’s Data Protection Officer has knowledge of GDPR guidelines as well as knowledge about the internal processes that involve personal information. Questions can be sent to privacy@hravatar.com and will be addressed by the Data Protection Officer.
|