Go to Home Page
Home
Contact Us
GET STARTED Log On
Privacy Policy
Privacy Policy
Back


HR Avatar Privacy Policy - Updated August, 2018.
HR Avatar, Inc. is a Virginia “C” corporation and we are committed to the security, availability, confidentiality, and processing integrity of all information collected on our web sites.

What this Privacy Policy Covers

This policy covers how this web site treats personal information that we collect and receive, including information related to your past use of this web site and its services. Personal information is information about you that is personally identifiable like your name, address, email address, or phone number, and that is not otherwise publicly available. This policy does not apply to the practices of companies that the company owning this web site does not own or control, or to people that the company that owns this web site does not employ or manage.

Information Collection and Use

General

This web site uses information for the following general purposes: to customize the content you see, fulfill your requests for services, including pre-employment testing, improve our services, contact you, and conduct research.

Information you provide

The information collected is determined by your role: CUSTOMER or TEST-TAKER.

Role Definitions

CUSTOMER - Employers and account users who register with the site to administer assessments to learn more about test-takers and job applicants.

HR Avatar collects CUSTOMER name, email address, work phone number, country, company web site, and mobile phone number if they wish to receive text notifications.

TEST-TAKER - Individuals who are asked to perform an assessment for employment or skills evaluation. HR Avatar offers assessment services that can be used to make inferences about a test taker’s knowledge, skills, abilities, personality, and behavioral history to assist with the pre-employment decision-making process. Test takers are informed that they are providing data for the stated purposes, and they consent to an information disclosure and release form before they begin. Test takers may choose to provide this data by answering questions, sharing audio recordings, video recordings, and other related methods.

HR Avatar collects TEST-TAKER name, email address, and optional demographic information, including gender, ethnicity, birth year, and race. Optional demographic information provided is not shared with the customer and is only used for test fairness analysis.

Automatic information

This web site automatically receives and records information on our server logs from your browser, including your IP address, this web site cookie information, the page you request, login info, e-mail address, password, photos, telephone number, computer, and connection information such as browser type and version, operating system and platform, purchase history, the full Uniform Resource Locators (URL) clickstream to, through, and from our web site, including date and time, cookie number, and products you viewed or searched for. If you have any other questions about our Privacy Policy, please e-mail us at privacy@hravatar.com.

HR Avatar does not link IP addresses to personally identifiable information on its web site; however, we reserve the right to link IP addresses and other information supplied by the Internet Service Provider (ISP) to personally identifiable information in order to protect the integrity of our system and for security purposes.

The Internet is a global environment. By using this site and sending information to us electronically, you consent to trans-border and international transmission of any data that you may choose to supply us. Information transmissions to this site and emails sent to us may not be secure. Given the inherent operation and nature of the Internet, all Internet transmissions are done at the user’s own risk.

E-mail Communications

If you do not want to receive e-mail or other mail from us, please unsubscribe using the links found at the bottom of various emails we send, or by contacting us at privacy@hravatar.com.

Children

HR Avatar does not offer services to children. Should we determine a test-taker or account owner is under 13 years of age, we will deny further access to our systems except for completing online assessments, which are allowed for all ages. This web site is designed for pre-employment testing, and it is unlikely that persons under employable age will use its services. This web site does not collect information on age, with the exception of demographic data, which is provided voluntarily with the test taker’s consent for HR Avatar to comply with EEOC guidelines to ensure tests do not discriminate against protected groups. Demographic data is not routinely shared with prospective employers and does not affect test scores.

Information Sharing and Disclosure

This web site does NOT rent, sell, or share personal information about you with other people or non-affiliated companies except to provide services you've requested, when we have your permission, or under the following circumstances: We provide the information to trusted partners who work on behalf of or with this web site and with whom we maintain confidentiality agreements. These companies may use your personal information either to score assessments we have administered, or to help us communicate with you about offers from us and from our marketing partners. However, these companies do not have any independent right to share this information. We believe it is necessary to share information in order to investigate, prevent, or take action regarding illegal activities, suspected fraud, situations involving potential threats to the physical safety of any person, violations of our terms of use, or as otherwise required by law. We transfer information about you if our company is acquired by or merged with another company. In this event, we will notify you before information about you is transferred and becomes subject to a different privacy policy. This web site currently does not, but reserves the right to, display targeted advertisements based on personal information.

Information Security

HR Avatar is dedicated to safeguarding the confidentiality of your information. We use a variety of industry-standard administrative, physical, and security technologies and procedures to help protect your personal information from unauthorized access, use, or disclosure. We also require you to enter a password to access your account information. HR Avatar strives to protect the security of your information during transmission by using Secure Sockets Layer (SSL) software, which encrypts information you input on protected sites.

All payment transactions are processed through a gateway provider and credit card information is not stored or processed on our servers.

It is important for you to protect against unauthorized access to your password and to your computer. Be sure to sign off when finished using a shared computer.

The HR Avatar data is housed in secure data storage hosted by Amazon Web Services AWS, a secure cloud-based service for data storage and persistence. Data access is restricted to a members of a virtual private cloud that includes application servers and administrators who log on using both Amazon secure authentication and encrypted passwords. Data is also backed up using Google Cloud for data redundancy.

Cloud Service Provider Terms and Conditions are available here:
Amazon AWS https://aws.amazon.com/service-terms/
Google Cloud: https://cloud.google.com/terms/.

Cookies

This web site may set and access cookies on your computer. This web site may, in the future, let other companies that show advertisements on some of our pages set and access their cookies on your computer. Other companies' use of their cookies is subject to their own privacy policies, not this one. Advertisers or other companies do not have access to this web site's cookies.

Your Ability to Edit and Delete Your Account Information and Preferences

General

CUSTOMERS can edit your account Information at any time to maintain accuracy. We reserve the right to send you certain communications relating to this service, such as service announcements and administrative messages that are considered part of your account, without offering you the opportunity to opt-out of receiving them. However, you can opt-out from our promotional emails and periodic newsletter at any time. You can deactivate your account by filling out a contact request form.

TEST TAKERS cannot change inputs once they are submitted. If a test taker requests to make a change, it has to be provided as a supplement and will be coordinated with the CUSTOMER.

Email Opt-Out

We reserve the right to send you certain communications relating to this service, such as service announcements and administrative messages that are considered part of your account, without offering you the opportunity to opt-out of receiving them. However, you can deactivate your account by filling out a contact request form. Additionally, we may send promotional emails including our periodic newsletter, which you can opt-out from at any time by clicking on the Unsubscribe link at the bottom of each email, or by unchecking the appropriate checkbox on your account information page.

Confidentiality and Security

We limit access to personal information about you to employees who we believe reasonably need to come into contact with that information to provide services to you or in order to do their jobs. We have physical, electronic, and procedural safeguards that comply with federal regulations to protect personal information about you. Your Account Information is password-protected. In certain areas this web site may use industry-standard SSL-encryption to protect data transmissions.

For EU Individuals: Privacy Shield Notice for Personal Data Transfers to the United States

https://www.privacyshield.gov/

https://www.bbb.org/EU-privacy-shield/rules-and-policies/


HR Avatar complies with the EU-US Privacy Shield Framework as set forth by the US Department of Commerce regarding the collection, use, and retention of personal information from European Union member countries transferred to the United States pursuant to Privacy Shield. HR Avatar has certified that it adheres to the Privacy Shield Principles with respect to such data. If there is any conflict between the policies in this privacy policy and data subject rights under the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification page, please visit https://www.privacyshield.gov/.

The Federal Trade Commission has jurisdiction over HR Avatar’s compliance with the Privacy Shield.

The Council of Better Business Bureaus, Inc. (CBBB) administers the BBB EU Privacy Shield Program and Dispute Resolution Procedure. HR Avatar is a participant in this procedure, which can be utilized by web site users from the EU that have privacy issues that they have not been able to resolve with HR Avatar directly.

Principles

Notice

When HR Avatar collects your personal information, we’ll give you timely and appropriate notice describing what personal information we’re collecting, how we’ll use it, and the types of third parties with whom we may share it.

Onward Transfer

HR Avatar will not disclose your information to unaffiliated third parties without first obtaining your permission, unless of course it’s to meet national security or law enforcement requirements. In cases of onward transfer to third parties of data of EU individuals received pursuant to the EU-US Privacy Shield, we are liable for appropriate onward transfers of personal data to third parties.

Security

HR Avatar takes appropriate physical, technical, and organizational measures around security, availability, processing integrity, and confidentiality to protect personal information from loss, misuse, unauthorized access or disclosure, alteration or destruction.

Data Integrity

HR Avatar takes appropriate steps to make sure the personal information in our records is accurate.

Relevance

HR Avatar collects only as much personal information as we need for specific, identified purposes, and we won’t use it for other purposes without obtaining your consent.

Retention

HR Avatar keeps your personal information for as long as required to fulfill the purposes for which it was collected, or as permitted by law.

Access and Choice

Pursuant to the Privacy Shield Frameworks, EU individuals have the right to obtain our confirmation of whether we maintain personal information relating to you in the United States. Upon request, we will provide you with access to the personal information that we hold about you. You may also may correct, amend, or delete the personal information we hold about you. An individual who seeks access, or who seeks to correct, amend, or delete inaccurate data transferred to the United States under Privacy Shield, should direct their query to privacy@hravatar.com. If requested to remove data, we will respond within a reasonable time frame.

We will provide an individual opt-out choice, or opt-in for sensitive data, before we share your data with third parties other than our agents, or before we use it for a purpose other than which it was originally collected or subsequently authorized. To request to limit the use and disclosure of your personal information, please submit a written request to privacy@hravatar.com.

Enforcement

HR Avatar regularly reviews how we’re meeting these privacy promises, and we provide an independent way to resolve complaints about our privacy practices. HR Avatar is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC).

Independent Recourse

In compliance with the Privacy Shield Principles, HR Avatar commits to resolve complaints about your privacy and our collection or use of your personal information transferred to the United States pursuant to Privacy Shield. European Union individuals with Privacy Shield inquiries or complaints should first contact HR Avatar at:

Privacy Administrator

Privacy Administrator


HR Avatar has further committed to refer unresolved privacy complaints under the Privacy Shield Principles to an independent dispute resolution mechanism, the BBB EU PRIVACY SHIELD, operated by the Council of Better Business Bureaus. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit https://www.bbb.org/EU-privacy-shield/for-eu-consumers for more information and to file a complaint. This service is provided free of charge to you.

If your Privacy Shield complaint cannot be resolved through the above channels, under certain conditions, you may invoke binding arbitration for some residual claims not resolved by other redress mechanisms. See Privacy Shield Annex 1 at https://www.privacyshield.gov/article?id=ANNEX-I-introduction.

Standard Contractual Clauses

The European Commission’s SCCs, otherwise known as model contracts or clauses, are contract terms developed and approved by the European Commission as ensuring adequate protection for data subjects in accordance with the EU Data Protection Directive 95/46/EC when transferring personal data from the EEA to the U.S. If you are an HR Avatar client, or the client of one of HR Avatar’s authorized distributors or partners, transferring personal data in connection with HR Avatar products and services, please promptly complete, sign and return a copy of the HR Avatar Standard Contractual Clauses to privacy@HRAvatar.com.

European Union General Data Protection Regulation (GDPR)

HR Avatar is currently in the process of implementing updates to comply with GDPR guidelines.

The General Data Protection Regulation (GDPR) creates consistent data protection rules across Europe. It applies to all companies that process personal data about individuals in the EU, regardless of where the company is based. Processing is defined broadly and refers to anything related to personal data, including how a company handles and manages data, such as collecting, storing, using and destroying data.

Only a small percentage of HR Avatar test-takers reside within the EU. However, HR Avatar takes GDPR compliance seriously first because it’s a legal requirement for any testing of EU residents, and second because it is a practical way to enhance our privacy protection for all of our clients.

HR Avatar’s system was designed from the start with a "Privacy By Design" philosophy. To ensure full GDPR compliance, we are committed to the following guidelines, in addition to the aforementioned principles regarding Information Collection and Use:

Transparency

Where personal data is collected, HR Avatar explains the purpose for the data collection, and the submitter provides consent to providing the data.

Information and Access to Personal Data

In addition to information users why their data is collected, every HR Avatar site provides a link to a form, contact information, and phone number to contact HR Avatar for questions relating to technical support, privacy, and personal data questions.

Test results are property of the CUSTOMER

HR Avatar does use third party processors in order to analyze data, or provide data backup and redundancy services. These third-party processors are VoiceVibes (receives encrypted data), Amazon AWS, Google Cloud Services.

Rectification and Erasure

CUSTOMERS, or account owners, have the ability to update their account information as needed, to ensure information is accurate and up to date. CUSTOMERS may also notify HR Avatar to request updates. CUSTOMERS may also notify HR Avatar if they would like to close accounts and request immediate data pseudonymization.

TEST-TAKERS have the right to complete incomplete personal data, for example complete an incomplete test event, as permitted by CUSTOMERS.

A test taker can request information provided, including personal identifying information, photos/videos, and test responses - but not scores. However, TEST-TAKERS cannot update information in the test once submitted. These data are treated as one-time submissions and obfuscated after a specified period of time. TEST-TAKERS may request data obfuscation. This process requires confirmation of the request will be coordinated through the HR Avatar Data Protection Officer and the CUSTOMER.

Right to Object

At any time, a person may decline to register for an account or complete the assessment or survey. CUSTOMERS may also withdraw consent by notifying support@hravatar.com. This process requires confirmation of the request will be coordinated through the HR Avatar Data Protection Officer and the CUSTOMER.

GDPR Complaints

You may also have the right to make a GDPR complaint to the relevant Supervisory Authority. A list of Supervisory Authorities is available here: http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm. If you need further assistance regarding your rights, please contact us using the contact information provided below and we will consider your request in accordance with applicable law. In some cases our ability to uphold these rights for you may depend upon our obligations to process personal information for security, safety, fraud prevention reasons, compliance with regulatory or legal requirements, or because processing is necessary to deliver the services you have requested. Where this is the case, we will inform you of specific details in response to your request.

Closed Testing Accounts

CUSTOMERs may request that a testing account be placed in Closed status. Additionally, any testing account may be placed in Closed status after the maximum allowed period of inactivity has been reached (see below). As of 1 July 2018, pseudonymization of user names, email addresses, and phone numbers for administrative users of closed testing accounts, as well as all TEST-TAKERS in that account, will occur. If users re-open their accounts, they will be able to access reports, but they will not be able to identify the personal information tied to the reports. Videos and audio recordings tied to reports, as well as any stored PDF reports, will be permanently deleted.

Automatic Closure of Inactive Accounts

As a protection against unauthorized access, any testing account that has been inactive for more than two years is automatically placed in Disabled status. When an account is in disabled status, users may not log on to their account, but all data is preserved. Users can re-activate their account at no cost and without losing any data by contacting HR Avatar.

Any testing account (in any status) that has exceeded the maximum allowed period of inactivity of 60 months (5 years) is automatically placed in Closed status. All user information for administrative users and TEST-TAKERS within Closed accounts will be pseudonymized immediately upon closure. PDF reports, videos and audio recordings tied to test results will be permanently deleted.

TEST-TAKER Data

As of July 2018, account-specific pseudonymization of test taker name, email, phone number will occur in all test results based on parameters set by the CUSTOMER. To be clear, individual test results are not deleted, however, all identifying information is pseudonymized after a account-administrator-defined period of months. For TEST-TAKERS determined to be located within the EU, all identifying information is pseudonymized after a maximum of 24 months (2 years), regardless of the account setting. Videos and audio recordings tied to reports, as well as PDF-formatted reports are permanently deleted during the pseudonymization process. The default time period prior to pseudonymization for accounts created before 1 July 2018 is 5 years, and the default setting for all accounts created after 1 July is 3 years. Administrative users for active accounts are never pseudonymized unless requested directly or unless the account is closed either by request or because of inactivity.

Data Protection Officer

HR Avatar’s Data Protection Officer has knowledge of GDPR guidelines as well as knowledge about the internal processes that involve personal information. Questions can be sent to privacy@hravatar.com and will be addressed by the Data Protection Officer.

Go to Home Page