Privacy Policy

PRIVACY POLICY

Eddy HR

Effective Date: April 7, 2023
Thank you for doing business with Eddy HR, LLC. (“Eddy HR,” “Company,” “we,” “our,” or “us”). We welcome you and hope you find our websites, mobile and web applications, products, and our other subscription services and tools (collectively, the “Services”) helpful and useful. We have adopted this privacy policy (“Privacy Policy”) to help our website visitors, mobile application users, current and potential customers, clients, their potential and current employees, our potential and current employees, and other business partners (“you” or “your,”) understand what Data we process and how and why we do so, and what your rights are regarding that Data.
We always seek to improve our Services to you, and that requires that we process information about you and your usage preferences. As we do so, we are absolutely committed to protecting your privacy and the security of your personal information.
In this Privacy Policy, we use the word “Data” to describe all the information we process that relates to you and your use of our Services. “Data” is broken into different categories, which are defined in the “Data We Process and How We Use It” section of this Privacy Policy. We may refer to the different categories separately, but when we use the word “Data,” we mean all the different categories described in this Privacy Policy. The term “Data” does not apply to information which does not relate to an identified or identifiable individual or to personal information or data rendered anonymous in such a manner that the individual is not or no longer identifiable (“Anonymized Data”). We may use Anonymized Data for our own purposes in any manner and without attribution or compensation to any person.
With that exception, this Privacy Policy applies to everybody who interacts with us online or otherwise. Because different portions of the Privacy Policy will apply differently to the various groups who interact with us, we have tried to clearly categorize the types of Data we process and how we do so. If you have any questions about this Privacy Policy or how we handle your Data, please email us at Privacy@eddy.com.
1. DESCRIPTION OF SERVICES
We provide software solutions that streamline the Human Resources process for small and medium-sized businesses. In this Privacy Policy, all the tools and services made available in connection with the Services, including our mobile and web app, tools, and any other services that we provide directly to you, whether now known or developed later, are included in the term “Services.” The term "Services" also includes features for our customers to post job information and for individuals to apply for said jobs, both through our platform and through integration with third-party job sites. The term “Services” does not include “Professional Services,” as defined in our Platform License and Terms of Service (“Agreement”).
2. LAWFUL BASIS FOR PROCESSING
Many jurisdictions require that we disclose to you the lawful basis for our processing of your Data. We do that in Section 4 and throughout this Privacy Policy. In general, our lawful basis for processing your Data is based on your specific consent, your contract with us, or your employer’s contract with us.
By accessing or using any of the Services or by otherwise interacting with us online, you consent to our processing of your Data as described in this Privacy Policy. If our processing of your Data is based on your consent, you may withdraw your consent at any time, and we will cease processing your Data. However, in some cases, this may result in your inability to receive partial or full access to the Services, and your withdrawal of consent does not limit our ability to use the Anonymized Data for use by us in connection with our legitimate business efforts in the future. In addition, your withdrawal of consent does not prevent us from processing Data if we are required to do so by applicable law or in order to preserve legal claims. It also does not prevent us from processing Data that is being processed pursuant to a different lawful basis. For example, if you give your consent for us to process your Data, but we are also required by law to process your Data, that separate “lawful basis” will still apply, even if you withdraw your consent. If our lawful basis to process your Data is to fulfill the contract with your employer, you must work with your employer to withdraw your consent because we act as a processor for your employer.
When you enter into an agreement with us, either by accessing the Services, by executing an agreement in hard copy or by clicking “I Accept” or similar language online, or through an app store, we will process your Data for the purposes of fulfilling the terms of our contract with you. In that case, our processing of your Data is based on the contract, so your withdrawal of consent will only be effective after the purposes for processing that Data have been fulfilled and after we no longer have a legal obligation to keep that Data.
In all cases, we will comply with applicable law and we will cease processing your Data after the legal right, obligation, or other lawful basis expires.
3. INTENDED USERS
The Services are directed solely to persons 18 years of age or older or of children under 18 who are supervised by a parent, guardian, or other caregiver. Other than for Data processed for the specific purpose of providing the Services to users, we do not knowingly process Data from users who are under 13. If we become aware that we have processed Data from a person under 13, except to provide the Services to such person, and except to the extent allowed or required by law, then we will attempt to delete such Data as soon as possible, subject to our obligations under applicable law. If you believe that we have processed Data from a person under 13 in contravention of this policy, please contact us at Privacy@eddy.com.
4. DATA WE PROCESS AND HOW WE USE IT
Listed below are the categories of Data we process when you use our Services. We never sell your Data, and we always have a lawful basis for processing the Data, but that lawful basis might be different for different categories, and we describe those uses below. Regardless, we never process the Data for any purpose other than the purpose for which we processed the Data in the first place, unless we get your prior explicit consent.
A. Registration Data
  1. Data Description: Registration Data consists of the name, email address, street address, and other contact information you provide us using the Services, whether at the time you sign up in a forum, when you register your account, or thereafter. Registration Data also includes your username, client type and membership end date, if any. Further, you may have an option to link your third-party email account to the Services, which function allows us to access and edit the calendar associated with said email account. When you link a third-party to your account, you authorize us to process any Data the third-party platform may give us (i.e. email address, username, etc.); and, all of such data is considered Registration Data. Please note that any third-party platform you link to the Services likely has its own privacy policy that governs its use and processing of your data. Please refer to any applicable third-party privacy policy for information regarding their use and processing of your information.
  2. Lawful Basis for Processing: Our lawful basis for processing Registration Data is our contract with you and your consent. We can only provide certain of the Services to you if we have the Registration Data, so we need to process that Registration Data during the term of our contract. Even when the Registration Data is not critically necessary to the provision of the Services, we may still process that Registration Data to facilitate our contractual interactions with you.
  3. How We Process It and Who We Share It With: Registration Data is accessible generally only to us and to you. We process it only to provide the Services to you. At times, we will share the Registration Data with other third parties at your request or to fulfill requests that you make of us. In limited circumstances, we may share your Registration Data with our service providers, which parties help us provide the Services and are under obligations to protect the confidentiality of your Registration Data. We may also use your Registration Data to offer our own goods or services to you, either directly through emails or through third party platforms, but you may opt out of those communications at any time. We will never share your username or password with any third party. Further, we will never share or sell (as defined in the CPRA) your sensitive personal information without your written consent.
B. Engagement Data
  1. Data Description: Engagement Data consists of all the information you input or record using the Services, except as otherwise stated in this policy. It also includes all information that is proprietary to you regarding your use of the Services (other than the data that qualifies as “Usage Data” below) that is processed by the Services. For example, Engagement Data includes payroll information, personal information about employees, and internal company communications, among other things. Engagement Data also includes information submitted by users as part of the job posting and application features of our Services, including but not limited to, resume information. Engagement Data may include sensitive personal information as defined in applicable data privacy laws.
  2. Lawful Basis for Processing: Our lawful basis for processing Engagement Data is (1) our contract with you, (2) our obligation to provide you with the Services and (3) our legitimate interest in improving our Services based on the Engagement Data we receive from you.
  3. How We Process It and Who We Share It With: Your Engagement Data is accessible generally only to us, to you, and where it relates directly to a party who either provides services to you or receives services from you, to that party, in which case that party will be obligated to protect the confidentiality of your Engagement Data. Such situations may include information that you upload to the Services that are reasonably expected to be seen or shared with our customers or other users of our Services (i.e. user-to-user communications, recruiters, potential employers, etc.). In limited circumstances, we may share your Engagement Data with our service providers, which parties help us provide the Services and are under obligations to protect the confidentiality of your Engagement Data. We do not share Engagement Data with other third parties, except at your specific request. We also do not convert Engagement Data into Anonymized Data for use for any purpose other than to provide the Services to you and to improve our knowledge of how our systems are used.
If you or your employer uses our payroll services, the Data processed through such services is categorized as Engagement Data. We use a third-party service provider to process payroll payments.
C. Usage Data
  1. Data Description: Usage Data consists of the following and similar information:
    • Information about your interactions with the Services, most commonly our website and mobile application, which includes the date and time of any requests you make. This also may include details of your use of Third-Party Applications and any advertising you receive via the Services.
    • Adjustments you make to the default state of the Services, such as custom categories or settings.
    • The timing of the information you post to the Services including messages you send or receive via the Services and your interactions with our customer service team, but not including the content of those interactions and messages, which would be included as Engagement Data.
    • Technical data which may include URL information, cookie data, your IP address, the types of devices you are using to access or connect to the Services, unique device IDs, device attributes, network connection type (e.g. WiFi, 4G, LTE, Bluetooth) and provider, network and device performance, browser type, language, information enabling digital
    • Rights management, operating system, and application version.
    • Motion-generated or orientation-generated mobile sensor data (e.g. accelerometer or gyroscope), if any, required for the purposes of providing specific features of the Services to you.
  2. Lawful Basis for Processing: Our lawful basis for processing Usage Data is (1) our contract with you and (2) our legitimate interest in improving our Services based on the Usage Data we receive from you.
  3. How We Process It and Who We Share It With: Usage Data is accessible generally to us and to you. We do not share it with third parties, except at your specific request, but we may use Usage Data to make improvements to the Services. In limited circumstances, we may share your Usage Data with our service providers, which parties help us provide the Services and are under obligations to protect the confidentiality of your Usage Data. Both during the term of our agreement with you and thereafter, we may also convert Usage Data to Anonymized Data, and that Anonymized Data belongs solely to us to process in our sole discretion (including to share or sell Anonymized Data, which is not Data). To the extent we are required to delete any Usage Data about you, we may still retain Anonymized Data that may have originated as your Usage Data.
D. Payment Data
1. Data Description: Payment Data is only processed when your use of the Services is subject to the payment of a fee or other charge. Payment Data is the information necessary for us to process your payments for premium Services. Payment Data will vary depending on the payment method you use (e.g. direct via your mobile phone carrier or by invoice) but will include information such as:
Please note that if you use our payroll services, Payment Data typically does not include such payroll information as that is classified as Engagement Data.
2. Lawful Basis for Processing: Our lawful basis for processing Usage Data is (1) our contract with you and (2) our legitimate interest in improving our Services based on the Payment Data we receive from you.
3. How We Process It and Who We Share It With: We only process Payment Data to facilitate payment, and we only communicate it to those parties who are strictly necessary for that purpose.
E. Supplemental Mobile Data
1. Data Description: Where applicable to the Services, Supplemental Mobile Data consists of the following and similar information:
2. Lawful Basis for Processing: Our lawful basis for processing Supplemental Mobile Data is (1) our contract with you and (2) our legitimate interest in improving our Services based on the Supplemental Mobile Data we receive from you.
3. How We Process It and Who We Share It With: We only process Supplemental Mobile Data when you specifically authorize it, and we only share it with those parties who are strictly necessary for the purpose you have authorized.
5. SHARING YOUR INFORMATION
Except where a specific limitation is noted above, we may share your Data as follows:
  1. At Your Instruction. If you request us to make your Data available to a third party, and such request furthers the purposes of our Services, we will do so.
  2. Sharing with Vendors. In certain cases, we use the services of third-party vendors, to assist us in providing the Services. We may share your Data with such vendors solely for that purpose, and we will require those parties to abide by our privacy policies or privacy policies substantially in consonance with ours.
  3. Third-Party Offers. We may allow other companies to offer you their products and services, including offers through our Services, co-branded pages hosted by the third parties, or via email. Whether or not you decide to participate in any such offers is up to you. If you purchase a product or service on a co-branded page, or via a third-party offer on our Services that requires you to submit financial and personal information, you are also consenting to our delivery of this information to that party. The offer will notify you if any financial or personally identifiable information will be shared. Such third party will be authorized to use this information in keeping with our contractual relationship with them and in accordance with their own privacy policy and information practices. We do not control these third parties and you agree that we are not liable for their acts, or any failure to act on their part.
  4. Service Providers. We may sometimes use a third party to provide specific Services on our behalf, including sending emails to our members, conducting member surveys, processing transactions or performing statistical analysis of our Services. In these cases, we may provide certain personal information, such as your name and email address and other financial information necessary for the service to be provided. However, these third parties are required to maintain the confidentiality of this information and are prohibited from retaining, sharing, storing or using this information for any other purposes.
  5. Business Transitions. In the event that we go through a business transition, such as a merger, acquisition, liquidation or sale of all or a portion of our assets, the information we have about you will, in most instances, be part of the assets transferred. We reserve the right to transfer that information in connection with such transactions without notice to you. We will not be required to obtain your consent for such a transfer.
  6. Legal Disclosure. We may disclose your Information if required to do so by law or in the good faith belief that such action is necessary to conform to applicable law, comply with a judicial proceeding, court order or legal process served on us, protect and defend our rights or property, or investigate, prevent or take action regarding illegal activities, suspected fraud, situations involving potential threats to the physical safety of any person, or violations of our terms of service.
If we ever plan to process any Data in the future for any other purposes not identified above and we do not have a separate lawful basis for that new purpose for processing, we will only do so after obtaining your specific consent.
Further, we do not sell or share (as defined in the CPRA) your Data for any purpose.
6. TECHNOLOGIES WE USE
The technologies we use for automatic Data collection may include the following:
7. YOUR CHOICES REGARDING OUR PROCESSING AND DISCLOSURE OF YOUR DATA
By using our Services, you agree that we may process your Data to market our other Services to you. If, after giving your consent, you wish to opt-out of our using your Data to market Services to you, please follow the instructions below.
  1. Receiving electronic communications from us: If you no longer want to receive marketing-related emails or other electronic messages from us on a going-forward basis, you may opt-out of receiving these marketing-related messages by sending a request for list removal to Privacy@eddy.com. Further, you may opt-out of SMS or other text messages sent as part of the Services by replying STOP.
  2. Our sharing of your Data with unaffiliated third parties for their (or their customers') direct marketing purposes: If you would prefer that we do not share your information on a going-forward basis with unaffiliated third parties for their direct marketing purposes, you may opt-out of this sharing by emailing Privacy@eddy.com from the email that you have signed up or used in receiving the Services.
  3. Any other disclosure of your Data: Except as provided in this Privacy Policy regarding Anonymized Data and except for Data that is processed by us pursuant to a lawful basis other than your consent, you may instruct us to cease disclosure or processing of your Data by contacting us at Privacy@eddy.com.
We will comply with your request(s) as soon as reasonably practicable and as required by applicable law. Please also note that if you do opt-out of receiving marketing-related emails from us, we may still send you messages for administrative or other purposes directly relating to your use of the Services, and you cannot opt-out from receiving those messages until the lawful basis for our processing of such information expires.
8. PRIVACY FOR EU/UK RESIDENTS
The General Data Protection Regulation made effective in Europe on May 25, 2018 (“GDPR”) requires that we clearly describe to data subjects the data we collect and how we use that data. This Privacy Policy does that, and we hope that if you have any questions for us regarding our data processing, you will write us at Privacy@eddy.com.
The GDPR also requires that we have a lawful basis for our processing of any personal data about an individual residing in the European Union (“EU”). For an individual browsing our website or otherwise accessing our Services, our lawful basis is our legitimate interest in providing the Services to you in the manner that you desire, and all the Data that we process from such individuals will be used only for those purposes, as described in this Privacy Policy. For an individual purchasing products from us, our lawful basis is the contract under which you purchase products, and the Data we process from such individuals will be used only in connection with our contractual relationship with you and only in a manner that furthers the purposes of that contractual relationship, as set forth in this Privacy Policy.
For employees and other authorized users operating in their role as administrators or users of our Services, our lawful basis is the legitimate interest we have in providing the Services to their employer.
As referenced in our Platform License and Terms of Service, we have adopted a Data Processing Agreement ("DPA") located at https://eddyhr.com/data-processing-agreement/, which governs how we process the Data we receive in connection with your use of the Services. The DPA is incorporated into said Agreement and this Privacy Policy as if it were set forth in full therein. For individuals residing in the EU, the DPA incorporates the GDPR Standard Contractual Clauses referenced therein for purposes of authorizing and allowing data controllers to transfer Data for processing in the United States.
We are based in the United States. By accessing or using the Services or otherwise providing information to us, you understand that your information will be subject to processing in and to the United States.
The GDPR also requires us to take appropriate technical and organizational measures to protect the security of Data relating to residents of the EU. We make commercially reasonable efforts to ensure the privacy and security of the Data of our EU visitors, customers, and end users, and we are happy to give you a complete description of our most current efforts, if you will write us at Privacy@eddy.com. You may also write us at that address to communicate with our chief technology officer who will serve as our data protection officer, if necessary, also available at Privacy@eddy.com.
Pursuant to the GDPR, residents of the EU (and the EEA, as applicable) have the right to obtain our confirmation of whether we maintain personal information relating to them in the United States. If you are a resident of the EU, upon request from you and as required under the GDPR or other applicable law, we will provide you with access to the Data that we process about you. You may also exercise any of the rights enumerated in the GDPR related to the Data we process about you, subject to our rights and obligations under the GDPR, as described in this Privacy Policy. Individuals who seek access, or who seek to exercise any of their applicable rights related to their Data transferred to the United States, should direct their queries to Privacy@eddy.com. If requested to remove Data, we will respond within a reasonable timeframe.
Due to the nature of our Services, we typically act as a "Processor" as defined under the GDPR, which may limit our ability and legal obligation to respond to your request. If you believe that this role should be defined differently, please contact us at Privacy@eddy.com.
Further, if you are a resident of the United Kingdom ("UK"), to the extent the GDPR as incorporated into UK law pursuant to s.3 of the European Union (Withdrawal Act) 2018 (as amended, the "UK GDPR") is different than the GDPR, we will follow all supplemental requirements under the UK GDPR and you have all rights as a UK citizen under the UK GDPR. Our DPA also contains provisions related to the proper international transfer mechanisms under the UK GDPR.
To make any request related to your rights under the GDPR or UK GDPR, please contact us at privacy@eddy.com. To process any such request, we will use the process described in Section 9 for requests made pursuant to the CCPA to the extent such procedures comply with the GDPR and UK GDPR.
9. PRIVACY FOR CALIFORNIA RESIDENTS
California has adopted the California Consumer Privacy Act (“CCPA”), which took effect at the beginning of 2020 and also adopted the California Privacy Rights Act ("CPRA"), which took effect January 1, 2023. We comply with the requirements of the CCPA and CPRA to the extent they apply to us.
If you are a California resident and we qualify as a “business” related to our processing of your Data under the terms of applicable law, you have rights under the CCPA and CPRA, including the following rights:
We have listed the specific and general categories of information we have processed, shared, or sold in the last 12 months in the section above entitled “Data We Process and How We Use It.” That section also lists the specific and general categories of Data we have disclosed to third parties for our business purposes.
We do not share or sell your Data. However, we do disclose certain categories of Data to the merchants whose businesses you visit using the Services, all as described in the section entitled “Data We Process and How We Use It” above.
Please note that exercising any of the above rights may limit or eliminate our ability to provide you the Services. If so, we may terminate the Services due to such requests. However, you can exercise any of your rights free of discrimination, for example, we cannot increase the price of the Services or decrease the quality of the Services because you exercise your rights.
Due to the nature of our Services, we typically act as a "service provider" as defined under the CCPA and CPRA, which may limit our ability and legal obligation to respond to your request. If you believe that this role should be defined differently, please contact us at the information below.
For more information, please direct your questions to us at Privacy@eddy.com. You can also direct questions to our toll-free number at 877-750-3339.
10. PRIVACY FOR OTHER JURISDICTIONS
We strive to comply with all data protection and privacy laws in applicable jurisdictions, to the extent such laws apply to us and our Services. We strive to be transparent about our data processing activities and have disclosed our practices throughout this Privacy Policy. If you have any questions about your rights under any applicable data protection and privacy laws, please contact us Privacy@eddy.com or at our toll-free number: 877-750-3339.
11. SECURITY
The security of your Data is important to us. We use commercially reasonable efforts to process your Data in a secure environment. We take technical, contractual, administrative, and physical security steps designed to protect Data that you provide to us. We have implemented procedures designed to limit the dissemination of your Data to only such designated staff as are reasonably necessary to carry out the stated purposes we have communicated to you.
12. THIRD-PARTY POLICIES
You may be able to access third-party websites and other tools and services or products via a link, or via our other tools. The privacy policies of these third parties are not under our control and may differ from ours. The processing of any Data that you may provide to any third parties will be governed by the privacy policy of such third party or by your independent agreement with such third party, as the case may be. If you have any doubts about the privacy of the information you are providing to a third party, we recommend that you contact that third party directly for more information or to review its privacy policy.
This Privacy Policy does not address, and we are not responsible for, the privacy, information or other practices of any third parties, including any third party operating any offering, site or other products and Services used in connection with the Services. The inclusion of a link does not imply endorsement of the linked site or service by us or by our affiliates.
13. DATA RETENTION
We will process your information for as long as it remains necessary for the identified purpose or as required by law, which may extend beyond the termination of our relationship with you. We may process certain Data as necessary to prevent fraud or future abuse, or for legitimate business purposes, such as analysis of Anonymized Data, account recovery, or if required by law. All retained information will remain subject to the terms of this Privacy Policy. Please note that if you request that your information be removed from our databases, it may not be possible to completely delete all of your information due to technological and legal constraints.
14. AMENDMENT OF THIS PRIVACY POLICY
We reserve the right to change this Privacy Policy at any time. If we decide to change this Privacy Policy in the future, we will post or provide appropriate notice. Unless stated otherwise, our current Privacy Policy applies to all Data that we have about you and your account. The date on which the latest update was made and becomes effective is indicated at the top of this document. We recommend that you print a copy of this Privacy Policy for your reference and revisit this policy from time to time to ensure you are aware of any changes. Your continued use of the Services signifies your acceptance of any changes.
15. "Do Not Track" Options
Your web browser(s) may offer a "Do Not Track" option, which allows the individual to signal to operators of websites and web applications and services (including behavioral advertising services) that he or she does not wish such operators to track certain of his or her online activities over time and across different websites. We do our best to support Do Not Track requests but cannot guarantee full support based on the variety of internet browsers and technologies which means that we may collect information about your online activity both while you are using the Services and after your use of the Services.
16. CONTACT US
You can help by keeping us informed of any changes such as a change of your personal contact information. If you would like to access your information, if you have any questions, comments or suggestions or if you find any errors in our information about you, please contact us at Privacy@eddy.com. If you have a complaint concerning our compliance with applicable privacy laws, we will investigate your complaint and if it is justified, we will take appropriate measures.