As the operators of the Workable websites, www.workable.com and jobs.workable.com (âWebsiteâ) Workable Software Limited registered in England and Wales with Company Registration Number 08125469 and having its registered office address at 5 Golden Square, 5th Floor, London, W1F 9BS, United Kingdom (âWeâ, âUsâ, âWorkableâ), is committed to protecting and respecting your privacy. This Privacy Policy (âPolicyâ) relates to services provided through our websites and application (âServicesâ) and sets out the basis on which the Personal Data collected from you, or that you provide to Us will be processed by Us. âPersonal Dataâ means any information that identifies or relates to a particular individual and also includes information referred to as âpersonally identifiable informationâ or âpersonal informationâ under applicable data privacy laws, rules, or regulations (collectively the âData Protection Lawsâ). This Policy does not cover the practices of companies We donât own or control or people We donât manage. For clarity, this policy applies when Workable acts as a âControllerâ (as defined in the General Data Protection Regulation (the âGDPRâ) and the version of the GDPR retained in UK law (the âUK GDPRâ) or âBusinessâ as defined under the California Consumer Privacy Act of 2018 , as amended by the California Privacy Rights Act of 2020 (the âCPRAâ) (all together the âCCPAâ). Note that we may also process Personal Data of our customersâ job applicants in connection with our provision of services to customers, in which case we are the processor of Personal Data. If we are the processor or service provider for your Personal Data (i.e., not the controller or business), please contact the controller/business party in the first instance to address your rights with respect to such data. Please read the following carefully to understand our views and practices regarding your Personal Data and how We will treat it.
If you have a disability, you may access this Privacy Policy in an alternative format by contacting [email protected].
For the purpose of the GDPR and the CCPA:
For the Users of the Workable Job board (as the term is defined in the Workable Job Board Terms), when You create an Account (as the term is defined in the Workable Job Board Terms) and use the Services, We act as a Data Controller. When You to apply to a Job Opening, the Employer is collecting and storing your personal data as a Data Controller.
We collect Personal Data about you from:
We collect and process some or all of the following types of information from you:
The provision of your full name and email address, your employer and/or your place of work and the url of the business that you work for is required from you when you register to use our Services. We will inform you at the point of collecting information from you, whether you are required to provide the information to Us.
The following chart details the categories of Personal Data that we collect and have collected over the past twelve (12) months. Throughout this Privacy Policy, we will refer back to the categories of Personal Data listed in this chart (for example, âCategory A. Personal identifiersâ).
Personal Data Collected (including Categories) | Purposes of Use | What is the source of this Personal Data? | Categories of third parties to whom we disclose the information for business purposes |
---|---|---|---|
A. Personal identifiers Real name, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, social profile URL |
| You |
|
B. Customer records identified by state law (including the California Customer Records statute (Cal. Civ. Code § 1798.80(e))) Name, signature, address, telephone number, employment. |
| You |
|
C. Commercial information History of services purchased through Workable |
| You |
|
D. Internet or other similar network activity information Browsing history, search history, information interaction with the website or application. |
| You |
|
E. Geolocation data Physical location (calculated from IP address) |
| You |
|
F. Professional or employment-related information Current job title and employer, Resume |
| You |
|
G. Payment information All information necessary to complete online payments, such as payment details, bank account information, billing information. |
| You |
|
The following section provides additional information about how we collect your Personal Data.
Under the GDPR and the UK General Data Protection Regulation (UK GDPR), the lawful bases we rely on for processing of your personal data could be:
Legitimate Interest: We may process your personal data based on our legitimate interest, which includes without limitation our legitimate interest to assist Job applicants find a new job (via the Workable Job Board), our legitimate interest to provide and improve the Services, our legitimate interest to improve the Website, our legitimate interest in advertising our product and services, unless you have provided your prior consent as required.
Contract: We may process personal data, in order for us to provide the services and meet our contractual obligations towards you, when we have a contract with you.
Consent: On a few occasions, we may rely on your consent for the processing of your personal data. In any such case, we will indicate this and ask for your specific informed consent, e.g when you sign up to receive marketing communications etc.
Legal Obligation: We may process your personal data to comply with a legal or regulatory obligation such as e.g. detecting, preventing or investigating crime or fraud including working with law enforcement agencies.
Subject to local data protection laws and in particular under the General Data Protection Regulation (GDPR) and the UK GDPR, you have a number of important rights free of charge. In summary, those include rights to:
For further information on each of those rights, including the circumstances in which they apply, see the General Data Protection Regulation (GDPR) Guidance from the UK Information Commissionerâs Office (ICO) on individuals rights under the UK GDPR.
If you would like to exercise any of those rights, please:
For clarity the above rights apply to EU, UK and Swiss data subjects, as required under applicable law, but also any user of the Website and the Services, regardless of location may exercise any of these rights.
You may connect your Google account to your Workable account in order to make use of certain Workable features such as Gmail Import and Syncing and scheduling with Google Calendar. This is done through OAuth authentication, a secure mechanism which gives Workable access to your Google account data without letting Workable know your password.
In that case, Workable will require access to your Google account and user data for the following purposes:
Workableâs use of information received from Google APIs will adhere to Google API Services User Data Policy including the Limited Use requirements.
If you request assistance by a representative of Workable, the Workable representative may obtain access to your Workable account for the purposes of resolving your inquiry. Under those circumstances, the Workable representative will assume your role in Workable and view your account as you would when you log in.
Workable reserves the right to assume the role of a user in your account without prior notice in certain situations, for example when it is necessary for security purposes (such as investigating a bug or abuse) or when it is necessary to comply with applicable law.
Where you are using our Services on behalf of our Customer, we rely on legitimate interests in performing our contract with our Customer as the lawful basis on which We collect and use your Personal Data.
We use information held about you in the following ways:
We may use anonymised and/or aggregate data collected through your use of the Services and the Website for statistical purposes, for improvement of the Services, to conduct research,or any other lawful purpose. Aggregate Data is not considered personal data.
We may disclose your personal information to any member of our group, which means our subsidiaries, our ultimate holding company and its subsidiaries, as defined in section 1159 of the UK Companies Act 2006 (where applicable). Where any such member of our group is outside the UK or the EU this transfer will be on the basis of a contract, as described below in accordance with the Data Protection Laws.
We may disclose your personal information to third parties:
We disclose your Personal Data to service providers and other parties for the following business purposes:
We disclose your Personal Data to the following categories of service providers and other parties:
Over the past twelve months, we have disclosed the following categories of your Personal Data to service providers or other parties for the business purposes listed above:
When we disclose personal information for a business purpose, as described above we enter into a contract with the service provider or other parties, that describes the purpose and requires the recipient to both keep that personal information confidential and not use it for any purpose except performing the contract.
We havenât sold your Personal Data over the last twelve months.
We take appropriate measures to ensure that all Personal Data is kept secure including security measures to prevent Personal Data from being accidentally lost, or used or accessed in an unauthorised way, for the duration of your use of our Services. We limit access to your Personal Data to those who have a genuine business need to know it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.
We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where We are legally required to do so.
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your Personal Data, we cannot guarantee the security of your data transmitted to the Website, therefore any transmission remains at your own risk. Once we have received your information, we will use strict procedures and security features in order to prevent unauthorised access.
Keeping your Personal Data up to dateIf your personal details change you may update them by accessing the relevant page of the Website, or by contacting Us at [email protected].
We will endeavour to update your Personal Data within thirty (30) days of any new or updated Personal Data being provided to Us, in order to ensure that the Personal Data We hold about you is as accurate and up to date as possible.
Where we store your Personal DataThe data that We collect from you and process as a result of your use of the Services may be transferred to, and stored at, a destination outside the UK, Switzerland or the European Economic Area ("EEA"). It may also be processed by staff operating outside the UK, Switzerland or the EEA who work for Us or for one of our suppliers. Such staff maybe engaged in, among other things, the fulfilment of your orders, the processing of your payment details and the provision of support services. By submitting your Personal Data, you agree to this transfer, storing or processing.
In particular, your data may be accessible to i) Workableâs staff in the USA or ii) may be stored by Workableâs hosting service provider on servers in the USA as well as in the EEA. The USA does not have the same data protection laws as the United Kingdom and the EEA. A Data Processing and Transfer Agreement has been signed between the entities of the Workable Group of Companies, and between Workable and each of its data processors. These Data Processor Agreements that are designed to help safeguard your privacy rights and give you remedies in the unlikely event of a misuse of your Personal Data. A full list of Workable's sub-processors can be found here.
If you would like further information please contact Us (see âContactâ below). We will not otherwise transfer your Personal Data outside of the United Kingdom or EEA or to any organisation (or subordinate bodies) governed by public international law or which is set up under any agreement between two or more countries.
How long we keep your Personal DataWe will hold all the data for so long as we have an obligation to You to provide you with the Services, as long as we have an obligation to the Customer to provide the Services, or as long as necessary to fulfill the purpose for which was initially collected and thereafter until such time as we delete the Customerâs account in accordance with our Customer Terms and Conditions. We will retain and use your Personal Data to the extent necessary to comply with any legal/accounting/reporting obligation.
Your personal information will be deleted on one of the following occurrences:
We do not knowingly collect or solicit Personal Data from children under 16; if you are a child under 16, please do not attempt to register for or otherwise use the Services or send us any Personal Data. If we learn we have collected Personal Data from a child under 16, we will delete that information as quickly as possible. If you believe that a child under 16 may have provided us Personal Data, please contact us at [email protected].
If you are a California resident, you have the rights outlined in this section. Please see the âExercising Your Rightsâ section below for instructions regarding how to exercise these rights. If there are any conflicts between this section and any other provision of this Policy and you are a California resident, the portion that is more protective of Personal Data shall control to the extent of such conflict. If you have any questions about this section or whether any of the following applies to you, please contact us at [email protected].
Right of AccessYou have the right to request certain information about our collection and use of your Personal Data over the past 12 months. We will provide you with the following information:
If we have disclosed your Personal Data for a business purpose over the past 12 months, we will identify the categories of Personal Data shared with each category of third party recipient.
Right of DeletionYou have the right to request that we delete the Personal Data that we have collected from you. Under the CCPA, this right is subject to certain exceptions: for example, we may need to retain your Personal Data to provide you with the Services or complete a transaction or other action you have requested. If your deletion request is subject to one of these exceptions, we may deny your deletion request.
Right to CorrectYou have a right to request correction of inaccurate personal information.
Right to Opt out of selling your personal InformationWorkable does not sell your personal information
Right to Opt out of sharing your personal InformationAlthough Workable does not sell your personal information, we may share in a few instances your personal information with third parties. âSharingâ under the CCPA, is broadly defined to cover the disclosing personal information for purposes of cross-context behavioral advertising, as for example targeting advertising based on personal information obtained from a consumerâs activity across distinctly-branded websites or services.
You can request to opt out of sharing your personal information as defined above by using our cookies preference banner.
Right to Limit the Use of Sensitive Personal InformationWorkable does not use or disclose Sensitive Personal Information for reasons other than permitted under the CCPA.
Non discrimination for Exercising Your CCPA RightsWe will not discriminate against you for exercising your rights under the CCPA. We will not deny you our goods or services, charge you different prices or rates, or provide you a lower quality of goods and services if you exercise your rights under the CCPA.
Right to Opt-out of Automated Decision-Making Technology (Profiling)Workable does not engage in automated decision-making or profiling.
Exercising Your RightsTo exercise the rights described above, you must send us a request that (1) provides sufficient information to allow us to verify that you are the person about whom we have collected Personal Data, and (2) describes your request in sufficient detail to allow us to understand, evaluate, and respond to it. Each request that meets both of these criteria will be considered a âValid Request.â We may not respond to requests that do not meet these criteria. We will only use Personal Data provided in a Valid Request to verify you and complete your request. You do not need an account to submit a Valid Request.
We will work to respond to your Valid Request within 45 days of receipt. We will not charge you a fee for making a Valid Request unless your Valid Request(s) is excessive, repetitive, or manifestly unfounded. If we determine that your Valid Request warrants a fee, we will notify you of the fee and explain that decision before completing your request.
You may submit a Valid Request using the following methods:
Emailing us at: [email protected]
Under California Civil Code Sections 1798.83-1798.84, California residents are entitled to contact us to prevent disclosure of Personal Data to third parties for such third partiesâ direct marketing purposes; in order to submit such a request, please contact us at [email protected].
Your browser may offer you a âDo Not Trackâ option, which allows you to signal to operators of websites and web applications and services that you do not wish such operators to track certain of your online activities over time and across different websites. Our Services do not support Do Not Track requests at this time. To find out more about âDo Not Track,â you can visit www.allaboutdnt.com.
Nevada Resident RightsIf you are a resident of Nevada, you have the right to opt-out of the sale of certain Personal Data to third parties who intend to license or sell that Personal Data. You can exercise this right by contacting us at [email protected] with the subject line âNevada Do Not Sell Requestâ and providing us with your name and the email address associated with your account. Please note that we do not currently sell your Personal Data as sales are defined in Nevada Revised Statutes Chapter 603A.
The Services are hosted and operated in the United States (âU.S.â) through Workable, Inc. and its service providers, and if you do not reside in the U.S., laws in the U.S. may differ from the laws where you reside. By using the Services, you acknowledge that any Personal Data about you, regardless of whether provided by you or obtained from a third party, is being provided to Workable, Inc. in the U.S. and will be hosted on U.S. servers, and you authorize Workable to transfer, store and process your information to and in the U.S., and possibly other countries. You hereby acknowledge and agree with the transfer of your data to the U.S.
For transfers of data outside the EEA, Switzerland and the UK to the US, We rely i) on the European Commission Standard Contractual Clauses ( âEE âSCCsâ) and the UK DTIA as approved by the ICO (all together the âSCCsâ), as our data transfer mechanism, or ii) the Data Privacy Frameworks if the recipient of the data adheres to the Data Privacy Framework principles.
Data Privacy Framework complianceWorkable Inc. is self-certified under the EU-U.S. Data Privacy Framework (âEU-U.S. DPFâ), the Swiss-U.S. Data Privacy Framework (âSwiss-U.S. DPFâ) and the UK Extension to the EU-U.S. DPF as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information from European Union member countries, the UK and Switzerland that have been transferred to the United States pursuant to the Data Privacy Framework. Workable has certified that it adheres to the Data Privacy Framework Principles with respect to such data. If there is any conflict between the terms of this privacy policy and data subject rights under the Data Privacy Framework Principles, the Data Privacy Framework Principles shall govern. To learn more about the Data Privacy Framework program, and to view our certification page, please visit https://www.dataprivacyframework.gov/.
With respect to Personal Data that have been received or transferred pursuant to the Privacy Framework, Workable Inc. is subject to the regulatory and enforcement powers of the U.S. Federal Trade Commission.
Pursuant to the Data Privacy Framework, EU, United Kingdom and Swiss individuals have the right to obtain our confirmation of whether we maintain personal information relating to you in the United States. Upon request, we will provide you with access to the personal information that we hold about you. You may also correct, amend, or delete the personal information we hold about you. An individual who seeks access, or who seeks to correct, amend, or delete inaccurate data transferred to the United States under the Data Privacy Framework, should direct their query to [email protected]. If requested to remove data, we will respond within a reasonable timeframe.
We will provide an individual opt-out choice, or opt-in for sensitive data, before we share your data with third parties other than our agents, or before we use it for a purpose other than which it was originally collected or subsequently authorized. To request to limit the use and disclosure of your personal information, please submit a written request to [email protected].
In certain situations, we may be required to disclose Personal Data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
In compliance with the Data Privacy Framework Principles, Workable commits to resolve complaints about your privacy and our collection or use of your personal information transferred to the United States pursuant to Data Privacy Framework. Please contact us at [email protected] with any questions, concerns or complaints relating to our Data Privacy Framework Certification.
We are committed to cooperate with the panel established by the EU data protection authorities (DPAs), the Swiss Federal Data Protection and Information Commissioner (FDPIC) and the UK ICO, with regard to unresolved complaints concerning data received in reliance on the EU-U.S. DPF, the Swiss-U.S. DPF and the UK Extension to the EU-U.S. DPF and you may have the possibility to engage in binding arbitration through the Data Privacy Framework Panel. More information can be found here.
In regard to onward transfers of personal data to third parties, Workable is responsible for ensuring that the third parties process such personal data in a manner consistent with the DPF Principles. Workable remains liable for the third partyâs failure to comply with the DPF Principles, unless Workable can prove that it is not responsible for the event giving rise to the damage.
Workable Inc. is based in the USA and it has appointed Workable Software Single Member Private Company to be its representative within the EEA and Workable Software Limited as its representative in the UK.
Workable Software Single Member Private Company is the EU representative of Workable Software Limited within the EEA and likewise Workable Software Limited is the UK representative of Workable Software Single Member Private Company.
Workable Software Single Member Private Company is registered in Greece with its office located at Leof. Kifisias 95-97, Marousi 151 25, Greece. Contact via the email: [email protected].
Workable Software Limited is registered in England and Wales with Company Registration Number 08125469 and having its registered office address at 5 Golden Square, 5th Floor, London, W1F 9BS, United Kingdom. Contact via the email: [email protected].
The Website may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and terms of use and that we do not accept any responsibility or liability for these policies and terms of use. Please check these policies before you submit any Personal Data to these websites.
We hope that We can resolve any query or concern you raise about our use of your information.
The General Data Protection Regulation and the UK GDPR also give you right to lodge a complaint with a supervisory authority, in particular (under the GDPR) in the European Union (or European Economic Area) state where you work, normally live or where any alleged infringement of data protection laws occurred. The supervisory authority in the UK is the Information Commissioner who may be contacted at https://ico.org.uk/concerns/ or telephone: 0303 123 1113.
The supervisory authority in Greece is the Hellenic Data Protection Authority, which may be contacted at Call Centre: +30-210 6475600 or E-mail: [email protected]
We reserve the right to modify this Privacy Policy at any time. Any changes we may make to our Policy in the future will be notified and made available to you using the Website. Your continued use of the Services and the Website shall be deemed your acceptance of the varied Privacy Policy.
If you have any questions about this Privacy Policy or want to report a potential data breach please reach out to [email protected]. Please note that Workableâs Data Protection Officer (DPO) responds to any requests submitted to [email protected], attention Workableâs DPO.
Last updated 12 March 2024.
You may print a copy of the previous version of Privacy Policy by clicking here.