Effective as of May 15 2019
Lever is committed to protecting your privacy. This Service Privacy Notice informs you how Lever collects, uses, secures and shares your information (“Personal Data”), as defined under the applicable law) when you use our talent recruiting platform and related services as a customer (“Service”). If you do not feel comfortable with any part of this Privacy Notice, please immediately cease using our Service and notify your IT administrator. This Privacy Notice may change from time to time. If we make a change to this Privacy Notice that we believe materially affects how we process your Personal Data or reduces your rights, we will provide you with notice.
1. Personal Data We Collect and Store
Personal Data is generally any information that identifies you or makes you identifiable. Any information that is anonymized or aggregated is no longer Personal Data. We may collect and store the following information from you in relation to the Service:
- Information You Provide. The purpose of the Service is to help you manage applicant and candidate data. To do that, we collect Personal Data, such as your name and email address. You may also provide additional information in the setup and ongoing use of the Service. We collect any information that you provide to us when you contact us for customer service, technical support, or for any other purposes. We may also collect information from third party software providers that your employer elects to connect to Lever (“Third Party Software Providers”). For more information on what information we collect from Third Party Software Providers, contact your employer and see our Privacy Notice Integration Addendum page here.
- Information from Others. We may also receive Personal Data, such as your email address, through other users, for example if they have tried to share something with you or tried to refer Lever to you. When you invite others to join Lever by using our invite page, we send them a one-time email for that referral.
- Candidate Data. As part of our Service under the contract with our customers, we store the information and data (usually about employee applicants or job candidates) you upload, download, or access with the Service (“Files”).
- Log Data. When you use the Service, we automatically record information from your device, its software, and your activity using the Service (“Log Data”). This may include the device’s Internet Protocol (“IP”) address, browser type, the web page visited before you came to our website, information you search for on our website, locale preferences, identification numbers associated with your devices, your mobile carrier, date and time stamps associated with transactions, system configuration information, metadata concerning your Files, and other interactions with the Service. We may use your IP address to identify the general geographic area from which you are accessing the website. While an IP address may reveal your ISP or geographic area, we cannot determine your identity solely based upon your IP address.
- Location Data. We may collect geolocation and proximity of your device if location services are enabled on your device ((e.g., GPS-based functionality on mobile devices used to access our website) and may use that information to customize the Interactions with location-based information and features. If you access our website through a mobile device and you do not want your device to provide us with location-tracking information, you can disable the GPS or other location-tracking functions on your device, provided your device allows you to do this.
- Lever Community. Our Service offers publicly accessible community services such as help forums. You should be aware that any information you provide in these areas is publicly available and may be read, collected, and used by others who access them. Your posts may remain even after you cancel your account.
2. Use of Personal Data
Your Personal Data may be used for the following purposes:
a) To provide our Service to you. We process your Personal Data to provide you with the Service you request. We share this information with Third-Party Services upon your request, or our service providers or partners to the extent necessary to provide you with the Service. We cannot provide you with Service without processing your Personal Data. We may also use information collected from Third Party Software Providers that your employer chooses to connect to Lever to enable additional functionality in the Lever Platform as described in our Privacy Notice Integration Addendum page here.
b) To contact you about the Service.When you sign up for our Service, we will send you administrative or account-related information to you to keep you updated about our Service, inform you of relevant security issues or updates, or provide other transaction-related information to you. We process your contact information to send you such communications. Service-related communications are not promotional in nature. You are not able to unsubscribe from such communications, otherwise you may miss important developments relating to your account or the Service that could affect your use of the Service.
c) To respond to your inquiries and provide customer service. We process your Personal Data when you contact us, such as with questions, concerns, feedback, disputes or issues. Without your Personal Data, we cannot respond to you or ensure your continued use and enjoyment of the Service.
d) To enforce our terms, agreements or policies. We process your Personal Data to actively monitor, investigate, prevent and mitigate any alleged or actual prohibited, illicit or illegal activities on our Service; investigate, prevent, or mitigate violations of our terms, agreements or policies; enforce our agreements with third parties and partners; and, as applicable, collect fees based on your use of our Service. We cannot perform our Service in accordance with our terms, agreements or policies without processing your Personal Data for such purposes.
e) To ensure the security of the Service. We are committed to ensuring your safety and continued enjoyment of our Service. To do so, we process your Personal Data to: combat spam, malware, malicious activities or security risks; improve and enforce our security measures; and to monitor and verify your identity so that unauthorized users do not access your account with us. We cannot ensure the security of our Service if we do not process your Personal Data for security purposes.
f) To maintain legal and regulatory compliance. Certain laws or regulations apply to our Service that may require us to process your Personal Data. For example, we may process your Personal Data to fulfill our business obligations as necessary to manage risk as required under applicable law. Without processing your Personal Data for such purposes, we cannot perform the Service in accordance with our legal and regulatory requirements.
h) To conduct research and development. To continue to provide you with continued updates to the Service, we collect information about the way you use and interact with our Service for research and development purposes. Research and development help us improve our Service and build new services and customized features. We take additional security measures when processing your Personal Data for such purposes, by de-identifying or anonymizing your information, and limiting access to personnel that may conduct research and development.
If, in the future, we use your Personal Data in any way that is not described in this Privacy Notice, we will disclose this to you. If you choose to limit the ways we can use your Personal Data, some or all of the Service may not be available to you.
3. Information Disclosure
We disclose your Personal Data as described below.
a) Service Providers, Business Partners and Others. We use certain trusted third-party companies and individuals to help us provide, analyze, and improve the Service (including but not limited to data storage, maintenance services, database management, web analytics, security, payment processing, and improvement of the Service’s features). For example, we use Amazon’s storage service to store some of your information (for more information on Amazon's security see https://aws.amazon.com/security/). These third parties may have access to your Personal Data only for purposes of performing these tasks on our behalf and under obligations similar to those in this Privacy Notice or our agreements with you.
b) Compliance with Laws and Law Enforcement Requests; Protection of Lever's Rights. We may disclose files stored in your Lever account and other information about you to third parties when we have a good faith belief that disclosure is reasonably necessary to: (a) comply with a law, regulation or legal requests including to meet national security or law enforcement requirements; (b) protect the safety of any person from death or serious bodily injury; (c) prevent fraud or abuse of Lever or its user, or (d) protect Lever’s property rights.
c) Business Transfers. If we are involved in a merger, acquisition, or sale of all or a portion of our assets, your information may be transferred as part of that transaction, but we will notify you (for example, via email and/or a prominent notice on our website) of any change in control or use of your Personal Data, or if either become subject to a different Privacy Notice. We will also notify you of choices you may have regarding the information.
4. Marketing Opt Out and Choice
If you sign up to receive marketing or informational announcements from us, such emails will include the capability to opt-out of receiving such e-mails in the future. Marketing and informational announcements include any communications to you that are only based on advertising or promoting products and services. Transactional communications about your account or the Service are not considered “marketing” or “informational” communications.
5. Third-Party Sources of Information & Third-Party Services
Lever’s Service provides you the option to integrate other third-party services with your Lever account. We are not responsible for what the third parties and their services do with your Personal Data or the information that you choose to share with them. Your use of these third-party services will be subject to their respective terms of service and privacy policies.
You may ask us to collect information about you or about others, such as candidates, from organizations. For example, you can ask us to import your contacts by giving us access to your third-party services (for example, your email account) or you can share your social networking information with us if you give us access via a social network connection service. Based on your instructions, we can also obtain or transfer data about others to third-party services, such as importing candidate information from third party sourcing integrations.
If you are acting on behalf of an employer using the Service, please note that you are responsible for complying with all applicable laws in relation to the Personal Data that you process on the Service.
6. Transfer of Personal Data
If you access or use our Service or provide your information to us, your Personal Data may be transferred to, processed and maintained on servers or databases located outside of the country or jurisdiction where you are located. Such countries or jurisdictions may have data protection laws that are less protective than the laws of the jurisdiction in which you reside. If you do not want your information transferred to or processed or maintained outside of the country or jurisdiction where you are located, you should not use our Service.
If you are located in the European Economic Area (“EEA”), the United Kingdom or Switzerland, we comply with applicable laws to provide an adequate level of data protection for the transfer of your Personal Data to the United States. Lever is certified under the EU-U.S. and the Swiss-U.S. Privacy Shield Framework and adheres to the Privacy Shield Principles. For more information, see Section 16 below.
Where applicable law requires us to ensure that an international data transfer is governed by a data transfer mechanism, we use one or more of the following mechanisms: EU Standard Contractual Clauses with a data recipient outside the EEA, verification that the recipient has implemented Binding Corporate Rules, or verification that the recipient adheres to the EU-US and Swiss-US Privacy Shield Framework.
The security of your information is important to us. We employ appropriate technical and organizational measures to ensure a level of security that is appropriate and follow generally accepted standards to protect the information submitted to us, both during transmission and once we receive it. No method of electronic transmission or storage is 100% secure, however. Therefore, we cannot guarantee its absolute security.
We have procedures in place to ensure we can react quickly to any possible issue. If you ever find a security issue, or simply have a security related concern, please reach out directly to us. The quickest and most effective way is by sending an email to email@example.com.
8. Accessing and Updating Your Personal Data
If you are a registered user, you may review, update, or correct the Personal Data provided in your registration or account profile by, for example, disconnecting your Gmail account. If your Personal Data changes, or if you no longer desire our service, you may update or delete it by making the change on your account settings. In some cases, we may retain copies of your Personal Data if required by law. For questions about your Personal Data on our Service, please contact firstname.lastname@example.org. We will use responsible efforts to respond to your inquiry as soon as practicable. When updating your Personal Data, we may ask you to verify your identity before we can act on your requests.
For individuals located in the European Economic Area, Switzerland or the United Kingdom during data collection, please refer to the Section 14 for more information about your privacy rights.
9. Data Retention
If you wish to cancel your account or request that we no longer use your Personal Data to provide you the Service, you may delete your account by sending a request to delete your account to email@example.com. We may retain and use your information as necessary to comply with our legal obligations, resolve disputes, or enforce our agreements. Consistent with these requirements, we will try to delete your information quickly upon request. Please note, however, that there might be latency in deleting information from our servers and backed-up versions might exist after deletion. In addition, we do not delete from our servers files any information that you have in common with other users. While retention requirements can vary by country, we generally apply the retention periods noted below. Please contact us if you have any questions about our retention periods.
- Interactions on Our Service. We may store any information about your interactions on our Service or any content created, posted or shared by you on our Services(e.g., pictures, comments, support tickets, and other content) after the closure of your account for the establishment or defense of legal claims, audit and crime prevention purposes.
- Telephone Records. As required by applicable law, we will inform you that a call will be recorded before doing so. Any telephone calls with you may be kept for a period of up to six years.
10. Our Policy Toward Children
Our Service is not directed to persons under 18, and we do not knowingly collect Personal Data from children under 18. Any individuals under the age of 18 must have consent from their parent or guardian to use the Service. If a parent or guardian becomes aware that his or her child has provided us with Personal Data without their consent, he or she should contact us at firstname.lastname@example.org. If we become aware that a child under 18 has provided us with Personal Data, we will take steps to delete such information from our files.
11. Additional Privacy Rights for Individuals in the EEA, UK and Switzerland
This section only applies to Interactions with individuals who are in the European Economic Area, United Kingdom or Switzerland (collectively, the “Designated Countries”) at the time of data collection.
Lever is a data controller with regard to any Personal Data collected from users of the Service. Any third parties that handle your Personal Data in accordance with our instructions are our service providers and are “data processors.” You are a “user.” Users are individuals providing Personal Data to us via the Service pursuant to a contract that has been entered into with Lever.
Marketing. We will only contact individuals located in the Designated Countries by electronic means (including email or SMS) based on our legitimate interests, as permitted by applicable law, or the individual’s consent. To the extent we can rely on legitimate interest under the applicable law, we will only send you information about our Services and other materials that are similar to those which were the subject of a previous Interaction with you. If you do not want us to use your Personal Data in this way please go to the email settings for your account to opt out, click an unsubscribe link in your emails, or contact us at email@example.com. You can object to direct marketing at any time and free of charge.
Additional Privacy Rights. We provide you with the rights described below. We may limit these privacy rights requests (a) where denial of access is required or authorized by law, (b) when granting access would have a negative impact on others’ privacy, (c) to protect our rights and properties, or (d) where the request is frivolous or burdensome. If you would like to exercise your rights under applicable law, please contact us at firstname.lastname@example.org. We may seek to verify your identity when we receive your privacy rights request to ensure the security of your Personal Data.
- Right to withdraw consent. For any consent-based processing of your Personal Data, you have the right to withdraw your consent. A withdrawal of consent will not affect the lawfulness of our processing or the processing of any third parties based on consent before your withdrawal.
- Right of access/right of portability. You may have the right to access the Personal Data that we hold about you, and in some limited circumstances, have the Personal Data provided to you so that you can provide that Personal Data to another controller.
- Right to rectification. You may request to correct any of your Personal Data in our files.
- Right to erasure. In certain circumstances, you may have a right to the erasure of your Personal Data that we hold on you.
- Right to restriction. You have the right to request that we restrict our processing of your Personal Data in certain circumstances.
- Right to object to processing. You have the right to object to our processing of your Personal Data at any time and as permitted by applicable law if we process your Personal Data on the legal bases of: consent; contract; or legitimate interests. We may continue to process your Personal Data if it is necessary for the defense of legal claims, or for any other exceptions permitted by applicable law.
- Notification to third parties. When we fulfill your individual rights requests for correction, erasure or restriction of processing, we will notify third parties also handling the relevant Personal Data unless this proves impossible or involves disproportionate effort.
- Right to Lodge Complaint. In compliance with the Privacy Shield Principles, we commit to resolve complaints about our collection or use of your Personal Data. If you have questions, or would like to exercise any of the above rights you may reach our Data Protection Officer (“DPO”) at email@example.com or our EU member representative VeraSafe by using this contact form: https://www.verasafe.com/privacy-services/contact-article-27-representative or via telephone at: +420 228 881 031.
The EU-U.S. and Swiss-U.S. Privacy Shield Frameworks. Lever complies with the EU-U.S. and the Swiss-U.S. Privacy Shield Frameworks as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of Personal Data transferred from the European Union, the United Kingdom and Switzerland to the United States. Lever has certified to the Department of Commerce that it adheres to the Privacy Shield Principles. The Federal Trade Commission has jurisdiction over Lever’s compliance with the Privacy Shield.
If there is any conflict between the terms in this Privacy Notice and the Privacy Shield Principles, the Privacy Shield Principles shall govern. In the context of an onward transfer, Lever has responsibility for the processing of Personal Data it receives under the Privacy Shield and subsequently transfers to a third party acting as an agent on its behalf. To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov/.
If you are a European, United Kingdom or Swiss data subject with an unresolved complaint or dispute arising under the requirements of the Privacy Shield Framework, we agree to refer your complaint under the Framework to an independent dispute resolution mechanism. Our independent dispute resolution mechanism is the International Centre for Dispute Resolution ("ICDR"), operated by the American Arbitration Association ("AAA"). For more information and to file a complaint, you may contact the International Centre for Dispute Resolution by phone at +1.212.484.4181, or by visiting the website http://go.adr.org/privacyshield.html,
Please note that if your complaint is not resolved through these channels, under limited circumstances, a binding arbitration option may be available before a Privacy Shield Panel. You also have a right to lodge a complaint with a competent supervisory authority situated in a Designated State of your habitual residence, place of work, or place of alleged infringement.
Legal Bases for Processing Personal Data. Our legal bases for collecting and using the Personal Data described above will depend on the type of Personal Data collected, the specific context in which we collect it and the purposes for which it is used. We rely on the following legal bases under the European Union’s General Data Protection Regulation in processing your Personal Data.
Section & Purposes of Processing
Legal Basis for Processing
2(a) To provide our Service to you
2(b) To contact you about the Service
2(c) To respond to your inquires and provide customer service
2(d) To enforce our terms, agreements or policies
3(a) Service Providers, Business Partners and Others
|Processing is based on our contract obligations or to take steps at the request of the individual prior to entering into a contract for the Service.|
2(g) To personalize your experience on the Service
2(h) To conduct research and development
Processing is based on our legitimate interest to better understand you, to maintain and improve the accuracy of the information we store about you, and to better promote or optimize our Service.
2(e) To ensure the security of the Service
2(f) To maintain legal and regulatory compliance
3(b) Compliance with Laws and Law Enforcement Rights; Protection of Lever’s Rights
3(c) Business Transfers
Processing is necessary for compliance with our legal obligations, the public interest, or in your vital interests.
12. Contacting Us
If you have any questions or complaints about this Privacy Notice, please contact Lever's DPO at firstname.lastname@example.org or send physical mail to:
155 5th Street, 6th Floor
San Francisco, California 94103
Attention: Lever DPO