Service Privacy Notice

Effective as of 6 October 2020
Lever is committed to protecting your privacy. This Service Privacy Notice (“Privacy Notice”) informs you how Lever collects, uses, secures and shares your information (“Personal Data”), as defined under the applicable law) when you use Lever’s talent recruiting platform and related services as a customer (“Service”). If you do not feel comfortable with any part of this Privacy Notice, please immediately cease using Lever’s Service and notify your IT administrator.

1. Changes to Lever’s Privacy Notice

This Privacy Notice may change from time to time. If Lever make a change to this Privacy Notice that Lever believe materially affects how Lever process your Personal Data, Lever will provide notice of such change on Lever’s website. By continuing your Interactions after those changes become effective, you accept the provisions of Lever’s revised Privacy Notice.
In addition, Lever may provide you with “just-in-time” disclosures or additional information about the data collection, use and sharing practices. These notices may provide more information about Lever’s privacy practices, or provide you with additional choices about how Lever process your Personal Data. The notices and information are subject to this Privacy Notice unless specifically indicated otherwise in the notice.

2. Personal Data Lever Collect and Store

Personal Data is generally any information that identifies you or makes you identifiable. Any information that is anonymized or aggregated is no longer Personal Data. Lever may collect and store the following information from you in relation to the Service:

• Information You Provide. The purpose of the Service is to help you manage applicant and candidate data. To do that, Lever collects Personal Data, such as your name and email address. You may also provide additional information in the setup and ongoing use of the Service. Lever collect any information that you provide to Lever when you contact Lever for customer service, technical support, or for any other purposes. Lever may also collect information from third party software providers that your employer elects to connect to Lever (“Third Party Software Providers”). For more information on what information Lever collect from Third Party Software Providers, contact your employer and see Lever’s Privacy Notice Integration Addendum page here.
• Information from Others. Lever may also receive Personal Data, such as your email address, through other users, for example if they have tried to share something with you or tried to refer Lever to you. When you invite others to join Lever by using Lever’s invite page, Lever send them a one-time email for that referral.
• Candidate Data. As part of Lever’s Service under the contract with Lever’s customers, Lever store the information and data (usually about employee applicants or job candidates) you upload, download, or access with the Service (“Files”).
• Log Data. When you use the Service, Lever automatically record information from your device, its software, and your activity using the Service (“Log Data”). This may include the device’s Internet Protocol (“IP”) address, browser type, the web page visited before you came to Lever’s website, information you search for on Lever’s website, locale preferences, identification numbers associated with your devices, your mobile carrier, date and time stamps associated with transactions, system configuration information, metadata concerning your Files, and other interactions with the Service. Lever may use your IP address to identify the general geographic area from which you are accessing the website. While an IP address may reveal your ISP or geographic area, Lever cannot determine your identity solely based upon your IP address.
• Location Data. Lever may collect geolocation and proximity of your device if location services are enabled on your device (e.g., GPS-based functionality on mobile devices used to access Lever’s website) and may use that information to customize the Interactions with location-based information and features. If you access Lever’s website through a mobile device and you do not want your device to provide Lever with location-tracking information, you can disable the GPS or other location-tracking functions on your device, provided your device allows you to do this.
• Cookies. Lever use “cookies” to collect information and improve Lever’s Service. A cookie is a small data file that Lever transfer to your device. Lever may use “persistent cookies” to save your registration ID and login password for future logins to the Service. Lever may use “session ID cookies” to enable certain features of the Service, to better understand how you interact with the Service and to monitor aggregate usage and web traffic routing on the Service. For more information on how Lever use Cookies and similar technologies, please see Lever’s Cookie Policy.
• Lever Community. Lever’s Service offers publicly accessible community services such as help forums. You should be aware that any information you provide in these areas is publicly available and may be read, collected, and used by others who access them. Your posts may remain even after you cancel your account.

3. Use of Personal Data

Your Personal Data may be used for the following purposes:

a) To provide Lever’s Service to you. Lever process your Personal Data to provide you with the Service you request. Lever share this information with Third-Party Services upon your request, or Lever’s service providers or partners to the extent necessary to provide you with the Service. Lever cannot provide you with Service without processing your Personal Data. Lever may also use information collected from Third Party Software Providers that your employer chooses to connect to Lever to enable additional functionality in the Lever Platform as described in Lever’s Privacy Notice Integration Addendum page here.

b) To contact you about the Service. When you sign up for Lever’s Service, Lever will send you administrative or account-related information to you to keep you updated about Lever’s Service, inform you of relevant security issues or updates, or provide other transaction-related information to you. Lever process your contact information to send you such communications. Service-related communications are not promotional in nature. You are not able to unsubscribe from such communications, otherwise you may miss important developments relating to your account or the Service that could affect your use of the Service.

c) To respond to your inquiries and provide customer service. Lever process your Personal Data when you contact us, such as with questions, concerns, feedback, disputes or issues. Without your Personal Data, Lever cannot respond to you or ensure your continued use and enjoyment of the Service.

d) To enforce Lever’s terms, agreements or policies. Lever process your Personal Data to actively monitor, investigate, prevent and mitigate any alleged or actual prohibited, illicit or illegal activities on Lever’s Service; investigate, prevent, or mitigate violations of Lever’s terms, agreements or policies; enforce Lever’s agreements with third parties and partners; and, as applicable, collect fees based on your use of Lever’s Service. Lever cannot perform Lever’s Service in accordance with Lever’s terms, agreements or policies without processing your Personal Data for such purposes.

e) To ensure the security of the Service. Lever is committed to ensuring your safety and continued enjoyment of Lever’s Service. To do so, Lever processes your Personal Data to: combat spam, malware, malicious activities or security risks; improve and enforce Lever’s security measures; and to monitor and verify your identity so that unauthorized users do not access your account with us. Lever cannot ensure the security of Lever’s Service if Lever does not process your Personal Data for security purposes.

f) To maintain legal and regulatory compliance. Certain laws or regulations apply to Lever’s Service that may require Lever to process your Personal Data. For example, Lever may process your Personal Data to fulfill Lever’s business obligations as necessary to manage risk as required under applicable law. Without processing your Personal Data for such purposes, Lever cannot perform the Service in accordance with Lever’s legal and regulatory requirements.

g) To personalize your experience on the Service. Lever provide you with third-party services, plugins, and many other options to personalize your experience on Lever’s Service. In addition, Lever also use cookies and similar tracking technology for such purposes – please see Lever’s Cookie Policy for more information. By personalizing the Service, you get to enjoy Lever’s Service even more because Lever keep track of your preferences (e.g. your language selection, your time zone, etc.), connect all your favorite third-party services to Lever’s Service. Without processing your Personal Data for such purposes, you may not be able to access or personalize part or all Lever’s Service.

h) To conduct research and development. To continue to provide you with continued updates to the Service, Lever collect information about the way you use and interact with Lever’s Service for research and development purposes. Research and development help Lever improve Lever’s Service and build new services and customized features. Lever take additional security measures when processing your Personal Data for such purposes, by de-identifying or anonymizing your information, and limiting access to personnel that may conduct research and development.

If, in the future, Lever use your Personal Data in any way that is not described in this Privacy Notice, Lever will disclose this to you. If you choose to limit the ways Lever can use your Personal Data, some or all of the Service may not be available to you.

4. Information Disclosure

We disclose your Personal Data as described below.

a) Service Providers, Business Partners and Others. Lever use certain trusted third-party companies and individuals to help Lever provide, analyze, and improve the Service (including but not limited to data storage, maintenance services, database management, web analytics, security, payment processing, and improvement of the Service’s features). For example, Lever use Amazon’s storage service to store some of your information (for more information on Amazon's security see https://aws.amazon.com/security/). These third parties may have access to your Personal Data only for purposes of performing these tasks on Lever’s behalf and under obligations similar to those in this Privacy Notice or Lever’s agreements with you.

b) Compliance with Laws and Law Enforcement Requests; Protection of Lever's Rights. Lever may disclose files stored in your Lever account and other information about you to third parties when Lever have a good faith belief that disclosure is reasonably necessary to: (i) comply with a law, regulation or legal requests including to meet national security or law enforcement requirements; (ii) protect the safety of any person from death or serious bodily injury; (iii) prevent fraud or abuse of Lever or its user, or (iv) protect Lever’s property rights.

c) Business Transfers. If Lever are involved in a merger, acquisition, or sale of all or a portion of Lever’s assets, your information may be transferred as part of that transaction, but Lever will notify you (for example, via email and/or a prominent notice on Lever’s website) of any change in control or use of your Personal Data, or if either become subject to a different Privacy Notice. Lever will also notify you of choices you may have regarding the information.

5. Marketing Opt Out and Choice

If you sign up to receive marketing or informational announcements from us, such emails will be subject to the privacy notice located at www.lever.co/privacy-notice. Transactional communications about your account or the Service are not considered “marketing” or “informational” communications and are part of the Services.

6. Third-Party Sources of Information & Third-Party Services

Lever’s Service provides you the option to integrate other third-party services with your Lever account. Lever are not responsible for what the third parties and their services do with your Personal Data or the information that you choose to share with them. Your use of these third-party services will be subject to their respective terms of service and privacy policies.

You may ask Lever to collect information about you or about others, such as candidates, from organizations. For example, you can ask Lever to import your contacts by giving Lever access to your third-party services (for example, your email account) or you can share your social networking information with Lever if you give Lever access via a social network connection service. Based on your instructions, Lever can also obtain or transfer data about others to third-party services, such as importing candidate information from third party sourcing integrations.

If you are acting on behalf of an employer using the Service, please note that you are responsible for complying with all applicable laws in relation to the Personal Data that you process on the Service.

7. Transfer of Personal Data

If you access or use Lever’s Service or provide your information to us, your Personal Data may be transferred to, processed and maintained on servers or databases located outside of the country or jurisdiction where you are located. Such countries or jurisdictions may have data protection laws that are less protective than the laws of the jurisdiction in which you reside. If you do not want your information transferred to or processed or maintained outside of the country or jurisdiction where you are located, you should not use Lever’s Service.

If you are located in the European Economic Area (“EEA”), the United Kingdom or Switzerland, Lever complies with applicable laws to provide an adequate level of data protection for the transfer of your Personal Data to the United States. Lever is certified under the EU-U.S. and the Swiss-U.S. Privacy Shield Framework and adheres to the Privacy Shield Principles. For more information, see Section 13 below.

Where applicable law requires Lever to ensure that an international data transfer is governed by a data transfer mechanism, Lever will use an appropriate lawful transfer mechanism.

8. Security

The security of your information is important to us. Lever employ appropriate technical and organizational measures to ensure a level of security that is appropriate and follow generally accepted standards to protect the information submitted to us, both during transmission and once Lever receive it. No method of electronic transmission or storage is 100% secure, however. Therefore, Lever cannot guarantee its absolute security.

Lever does have procedures in place to ensure Lever can react quickly to any possible issue. If you ever find a security issue, or simply have a security-related concern, please reach out directly to Lever. The quickest and most effective way is by sending an email to privacy@lever.co.

9. Accessing and Updating Your Personal Data

If you are a registered user, you may review, update, or correct the Personal Data provided in your registration or account profile by, for example, disconnecting your Gmail account. If your Personal Data changes, or if you no longer desire Lever’s service, you may update or delete it by making the change on your account settings. In some cases, Lever may retain copies of your Personal Data if required by law. For questions about your Personal Data on Lever’s Service, please contact privacy@lever.co. Lever will use responsible efforts to respond to your inquiry as soon as practicable. When updating your Personal Data, Lever may ask you to verify your identity before Lever can act on your requests.

Individuals located in the European Economic Area, Switzerland, or the United Kingdom during data collection, or that are California residents should refer to the relevant sections below for more information about their access, correction and other rights in relation to their Personal Data.

10. Data Retention

If you wish to cancel your account or request that Lever no longer use your Personal Data to provide you the Service, you may delete your account by sending a request to delete your account to privacy@lever.co. Lever may retain and use your information as necessary to comply with Lever’s legal obligations, resolve disputes, or enforce Lever’s agreements. Consistent with these requirements, Lever will try to delete your information quickly upon request. Please note, however, that there might be latency in deleting information from Lever’s servers and backed-up versions might exist after deletion. In addition, Lever do not delete from Lever’s servers files any information that you have in common with other users. While retention requirements can vary by country, Lever generally apply the retention periods noted below. Please contact Lever if you have any questions about Lever’s retention periods.

• Interactions on Lever’s Service. Lever may store any information about your interactions on Lever’s Service or any content created, posted or shared by you on Lever’s Services (e.g., pictures, comments, support tickets, and other content) after the closure of your account for the establishment or defense of legal claims, audit and crime prevention purposes.
• Web Behavior Data. Lever retain any information collected via cookies, clear gifs, flash cookies, webpage counters and other technical or analytics tools up to one year from expiry of the cookie or the date of collection. Please refer to Lever’s Cookie Policy for more information.
• Telephone Records. As required by applicable law, Lever will inform you that a call will be recorded before doing so. Any telephone calls with you may be kept for a period of up to six years

11. Lever’s Policy Toward Children

Lever’s Service is not directed to persons under 18, and Lever do not knowingly collect Personal Data from children under 18. Any individuals under the age of 18 must have consent from their parent or guardian to use the Service. If a parent or guardian becomes aware that his or her child has provided Lever with Personal Data without their consent, he or she should contact Lever at privacy@lever.co. If Lever become aware that a child under 18 has provided Lever with Personal Data, Lever will take steps to delete such information from Lever’s files.

12. California Privacy Rights

A business subject to California Civil Code section 1798.83 is required to disclose to its California customers, upon request, the identity of any third parties to whom the business has disclosed Personal Data information within the previous calendar year, along with the type of Personal Data disclosed, for the third parties' direct marketing purposes. Please note that under California law, businesses are only required to respond to a customer request once during any calendar year. If you are a California resident and would like to make either type of request described above, please contact Lever at privacy@lever.co.

13. Additional Privacy Rights for Individuals in the EEA, UK and Switzerland

This section only applies to Interactions with individuals who are in the European Economic Area, United Kingdom or Switzerland (collectively, the “Designated Countries”) at the time of data collection.

Lever is a data controller with regard to any Personal Data collected from users of the Service. Any third parties that handle your Personal Data in accordance with Lever’s instructions are Lever’s service providers and are “data processors.” You are a “user.” Users are individuals providing Personal Data to Lever via the Service pursuant to a contract that has been entered into with Lever.

a) Marketing. Lever will only contact individuals located in the Designated Countries by electronic means (including email or SMS) based on Lever’s legitimate interests, as permitted by applicable law, or the individual’s consent. To the extent Lever can rely on legitimate interest under the applicable law, Lever will only send you information about Lever’s Services and other materials that are similar to those which were the subject of a previous Interaction with you. If you do not want Lever to use your Personal Data in this way please go to the email settings for your account to opt out, click an unsubscribe link in your emails, or contact Lever at privacy@lever.co. You can object to direct marketing at any time and free of charge.

b) Additional Privacy Rights. Lever provide you with the rights described below. Lever may limit these privacy rights requests (i) where denial of access is required or authorized by law, (ii) when granting access would have a negative impact on others’ privacy, (iii) to protect Lever’s rights and properties, or (iv) where the request is frivolous or burdensome. If you would like to exercise your rights under applicable law, please contact Lever at privacy@lever.co. Lever may seek to verify your identity when Lever receive your privacy rights request to ensure the security of your Personal Data.

• • Right to withdraw consent. For any consent-based processing of your Personal Data, you have the right to withdraw your consent. A withdrawal of consent will not affect the lawfulness of Lever’s processing or the processing of any third parties based on consent before your withdrawal.
  • Right of access/right of portability. You may have the right to access the Personal Data that Lever hold about you, and in some limited circumstances, have the Personal Data provided to you so that you can provide that Personal Data to another controller.
  • Right to rectification. You may request to correct any of your Personal Data in Lever’s files.
  • Right to erasure. In certain circumstances, you may have a right to the erasure of your Personal Data that Lever hold on you.
  • Right to restriction. You have the right to request that Lever restrict Lever’s processing of your Personal Data in certain circumstances.
  • Right to object to processing. You have the right to object to Lever’s processing of your Personal Data at any time and as permitted by applicable law if Lever process your Personal Data on the legal bases of: consent; contract; or legitimate interests. Lever may continue to process your Personal Data if it is necessary for the defense of legal claims, or for any other exceptions permitted by applicable law.
  • Notification to third parties. When Lever fulfill your individual rights requests for correction, erasure or restriction of processing, Lever will notify third parties also handling the relevant Personal Data unless this proves impossible or involves disproportionate effort.
  • Right to Lodge Complaint. If you have questions, or would like to exercise any of the above rights  you may reach Lever’s Data Protection Officer (“DPO”) at privacy@lever.co. You may also contact Lever’s EU member representative VeraSafe by using this contact form:  https://www.verasafe.com/ privacy-services/contact- article-27-representative  or via telephone at: +420 228 881 031.You may contact Lever's United Kingdom member representative Verasafe using this  contact form:  https://verasafe.com/public- resources/contactdata- protection-representative  or via telephone at +44 (20) 4532 2003.

c) The EU-U.S. and Swiss-U.S. Privacy Shield Frameworks. Lever complies with the EU-U.S. and the Swiss-U.S. Privacy Shield Frameworks as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of Personal Data transferred from the European Union, the United Kingdom and Switzerland to the United States. Lever has certified to the Department of Commerce that it adheres to the Privacy Shield Principles. The Federal Trade Commission has jurisdiction over Lever’s compliance with the Privacy Shield.
If there is any conflict between the terms in this Privacy Notice and the Privacy Shield Principles, the Privacy Shield Principles shall govern. In the context of an onward transfer, Lever has responsibility for the processing of Personal Data it receives under the Privacy Shield and subsequently transfers to a third party acting as an agent on its behalf. To learn more about the Privacy Shield program, and to view Lever’s certification, please visit https://www.privacyshield.gov/.
If you are a European, United Kingdom or Swiss data subject with an unresolved complaint or dispute arising under the requirements of the Privacy Shield Framework, Lever agree to refer your complaint under the Framework to an independent dispute resolution mechanism. Lever’s independent dispute resolution mechanism is the International Centre for Dispute Resolution ("ICDR"), operated by the American Arbitration Association ("AAA"). For more information and to file a complaint, you may contact the International Centre for Dispute Resolution by phone at +1.212.484.4181, or by visiting the website http://go.adr.org/privacyshield.html.

Please note that if your complaint is not resolved through these channels, under limited circumstances, a binding arbitration option may be available before a Privacy Shield Panel. You also have a right to lodge a complaint with a competent supervisory authority situated in a Designated State of your habitual residence, place of work, or place of alleged infringement.

d) Legal Bases for Processing Personal Data. Lever’s legal bases for collecting and using the Personal Data described above will depend on the type of Personal Data collected, the specific context in which Lever collect it and the purposes for which it is used. Lever rely on the following legal bases under the European Union’s General Data Protection Regulation in processing your Personal Data.

14. Contacting Us

If you have any questions or complaints about this Privacy Notice, please contact Lever's DPO at privacy@lever.co or send physical mail to:

Lever, Inc.
1125 Mission Street
San Francisco, California 94103
Attention: Lever DPO