Data Privacy Framework Notice

Paradox, Inc. (“Paradox”) is a cloud software company that provides recruiting products and services (the “Services”) to organisations or individuals (“Client” or “Clients”) that have entered into a written agreement with Paradox.

This Data Privacy Framework Notice (“Notice”) describes our processing of Client personal data under the Data Privacy Framework .

Paradox processes personal data pursuant to  the agreement we have in place with each applicable Client. If there is a conflict between this Notice and such agreement(s) it will be such agreement(s) that will supersede this Notice.

If you are a potential candidate, job applicant, or employee, who has submitted personal data to a Client, the use of your personal data is governed by the policies of that Client. For more detailed privacy information regarding the use of your personal data by a Client, or to exercise your rights regarding such personal data, you must reach out to that organization directly.

Each Client controls and determines how data is processed by Paradox on their behalf and the associated privacy practices and security settings. Paradox may only access, share, distribute, or otherwise process personal data submitted to us by or on behalf of a Client as provided in the agreement between Paradox and that Client, as otherwise instructed by the Client, or as required by law.

Paradox is not responsible for the privacy or security practices of its Clients.

Where Paradox processes personal data on behalf of a Client, we act as a data processor. This means that the applicable Client is responsible for your data and may determine what personal data is collected and what processing activity is performed on such data. It is the responsibility of the Client to notify you of exactly what types of personal data has been collected about you. 

In connection with the Services that Paradox provides to its Clients, Paradox may receive data by or on behalf of the Client, the extent of which is determined and controlled by the Client in its sole discretion, and which often includes the following types of personal data:

• Contact information: Such as name, postal address, email address, and phone number.
• Educational information: Such as references, qualifications, driving information, salary information, professional memberships, hours of work, title, payslips, and performance.
• Assessment information: Such as results from personality and job suitability assessments.Screening information: Such as criminal record(s)/history.
• Screening information: Such as criminal record(s)/history.
• IP Address

Where Paradox processes personal data on behalf of aClient, we act as a data processor. This means that the Client is responsible for and determines the purposes for which it collects and uses personal data. It is the responsibility of the Client to notify you of the exact purposes for which it collects and uses personal data. If you submit a request via the Services to know, for example, the exact purposes for which your personal data is collected and used, the request will be processed in accordance with the Client’s instructions.

Paradox may disclose personal data that it processes on behalf of a Client to third parties used by Paradox in its connection with the provision of Paradox Services. Therefore, it is likely that Paradox may disclose personal data to the following types of third parties:

• Affiliates: We may disclose the personal data to our affiliates or subsidiaries.
• Service Providers: We may disclose personal data to third-party service providers who use this information to perform services for us, such as hosting providers, cloud services providers, customer service providers, event planners advisors, consultants, and/or support providers.
• Translation Providers: We may disclose personal data to third-party service providers who use this information to translate it into a different language.
• Ticket and Support Providers: We may disclose personal data to third-party providers to help us triage, prioritize and respond to support requests such as ticketing systems.
• ‍Hosting Providers: We may disclose personal data to third-party providers who store data for us such as comprehensive cloud computing platforms and databases.
• Messaging Providers: Third parties that help provide the messaging service including, but not limited to, platform providers, phone companies, and other vendors who assist us in the delivery of text messages.
  Artificial Intelligence Providers: We use third parties artificial intelligence to help us understand, interpret, and generate human language, allowing our computers to interact with humans in a natural way.
• ‍Productivity and Collaboration Tools Providers: We may use third parties who provide our staff with tools designed to facilitate communication, content creation (for business use) and collaboration. For example, but not limited to, tools that enable our staff to create documents, presentations, send emails, hold virtual meetings, and create electronic/virtual events.

Paradox may also disclose personal data if we are required to do so by law or we, in good faith, believe that such action is necessary to: (i) comply with the law or with legal processes; (ii) comply with a lawful public authority request, including to meet national security or law enforcement enquiries; (ii) protect and defend our rights and property; (iii) protect against misuse or unauthorized use of the Websites and/or Services; or (iv) protect the safety or property of our users or the public. If Paradox goes through a business transition, such as a merger, acquisition, or sale of all or a portion of its assets, personal data may also be among the assets transferred.

It is the Client’s responsibility to notify you of the specific third parties with whom personal data is disclosed. If you submit a request via the Services to know the specific third-parties with whom your data is disclosed, the request will be processed in accordance with the Client’s instructions.

For personal data that Paradox receives under the DPF, Paradox remains liable under the DPF Principles if a third-party that it engages to process personal data on its behalf does so in a manner inconsistent with the DPF Principles, unless Paradox proves that it is not responsible for the event giving rise to the damage.

Depending on where you live or reside, or otherwise, you may have certain rights relating to the personal data we process in relation to you, we call these “data subject rights”. Where we process your personal data on behalf of our Clients, and thus are a data processor, we have set out below how we will respond to requests from you in relation to these data subject rights:

• Access: You may have the right to request access to/get a copy of your personal data that we process in relation to you. 
• Limitation: You may have the right to request the use and disclosure of your personal data that we process in relation to you be limited.

Paradox processes personal data on behalf of our Clients, and as such we act as a data processor. This means that it is our Client(s) responsibility to determine how they respond to, enable or comply with your data subject rights. Accordingly, where you seek to exercise your data subject rights as it relates to your personal data for which our Client is responsible, you may: (i) submit your request to the Client via the Paradox Services and Paradox will process the request in accordance with the Client’s instructions; or (ii) reach out to the Client directly, for example, via a mechanism described in the Client's privacy notice.

Paradox complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. Paradox has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF.  Paradox has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF.  If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern.  To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit Data privacy framework website.The following US based subsidiaries adhere to the DPF principles and are covered under Paradox’s DPF submission:

• Woofound, Inc. d/b/a Traitify, 6330 E. Thomas Road, Suite #200, Scottsdale, Arizona 85251.

In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, Paradox commits to resolve DPF Principles-related complaints about our collection and use of your personal information.  EU and UK and Swiss individuals with inquiries or complaints regarding our handling of personal data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF should first contact Paradox at: privacy@paradox.ai.

In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, Paradox commits to refer unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF to BBB National Programes, an alternative dispute resolution provider based in the United States.  If you do not receive timely acknowledgment of your DPF Principles-related complaint from us, or if we have not addressed your DPF Principles-related complaint to your satisfaction, please visit www.bbbprograms.org/dpf-complaints for more information or to file a complaint.  The services of BBB National Programes are provided at no cost to you.

The Federal Trade Commission has jurisdiction over Paradox’s compliance with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF).

Under certain conditions, if your DPF complaint cannot be resolved by any of the other DPF mechanisms you may invoke binding arbitration. See ANNEX-I-introduction for more information.