Paradox, Inc. (“Paradox”) is a cloud software company that provides recruiting products and services (the “Services”) to employers that have entered into a written agreement with Paradox (“Clients”).
At Paradox, we take data privacy seriously. This Policy describes our privacy practices for the activities set out in this Policy including users of our Website and job applicants. Please read this Policy carefully, as it outlines how we collect, use, share, and otherwise process personal information from which an individual (and in some jurisdictions, a household) can be identified (“Personal Data”). Additionally, this Policy outlines your choices and rights with respect to our processing of your Personal Data.
This Policy does not apply to the information we process on behalf of our Clients, which is governed by the agreements we have in place with them. If you are a potential candidate, job applicant, or employee, who has submitted data to a Client, the use of your data is governed by the policies of that Client. For detailed privacy information regarding the use of your data by a Client, or to exercise your rights regarding such Personal Data, please reach out to that organization directly. Our Clients control the use of data we process on their behalf and determine their own privacy practices and security settings. Paradox may only access, share, distribute, or otherwise process personal data submitted to us by or on behalf of a Client as provided in the agreement between Paradox and that Client, as instructed by the Client or as may be permitted by law.
We are not responsible for the privacy or data security practices of our Clients, which may differ from those set forth in this Policy.
This Policy does not apply to employees of Paradox.
The Website (as defined below) and Services may contain links to other websites, applications and services maintained by third parties. The privacy and data protection practices of such third parties are governed by the privacy policies of those organizations. Please review the privacy policies of those organizations to better understand their privacy practices.
Paradox may process your Personal Data in a number of online and offline circumstances, including, without limitation, when you: (i) visit our websites that display or link to this Policy (the “Website”); (ii) visit our offices; (iii) communicate with Paradox via email, phone, or fax; (iv) fill out a form at a conference or event; (v) register to attend an event or webinar; (vi) access or download certain content (such as a whitepaper); or (vii) apply for a job at Paradox.
The type of Personal Data that we may collect from you directly depends on how you interact with Paradox, including, without limitation, via phone, in person, or via the Website, and for what purposes, including as a:
We also collect Personal Data about you from other sources including third parties from whom we have purchased business contact information and from publicly accessible websites, such as LinkedIn or your company’s website, professional network services, or press releases, which we may combine with Personal Data that you have provided to Paradox. Such Personal Data may include, without limitation, company information, phone numbers, job titles, mailing addresses, email addresses, employment history, and Personal Data available at public facing websites and/or social media profiles. Please note that publicly available information is not considered Personal Data in some jurisdictions.
When you visit the Website, our servers automatically record information that may include Personal Data. Personal Data we collect may include, without limitation: the web address you came from or are going to, your device model, your operating system, the type of web browser you are using, your internet service provider/mobile carrier, unique identifiers, your IP address, general location your mobile network carrier, the duration of your visit, your time zone, and additional information provided by your web browser or device. Whether we collect some or all of this information depends on the type of device you are using and your device settings. To learn more about what information your browser or device makes available to us, please check the policies of your device manufacturer or software provider. You may be able to control the Personal Data you provide to us through your settings and/or as described below.
We collect and process Personal Data for the following purposes, such as:
For UK and EU residents, further detail regarding these purposes and the associated lawful bases are set out in the European Addendum available at the following location: https://www.paradox.ai/legal/eu-addendum.
Paradox may disclose Personal Data and other information as follows:
We may disclose your Personal Data if we are required to do so by law or we, in good faith, believe that such action is necessary to: (i) comply with the law or with legal processes; (ii) protect and defend our rights and property; (iii) protect against misuse or unauthorized use of the Websites and/or Services; or (iv) protect the safety or property of our users or the public (among other things, this means that if you provide false information or attempt to pose as someone else, information about you may be disclosed as part of any investigation into your actions).
If Paradox goes through a business transition, such as a merger, acquisition, or sale of all or a portion of its assets, your Personal Data may be among the assets transferred.
We may disclose aggregate, or de-identified information about users for marketing, advertising, research, compliance, or other purposes.
We may transfer your Personal Data across borders to fulfil any of the purposes described in this Policy, which may make that Personal Data subject to applicable laws in those jurisdictions. You may contact us (as set out in Section 7, below) to obtain more information about our policies and practices regarding our transfer of Personal Data across borders, or to ask questions about the collection, use, disclosure or storage of Personal Data by us or our providers. Please visit Section 9.2 for additional information on how we transfer data in accordance with EU/UK requirements.
You may have the right to change your preferences or exercise certain control over your Personal Data. Where you have consented to our processing of your Personal Data, you may withdraw that consent at any time and prevent further processing by contacting us as described below subject to certain exceptions as described to you and/or allowed by law.
As described above, if you do not wish to receive promotional e-mails from us, you may change your preferences by following the unsubscribe link contained in the e-mail itself or contacting us as described below. Please also note that if you opt out of receiving promotional communications from us, we may continue to communicate with you regarding service-related issues. We maintain and process requests for telephone “do-not-call”, “do-not-mail”and do-not-contact lists as required by law
If you do not wish to continue receiving SMS messages, you may opt-out of receiving mobile message services by replying STOP, STOP ALL, UNSUBSCRIBE, CANCEL, END or QUIT to any mobile message that you have received from Paradox. After sending such message, you may receive an additional mobile message confirming your decision to opt-out.
You may stop or restrict the placement of cookies on your computer or remove them from your browser by adjusting your web browser preferences or by visiting the “Your Privacy Choices” link in the footer of the Website. Please note that blocking or deleting non-essential cookies may affect the Websites’ functionality and that any choice with regards to cookie-based advertising only applies to the web browser and device through which you exercise that choice. If you delete your cookies, you may need to reapply your choices. Additionally, you will still continue to see certain advertising, including potentially from Paradox, even if you opt-out of personalized advertising.
You can also control how participating third-party ad companies use the Personal Data that they collect about your visits to our Websites, and those of third parties, in order to display more relevant targeted advertising to you. If you are in the U.S., you can obtain more information and opt out of receiving targeted ads from participating third-party ad networks at aboutads.info/choices (Digital Advertising Alliance). You may also download the DAA AppChoices (https://youradchoices.com/appchoices) tool in order to help control interest-based advertising on apps on your mobile device). In addition, users in other countries may obtain more information at the following links:
In this section, we provide additional information to California residents about how we handle their Personal Data as defined under California privacy laws including the California Consumer Privacy Act, as amended (“CCPA”). This section does not apply to our handling of information that is exempt under the CCPA such as publicly available information, de-identified or aggregated information or information that is covered under another law such as HIPAA or the FCRA. This Policy also does not apply to the Personal Information we collect from our contractors, or our employees, which are subject to different notices.
Where we have committed to maintaining and using Personal Data in a deidentified form, we agree not to reidentify deidentified data except as permitted by applicable law.
As a Service Provider under the CCPA, we process or maintain Personal Data on behalf of our business Clients that provide Personal Data to us in compliance with written contracts that we enter into with our business Clients directly. Please note that for Personal Data that we process on behalf of a Client, in our capacity as a processor or service provider, we will provide reasonable assistance to that Client as necessary to enable them to respond to your requests to exercise your privacy rights.
In general, under the CCPA, we are a Business (as defined under the CCPA) when we operate our Website and act as an employer (employee notices are available on the intranet). As described in more detail in Section 5. How We Use Your Personal Data, we collect, use and otherwise process the above personal information in order to provide our Services to you, respond to and fulfil your orders and requests, as otherwise directed or consented to by you, and for the following business or commercial purposes: services and support, analytics and improvement, customization and personalization, marketing and advertising, planning and managing events, research and surveys, security and protection of rights, legal proceedings and obligations, and general business and operational support.
As a Business, we notify and provide California residents with the following rights with respect to their Personal Data, which are subject to certain exception:
For information on how to exercise such rights, please refer to Section 8.5, below.
While our collection, use and disclosure of Personal Data varies based upon our relationship and interactions with you, we describe, generally, the categories of Personal Data that we have collected about California residents in the prior twelve (12) months, as well as the categories of third parties to whom we may disclose this Personal Information for a business or commercial purpose. For more information about the business and commercial purposes, for which we may disclose your Personal Information, please see Section 5. How We Use Your Personal Data section above.
Sale and Sharing of Personal Information. Additionally, the CCPA defines "sale" as disclosing or making available to a third-party Personal Data in exchange for monetary or other valuable consideration, and “sharing” includes disclosing or making available Personal Data to a third party for purposes of cross-contextual behavioral advertising. While we do not disclose Personal Data to third parties in exchange for monetary compensation, we may disclose the following categories of Personal Data: identifiers, profiles and inferences, and internet or other electric network activity information to third party advertising networks, data analytics providers, and social networks for purposes of marketing and advertising. We do not sell or share Sensitive Personal Information, nor do we sell or share any Personal Information about individuals who we know are under sixteen (16) years old.
Sensitive Personal Information. Notwithstanding the purposes described above, we do not use or disclose of sensitive personal information beyond the purposes authorized by the CCPA. Accordingly, we only use and disclose sensitive personal information as reasonably necessary: to perform our services requested by you; to help ensure security and integrity, including to prevent, detect, and investigate security incidents; to detect, prevent and respond to malicious, fraudulent, deceptive, or illegal conduct; to verify or maintain the quality and safety of our services; for compliance with our legal obligations; to our service providers who perform services on our behalf; and for purposes other than inferring characteristics about you.
We may collect Personal Data from the sources and in the manner set out in Section 4 including: directly from the individual, advertising networks, data analytics providers, social networks, internet service providers, operating systems and platforms, government entities, and data brokers.
As a Business, Paradox takes all reasonable precautions to verify your identity in connection with fulfilling its responsibilities under the CCPA. The verification steps may vary — depending on the right and the nature and sensitivity of the Personal Data.
We will process your request based upon the information in our records that is linked or reasonably linkable to the information provided in your request. In some cases, additional information may be requested in order to verify your request or where necessary, to process your request. If we are unable to adequately verify a request, we will notify the requestor. Authorized agents may initiate a request on behalf of another individual by following the instructions above. Authorized agents will be required to provide proof of their authorization and/or we may also require that the relevant individual directly verify their identity and the authority of the authorized agent.
Personal Data collected by Paradox may be stored and processed in the United States or in any other country where Paradox or its affiliates, subsidiaries, or third-party service providers maintain facilities. When you provide Personal Data to Paradox, you consent to the processing and transfer of your information within the United States and around the world. We follow data protection laws applicable to us when transferring Personal Data.
A summary of applicable European privacy rights is set out below. You can find a detailed description of such rights as well as more detail regarding how Paradox processes Personal Data in compliance with European laws at the following location: https://www.paradox.ai/legal/eu-addendum.
Paradox may process your Personal Data outside of your jurisdiction, and in countries that are not subject to an adequacy decision by the European Commission or your local legislature or regulator, and that may not provide for the same level of data protection as your jurisdiction, such as the EEA. Paradox ensures that the recipient of your Personal Data offers an adequate level of protection and security, for instance by entering into the appropriate back-to-back agreements and, if required, standard contractual clauses for the transfer of data as approved by the European Commission (Art. 46 GDPR).
Although the Court of Justice of the European Union issued a judgment declaring as “invalid” the adequacy of the protection provided by the EU-US Privacy Shield for the purposes of a legal valid transfer mechanism, this decision does not relieve participants in the EU-US Privacy Shield of their obligations under the framework.
Paradox complies with both the EU-U.S. Privacy Shield framework and the Swiss-U.S. Privacy Shield framework asset forth by the U.S. Department of Commerce regarding the collection, use, and retention of Personal Data transferred from the European Union and the United Kingdom to the United States, and from Switzerland to theUnited States, respectively. Paradox has certified to the Department of Commerce that it adheres to the Privacy Shield principles. If there is any conflict between the terms in this Policy and the Privacy Shield principles, the Privacy Shield principles shall govern. To learn more about the Privacy Shield program, and to view our certification, please visit privacyshield.gov.
In compliance with Privacy Shield principles, Paradox commits to resolve complaints about our collection or use of your Personal Data. EU, UK and/or Swiss individuals with inquiries regarding our Privacy Shield policy should first contact Paradox, as set out under Section 11.2.
Paradox has further committed to refer unresolved Privacy Shield complaints to an independent dispute resolution mechanism, the BBB EU Privacy Shield. If you do not receive timely acknowledgement of your complaint from us, or if we have not resolved your complaint, please contact or visit www.bbb.org/EU-privacy-shield/for-euconsumers for more information or to file a complaint. This service is provided to you free of charge.
If your Privacy Shield complaint cannot be resolved through the above channels, under certain conditions, you may invoke binding arbitration for some residual claims not resolved by other redress mechanisms. See Privacy Shield Annex 1 at https://www.privacyshield.gov/article?id=ANNEX-I-introduction. Pursuant to the Privacy Shield principles Paradox acknowledges that we remain liable for the onward transfer of data to third parties acting as our agents unless we can prove we were not a party to the events giving rise to the damages. We may be required to release Personal Data in response to lawful requests by public authorities including to meet national security and law enforcement requirements.
The Federal Trade Commission has jurisdiction over Paradox’s compliance with the Privacy Shield.
The following apply to individuals in Canada:
Paradox employs reasonable and appropriate physical and logical security measures designed to protect Personal Data. Please be aware that despite these measures, no data security measures can guarantee 100% security.
You should take steps to protect against unauthorized access to your password, mobile device, and computer by, among other things, signing off after using a shared computer, choosing a robust and unique password for each account that nobody else knows or can easily guess, and keeping your log-in and password private. You are responsible for maintaining the security of your password or other form of authentication involved in accessing password-protected or secured resources. In order to protect you and your information, Paradox may suspend your use of the Website and/or services without notice, pending an investigation, if any suspicious activity or security breach is suspected. We are not responsible for any lost, stolen, or compromised passwords or for any unauthorized account activity that may result.
We will retain your Personal Data as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements, subject to certain exceptions as described to you and/or allowed by law. Our Clients and other third parties may have different practices, and you should refer to their privacy policies.
We may retain your Personal Data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation or other lawful basis.
To determine the appropriate retention period for Personal Data, we consider the amount, nature and sensitivity of the Personal Data, the potential risk of harm from unauthorized use or disclosure of your Personal Data, the purposes for which we process your Personal Data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting, compliance or other requirements.
Paradox does not direct any of its communications to, or knowingly collect Personal Data from, children. If we discover that a child has provided us with Personal Data, we will promptly delete such Personal Data from our systems
We reserve the right to change or update this Policy at any time. Changes to the Policy will be posted at this URL. We encourage you to periodically review this Policy for any changes.
If you have any questions regarding our Policy, or if at any time after providing your Personal Data to Paradox, you want to change your Personal Data, or if you would like to assert any of the rights listed above, please direct your request to firstname.lastname@example.org, call us at (888) 283-4817, or contact us via postal mail at the contact information listed below
Alternatively, you may reach us by addressing regular mail to the following addresses:
Attention: Privacy or Data Protection Officer
6330 E. Thomas Rd., Suite #200
Scottsdale, Arizona 85251