Paradox Privacy Policy

Paradox, Inc. (“Paradox”) is a cloud software company that provides recruiting products and services (the “Services”) to employers that have entered into a written agreement with Paradox (each a “Client” and collectively “Clients”). 

At Paradox, we take data privacy seriously. This Policy describes our privacy practices for the activities set out in this Policy, including with respect to users of our Website, suppliers, and job applicants. Please read this Policy carefully, as it outlines how we collect, use, share, and otherwise process personal information from which an individual (and in some jurisdictions, a household) can be identified (“Personal Data”). Additionally, this Policy outlines your choices and rights with respect to our processing of your Personal Data.

‍

This Policy does not apply to the information we process on behalf of our Clients, which (i) is governed by the agreement(s) we have in place with the applicable Client; and (ii) may be processed, as applicable, pursuant to EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) (collectively, the “DPF”), with which Paradox complies. You can learn more about Paradox’s processing pursuant to the DPF at our DPF Notice here.

If you are a potential candidate, job applicant, or employee, who has submitted data to a Client, the use of your data is governed by the policies of that Client. For detailed privacy information regarding the use of your data by a Client, or to exercise your rights regarding such Personal Data, please reach out to that organization directly. Our Clients control the use of data we process on their behalf and determine their own privacy practices and security settings. Paradox may only access, share, distribute, or otherwise process personal data submitted to us by or on behalf of a Client as provided in the agreement between Paradox and that Client, as instructed by the Client, or as required by law.

We are not responsible for the privacy or data security practices of our Clients, which may differ from those set forth in this Policy.

This Policy does not apply to employees of Paradox.

The Website (as defined below) and Services may contain links to other websites, applications and services maintained by third parties. The privacy and data protection practices of such third parties are governed by the privacy policies of those organizations. Please review the privacy policies of those organizations to better understand their privacy practices.

Paradox may process your Personal Data in a number of online and offline circumstances, including, without limitation, when you: (i) visit our websites that display or link to this Policy (the “Website”); (ii) visit our offices; (iii) communicate with Paradox via email, phone, or fax; (iv) interact with Paradox as a representative of a company that provides Paradox with goods or services (e.g. you are a Paradox supplier); (v) fill out a form online, at a conference, or at an event; (vi) register to attend an event or webinar; (vii) access or download certain content (such as a whitepaper); or (viii) apply for a job at Paradox.

4.1 PERSONAL DATA THAT YOU PROVIDE

The type of Personal Data that we may collect from you directly depends on how you interact with Paradox, including, without limitation, via phone, in person, or via the Website, and for what purposes, including as a:

• Client or Potential Client: If you are a representative of a company that has or is exploring a business relationship with Paradox, we may collect your business contact information and the types of Personal Data you may choose to provide to Paradox including, without limitation: full name, your email address, job title, company information, mailing address, IP address, general location, telephone number, professional information, device and usage information, unique identifiers and cookie data (as described below in this Section 4), or any other Personal Data that Paradox requests or you elect to provide.
• Potential Job Applicant: As a potential applicant for employment, the types of Personal Data you may choose to provide to Paradox include, without limitation: your full name, email address, job title, company information, mailing address, IP address, general location, telephone number, professional and educational information, background information included in a CV/resume, device and usage information, unique identifiers, and cookie data (as described below in this Section 4), or any other Personal Data that Paradox requests or you provide.
• Paradox Supplier: As a Paradox supplier the types of Personal Data you may choose to provide includes, without limitation: full name, your email address, job title, company information, mailing address, general location, telephone number, professional information, or any other Personal Data that Paradox requests or you elect to provide.
• Webinar or Event attendee: When you register for an event or webinar, we may ask you to provide us with your contact information such as your name, business email, telephone number, and company name; your health and safety information such as your emergency contact and your dietary preferences; and/or a photo of yourself.

4.2 PERSONAL DATA WE COLLECT FROM OTHER SOURCES

We also collect Personal Data about you from other sources including third parties from whom we have purchased business contact information and from publicly accessible websites, such as LinkedIn or your company’s website, professional network services, or press releases, which we may combine with Personal Data that you have provided to Paradox. Such Personal Data may include, without limitation, company information, phone numbers, job titles, mailing addresses, email addresses, employment history, and Personal Data available at public facing websites and/or social media profiles. Please note that publicly available information is not considered Personal Data in some jurisdictions.

4.3 DEVICE AND USAGE DATA

When you visit the Website, our servers automatically record information that may include Personal Data. Personal Data we collect may include, without limitation: the web address you came from or are going to, your device model, your operating system, the type of web browser you are using, your internet service provider/mobile carrier, unique identifiers, your IP address, general location your mobile network carrier, the duration of your visit, your time zone, and additional information provided by your web browser or device. Whether we collect some or all of this information depends on the type of device you are using and your device settings. To learn more about what information your browser or device makes available to us, please check the policies of your device manufacturer or software provider. You may be able to control the Personal Data you provide to us through your settings and/or as described below.

4.4 COOKIES, AND OTHER TRACKING MECHANISMS

Like many companies, we and our third party providers use cookies and other technologies to receive and store certain types of information, which may include Personal Data, when you interact with us through your computer or mobile device. Using these technologies helps us customize your experience with the Website and/or our services and improve your experience and our Website and services through analytics and advertising services. Some information on these technologies, as well as the types of information we may use these technologies to collect, is included below:

• Cookie Data: A cookie is a small amount of data that a website stores on your device that we can later retrieve. When we use cookies, we may use cookies that last until you close your browser (“Session Cookies”) or cookies that last until they are deleted by you or your browser (“Persistent Cookies”). Depending on how you are accessing the Website, we may use cookies or similar technology to administer the Website, store your preferences for certain kinds of information, analyze trends and gather information about Website visitors, or to make emails more useful or interesting (for example, we may receive a confirmation when you open an e-mail from us, if your device or settings support such capabilities). For further information about how cookies work, visit www.aboutcookies.org or www.allaboutcookies.org. The Help portion of the toolbar on most browsers will tell you how to manage your cookies as well. Visitors to the Website who disable cookies will be able to browse certain areas of the Website, but some features may not function as well. For information on how you can manage your cookie and/or email preferences, please review Section 7 “Accessing and Managing Your Personal Data” below.
• Cross-Device Use: We and our third party providers, including Google, may use the Personal Data collected about you (whether directly from the Website, through your device(s), or from a third party) to help us and our third party providers identify other devices that you use (e.g., a mobile phone, tablet, other computer, etc.). We and our third party providers also may use cross-device and other information we learn about you to serve targeted advertising on your devices and to send you e-mails.
• Social Plugins: We may use social plugins on the Website, such as plugins for Facebook, LinkedIn, Twitter, and Instagram. When you view a Website that contains a plugin, your browser will create a direct link to the third parties’ servers. If you are logged into your social media account, the social media platform will record the visit to your social media account. Please visit the social media platform’s privacy policy for more information.
• Third-Party Ad Networks: We also use the Personal Data that we learn about you to assist us in advertising our Services on third-party websites and social media and to assist us in evaluating the success of our advertising campaigns on various platforms. You can control these settings as described below in Section 7.

We collect and process Personal Data for the following purposes, such as:

• Providing the Website or Services: To provide the Website to you, to communicate with you about your use of the Website, to respond to your inquiries, and for other customer service purposes.
• Tailoring Content: To tailor the content and information that we may send or display to you and to personalize your experiences while using the Website.
• Recruiting, Hiring, and Evaluating Applicants: to review, assess, recruit, consider or otherwise manage Applicants, candidates and job applications, including:
  • scheduling and conducting interviews;
  • identifying candidates, including by working with external recruiters;
  • reviewing, assessing and verifying information provided, and otherwise screening or evaluating applicants’ qualifications, suitability and relevant characteristics;
  • extending offers, negotiating the terms of offers, and assessing salary and compensation matters;
  • satisfying legal and regulatory obligations;
  • communicating with applicants regarding their applications and about other similar position(s) for which they may be interested;
  • maintaining applicant Personal Data for future consideration; and
  • in support of our equal opportunity employment policy and practices.
• Contacting you about Potential Positions: to identify other positions for which an applicant may be suited or interested, and to contact applicants about such positions. (If you do not wish to be contacted about potential positions, please let us know using the contact information in Section 11 or as otherwise described in this Policy.)
• Marketing and Communications: For marketing, advertising and promotional purposes, for example, we may use your Personal Data, such as your email address, to send you news and newsletters, special offers, events, surveys, and promotions, or to otherwise contact you about services or information we think may interest you. We also use the Personal Data that we learn about you to assist us in advertising ourServices on third-party websites and social media and to assist us in evaluating the success of our advertising campaigns on various platforms.
• Improving the Website, Services and Security: To improve the Website and/or Services and for other internal business purposes, such as detecting security incidents, debugging to identify and repair errors.
• Webinars and Events: To manage, plan, and host the event; to send related communications and improve your experience at the event (including fostering communications and interactions among attendees); and to improve and enhance your experience in interacting with Paradox, including at future events.
• Research and Analytics: To better understand how users access and use the Website and/or Services in order to improve the Website and/or Services and respond to user preferences, to administer surveys, programs and questionnaires, and for other research and analytical purposes.
• Legal Compliance: To comply with legal obligations, as part of our general business operations, and for other business, compliance and administration purposes.
• Protecting Rights and Interests: Where we believe necessary to investigate, to prevent or take action regarding suspicious, harmful or illegal activities, suspected fraud, situations involving potential threats to the safety of any person or us or violations of our agreements or this Policy.
• Health and Safety: For health and safety purposes, such as contact tracing or including conducting appropriate screenings of applicants and visitors prior to entering or accessing certain locations or premises.
• Managing Potential Supplier and Supplier Relationships: Paradox may collect and maintain Personal Data when vetting and reviewing potential vendors, purchasing products or services, or managing its relationships with its suppliers or potential suppliers.
• Notice: For other purposes we may notify you of or that you consent to from time to time.

For UK and EU residents, further detail regarding these purposes and the associated lawful bases are set out in the European Addendum available at the following location: https://www.paradox.ai/legal/eu-addendum.

6.1 Disclosure of Personal Data

Paradox may disclose Personal Data and other information as follows:

• Affiliates: We may disclose the Personal Data to our affiliates or subsidiaries; however, if we do so, their use and disclosure of your Personal Data will be subject to this Policy.
• Service Providers: We may disclose Personal Data to third-party service providers who use this information to perform services for us, such as hosting providers, cloud services providers, customer service providers, event planners advisors, consultants, and/or support providers.
• Advertising, Social Media and Analytics Providers: We share your Personal Data with advertising, social media and analytics providers as described above.
• Webinars, Events, and Other Activities Related to Paradox Offerings: We may offer the following solely or jointly with third parties or partners: webinars, events, whitepaper downloads, or other resources related to Paradox Services. We may share your contact information and interests in these offerings or services with third parties to communicate with you about such resources and Paradox’s offerings.
• Credit, Finance, and Background Check Providers: We may share your information with credit, background checking or credit reporting agencies during the recruiting process as described in the notice/consent provided at that time
• Third Parties that Help Provide the Messaging Service: We will not share your opt-in to an SMS short code campaign with a third party for purposes unrelated to supporting you in connection with that campaign. We may share your Personal Data with third parties that help us provide the messaging service, including, but not limited to, platform providers, phone companies, and other vendors who assist us in the delivery of text messages.
• Additional Disclosures: Paradox may also disclose your Personal Data when you direct us to, or otherwise give your specific consent, or with others for any legitimate business purpose that does not conflict with the statements made in this Policy or applicable law.
  

6.2 Disclosure of Personal Data as Required by Law, Acquisition or Merger

We may disclose your Personal Data if we are required to do so by law or we, in good faith, believe that such action is necessary to: (i) comply with the law or with legal processes; (ii) protect and defend our rights and property; (iii) protect against misuse or unauthorized use of the Websites and/or Services; or (iv) protect the safety or property of our users or the public (among other things, this means that if you provide false information or attempt to pose as someone else, information about you may be disclosed as part of any investigation into your actions).

If Paradox goes through a business transition, such as a merger, acquisition, or sale of all or a portion of its assets, your Personal Data may be among the assets transferred.

6.3 Aggregate or De-identified Information

We may disclose aggregate, or de-identified information about users for marketing, advertising, research, compliance, or other purposes.

6.4 Cross-Border Transfers

We may transfer your Personal Data across borders to fulfil any of the purposes described in this Policy, which may make that Personal Data subject to applicable laws in those jurisdictions. You may contact us (as set out in Section 7, below) to obtain more information about our policies and practices regarding our transfer of Personal Data across borders, or to ask questions about the collection, use, disclosure or storage of Personal Data by us or our providers. Please visit Section 9 for additional information on how we transfer data in accordance with EU/UK requirements.

You may have the right to change your preferences or exercise certain control over your Personal Data. Where you have consented to our processing of your Personal Data, you may withdraw that consent at any time and prevent further processing by contacting us as described below subject to certain exceptions as described to you and/or allowed by law.

7.1 EMAIL

As described above, if you do not wish to receive promotional e-mails from us, you may change your preferences by following the unsubscribe link contained in the e-mail itself or contacting us as described below. Please also note that if you opt out of receiving promotional communications from us, we may continue to communicate with you regarding service-related issues. We maintain and process requests for telephone “do-not-call”, “do-not-mail”and do-not-contact lists as required by law

7.2 SMS

If you do not wish to continue receiving SMS messages, you may opt-out of receiving mobile message services by replying STOP, STOP ALL, UNSUBSCRIBE, CANCEL, END or QUIT to any mobile message that you have received from Paradox. After sending such message, you may receive an additional mobile message confirming your decision to opt-out.

7.3 Cookies and Industry Programs

You may stop or restrict the placement of cookies on your computer or remove them from your browser by adjusting your web browser preferences or by visiting the “Your Privacy Choices” link in the footer of the Website. Please note that blocking or deleting non-essential cookies may affect the Websites’ functionality and that any choice with regards to cookie-based advertising only applies to the web browser and device through which you exercise that choice. If you delete your cookies, you may need to reapply your choices. Additionally, you will still continue to see certain advertising, including potentially from Paradox, even if you opt-out of personalized advertising.

You can also control how participating third-party ad companies use the Personal Data that they collect about your visits to our Websites, and those of third parties, in order to display more relevant targeted advertising to you. If you are in the U.S., you can obtain more information and opt out of receiving targeted ads from participating third-party ad networks at aboutads.info/choices (Digital Advertising Alliance). You may also download the DAA AppChoices (https://youradchoices.com/appchoices) tool in order to help control interest-based advertising on apps on your mobile device). In addition, users in other countries may obtain more information at the following links:

• EU Users: youronlinechoices.eu (European Interactive Digital Advertising Alliance)
• Canada Users: youradchoices.ca/choices/ (Digital Advertising Alliance of Canada)
• Japan: http://www.ddai.info/optout (Data Driven Advertising Initiative in Japan)

Personal Data collected by Paradox may be stored and processed in the United States or in any other country where Paradox or its affiliates, subsidiaries, or third party service providers maintain facilities. When you provide Personal Data to Paradox, you consent to the processing and transfer of your information within the United States and around the world. We follow data protection laws applicable to us when transferring Personal Data.

9.1 EUROPEAN PRIVACY RIGHTS

A summary of applicable European privacy rights is set out below. You can find a detailed description of such rights as well as more detail regarding how Paradox processes Personal Data in compliance with European laws at the following location: https://www.paradox.ai/legal/eu-addendum.

• Lawful Bases for Processing: Paradox will process your Personal Data for the legitimate interests of Paradox, or, when needed, with your explicit consent. If you have provided consent for the processing of your Personal Data, you have the right to withdraw consent at any time, which will not affect the lawfulness of the processing before your consent was withdrawn. Paradox may also process your Personal Data for other legal basis, for example, we may have a legal obligation to process your Personal Data, such as in response to a court or regulator order. We also may need to process your Personal Data to protect vital interests, or to exercise, establish, or defend legal claims.
• Data Subject Rights: You have the right to request access to and rectification or erasure of your Personal Data, as well as the right to restrict processing, object to processing, and, under certain circumstances, exercise the right to data portability. You have the right to lodge a complaint as described under Section 9.2 and with a data protection supervisory authority if you believe that we have not complied with the requirements of the EU General Data Protection Regulation or UK law with regard to your Personal Data.
• Contacting Paradox: EU and UK individuals with GDPR complaints are encouraged to contact our Data Protection Officer, whose contact information is listed under Section 11.2. Those individuals also have the right to file a grievance directly with their local Data Protection Administrator (“DPA”). To find out more about the relevant DPA’s:
  • EU individuals can refer to https://edpb.europa.eu/about-edpb/board/members_en
  • UK individuals can find information about the Information Commissioner’s Office by going to https://ico.org.uk.

9.2 Transfers of EU OR UK Personal Data

Paradox may process your Personal Data outside of your jurisdiction, and in countries that are not subject to an adequacy decision by the European Commission or your local legislature or regulator, and that may not provide for the same level of data protection as your jurisdiction, such as the EEA. Paradox ensures that the recipient of your Personal Data offers an adequate level of protection and security, for instance by entering into the appropriate back-to-back agreements and, if required, standard contractual clauses for the transfer of data, such as those approved by the European Commission (Art. 46 GDPR).

9.3 EU-U.S., UK-U.S., and Swiss-U.S. Data Privacy Framework

If you would like to learn more about processing pursuant to the DPF, please visit Paradox’s DPF Notice available here.

9.4 Privacy Rights in Canada

The following apply to individuals in Canada:

Consent: We will obtain your consent to collect, use or disclose Personal Data except where we are authorized or permitted by law to do so without consent. For example, we may collect, use or disclose Personal Data without your knowledge or consent where:

• the information is publicly available, as defined by statute or regulation;
• we are obtaining legal advice; or
• we reasonably expect that obtaining consent would compromise an investigation or proceeding.

Other exceptions may apply. Your consent can be express, implied or given through an authorized representative such as a lawyer, agent or broker. Consent may be provided orally, in writing, electronically, through inaction (such as when you fail to notify us that you do not wish your Personal Data collected/used/disclosed for various purposes after you have received notice of those purposes) or otherwise. You may withdraw consent at any time, subject to legal, contractual and other restrictions, provided that you give reasonable notice of withdrawal of consent to us. On receipt of notice of withdrawal of consent, we will inform you of the likely consequences of the withdrawal of consent, which may include the inability of us to provide portions of the Website or other services for which that information is necessary.

• ‍Limits on Collection of Personal Data: We will not collect Personal Data indiscriminately but will limit collection of personal information to that which is reasonable and necessary. We will also collect Personal Data as authorized by law.‍
• Limits for Using, Disclosing and Retaining Personal Data: Your Personal Data will only be used or disclosed for the purposes set out herein and as authorized by law.

We will keep Personal Data used to make a decision affecting you for at least one year after using it to make the decision, except to the extent that you delete or remove that information yourself. We will destroy, erase or make anonymous documents or other records containing Personal Data as soon as it is reasonable to assume that the original purpose is no longer being served by retention of the information and retention is no longer necessary for a legal or business purpose. We will take due care when destroying Personal Data so as to prevent unauthorized access to the information.

• ‍Access: Upon written request to our Privacy Officer and authentication of identity, we will provide you your Personal Data under our control. We will also give you information about the ways in which that information is being used and a description of the individuals and organizations to whom that information has been disclosed. We may charge you a reasonable fee for doing so.
  
  • We will make the information available within 30 days of receiving a written request or provide written notice where additional time is required to fulfil the request. In some situations, we may not be able to provide access to certain Personal Data (e.g., if disclosure would reveal Personal Data about another individual, the Personal Data is protected by solicitor/client privilege, the information was collected for the purposes of an investigation or where disclosure of the information would reveal confidential commercial information that could harm the competitive position of us). We may also be prevented bylaw from providing access to certain Personal Data. Where an access request is refused, we will notify you in writing, document the reasons for refusal and outline further steps which are available to you.‍
• Accuracy: We will make a reasonable effort to ensure that Personal Data we are using or disclosing is accurate and complete. If you demonstrate the inaccuracy or incompleteness of Personal Data, we will amend the information as required. If appropriate, we will send the amended information to third parties to whom the information has been disclosed. When a challenge regarding the accuracy of Personal Data is not resolved to your satisfaction, we will annotate the Personal Data under our control with a note that the correction was requested but not made.

10.1 SECURITY

Paradox employs reasonable and appropriate physical and logical security measures designed to protect Personal Data. Please be aware that despite these measures, no data security measures can guarantee 100% security.

You should take steps to protect against unauthorized access to your password, mobile device, and computer by, among other things, signing off after using a shared computer, choosing a robust and unique password for each account that nobody else knows or can easily guess, and keeping your log-in and password private. You are responsible for maintaining the security of your password or other form of authentication involved in accessing password-protected or secured resources. In order to protect you and your information, Paradox may suspend your use of the Website and/or services without notice, pending an investigation, if any suspicious activity or security breach is suspected. We are not responsible for any lost, stolen, or compromised passwords or for any unauthorized account activity that may result.

10.2 DATA RETENTION

We will retain your Personal Data as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements, subject to certain exceptions as described to you and/or allowed by law. Our Clients and other third parties may have different practices, and you should refer to their privacy policies.

We may retain your Personal Data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation or other lawful basis.

To determine the appropriate retention period for Personal Data, we consider the amount, nature and sensitivity of the Personal Data, the potential risk of harm from unauthorized use or disclosure of your Personal Data, the purposes for which we process your Personal Data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting, compliance or other requirements.

10.3 Children’s Personal Data

Paradox does not direct any of its communications to, or knowingly collect Personal Data from, children. If we discover that a child has provided us with Personal Data, we will promptly delete such Personal Data from our systems

10.4 CHANGES TO THIS PRIVACY STATEMENT

We reserve the right to change or update this Policy at any time. Changes to the Policy will be posted at this URL. We encourage you to periodically review this Policy for any changes.

11.1 UPDATING YOUR CHOICES

If you have any questions regarding our Policy, or if at any time after providing your Personal Data to Paradox, you want to change your Personal Data, or if you would like to assert any of the rights listed above, please direct your request to privacy@paradox.ai, call us at (888) 283-4817, or contact us via postal mail at the contact information listed below

11.2 PARADOX CONTACT INFORMATION

You may reach our Data Privacy Officer at privacy@paradox.ai or by calling us at (888) 283-4817.

Alternatively, you may reach us by addressing regular mail to the following addresses:

Paradox, Inc.
Attention: Privacy or Data Protection Officer
6330 E. Thomas Rd., Suite #200
Scottsdale, Arizona 85251
United States