This Privacy Policy ("Policy") is effective as of December 30, 2019.


1. ABOUT THIS PRIVACY POLICY

Paradox, Inc. (“Paradox”) is a cloud software company that provides recruiting products and services (the “Services”) to employers (“Clients”). Paradox’s flagship product is an automated recruiting assistant, Olivia, that is used by our Clients to make their recruiting processes more efficient, user-friendly, and engaging.

At Paradox, we take data privacy seriously. This Policy describes our privacy practices for the activities set out in this statement. Please read this Policy carefully, as it outlines how we collect, use, share, and otherwise process information from which an individual can be identified (“Personal Data”). Additionally, this Policy outlines your choices and rights with respect to our processing of your Personal Data.


2. PRIVACY POLICY SCOPE

2.1 Personal Data Covered by this Policy

This Policy applies to Personal Data processed by Paradox, for which Paradox is the controller. Paradox is the controller of your Personal Data as described herein, unless expressly specified otherwise.

2.2 Personal Data Not Covered by this Policy

This Policy does not apply to Personal Data processed by Paradox, for which Paradox is not the controller. For avoidance of doubt, this Policy does not apply to the extent that we process Personal Data in the role of a processor on behalf of our Clients. If you are a potential candidate, job applicant, or employee that has submitted Personal Data to a Paradox Client, the use of your data is governed by the policies of the organization to which you have submitted a recruitment inquiry or application, or with which you are employed. For detailed privacy information regarding the use of your Personal Data by a Client, or to exercise your rights regarding such Personal Data, please reach out to that organization directly. Paradox may only access, share, distribute, or otherwise process Personal Data submitted to us by or on behalf of a Client as provided in the Agreement between Paradox and that Client, or as may be required by law.

We are not responsible for the privacy or data security practices of our Clients, which may differ from those set forth in this Policy.

Paradox’s websites and Services may contain links to other websites, applications and services maintained by third parties. The privacy and data protection practices of such third parties are governed by the privacy policies of those organizations. Please review the privacy policies of those organizations to better understand their privacy practices.


3. PROCESSING ACTIVITIES

This Policy applies to Personal Data that you provide to Paradox online and in-person when you: (i) visit our websites that display or link to this Policy; (ii) visit our offices; (iii) communicate with Paradox via email, phone, or fax; (iv) use our Services as an authorized subscription user on behalf of a Client; (iv) fill out a form at a conference or event; (v) register to attend an event or webinar; (vi) access or download certain content (such as a whitepaper); or (vii) engage in other interactions with Paradox that require the provision of Personal Data.


4. COLLECTION OF PERSONAL DATA

4.1 Personal Data That You Provide

The types of Personal Data you may choose to provide to Paradox includes: your email address, job title, company information, mailing address, location, telephone number, or any other Personal Data that Paradox requests you provide as a Client or in the interest of becoming a client. Potential candidates or employees for a position with Paradox may also provide information regarding job interests and answers to screening questions (e.g., “What is your current job title?” Or “What is the name of your current employer?”), as well as any other Personal Data that Paradox requests you provide as an applicant to a position with Paradox, or as an employee of Paradox.

4.2 Personal Data We Collect from Other Sources

We also collect Personal Data about you from third parties from whom we have purchased such Personal Data, which we may combine with Personal Data that you have provided to Paradox. Such Personal Data may include company information, phone numbers, job titles, mailing addresses, email addresses, and social media profiles.

4.3 Device and Usage Data

When you use our Services, our servers automatically record information that may include Personal Data. Information we collect may include: the web address you came from or are going to, your device model, your operating system, the type of web browser you are using, your internet service provider/mobile carrier, a unique device identifier, your IP address, your mobile network carrier, your time zone and location, and additional information provided by your web browser. Whether we collect some or all of this information depends on the type of device you are using and your device settings. For example, different types of information are available to Paradox depending on whether you are using a Mac or PC, or an iPhone or Android phone. To learn more about what information your device makes available to us, please check the policies of your device manufacturer or software provider.

4.4 Cookies, and Other Tracking Mechanisms

Like many companies, we and our service providers use cookies and other technologies to receive and store certain types of information, which may include Personal Data, when you interact with us through your computer or mobile device. Using these technologies helps us customize your experience with our services and improve your experience. Some of the types of information we use these technologies to collect include:

Cookie Data: Depending on how you are accessing our Services, we may use cookies or similar technology to analyze trends, administer our website, track your movements around the website, and gather information about our website visitors as a whole. A cookie is a small amount of data which our website stores on your computer, and which we can later retrieve. When we use cookies, we may use cookies that last until you close your browser (“Session Cookies”) or cookies that last until they are deleted by you or your browser (“Persistent Cookies”). Paradox may use cookies for a number of purposes; for instance, to store your preferences for certain kinds of information, or to make emails more useful or interesting. We often receive a confirmation when you open an e-mail from our Services, if your computer supports such capabilities. To opt out of receiving emails from Paradox, please review Section 7 “Accessing and Managing Your Personal data”.

Third Party Website Analytics Services: We use third party analytics providers, such as Google Analytics, to provide certain information about your use of the Paradox website. These third party analytics providers collect and track certain de-identified data and information regarding the characteristics and activities of Paradox website visitors. To learn more about how Google uses this information, please visit www.google.com/policies/privacy/partners. You may opt out of third party cookies from Google Analytics tracking by installing a browser plugin. For more information on this plugin, please visit https://tools.google.com/dlpage/gaoptout.

Do Not Track: While some internet browsers offer a “Do Not Track” or “DNT” option that lets you tell websites that you do not want to have your online activities tracked, these features are not yet uniform and there is no common standard that has been adopted by industry groups, technology companies or regulators. Therefore, we do not currently commit to responding to browsers' DNT signals with respect to our websites.


5. HOW WE USE YOUR PERSONAL DATA

We collect and process the information that we collect about you, including Personal Data, for the purposes and on the legal bases bulleted below:

  • • Provide you with our Services pursuant to our contract with you.
  • • Provide you with functionality at our site.
  • • Assist you in researching or completing a transaction.
  • • Communicate with you about our products or services.
  • • Respond to any inquiries you submit at our website, including through our automated assistant.
  • • Provide you with information throughout the hiring process and after the time of hire.
  • • Understand and improve our products.

6. SHARING AND OTHER DISCLOSURES OF PERSONAL DATA

6.1 Sharing of Personal Data

Paradox may share Personal Data and other information with affiliates and third party service providers, vendors, agents and contacts (“Service Providers”). Service providers may use information we provide to them only as instructed by Paradox.

We use Service Providers to perform services on our behalf or to assist us with providing services to you. For example, we may engage Service Providers to process payments, to provide services such as communications, infrastructure and IT services, to collect debts, and to analyze and enhance data (including data about users' interactions with our service). These Service Providers may have access to your Personal Data or other information in order to provide these functions. This processing is based on the legitimate interest of you as the data subject. We require our Service Providers to agree to take reasonable steps to keep the Personal Data that we provide to them secure and we do not authorize them to use or disclose your Personal Data except in connection with the provision of services to Paradox.

6.2 Disclosure of Personal Data as Required by Law, Acquisition or Merger

We may disclose your Personal Data if we are required to do so by law or we, in good faith, believe that such action is necessary to: (i) comply with the law or with legal processes; (ii) protect and defend our rights and property; (iii) protect against misuse or unauthorized use of our website and/or Services; or (iv) protect the personal safety or property of our users or the public (among other things, this means that if you provide false information or attempt to pose as someone else, information about you may be disclosed as part of any investigation into your actions).

If Paradox goes through a business transition, such as a merger, acquisition by another company, or sale of all or a portion of its assets, your personal information may be among the assets transferred.

6.3 Aggregate or De-identified Information

We may disclose aggregate, anonymous, or de¬-identified information about users for marketing, advertising, research, compliance, or other purposes.


7. ACCESSING AND MANAGING YOUR PERSONAL DATA

If you would like to review and update, delete or no longer use your Personal Data, call us at (888) 283-4817, email us at privacy@paradox.ai, or contact us via postal mail at the address listed in Section 11 “Contact Paradox”, below. Subject to applicable law, we will retain and use your account information as necessary to comply with our legal obligations, resolve disputes and enforce our agreements.

7.1 Email

As described above, if you do not wish to receive promotional e-mails from us, you may opt out at any time by following the opt-out link contained in the e-mail itself. Please note that it may take up to ten (10) days to process your request. Please also note that if you opt out of receiving promotional communications from us, we may continue to communicate with you regarding service-related issues.

7.2 SMS

If you do not wish to continue receiving messages you may opt-out of receiving mobile message services by replying STOP, STOPALL, UNSUBSCRIBE, CANCEL, END or QUIT to any mobile message that you have received through our Services. After sending such message you may receive an additional mobile message from the Services confirming your decision to opt-out. You understand and agree that the foregoing options are the only reasonable methods of opting-out.


8. YOUR CALIFORNIA PRIVACY RIGHTS

8.1 Requests for Information About Our Collection and Sharing Practices

Under the California Consumer Privacy Protection Act (CCPA), we are required to provide you with disclosures about the information we may collect (including Personal Data), the purpose for which we collect such information, the sources of that information, and the categories of third parties with whom we share that information. You may exercise these rights as described in Section 7 “Accessing and Managing Your Personal Data” above. Please refer to Sections 1 through 6 of this Policy, wherein we describe how we collect data, for what purposes, from what sources, and with whom we may share that information.

8.2 Data Deletion Requests

California residents have the right to request access to or deletion of their Personal Data. You may exercise these rights as described in Section 7 “Accessing and Managing Your Personal Data”. California residents also have the right to request additional details about our information practices and to not be discriminated against for exercising their rights.

8.3 Sale of Consumer Data

Paradox does not sell any of your Personal Data.

8.4 Verification Process

Paradox takes all reasonable precautions to verify your identity in connection with fulfilling its responsibilities under the CCPA. The verification steps may vary. We evaluate each request based on the individual submitting the request and the category of data related to the request (Personal Data or other information).

8.5 How We Fulfill Our Obligations as a Service Provider Under the CCPA

As a service provider, Paradox also assists its Clients in their compliance with the CCPA. Paradox will assist with any deletion requests Clients may receive by deleting information upon verified request of a Client.

8.6 Do Not Track Requests

Do Not Track: While some internet browsers offer a “Do Not Track” or “DNT” option that lets you tell websites that you do not want to have your online activities tracked, these features are not yet uniform and there is no common standard that has been adopted by industry groups, technology companies or regulators. Therefore, we do not currently commit to responding to browsers' DNT signals with respect to our websites.

8.7 Data Security, Data Retention, Changes to this Policy, and Contacting Paradox

Please see Section 10 “Additional Privacy Info”, below, for information regarding Paradox’s data security obligations under the CCPA, our data retention practices, and our practices regarding any material changes to this Policy. For information on how to contact Paradox regarding any CCPA or privacy related inquiry, please review Section 11 “Contact Paradox”.


9. GLOBAL PRIVACY

Personal Data collected by Paradox may be stored and processed in the United States or in any other country where Paradox or its affiliates, subsidiaries, or third-party service providers maintain facilities. When you provide Personal Data to Paradox, you consent to the processing and transfer of your information within the United States and around the world. We follow applicable data protection laws when transferring Personal Data.

9.1 European Privacy Rights

Paradox will process your Personal Data for the legitimate interests of Paradox, or, when needed, with your explicit consent. If you have provided consent for the processing of your Personal Data, you have the right to withdraw consent at any time, which will not affect the lawfulness of the processing before your consent was withdrawn. You have the right to request access to and rectification or erasure of your Personal Data, as well as the right to restrict processing, object to processing, and, under certain circumstances, exercise the right to data portability. You have the right to lodge a complaint with a data protection supervisory authority if you believe that we have not complied with the requirements of the EU General Data Protection Regulation with regard to your Personal Data.

EU individuals with GDPR complaints are encouraged to contact our Data Protection Officer, whose contact information is listed under Section 11.2. Those individuals also have the right to file a grievance directly with their local Data Protection Administrator (“DPA”). To find out more about the relevant DPA’s, EU individuals can refer to https://edpb.europa.eu/about-edpb/board/members_en.

UK individuals can find information about the Information Commissioner’s Office by going to https://ico.org.uk

9.2 EU-U.S. and Swiss-U.S. Privacy Shield Statement

Paradox complies with both the EU-U.S. Privacy Shield framework and the Swiss-U.S. Privacy Shield framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of Personal Data transferred from the European Union and the United Kingdom to the United States, and from Switzerland to the United States, respectively. Paradox has certified to the Department of Commerce that it adheres to the Privacy Shield principles. If there is any conflict between the terms in this Policy and the Privacy Shield principles, the Privacy Shield principles shall govern. To learn more about the Privacy Shield program, and to view our certification, please visit privacyshield.gov.

In compliance with Privacy Shield principles, Paradox commits to resolve complaints about our collection or use of your Personal Data. EU, UK and/or Swiss individuals with inquiries regarding our Privacy Shield policy should first contact Paradox, as set out under Section 11.2.

Paradox has further committed to refer unresolved Privacy Shield complaints to an independent dispute resolution mechanism, the BBB EU Privacy Shield. If you do not receive timely acknowledgement of your complaint from us, or if we have not resolved your complaint, please contact or visit www.bbb.org/EU-privacy-shield/for-eu-consumers for more information or to file a complaint. This service is provided to you free of charge.

If your Privacy Shield complaint cannot be resolved through the above channels, under certain conditions, you may invoke binding arbitration for some residual claims not resolved by other redress mechanisms. See Privacy Shield Annex 1 at https://www.privacyshield.gov/article?id=ANNEX-I-introduction.

Pursuant to the Privacy Shield principles Paradox acknowledges that we remain liable for the onward transfer of data to third parties acting as our agents unless we can prove we were not a party to the events giving rise to the damages. We may be required to release personal data in response to lawful requests by public authorities including to meet national security and law enforcement requirements.

The Federal Trade Commission has jurisdiction over Paradox’s compliance with the Privacy Shield.


10. ADDITIONAL PRIVACY INFO

10.1 Security

Paradox employs reasonable and appropriate physical and logical security measures to protect Personal Data from loss, theft, misuse, unauthorized access, and unintentional disclosure, alteration, or destruction, including, without limitation, using SSL encryption for Personal Data in transfer and at rest. You are responsible for maintaining the security of your password or other form of authentication involved in accessing password-protected or secured resources. In order to protect you and your information, Paradox may suspend your use of a website without notice, pending an investigation, if any security breach is suspected. We are not responsible for any lost, stolen, or compromised passwords or for any unauthorized account activity that may result.

Paradox has appointed a Data Protection Officer who is responsible for matters relating to privacy and data protection. Our Data Protection Officer can be reached by using any of the methods listed under Section 11.2 “Paradox Contact Information”.

10.2 Data Retention

We will retain your Personal Data only as long as needed to provide you with services or as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements. Data entered into the Paradox Service is retained in accordance with the agreement between the Client and Paradox.

10.3 Children’s Personal Information

Paradox does not direct any of its communications to, or knowingly collect Personal Data from, children under thirteen (13) years of age. If we discover that a child under thirteen (13) years of age has provided us with Personal Data, we will promptly delete such Personal Data from our systems.

10.4 Changes to This Privacy Statement

We reserve the right to change or update this Policy at any time. Changes to the Policy will be posted on this website and links to the Policy will indicate that the statement has been changed or updated. We encourage you to periodically review this Policy for any changes. For new users, changes or updates are effective upon posting. For existing users, changes or updates are effective 30 days after posting.


11. CONTACT PARADOX

11.1 Updating Your Choices

If you have any questions regarding our Policy, or if at any time after providing your Personal Data to Paradox you want to update, change, unsubscribe, or request removal or deletion of your Personal Data, or if you would like to assert any of the rights listed above, please direct your request to privacy@paradox.ai, call us at (888) 283-4817, or contact us via postal mail at the contact information listed below. Paradox will respond to your request within a reasonable timeframe.

If you prefer not to receive marketing communications from us via email or SMS, please let us know and opt-out of such communications by exercising your rights as outlined in Section 7 “Accessing and Managing Your Personal Data”, above.

11.2 Paradox Contact Information

You may reach our Privacy Team at privacy@paradox.ai or by calling us at (888) 283-4817.

Alternatively, you may reach us by addressing regular mail to the following addresses:

Paradox, Inc.
Attention: Privacy or Data Protection Officer
6330 E. Thomas Rd., Suite #200
Scottsdale, Arizona 85251
United States