Last Modified: September 23, 2016
1. PRIVACY STATEMENT
iCIMS, Inc. (“iCIMS") has created this privacy statement to demonstrate a commitment to privacy. The following information discloses information gathering and dissemination practices for the iCIMS Talent Platform and third party software embedded therein, as further defined in iCIMS’s Subscription Agreement (collectively, the “Application”).
A. EU-U.S. Privacy Shield
iCIMS, Inc. and its subsidiary company iCIMS International, LLC participates in and has certified its compliance with the EU-U.S. Privacy Shield Framework. iCIMS is committed to subjecting all personal data received from European Union (EU) member countries, in reliance on the Privacy Shield Framework, to the Framework’s applicable Principles. To learn more about the Privacy Shield Framework, visit the U.S. Department of Commerce’s Privacy Shield List.
iCIMS is responsible for the processing of personal data it receives, under the Privacy Shield Framework, and subsequently transfers to a third party acting as an agent on its behalf. iCIMS complies with the Privacy Shield Principles for all onward transfers of personal data from the EU, including the onward transfer liability provisions.
With respect to personal data received or transferred pursuant to the Privacy Shield Framework, iCIMS is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission. In certain circumstances, iCIMS may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third party dispute resolution provider (free of charge) at https://feedback-form.truste.com/watchdog/request.
Under certain conditions, more fully described on the Privacy Shield website, you may invoke binding arbitration when other dispute resolution procedures have been exhausted.
B. U.S. – Swiss Safe Harbor Framework
iCIMS complies with the U.S. – Swiss Safe Harbor Framework as set forth by the U.S. Department of Commerce regarding the collection, use and retention of personal data from Switzerland. iCIMS has certified that it adheres to the Safe Harbor Privacy Principles of notice, choice, onward transfer, security, data integrity, access, and enforcement. To learn more about the Safe Harbor program, and to view iCIMS’s certification, please visit https://safeharbor.export.gov/swisslist.aspx.
C. Information Collection and Use
iCIMS is not responsible for the privacy practices of its subscribers. Accordingly, iCIMS encourages users of the Application to read the privacy statements of each and every applicable company. This privacy statement applies solely to the role iCIMS plays in collecting and storing data via the Application.
The Application collects Personal Information (such as, name, work history, and home address) through a number of points throughout iCIMS products. Candidates or employees may enter Personal Information directly through the Application and/or indirectly through a subscriber's HR staff or other systems (i.e., data entered manually or fed electronically from another system into the Application1). Personal Information within the Application is stored within the applicable Data Center for a subscriber. Specific details regarding the Data Center are available at www.icims.com/gc/ITdocumentation.
Candidate users may have the ability to remain anonymous during the initial states of the application process depending on the subscriber's configuration of the web portal in the Application.
The Application collects information for its subscribers. Unless otherwise removed by the subscriber, users are given open notice of and the choice to provide Personal Information.
If you are a candidate or employee user of one of our subscribers and would no longer like to be contacted by one of our subscribers that use the iCIMS subscription, please contact the applicable subscriber directly.
By submitting your information to iCIMS, you acknowledge and agree that the technical processing and transmission of your information, may involve, (a) transmissions over various networks, including the transfer of this information to the United States and/or other countries for storage, processing and use by iCIMS, its affiliates, and their agents; and (b) changes to conform and adapt to technical requirements of connecting networks or devices. Accordingly, you agree to permit such parties to make such transmissions and changes.
E. Correction /Updating Personal Information
iCIMS has no direct relationship with the individuals whose Personal Information it processes. A candidate or employee user who seeks access, or who seeks to correct, amend, or delete inaccurate data may do so by directly logging into the applicable career site or by contacting the subscriber’s HR staff (the data controller) to update the data within their subscription.
F. Data Retention
iCIMS will retain Personal Information we process on behalf of our subscribers within the Application for as long as needed to provide services to our subscribers. iCIMS will retain this Personal Information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements. iCIMS will retain back-up copies of Personal Information within the Application for roughly one (1) year.
G. Service Provider, Sub-Processors/Onward Transfer
iCIMS may transfer Personal Information to companies that help us provide our service. Transfers to subsequent third parties are covered by the provisions in this policy regarding notice, choice, and the subscription agreements with our subscribers.
Candidate and employee users are given the opportunity to 'opt-out' of a subscriber’s mailings and notifications via the Opt-Out mechanism attached to all iCIMS e-mails generated by the Application.
I. Notification of Changes
2. AUTOMATED DATA COLLECTION TECHNOLOGY
A. Information Collection and Use
iCIMS may collect information about users automatically as they navigate through the Application. Information collected automatically may include usage details, IP addresses, and information collected through cookies, web beacons, and other tracking technologies.
This information is used by iCIMS for a number of purposes, including authentication, preferences, and performance analytics.
The technologies iCIMS uses for this automatic data collection may include, without limitation:
Flash Cookies. Certain features of the Application may use local stored objects (or Flash cookies) to collect and store information about user preferences and navigation to, from, and on the Application. Flash cookies are not managed by the same browser settings as are used for browser cookies. Users may refuse to allow flash cookies by activating the appropriate setting through their Adobe Settings Manager.
Web Beacons. Pages of our Application and our e-mails may contain small electronic files known as web beacons (also referred to as clear gifs. pixel tags and single-pixel gifs) that permit iCIMS, for example, to count users who have visited those pages or opened an e-mail and for other related website statistics (for example, recording the popularity of certain website content and verifying system and server integrity). By disabling browser cookies, unique information associated with web beacons will also be disabled.
3. SECURITY MEASURES
A. Data Security
Each instance of the Application is password protected, and is configured to enforce SSL (128-bit encryption) to secure access. Passwords are selected using a password strength feature permitting a minimum of six (6) characters; however, the number of required characters may be configured to be greater than six (6) characters. Passwords are stored on secure database servers and can only be accessed or updated by parties having sufficient access permissions. Passwords are not sent in clear text over the Internet if the Application is configured to enforce SSL.
Multiple failed login attempts result in users being blocked from the Application2. To maintain the integrity of the access controls, the ability to login concurrently to the Application using the same username and password is disabled. Additionally, subscribers may request the hashing of sensitive data within the iCIMS platform.
iCIMS can enable IP locks to restrict access to the platform. iCIMS does not provide VPN to VPN, direct database, or any out-of-band access. All data access is restricted to the web-based platform itself, except for data feeds and other integration methodologies supported by iCIMS.
4. Disclosure of Information for Law Enforcement
iCIMS may disclose Personal Information as required by law, such as to comply with a subpoena, or similar legal or security process when we believe in good faith that disclosure is necessary to protect our rights, protect the safety of our users or others, investigate fraud, or respond to a government request.
5. Mobile App Disclosures
If you download and use our Mobile Hiring Manager App (the “App”), iCIMS will automatically collect information on the type of device you use, operating system version, and the device identifier (or “UDID”).
iCIMS may send you push notifications from time-to-time in order to update you about any events or promotions that iCIMS may be running. If you no longer wish to receive these types of communications, you may turn them off at the device level. To ensure you receive proper notifications, iCIMS will need to collect certain information about your device such as operating system and user identification information.
iCIMS does not ask for, access or track any location based information from your mobile device at any time while downloading or using our App.
iCIMS uses mobile analytics software to allow us to better understand the functionality of our App software on your phone. This software may record information such as how often you use the App, the events that occur within the App, aggregated usage, performance data, and where the App was downloaded from. iCIMS does not link the information iCIMS stores within the analytics software to any personally identifiable information you submit within the App.
6. Ownership & Administration
This Talent Platform Security Policy is owned and administered by the iCIMS IT department.
To ask questions or comment about this policy and our privacy practices, contact us at: firstname.lastname@example.org.
90 Matawan Road, 5th Floor
Matawan, NJ 07747
A. This Policy applies to the information gathering and dissemination practices for the Application and supersedes all other policies, procedures, practices, and guidelines relating to the matters set forth herein.
a. iCIMS use reasonable efforts to ensure that all Power-Ups maintain information gathering and dissemination practices that meet industry standards for security and privacy, and such Power-Ups use reasonable efforts to protect the security and privacy of all Information received by, though, and on behalf of iCIMS. As specific practices are unique to each Power-Up and its provider, such practices may not match those set forth herein for the Application.
1Options depend on configuration of Application and Sites, which is set up initially during implementation, but can be changed at any time upon request of the subscriber.
2Number of attempts depends on configuration of Application and Sites.