Bullhorn Privacy and Cookies Policy
Persons in the EEA / U.K. / Switzerland: Please note our revised statements on data transfers outside of your territory in Sec. 13 and 14 below.
Version (Effective): May 5, 2021
This Privacy and Cookies Policy applies to all data collections and other data processing of Bullhorn, Inc., in particular through www.bullhorn.com and through its service platforms www.bullhornstaffing.com, https://[Customer Name].bbo.bullhornstaffing.com, https://www.salesduel.com, and https://prod.vms-express.com (each referred to herein as a “Site”) owned and operated by it. For purposes of this Privacy Policy any reference to “Bullhorn” (or “our” or “us” or “we”) shall mean Bullhorn, Inc., Bullhorn, International Ltd., Bullhorn International, Inc., Bullhorn Japan KK, Peoplenet Corp., Easy Software Solutions, LLC, Sendouts, LLC, The Code Works Holdings Inc., Linden Technology Holdings, Inc., Total Resources Solutions BV, Connexys BV, Bullhorn GmbH, Talent Rover, LLC, Talent Rover Ireland Ltd., Talent Rover Australia Ltd., Jobscience, Inc., Invenias Ltd., Invenias Inc., Bond International Software (UK) Ltd., Erecruit Holdings LLC, Bond International Software Inc., TempBuddy Ltd., Tempbuddy Research and Development SL, Innovantage Systems Ltd., Herefish, Inc. and /or their subsidiaries, as applicable (collectively, “Bullhorn” or “Company” or “Bullhorn Group Company”). This Privacy Policy describes how Bullhorn collects, uses, shares and safeguards the personal data you provide to us. It also describes your choices regarding use, access and correction of your personal data. The use of personal data collected through our service shall be limited to the purpose of providing the Bullhorn service for which the customer has engaged Bullhorn as set out in the Master Subscription Agreement, Terms of Service, and other agreements with the customer and this Privacy Policy (“Bullhorn Service” or “Service”).
1. Collected Personal Data and How We Use It
1.1. We collect the following categories of personal data from our customers, customers’ candidates and Site visitors:
1.2. Personal data is collected and used for Bullhorn’s legitimate business purposes and to comply with the Company’s contractual and legal obligations, including establishing, managing and providing the Bullhorn Service to our customers. Personal data is used by Bullhorn for the purposes described in this Privacy Policy, or for additional purposes that Bullhorn has advised you of, and / or for which Bullhorn has obtained your consent with respect to the use or disclosure of your personal data. Specifically, we use the personal data collected only for the following purposes:
1.3. Bullhorn may aggregate and/or de-identify personal data (“Aggregated Data”) and use, disclose, distribute, and publish Aggregated Data for statistical, analytical, machine learning and product enhancement purposes. Bullhorn employs reasonable and technically appropriate measures designed to prevent the re-identification of such personal data by a third-party. Aggregated Data may be shared with third parties for research and other purposes.
1.4. We will only share your personal data with third parties (our agents) in the ways that are described in our customer agreements and this Privacy Policy. We do not sell your personal data to third parties. Additionally, our employees are trained on privacy obligations and subject to confidentiality obligations and only have access to personal data as necessary for our business purposes and their own duties.
1.5. We may email information regarding updates to the Service or service offerings to our customers in accordance with the terms and conditions of each customer’s agreements with us or site visitors in accordance with the terms described in this Privacy Policy.
1.6. Other third parties, such as content or third party service providers, may provide content or services through the Service and may need access to your personal data to provide their services to you. Customers will be using a Service to host data and information. Bullhorn will not use or disclose your personal data, except (i) to the extent necessary to provide the Service to you or as requested by you, or (ii) pursuant to law, as determined by Bullhorn in its sole discretion, or (iii) by a court order, or (iv) in connection with third party cookies as described in Section 2.3.5 of this Privacy Policy. Individual customer or customer candidate records may at times be viewed or accessed by Bullhorn’s authorized employees or agents only for the purpose(s) of (i) providing the Service and related professional services to customer or customer candidates, (ii) resolving a support issue affecting any of them, (iii) to inspect and resolve a suspected violation of customer agreements with a customer, or (iv) as may be required by law, as determined by Bullhorn in its sole discretion, judicial proceeding, subpoena, legal process or binding court order. We also reserve the right to disclose your personal data when we believe, in our sole discretion, that disclosure is necessary to protect our rights and/or comply with a judicial proceeding, subpoena, court order, or legal process.
1.7. Personal data may be disclosed or distributed to another party with which Bullhorn enters, or may enter, into a corporation transaction. If Bullhorn is acquired in a merger, acquisition, or sale of all or substantially all its assets, you will be notified via email, on our Site and/or by a prominent notice on our Service of any change in the uses of your personal data, as well as any choices you may have regarding your personal data. The disclosure of personal data to another party as set forth herein may involve the transfer of such personal data outside the state, province, country or other jurisdiction in which Bullhorn stores or otherwise processes personal data, subject to Bullhorn taking steps to provide that any such transfer is made only in compliance with applicable laws. In the unlikely event of a bankruptcy, insolvency or liquidation, the database containing personal data may be treated as an asset of Bullhorn and may be subject to transfer to a third party.
1.8. Bullhorn may disclose personal data to companies that assist us in providing our Service or that partner with us to provide you their services or content. In this context, any such transfers to third parties are governed by our vendor agreements with them, which provide standards of care for the protection for personal and confidential information that are not less stringent than the standards contained in our customer agreements, and in no event, less than a reasonable standard of care in accordance with the Standard Contractual Clauses as set forth in Section 13 of this Privacy Policy, the Privacy Shield Framework (to which Bullhorn still adheres) and other applicable law. Such third-party companies are authorized to use your personal data only as necessary to provide these services to us and/or you and for the purposes for which the personal data was collected. Personal data may be transferred to third parties outside the state, province, country or other jurisdiction in which Bullhorn stores personal data, subject to Bullhorn taking steps to provide that any such transfer is made in full compliance with applicable laws. In the case of partners with whom you contract directly, their policies regarding personal data will govern your relationship with them as stated in the applicable agreement between you and the partner and we will not be responsible for any actions or omission of these partners. Under the Standard Contractual Clauses and Privacy Shield Principles, you have the right to opt out of (i) disclosures of your personal data to third parties; or (ii) uses of your personal data for a purpose that is materially different from the purpose(s) for which it was originally collected or subsequently authorized by you.
1.9. Customers are solely responsible for maintaining the confidentiality and security of their user registration and password. Customers or Site visitors may opt-out of receiving sales, promotional or advertising emails from us by selecting the opt-out link located in the message body of all our electronic communications. Customers or Site visitors may also email privacy@bullhorn.com directly with a request to be removed from such communications. We may also track and analyze information that doesn’t directly identify you as a person and aggregate usage and volume statistical information from our Site visitors, customers’ candidates and customers and provide such information in aggregated form to third parties.
1.10. We are a service provider to our customers and have no direct relationship with the customer candidate or any individual whose personal data a customer processes. If you are a candidate or individual of one of our customers and would no longer like to be contacted by a person or entity that uses our Service, please contact the customer that you interact with directly. If you are a customer and would like to update your account, please contact us at privacy@bullhorn.com.
1.11. Marketing: Bullhorn may also ask website visitors who register for the Bullhorn Community, to provide certain information, such as email addresses to use and receive content from the site. Bullhorn will provide these visitors with the ability to opt-in or opt-out of future communications from the Company as required by applicable law. If you would like to discontinue receiving this information, you may update your email preferences by using the “Unsubscribe” link found in emails we send to you or at your member profile on our Site or by contacting us at privacy@bullhorn.com.
2. How We Use Cookies, Log Files, Social Media Plug-ins and Other Tracking Technologies
2.1. Technologies such as cookies or similar technologies are used by Bullhorn and our partners, affiliates, or our service providers. These technologies are used in analyzing trends, administering the site, tracking users’ movements around the site and to gather demographic information about our user base as a whole. We may receive reports based on the use of these technologies by these companies on an individual as well as aggregated basis.
2.2. Log in files: We gather certain information automatically and store it in log files. This information includes internet protocol (IP) addresses, browser type, internet service provider (ISP), referring/exit pages, operating system, date/time stamp, clickstream data, the files viewed on our site (e.g., HTML pages, graphics, etc.), to analyze trends in the aggregate and administer the Site. We do link these automatically-collected data sets to personal data of you that we may have already stored.
2.3. Cookies: We use cookies to remember users’ settings (e.g. language preference), and for your authentication when you visit the Site or use the Service, as the case may be. The following information will help you to understand the different types of cookies used:
2.3.1. Strictly necessary cookies are required for the operation of the Site. These include, for example, cookies which are necessary for users to create an account or login to secure areas of the Site, and cookies that are required to show error or success messages to users.
2.3.2. Session cookies containing encrypted information to allow the system to uniquely identify you while you are logged in. Session cookies exist only during an online session. They disappear from your computer when you close your browser software or turn off your computer. This information allows Bullhorn to process your transactions and requests. Session cookies help us make sure you are who you say you are after you’ve logged in and are required to use the Bullhorn application.
2.3.3. Persistent cookies that only Bullhorn can read and use, to identify the fact that you are a Bullhorn customer or a visitor, who has registered for the Bullhorn Community, to identify and maintain your preferences such as language, country and last check out or to receive certain types of content. Persistent cookies remain on your computer after you’ve closed your browser or turned off your computer. They include such information as a unique identifier for your browser. We are careful about the security and confidentiality of the information stored in persistent cookies. For example, we do not store account numbers or passwords in persistent cookies. Users or visitors who disable their Web browsers’ ability to accept cookies will be unable to use all aspects of our service or the Bullhorn Community.
2.3.4 Targeting cookies which store a user’s username, the referring user if using the referral network and the referral source to the Site.
2.3.5. The following third party, performance, and targeting cookies could be used:
2.3.6. Functional cookies which store user ids and enable the website to provide enhanced functionality and personalisation. They may be set by us or by third party providers whose services we have added to our pages. If you do not allow these cookies then some or all of these services may not function properly.
Please note that other third parties may also use cookies. These cookies are likely to be analytical/performance cookies or targeting cookies and include, for example, those from advertising networks or providers of external services.
2.3.7. Strictly necessary cookies are necessary for the website to function. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in or filling in forms. You can set your browser to block or alert you about these cookies, but some parts of the site will not then work.
2.4. Opt-out: You can control the use of cookies at the individual browser level. If you reject cookies, you may still use our Site, but your ability to use some features or areas of our Site may be limited. Many browsers allow a private mode to be activated through which the cookies are always erased after the visit. Depending on each browser, this private mode can have different names. The following is a list of the most common browsers that support the minimum recommended level of encryption TLS 1.2. Each browser type has a different name for “private mode”:
2.5. Targeted Advertisement: We partner with third parties to either display advertising on our Site or to manage our advertising on other sites. Our third-party partners may use cookies or similar technologies to gather information about your activities on this Site and other websites to provide you advertising based upon your browsing activities and interests. If you wish to not have this information used for the purpose of serving you interest-based ads, you may opt-out by clicking http://optout.aboutads.info (or if located in the European Union click or http://www.youronlinechoices.eu). Please note this does not opt you out of generic ads. You will continue to receive generic ads.
2.6. Social Media (Features) and Widgets: Our Site includes social media features, such as LinkedIn. These features may collect your IP address, which page you are visiting on our Site, and may set a cookie to enable the feature to function properly. Social media features are either hosted by a third party or hosted directly on our Site. Your interactions with these features are governed by the privacy statement of the company providing it.
2.7. Blogs: Our Site offers publicly accessible blogs or community forums. You should be aware that any information you provide in these areas may be read, collected, and used by others who access them. To request removal of your personal data from our blog or community forum, contact us at privacy@bullhorn.com. In some cases, we may not be able to remove your personal data, in which case we will let you know if we are unable to do so and why. Alternatively, if you used a third-party application to post such information, you can remove it, either by logging into the application and removing the information, or by contacting the appropriate third party application.
3. Access to Personal Data Controlled by Bullhorn
Upon request and within 30 days, or as otherwise required by applicable law, Bullhorn will provide you with information about whether we hold, or process on behalf of a third party, any of your personal data. In addition, Bullhorn will take reasonable steps to permit customers to correct, amend, delete, or receive a copy of their personal data. To request this access, please contact privacy@bullhorn.com. In accordance with customer agreements, Bullhorn will, upon request, provide our customers with a copy of their personal data stored by Bullhorn upon expiration or termination of the customer agreements, unless applicable law determines otherwise.
4. Access to Personal Data, Including Biometric Data, Controlled by our Customers
Bullhorn acknowledges that you have the right to access your personal data and to withdraw consent to the use/processing of your personal data. In most cases, Bullhorn has no direct relationship with the individuals whose personal data it processes for customers. We recommend that an individual who seeks access, or who seeks to correct, amend, delete or receive a copy of personal data should direct his/her query to the Bullhorn customer (the data controller).
Bullhorn customers may collect, store and process biometric data of candidates or individuals, including without limitation fingerprint, retinal and facial recognition data using Bullhorn supplied equipment and/or Services. Bullhorn customers and/or their end users are solely responsible for compliance with any applicable biometric data protection laws including, without limitation, obtaining legally required consents and providing legally required notices and/or opt-out/in requirements to such individuals. The use of any Bullhorn Service by customers or their end users does not guarantee compliance with applicable biometric data protection laws. If you are a candidate or individual of one of our customers or their end users and have any questions or requests or objections related to the collection, storage and processing of your biometric data, please contact the customer or end user that you interact with directly.
If requested to remove data by our customer, we will respond within 30 days or as otherwise required by applicable law. Individuals may also submit such inquiries or requests directly to Bullhorn at no cost for them by contacting privacy@bullhorn.com.
5. Data Retention by Bullhorn
We will retain personal data including biometric data for as long as a customer’s account is active or as needed to provide the Service to our customer, as required under customer agreements and / or for as long as Bullhorn needs the personal data to fulfill the purposes for which the Company initially collected it, unless otherwise required by applicable law or court order. We will also retain this personal data as necessary to comply with our legal and/or contractual obligations, comply with court orders, resolve disputes, and enforce our agreements. When the purpose for which Bullhorn is processing the personal data is fulfilled, expires or is terminated, Bullhorn will delete (or render unusable) any personal data in accordance with our customer agreements, this Privacy Policy and applicable law. In the event we cannot delete your personal data or render it unusable, we will inform you of the reasons, subject to any legal restrictions.
6. Data Security
Bullhorn employs reasonable and appropriate security measures to protect against the loss, misuse, and alteration of the personal data it processes. When the Service is accessed using Microsoft Internet Explorer versions 8.0 or higher, Transport Layer Security (TLS) technology protects information using both server authentication and data encryption to help provide that personal data is safe, and secure while in transit. Bullhorn also implements an advanced security method based on dynamic data and encoded session identifications, and hosts the Service in a secure server environment that uses a firewall and other advanced technology to protect against interference or access from outside intruders. Finally, Bullhorn provides individual usernames and passwords that must be entered each time a customer logs on. These safeguards help protect against unauthorized access, maintain data accuracy, and provide for the appropriate use of personal data. Nevertheless, no method of transmission over the Internet, or method of electronic storage, is one hundred percent (100%) secure, however. Therefore, we cannot guarantee absolute security. If you have any questions about security on our Service, please contact us at privacy@bullhorn.com.
7. Links to Third Party Sites
Our Service includes links to other Web sites whose privacy practices may differ from those at www.bullhornstaffing.com and https://bbo.bullhornstaffing.com. If you submit personal data to any of these sites, your information is governed by the applicable third-party’s privacy policies and we are not responsible for it. We therefore encourage you to carefully read any notices provided through a hyperlink and the privacy policy of any Web site you visit and raise questions directly with these other providers.
8. No Services for Minors
We do not knowingly collect information from minors. To use the Site, you must be the age of legal majority in your place of residence. By using the Site, you hereby represent that you are at least the age of legal majority in your place of residence. We do not use an application or other mechanism to determine the age of users of the Site. All information provided to us will be treated as if it was provided by an adult. We will use commercially reasonable efforts to delete information associated with a minor as soon as practicable if we learn that a minor has submitted information about himself/herself to us.
9. Note for California Residents
California law, including the California Consumer Privacy Act of 2018 (“CCPA”), permits California residents who provide us with personal information to request certain information including the categories of personal information we collect, the sources from which your personal information is collected, how we use your personal information, the categories of third parties with whom we share your personal information, and whether we sell your personal information or otherwise disclose such information to third parties for their direct marketing purposes. See Sections 1 and 2 above for the categories of personal information we collect, the sources of such information and how we use your personal information. To request access to or deletion of your personal information, please contact the Company’s Data Protection Officers. See Section 14 for contact details. We do not, at this time, sell your personal information or disclose your personal information to third parties for their direct marketing purposes. Accordingly, no opt out is necessary at this time. Although we currently do not sell your personal information, if you would still like to record your opt-out, you may do so at https://www.bullhorn.com/opt-out-ccpa/. If we change this policy, we will update this Section and provide instructions on how you may make a request for details regarding the sale of your personal information. While we do not sell your personal information, we may share your personal information for “business purpose[s]” (as defined in the CCPA) with third parties. The categories of third parties with whom we may share your personal information are described in this Privacy Policy and also as set forth at https://www.bullhorn.com/legal/sub-processors/. We will only share your personal information with third parties in the ways that are described in our customer agreements and this Privacy Policy.
10. Do-Not-Track Disclosure
There are many methods where web browser signals and similar mechanisms can indicate your choice to disable tracking. But we may not be aware of or able to honor every such mechanism. Because there is not yet a common understanding of how to interpret web browser-based “Do Not Track” (DNT) signals other than cookies, we may not respond to undefined DNT signals to our Sites or online services. More information about “do not track” is available at www.allaboutdnt.org concerning such information.
11. Severability
The invalidity or unenforceability of any provisions of this Privacy Policy in any country shall not affect the validity or enforceability of any other provision of this Privacy Policy, which shall remain in full force and effect.
12. Changes in this Privacy Policy
We may update this privacy statement to reflect changes to our information practices that will become effective upon posting. If we make material changes to this policy, we will notify you here, by email, or by means of a notice through the Service prior to the change becoming effective. We encourage you to periodically review this page for the latest information on our privacy practices.
13. Data Transfers Outside the EEA, U.K. and Switzerland
Bullhorn Group Companies have entered into Standard Contractual Clauses (“SCC”) among them as authorized by the European Commission under the GDPR for the transfer of personal data from Bullhorn Group Companies in the EEA, UK, and Switzerland to Bullhorn Group Companies outside these territories. The SCC set forth the adequate safeguards for the protection of privacy and fundamental rights and freedoms of European individuals for such data transfers outside the EEA, UK and Switzerland. SCC also safeguard personal data access of our data processors outside the EEA, UK and Switzerland. Please use the contact information in Sec. 15 below to obtain more information on these contractual arrangements.
Bullhorn observes the regulatory developments affecting these data transfers to data importers outside the EEA, U.K. and Switzerland after the CJEU’s “Schrems 2” decision of 07/16/20 (C 318/11) and the effects of the end of the BREXIT transitory period for the U.K. Please visit this website frequently for updates or modifications of this Policy.
14. Bullhorn’s EU-U.S. Privacy Shield / Swiss-U.S. Privacy Shield Framework Policy Statement
In addition to the SCC as set forth in Section 13 of this Privacy Policy, Bullhorn, Inc. continues to participate in and has certified its compliance with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal data transferred from the European Union (EU), United Kingdom (UK), Switzerland and European Economic Area (EEA) to the United States, respectively for the purposes of showing our customers that we adhere to a stringent privacy framework. We do not rely on the Privacy Shield Framework for data transfers to the US, following the “Schrems 2” decision. Bullhorn’s Privacy Shield certification can be found at https://www.privacyshield.gov/participant?id=a2zt0000000GnYbAAK&status=Active. If there is any conflict between the terms in this Privacy Policy, the SCC and the Privacy Shield Principles, the following order of precedence (the first of the following having the highest order of priority) shall apply: SCC, the Privacy Shield Principles, and the Privacy Policy. To learn more about the Privacy Shield Framework and the Privacy Shield Principles, please visit the U.S. Department of Commerce’s Privacy Shield website, https://www.privacyshield.gov/.
Bullhorn, Inc. is responsible for the processing of personal data it receives from data exporters under each Privacy Shield Framework, and subsequently transfers to a third party acting as an agent on its behalf. Bullhorn, Inc. fully complies with the Privacy Shield Principles and the SCC. With respect to personal data received or transferred pursuant to the Privacy Shield Frameworks, Bullhorn, Inc. is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission. In certain situations, Bullhorn, Inc. may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
The Company adheres to the Privacy Shield Principles of notice, choice, accountability for onward transfer, security, data integrity and purpose limitation, access and recourse, and enforcement and liability as described herein.
15. Data Protection Officers
Bullhorn has appointed Data Protection Officers, who are responsible for matters relating to data privacy and protection. The Data Protection Officers can be contacted by email at DPO@bullhorn.com, or by mail at: Bullhorn, Inc., 100 Summer Street, 17th Floor, Boston, MA 02110, Attn: Data Protection Officer, Legal or K.P. van der Mandelelaan 68-70, 3062 MB Rotterdam, Netherlands, Attn: Data Protection Officer, Legal.
Any questions or complaints concerning Bullhorn’s Privacy Policy or handling of personal data can be directed to: privacy@bullhorn.com or Bullhorn, Inc., 100 Summer Street, 17th Floor, Boston, MA 02110, Tel: 1-617-478-9100, Attn: Dept. of Information Security & Compliance/Legal. In addition, you have the right to lodge a complaint with your local data processing authority.