HR Privacy Notice
Last updated: June 26, 2024
Recurly respects your privacy. This HR Privacy Notice or “Notice” describes the types of personal information we collect about California residents, residents in the European Economic Area (“EEA”), and residents in the United Kingdom (“UK”) who are (1) Recurly employees, applicants, owners, directors, officers, contractors (collectively, “Recurly Personnel”), (2) emergency contacts of Recurly Personnel, and (3) individuals related to Recurly Personnel for whom Recurly administers benefits (collectively with Recurly Personnel, “HR Covered Individuals”).
Recurly Personnel are responsible for providing this Privacy Notice to any HR Covered Individual whose personal information is provided to Recurly by our personnel. Certain terms used in this Notice have the meanings given to them by applicable privacy laws.
What is "Personal Information"?
"Personal Information" means any information relating to a specific individual.
How and When Do We Collect Your Personal Information?
We may lawfully collect your Personal Information in a number of ways. For example, we may collect your Personal Information: (i) from the information you provide to us when you interact with us before applying; (ii) when you apply for a position and complete employment forms or other documentation; (iii) when you communicate with us by telephone, email or via our website (e.g., in order to make inquiries or raise concerns); (iv) when you interact with us during your time as an employee, for one or more of the purposes set out below; and (v) from third parties (e.g., from recruitment organizations, government agencies in connection with visas, or from your previous college, university, or employers), who may provide records or a reference about you. In addition, we may, to the extent permitted by law, monitor your computer and telephone use.
Personal Information We Collect
Recurly may collect the following categories of personal information about HR Covered Individuals:
- Identifiers: identifiers, such as a real name, postal address, unique personal identifier (e.g., a device identifier, employee number, unique pseudonym, or user alias/ID), telephone number, online identifier, or internet protocol address;
- Protected Classifications: characteristics of protected classifications under California or federal law, such as race, color, national origin, religion, age, sex, or gender;
- Online Activity: Internet and other electronic network activity information, including, but not limited to, browsing history, search history, and information regarding your interaction with websites or applications;
- Geolocation Data
- Employment Information: professional or employment-related information, such as compensation, benefits and payroll information (e.g., salary-related information, tax-related information, benefits elections and details regarding leaves of absence), information relating to your position (e.g., job title and job description), performance-related information (e.g., evaluations and training), talent management information (e.g., resumé information, occupation details, education details, certifications and professional associations, historical compensation details, previous employment details, and pre-employment screening and background check information, including criminal records information), emergency contact information, and dependent information; and
- Education Information
How We Use the Personal Information
We use personal information for the purpose of carrying out and supporting HR functions and activities, including the uses described below. In addition to general HR purposes, the purpose column also lists relevant “business purposes” as they are described in the CCPA or other legal bases for processing. The Categories of Personal Information column identifies the categories of personal information that are used for each purpose.
| Purposes | Categories of Personal Information |
|---|---|
| Managing work activities and personnel generally, including recruiting; performing background checks; determining suitability for employment or promotion; determining physical and/or mental fitness for work; reviewing and evaluating performance; determining eligibility for and processing salary increases, bonuses, and other incentive-based compensation; providing references; managing attendance, absences, leaves of absences, and vacations; administering payroll services; reimbursing expenses; administering health, dental, and other benefits; training and development; making travel arrangements; securing immigration statuses; monitoring staff; creating staff directories; investigating suspected misconduct or non-performance of duties; managing disciplinary matters, grievances, and terminations; reviewing staffing decisions; and providing access to facilities | Identifiers; Protected Classifications; Online Identifiers; Additional Data Subject to Cal. Civ. Activity; Geolocation Data; Employment Information; Education Information |
| Ensuring business continuity; protecting the health and safety of our staff and others; safeguarding, monitoring, and maintaining our IT infrastructure, office equipment, facilities, and other property; detecting or preventing theft or fraud, or attempted theft or fraud; and facilitating communication with you and your designated contacts in an emergency | Identifiers; Protected Classifications; Online Activity; Geolocation Data; Employment Information; Education Information |
| Operating and managing our IT, communications systems and facilities, and monitoring the use of these resources; performing data analytics; improving our services; allocating and managing company assets and human resources; strategic planning; project management; compiling audit trails and other reporting tools; maintaining records relating to business activities, budgeting, and financial management; managing mergers, acquisitions, sales, reorganizations or disposals and integration with business partners | Identifiers; Online Activity; Geolocation Data; |
| Complying with legal requirements, such as tax, record-keeping and reporting obligations; conducting audits, management and resolution of health and safety matters; complying with requests from government or other public authorities; responding to legal process such as subpoenas and court orders; pursuing legal rights and remedies; defending litigation and managing internal complaints or claims; conducting investigations; and complying with internal policies and procedures | Identifiers; Protected Classifications; Online Activity; Geolocation Data; Sensory Information; Employment Information; Education Information |
| Performing services | Identifiers; Protected Classifications; Online Activity; Geolocation Data; Employment Information; Education Information |
| Auditing related to a current interaction with you and concurrent transactions | Identifiers; Protected Classifications; Online Activity; Geolocation Data; Employment Information; Education Information |
| Certain short-term, transient uses | Identifiers; Protected Classifications; Online Activity; Geolocation Data; Employment Information; Education Information |
| Detecting security incidents, protecting against malicious, deceptive, fraudulent, or illegal activity, and prosecuting those responsible for that activity | Identifiers; Protected Classifications; Online Activity; Geolocation Data; Employment Information; Education Information |
| Debugging to identify and repair errors that impair existing intended functionality | Identifiers; Online Activity; Geolocation Data |
| Undertaking internal research for technological development and demonstration | Identifiers; Online Activity; Geolocation Data |
| Undertaking activities to verify or maintain the quality or safety of a service or device that is owned, manufactured, manufactured for, or controlled by us, and to improve, upgrade, or enhance the service or device that is owned, manufactured, manufactured for, or controlled by us | Identifiers; Online Activity; Geolocation Data |
Disclosure of Personal Information
We may disclose some or all of the categories of personal information that we collect to the following categories of recipients:
- Background check providers for conducting employee/candidate background checks
- Payroll and benefit providers for providing employment pay and benefits.
- Information technology companies for provisioning technologies necessary for employee duties
- Consultants and auditors for corporate governance purposes.
- Public authorities for complying with government orders and applicable law.
Please note that we may be legally required to disclose personal information in response to a lawful request by public authorities, including to meet national security or law enforcement requirements.
Data Transfers
We may transfer your personal information from the EEA and UK to the U.S. for processing, for the purposes outlined above. The personal information is transferred on the basis of legally-provided mechanisms to lawfully transfer personal information across borders, including the European Commission-approved Standard Contractual Clauses and the United Kingdom International Data Transfer Agreement, found at the embedded links.
In addition to the contractual safeguards, Recurly complies with the EU-U.S. Data Privacy Framework and the Swiss-U.S. Data Privacy Frameworks as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union and the United Kingdom and/or Switzerland, as applicable to the United States in reliance on the Data Privacy Framework. Recurly has certified to the Department of Commerce that it adheres to the Data Privacy Principles with respect to such information. To learn more about the Data Privacy Framework program, and to view our certification, please visit the Data Privacy Framework program.
Recurly is subject to the investigatory and enforcement powers of the Federal Trade Commission (“FTC”). As explained above, we sometimes provide personal information to third parties to perform services on our behalf. If we transfer personal information received under the Data Privacy Framework to a third party, the third party's access, use, and disclosure of the Personal Data must also be in compliance with our Data Privacy Framework obligations, and we will remain liable under the Data Privacy Framework for any failure to do so by the third party unless we prove we are not responsible for the event giving rise to the damage. For clarity, we are no longer relying on the Data Privacy Framework to transfer Personal Data to the United States. Instead, we rely on the legally-provided contractual mechanisms described above.
Please contact us at privacy@recurly.com with any questions or concerns relating to our Data Privacy Framework Certification. If you do not receive timely acknowledgment of your Data Privacy Framework-related complaint from us, or if we have not resolved your complaint, you may also contact the EU and UK data protection authorities listed below. It may be possible, under certain circumstances, to invoke binding arbitration, for complaints not resolved by other means.
EU
Dutch Data Protection Authority Autoriteit Persoonsgegevens
PO Box 93374
2509 AJ DEN HAAG
Website
UK
Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Telephone: 0303 123 1113
Fax: 01625 524510
Website
Privacy Rights
Please know that the privacy rights outlined below exercised in your role as an HR Covered Individual are subject to significant exceptions. We will respond to every request according to applicable law and will not retaliate or discriminate against for exercising any of your privacy rights.
- Know (Applicable to California, EEA, and UK residents): You have the right to know what personal information we have collected about you, including the categories of personal information, the categories of sources from which the personal information is collected, the business or commercial purpose for collecting personal information, the categories of third parties to whom we disclose personal information, and the specific pieces of personal information we have collected about you.
- Deletion (Applicable to California, EEA, and UK residents): You have the right to request that we delete certain personal information we have collected from you.
- Correct (Applicable to California, EEA, and UK residents): You have the right to correct inaccurate personal information that we maintain about you.
- Opt-Out of Sale or Share (Applicable to California residents): We do not sell or share information about you in your role as an HR covered individual.
- Limit Use and Disclosure of Sensitive Personal Information (Applicable to California residents): We do not use any sensitive information about you, in your role as an HR Covered Individual except to facilitate the employment relationship and other compatible uses.
- To restrict processing (Applicable to EEA and UK residents): You have the right to, in some circumstances, limit the uses for which we process your personal information.
How Long We Retain Information
We keep personal information for specified periods of time, depending on business needs, privacy interests and the law. As a general matter, we only retain personal information for as long as it is needed or useful for accomplishing a business, legal or tax purpose. After such period, the data is deleted or fully anonymized. Personal Information collected about you as an HR Covered Individual is generally retained while we have a relationship with you plus a period of time as necessary to enforce or defend our rights or comply with law.
How To Contact Us or Submit a Request
If you have any questions regarding this HR Privacy Notice for California and EEA residents or our privacy practices or submit a request, please contact us at privacy@recurly.com.
Authorized Agents
You may designate an authorized agent to submit requests on your behalf. To submit a request as an authorized agent on behalf of a consumer, please contact us as described above.
Verifying Requests
To help protect your privacy and maintain security, we will take steps to verify your identity before granting you access to your personal information or complying with your request. We may require you to provide any of the following information: first name, last name, month & year of birth, email address, mailing address. If you designate an authorized agent to make a request on your behalf (a) we may require you to provide the authorized agent written permission to do so, and (b) for access and deletion requests, we may require you to verify your own identity directly with us (as described above).
