Last updated: July 31, 2024
Recurly respects your privacy. This HR Privacy Notice or “Notice” describes the types of personal information we collect about California residents, residents in the European Economic Area (“EEA”), and residents in the United Kingdom (“UK”) who are (1) Recurly employees, applicants, owners, directors, officers, contractors (collectively, “Recurly Personnel”), (2) emergency contacts of Recurly Personnel, and (3) individuals related to Recurly Personnel for whom Recurly administers benefits (collectively with Recurly Personnel, “HR Covered Individuals”).
Recurly Personnel are responsible for providing this Privacy Notice to any HR Covered Individual whose personal information is provided to Recurly by our personnel. Certain terms used in this Notice have the meanings given to them by applicable privacy laws.
"Personal Information" means any information relating to a specific individual.
We may lawfully collect your Personal Information in a number of ways. For example, we may collect your Personal Information: (i) from the information you provide to us when you interact with us before applying; (ii) when you apply for a position and complete employment forms or other documentation; (iii) when you communicate with us by telephone, email or via our website (e.g., in order to make inquiries or raise concerns); (iv) when you interact with us during your time as an employee, for one or more of the purposes set out below; and (v) from third parties (e.g., from recruitment organizations, government agencies in connection with visas, or from your previous college, university, or employers), who may provide records or a reference about you. In addition, we may, to the extent permitted by law, monitor your computer and telephone use.
Recurly may collect the following categories of personal information about HR Covered Individuals:
We use personal information for the purpose of carrying out and supporting HR functions and activities, including the uses described below. In addition to general HR purposes, the purpose column also lists relevant “business purposes” as they are described in the CCPA or other legal bases for processing. The Categories of Personal Information column identifies the categories of personal information that are used for each purpose.
| Purposes | Categories of Personal Information |
|---|---|
| Managing work activities and personnel generally, including recruiting; performing background checks; determining suitability for employment or promotion; determining physical and/or mental fitness for work; reviewing and evaluating performance; determining eligibility for and processing salary increases, bonuses, and other incentive-based compensation; providing references; managing attendance, absences, leaves of absences, and vacations; administering payroll services; reimbursing expenses; administering health, dental, and other benefits; training and development; making travel arrangements; securing immigration statuses; monitoring staff; creating staff directories; investigating suspected misconduct or non-performance of duties; managing disciplinary matters, grievances, and terminations; reviewing staffing decisions; and providing access to facilities | Identifiers; Protected Classifications; Online Identifiers; Additional Data Subject to Cal. Civ. Activity; Geolocation Data; Employment Information; Education Information |
| Ensuring business continuity; protecting the health and safety of our staff and others; safeguarding, monitoring, and maintaining our IT infrastructure, office equipment, facilities, and other property; detecting or preventing theft or fraud, or attempted theft or fraud; and facilitating communication with you and your designated contacts in an emergency | Identifiers; Protected Classifications; Online Activity; Geolocation Data; Employment Information; Education Information |
| Operating and managing our IT, communications systems and facilities, and monitoring the use of these resources; performing data analytics; improving our services; allocating and managing company assets and human resources; strategic planning; project management; compiling audit trails and other reporting tools; maintaining records relating to business activities, budgeting, and financial management; managing mergers, acquisitions, sales, reorganizations or disposals and integration with business partners | Identifiers; Online Activity; Geolocation Data; |
| Complying with legal requirements, such as tax, record-keeping and reporting obligations; conducting audits, management and resolution of health and safety matters; complying with requests from government or other public authorities; responding to legal process such as subpoenas and court orders; pursuing legal rights and remedies; defending litigation and managing internal complaints or claims; conducting investigations; and complying with internal policies and procedures | Identifiers; Protected Classifications; Online Activity; Geolocation Data; Sensory Information; Employment Information; Education Information |
| Performing services | Identifiers; Protected Classifications; Online Activity; Geolocation Data; Employment Information; Education Information |
| Auditing related to a current interaction with you and concurrent transactions | Identifiers; Protected Classifications; Online Activity; Geolocation Data; Employment Information; Education Information |
| Certain short-term, transient uses | Identifiers; Protected Classifications; Online Activity; Geolocation Data; Employment Information; Education Information |
| Detecting security incidents, protecting against malicious, deceptive, fraudulent, or illegal activity, and prosecuting those responsible for that activity | Identifiers; Protected Classifications; Online Activity; Geolocation Data; Employment Information; Education Information |
| Debugging to identify and repair errors that impair existing intended functionality | Identifiers; Online Activity; Geolocation Data |
| Undertaking internal research for technological development and demonstration | Identifiers; Online Activity; Geolocation Data |
| Undertaking activities to verify or maintain the quality or safety of a service or device that is owned, manufactured, manufactured for, or controlled by us, and to improve, upgrade, or enhance the service or device that is owned, manufactured, manufactured for, or controlled by us | Identifiers; Online Activity; Geolocation Data |
We may disclose some or all of the categories of personal information that we collect to the following categories of recipients:
Please note that we may be legally required to disclose personal information in response to a lawful request by public authorities, including to meet national security or law enforcement requirements.
We may transfer your personal information from the EEA and UK to the U.S. for processing, for the purposes outlined above. The personal information is transferred on the basis of legally-provided mechanisms to lawfully transfer personal information across borders, including the European Commission-approved Standard Contractual Clauses and the United Kingdom International Data Transfer Agreement, found at the embedded links.
In addition to the contractual safeguards, Recurly complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF, as set forth by the U.S. Department of Commerce. Recurly has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union and the United Kingdom in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) Program, and to view our certification, please visit https://www.dataprivacyframework.gov/.
In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF, Recurly commits to cooperate and comply with the advice of the panel established by the EU data protection authorities (DPAs) and the UK Information Commissioner’s Office (ICO) with regard to unresolved complaints concerning our handling of human resources data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF in the context of the employment relationship.
Recurly is subject to the investigatory and enforcement powers of the Federal Trade Commission (“FTC”). As explained above, we sometimes provide personal information to third parties to perform services on our behalf. If we transfer personal information received under the Data Privacy Framework to a third party, the third party's access, use, and disclosure of the Personal Data must also be in compliance with our Data Privacy Framework obligations, and we will remain liable under the Data Privacy Framework for any failure to do so by the third party unless we prove we are not responsible for the event giving rise to the damage. For clarity, we are no longer relying on the Data Privacy Framework to transfer Personal Data to the United States. Instead, we rely on the legally-provided contractual mechanisms described above.
Please contact us at privacy@recurly.com with any questions or concerns relating to our Data Privacy Framework Certification. If you do not receive timely acknowledgment of your Data Privacy Framework-related complaint from us, or if we have not resolved your complaint, you may also contact the EU and UK data protection authorities listed below. It may be possible, under certain circumstances, to invoke binding arbitration, for complaints not resolved by other means.
Dutch Data Protection Authority Autoriteit Persoonsgegevens
PO Box 93374
2509 AJ DEN HAAG
Website
Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Telephone: 0303 123 1113
Fax: 01625 524510
Website
Please know that the privacy rights outlined below exercised in your role as an HR Covered Individual are subject to significant exceptions. We will respond to every request according to applicable law and will not retaliate or discriminate against for exercising any of your privacy rights.
We keep personal information for specified periods of time, depending on business needs, privacy interests and the law. As a general matter, we only retain personal information for as long as it is needed or useful for accomplishing a business, legal or tax purpose. After such period, the data is deleted or fully anonymized. Personal Information collected about you as an HR Covered Individual is generally retained while we have a relationship with you plus a period of time as necessary to enforce or defend our rights or comply with law.
If you have any questions regarding this HR Privacy Notice for California and EEA residents or our privacy practices or submit a request, please contact us at privacy@recurly.com.
You may designate an authorized agent to submit requests on your behalf. To submit a request as an authorized agent on behalf of a consumer, please contact us as described above.
To help protect your privacy and maintain security, we will take steps to verify your identity before granting you access to your personal information or complying with your request. We may require you to provide any of the following information: first name, last name, month & year of birth, email address, mailing address. If you designate an authorized agent to make a request on your behalf (a) we may require you to provide the authorized agent written permission to do so, and (b) for access and deletion requests, we may require you to verify your own identity directly with us (as described above).