Privacy Policy
Human eSources Privacy Policy Notice
Dated: 03/11/2021
PLEASE READ THIS POLICY CAREFULLY
Your privacy is most important to us. At Human eSources, Ltd. (“Human eSources”, “our”, “us” or “we”), Human eSources shall ensure that it complies with the following privacy notice when processing personal information on behalf of our partners and or your academic institution, government agency, independent counsellor, company or any other organization (hereinafter collectively “Organization(s)”). This privacy notice applies only to your use of any Human eSources products (“Products”) or services (“services”). We are adamant about protecting the privacy of our users and subscribers. Our policy is simple: except as noted below we do not sell, share, or provide in any way your personally identifiable information to any person, company or organization without your prior permission.
Any person accessing, browsing, or otherwise using the Human eSources, products or services shall be considered a ("user"). All users are bound by the terms of this Privacy Policy. Users consent to the collection, use, and disclosure of personally identifiable user information ("information") pursuant to the terms of this Privacy Policy. You acknowledge that the organization through which you have been given access to Human eSources products and services is the data controller in respect of your personal information. The Data Controller controls your personal information. Human eSources is the data processor and processes your personal information in accordance with the instructions given to us by the Data Controller. By visiting or using the Human eSources, websites, products or services, you are accepting the practices described in this Privacy Policy.
Information Collection and Use
Human eSources collects registration, authentication, and assessment information from users who use our products and services including; your name, gender and email address. We are the sole owners of the information collected on our sites. By providing any such information, the user consents to our GDPR Platform Privacy Policy.
Information Collected Through Account Creation and Registration, Login, and Obtaining and using Programs and Services may be used to:
- Generate statistical studies and conduct research related to our professional work.
- Identify, develop, and offer existing and new products and services.
The personal information we process will be processed by staff operating outside of the EEA. Please contact the Data Controller for further details on the specific safeguards applied to the export of your personal information outside the EEA.
Use of Cookies
For all its products and services, Human eSources uses session cookies for session management to distinguish you from other users. This helps us provide you with a good experience when you use our Website and Products. The cookie is a text string stored by a user’s web browser. It consists of one or more name-value pairs containing bits of information, which may be encrypted for information privacy and data security purposes. The cookie is used for authentication, storing site preferences, shopping cart contents, the identifier for a server-based session, or anything else that can be accomplished through storing textual data. For example, our session cookies allow users to log in to our products and services. The web server will first send a cookie containing a unique session identifier. Users then submit their credentials and the web application authenticates the session and allows the user access to services.
As text, cookies are not executable files. Because they are not executable, they cannot replicate themselves and are not viruses. Most modern browsers allow users to decide whether to accept cookies, and the time frame to keep them, but rejecting cookies makes our products and services unusable. Session cookies used by Human eSources are deleted by the user's computer when the browser is closed, when the computer is turned off, or when the session automatically times out.
Human eSources does not place cookies permanently on the user's hard drives to track user activity in any way. Service providers to Human eSources may use cookies; we have no control over those cookies, and this Privacy Policy does not cover them
Service Providers
Human eSources uses Google Analytics to anonymously monitor traffic in our products and services to identify trends, administer the product, track users’ movements within the product and gather broad demographic information for aggregated use. This information is not linked to and does not contain personally identifiable information. We will not share this information with any other third party.
In addition, Human eSources uses DataDog for application performance monitoring to anonymously monitor traffic in our products for the purpose of optimization of service performance. We will not share this information with any other third party.
Human eSources also uses Amazon Web Services to anonymously host our services and products. All data stored in the cloud is both encrypted at rest and in transit.
Linked Internet Websites
The Human eSources websites, products and services may provide hyperlinks, which are highlighted words or pictures within a hypertext document that, when clicked, take you to another place within the document, to another document altogether, or may take you to a third party website not controlled by Human eSources. These hyperlinked third party websites may collect and disclose Information differently than Human eSources websites, products and services, and if you visit these third party websites we recommend that you read their privacy policy statements. Human eSources is not responsible for the collection, use, or disclosure of information collected through these websites, and Human eSources expressly disclaims any and all liability related to such collection, use, or disclosure. We are not the controller of your personal information
Communication Options from Human eSources products
We communicate electronically with our users through mandatory system-generated emails. System-generated emails are a direct response to a user’s action on the site(s). Examples include: adding a staff person or program administrator to an institutional account, and username and password reminders.
Exceptions to the Privacy Policy & Disclosure of your information
There are limited exceptions to the Human eSources Privacy Policy, when we may disclose what personal information we have to third parties based on justified circumstances.
| Purpose of disclosure and third party(s) to which disclosure might be made | Use Justification |
|---|---|
| If you request we do so. | You have provided your consent. |
| The portfolios associated with Human eSources products are intended for storage of results, artifacts and access to authorized products and are protected by users’ passwords. The contents of each portfolio can be viewed by the portfolio creator and, in the case of an Organization subscription, site practitioner(s) or Professional(s), manager or supervisor. | Processing is necessary for compliance with a legal obligation. |
| If we sell any business or assets, we may disclose your personal information to the prospective seller or buyer of such business or assets. | Legitimate interests (i.e. to buy or sell business assets). |
| If Human eSources or substantially all of its assets are acquired by a third party or enters into a merger, personal information about our users will be one of the transferred assets. | Legitimate interests (i.e. to dispose of our business). |
| If we are under a duty to disclose or share your personal information in order to comply with any legal obligation or to protect the rights, property, or safety of Human eSources, our users, or others. | Processing is necessary for compliance with a legal obligation, or processing is necessary in order to protect the vital interests of a natural person |
| We may disclose your personal information to third parties, the court service and/or regulators or law enforcement agencies in connection with proceedings or investigations anywhere in the world where compelled to do so based on the advice of counsel. Where permitted, we will direct any such request to you or notify you before responding unless to do so would prejudice the prevention or detection of a crime. | Legitimate interests (i.e. to cooperate with law enforcement and regulatory authorities) |
| Human eSources will share user information with authorized personnel at Organizations who have purchased access to Human eSources on the users behalf and who we consider site practitioners (example: teachers, counselors, faculty, professors, supervisors, etc.). Since those Organizations are responsible for assigning access to user information, they are the Data Controller, it becomes the responsibility of the user to determine whom in the said Organizations has access to their information. Human eSources is not responsible for the actions, practices, or policies of those Organizations and their use of user information. | Legitimate interests |
Security
The security of your information is important to us. Human eSources has security measures to protect against the loss, misuse, and alteration of the information under our control. Our website, products and services use Secure Sockets Layer technology (SSL), which encrypts all sensitive information users input before it is sent to us. Thus, we have taken steps to protect the information we collect from you from unauthorized access, use, and disclosure. Human eSources makes no representations or warranties with regard to the sufficiency of these security measures. Human eSources shall not be responsible for any actual or consequential damages that result from a lapse in compliance with this Privacy Policy because of a security breach or technical malfunction.
International Data Transfers
If you are a direct customer of ours the transfer of your personal data to the U.S. is necessary to perform the contract with you and we transfer the data on the basis of Art. 49 (1) no. 2 GDPR.
If you are not a direct customer of ours, we are bound to the obligations for data importers under the standard contractual clauses adopted by the European Commission with COMMISSION IMPLEMENTING DECISION (EU) 2021/914 of 4 June 2021 on standard contractual clauses for the transfer of personal data to third countries pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council („SCC“) and transfer your personal data on the basis of the SCC in connection with Art. 46 (2) c GDPR. We may have entered into SCC with the company you are a customer with. You may request a copy of these SCC by contacting us through our Customer Care Portal.
Applicable Law/International Issues
Information that is submitted to Human eSources websites, products and services will be collected, processed, stored, disclosed and disposed of in accordance with applicable U.S. law. If you are a non-U.S. user, you acknowledge and agree that we may collect and use your information, as discussed above, outside your resident jurisdiction. In addition, such information may be stored on servers located outside your resident jurisdiction. U.S. law may not provide the degree of protection for information that is available in other countries. By providing us with your information, you acknowledge that you have read this Privacy Policy, understand it, agree to its terms and consent to the transfer of such Information outside your resident jurisdiction. If you do not consent to the terms of this Policy, please do not use Human eSources websites, products and services.
Changes to this Policy
Human eSources reserves the right to modify our Privacy Policy from time to time. You should review our Privacy Policy statement periodically. If we make significant modifications to the policy, we will post on the home page of the Human eSources website, for 7 days prior to the effective date of the new policy, a notice that we have a new privacy policy.
How long we retain your personal data
The Data Controller determines how long we retain your personal data. As a general rule, we will hold the personal information provided to us for as long as is necessary in order to accommodate your use of the Human eSources products and services made available, to deal with any specific issues that may raise, or otherwise as is required by law or any relevant regulatory body. Once your account is terminated or deactivated, we shall delete the personal information relating to your account, or otherwise as directed by the Data Controller.
Your rights & control
Under the General Data Protection Regulation (EU) 2017/676 you have the following rights in relation to your personal information. All of these rights can be exercised by contacting the Data Controller. If for some reason you are unable to work with your Data controller to exercise your rights you may contact Human eSources through our Customer Care Portal.
| Rights | Details |
|---|---|
| Right to Rectification | We will use reasonable endeavors to ensure that your personal information is accurate. To update your personal information you can:
|
| Right to erasure / ‘Right to be forgotten’ | Asking us to delete all of your personal data will result in Human eSources deleting your personal data without undue delay (unless there is a legitimate and legal reason why Human eSources is unable to delete your personal data, in which case we will inform you of this in writing). |
| Right to restriction of processing | You have the right to ask us to stop processing your personal data at any time. |
| Right to data portability | You have the right to request that Human eSources provides you with a copy of all of your personal data and to transmit your personal data to another data controller in a structured, commonly used and machine-readable format, where it is technically feasible for us to do so. |
| Right of access | You have the right to obtain confirmation as to whether your personal data are being processed, and, where that is the case, access to such personal data. |
| Right to complain | You have the right to lodge a complaint to a supervisory authority such as the Information Commissioner’s Office in the UK (see www.ico.org.uk). Although we encourage our users first to engage with the Data Controller in the event they have any concerns or complaints. |
Human eSources does not charge in respect of any requests we receive to exercise any of the rights detailed above; however, if excessive, repetitive or unfounded requests are made, we may charge an administration fee to process such requests. Where we are required to provide a copy of the personal data undergoing processing this will be free of charge; however, any further copies requested may be subject to reasonable fees based on administrative costs.
Where Human eSources is requested to rectify or erase personal data or restrict any processing of such personal data, Human eSources may notify third parties to whom such personal data has been disclosed of such request. However, such third party may have the right to retain and continue to process such personal data in its own right, for example, to comply with its legal obligations.
Contacting Us
If you have any questions about this Privacy Policy, the practices of this site or your dealings with Human eSources products, please contact us through our Customer Care Portal.
Processing of Personal Data
Entity: Human eSources Ltd. ("HeS")
Personal data we process:
- First name
- Last name
- Email address
- Gender
- Address (for retail purchases only)
- Date of birth (for retail purchases only)
- Your learning management User ID
- HeS User role (Student/Instructor)
Purpose of processing:
For customer support purposes.
Legal basis for processing:
You have provided your consent.
How long the data will be stored:
Indefinitely, until we are asked to remove it. Data will be expunged upon request unless otherwise contractually obligated.
Will the data be shared with third parties?
No.
Is the data transferred outside the European Economic Area?
Yes, with consent.
Entity: Human eSources Canada Ltd. (Affiliate)
Personal data we process:
- First name
- Last name
- Email address
- Gender
- Address (for retail purchases only)
- Date of birth (for retail purchases only)
- Your learning management User ID
- HeS User role (Student/Instructor)
Purpose of processing:
For technical support and statistical analysis: To ensure validity and reliability of our assessments.
Legal basis for processing:
You have provided your consent.
How long the data will be stored:
Indefinitely, until we are asked to remove it. Data will be expunged upon request unless otherwise contractually obligated.
Will the data be shared with third parties?
No.
Is the data transferred outside the European Economic Area?
Yes.
Entity: Amazon Web Services, Inc. ("AWS")
Personal data we process:
Hosted personal data is encrypted in transit and at rest.
Purpose of processing:
To supply required services to support our applications.
Legal basis for processing:
Processing is necessary for our legitimate interests.
How long the data will be stored:
Indefinitely, until we are asked to remove it. Data will be expunged upon request unless otherwise contractually obligated.
Will the data be shared with third parties?
No.
Is the data transferred outside the European Economic Area?
Region-dependent. AWS has implemented and will maintain technical and organisational security measures to protect customer data, including personal data, in accordance with the Standard Contractual Clauses.
Data processed for Kaplan International Pathways is hosted in the European Union and is not subject to transfers outside of the EEA.
Entity: Zoho Corporation Pvt. Ltd.
Personal data we process:
Email address.
Purpose of processing:
To supply required services to support our applications.
Legal basis for processing:
Processing is necessary for our legitimate interests.
How long the data will be stored:
Indefinitely, until we are asked to remove it. Data will be expunged upon request unless otherwise contractually obligated.
Will the data be shared with third parties?
No.
Is the data transferred outside the European Economic Area?
Yes.