Privacy Policy| RecruitBPM Applicant Tracking System

At RecruitBPM, we take privacy seriously-not just because regulations demand it, but because we believe your data belongs to you. This Privacy Policy explains how we collect, use, store, and share your personal information when you use our website, applications, and services (collectively, the "Services").

The recruitment industry runs on data, but that doesn't mean privacy takes a backseat. We've designed our practices to balance functionality with protection, transparency with security. Whether you're a customer, candidate, or visitor, you deserve to know exactly what happens with your information.

By using our Services, you agree to the collection and use of information according to this policy. If these terms don't align with your expectations, please reconsider using our Services. We periodically update this policy to reflect new regulations and evolving best practices in data privacy.

Definitions

Let's clarify some terms you'll encounter throughout this policy:

You refers to the individual accessing or using our Services, or the company or legal entity on behalf of which such individual is accessing or using our Services. Under data protection laws like GDPR, You may be called the Data Subject or User.
Company (referred to as "RecruitBPM", "we", "us", or "our") refers to RecruitBPM Corp., located at 687 Lee Road, Suite 208A, Rochester, NY 14606. For GDPR purposes, we are the Data Controller.
Personal Data means any information relating to an identified or identifiable individual. This includes names, email addresses, phone numbers, and even indirect identifiers that could reveal your identity when combined with other information.
Usage Data refers to automatically collected data about how you interact with our Services, including your device's IP address, browser type, pages visited, and time spent.
Cookies are small files placed on your device that enable various features and track how you use our Services.
Data Controller refers to the natural or legal person who determines the purposes and means of processing Personal Data-that's us in most cases.
Data Processor refers to any natural or legal person who processes data on behalf of the Data Controller-typically our service providers.
Service Provider means any natural or legal person who processes data on our behalf. This includes third-party companies or individuals we employ to facilitate our Services.
Social Media Fan Pages are public profiles named RecruitBPM specifically created by the Company on the Facebook social network, accessible from Facebook social network, accessible from https://www.facebook.com/recruitbpm/; LinkedIn accessible from https://www.linkedin.com/company/recruitbpm/; Twitter accessible from https://twitter.com/recruitbpm.

Personal Data We Collect

RecruitBPM collects information through various channels, each serving specific purposes in our ecosystem. The data landscape falls into two main categories:

Data Collected Through Our Website and Marketing Activities

When you visit our website or interact with our marketing materials, we collect:

Contact Information: Names, email addresses, phone numbers, job titles, and company names. These fundamentals help us know who we're talking to.
Account Information: Usernames, passwords (encrypted), and account preferences that form the foundation of your personalized experience.
Marketing Preferences: Your communication preferences and interaction history with our marketing materials. This helps us respect your boundaries while keeping you informed.
Device and Usage Information: IP addresses, browser types, device identifiers, pages visited, and interaction patterns. These technical breadcrumbs help us optimize your experience and troubleshoot issues.

Data Collected Through Our ATS and Workforce Platforms

When you use our core recruitment and workforce management tools, we may process:

Candidate Information: Resumes, work histories, skills assessments, interview notes, and background checks. The lifeblood of recruitment flows through these details.
Employee Data: Performance metrics, compensation details, training records, and employment documentation. These elements support workforce management activities.
Client and Customer Data: Company information, hiring requirements, feedback, and communication histories. This information powers productive business relationships.
Compliance Documentation: Work authorization details, certifications, and regulatory documentation necessary for lawful employment practices.

Data Collection Methods

We gather this information through several channels:

Direct Collection: Information you provide when filling out forms, creating accounts, or communicating with us directly.
Automated Collection: Data gathered through cookies, server logs, and similar technologies that track how you interact with our digital properties.
Third-Party Sources: Information we receive from business partners, social media platforms (when you connect them), and other integrated services.
Public Sources: Information available in public records or professional databases that supplements our understanding of your professional background.

Remember that while much of this information is optional, some is essential for using our Services. We'll always be transparent about which data points are required versus optional.

How We Use Your Personal Data

The data we collect fuels numerous processes designed to deliver value, maintain security, and respect your rights. Here's how we put your information to work:

Core Service Delivery

Account Management: Creating and maintaining your account, authenticating your identity, and personalizing your experience based on preferences and past interactions.
Recruitment Operations: Facilitating job applications, candidate evaluations, interview scheduling, and hiring workflows-the fundamental purpose of an ATS.
Workforce Management: Supporting onboarding, performance tracking, schedule management, and other human capital functions through our platform.
Customer Support: Addressing your questions, troubleshooting issues, and providing guidance on platform features and best practices.

Platform Improvement and Innovation

Product Development: Analyzing usage patterns to identify pain points, opportunities for improvement, and ideas for new features that serve your needs better.
Performance Optimization: Monitoring system performance, identifying bottlenecks, and ensuring the platform runs smoothly even during peak usage periods.
User Experience Enhancement: Refining interfaces, workflows, and features based on how people actually use the platform rather than just how we think they might.

Business Operations

Communication: Sending service notifications, updates about features, and responses to your inquiries or feedback. These touchpoints keep our relationship active and informed.
Marketing: Generating aggregated statistics and trends that help us understand market dynamics and business performance without identifying individuals.
Legal Compliance: Meeting regulatory requirements, fulfilling contractual obligations, and protecting legal rights when necessary.

Each use case is governed by lawful processing principles, ensuring we have appropriate legal grounds for how we handle your information. These may include:

Fulfilling our contractual obligations to you
Complying with legal requirements
Pursuing legitimate business interests that don't override your privacy rights
Processing with your explicit consent where required by law

How We Share Your Personal Data

RecruitBPM doesn't sell your personal information-full stop. However, we do share data in specific circumstances with carefully chosen partners. Here's the landscape of data sharing in our ecosystem:

Service Providers

We partner with specialized companies that help us deliver specific functions of our platform:

Hosting and Cloud Infrastructure: Companies that provide the servers and infrastructure where our applications and your data live.
Analytics Providers: Tools that help us understand user behavior, optimize performance, and improve features without personally identifying individual users.
Email and Communication Services:Platforms that power our newsletters, notifications, and customer support communications.
Payment Processors: Financial services that handle transactions securely while meeting industry compliance standards

These providers operate under strict contractual obligations that limit how they can use your information-typically only to provide the specific service we've engaged them for.

Business Customers

If you use RecruitBPM through your employer or another organization:

Administrative Access: Your organization's administrators may have access to your activities and information within the platform.
Reporting Capabilities: Aggregated data about recruitment activities, workflow efficiency, and other metrics may be available to organizational decision-makers.

This information exchange supports legitimate business operations while maintaining appropriate boundaries around sensitive personal information.

Legal and Regulatory Situations

Sometimes, legal requirements trump privacy preferences:

Legal Obligations: We may disclose information when required by law, regulation, legal process, or governmental request.
Protection of Rights: When necessary to investigate potential violations, enforce our terms, or protect our rights, property, or safety-or those of our users.
Business Transfers In connection with a merger, acquisition, or sale of assets, your information may be transferred as part of the business assets, subject to the commitments in this policy.
Consent-Based Sharing With your explicit permission, we may share information with third parties beyond what's described here.

Data Transfer Protections

When information crosses borders, additional safeguards kick in:

Cross-Border Transfers: When we transfer data internationally, we implement appropriate safeguards like standard contractual clauses or verify adequate protection under frameworks like Privacy Shield.
Recipient Vetting: We assess the privacy practices of recipient organizations before establishing data sharing arrangements.

Remember that once information leaves our control-whether through legitimate sharing or your own actions-its protection becomes subject to the policies and practices of the receiving party. Choose wisely when deciding which third-party integrations to enable.

Social Media and Facebook Fan Pages

Our presence on social media platforms creates additional touchpoints where your data might be processed. Here's what happens when you interact with us on these platforms:

Social Media Interactions

When you engage with our content on social platforms, both RecruitBPM and the platform provider may collect data about these interactions. This dual processing creates a complex privacy landscape worth understanding:

Content Visibility: Comments, likes, and shares you make on our social media content are generally visible to other users according to your privacy settings on that platform.
Cross-Platform Data: Information you share with us through social media may be combined with data from other sources to enhance your experience with our Services.
Platform Policies: Each social media platform has its own privacy policy governing how they process your data-even when you're interacting with our content.

Facebook Fan Page

Data Controller for the Facebook Fan Page

The Company is the Data Controller of Your Personal Data collected while using the Service. As operator of the Facebook Fan Page https://www.facebook.com/recruitbpm/, the Company and the operator of the social network Facebook are Joint Controllers. The Company has entered into agreements with Facebook that define the terms for use of the Facebook Fan Page, among other things. These terms are mostly based on the Facebook Terms of Service: https://www.facebook.com/terms.php. Visit the Facebook Privacy Policy https://www.facebook.com/policy.php for more information about how Facebook manages Personal data or contact Facebook online, or by mail: Facebook, Inc. ATTN, Privacy Operations, 1601 Willow Road, Menlo Park, CA 94025, United States.

Facebook Insights

We use the Facebook Insights function in connection with the operation of the Facebook Fan Page and on the basis of the GDPR, in order to obtain anonymized statistical data about Our users. For this purpose, Facebook places a Cookie on the device of the user visiting Our Facebook Fan Page. Each Cookie contains a unique identifier code and remains active for a period of two years, except when it is deleted before the end of this period. Facebook receives, records and processes the information stored in the Cookie, especially when the user visits the Facebook services, services that are provided by other members of the Facebook Fan Page and services by other companies that use Facebook services. For more information on the privacy practices of Facebook, please visit Facebook Privacy Policy here: https://www.facebook.com/full_data_use_policy.

Facebook Remarketing Services

Facebook remarketing service is provided by Facebook Inc. You can learn more about interest-based advertising from Facebook by visiting this page: https://www.facebook.com/help/164968693837950. To opt-out from Facebook's interest-based ads, follow these instructions from Facebook: https://www.facebook.com/help/568137493302217. Facebook adheres to the Self-Regulatory Principles for Online Behavioral Advertising established by the Digital Advertising Alliance. You can also opt-out from Facebook and other participating companies through:

The Digital Advertising Alliance in the USA http://www.aboutads.info/choices/
The Digital Advertising Alliance of Canada in Canada http://youradchoices.ca/
The European Interactive Digital Advertising Alliance in Europe http://www.youronlinechoices.eu/
Or by adjusting your mobile device settings

For more information on the privacy practices of Facebook, please visit Facebook's Data Policy: https://www.facebook.com/privacy/explanation.

Cookies and Tracking Technologies

Modern websites run on cookies-not the chocolate chip kind, but small text files that make your online experience smoother and more personalized. Here's how we use these digital tools:

Types of Cookies We Use

Essential Cookies: These non-negotiable cookies power core functionality-account logins, form submissions, and security features. The platform simply wouldn't work without them. They're the foundation that keeps things running.
Preference Cookies: Remember your language choices, display settings, and other personalization options so you don't have to reset them every time you visit. They make the platform feel like it's set up just for you.
Analytics Cookies: Help us understand how people use our platform-which features are popular, where users struggle, and how we can improve. These insights drive our product roadmap in a privacy-respecting way.
Marketing Cookies: Track your interactions with our marketing materials and may be used to deliver more relevant advertising. These are always optional and can be disabled without affecting core functionality.

Other Tracking Technologies

Beyond traditional cookies, we may employ:

Pixels and Beacons: Tiny graphics that track when you've opened an email or visited a page, helping us measure campaign effectiveness and user engagement.
Local Storage: Browser-based storage that enables more complex features and can improve performance by reducing server requests.
Device Fingerprinting: Technical information about your device that helps us detect fraud and ensure account security.

Your Cookie Choices

You're not powerless against tracking. You can:

Browser Controls: Most browsers let you view, manage, and delete cookies through their settings panel. You can block cookies entirely, though this may break functionality on many websites.
Preference Center: Our cookie preference center lets you select which non-essential cookies you're comfortable with, giving granular control over your privacy.
Do Not Track Signals: While we respect the intent behind DNT browser settings, there's no universal standard for implementation. We focus on providing direct cookie controls instead.

The digital ecosystem continuously evolves, and so do tracking technologies. We'll update our practices to maintain transparency as these technologies develop.

Data Security and Retention

Security isn't a feature-it's a foundational element woven into every aspect of our platform. Here's how we protect your information:

Security Measures

Technical Safeguards: Industry-standard encryption (TLS/SSL) for data in transit, strong hashing algorithms for passwords, and encrypted storage for sensitive information at rest.
Access Controls: Strict role-based permissions, multi-factor authentication for staff, and least-privilege principles that limit data access to only what's needed for job functions.
Infrastructure Security: Regular vulnerability scanning, intrusion detection systems, and network monitoring to identify and address potential threats before they become problems.
Compliance Programs: Our security practices align with frameworks like SOC 2, ensuring independent verification of our controls and processes.
Employee Practices: Regular security training, background checks for staff with data access, and clear procedures for handling sensitive information.

No security system is impenetrable-ask any honest security professional. We continuously evaluate and strengthen our defenses against emerging threats, but cannot guarantee absolute security in a connected world.

Data Retention

We don't keep your data forever. Our retention practices balance business needs, legal requirements, and privacy principles:

Active Accounts: We retain your personal information as long as you maintain an active account, plus a reasonable period to handle potential reactivation requests.
Inactive Accounts: After extended inactivity periods (typically 24 months), we begin anonymizing or deleting unnecessary personal information.
Legal Obligations: Some information must be retained for specific periods to comply with tax, employment, or other regulations—these requirements override our standard retention periods.
Anonymized Data: We may retain anonymized statistical information indefinitely, as it no longer identifies individuals and helps us improve our services.

You can request deletion of your information at any time (subject to legitimate retention requirements), and we'll honor valid requests promptly.

Data Deletion Practices

When we delete data, we follow secure processes:

Soft Deletion: Initially, data may be marked as deleted but retained in backup systems for disaster recovery purposes.s.
Hard Deletion: After backup retention periods expire (typically 30-90 days), information is permanently removed from our systems.
Physical Media: When hardware reaches end-of-life, we use certified destruction services to ensure data cannot be recovered from physical media.

Your Privacy Rights

Privacy isn't just about what we do with your data-it's about the control you maintain over your information. Depending on your location and applicable laws, you may have some or all of these rights:

Universal Rights

Regardless of where you're located, you can:

Access Your Data: Request a copy of the personal information we hold about you. No more black boxes-see exactly what we've collected.
Correction Rights: Update inaccurate or incomplete information to keep your records current and accurate.
Communication Preferences: Opt in or out of marketing communications while still receiving essential service notifications.
Account Closure: Terminate your relationship with us, triggering applicable data deletion processes subject to legitimate retention requirements.

Enhanced Rights Under Specific Regulations

Depending on applicable laws in your jurisdiction, you may have additional rights:

Right to Deletion: Request that we erase your personal data when it's no longer needed, subject to legal retention requirements.
Data Portability: Receive your data in a structured, machine-readable format that you can transfer to another service provider.
Objection to Processing: Contest our use of your information based on legitimate interests and require us to demonstrate compelling grounds for continued processing.
Automated Decision Review: Request human intervention when significant decisions are made solely by automated systems.

How to Exercise Your Rights

We've made the process straightforward:

Self-Service Options: Many privacy actions can be performed directly through your account settings without waiting for our team's assistance.
Privacy Request Form: For more complex requests, use our dedicated privacy request form available on our website
Contact Our Team: Email privacy@recruitbpm.com with your request, and we'll respond within legally required timeframes (typically 30 days or less).

While we strive to honor all legitimate requests, in some cases legal obligations may require us to retain certain information. We'll explain any limitations clearly if we cannot fully fulfill your request.

Special Provisions for Various Jurisdictions

Privacy laws vary worldwide, creating a patchwork of requirements. Here's how we address key regulations affecting our users:

European Union (GDPR)

For users in the European Economic Area, Switzerland, and the UK:

Legal Basis for Processing: We process your data under one of six lawful bases: consent, contractual necessity, legal obligations, vital interests, public interest, or legitimate interests. We'll identify which applies to each processing activity.
Data Transfer Mechanisms: When transferring your data outside the EEA, we use Standard Contractual Clauses, adequacy decisions, or other approved mechanisms to ensure equivalent protection.
Right to Lodge Complaints: You can contact your local data protection authority if you're unsatisfied with our response to your privacy concerns.
Data Protection Officer: You can contact our DPO at dpo@recruitbpm.com with questions specific to GDPR compliance.

California (CCPA/CPRA)

California residents enjoy these specific protections:

Right to Know: You can request disclosure of categories and specific pieces of personal information collected, including the sources, purposes, and categories of third parties with whom we share it.
Do Not Sell My Personal Information: Although we don't "sell" personal information in the traditional sense, certain data sharing may qualify under CCPA's broad definition. You can opt out of these practices.
Limited Non-Discrimination: Your privacy choices won't result in discriminatory treatment, though some features may be unavailable without certain data.
Authorized Agents: You may designate an authorized agent to submit requests on your behalf, subject to verification requirements.

Other US State Laws

As privacy regulations evolve across the United States:

Virginia: Under VCDPA, residents have rights to access, delete, correct, and opt out of certain processing activities.
Colorado: CPA provisions grant similar rights with enforcement beginning July 1, 2023.
Connecticut, Utah, and Beyond: We monitor emerging state privacy laws and extend applicable rights to residents of those states.

Canada

Under PIPEDA and provincial laws, Canadian residents have:

Meaningful Consent Requirements: We obtain explicit consent for collection, use, or disclosure of personal information except where implied consent is appropriate.
Limited Collection Principle: We collect only the information necessary for identified purposes.
SMS Compliance: Our SMS messages comply with Canada's Anti-Spam Legislation (CASL) requirements.

Global Compliance Approach

Rather than maintaining entirely separate privacy systems for each jurisdiction, we generally extend the highest level of protection to all users where technically and legally feasible, regardless of location. Privacy rights shouldn't depend on geography.

SMS Communications Policy

Text messaging provides an immediate connection between us and our users. Here's how we handle SMS communications:

Purpose of SMS Communications

We use SMS messaging for specific operational purposes:

Verification: Confirming account access, authenticating login attempts, and verifying identities through one-time passcodes.
Time-Sensitive Notifications: Alerting you to urgent matters like interview schedule changes, job application updates, or critical system notifications.
Operational Updates: Communicating important information about your account, service changes, or scheduled maintenance.
Recruitment Process Updates: Sending updates about job applications, interview scheduling, onboarding steps, and other recruitment-related activities.

Important Notice: SMS opt-in or phone numbers for the purpose of SMS are not being shared with any third party and affiliate company for marketing purposes.

Consent and Control

Your communication preferences remain in your hands:

Explicit Opt-In: We obtain clear consent before sending any SMS messages, explaining the message types you'll receive and approximate frequency.
Easy Opt-Out: Every message includes simple instructions to stop receiving SMS communications, typically by replying "STOP" or clicking an included link.
Preference Management: You can modify your SMS preferences through your account settings without affecting other communication channels.

Message Frequency and Timing

We respect your time and attention:

Limited Volume: SMS messages are reserved for important communications, not routine marketing.
Reasonable Hours: Unless critically urgent, messages are sent during business hours in your time zone.
Clear Identification: All messages clearly identify RecruitBPM as the sender so you know who's contacting you.

Standard Rates Apply

Message and data rates may apply based on your mobile carrier plan. We don't charge for sending SMS messages, but your carrier might. Check your mobile plan for details.

Children's Privacy

Our Services are designed for adults in professional contexts. We do not knowingly collect information from children under 16. If you're under 16, please don't use our Services or provide any personal information.

If we discover we've inadvertently collected data from a child under 16, we'll promptly delete it. Parents or guardians who believe we might have collected information from a child should contact us immediately at privacy@recruitbpm.com.

Changes to This Privacy Policy

The privacy landscape constantly evolves, and so does this policy. When we make significant changes, we'll notify you through:

On-Site Notifications: Prominent notices on our website and platform
Email Communications: Direct messages to the email associated with your account
Effective Date Updates: Revision dates at the top of this policy

Minor changes may happen without notification, so we encourage periodic review of this page. Your continued use of our Services after policy updates constitutes acceptance of the revised terms.

Contact Us

Questions about your data? Concerns about our practices? We're here to help:

email: privacy@recruitbpm.com
Postal Mail: RecruitBPM LLC. 7505 Metro Blvd Suite 510 Edina, MN 55439
Phone: +1-952-548-6629

For data subjects in the EU, our Data Protection Officer can be reached at privacy@recruitbpm.com. We're committed to addressing your concerns promptly-typically within 30 days for formal privacy requests and much faster for general inquiries.