This Privacy Statement was last updated on November 23, 2022.
PrismHR respects your privacy and is committed to protecting it through our compliance with this Privacy Statement.
This Privacy Statement (“Privacy Statement”) describes the policies and procedures of PrismHR, Inc. and its subsidiaries (collectively, “PrismHR”, “we”, “us”, or “our”) relating to:
- How we may collect, use, access, correct and disclose personal information PrismHR may collect from individuals who use or interact with Services (as defined below) (“you” or “your”);
- What information we may collect when you visit PrismHR websites (such as https://www.prismhr.com, https://prismhrlive.prismhr.com, https://info.prismhr.com, https://www.worklogiceps.com), use our mobile application, as well as other customized subdomains, content, media, solutions, portals, platforms, software, clientspace.net sites , the services you may purchase or receive from PrismHR, and any offline interaction with PrismHR (collectively, “Services”);
- What choices and rights you have in protecting your personal information and manage the use of your personal information.
Where applicable, a separate agreement may govern the delivery, access and use of the Services (the “Client Agreement”), including the processing of personal information and data submitted through employer-based accounts (each a “Client”). The Client that entered into the Client Agreement with PrismHR may authorize us to collect, process and store your personal information and associated Client data. If you have questions about specific platform settings or what information PrismHR has been authorized by a Client to process on your behalf, you may contact PrismHR at the contact information in this notice or your Client administrator for the platform or Services applicable to you and the collection of your personal information.
Please read this Privacy Statement carefully to understand our practices regarding your information and how we will treat it. If you do not agree with the terms, do not access or use our Services or any other aspect of PrismHR’s business. This Privacy Statement may change from time to time (see the “Changes to Our Privacy Statement” section below) so please check the Privacy Statement periodically for updates.
Children Under the Age of 16. Our Services are not intended for children under the age of 16. We do not knowingly collect or solicit personal information from children under 16. If you are under the age of 16, do not use or provide any information on our Services. If you believe we have any information collected or solicited from a child under the age of 16, please contact us (see the “Contact Us” section below).
1. What Personal Information Do We Collect?
Information you or our Clients provide to us voluntarily. In general, you can visit our websites without providing any information other than the information we collect automatically. There are times, however, when we may need information from you or our Clients. You may choose to give us personal information in a variety of situations. For example, we may collect your name, address, email address, telephone number, billing and financial information, or other information you may provide when you engage with our Services, when you submit a form to contact us, when you register for an event, or request a white paper or other information from us. If you contact us, we maintain records of your correspondence, including your address or email address. We also maintain any information you provide if you participate in one of our surveys.
When providing certain Services, we collect information under the direction of our Clients. The Client Agreement may govern the delivery, access, and use of the Services, including the processing of personal information and data submitted through Client accounts. The Client (e.g., your employer) controls their platform instance and any associated Client data as described in the Client Agreement between us and Client. If you have any questions about specific platform settings, the processing of personal information in the platform, or its privacy practices, please contact your employer. We will use Client data in accordance with the Client’s instructions, the applicable terms in the Client Agreement, the Client’s election of various Services functionalities, this Privacy Statement, and as required by applicable law. In such cases, we act as a service provider at the direction of the Client.
If you choose not to provide us with certain information, you may not be able to take advantage of certain features of our Services.
We may also ask for your personal information when you express an interest in employment opportunities by submitting an application through our website. The information we collect will be apparent at the time you are submitting your application and we will use this information to review, verify, and evaluate your candidacy for a position at PrismHR. Notice of the categories of information collected and the purposes for which the categories of personal information will be used is included on our application form.
Personal information you or our Clients provide to us through the Services or otherwise includes:
- Contact Data, such as your first and last name, email and mailing addresses, phone number, professional title and company name.
- Profile data, such as your username and password that you may set to establish an online account with us and any content uploaded to the Services (such as text, images, along with the metadata associated with the files you upload).
- Registration data, such as information that may be related to a service, your account or an event you register for.
- Communications, such as information you provide when you contact us with questions, feedback, or otherwise correspond with us online.
- Transaction data, such as information about payments to and from you and other details of products or services you have purchased from us.
- Usage data, such as information about how you use the Services and interact with us, including information associated with any content you upload to the websites or otherwise submit to us, and information you provide when you use any interactive features of the Services.
- Marketing data, such as your preferences for receiving communications about our activities, events, and publications, and details about how you engage with our communications.
- Other information that we may collect which is not specifically listed here, but which we will use in accordance with this Privacy Statement or as otherwise disclosed at the time of collection.
Information we collect automatically. As you navigate through and interact with our Services, we may use automatic data collection technologies to collect certain information about your browsing actions, equipment, and patterns including details of your visits to our Services and information about your computer and internet connection, including your IP address or device identifier, operating system, and browser type.
The information we collect automatically may include personal information, and we may maintain it or associate it with personal information we collect in other ways or receive from third parties. This helps us to improve our Services and deliver a more personalized experience by, for example, storing information about your preferences, allowing us to customize our Services according to interests, speed up your searches, and/or recognize you when you return to our Services, improve the content of our Services, provide you with tailored information about our services, provide you with tailored advertisements, and compile reports and analyze how well our Services and services are performing. We do not respond to Do Not Track (“DNT”) signals sent to us by your browser at this time. To learn more about how DNT works, please visit http://allaboutdnt.com/.
The following sets out how we may use different categories of Cookies:
|Type of Cookies||Description|
|Essential Cookies||Essential Cookies are necessary for us to operate and secure our Services. Without these essential Cookies, you cannot access core services on our Services, such as moving around the Services, accessing secure pages, or using certain essential features.
Use Cases: We set these essential Cookies to enable (i) services that you specifically request for, such as setting your privacy preferences, logging into your account, or filling in forms, or (ii) core functionalities, such as security, network management, and accessibility. In some cases, essential Cookies allows the Services to recognize you as you navigate between pages during a single browser session, such as items placed in an online shopping basket or information inputted in a webform. Using these essential Cookies allows you to use the Services, process transactions, or raise requests most efficiently. Certain types of essential Cookies that “remember” content are temporary and deleted from your devices when your web browser or login closes.
Purposes: “Business Purpose” under the California Privacy Laws (as defined in the “Your California Privacy Rights” section below).
|Functionality Cookies / Preference Cookies||Functionality Cookies (aka preference Cookies) allow us to remember certain user information and choices and to adapt the way we optimize your visits to the Services, such as your username, language, region, text size, fonts and other parts of web pages that you can customize.
Use Cases: In some cases, functionality Cookies allows the Services to (i) remember you so that you don’t have to log in every time you use our Services, or (ii) provide enhanced, more personal features. We may use local shared objects, also known as “Flash Cookies,” to store your preferences or display content based upon what you view on our Services so that we can personalize your visit. These functionality Cookies remain stored on your devices until they expire or are deleted by you.
Purposes: “Business Purpose” under the California Privacy Laws.
|Performance Cookies/ Statistics Cookies /||Performance Cookies (aka statistics Cookies) collect information about how you use our services. Their sole purpose is to improve website functions. This includes Cookies from third-party analytics services as long as the Cookies are for the exclusive use of the owner of the website visited.
Use Cases: We and our service provider may use performance Cookie to count visits to our Services, analyze which pages you go to most often, and how many error messages from certain pages to measure and improve the Services’ performance. These performance Cookies do not collect information that individually identifies you. All information these performance Cookies collect is aggregated and anonymized. It is only used to improve how our services functions and performs. These Cookies include, for example, Google Analytics cookies.
Purposes: “Business Purpose” under the California Privacy Laws.
|Targeting or Advertising Cookies.||Targeting or advertising Cookies deliver advertisements (“ads”) that may be more relevant to you and your interests. They may be 1st Party Cookies or 3rd party Cookies placed by us, by our service providers on our behalf, or by third party business partners with our permission.
Use Cases: We or our service providers may use targeting or advertising Cookies to track how you visit our Services, browse pages on the Services, and click on certain links. These Cookies help measure the effectiveness of our advertising campaigns. We may also allow our third party business partners to use targeting or advertising Cookies on the Services for similar purposes. They also perform functions, such as preventing the same ads from continuously reappearing, ensuring that ads are properly displayed, and in some cases selecting ads that are based on your interests.
We use targeting or advertising Cookies to make our Services and the marketing messages more relevant to your interests. We may also share this information with our service providers for this purpose. Occasionally we advertise our services and our Services to our customers who are on social networks. Therefore, we allow Cookies from certain social networks so that you can share content that you view on our page through these social networks and so that such social networks can serve you ads on our behalf. These Cookies can track your browser across other websites or platforms. These social networks that generate these Cookies, e.g., Instagram, LinkedIn, Twitter, have their own privacy policies, and may use their Cookies to target advertising to you on other websites, based on your visit to our Services.
Purposes: “Business Purpose” as defined under the California Privacy Laws.
Additional information is provided below about how to disable Cookies or manage the cookie settings for some of the leading web browsers (PLEASE NOTE: these third party links are provide for your convenience, and we may not actively monitor the content of these links):
We do not control these third parties’ content, tracking technologies, or how they may be used. If you have questions about an advertisement or other targeting content, you should contact the responsible provider directly.
- Google Analytics and Google Ad Services. To assist us with analyzing the traffic to our Services through cookies and similar technologies, we use analytic services, including Google Analytics. For more information on Google Analytics’ processing of your personal information, please see “How Google uses data when you use our partners’ sites or apps”.
- Log File Information. When you use the Services, our servers automatically record personal information, including IP Address, browser type, referring URLs (e.g., the site you visited before coming to the Services), domain names associated with your internet service provider, information on your interaction with the Services, and other such information (collectively, “Log File Information”). We may also collect similar information from emails sent to you which then help us track which emails are opened and which links are clicked by recipients. We use Log File Information collected from our implementation of the Services to improve the functionality and content of the Services, and to secure the services by identifying potential threats and vulnerabilities.
2. How Do We Use Your Personal Information?
Ways we use your personal information include:
- PrismHR will use personal information provided to respond to inquiries, support requests, and to contact you in connection with our Services and to provide services under the Client Agreements.
- PrismHR may use personal information you provide when registering for a conference or event or when accessing our Services related to a conference or event to: enable you to attend our events; plan, coordinate, and host such events; analyze your interests in and interactions with the event; post photos and recordings of the event online through our Services or social media sites; populate online attendee profiles on event mobile applications and allow you to participate in social forums on these platforms if you opt-in to such participation; and provide sponsors or partners a conference attendee list if you opt-in to share such information.
- PrismHR may use personal information for marketing purposes to contact you about our own or third party products and services that may be of interest to you. PrismHR may use information provided or collected from your visits to our Services to deliver content and product and service offerings relevant to your interests, including targeted offers through our Services, and via email.
- If you have applied for a job with us, we may use your personal information to consider and act upon your application.
- If you visit our offices, you may be required to register as a visitor and provide certain personal information including your name and email address.
- PrismHR may receive information about you from other sources, including from third parties (for example, from professional networking sites, or from third-party lists that we purchase, where legally permitted). We may combine this information with information provided by you which helps us to update and expand our records, identify new customers, and tailor our advertising and marketing communications.
Additionally, we may use your personal information for the following purposes:
- Help maintain the safety, security, and integrity of our Services, products or services, databases and other technology assets, and business.
- Comply with legal, reporting and regulatory requirements.
- Notify you about changes to our Services.
- Fulfill any other purpose for which you provide it or for which you consent.
- Acquire aggregated data;
PrismHR also provides integrations with a number of third party products and services via APIs. PrismHR cannot access your data in these services unless you or our Clients explicitly authorize access. If authorization is granted, PrismHR uses its access to interact with the third party products and provides added value to you by making the product features and functionality more robust.
If you are submitting information on behalf of a third party (for example, registering a fellow employee for a webinar or conference), PrismHR expects that you have received appropriate consent, according to applicable privacy laws, before transferring any personal information to PrismHR.
3. Your California Privacy Rights
If you are a California resident, California data privacy and protection laws and regulations (“California Privacy Laws”) may provide you with additional rights regarding our use of your personal information. To learn more about your California privacy rights, click here.
4. How Do We Disclose Your Personal Information?
We may disclose aggregated and identified information without restriction. We may share your personal information with the following categories of parties:
- Vendors and Business Partners. We may share your personal information with our vendors and business partners to the extent required to fulfill the purposes set forth in our contract with them so that they may provide the contracted services on our behalf (for example, data storage, hiring purposes, detecting security incidents or protecting against fraudulent or illegal activity, debugging or repairing functionality of our systems, or providing marketing or analytical services). We take commercially reasonable steps to ensure our service providers deliver at least the same level of protection for personal information as we do and only use personal information for the purposes of performing our contracts with them and for no other purposes.
- With your consent. We may share your personal information with your consent, PrismHR may share personal information you provide to us as part of an event or conference registration process with event sponsors or partners that wish to connect with you. If you are contacting us in your role as an employee of a company or other entity, PrismHR may also share your personal information with third parties to market their products or services to you with your consent.
- Law Enforcement, Government Agencies, and Courts. We may disclose your information (including personal information) if we believe in good faith that we are required to do so in order to comply with an applicable law, a subpoena, a search warrant, a court or regulatory order or other valid legal process or lawful requests by public authorities, including to meet national security or law enforcement requirements. We also reserve the right to access, read, preserve and disclose any information as we reasonably believe is necessary to protect our rights, property or safety.
- Companies Involved in Mergers and Acquisitions Transactions. We may share your personal information with a buyer or other successor in the event of a merger, divestiture, restructuring, bankruptcy, reorganization, dissolution, or other sale or transfer of some or all of PrismHR’s assets, where personal information held by PrismHR about our Website users is among the assets transferred.
5. What Choices do I have?
You have choices regarding the personal information you provide to us. The following mechanisms give you control over your personal information:
- Cookies and Tracking Technologies. Please see the “Information we collect automatically” subsection above under “What Personal Information Do We Collect” section above).
- Disclosure to Third-Parties. If you do not want us to share your information with third parties for promotional purposes, you can choose not to submit your information on the form giving us permission to share your information, you can opt-out of our sharing your information by checking the relevant box located on the form on which we collect your data, or when contacted by us, you can opt-out of being further contacted by us or tell us you do not want us to share your information with any other party.
- Electronic Communications. If you are on our mailing list, you may remove yourself from the mailing list at any time by following the unsubscribe instructions found on our emailed newsletters and communications (see https://info.prismhr.com/en-us/set-your-subscription-preferences). To provide you information regarding the Services, our products and services, we may send you promotional materials or other information via email (“Email Communications”). You may choose to stop receiving Email Communications by clicking on the conspicuous “Unsubscribe” link located at the bottom of any email we send to you. Please note that certain transactional Email Communications are necessary for the proper functioning and use of our product and services, and you may not have the ability to opt out of those transactional Email Communications.
We do not control third parties’ collection or use of your information to service interest-based advertising. However these third parties may provide you with ways to choose not to have your information collected or used in this way.
6. What Security Measures Do We Use?
PrismHR respects your personal information and takes commercially reasonable steps to protect it from loss, misuse, or alteration. Where appropriate, these steps can include technical measures like firewalls, intrusion detection and prevention systems, unique and complex passwords, and encryption. We also use organizational and physical measures such as training staff on data processing obligations, identification of data incidents and risks, restricting staff access to your personal information, and ensuring physical security including appropriately securing documents when not being used.
Despite these efforts to store personal information in a secure environment, we cannot guarantee the security of personal information during its transmission or its storage. Further, while we attempt to ensure the integrity and security of personal information, we cannot guarantee that our security measures will prevent third parties such as hackers from illegally obtaining access to personal information. We do not represent or warrant that personal information about you will be protected against, loss, misuse, or alteration by third parties.
Links to Other Websites. Please note that this Privacy Statement does not apply to the practices of companies that we do not own or control or to people that we do not employ or manage. Our Services may provide a link or otherwise provide access to third party websites (“Linked Sites”). We provide these links merely for your convenience. We have no control over, do not review, and are not responsible for Linked Sites, their content, or any goods or services available through the Third Party Sites. This Privacy Statement does not apply to Linked Sites, and for any data you provide to Linked Sites, you agree that you are providing at your own risk. We encourage you to review the privacy policies of any Linked Sites that you interact with.
7. How do We Retain and Delete Your Personal Information?
We keep your personal information only as long as necessary to fulfill the purposes for which it was collected and processed, including for the purposes of providing services under a Client Agreement, satisfying any legal, regulatory, accounting or reporting requirements, and as necessary to resolve disputes and enforce our agreements. In some circumstances, we may de-identify, aggregate, or otherwise anonymize your personal information consistent with applicable laws and industry standards so that it can no longer be associated with you, in which case it is then treated as non-personal information.
8. How do We address Personal information Transferred to the U.S.?
If you are using the Services outside the United States, please be aware that personal information may be transferred to, stored, and processed in the United States. Although we take steps to provide adequate safeguards, the data protection laws of the United States might not be as comprehensive as those in your country. By using the Services, you consent to your personal information being transferred to the United States for the purposes described in this Privacy Statement.
9. Changes to Our Privacy Statement
PrismHR reserves the right to change this Privacy Statement. If we decide to make changes, we will post the updated Privacy Statement on our website so you are always aware of what information we collect, how we use it, and the circumstances, if any, we disclose it. The date the Privacy Statement was last revised is identified at the top of the page. We may provide you with notice of material changes to this Privacy Statement as appropriate under the circumstances. You are responsible for ensuring that we have an up-to-date active and deliverable email address for you, and for periodically visiting our website and the Privacy Statement to check for any changes. Where required by applicable data protection laws, we will also seek your consent to any material changes that affect how we use your information. UNLESS OTHERWISE INDICATED, ANY CHANGES TO THIS PRIVACY STATEMENT WILL APPLY IMMEDIATELY UPON POSTING TO THE WEBSITE.
10. Contact Us
If you need help with unsubscribing, wish to exercise your rights, or have questions regarding this Privacy Statement, please use the form on the Contact Us page or email us at firstname.lastname@example.org or you can contact us by regular mail addressed to:
35 Parkwood Drive,
Hopkinton, MA 01748
Attn: Privacy Rights Request
Privacy Notice for California Residents
Effective date: November 23, 2022
This portion of the Privacy Statement discusses our collection and use of “personal information”, as defined under applicable California data privacy and protection laws and regulations (“California Privacy Laws”) and applies solely to all visitors, users, and others who reside in the State of California (“consumers” or “you”). The following provisions apply to our processing of information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a California consumer or his or her household (“California Personal Information”).
A. Types of California Personal Information Subject to California Privacy Laws
In accordance with California Privacy Laws, we collected the following categories of California Personal Information within the preceding 12 months:
|A||Identifiers||A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, social security number, driver’s license number, passport number, or other similar identifiers.
|B||Personal Information as defined in Cal. Civ. Code § 1798.80(e)||A name, signature, social security number, physical characteristics or description, address, telephone number, passport number, driver’s license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information (see Cal. Civ. Code § 1798.80(e)).
|C||Protected Classification||Characteristics of protected classifications under California or federal law (i.e., age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information).
|D||Commercial Information||Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.||N|
|E||Biometric Information||Genetic, physiological, behavioral, and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as, fingerprints, faceprints, and voiceprints, iris or retina scans, keystroke, gait, or other physical patterns, and sleep, health, or exercise data.||N|
|F||Internet or other similar activity||Browsing history, search history, and information regarding a consumer’s interaction with an Internet Web site, application, or advertisement.
|G||Geolocation Data||Physical location or movements.||N|
|H||Sensory Data||Audio, electronic, visual, thermal, olfactory, or similar information||N|
|I||Professional or employment related information||
|J||Non-public education information||Education information including the name or address of a student or family members, student number, date or place of birth, mother’s maiden name, handwriting, or other information that could identify a student with reasonable certainty (see 34 C.F.R. 99.3 (definitions of “personally identifiable information” and “biometric record”) and records directly related to a student maintained by an educational agency/institution, such as, grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records.||N|
|K||Inferences drawn from other PI||Profile about a consumer reflecting the consumer’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.
|L||Sensitive Personal Information||Social Security Number, Driver’s License Number, State ID or Passport Number
Racial or ethnic origin, religious or philosophical belief, or union membership
B. Disclosure of Personal Information
We may disclose your California Personal Information to a third party for a business purpose. In the preceding 12 months above and for business purposes, we have disclosed Categories A, B, C, F, I, K, L in the Table above to our (i) affiliates, (ii) service providers and contractors such as payment processing, web hosting, information technology, cloud service, data analytics, social networks, marketing and advertising, (iii) our Clients that engage our Services to collect and process your California Personal Information as our Clients’ employees in connection with providing HR solutions, (iv) other parties, which you have authorized us to disclose your California Personal Information in connection with Services made available for your use or access. In the preceding 12 months, we have not sold or shared any California Personal Information. Please see the “How do We Disclose Your Personal Information” section above to learn more about the recipients to whom we disclose your California Personal Information.
C. Processing of California Personal Information
We may collect, use, disclose, or process the categories of California Personal Information listed above to provide our Services to you or your employer, to operate, manage, and maintain our business, and to accomplish other business and commercial purposes, including the following:
i. Business Purposes
|Business Purposes||Applicability (Y/N and clarifications)|
|1. Auditing related to counting ad impressions to unique visitors, verifying positioning and quality of ad impressions, and auditing compliance with this specification and other standards.||Yes|
|2. Helping to ensure security and integrity to the extent the use of the consumer’s personal information is reasonably necessary and proportionate for these purposes.||Yes|
|3. Debugging to identify and repair errors that impair existing intended functionality||Yes|
|4. Short-term, transient use, including, but not limited to, non-personalized advertising shown as part of a consumer’s current interaction with the business.||Yes|
|5. Performing services on behalf of the business, including maintaining or servicing accounts, providing customer service, processing or fulfilling orders and transactions, verifying customer information, processing payments, providing financing, providing analytic services, providing storage, or providing similar services on behalf of the business.||Yes|
|6. Providing advertising and marketing services, except for cross-context behavioral advertising, to the consumer.||Yes|
|7. Undertaking internal research for technological development and demonstration.||Yes|
|8. Undertaking activities to verify or maintain the quality or safety of a service or device that is owned, manufactured, manufactured for, or controlled by the business, and to improve, upgrade, or enhance the service or device that is owned, manufactured, manufactured for, or controlled by the business.||Yes|
ii. Other operational purposes as notified in this California Privacy Notice that qualify as Business Purposes under the California Privacy Laws, including:
- To fulfill or meet the reason for which the information is provided;
- To provide you with information, products, or services that you request from us;
- To provide you with email alerts, event registrations and other notices concerning our products or Services, or events or news, that may be of interest to you that constitute business purposes under the California Privacy Laws.
- To carry out our obligations and enforce our rights arising from any contracts entered into between you and us, including for billing and collections.
- To operate and improve our Services and present its contents to you.
- For testing, research, analysis and product development.
- To allow you to contact us and facilitate communication with us;
- To respond to your feedback, requests, questions, or inquiries;
- To detect fraud and prevent loss, or as necessary or appropriate to protect the rights, property, or safety of us, our Users, or others;
- To respond to law enforcement requests and as required by applicable law, court order, or governmental regulations.
- As described to you when collecting your California Personal Information or as otherwise set forth in the California Privacy Laws (including advertising and marketing services).
- To evaluate, conduct or implement a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which California Personal Information held by us is among the assets transferred.
D. Your Rights and Choices
California Privacy Laws provides California consumers with specific rights regarding their California Personal Information. This section describes your rights under the California Privacy Laws and explains how to exercise those rights. In certain cases, PrismHR collects and processes California Personal Information to perform Services as a service provider for a Client in accordance with their Client Agreement. In order to respond to a verified request by you in exercising your rights under the California Privacy Laws, PrismHR may be required to provide notice to our Client of your request, and to follow our Client’s instructions as they relate to carrying out your request.
Right of Access to Specific Information and Data Portability Rights
You have the right to request that we disclose certain information to you about our collection and use of your California Personal Information over the past twelve (12) months. Once we receive and confirm your verifiable consumer request (see “Exercising Your California Consumer Privacy Rights” section below), we will disclose to you:
- The categories of California Personal Information we collected about you.
- The categories of sources from which we collect the California Personal Information about you.
- Our business or commercial purpose for collecting, selling, or sharing that California Personal Information.
- The categories of third parties to whom we disclose that California Personal Information.
- The specific pieces of California Personal Information we collected about you (also called a data portability request).
To the extent a business sells or shares California Personal Information*, a consumer shall have the right to request the business to identify, during the past 12 months:
(i) categories of Personal Information that the business sold or shared, and
(ii) categories of Personal Information disclosed for business purpose and each category of recipient
* The sale or sharing California Personal Information as defined under the California Privacy Laws is not applicable to how we collect or use your Personal Information. However, we have described this right as it is a core part of your rights as a California consumer.
Right to Deletion
You have the right to request that we delete any of your California Personal Information that we collected from you and retained, subject to certain exceptions and as permitted under the California Privacy Laws. Once we receive and confirm your verifiable consumer request (see “Exercising Your California Consumer Privacy Rights” section below), we will delete (and direct our service providers to delete) your California Personal Information from our records, unless an exception applies.
Right to Opt-out of “Sale” and Certain “Sharing” Practices: You have the right to opt-out of certain data sharing practices with third parties, who may use your California Personal Information solely for their own purposes. Your right to opt-out is limited to information we “sell” or “share” to these third parties. “Sell” in this case does not mean providing data in exchange for money – we don’t do that. “Sell” or “sharing” instead means the disclosure or release of Personal Information, including technical device data that does not identify you directly but can be attributed back to identify you, when a third party might use that data for its own purposes, such as for personalized advertising or cross-context behavioral advertising, whether or not for monetary or other valuable consideration. You may opt out by using the “Contact Us” details in Section E below.
If you are sixteen (16) years of age or older, you have the right to direct us to not sell your California Personal Information at any time (the “right to opt-out”). Our business, as a business-to-business (“B2B”) provider, is targeted to business professionals. Therefore, we do not knowingly collect or sell the California Personal Information of consumers we actually know are less than sixteen (16) years of age. Consumers who opt-in to California Personal Information sales may opt-out of future sales at any time.
Right to Correct. You have the right to correct inaccurate Personal Information under the new California Privacy Right Act (“CPRA”) effective January 1, 2023. Our goal is to keep your Personal Information accurate, current and complete. If you believe your Personal Information is not accurate (other than the one listed on your account, which you may modify at any time), you may submit a request by using the “Contact Us” details in Section E of this Privacy Notice for California Residents.
Right to Limit Use and Disclosure of Sensitive Personal Information. In cases where we collect “sensitive personal information” as defined under California Privacy Laws, you have a right to limit the use of sensitive personal information to uses necessary to perform services or provide goods reasonably expected by an average consumer.
Right to Non-Discrimination: We will not discriminate against you, in terms of price or services that we offer, if you submit one of the rights requests listed above. Unless permitted by California law, we will not:
- Deny you goods or services;
- Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties;
- Provide you a different level or quality of goods or services; or
- Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.
As required under applicable law, please note that we will take steps to verify your identity before granting you access to such California Personal Information or acting on your request to exercise your rights. We may limit our response to your exercise of the above rights as permitted under applicable law. When you submit a request to exercise your rights above, we will use the information you provide to process your request and to maintain a record of your request and our response, as permitted under applicable law. To exercise the rights described above, please submit a verifiable consumer request to us by via methods provided below. When doing so, please tell us which right you are exercising and provide us with information to verify your identify and contact information to direct our response.
E. Contact Us
- Calling us at 1-877-365-3853
- Emailing us at email@example.com
- Sending mail to us at: PrismHR, Inc., 35 Parkwood Drive, Suite 200, Hopkinton, MA 01748; Attn: CCPA Privacy Rights Request
Under California Privacy Laws, you may designate an authorized agent to make a request on your behalf. You may make such a designation by providing the agent with written permission to act on your behalf. We will require the agent to provide proof of that written permission. As permitted by law, we may require you to verify your own identity in response to a request, even if you choose to use an agent.