Privacy Policy
For your convenience our Policy is divided into the following sections
-
Privacy Policy
- Introduction
- Terms used in this Policy
- Who are we and how to contact us?
- Principles of the personal data processing
- What data, for what purposes, how long, and based on what grounds do we process as a Controller?
- What data, for what purposes, how long, and based on what grounds do we process as a Processor?
-
How we process your data?
- Candidates
- Applicant data origination
- Huntflow users independently enter data from different sources:
- Processing of special categories of personal data
- Processing of children’s personal data
- Processing of personal data relating to criminal convictions and offences
- The existence of automated decision-making
- Who do we share your data with?
- Cookies
Introduction
We are Huntflow (Huntflow AM LLC, Address: Armenia, Yerevan, Arabkir, 36 Manushyan, TIN: 08214848) (Huntflow, Company). Huntflow respects your privacy and is committed to protecting it in accordance with applicable laws and using generally-accepted industry practices. We only use your data for its stated purpose. This Privacy Policy explains who we are, how we collect, share, and use personal information about you, and how you can exercise your privacy rights.
If you have any questions or concerns about Huntflow’s collection and use of your personal data, please contact us using the contact details provided below.
Terms used in this Policy
Personal data — any information related to a natural person (data subject). For example, personal data are surname, e-mail or phone number.
Processing — actions performed with personal data, including: collecting data from data subject/ from another data subject; Facebook, LinkedIn; client internal databases with resumes of candidates, recording this data to our systems (record) and keeping this data so that Company don’t lose it (storage), using data to collection, recording, storage, destruction, clarification (updating, changing), erasure, transfer (distribution, provision, access), modification of data when Company receives new information from users (modification), deletion of data when the purpose of its processing is achieved (deletion), transfer data to another counterparties (transfer).
Counterparty — a person (natural or legal) with whom Company cooperates under the contract for achieving the personal data processing activities purposes.
International transfer of personal data — transfer of personal data to a foreign state that encompasses such activities as collecting from the user their data and transferring it to another state for processing as well as transfer of such data to our counterparties located in other states for achieving processing purposes.
GDPR — Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).
Who are we and how to contact us?
This Privacy Policy explains how personal data is processed by Huntflow. You can write to us: office@huntflow.ai
Huntflow is developer of the Huntflow software (Huntflow, Software) that enables recruiters to better work with candidates’ resumes.
If you have questions, please contact the privacy team at huntflow.ai or the support team at privacy@huntflow.ai
Principles of the personal data processing
We adhere to the following principles when processing personal data:
| Principles of the personal data processing | Article of the GDPR | Exercise of the right |
|---|---|---|
| Lawfulness, fairness and transparency: Personal data shall be processed lawfully, fairly and in a transparent manner in relation to the data subject | Article 5(1)(a) of the GDPR | The processing of personal data is carried out in a lawful, fair and in a transparent manner in relation to the data subject. We process personal data only if there are appropriate legal basis. In addition, we notify the data subjects about the processing of their personal data in a timely, clear and accessible manner. When we use a consent as a legal basis for personal data processing, we take necessary steps to ensure that a consent will be given freely and unambiguously for one or several specific processing activities after providing an adequate information to a data subject |
| Purpose limitation: Personal data shall be collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall, in accordance with Article 89(1), not be considered to be incompatible with the initial purposes | Article 5(1)(b) of the GDPR | The processing of personal data is limited to the achievement of specific, predetermined (explicit) and legitimate purposes. We do not process personal data in any way incompatible with the purposes of its collection |
| Data minimisation: Personal data shall be adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed | Article 5(1)© of the GDPR | The content and volume of personal data are consistent with the stated processing purposes. We have identified the minimum volume of personal data necessary to achieve the purposes of processing personal data |
| Accuracy: Personal data shall be accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay | Article 5(1)(d) of the GDPR | When processing personal data, we ensure the accuracy, sufficiency and relevance of personal data. We assess the reliability of the source of personal data, as well as respond to requests from the data subjects to rectify their personal data |
| Storage limitation: Personal data shall be kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1) subject to implementation of the appropriate technical and organisational measures required by this Regulation in order to safeguard the rights and freedoms of the data subject | Article 5(1)(e) of the GDPR | We store personal data in a form that allows to identify the data subjects for no longer than it is required for the purpose of processing personal data, unless the retention period is established by applicable law. Upon achievement of the purposes of processing personal data we delete the relevant personal data |
| Integrity and confidentiality: Personal data shall be processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures | Article 5(1)(f) of the GDPR | When processing personal data, we ensure the availability, authenticity, integrity and confidentiality of personal data, and apply the necessary organizational and technical measures to protect personal data |
| Accountability: The controller shall be responsible for, and be able to demonstrate compliance with, paragraph 1 | Article 5(2) of the GDPR | We are responsible for the compliance of our personal data processing activities with the principles indicated above within the framework of the applicable legislation in the field of processing and security of personal data |
What data, for what purposes, how long, and based on what grounds do we process as a Controller?
| Purpose of Processing | Data Subjects: Categories of Data | Storage Period | Grounds | Third parties |
|---|---|---|---|---|
| Registration of client representatives in order to provide demo access to users | Our potential customers and their representatives:Email address, Full name, contact phone number, employer company name | until the termination of a contract in case it is concluded and within the terms specified by contract | Contract | Hetzner Online GmbH |
| Providing access to Huntflow with the role of administrator | Our customers and their representatives:Full name, email address, contact phone number, name of the employer company | until the termination of a contract and within the terms specified by contract | Contract | Hetzner Online GmbH |
| Behavioral analytics of Huntflow website users and Huntflow users | Our website users:Internet Protocol address (IP address), browser type and language, information about the Internet service provider, sending and exiting pages, information about the operating system, date and time stamps,information about visits | Limited by the validity period of cookies | Consent | Hetzner Online GmbH Yandex. Metrica Facebook Pixel VKONTAKTE Mail.ru My Goal Active campaign |
| Notification of software users about changes related to the use of the software by sending technical letters | Our customers: Email address | before refusal of the Email | Consent | Hetzner Online GmbH |
| Communication with subscribers by sending news and Email marketing | Our subscribers:email address | before refusal of the sending news and Email marketing | Consent | Hetzner Online GmbH |
| Support for Huntflow user accounts | Our users: Email address, Full name, phone number | until the termination of a contract | Contract | Hetzner Online GmbH |
| Safety and security | Our users:IP, User-Agent, time of login | 30 days | legitimate interest | The data is not transferred to third parties |
What data, for what purposes, how long, and based on what grounds do we process as a Processor?
| Purpose of Processing | Data Subjects: Categories of Data | Storage Period | Grounds | Third parties |
|---|---|---|---|---|
| Providing access to Huntflow to users with the role of a recruiter or customer at the request of a user with the role of administrator | Our customers and their representatives: Full name, email address, contact phone number, name of the employer company | until the termination of a contract and within the terms specified by contract | Contract | Hetzner Online GmbH |
| Scheduling tasks using a third-party service | Customer’s candidates: Login and password from the MS Exchange/Gmail account, contact list | until the termination of a contract and within the terms specified by contract | Contract | Hetzner Online GmbH |
| Communication of recruiters with candidates from the Software interface using the integrations provided in the Software | Our customers\ customers candidates: 1) Login and password from the MS Outlook/Gmail account, contact list, data on sent and sent emails with candidates 2) Full name, phone number, user name 3) clarify 4) API ID and key, Full name, email address, contact phone number of the candidate, date and time of the interview, name of the interviewee, duration of the interview, link to view, calendars data, information about contacts and resources (meeting rooms), information from letters (topic and identifier, texting with the candidate) and settings that cached and periodically synchronised with the data in Google Calendar for the creation and alteration of the events 5) ID, phone number and status of the sent message; Information about calls (date and time, the recipient of the call, the duration of the call, the status of the call — "got through"/"I didn’t get through"), Information about messages (message text, date and time of sending the message, the recipient of the message) 6) ID and API key (via OAuth2) |
until the termination of a contract and within the terms specified by contract, applicable to calendar data until the cancellation of the event or it’s removement from the calendar | Contract | 1) MS Outlook/Gmail 2) Telegram 3) Quick Telecom, MyTarget, Rapporto 4) VCV 5) Zoom Meetings 6) Google Meet 7) Microsoft Teams |
| Selection of candidates by recruiters using the functionality of the Software | customers candidates: Full name, phone number, email address, resume | until the termination of a contract and within the terms specified by contract | Contract | Hetzner Online GmbH |
| Notifying Software users about changes related to candidate vacancies by automatically sending system emails | customers candidates: Email address, full name of the client candidate | until the termination of a contract and within the terms specified by contract | Contract | The Rocket Science Group, LLC |
How we process your data?
Candidates
We do not manipulate information about the candidates added by Huntflow users to the system.
We only process such information on instructions from our users acting as a controller. We do this based on the contract signed with the user or its employer. The users determine what information about the applicants they require, how long and in what ways they will use it.
For our part, we do everything to help our users comply with the principles of lawful processing of personal information in accordance with GDPR and to respect the applicants’ rights. Here we share the information about ways Huntflow can help our users comply with all of GDPR requirements.
Applicant data origination
Huntflow users independently enter data from different sources:
- from their internal databases;
- from the database of other job services provided by the user or its employer;
- from publicly available sources, applicants’ social media accounts;
- by downloading information from the sites where applicants publish their CVs and other data, such as LinkedIn, HeadHunter and others.
Processing of special categories of personal data
We do not process special categories of personal data.
Processing of children’s personal data
We do not offer of information society services to a child (up to the age of 16 years).
Processing of personal data relating to criminal convictions and offences
We do not process personal data containing information about the administrative offences and criminal record.
The existence of automated decision-making
We do not make any automated decisions about you that would result in legal or other similarly significant effects on you.
Who do we share your data with?
We use third-party service providers to help us provide portions of the Huntflow software and give support. Examples of these third parties include public cloud storage vendors, carriers, our payment processor, and our service provider for managing client support tickets.
They only receive data needed to provide their services to us. We have agreements with our service providers that say they cannot use any of this data for their own purposes or for the purposes of another third party.
We prohibit our service providers from selling data they receive from us or receive on our behalf.
We require service providers to use data only in order to perform the services we have hired them to do (unless otherwise required by law). For example, we may use a company to help us provide client support. The information they may receive as part of providing that support cannot be used by them for anything else.
Acting as a Controller we share your data with the following processors:
| Processors, their Location and the Link to Privacy Policy / Website if applicable | Country of establishment | Purpose of Transfer | The role of the service provider |
|---|---|---|---|
| Hetzner Online GmbH Address: Industriestr. 2591710 Gunzenhausen Hetzner Privacy Policy |
Germany | Hosting provider | Processor |
| Google Inc. Address: Google, Google Data Protection Office, 1600 Amphitheatre Pkwy, Mountain View, California 94043, USA Google Privacy Policy |
USA Country does not guarantee sufficient levels of personal data protection according to Chapter 5 of GDPR |
Email Service Provider | Processor |
| Meta Platforms, Inc. Address: 1601 Willow Road, Menlo Park, CA 94025, USA Meta Privacy Policy |
USA Country does not guarantee sufficient levels of personal data protection according to Chapter 5 of GDPR |
Web Analytics Service Provider | Processor |
| V Kontakte, LLC Address: prem. 1-N, bld. 12-14, Lit. A, Khersonskaya st., St. Petersburg, Russia, 191024 VKontakte Privacy Policy |
Russia Country does not guarantee sufficient levels of personal data protection according to Chapter 5 of GDPR |
Web Analytics Service Provider | Processor |
| The Rocket Science Group, LLC Address:675 Ponce de Leon Ave NE Suite 5000 Atlanta, GA 30308 USA Privacy Statement |
USA Country does not guarantee sufficient levels of personal data protection according to Chapter 5 of GDPR |
Marketing platform | Processor |
| MGL MY.COM LIMITED Address: 28 Oktovriou, 365 VASHIOTIS SEAFRONT, office 402 Neapoli, 3107, Limassol, Cyprus. Privacy Policy |
Cyprus | Advertising platform service | Processor |
| VCV Inc. Address: 101 Jefferson DrMenlo Park, CA 94025, USA San Francisco, CA, US 94025 Privacy Policy |
USA Country does not guarantee sufficient levels of personal data protection according to Chapter 5 of GDPR |
Computer software development | Processor |
| Voximplant Inc. Address: 150 West 25th Street, RM 403 New York City, NY 10001, United States of America Privacy Policy |
USA Country does not guarantee sufficient levels of personal data protection according to Chapter 5 of GDPR |
Integrated Communications Platform | Processor |
| ActiveCampaign, Inc. Address: Chicago, US, 1 North Dearborn St, 5th Floor, IL 60602 Privacy Policy |
USA Country does not guarantee sufficient levels of personal data protection according to Chapter 5 of GDPR |
Web Analytics Service Provider | Processor |
| Telegram Messenger LLP Address: UK, London, 71-75 Shelton Street, Covent Garden, WC2H 9JQ Telegram Privacy Policy |
UK | Messenger | Processor |
| YANDEX LLC Address: 119021, Russia, Moscow, Lev Tolstoy street, 16 Terms of Use for Yandex.Metrica Service Yandex Privacy Policy |
Russia Country does not guarantee sufficient levels of personal data protection according to Chapter 5 of GDPR |
Email Service Provider, Web Analytics Service Provider (Yandex Metrica) | Processor |
| Mail.ru Group, LLC Address: Russia, Moscow, 125167, Leningradsky prospekt 39, bld. 79 Privacy Policy |
Russia Country does not guarantee sufficient levels of personal data protection according to Chapter 5 of GDPR |
Email Marketing Provider | Processor |
Cookies
We also collect cookies data from all Huntflow users based on their contracts with our company that stipulate that we have to provide them with specified features of the Huntflow program.
Site users or Huntflow users can turn cookies off in the settings of their web browser or mobile device. However, certain Huntflow features may become unavailable to Huntflow users.
We may share this data with other services to better analyse it and improve our website and service.
Necessary cookies enable core functionality such as security, network management, and accessibility. You may disable these by changing your browser settings, but this may affect how the website functions.
Analytics cookies used for analytics help collect data that allows services to understand how users interact with a particular service. For more information on how these cookies work please see our Privacy policy.
Marketing cookies are used to target advertising to the user (behavioural targeting). They are serviced by third-party companies and track the user on websites. For more information about which cookie providers process your data, please read our Privacy policy.
Preference cookies enable a website to remember information that changes the way the website behaves or looks, like your preferred language or the region that you are in. For more information on how these cookies work please see our Privacy policy
Unclassified cookies are cookies that we are in the process of classifying, together with the providers of individual cookies.
What can you do if you do not want storing cookies to be set or want them to be removed?
You are able to withdraw the consent to store cookies by resetting cookie settings.
We automatically collect and store the following information:
- IP address,
- type of web browser and its language,
- information about Internet service provider,
- sending and exiting pages,
- information about the operating system,
- date and time stamps,
- information about visits.
We use the following cookies and tracking technologies, including cookies from our partners and service providers:
| Category | Description | Name | Provider | Duration |
|---|---|---|---|---|
| Necessary | Preserves users states across page requests. | i | yandex.ru | 10 years |
| PHPSESSID | huntflow.ai | Session | ||
|
Used to check if the user’s
|
test_cookie | doubleclick.net | 1 day | |
| Preferences | Remembers the user’s selected language version of a website | lang | ads.linkedin.com | Session |
| lang | huntflow.ai | 10 years | ||
| Determines the preferred language of the users. Allows the website to set the preferred language upon the user’s re-entry. | remixlang | vk.com | 1 years | |
| Analytics | Registers data on users’ website-behaviour. This is used for internal analysis and website optimization. | __vw_tab_guid | huntflow.ai | Session |
| Registers a unique ID that is used to generate statistical data on how the visitor uses the website. | _ga | 2 years | ||
| _gid | 1 day | |||
| _ym_retryReqs | Persistent | |||
| Used in connection with data-synchronization with third-party analysis service. | AnalyticsSyncHistory | linkedin.com | 29 days | |
| Assigns a specific ID to the visitor. This allows the website to determine the number of specific u ser-visits for analysis and statistics. | FTID | mail.ru | 1 year | |
| Registers data on users’ website-behaviour. This is used for internal analysis and website optimization. | yandexuid | yandex.ru | 1 year | |
| ymex | 1 year | |||
| Marketing | Unclassified | _fbp | huntflow.ai | 3 months |
| _ym#_lastHit | Persistent | |||
| _ym#_lsid | Persistent | |||
| _ym#_reqNum | Persistent | |||
| _ym#_reqNum | Persistent | |||
| This cookie is used to collect nonpersonal information on the user’s website behavior and non -personal visitor statistic. | _ym_d | 1 day | ||
| Registers data on user’s website-behaviour. This is used for internal analysis and website optimization. | _ym_isad | 1 year | ||
| This cookie is used to collect non-person al in formation on the user’s website behavior and non-person a visitor statistic. | _ym_uid | Persistent | ||
| Collects data on the user’s navigation and behavior on the website. This is used to compile statistical reports and heatmaps for the website owner | _ym_visorc | Persistent | ||
| Used by the social networking service, LinkedIn, for tracking the use of embedded services. | bcookie | linkedin.com | 2 years | |
| Used to check if the user’s browser supports cookies. | test_cookie | doubleclick.net | 1 day | |
| Used by LinkedIn for tracking the use of embedded services. | bcookie | linkedin.com | 2 years | |
| Used by LinkedIn for tracking the use of embedded services. | bscookie | |||
| Used by Facebook to deliver a series of advertisement products such as real time bidding from third party advertisers. | fr | facebook.com | 3 months | |
| Unclassified | i | yandex.ru | 10 years | |
| Used by Google DoubleClick to register and report the website user’s actions after viewing or clicking one of the advertiser’s ads with the purpose of measuring the efficacy of an ad and to present targeted ads to the user. | IDE | doubleclick.net | 1 year | |
| Set by LinkedIn when a webpage contains an embedded «Follow us» panel | lang | linkedin.com | Session | |
| Used by LinkedIn for tracking the use of embedded services. | lidc | 1 day |
How we respect your rights
We respect your rights:
- the right to know what data we use and how. We talk about this in our Privacy Policy. If you have any additional questions, please, get in touch with us;
- the right of access to your personal data. You can request it from us at any moment;
- the right to rectify your data, erase it, restrict its processing or object the handling of your data. You may rectify your data at any moment or erase it independently or by requesting that we do it. If you believe that we process your data unlawfully, to a greater degree than necessary or with objectives that were not originally specified, you may submit your objections against data processing or demand the restriction of data processing;
- the right of data portability. We will download and return your data to you at any moment upon your request so that you can transfer it to a different service;
- the right to recall consent for processing if we handle the data with your consent. To recall your consent, please, contact us.
If your rights have been violated, you may lodge a complaint to the oversight body of an EU member state where you permanently reside or work or where the violation took place.
Security of your personal data
When processing personal data, we take the necessary organisational and technical measures to protect personal data from unlawful or accidental access to them, destruction, alteration, blocking, copying, provision, dissemination of personal data, as well as from other illegal actions in relation to personal data.
The security of personal data is ensured by the following:
- we have assigned the responsibility for the organisation of personal data processing to a specific employee;
- we have implemented of data protection policies and measures to ensure that our personal data processing activities comply with the GDPR and the DPA (internal policies, internal allocation of responsibilities, trainings);
- we have implemented the necessary measures to protect personal data (access control, encryption, antivirus protection);
- we keep up to date the records of processing activities;
- we have organised a process of receiving and controlling the processing of data subjects requests;
- we carry out a DPIA for personal data processing activities that results a high risk to data subjects due to the nature or scope of the operation;
- we ensure data protection by design and data protection by default;
- we ensure security of third parties (controllers, processors, joint controllers);
- we control of the transfers of personal data outside the EU;
- we document personal data breaches (if any) and their consequences, investigating them, notifying the relevant parties about leaks within 72 hours, and taking measures to eliminate the consequences of personal data breaches;
- we carry out planned and unscheduled audits of personal data processing activities.
Changes to this Policy
We regularly update this Policy in case there are significant changes in the way we process your personal data. You will receive a notification prior to such significant changes become effective by email if you provided us with your email address or by pop-up notice on our website.