Privacy Policy

For your convenience our Policy is divided into the following sections

Introduction

We are Huntflow (Huntflow AM LLC, Address: Armenia, Yerevan, Arabkir, 36 Manushyan, TIN: 08214848) (Huntflow, Company). Huntflow respects your privacy and is committed to protecting it in accordance with applicable laws and using generally-accepted industry practices. We only use your data for its stated purpose. This Privacy Policy explains who we are, how we collect, share, and use personal information about you, and how you can exercise your privacy rights.

If you have any questions or concerns about Huntflow’s collection and use of your personal data, please contact us using the contact details provided below.

Terms used in this Policy

Personal data — any information related to a natural person (data subject). For example, personal data are surname, e-mail or phone number.

Processing — actions performed with personal data, including: collecting data from data subject/ from another data subject; Facebook, LinkedIn; client internal databases with resumes of candidates, recording this data to our systems (record) and keeping this data so that Company don’t lose it (storage), using data to collection, recording, storage, destruction, clarification (updating, changing), erasure, transfer (distribution, provision, access), modification of data when Company receives new information from users (modification), deletion of data when the purpose of its processing is achieved (deletion), transfer data to another counterparties (transfer).

Counterparty — a person (natural or legal) with whom Company cooperates under the contract for achieving the personal data processing activities purposes.

International transfer of personal data — transfer of personal data to a foreign state that encompasses such activities as collecting from the user their data and transferring it to another state for processing as well as transfer of such data to our counterparties located in other states for achieving processing purposes.

GDPR — Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).

​Who are we and how to contact us?

This Privacy Policy explains how personal data is processed by Huntflow. You can write to us: office@huntflow.ai

Huntflow is developer of the Huntflow software (Huntflow, Software) that enables recruiters to better work with candidates’ resumes.

If you have questions, please contact the privacy team at huntflow.ai or the support team at privacy@huntflow.ai

Principles of the personal data processing

We adhere to the following principles when processing personal data:

Principles of the personal data processing Article of the GDPR Exercise of the right
Lawfulness, fairness and transparency: Personal data shall be processed lawfully, fairly and in a transparent manner in relation to the data subject Article 5(1)(a) of the GDPR The processing of personal data is carried out in a lawful, fair and in a transparent manner in relation to the data subject. We process personal data only if there are appropriate legal basis. In addition, we notify the data subjects about the processing of their personal data in a timely, clear and accessible manner.
When we use a consent as a legal basis for personal data processing, we take necessary steps to ensure that a consent will be given freely and unambiguously for one or several specific processing activities after providing an adequate information to a data subject
Purpose limitation: Personal data shall be collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall, in accordance with Article 89(1), not be considered to be incompatible with the initial purposes Article 5(1)(b) of the GDPR The processing of personal data is limited to the achievement of specific, predetermined (explicit) and legitimate purposes. We do not process personal data in any way incompatible with the purposes of its collection
Data minimisation: Personal data shall be adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed Article 5(1)© of the GDPR The content and volume of personal data are consistent with the stated processing purposes. We have identified the minimum volume of personal data necessary to achieve the purposes of processing personal data
Accuracy: Personal data shall be accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay Article 5(1)(d) of the GDPR When processing personal data, we ensure the accuracy, sufficiency and relevance of personal data. We assess the reliability of the source of personal data, as well as respond to requests from the data subjects to rectify their personal data
Storage limitation: Personal data shall be kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1) subject to implementation of the appropriate technical and organisational measures required by this Regulation in order to safeguard the rights and freedoms of the data subject Article 5(1)(e) of the GDPR We store personal data in a form that allows to identify the data subjects for no longer than it is required for the purpose of processing personal data, unless the retention period is established by applicable law. Upon achievement of the purposes of processing personal data we delete the relevant personal data
Integrity and confidentiality: Personal data shall be processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures Article 5(1)(f) of the GDPR When processing personal data, we ensure the availability, authenticity, integrity and confidentiality of personal data, and apply the necessary organizational and technical measures to protect personal data
Accountability: The controller shall be responsible for, and be able to demonstrate compliance with, paragraph 1 Article 5(2) of the GDPR We are responsible for the compliance of our personal data processing activities with the principles indicated above within the framework of the applicable legislation in the field of processing and security of personal data

What data, for what purposes, how long, and based on what grounds do we process as a Controller?

Purpose of Processing  Data Subjects: Categories of Data  Storage Period  Grounds  Third parties
Registration of client representatives in order to provide demo access to users  Our potential customers and their representatives:Email address, Full name, contact phone number, employer company name  until the termination of a contract in case it is concluded and within the terms specified by contract  Contract  Hetzner Online GmbH
Providing access to Huntflow with the role of administrator  Our customers and their representatives:Full name, email address, contact phone number, name of the employer company  until the termination of a contract and within the terms specified by contract  Contract  Hetzner Online GmbH
Behavioral analytics of Huntflow website users and Huntflow users  Our website users:Internet Protocol address (IP address), browser type and language, information about the Internet service provider, sending and exiting pages, information about the operating system, date and time stamps,information about visits  Limited by the validity period of cookies  Consent  Hetzner Online GmbH Yandex. Metrica Facebook Pixel VKONTAKTE Mail.ru My Goal Active campaign
Notification of software users about changes related to the use of the software by sending technical letters  Our customers: Email address  before refusal of the Email  Consent  Hetzner Online GmbH
Communication with subscribers by sending news and Email marketing  Our subscribers:email address  before refusal of the sending news and Email marketing  Consent  Hetzner Online GmbH
Support for Huntflow user accounts  Our users: Email address, Full name, phone number  until the termination of a contract  Contract  Hetzner Online GmbH
Safety and security  Our users:IP, User-Agent, time of login  30 days  legitimate interest  The data is not transferred to third parties

What data, for what purposes, how long, and based on what grounds do we process as a Processor?

Purpose of Processing Data Subjects: Categories of Data Storage Period Grounds Third parties
Providing access to Huntflow to users with the role of a recruiter or customer at the request of a user with the role of administrator Our customers and their representatives: Full name, email address, contact phone number, name of the employer company until the termination of a contract and within the terms specified by contract Contract Hetzner Online GmbH
Scheduling tasks using a third-party service Customer’s candidates: Login and password from the MS Exchange/Gmail account, contact list until the termination of a contract and within the terms specified by contract Contract Hetzner Online GmbH
Communication of recruiters with candidates from the Software interface using the integrations provided in the Software Our customers\ customers candidates:1) Login and password from the MS Outlook/Gmail account, contact list, data on sent and sent emails with candidates 2) Full name, phone number, user name 3) clarify 4) API ID and key, Full name, email address, contact phone number of the candidate, date and time of the interview, name of the interviewee, duration of the interview, link to view 5) ID, phone number and status of the sent message; Information about calls (date and time, the recipient of the call, the duration of the call, the status of the call — "got through"/"I didn’t get through"), Information about messages (message text, date and time of sending the message, the recipient of the message) until the termination of a contract and within the terms specified by contract Contract 1) MS Outlook/Gmail 2) Telegram 3) Quick Telecom, MyTarget, Rapporto 4) VCV
Selection of candidates by recruiters using the functionality of the Software customers candidates: Full name, phone number, email address, resume until the termination of a contract and within the terms specified by contract Contract Hetzner Online GmbH
Notifying Software users about changes related to candidate vacancies by automatically sending system emails customers candidates: Email address, full name of the client candidate until the termination of a contract and within the terms specified by contract Contract The Rocket Science Group, LLC

How we process your data?

Candidates

We do not manipulate information about the candidates added by Huntflow users to the system.

We only process such information on instructions from our users acting as a controller. We do this based on the contract signed with the user or its employer. The users determine what information about the applicants they require, how long and in what ways they will use it.

For our part, we do everything to help our users comply with the principles of lawful processing of personal information in accordance with GDPR and to respect the applicants’ rights. Here we share the information about ways Huntflow can help our users comply with all of GDPR requirements.

Applicant data origination

Huntflow users independently enter data from different sources:

  • from their internal databases;
  • from the database of other job services provided by the user or its employer;
  • from publicly available sources, applicants’ social media accounts;
  • by downloading information from the sites where applicants publish their CVs and other data, such as LinkedIn, HeadHunter and others.

Processing of special categories of personal data

We do not process special categories of personal data.

Processing of children’s personal data

We do not offer of information society services to a child (up to the age of 16 years).

Processing of personal data relating to criminal convictions and offences

We do not process personal data containing information about the administrative offences and criminal record.

The existence of automated decision-making

We do not make any automated decisions about you that would result in legal or other similarly significant effects on you.

Who do we share your data with?

We use third-party service providers to help us provide portions of the Huntflow software and give support. Examples of these third parties include public cloud storage vendors, carriers, our payment processor, and our service provider for managing client support tickets.

They only receive data needed to provide their services to us. We have agreements with our service providers that say they cannot use any of this data for their own purposes or for the purposes of another third party.

We prohibit our service providers from selling data they receive from us or receive on our behalf.

We require service providers to use data only in order to perform the services we have hired them to do (unless otherwise required by law). For example, we may use a company to help us provide client support. The information they may receive as part of providing that support cannot be used by them for anything else.

Acting as a Controller we share your data with the following processors:

Processors, their Location and the Link to Privacy Policy / Website if applicable Country of establishment Purpose of Transfer The role of the service provider
Hetzner Online GmbH
Address: Industriestr. 2591710 Gunzenhausen
Hetzner Privacy Policy
Germany Hosting provider Processor
Google Inc.
Address: Google, Google Data Protection Office, 1600 Amphitheatre Pkwy, Mountain View, California 94043, USA
Google Privacy Policy
USA
Country does not guarantee sufficient levels of personal data protection according to Chapter 5 of GDPR
Email Service Provider Processor
Meta Platforms, Inc.
Address: 1601 Willow Road, Menlo Park, CA 94025, USA
Meta Privacy Policy
USA
Country does not guarantee sufficient levels of personal data protection according to Chapter 5 of GDPR
Web Analytics Service Provider Processor
V Kontakte, LLC
Address: prem. 1-N, bld. 12-14, Lit. A, Khersonskaya st., St. Petersburg, Russia, 191024
VKontakte Privacy Policy
Russia
Country does not guarantee sufficient levels of personal data protection according to Chapter 5 of GDPR
Web Analytics Service Provider Processor
The Rocket Science Group, LLC
Address:675 Ponce de Leon Ave NE Suite 5000 Atlanta, GA 30308 USA
Privacy Statement
USA
Country does not guarantee sufficient levels of personal data protection according to Chapter 5 of GDPR
Marketing platform Processor
MGL MY.COM LIMITED
Address: 28 Oktovriou, 365 VASHIOTIS SEAFRONT, office 402 Neapoli, 3107, Limassol, Cyprus.
Privacy Policy
Cyprus Advertising platform service Processor
VCV Inc.
Address: 101 Jefferson DrMenlo Park, CA 94025, USA San Francisco, CA, US 94025
Privacy Policy
USA
Country does not guarantee sufficient levels of personal data protection according to Chapter 5 of GDPR
Computer software development Processor
Voximplant Inc.
Address: 150 West 25th Street, RM 403 New York City, NY 10001, United States of America
Privacy Policy
USA
Country does not guarantee sufficient levels of personal data protection according to Chapter 5 of GDPR
Integrated Communications Platform Processor
ActiveCampaign, Inc.
Address: Chicago, US, 1 North Dearborn St, 5th Floor, IL 60602
Privacy Policy
USA
Country does not guarantee sufficient levels of personal data protection according to Chapter 5 of GDPR
Web Analytics Service Provider Processor
Telegram Messenger LLP
Address: UK, London, 71-75 Shelton Street, Covent Garden, WC2H 9JQ
Telegram Privacy Policy
UK Messenger Processor
YANDEX LLC
Address: 119021, Russia, Moscow, Lev Tolstoy street, 16
Terms of Use for Yandex.Metrica Service Yandex Privacy Policy
Russia
Country does not guarantee sufficient levels of personal data protection according to Chapter 5 of GDPR
Email Service Provider, Web Analytics Service Provider (Yandex Metrica) Processor
Mail.ru Group, LLC
Address: Russia, Moscow, 125167, Leningradsky prospekt 39, bld. 79
Privacy Policy
Russia
Country does not guarantee sufficient levels of personal data protection according to Chapter 5 of GDPR
Email Marketing Provider Processor

Cookies

We also collect cookies data from all Huntflow users based on their contracts with our company that stipulate that we have to provide them with specified features of the Huntflow program.

Site users or Huntflow users can turn cookies off in the settings of their web browser or mobile device. However, certain Huntflow features may become unavailable to Huntflow users.

We may share this data with other services to better analyse it and improve our website and service.

Necessary cookies enable core functionality such as security, network management, and accessibility. You may disable these by changing your browser settings, but this may affect how the website functions.

Analytics cookies used for analytics help collect data that allows services to understand how users interact with a particular service. For more information on how these cookies work please see our Privacy policy.

Marketing cookies are used to target advertising to the user (behavioural targeting). They are serviced by third-party companies and track the user on websites. For more information about which cookie providers process your data, please read our Privacy policy.

Preference cookies enable a website to remember information that changes the way the website behaves or looks, like your preferred language or the region that you are in. For more information on how these cookies work please see our Privacy policy

Unclassified cookies are cookies that we are in the process of classifying, together with the providers of individual cookies.

What can you do if you do not want storing cookies to be set or want them to be removed?

You are able to withdraw the consent to store cookies by resetting cookie settings.

We automatically collect and store the following information:

  • IP address,
  • type of web browser and its language,
  • information about Internet service provider,
  • sending and exiting pages,
  • information about the operating system,
  • date and time stamps,
  • information about visits.
We use the following cookies and tracking technologies, including cookies from our partners and service providers:
Category Description Name Provider Duration
Necessary Preserves users states across page requests. i yandex.ru 10 years
PHPSESSID huntflow.ai Session
Used to check if the user’s browser supports cookies. test_cookie doubleclick.net 1 day
Preferences Remembers the user’s selected language version of a website lang ads.linkedin.com Session
lang huntflow.ai 10 years
Determines the preferred language of the users. Allows the website to set the preferred language upon the user’s re-entry. remixlang vk.com 1 years
Analytics Registers data on users’ website-behaviour. This is used for internal analysis and website optimization. __vw_tab_guid huntflow.ai Session
Registers a unique ID that is used to generate statistical data on how the visitor uses the website. _ga 2 years
_gid 1 day
_ym_retryReqs Persistent
Used in connection with data-synchronization with third-party analysis service. AnalyticsSyncHistory linkedin.com 29 days
Assigns a specific ID to the visitor. This allows the website to determine the number of specific u ser-visits for analysis and statistics. FTID mail.ru 1 year
Registers data on users’ website-behaviour. This is used for internal analysis and website optimization. yandexuid yandex.ru 1 year
ymex 1 year
Marketing Unclassified _fbp huntflow.ai 3 months
_ym#_lastHit Persistent
_ym#_lsid Persistent
_ym#_reqNum Persistent
_ym#_reqNum Persistent
This cookie is used to collect nonpersonal information on the user’s website behavior and non -personal visitor statistic. _ym_d 1 day
Registers data on user’s website-behaviour. This is used for internal analysis and website optimization. _ym_isad 1 year
This cookie is used to collect non-person al in formation on the user’s website behavior and non-person a visitor statistic. _ym_uid Persistent
Collects data on the user’s navigation and behavior on the website. This is used to compile statistical reports and heatmaps for the website owner _ym_visorc Persistent
Used by the social networking service, LinkedIn, for tracking the use of embedded services. bcookie linkedin.com 2 years
Used to check if the user’s browser supports cookies. test_cookie doubleclick.net 1 day
Used by LinkedIn for tracking the use of embedded services. bcookie linkedin.com 2 years
Used by LinkedIn for tracking the use of embedded services. bscookie
Used by Facebook to deliver a series of advertisement products such as real time bidding from third party advertisers. fr facebook.com 3 months
Unclassified i yandex.ru 10 years
Used by Google DoubleClick to register and report the website user’s actions after viewing or clicking one of the advertiser’s ads with the purpose of measuring the efficacy of an ad and to present targeted ads to the user. IDE doubleclick.net 1 year
Set by LinkedIn when a webpage contains an embedded «Follow us» panel lang linkedin.com Session
Used by LinkedIn for tracking the use of embedded services. lidc 1 day

How we respect your rights

We respect your rights:

  • the right to know what data we use and how. We talk about this in our Privacy Policy. If you have any additional questions, please, get in touch with us;
  • the right of access to your personal data. You can request it from us at any moment;
  • the right to rectify your data, erase it, restrict its processing or object the handling of your data. You may rectify your data at any moment or erase it independently or by requesting that we do it. If you believe that we process your data unlawfully, to a greater degree than necessary or with objectives that were not originally specified, you may submit your objections against data processing or demand the restriction of data processing;
  • the right of data portability. We will download and return your data to you at any moment upon your request so that you can transfer it to a different service;
  • the right to recall consent for processing if we handle the data with your consent. To recall your consent, please, contact us.

If your rights have been violated, you may lodge a complaint to the oversight body of an EU member state where you permanently reside or work or where the violation took place.

Security of your personal data

When processing personal data, we take the necessary organisational and technical measures to protect personal data from unlawful or accidental access to them, destruction, alteration, blocking, copying, provision, dissemination of personal data, as well as from other illegal actions in relation to personal data.

The security of personal data is ensured by the following:

  • we have assigned the responsibility for the organisation of personal data processing to a specific employee;
  • we have implemented of data protection policies and measures to ensure that our personal data processing activities comply with the GDPR and the DPA (internal policies, internal allocation of responsibilities, trainings);
  • we have implemented the necessary measures to protect personal data (access control, encryption, antivirus protection);
  • we keep up to date the records of processing activities;
  • we have organised a process of receiving and controlling the processing of data subjects requests;
  • we carry out a DPIA for personal data processing activities that results a high risk to data subjects due to the nature or scope of the operation;
  • we ensure data protection by design and data protection by default;
  • we ensure security of third parties (controllers, processors, joint controllers);
  • we control of the transfers of personal data outside the EU;
  • we document personal data breaches (if any) and their consequences, investigating them, notifying the relevant parties about leaks within 72 hours, and taking measures to eliminate the consequences of personal data breaches;
  • we carry out planned and unscheduled audits of personal data processing activities.

Changes to this Policy

We regularly update this Policy in case there are significant changes in the way we process your personal data. You will receive a notification prior to such significant changes become effective by email if you provided us with your email address or by pop-up notice on our website.