Effective as of 1 October 2019
We respect your privacy and are committed to protecting your Personal Data and other information. “Personal Data” means any information (including but not limited to Personally Identifying Information as that term may be defined by regulatory authorities) relating to an identified or identifiable natural person; where an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to that natural person.
“Visitor” refers to a user who accesses the Sites or Service but does not register with or purchase any services or goods from Topgrading;
“Registered User” refers to a user who signs up for an account with the Services, or otherwise agrees to provide Personal Data for specific communication with, or from, Topgrading (including, but not limited to Users who provide information for job application or performance assessment purposes at the request of a Topgrading client);
“Subscriber” refers to a Registered User who purchases a subscription plan for the Services, has a contractual relationship with Topgrading for the provision of Services, or purchases products or Services from Topgrading through the Sites. All Licensees of Topgrading and their “Authorized Users” as defined in Topgrading Agreements are Subscribers.
All of the different forms of data, content, and information described below, including without limitation Personal Data, are collectively referred to as "Information."
- What information we collect and why we collect it.
- How we use that information.
It is our policy to respect the privacy of our users regarding any information that we may collect while operating our website and our mobile or web-based products.
- Important information and who we are
Controller and Processor
Full name of legal entity: Topgrading, Inc.
Name or title of data privacy manager: Bruce Friedman, COO
Email address: firstname.lastname@example.org
Postal address: 100 S. Saunders Rd, Ste. 150, Lake Forest, IL 60045
You may have the right to make a complaint to a supervisory authority in the European Union (for example, the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk)). We would, however, appreciate the chance to deal with your concerns before you approach a supervisory authority, so please contact us in the first instance.
- What Personal Data and other Information do we collect and store, and how is it collected?
Personal Data You Provide to Us. The types of Personal Data collected this way may include your username, email address, postal address, telephone number, fax number, name of the file emailed/printed/stored by you when using our Services, browser/mobile device information, and place of work information (such as name of entity, title, industry, and organization size).
Payment details. Your payments are processed directly through Shopify, Paypal or through a credit card processing company. We do not have access to and do not store your Shopify, Paypal, credit card or any similar payment information.
Files. We collect and store the files you upload, download, or access with the Services ("Files").
Files filled out by users may be stored on our servers. However, these Files and the users’ information contained therein are accessible only to the account of the Subscribers in which they are stored. The data contained in these Files is encrypted and is unreadable and unusable for anyone else other than authorized users employed by Topgrading (with the Subscribers’ consent). You have the option to remove Files from your account at any point, which removes all the information that was contained in those Files from our servers. If you are a Visitor and have not registered for an account, your Files will be automatically deleted in 90 days (except for those Files submitted to other Subscribers).
Log Data. When you use the Services, we (ourselves or using third party services) automatically record some information from your Device, its software, and your activity using the Services, which can sometimes be correlated with Personal Data and so associated with you. This may include the Device’s Internet Protocol ("IP") address, browser type, the web page visited before you came to our website, information you search for on our website, locale preferences, identification numbers associated with your Devices, your mobile carrier, date and time stamps associated with transactions, system configuration information, metadata concerning your Files, and other interactions with the Services.
Cookies. We also use "cookies" to collect information and improve our Services. A cookie is a small data file that we transfer to your Device.
We may use:
- "Persistent cookies" to save your registration ID and login password for future logins to the Services;
- "Session ID cookies" to enable certain features of the Services, to better understand how you interact with the Services and to monitor aggregate usage and web traffic routing on the Services.
- If you fail to provide Personal Data
Where we need to collect your Personal Data by law, or in order to perform a contract we have with you or are trying to enter into with you and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with our Services). In this case, we may have to cancel the contract but we will notify you if this is the case at that time.
- How do we use information we collect?
We will only use your Personal Data when the law allows us to. Most commonly, we will use your Personal Data in the following circumstances:
- Where we need to do so to fulfill a contract with our Clients to which you have consented to participate, most often as part of a job application or performance assessment process.
- Where we need to do so to perform a contract we have entered into with you, or to take steps at your request before entering into such a contract. This applies particularly where we use your Personal Data to administer your use of the Services.
- Where it is necessary for a legitimate interest and your interests and fundamental rights do not override those interests. A legitimate interest means the interest of our business in conducting and managing our business to enable us to give you the best service and the best and most secure experience. This applies particularly where we use your Personal Data to better understand your needs and interests, to improve our Services, to personalize and improve your experience, to provide or offer software updates and other product announcements or otherwise to do anything with your Personal Data that we consider to be necessary for our legitimate interests (and typically also to be for the benefit of our users and Subscribers, and therefore also for your benefit, whether directly or indirectly).
- Where we need to comply with a legal or regulatory obligation.
NOTE: We may process your Personal Data upon more than one lawful ground depending on the specific purpose for which we are using your data.
Your Personal Data is or may be used:
(i) to set up an account and profile for you and to enable you to access Services securely;
(ii) to administer your use of the Services and to provide and improve our Services;
(iii) to transmit information to your prospective or current employer at your, or the employer’s, request;
(iv) to better understand your needs and interests;
(v) to personalize and improve your experience; and
(vi) to provide or offer software updates and product announcements. If you no longer wish to receive communications from us, please follow the "unsubscribe" instructions provided in any of those communications.
We disclose potentially personally-identifying and personally-identifying information (i.e. Personal Data) only to those of our employees, contractors and affiliated organizations that (i) need to know that information in order to process it on Company's behalf or to provide services available at Company's website and mobile platforms, or through the Company’s proprietary software products; and (ii) that have agreed not to disclose it to others. Some of those employees, contractors and affiliated organizations may be located either within or outside of the USA or the European Economic Area (EEA); by using the Sites, you consent to the transfer of such information to them.
Log Data and Cookies are or may be used in aggregated form. We aggregate Log Data and data collected through Cookies (as described above). If data collected from you is aggregated in this way, you can no longer be identified from it. We use this aggregated information for the above purposes and to monitor and analyze use of the Services, for the Service’s technical administration, to increase our Service’s functionality and user-friendliness, and to verify users have the authorization needed for the Services to process their requests. We may provide aggregated information to our partners about how our users, collectively, use the Sites, so that our partners may also understand how often people use their services and our Service.
Records of Communications. When you contact us, we may keep a record of your communication to help solve any issues you might be facing. If you send us a request (for example via a support email or via one of our feedback mechanisms), we reserve the right to publish it (but in a manner that does not identify you) in order to help us clarify or respond to your request or to help us support other users.
Company Emails. We may occasionally send you an email to tell you about new features, solicit your feedback, or just keep you up to date with what's going on with the Company and our products. We strive to provide you with choices regarding use of your Personal Data in relation to such marketing and advertising, and will provide you with an opportunity to unsubscribe from such communications whenever we send marketing communications to you.
Third-Party Marketing. We do not provide Personal Data to third parties for our own benefit or share your Personal Data with any entity outside of Company and its affiliates for marketing purposes or use your Personal Data to market any third-party products or services to you.
Foreign Processing. We may process Personal Data on servers in many countries around the world. We may process your Personal Data on a server located outside the country where you live.
Retention of Records. Where we can provide information access and correction, we will do so for free, except where it would require a disproportionate effort. We aim to maintain our services in a manner that protects information from accidental or malicious destruction. Because of this, after you delete information from our Services, we may not immediately delete residual copies from our active servers and may not remove information from our backup systems.
- Disclosure of Your Information
We may have to share your Personal Data and other information with third parties, as described below.
For legal reasons. We may disclose to parties outside Company, Files stored on the Services and information about you that we collect when we have a good faith belief that disclosure is reasonably necessary to: (a) comply with a law, regulation or compulsory legal request; (b) protect the safety of any person from death or serious bodily injury; (c) prevent fraud or abuse of Company or its users; or (d) protect Company’s property rights. If, as stated above, Company has to turn over your Files to comply with a law, regulation or compulsory legal request, the Files that will be turned over will remain encrypted, since Company does not have access to keys needed to decrypt the Files.
Non-private or non-Personal Data. We may share aggregated, non-Personal Data publicly and with our partners. For example, we may share aggregated, non-personal information publicly to show trends about the general use of our Services.
- International Transfers
Providing our Services to you and using your Personal Data and other information for the purposes described above means that (where your information originates from within the EEA) we may transfer your Personal Data outside the European Economic Area (EEA).
Whenever we transfer your Personal Data out of the EEA, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:
- We will only transfer your Personal Data to countries that have been deemed to provide an adequate level of protection for Personal Data by the European Commission. For further details, see European Commission: Adequacy of the protection of Personal Data in non-EU countries.
- Where we use certain service providers, we may use specific contracts approved by the European Commission which give Personal Data the same protection it has in Europe. For further details, see European Commission: Model contracts for the transfer of Personal Data to third countries.
- Where we use providers based in the US, we may transfer non-US based data to them if they are part of the Privacy Shield which requires them to provide similar protection to Personal Data shared between the European Union and the US. For further details, see European Commission: EU-US Privacy Shield.
- Data Security
We have put in place appropriate security measures intended to prevent your Personal Data from being accidentally lost, used or accessed in an unauthorized way, altered or disclosed. In addition, we limit access to your Personal Data to those employees, agents, contractors and other third parties who have a business need to know, or to the specific Company client(s) to which you are applying for employment or are employed. Our employees, agents, contractors and other third parties will only process your Personal Data on our instructions and they are subject to a duty of confidentiality.
- Changing or Deleting Your Information
It is important that the Personal Data we hold about you is accurate and current. Please keep us informed if your Personal Data changes during your relationship with us.
If you are a Registered User, you may review, update, correct or delete the Personal Data provided in your registration or account profile by changing information in your profile or account page. In some cases we may retain copies of your information if required by law. For questions about your Personal Data on our Service, please contact us. We will respond to your inquiry within 30 days.
- Data and File Retention
We will retain your Personal Data and other information for as long as your account is active or as needed to provide Services to you. Once your subscription is terminated, your Files will be deleted within 90 days.
If you are a Registered User and wish to cancel your account or request that we no longer use your information to provide you Services, you may contact us and we will work with you to delete your account.
We may retain and use your information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements. Consistent with these requirements, we will try to delete your information quickly upon request. Please note, however, that there might be latency in deleting information from our servers and backed-up versions might exist after deletion (although Files will be encrypted without a key to access them). In addition, although we will delete Files from your account, we do not delete from our servers copies of Files shared with and stored in the accounts of other Registered Users or Subscribers.
In some circumstances we may anonymize your Personal Data (so that it can no longer be associated with you) for research or statistical purposes, or for purposes of aggregating it with other information in connection with improving our Services, in which case we may use this information indefinitely without further notice to you. We may retain your email address on opt-out lists and audit trails required to prove compliance with laws and regulations.
If you are a user of Files shared with you by another Registered Users and/or Subscribers of the Service, you acknowledge that the Company does not have unencrypted access to the Files or your Personal Data therein and has no means to identify or delete specific information contained in these Files. You should contact the Registered User directly with requests to delete of your Personal Data.
- Corporate Customers
If you are a Subscriber to our Services, then your account administrator(s) may be able to:
- access information in and about your account;
- disclose, restrict, or access information that you have provided or that is made available to you when using the Service; and
- control how your account may be accessed or deleted.
Please refer to your organization's policies if you have questions about your administrator's rights.
- Third Party Applications
- Enforcement and Your Legal Rights
Your legal rights. Under certain circumstances, you have rights under data protection laws in relation to your Personal Data. In particular you may have the right to:
- Request access to your Personal Data. This is commonly known as a “data subject access request”. This enables you to receive a copy of the Personal Data that we hold about you and to check that we are lawfully processing it.
- Request correction of the Personal Data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.
- Request erasure of your Personal Data. This enables you to ask us to delete or remove Personal Data where there is no good reason for us continuing to retain or process it. You also have the right to ask us to delete or remove your Personal Data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your Personal Data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable,
- Object to processing of your Personal Data where we are relying on a legitimate interest(or the legitimate interest of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your Personal Data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.
- Request restriction of processing of your Personal Data. This enables you to ask us to suspend the processing of your Personal Data in the following scenarios: (a) if you want us to establish the data’s accuracy; (b) where our use of the data is unlawful but you do not want us to erase it; or (c) where you need us to hold the data even if we no longer require it as you need to establish, exercise or defend legal claims.
- Request the transfer of your Personal Data to you or to a third party. We will provide to you, or a third party you have chosen, your Personal Data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you. We have no access to your Files of any Personal Data therein but the Service provides you means to export any Files.
- Withdraw consent at any time where we are relying on consent to process your Personal Data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.
If you wish to exercise any of the rights set out above, please contact us at email@example.com.
No fee usually required. You will not have to pay a fee to access your Personal Data (or to exercise any of the other rights described above). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive.
What we may need from you. We may need to request specific information from you to help us confirm your identity and ensure your right to access your Personal Data (or to exercise any of your other rights). This is a security measure to ensure that your Personal Data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
Time limit to respond. We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if, for example, your request is particularly complex or you have made a number of requests or we have received multiple requests. In this case, we will notify you and keep you updated about expected timing for response.
The security of your information is important to us. When you enter sensitive information (such as a credit card number) on our order forms, we, or our third party partners, encrypt the transmission of that information using secure socket layer technology (SSL). We follow generally accepted standards to protect the information submitted to us, both during transmission and once we receive it. No method of electronic transmission or storage is 100% secure, however. Therefore, we cannot guarantee its absolute security.
- Our Policy Toward Children
Our Services are not directed to persons under the age of 13. We do not knowingly collect personally identifiable information from children under the age of 13. If a parent or guardian becomes aware that his or her child has provided us with Personal Data without their consent, he or she should contact Company support. If we become aware that a child under the age of 13 has provided us with Personal Data, we will take steps to delete such information from our account data.
- Questions or Concerns?