Legal
Service
This is the privacy policy for the Pera Service (eu.app.getpera.com).
Pera is committed to protecting the integrity and privacy of personal information provided on the Pera Service. This policy describes the types of information Pera collects, and the ways in which Pera uses and discloses that information. For the purposes of this privacy policy we will refer to ourselves as “Pera”, “we”, and “us”.
We provide our clients with a service (the “Service”) that enables the client and both their candidates and employees to engage in a variety of interactive applications, interviews, training and evaluation activities.
Definitions
For the purposes of this privacy statement we use the following definitions:
Item | Meaning |
---|---|
Candidates |
Applicants for positions with a particular Client. Candidates may use the Service for a variety of purposes including to apply for a job with a specific Client, to verify the status of their Application, or to access talent development related information. If the Client is a recruiting firm, Candidates are applying to positions with the recruiting firm’s clients. In such cases, the definition of ‘Candidates’ also includes ‘candidates of the recruiting firm’s clients. |
Clients | Pera’s clients, such as employers and recruiting firms, that enter into an agreement with Pera to use the Service. |
Employees |
Employees that work for a particular Client. Employees can be divided into the following categories: (i.) employees who provide answers to a digital interview (ii.) employees who provide labels for the employees mentioned above (iii.) employees who analyse the data produced by Pera If the Client is a recruiting firm, the Employees work for the recruiting firm’s clients. In such cases the definition of ‘Employees’ also includes the ‘employees of the recruiting firm’s clients. |
Personal data | Personal details within the meaning of the GDPR. |
Controller | The natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law. |
Processor | A natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller. |
Processing activities
(i) Processing on behalf of the Client
The Service enables Clients, Employees and Candidates to exchange information varying from standard profile information (including name, address, phone number, and other similar information) to information provided in a digital interview.
The personal data Pera receives from Candidates and Employees are a result of the cooperation with a particular Client.
For the purposes of the GDPR, Pera acts as “processor”, when processing personal data on behalf of Clients. The Client acts as the “controller” of the personal data, as it determines the purpose and the means of processing such personal data.
As a processor, Pera only processes personal data that are strictly necessary for fulfilling the agreement with the Client.
(ii) Processing for Pera’s purposes
Pera uses anonymous data for the purposes of improving the Service. This includes analysis of anonymous usage trends, interests, and preferences to improve the way the Service works, looks, and to create new features and functionality. Data is processed to produce anonymous data by the removal of personal data ("anonymisation").
(iii) Applying for a job at Pera
If you apply for a job at Pera, we will ask you to provide us with your personal data to:
i) facilitate the entire job application procedure,
ii) create statuses, notes and a plan related to your job application and,
iii) have e-mail communications with you about your application, if applicable.
We process your personal data based on our legitimate interests for recruitment purposes. We are required to inform you that withholding personal data in your job application may disadvantage you in comparison to other applicants who are applying for the same role.
In processing your personal data, we have balanced our legitimate interests against your fundamental rights and freedoms. Where necessary we have taken appropriate measures to limit implications and prevent unwarranted harm to you. For example:
i) we will only use your personal data for the specific mentioned purposes and
ii) we only ask/use the personal data that we absolutely need from you for the application process.
We may ask you the following personal data in the job application procedure:
We will store your personal data up to one (1) year unless you request otherwise. If you are hired by Pera, your personal data will be processed in accordance with (statutory) rules for employment relationships and relevant retention periods.
(iv) Screening new Pera Employees
Pera reserves the right to screen new employees based on our legitimate interest. Depending on the specific job, Pera employees may come in contact with large amounts of personal data for which Pera is a data processor. Due to this fact and the fact that Pera strives to maintain security certifications, it is of the utmost importance that Pera employees maintain a very high level of integrity. Furthermore, for Pera employees that come in regular contact with personal data, Pera needs to verify that (new) employees have the credentials (diplomas/work experience) as indicated in the application process.
In this process, we have balanced our interests against your fundamental rights and freedoms. Where necessary we have taken appropriate measures to limit implications and prevent unwarranted harm to you. For example, the exact level of screening will depend on the specific job of the employee and the amount of personal data the employee will come in contact with. Depending on the specific job, the screening may consist of processing the following personal data:
We will not store your personal data longer than is necessary for the above stated purposes. If you are not hired by Pera at the end of the application procedure, we will not retain your personal data for longer than one (1) year.
(v) Legal requirements
In order to comply with (inter)national laws, or in response to a court order, judicial or other government subpoena or warrant, or to otherwise cooperate with investigative or law enforcement activity, Pera may be obligated to disclose personal data to public authorities.
Use of third-party sub-processors
Pera (can) use certain sub-processors, but these sub-processors only process/use the personal data that is strictly necessary for these sub-processors to complete their specific task or service. We only provide your personal data, subject to data processing agreements, which state that the sub-processors must keep your personal data confidential, ensure the same level of data protection as required by Pera, that the data cannot be used for their own purposes and that all information will be used in accordance with applicable privacy legislation (e.g. EU GDPR), including strict provisions in the light of data security.
We reserve the right to transfer your personal data to a country outside the European Economic Area or international organization. If so, we will ensure that the appropriate, suitable and required safeguards and transfer mechanisms shall be in place. You are entitled to receive a copy of any documentation showing the suitable safeguards that have been taken by making a request via privacy@getpera.com.
Cookies
Data subject rights
Data subjects have the right to obtain free access to their personal data and to receive a copy. Data subjects also have the right to rectify, erase, restrict the processing or adjust preferences. Changes to personal data will be promptly reflected in active user databases. Please note, users that have previously accessed the content may have access to copies cached on their device.
If data subjects would like to exercise one or more of the aforementioned rights, they can contact the Client (in case of ‘processing activities’ mentioned before under (i.)) or Pera at privacy@getpera.com (in case of ‘processing activities’ mentioned before under (ii.)). Data subjects can also give notice via e-mail that their right to privacy over-rides Pera’s grounds of processing. In the event such notifications are received, Pera will review and assess those notifications on a case-by-case basis.
If data subjects contact Pera, we may ask for further information to confirm the identity of the data subject. In this way we make sure the data subject is actually the person contacting us. We also follow this procedure in case of unclear requests.
Data security
Pera has taken technical and organizational measures to secure personal data and prevent any misuse. However, it should be noted that there are no measures that are completely secure or immune from outages, losses, attacks, circumvention, design or implementation flaws, and human error. Pera is ISO 27001 certified.
If Pera learns of a security systems breach, we may attempt to notify you electronically so you can take appropriate protective steps. Pera may post a notice through the Service if a security breach occurs. Depending on where you live, you may have a legal right to receive notice of a security breach in writing. To receive a free written notice of a security breach you should notify us at security@getpera.com.
Retention period
Pera does not keep personal data any longer than necessary. In that regard we have established time limits for deletion and anonymisation.
Personal data of Candidates is retained for a maximum period of two years. After two years any personal data is deleted and anonymised.
Inactive accounts are retained for a maximum period of two years. After two years the account is deleted and any data linked to the account is deleted and anonymised.
Personal data Pera collects and that qualifies as accounting records are retained for seven years in accordance with tax legislation and regulations.
International visitors
Depending on a variety of factors including, but not limited to, your location, the location of the Client you may be interviewing at or conducting training with or the location of the job you have or are interviewing for, the Service may be hosted in either China or the European Union. If you choose to use the Service from other regions of the world outside China or the EU, as applicable, where laws governing data collection and use may differ from China and/or EU law, then please note that you are transferring your personal data outside of those regions to China or the European Union (as applicable) for storage and processing, and by providing your personal data to the Service you consent to that transfer, storage, and processing. Such transfer occurs pursuant to the standard contractual clauses agreed between Pera and Clients.
Affiliates in the event of merger or sale
Pera may now or in the future be affiliated directly or indirectly with other companies, such as parent companies and subsidiaries (and their parent companies and subsidiaries) and reserves the right to transfer your personal data to any of these affiliated companies. In the event that all or a portion of Pera or its assets is acquired by or merged with a third-party entity or is subject to a change of control all or a portion of the data and information in Pera’s systems may be one of the assets involved in such transaction, and we reserve the right, in any of these circumstances, to transfer or assign all or a portion of the information that we have collected from users in connection with such merger, acquisition, sale, or other change of control.