RefAssured, Inc. – Privacy Policy
Last Updated: 09/07/2022
The RefAssured Platform System
RefAssured, Inc. provides a software-as-a-service software platform that enables people who have worked with or supervised an individual to provide confidential feedback on the individual’s attributes and experiences associated with a specific job. Organizations and individuals (Subscribers) use the service to send emails or text messages to a candidate and the candidate’s references. The reference email or text contains a link to a web-based survey, which the reference then completes and submits electronically. Reports are either generated automatically or monitored and finalized by Subscriber personnel (such as HR staff, recruiters, hiring managers, career offices, etc.).
This Privacy Policy describes the way RefAssured collects, uses, and secures your personal information, both through our software-as-a-service software platform and on our website, www.refassured.com (collectively, “RefAssured”). By using the RefAssured services, you consent to this Privacy Policy.
General Security Policy
Your privacy is our top concern. We work hard to earn and keep your trust, so we adhere to the following principles to protect your privacy:
We will only ask for the minimum personal information required to successfully complete the RefAssured reference checking process for our Subscribers
We will never rent or sell the personal information of any user of our system (e.g. recruiter, candidate, reference, etc.) to third parties for their marketing purposes
Any sensitive information that you provide will be protected with industry standard protocols and technology.
Notice of all changes that materially affect ways in which your personal information may be used or shared will be posted in updates to our Privacy Policy or as otherwise required by applicable law. If you continue to use the RefAssured service after notice of changes have been sent to you or published on our site, you hereby provide your consent to the changed practices. RefAssured is in the process of acquiring our SOC 2 Type 2 credentials and RefAssured will review and update this Privacy Policy annually, thus RefAssured will notify all users within a responsible amount of time with updated the Privacy Policy herein.
Information Collection
Enclosed below we outline the categories of information we have collected and how it is used and how it may be shared:
| Types of Personal Data We Collect | Source | Purpose for Collection | Types of Recipients that may View Said Data |
| Contact information: may include name, email, job title, phone number | From you or our registered users or from you for our software services | To communicate with and respond to you and our Subscribers about your reference check report and the services provided by RefAssured
|
We may share this information with select service providers and partners who help deliver and maintain the services along with your references and our Subscribers where needed to deliver the services
|
| Reference feedback: such as information about your roles, professional attributes, performance at prior employers
|
From the references you choose to respond to our survey | To prepare the reference reports provided to our Subscribers | We may share this information with select service providers and partners who help deliver and maintain the services, along with the Subscribers who use our service.
|
| Browsing information: such as your IP address, MAC address or other device identifier, the kind of browser or computer you use, pages and content that you visit on the website, what you click on, the state and country from which you access the Site, date and time of your visit, and web pages you linked to our website
|
Your interactions with the website, including using cookies and other tracking technologies explained further below | To evaluate usage of the website and improve performance and services; to deliver targeted online marketing to you; and to protect the security and integrity of the services and our website, such as preventing fraud, hacking, and other criminal activity or to meet legal obligations | Our service providers who help us with fraud protection, website analytics, and marketing |
Candidate Reference Services
We receive personal information about you and your references in order to perform the RefAssured reference checking process for our Subscribers.
RefAssured may receive background/demographic information, on a voluntary or optional basis, from job candidates. This information will not be associated with the candidate’s name, email address, or any other personal information. This information will not be shared with a prospective employer. It will be used by RefAssured solely to monitor compliance with U.S. federal statutes and for other research purposes.
RefAssured may receive background/demographic information, on a voluntary or optional basis, from students and evaluators. This information will not be shared and will be solely used for research purposes.
Information We May Share
We may provide non-identifying aggregated data about the usage of our service to third parties for such purposes as we deem, in our sole discretion, to be appropriate. This information may be used for joint research purposes and will be de-identified prior to any related data transfer. We may segment our users by role (i.e., Software Engineers, Scientists), industry, geographic location, company. If you would like to be excluded from the aggregated research, please email privacy@refassured.com. We may also associate non-identifying information, such as IP address, with identifying information for purposes of fraud detection.
We may share all information that we collect on behalf of a client with that client and as directed by that client.
Unless prohibited by applicable law, we reserve the right to transfer the information we maintain in the event we sell or transfer all or a portion of our business or assets. If we engage in such a sale or transfer, we will – where required by applicable law – make reasonable efforts to direct the recipient to use your personal information in a manner that is consistent with this Privacy Notice. After such a sale or transfer, you may contact the recipient with any inquiries concerning the processing of your personal information.
In addition, we may share your information to comply with legal and regulatory requirements, and protect against and prevent fraud, illegal activity (such as identifying and responding to incidents of hacking or misuse of our websites), and claims and other liabilities.
Cookie Policy
Cookies are text files containing small amounts of information which are downloaded to your device when you visit a website. Cookies are then sent back to the originating web domain on your subsequent visits to that domain. Most web pages contain elements from multiple web domains so when you visit the website, your browser may receive cookies from several sources.
Cookies are useful because they allow a website to recognize a user’s device. Cookies allow you to navigate between pages efficiently, remember preferences and generally improve the user experience. They can also be used to tailor advertising to your interests through tracking your browsing across websites.
Session cookies are deleted automatically when you close your browser and persistent cookies remain on your device after the browser is closed (for example to remember your user preferences when you return to the site).
We make use of analytics cookies to analyze how our visitors use our websites and to monitor Website performance. This allows us to provide a high-quality experience by customizing our offering and quickly identifying and fixing any issues that arise. For example, we might use performance cookies to keep track of which pages are most popular, which method of linking between pages is most effective, and to determine why some pages are receiving error messages. We might also use these cookies to highlight articles or site services that we think will be of interest to you based on your usage of the website. The information collected by these cookies is not associated with your personal information by us or by our contractors.
RefAssured uses “cookies,” which are small pieces of information stored by your browser or other application on your computer’s browser or hard drive. We use cookies to remember certain information about visitors during their visit and may store information about your activity on the RefAssured application both within the same website visit and from one visit to the next. We may use cookies to recognize you and show you content on other websites based on your visits to the RefAssured application. The “help” portion of the toolbar on most browsers will tell you how to prevent your browser from accepting new cookies, how to have the browser notify you when you receive new cookies or how to disable cookies altogether. If you reject cookies, you may not be able to participate in certain activities or see content tailored to you. Please note that RefAssured does not control and do not guarantee the effectiveness of browser-based tools for managing cookies.
RefAssured uses Google Analytics web analytics service offered by Google to track and report website traffic. Google Analytics may leave cookies after each session. Learn how Google Analytics processes data: https://marketingplatform.google.com/about/analytics/features/.
In some jurisdictions, individuals may have the right to provide opt-in consent or withdraw consent for certain uses. If you reside in such jurisdictions, such as the European Union, you may have additional rights which are detailed below, “Access, Correction and Deletion.”
You can opt out of Google Analytics here: https://tools.google.com/dlpage/gaoptout
Security and Storage
We hold your personal information in electronic form. To ensure your personal information is secure RefAssured is in the process of adhering to the SOC 2 Type 2 certification and security standards and your data is encrypted in transit and at rest. Service providers may process the information for us, but only ever for the sole purpose of providing our services. Where a service provider holds your information, we require them to adhere to our approved standards of security to ensure the continuing protection of your personal information. Only authorized users / employees are granted access to your personal information and our procedures ensure that your personal information is only made available to employees where necessary. We audit and monitor our employee’s access to and handling of personal information.
We will retain your personal and sensitive information as directed by the Employer, or where we are a data controller when we no longer require it for any purpose for which it was collected. RefAssured will comply with its obligations to destroy, erase, or de-identify your personal information as required by applicable law.
RefAssured protects the personal information in its custody or control by making reasonable security arrangements to prevent unauthorized access, collection, use, disclosure, copying, modification, disposal, or similar risks. You should be aware that confidentiality and security are not assured when information is transmitted through e-mail or wireless communication.
RefAssured is not responsible for any loss or damage suffered as a result of a breach of security or confidentiality when information is transmitted by e-mail or any other communication channels or source.
Communications & Opt-Out
As described above, Subscribers may use the service to communicate with candidates and the candidates’s references through email and text message. Where applicable, candidates are required to represent and warrant that they agree to receive emails and text messages through RefAssured and that the references they designate also have consented to receive communications in that manner sent by or on behalf of the candidate. Candidates who select text as their preferred method of contact for the candidate’s references and enter their mobile number(s) represent and warrant that each such reference has expressly consented to receive the texts from the candidate through RefAssured at the number provided for the purpose of job reference feedback. Note that RefAssured may partner with third parties to deliver and manage these communications on behalf of the candidate. The candidate and references can opt out of these communications at any time, although doing so may impact their ability to use and benefit from RefAssured. Recipients of emails or texts through RefAssured can opt out by clicking the opt-out link at the beginning of the survey.
Services to Minors Not Permitted
We do not knowingly collect information from minors. To use the Site, you must be the age of legal majority in your place of residence. By using the Site, you hereby represent that you are at least the age of legal majority in your place of residence. We do not use an application or other mechanism to determine the age of users of the Site. All information provided to us will be treated as if it was provided by an adult. We will use commercially reasonable efforts to delete information associated with a minor as soon as practicable if we learn that a minor has submitted information about himself/herself to us.
Do Not Track Disclosure
Do Not Track (DNT) is a privacy preference that users can set in some web browsers, allowing users to opt -out of tracking by websites and online services. There are many methods where web browser signals and similar mechanisms can indicate your choice to disable tracking. But we may not be aware of or able to honor every such mechanism. Because there is not yet a common understanding of how to interpret web browser based “Do Not Track” (DNT) signals other than cookies, we may not respond to undefined DNT signals to our Sites or online services. More information about “do not track” is available at www.allaboutdnt.org and can also be found via https://support.google.com/chrome/answer/2790761.
Note for California Residents
If you are a California resident, you may contact us to request information about circumstances in which we share certain personal information with third parties for their own marketing purposes. As described above, we will never rent or sell the personal information of any user of our system to third parties for their own marketing purposes. For questions, please contact us as privacy@refassured.com.
Residents of California also have the following rights with respect to personal information collected about them:
The right to know the categories or the specific pieces of personal information.
The right to request deletion of any personal information collected.
In addition to the submission of requests to exercise these rights directly, you may designate an authorized agent to make a request to know or request to delete on your behalf. To submit a request to know or request to delete, you should contact the relevant RefAssured Subscriber (customer). That may be a talent manager, account manager, recruiter, or the company with which you applied for a job, or a candidate who requested a reference from you.
If you are unable to identify or contact the relevant Subscriber or would like to submit regarding any personal information, we may have collected from you directly, you can contact us by emailing privacy@refassured.com. If / when you exercise these rights and submit a proper request to us, we may verify your identity by asking you for additional information. We also may use a third-party verification provider to verify your identity. RefAssured will endeavor to honor requests unless they are properly directed at a RefAssured subscriber or a lawful exemption under the CCPA applies. Please note that RefAssured is only required to honor such requests twice in a 12-month period. For the 12-month period prior to the date of this Privacy Policy, RefAssured has not sold any personal information about its clients; nor does it have any plans to do so in the future.
Rights of Access, Correction, & Deletion
If you reside in certain jurisdictions such as the EU and United Kingdom, you have the right to access or correct your personal information and can make this request by contacting the relevant RefAssured subscriber. That may be a talent manager, account manager, recruiter, or company with which you applied for a job, or a candidate who requested a reference from you. In addition, you may request that the Subscriber delete or restrict access to your personal data.
Retention of Personal Information
Personal information that we collect, access or process will be retained only as long as necessary for the fulfillment of the purposes for which it was collected, unless otherwise provided in agreements between RefAssured and its Subscribers or as required or authorized by law. Personal information that is no longer required to fulfill the identified purposes will be destroyed, erased or de-identified.
Visitors from Outside the United States
RefAssured product and software services are hosted inside the United States. If you are visiting our website or using our service from outside the United States, your information may be transferred to, stored and processed in the United States or other countries in accordance with this Privacy Policy. The data protection and other applicable laws of the United States or other countries may not be as comprehensive as those laws or regulations in your country or may otherwise differ from the data protection or consumer protection laws in your country. Your information may be available to government authorities under lawful orders and applicable laws in such jurisdictions. We will use an appropriate data transfer mechanism. In addition, by using RefAssured website and or software services to provide personal information, you consent to transfer your information to our facilities as described in this Privacy Policy.
Website Security
RefAssured deploys reasonable and appropriate security measures to protect against the loss, misuse, and alteration of the personal data it processes. When the Website or Software Services is accessed using browsers that support Transport Layer Security (TLS) technology protecting information using both server authentication and data encryption to help provide that personal data is safe, and secure while in transit. RefAssured also implements an advanced security method based on dynamic data and encoded session identifications and hosts the Service in a secure server environment that uses a firewall and other advanced technology to protect against interference or access from outside intruders. RefAssured also provides individual usernames and passwords, that must be entered each time a customer accesses the RefAssured software platform. Additionally, RefAssured leverages Multi-Factor Authentication (MFA) for subscriber users. These safeguards help protect against unauthorized access, maintain data accuracy, and provide for the appropriate use of personal data. Nevertheless, no method of transmission over the Internet, or method of electronic storage, is one hundred percent secure, however. Therefore, we cannot guarantee absolute security. If you have any questions about security on our Service, please contact us at security@refassured.com.
RefAssured deploys an appropriate lever of website security. The website, and its use as a data conduit, is protected by Firewalls, Secure Socket Layer (SSL) to protect data in motion, encryption to protect data at rest, regular vulnerability scanning to identify new threats and 24x7 monitoring and intrusion detection. RefAssured’s hosting Platform meets the SOC 2 standards for Security and Availability Trust Services Categories.
For Additional Information
Security and Privacy is important to RefAssured. Should you have any questions about the privacy statement or any other aspect of RefAssured, Inc., please contact us via email at privacy@refassured.com.