It is recommended to check this page from time to time, referring to the date of the last modification listed at the top, to ensure that you accept any changes.
We collect information from you when, for example but without limitation, you install and use our App, perform search settings, place an order, respond to the XORbot's survey, open a support ticket, enter other information on chat with the XORbot, or otherwise use our Website or other Services.
Failure or refusal to provide certain Personal Data may make it impossible for you to effectively use our Services.
Users are responsible for any Personal Data of third parties obtained, published or shared through the Application and confirm that they have such third party's consent to provide such Data to the Company.
If you are a Client (defined below), Company may request that you provide certain information in order to verify your account. This information includes, but is not limited to your Federal Employer Identification Number (EIN), Business Registration information, or a utility bill. This information will be used for internal purposes only, subject to any request by law enforcement or a court order.
An aspect of our Service permits communication between Company and job seekers (“Applicants”), Company and prospective employers and recruiters (“Clients”), as well as communication directly between Applicants and Clients through the Services and also via third-party services and applications such as SMS, on Facebook Messenger, Viber and Telegram. PLEASE NOTE THAT YOUR RELATIONSHIP WITH ANY OTHER THIRD-PARTY SERVICE, APPLICATION OR WEBSITE IS GOVERNED SOLELY BY YOUR AGREEMENT WITH SUCH THIRD-PARTY OR GDPR WHERE APPLICABLE.
We process the Data of Users in a proper manner and shall take appropriate security measures to prevent unauthorized access, disclosure, modification, or unauthorized destruction of the Data.
We process the Data of two categories of users of our XORbot Services: employers and recruiters(business entities - Clients) and job applicants (natural persons - Applicants). An Client has to create a profile in order to use our Services. Applicants are not entitled to creating a profile and use or services by visiting a web address (URL) where they can apply for a job position.
The Data processing is carried out using computers and/or IT enabled tools, following organizational procedures and modes strictly related to the purposes indicated. In addition to the Company and its staff involved with the operation of the Services (e.g., administration, sales, marketing, legal or system administration staff), in some cases, the Data may be accessible to third parties (such as technical service providers, mail carriers, hosting providers, IT companies or communications agencies) appointed by us, if necessary, as "Data Processors". Our data servers are located in the Netherlands, EU, however data may be processed by Data Processors in any other country.
We may store Data indefinitely, however you may request that we suspend or remove your PII at anytime. Our Company is GDPR compliant and all data subjects’ requests are duly processed.
The information we collect from you when you use our Services, Website or App is collected and stored to allow us to better provide our Services, as well as for the following purposes:
You give us explicit consent that in the event that another company acquires all or substantially all of the assets of our business through a consolidation, merger, asset purchase, or other transaction, we reserve the right to transfer all data (including any PII a User may have provided through the Services) that is in our possession or under our control to such acquiring party.
Our Services are scanned on a regular basis for security holes and known vulnerabilities in order to make your use of our Services as safe as possible.
We do not use Malware Scanning.
Your Personal Information is contained behind secured networks and is only accessible by a limited number of persons who have special access rights to such systems, and are required to keep the information confidential. In addition, all sensitive/credit information you supply is encrypted via Secure Socket Layer (SSL) technology.
We follow generally accepted industry standards to protect against the unauthorized access to, retention of, and disclosure of Data. This includes undertaking necessary physical, electronic, and management activities required to protect data integrity, access, and use. Any Data that is stored on our servers is treated as confidential information.
Please keep in mind, however, that despite these reasonable efforts to protect Data on our servers, no method of transmission over the Internet is guaranteed to be 100% secure. Therefore, while we strive to protect your Data at all times, we cannot guarantee its absolute security and shall not be liable for any breach of security by an outside party.
We may collect non-personally identifiable information (hereinafter "Non-PII") regarding the User’s behavior while using the Services to understand and save a User's preferences for future visits or to compile aggregate data about site traffic and site interactions in order to offer better site experiences and tools in the future. For tracking purposes, we may also use trusted third-party services that track this information on our behalf.
Non-PII we collect may include information such as the information related to the Services and web pages a User is viewing when specific information is shown on them. We collect Non-PII through the use of pixels. No PII is collected or used in this process. A pixel is a line of code that is used by a website or third party ad server to track a User's activity. The use of a pixel allows us to record that a User has visited a particular webpage along with additional Non-PII that we may choose to include with the pixel. Your Non-PII will not be linked with your PII.
We may automatically receive and store certain types of information about you through the data sources listed above.
We may also add third party cookies. Cookies contain anonymous, segmented data about a user’s demographics (like age, gender, and location), interests, lifestyle, household details, social media memberships, and online influences. The date in the cookies do not contain individual-level information, but rather general audience segments.
We also collect information through our web server applications. This information includes your Internet Protocol or “IP” address, date/time stamp, browser type, and referring URL.
If you turn cookies off, some features will be disabled. It may affect the User's experience that make your Website visit more efficient and may not function properly.
However, you will still be able to install and use our App.
Any PII and other information shared by you with XORbots is sent to relevant, prospective Clients that match your employment goals. GDPR data subjects give their consent for this purpose of processing of their personal data and they are informed of their right to request access, rectification, erasure (‘right to be forgotten’), restriction of processing, objection against processing and data portability.
In addition, we may use other companies, including affiliates and third parties, to help us perform the Services and to improve the Website, App, and any other products and services. These third parties may include, but are not limited to, service providers and vendors, such as:
In the course of providing such services, those companies may have access to Personal Information, and such Personal Information may be transferred to other countries only when this is required for the proper functioning of our Services and when allowed by the applicable legislation.
In addition, we may disclose a User's information to third parties and law enforcement agencies when we reasonably believe we are obligated to do so by law, and in order to investigate, prevent, or take action regarding suspected or actual prohibited activities, including, but not limited to, fraud and threats, including potential or perceived threats, to ours or others' rights, property or safety. We have the obligation to send personal data to official authorities upon verified request or legal process related to criminal investigations or alleged or suspected illegal activities. If we are subject to a merger or acquisition with/by another company, your personal data may be processed by these companies in connection with such transaction.
Non-PII may be provided to other parties for marketing, advertising, or other uses. We may disclose Non-PII collected through our Services, and information derived from it, to our customers. This information cannot be used to contact or identify any person individually. Further, all of our customers have warranted that they shall use any Non-PII they receive in compliance with applicable laws and regulations.
We do not include or offer third-party products or services on our Website.
Users have the right, at any time, to know whether their PII has been stored and can contact the Company regarding the contents and origin of such Data; to verify its accuracy; to request such Data be supplemented, cancelled, updated or corrected; or to transform such Data into an anonymous format. Such requests should be sent to the Company at the contact information set out below at the end of this page.
You have the right to do the following things:
Manage or delete your account
Opting out of email marketing
We honor Do Not Track ("DNT") signals on our Website and refrain from tracking, or using advertising when a DNT browser mechanism is in place. Note that our App allows third-party behavioral tracking. To determine whether any of the third party services used by our App honor the DNT requests, please read the privacy policies of such third party service provider.
The Fair Information Practices Principles form the backbone of privacy law in the United States and the concepts they include have played a significant role in the development of data protection laws around the globe. Understanding the Fair Information Practice Principles and how they should be implemented is critical to comply with the various privacy laws that protect personal information.
In order to be in line with Fair Information Practices we will take the following responsive action, should a data breach occur: we will notify Users via email - within 7 business days, or we will notify the Users via in-site notification - within 7 business days. In data breach cases covered by GDPR we notify within 72 hours the Users when required and the data controllers (when we act as data processor) or the authorities (when we act as data controller).
We also agree to the Individual Redress Principle, which requires that individuals have the right to legally pursue enforceable rights against data collectors and processors who fail to adhere to the law. This principle requires not only that individuals have enforceable rights against data users, but also that individuals have recourse to courts or government agencies to investigate and/or prosecute non-compliance by data processors.
The following section pertains to Users who are located in the European Union and Switzerland.
In the context of an onward transfer of data to a third party, a Privacy Shield organization has responsibility for the processing of personal information it receives under the Privacy Shield and subsequently transfers to a third party acting as an agent on its behalf. Company shall remain liable under the Principles if its agent processes such personal information in a manner inconsistent with the Principles, unless Company proves that it is not responsible for the event giving rise to the damage.
Company has further committed to refer unresolved privacy complaints under the EU-US and Swiss-US Privacy Shield Principles to the BBB EU PRIVACY SHIELD, a nonprofit alternative dispute resolution provider located in the United States and operated by the Council of Better Business Bureaus. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit http://www.bbb.org/EU-privacy-shield/for-eu-consumers for more information and to file a complaint. There may be a possibility, under certain limited conditions, for EU and Swiss individuals to invoke binding arbitration before the Privacy Shield Panel.
The Federal Trade Commission has jurisdiction over Company’s compliance with the Privacy Shield.
The CAN-SPAM Act is a law that sets the rules for commercial email, establishes requirements for commercial messages, gives recipients the right to have emails stopped from being sent to them, and spells out tough penalties for violations.
We collect your email address in order to:
To be in accordance with CAN SPAM, we agree to the following:
If at any time you would like to unsubscribe from receiving future emails, you can email us at firstname.lastname@example.org and we will promptly remove you from all future correspondence.
- See more at: http://consumercal.org/california-online-privacy-protection-act-caloppa/#sthash.0FdRbT51.dpuf
According to CalOPPA, we agree to the following:
- Users can visit our Website anonymously;
- Users can change their personal information: (a) by logging into their account; or (b) by email or chatting with us via «Support» feature in our Application.
California law permits residents of California to request notice of how their information is shared with third parties for direct marketing purposes or to opt out of such sharing. If you are a California resident and would like a copy of this notice or to opt out, please submit a written request to the following address: XOR Inc. 1161 Mission Street, #424, San Francisco, CA 94103 or by emailing us by emailing us at email@example.com.
When it comes to the collection of Personal Information from children under the age of 13 years old, the Children's Online Privacy Protection Act (COPPA) puts parents in control. The Federal Trade Commission, United States' consumer protection agency, enforces the COPPA Rule, which spells out what operators of websites and online services must do to protect children's privacy and safety online.
We are sensitive to the issue of children’s privacy. Therefore,
our Website, products, and Services are neither developed for, nor directed at, children under the age of 13 years old. If you believe your child has provided us with PII, and you would like to have the data removed, please get in touch with us at the contact information set out below.
We honor the following principles relating to processing of personal data, which data are:
For the purposes of this section “personal data” means any information relating to an identified or identifiable natural person (“data subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person and “processing” means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
Representative in EU and Data Protection Officer of the Company is Trifonov Law Offices LLC which can be contacted at firstname.lastname@example.org or 21, Mali Bogdan Str., Plovdiv, Bulgaria.
The Company collects the following personal data through the Services:
Please note that when data subjects use our Website, we collect and process data in the capacity of data controller, while when data subjects interact with XORbots we collect and process data in the capacity of data processor (in which case employers that are using XORbots for recruitment purposes act as data controllers). When demo versions of XORbot (where no real employers are present) are used, the Company acts in the capacity of data controller. All requests by data subjects regarding their personal data, collected by employers (data controllers) in XORbots and processed by the Company that runs and maintains XORbots (data processor) shall be filed directly to the respective data controller.
The Company processes personal data for the following purposes:
We are processing personal data on the following legal grounds:
When acting as data controller, the Company may forward your personal data to third parties but we minimize the amount of personal data we disclose to what is relevant and necessary to accomplish the specified purpose. We do not send your personal data to third parties for their own marketing and advertising purposes without your consent. Your personal data may be received by the following recipients in their capacity of data controllers or processors:
We do not intend to transfer personal data to a third country or international organization except as set forth herein. If we transfer personal data to a third country, it shall take place only if, subject to the other provisions of GDPR, the conditions laid down in Chapter V of GDPR are complied with by the Company or other third parties in their capacity of processors, including for onward transfers of personal data from the third country or an international organization to another third country or to another international organization.
When the company acts in its capacity of personal data controller, in the general case we store your personal information for as long as necessary to provide the Services (until hosting, system or other similar logs expire) but we have fixed storage duration for the cases in which data subjects manually provide personal data, incl. sensitive data. Personal data of candidates who explicitly provide it to XORbots for the purpose of job interviews (questions, answers, any other text information, documents, audio or video files, etc.) are in the general case kept for 3 months and then deleted by the Company (personal data processor), unless otherwise decided by clients of the Company (employers). Candidates’ behavior is not tracked by the Company as part of their interaction with XORbots.
We care about the following rights of data subjects:
We can provide an electronic copy of the personal data undergoing processing free of charge to data subjects but for any further copies requested by data subjects we may charge a reasonable fee based on administrative costs.
(a) the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
(b) a data subject withdraws his consent on which the processing is based and there is no other legal ground for processing;
(c) a data subject objects to the processing and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing.
(d) the personal data is proven to have been unlawfully processed;
(e) the personal data have to be erased for compliance with a legal obligation in EU or Member State law to which the Company is subject;
(f) the personal data have been collected in relation to the offer of information society services.
(a) the accuracy of personal data is contested by a data subject, for a period enabling us to verify the accuracy of the personal data;
(b) the processing is found to be unlawful and a data subject opposes the erasure of the personal data and requests the restriction of their use instead;
(c) we no longer need the personal data for the purposes of the processing, but they are required by a data subject for the establishment, exercise or defense of legal claims;
(d) a data subject has objected to processing, pending the verification whether the legitimate grounds of the Company override those of the data subject.
If we honor such request, personal data shall only be stored by us but not processed, unless with the data subject's consent or for the establishment, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest.
(a) right to object to processing of their personal data which processing is necessary for the performance of a task carried out in the public interest or is necessary for the purposes of the legitimate interests pursued by the Company or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data;
(b) if personal data are processed for direct marketing purposes, data subjects have the right to object at any time to processing of their personal data in which case the personal data shall no longer be processed for such purposes.
Data subjects agree that they have no obligation to provide personal data while using our Services. If no data is provided some aspects of our Services may be limited (for example in cases when cookies are not allowed by data subject’s browser) or useless (for example if a candidate does not provide personal data to XORbot, then the respective employer cannot contact the job applicant to hire him which is the main purpose of job interviews).
Data subjects agree that automated decision-making is a core function of our XORbot Service and will be used for the purpose of selecting and hiring staff by employers. XORbots involve job applicants in interactive conversations that both ask questions (predefined by employers) to candidates, while answering questions that applicants may have. In the end recruiters at employers’ companies can focus on candidates that make it through the XORbots’ selection process, which saves time by allowing HR specialists to personally get in touch with only the best candidates, selected by XORbots, for any given position, which hiring process includes profiling of candidates.
Data subjects have the right not to be subject to decisions based solely on automated processing, including profiling, which could lead to rejection of job applicants by employers. In this regard candidates are free to ask employers (data controllers) for human intervention if they are not happy with the results of the automated decision-making.
We do not intend to further process your personal data for any purpose other than that for which the personal data are collected. Should we decide to use your personal data for other purposes, we will ask for your consent prior to using it.
More details concerning the collection or processing of Personal Data may be requested from XOR Inc. at any time. Please see the contact information below at the end of this page.
1161 Mission Street,
San Francisco, CA 94103
Please also feel free to contact us if you have any questions, concerns or complaints about our data collection or processing practices of our Services, or if you want to report any security violations to us.