Effective as of 16th November 2020
Your Privacy Rights
Introduction and Scope
Loop Works, LLC (“Loop Works”, “Loop” or “Company” or “We”) respect your privacy, each individual’s right to personal privacy and are committed to protecting it through our compliance with this policy.
Loop operates and provides a platform for employers to market and communicate with applicants and employees. During the course of our operations Loop collects data for both our Customers, and for our business operations including employment applications.
This policy will inform you of our use of that information, where that information is retained and shared in the delivery of the Services, and the choices you can make regarding our use of the information.
The use of information collected through our Service shall be limited to the purpose of providing the service for which the Customer has engaged Loop. As a matter of policy, we do not sell or rent any of your personal information to third parties for any marketing purposes.
Loop Customers and Subscribers
In providing Services to our Customers, we collect, store, process, and disclose personal information belonging to individuals who are involved in recruiting or employment activities (these include customers, their employees or subscribers, applicants to jobs, those registering their interest in jobs or referring individuals to jobs or their friends and contacts). In each of these cases, our software is integrated into a Customer System and we are processing personal information solely on behalf of the Customer, and in accordance with our agreements with the Customer. Loop is a data processor for our Customers, each of whom operate as controllers of Personal Data.
We are a service provider to our Customers and have no direct relationship with a Customer’s candidates or any individual whose personal data a Customer processes. Information provided to Loop by our Customers is collected by those Customers under their own Privacy Policies. And as a result this policy does not apply to practices that Loop does not own or control, or to individuals that Loop does not employ or manage.
Loop Employees and Applicants for employment
Your Personally Identifiable Information
The registration or application process or form collects certain information you voluntarily choose to share with Loop, such as your name, social media account identifier, email address and mobile number (“Personally Identifiable Information” or “PII”). You may always choose not to provide such Personally Identifiable Information; however, this may limit Loop’s ability to provide you with a specific service or particular content. Loop may also collect other data, which may include Personally Identifiable Information.
Personally Identifiable Information as Used by Loop Customers
Loop is contracted by employers and other companies (“Customers”) to provide the Loop Service. Information about your use of the Service and visits to the online or mobile sites may be used by Loop and its Customers. Your Personally Identifiable Information is only shared with the specific Customer which you visited and to which you subscribed.
When you use these Services, in addition to data you consent to provide, we will automatically collect information on the type of device you use, including the operating system version.
We collect your location-based information for the purpose of matching your search or content-request criteria. If you no longer wish to allow us to track your location-based information within the browser or application you may turn this off at the device level.
Information Related to Data Collected for our Customers
Loop collects information under the direction of its Customers and has no direct relationship with the individuals whose personal data it processes. If you are a candidate, employee or customer of one of our Customers and:
- Would no longer like to be contact by one of our Customers that use our service, contact the Customer that you interact with directly. We may transfer Personally Identifiable Information to companies that help us provide our service. Transfers to subsequent third parties are covered by the service agreements with our Customers.
- Require access to review, correct, amend, or delete inaccurate data, contact the Customer that you interact with directly.
- Require access to a record of this data, contact the Customer that you interact with directly.
When the Customer requests Loop to action any such request(s) we will respond to their request(s) within 30 days.
We will retain personal data we process on behalf of our Customers as long as needed to provide services to our Customer. Loop will retain and use this Personally Identifiable Information as necessary to comply with any legal obligations, resolve disputes, and enforce our agreements.
Collection of your Personal Information as an Authorized Loop Customer
If you purchase products and services through www.loopworks.com or are granted access to the Loop Services by your employer, Loop may collect Personally Identifiable Information, such as your name, email address, social media account identifier, mobile number and other personal and non-personal information.
If you purchase products and services through www.loopworks.com, we may request billing and credit card information. In this instance Loop is interacting with Customers as a data controller. This information is not stored by Loop, except where users explicitly require us to do so, and provide consent for such.
Information about your computer hardware and software may be automatically collected by Loop. This information can include: your IP address, browser type, domain names, access times and referring website addresses. This information is used for the operation of the Loop Service, to maintain and the improve quality of the service, and to provide general statistics pertaining to the use of the Loop customer site(s).
Individuals in the EEA and UK
Right to Privacy
Certain jurisdictions may provide you with privacy rights under applicable data protection or privacy law regarding the information you provide to us. In particular:
- If you are a resident of the EEA or UK whose personal data is subject to EU data protection law, you have certain privacy rights which include: the right to be informed, to access your information, to correct any information that is inaccurate, to have your information erased, to restrict or suppress your information, to obtain and reuse your personal data, to object to the processing of your personal information, and to object to how your data is used in automated decision making, if applicable. If you wish to enact your rights, please contact us at email@example.com or by using the contact details under the “Contact Us” heading below.
- If you are a resident of California whose personal information is subject to the California Consumer Privacy Act of 2018 (“CCPA”), you may review further details about the personal information we have collected about you over the last 12 months, including the categories of sources by reviewing this policy. We collect this information for the business and commercial purposes described herein and we share this information only with Customers for whom it is collected, or as described for our business operations. We do not sell (as defined in the CCPA) your personal information (and will not sell it without providing a right to opt out). Subject to certain limitations, the CCPA provides California residents the right to request to know more details about the categories or specific pieces of personal information we collect (including how we use and disclose this information), to delete their personal information, to opt out of any “sales” that may be occurring, and to not be discriminated against for exercising these rights. California residents may make a request pursuant to their privacy rights or for additional disclosures under the CCPA by sending a request to firstname.lastname@example.org or by using the contact details under the “Contact Us” heading below.
- If you do not wish to receive our email or messaging marketing communications for promotional purposes, you may opt out by clicking on the “unsubscribe” or “opt out” link in the marketing e-mails or messaging we send you.
- If we process your personal information in reliance upon your consent, you can contact us at any time to withdraw your consent, by email at email@example.com.
- If your Personally Identifiable Information changes or if you no longer wish to use our service, you may request we modify or delete your information by emailing us at firstname.lastname@example.org.
We will respond to any such requests in accordance with the requirements of applicable data protection laws. Please note that in order to fulfil your request, we may need you to provide certain information to verify your identity. Depending upon applicable data protection and privacy law, individuals may also designate an authorized agent to exercise these rights on their behalf.
Loop is a global company and as a result your Personally Identifiable Information may be transferred by us from your home country to Loop employees or affiliates in Loop offices around the world, who may communicate with you regarding your inquiry. We limit access to your Personally Identifiable Information to only those Loop employees who we believe need access in order to provide services to you or to otherwise perform their duties.
To this end, we also use the European Standard Contract clauses (http://ec.europa.eu/justice/data-protection/international-transfers/index_en.htm) with our Sub Processors located outside Europe in order to guarantee the privacy and the security of your data.
If you require further information about our international transfers of personal data, please contact us at email@example.com or by using the contact details under the “Contact Us” heading below. In each case we will respond within 30 days of receipt of your request.
Our subsidiaries include:
Loop Works LLC
EU-U.S. Privacy Shield Framework Policy Statement
With regard to employment and employment opportunities at Loop, Loop is committed to cooperate with EU data protection authorities (DPAs) concerned in conformity with the Supplemental Principles on Human Resources Data and the Role of the Data Protection Authorities as applicable, and will comply with the advice given by such authorities with regard to human resources data transferred from the EU in the context of the employment relationship. Policy for such is available to employees or applicants on request from firstname.lastname@example.org.
In compliance with the Privacy Shield Principles, Loop commits to resolve complaints about our collection or use of your personal information. EEA or UK individuals with inquiries or complaints regarding our Privacy Shield policy should first contact the Loop Privacy Officer at email@example.com. Privacy Shield organizations must respond within 45 days of receiving a complaint.
If you have not received a timely or satisfactory response from Loop to your question or complaint, please contact our alternative dispute resolution provider the ICDR/AAA by visiting the following hyperlink: http://go.adr.org/privacyshield.html to file a question or complaint. The services of the ICDR/AAA are provided at no cost to you.
Finally, as a last resort and in limited situations, EU individuals may seek redress from the Privacy Shield Panel, a binding arbitration mechanism. This process is more fully described on the Privacy Shield website www.privacyshield.gov. You may be entitled to invoke binding arbitration when other dispute resolution procedures have been exhausted. You also have the right to file a complaint with a competent data protection authority, if you are a resident of an EEA member state. As such, Loop commits to cooperate with the panel established by the EU Data Protection authorities (“DPAs”) and comply with the advice given by the panel and/or relevant Commissioner.
In cases of onward transfer to third parties of data of EU individuals received pursuant to the EU-US Privacy Shield, Loop remains liable.
What We Use Personally Identifiable Information For
Disclosure /Communications Content/Data and Information
We will share your Personally Identifiable Information with third parties only in the ways that are described in this privacy statement. Though we do not sell your Personally Identifiable Information to third parties, we may provide your Personally Identifiable Information to companies that provide services to help us with our business activities such as a live help feature or in offering customer service. These companies are authorized to use your Personally Identifiable Information only as necessary to provide these services to us. In any case when we transfer your information to third parties companies, we will ensure they maintain the same level of security as us.
We may provide your Personally Identifiable Information:
- as required by law, such as to comply with a subpoena, or similar legal process.
- when we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to a government request.
- if Loop is involved in a merger, acquisition, or sale of all or a portion of its assets, you will be notified via email and/or a prominent notice on our Web site of any change in ownership or uses of your Personally Identifiable Information, as well as any choices you may have regarding your Personally Identifiable Information, to any other third party with your prior consent to do so.
- Also, certain technical processing of messages and their content may be required to: (1) send and receive messages; (2) conform to connecting networks’ technical requirements; (3) conform to the limitations of the Service; or (4) conform to other similar requirements.
How we Protect and Store Personal Information
Loop uses commercially reasonable physical, managerial, and technical safeguards to protect personal information. We cannot, however, ensure or warrant the security of any information you provide to Loop Sites or that is provided to us in connection with Loop Services to our Customers. We cannot guarantee that such information may not be accessed, disclosed, altered, or destroyed by breach of any of our physical, technical, or managerial safeguards. Moreover, Loop is not responsible for the functionality or security measures of any third parties with whom Loop interacts, such as social networks and our Customers, in the course of providing our Services.
Loop has implemented commercially reasonable and appropriate technical, physical, and organizational measures to protect Customer Data from misuse or accidental, unlawful, or unauthorized destruction, loss, alteration, disclosure, acquisition, or access during the Processing, which will meet the requirements of the GDPR Regulation, or any stricter requirements, as imposed under the Service Agreement.
Access to Customer Data will be authorized only to the extent necessary to serve the applicable Data Processing Purposes and requirements of the Service Agreements. Loop staff with access to Customer data will be subject to confidentiality obligations.
Loop shall notify the Customer of a data security breach without undue delay after becoming aware that such a breach has occurred, unless a law enforcement official or supervisory authority determines that notification would impede a criminal investigation, or cause damage to national security or a breach of trust.
Data Storage and Retention
Loop will retain personal information that we receive and process on behalf of our Customers for as long as needed to provide services to our Customer. Our data retention periods will vary per contractual agreement with each individual Customer. Loop will retain and use this personal information to comply with our legal obligations, resolve disputes, and enforce our agreements.
In some instances, Loop does not retain data beyond a single session. Once Loop has facilitated the transmission of personal information to a Customer's database that is not hosted by Loop, it is that Customer's responsibility to guard the user's personal information against unauthorized access or transmission. We may store personal information in locations outside the direct control of Loop (for instance, on servers or databases co-located with hosting providers). When a customer terminates or deactivates its Customer account, Loop may retain the personal information of the Customer for a commercially reasonable time for backup, archival, or audit purposes.
Data Processing Purposes
Loop shall Process Customer Data on behalf of the Customer, only in accordance with the Service Agreement, pursuant to any documented instructions received from the Customer, or as needed to comply with the GDPR Regulation or any other Applicable Law.
Loop processes personal data pertaining to Customer records as needed to provide Customer services, Customer support activities, as required by GDPR Regulation and for the following additional purposes:
- Hosting, storage, and other processing needed for business continuity and disaster recovery;
- System and network administration and security, including infrastructure monitoring, identity and credential management, verification and authentication, and access control;
- Monitoring and other controls needed to safeguard the security and integrity of transactions;
- Enforcing contracts and protecting Loop, its associates, Customers, Customer employees, and the public against theft, legal liability, fraud, or abuse; and
- Approved Loop internal business processes.
Upon termination of the Service Agreement, Loop shall fulfill its obligations to the Customer with regard to returning the data and securely destroying the data, subject to GDPR Regulation.
Transparency to Customer Applicants and Employees
Loop shall promptly notify the Customer of requests or complaints related to the Processing of personal data by Loop that are received directly from Customer employees without responding to such requests or complaints, unless otherwise provided in the Service Agreement or instructed by the Customer.
Third Party Sub Processors may only Process Customer Data pursuant to a Sub Processor Contract. The Sub Processor Contract shall impose similar data protection-related Processing terms on the Third Party Sub Processor that will be not less protective than those imposed on the Loop Contracting Entity by the Service Agreement and the Loop Privacy Code for Customer Data Processing Services.
Loop shall maintain a record of accredited Sub Processors involved in the performance of the relevant Customer Services and Loop shall provide notice to the Customer of any new Sub Processors engaged by Loop for the delivery of the Customer Services. Customers have 30 days from notification date to object to the use of new Sub Processors engaged by Loop.
Data Types and Tracking Technologies
The information we gather and store includes internet protocol (IP) addresses, browser type, Internet service provider (ISP), referring/exit pages, operating system, date/time stamp, and clickstream data.
We use this information to analyze trends, to render an optimized user experience on our site, to track user’s movements on the site and to gather demographic information about our user base as a whole.
Social Media (Features) and Widgets
On occasion, our Service includes social media features and widgets which are either hosted by a third party or hosted directly on our Site. Your interactions with these features are governed by the relevant company or organization providing the widget and its associated functionality.
Connected Mobile Site or Links to Data
In the course of delivering the Services Loop creates and hosts links to other mobile sites and websites. Loop is not liable for the privacy practices or the content of such websites.
What are Cookies & does Loop use them?
What is a cookie?
What types of cookies does Loop use?
Loop utilizes several types of cookie to bring you an exceptional user experience:
Necessary cookies – are required for effective navigation around the Loop platform and websites. Without these cookies, key functions and user experience may be significantly impacted.
Persistent cookies – help us recognize you as an existing user and remember your preferences so we can deliver enhanced functionality and a personally tailored service. For example - a persistent cookie stays in your browser and will be recognized by Loop when you return to the site, in order to identify you. Should you get interrupted for any reason (including browser shutdowns or loss of access to the Internet) while completing a job application, persistent cookies will allow you to continue where you left off (at a later time).
You will also have the option to save details (that you enter about yourself) after you close your browser, so that you will not have to re-enter the same details the next time you need to fill in a form on one of our sites.
Session cookies - only last for as long as the session (usually the current visit to a web site or a browser session) and expire when you close the browser. These cookies are required for site functionality.
Performance cookies - utilized by third party partners or service providers may be used in order to help us continuously improve site performance and provide reporting to our Customers. For example, Loop partners with Google Analytics to collect data on site usage. This information is collected through the use of performance cookies which aggregate and anonymize all data, and no personally identifiable data is involved.
To opt out of cookie use, you can set your browser to reject cookies. Please visit the ‘Help’ menu of your Internet browser for instructions.
To opt-out of Google Analytics, please go to: Google Analytics Opt-out Browser Add-on.
Privacy for Children
Loop does not direct any of its products, services, sites or offerings to children under age 13. If we learn that any personal information has been collected from a child under age 13, we will delete the information as soon as possible. If you believe that we might have any information from or about a child under 13, please contact us at firstname.lastname@example.org.
Site Monitoring Tools
Loop uses analytics software while providing the Service on your mobile device. This allows us to ensure our Mobile Software and Service functions properly on your device. This software may record information such as how often you use the application, the events that occur within the application, aggregated usage, performance data, and where the application was downloaded from. We do not link the information we store within the analytics software to any Personally Identifiable Information you submit within the application.
Loop Subscriber User Options to Unsubscribe or Opt-Out
If you wish to subscribe to the Service we will use the Personally Identifiable Information to contact you. If at any time you wish to opt-out of receiving these text messages or emails, you may follow the unsubscribe or opt-out procedure provided in communication to you by text or email. In addition, if you are a registered user, you may also opt out and have your account permanently deleted by emailing your request to email@example.com.
Any questions or concerns regarding the use or disclosure of personal information should be directed to firstname.lastname@example.org or to the address given below. Loop will investigate and attempt to resolve complaints and disputes regarding use and disclosure of personal information by reference to the principles contained in this Policy and commits to resolve all enquires received within 45 days. For complaints that cannot be resolved between Loop and the complainant within this timeframe, Loop has agreed to use:
- The ICDR/AAA as an independent recourse mechanism, to find out more or utilize the services please utilize the complaint submission form link at: http://go.adr.org/privacyshield.html.
- EEA and UK individuals may seek redress from the Privacy Shield Panel, at privacyshield.gov.
Updates and Changes to this Policy
On 16th July 2020, the EU Court of Justice delivered a ruling in which the mechanisms for personal data transfers between the EU and the US were challenged based on the argument that US law cannot adequately ensure the protection of EU personal data. The EU Court of Justice struck down the Privacy Shield, rendering the US a non-adequate country without any special access to Europe's personal data stream.
Loop remains an active participant, as the US Department of Commerce and the European Commission have initiated discussions to evaluate potentially creating an enhanced EU-US Privacy Shield Framework, which would comply with the 16th July 2020 judgment.
Attention: Privacy, Legal Department
P O Box 5370
Chicago IL 60680