Privacy Policy

Version 1.1, last updated 18 Feb 2024

As the operators of the StaySigned websites, www.staysigned.com, *.staysigned.com, www.workthreads.com, and *.workthreads.com (“Website”), Stay Signed Limited (Company No. 14747364) of 24 Tylers Road, Hazlemere, High Wycombe, England, HP15 7NS, United Kingdom (We, Us, “StaySigned”), is committed to protecting and respecting your privacy. This Privacy Policy (“Policy”) relates to services provided through our websites and applications (“Services”) and sets out the basis on which the Personal Data collected from you, or that you provide to Us, will be processed by Us. “Personal Data” means any information that identifies or relates to a particular individual and also includes information referred to as “personally identifiable information” or “personal information” under applicable data privacy laws, rules, or regulations (collectively the “Data Protection Laws”). This Policy does not cover the practices of companies We don’t own or control or people We don’t manage. For clarity, this policy applies when StaySigned acts as a “Controller” as defined in the General Data Protection Regulation (the “GDPR”) and the version of the GDPR retained in UK law (the “UK GDPR”). Note that we may also process Personal Data of our customers’ job applicants in connection with our provision of services to customers, in which case we are the processor of Personal Data. If we are the processor or service provider for your Personal Data (i.e., not the controller), please contact the controller party in the first instance to address your rights with respect to such data. Please read the following carefully to understand our views and practices regarding your Personal Data and how We will treat it.

For the purpose of the GDPR

  • In respect of the Personal Data of visitors of the Website and users of the Services, business contacts, and prospects of StaySigned, the Data Controller is StaySigned.
  • In respect of the Personal Data of candidates who apply for, or who a customer of StaySigned contacts in respect of a job ("Candidates"), or in regard to customers' employees' data, StaySigned shall process personal information as a data processor on behalf of its customers, who use our Services to assist with their recruitment processes and employee onboarding. When you apply for a role with one of StaySigned's customers, our customer's privacy policy, rather than this Privacy Policy, will apply to our processing of your personal information.

For the users of the WorkThreads, when you create an account and use the Services, we act as a Data Controller. When you apply to a job opening, the employer is collecting and storing your personal data as a Data Controller.

Sources of Personal Data

We collect Personal Data about you from:

You

  • when you provide such information directly to us,
  • when you set up an Account with us to use the Services, and
  • when Personal Data about you is automatically collected in connection with your use of our Services.

Our subsidiaries and affiliates (together, “Affiliates”), when they provide us with Personal Data about you.

Third parties, when they provide us with Personal Data about you (“Third Parties”). Third Parties that share your Personal Data with us include:

  • Service providers. For example, we may use analytics service providers to analyze how you interact and engage with the Services, or third parties may help us provide you with customer support.
  • Social networks connected to the services. If you provide your social network account credentials to us or otherwise sign in to the Services through a third-party site or service, you understand some content and/or information in those accounts may be transmitted into your Account with us.
  • Advertising partners. We receive information about you from some of our service providers who assist us with marketing or promotional services related to how you interact with our websites, applications, products, services, advertisements or communications.
  • Other third parties, such as providers of business contact information, who provide us with publicly available information on You, such as mailing addresses, job titles, email addresses, phone numbers, Internet Protocol (IP) addresses, social media profiles, social media URLs and custom profiles for purposes of targeting advertising. We may combine this information with Personal Data provided by You, for targeting advertising purposes. This helps us analyse our records and identify new Customers.

Information we collect from you

We collect and process some or all of the following types of information from you:

  • Information that you provide by filling in forms on the Website. This includes information provided at the time of registering to use the Website, subscribing to our Services, creating an Account to the Job Board, posting material or requesting further information or services. We may also ask you for information when you report a problem with the Website.
  • If you contact Us, We may keep a record of that correspondence.
  • We may also ask you to complete surveys that We use for research purposes, although you do not have to respond to them.
  • Details of all actions that you carry out through the Website and of the provision of services to you.
  • Details of your visits to the Website including, but not limited to, traffic data, location data, weblogs and other communication data, the site that referred you to our site and the resources that you access.

The provision of your full name and email address, your employer and/or your place of work and the url of the business that you work for is required from you when you register to use our Services. We will inform you at the point of collecting information from you, whether you are required to provide the information to Us.

Categories of Personal Data We Collect

Categories of Personal Data that we collect and have collected over the past twelve (12) months. Throughout this Privacy Policy, we will refer back to the categories of Personal Data listed in this section (for example, “Category A. Personal identifiers”).

A. Personal identifiers

  • Data collected: Real name, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, social profile URL, phone number
  • Purpose:
    • Provide you with the Services
    • Create your Account
    • Verify your identity
    • Communicate with You and provide customer service
    • Personalise your experience
    • Send You job advertisements, newsletters, or other marketing communications
    • Improve the Services
    • Our Marketing and Third Party Marketing and Advertising Purposes
    • Bug detection and error reporting
    • Auditing Consumer Interactions
    • Security, Fraud and Legal Compliance
  • Source of data: You, Affiliates, third parties
  • Whom we disclose for business purposes
    • Affiliates
    • Service providers
    • Advertising partners
    • Other third parties
    • Other Individuals, Services, and Partners at Your Request
    • Entities for Legal Purposes
    • Employers (for Users of the WorkThreads)

B. Commercial information

  • Data Collected: History of services purchased through StaySigned
  • Purpose:
    • Provide you with the Services
    • Create your Account
    • Internal Accounting purposes
    • Provide Customer service
    • Performance of legal obligations
  • Source of data: You, Affiliates, third parties
  • Whom we disclose for business purposes
    • Affiliates
    • Service providers

C. Internet or other similar network activity information

  • Data Collected: Browsing history, search history, information interaction with the website or application.
  • Purpose:
    • Our Marketing and Third Party Marketing and Advertising Purposes
    • Auditing Consumer Interactions
    • Communicate with You and provide customer service
    • Improve the Services
    • Bug detection and error reporting
    • Security, Fraud and Legal Compliance
  • Source of data: You, Service providers , Our Affiliates
  • Whom we disclose for business purposes
    • Affiliates
    • Service providers

D. Geolocation data

  • Data Collected: Physical location (calculated from IP address).
  • Purpose: Provide the Services, Security, Fraud and Legal Compliance
  • Source of data: You, Service providers , Our Affiliates
  • Whom we disclose for business purposes
    • Affiliates
    • Service providers

E. Professional or employment-related information

  • Data Collected:
    • Current job title
    • Resume, portfolio, video cover
    • Work reference
    • Work related social media profiles (i.e. LinkedIn)
    • Current employment situation
    • Preference, aptitude test, assessment
  • Purpose:
    • Provide the Services
    • Communicate with You and provide customer service
    • Personalise your experience
    • Improve the Services
    • Our Marketing and Third Party Marketing and Advertising Purposes
  • Source of data: You, Service providers , Our Affiliates
  • Whom we disclose for business purposes
    • Affiliates
    • Service providers

F. Payment information

  • Data Collected: All information necessary to complete online payments, such as payment details, bank account information, billing information.
  • Purpose:
    • Provide the Services
    • Process your payments for services
    • We don't store any credit card or bank account/paypal number
  • Source of data: You
  • Whom we disclose for business purposes
    • Secure third-party payment service providers

G. Personal, Employments, Educational documents

  • Data Collected:
    • Govt. issued cards/ID
    • Previous offer, appointment contracts, relieving letters
    • Education certificates
  • Purpose:
    • Provide the Services
    • Process your payments for services
    • We don't store any credit card or bank account/paypal number
  • Source of data: You
  • Whom we disclose for business purposes
    • Authorised third-party for verification

The following section provides additional information about how we collect your Personal Data.

Lawful Basis for Processing

Under the GDPR and the UK General Data Protection Regulation (UK GDPR), the lawful bases we rely on for processing of your personal data could be:

Legitimate Interest: We may process your personal data based on our legitimate interest, which includes without limitation our legitimate interest to assist Job applicants find a new job (via WorkThreds), provide services to improve chances to get hired for applied job, our legitimate interest to provide and improve the Services, our legitimate interest to improve the Website, our legitimate interest in advertising our product and services, unless you have provided your prior consent as required.

Contract: We may process personal data, in order for us to provide the services and meet our contractual obligations towards you, when we have a contract with you.

Consent: On a few occasions, we may rely on your consent for the processing of your personal data. In any such case, we will indicate this and ask for your specific informed consent, e.g when you sign up to receive marketing communications etc.

Legal Obligation: We may process your personal data to comply with a legal or regulatory obligation such as e.g. detecting, preventing or investigating crime or fraud including working with law enforcement agencies.

Your Rights

Subject to local data protection laws and in particular under the General Data Protection Regulation (GDPR) and the UK GDPR, you have a number of important rights free of charge.

In summary, those include rights to:

  • access to your Personal Data and to certain other supplementary information that this Policy is already designed to address
  • require us to correct any mistakes in your information which we hold
  • require the erasure of personal data concerning you in certain situations
  • receive the Personal Data concerning you which you have provided to Us, in a structured, commonly used and machine-readable format and have the right to transmit those data to a third party in certain situations
  • object at any time to processing of Personal Data concerning you for direct marketing
  • object to decisions being taken by automated means which produce legal effects concerning you or similarly significantly affect you
  • object in certain other situations to our continued processing of your personal data
  • otherwise restrict our processing of your Personal Data in certain circumstances
  • claim compensation for damages caused by our breach of any data protection laws.

For further information on each of those rights, including the circumstances in which they apply, see the General Data Protection Regulation (GDPR) Guidance from the UK Information Commissioner’s Office (ICO) on individuals rights under the UK GDPR .

If you would like to exercise any of those rights, please:

  • contact us using our Contact details below
  • let us have enough information to identify you
  • let Us have proof of your identity and address. Where you are a user of our Services you should email us from the email address that you used to register with StaySigned. Receipt of an email from this address will usually be sufficient to confirm your identity. In all other cases we may request one or more identification documents, such as a copy of your driving license or passport and a recent utility or credit card bill; and
  • let Us know the information to which your request relates.

For clarity the above rights apply to EU, UK and Swiss data subjects, as required under applicable law, but also any user of the Website and the Services, regardless of location may exercise any of these rights.

Google Account Authentication

You may connect your Google account to your StaySigned account in order to make use of certain StaySigned features such as Gmail Import and Syncing and scheduling with Google Calendar. This is done through OAuth authentication, a secure mechanism which gives StaySigned access to your Google account data without letting StaySigned know your password.

In that case, StaySigned will require access to your Google account and user data for the following purposes:

  • Upon sign-up or sign-in (“Sign in with Google”) and connect with Google through your Personal Profile:
    • To verify your email address and to create your user account on our servers in order to link your Google account with StaySigned;
    • To access and read your Google account profile information to retrieve, use, and display your Google account name, first name, last name and account photo or image in StaySigned;
    • Access to your contacts
  • If you choose to connect your Gmail account to your StaySigned account:
    • to access your Gmail account in order to send email messages to candidates from your account through StaySigned.
    • to access and retrieve your email messages
    • to manually import email messages sent to and received from a specific candidate
    • to sync email messages, sent to and received from candidates, that belong to threads that were initially sent with StaySigned or manually imported
    • to read, display, retrieve, and download any files attached to your email messages related with candidates
  • If you choose to connect your Google Calendar account to your StaySigned account:
    • to access your Google Calendar account in order to create, update, and delete events in your calendar through StaySigned;
    • to access and retrieve your calendar events
    • to sync calendar events that were initially created with StaySigned or manually imported
    • to check availability of other event attendees and resources
    • to sync the attendance status of other attendees in StaySigned
    • to read, display, retrieve, and download any files attached to your calendar events

Google API Services

StaySigned’s use of information received from Google APIs will adhere to Google API Services User Data Policy including the Limited Use requirements.

Uses made of your information when you request assistance from StaySigned Support

If you request assistance by a representative of StaySigned, the StaySigned representative may obtain access to your StaySigned account for the purposes of resolving your inquiry. Under those circumstances, the StaySigned representative will assume your role in StaySigned and view your account as you would when you log in. StaySigned reserves the right to assume the role of a user in your account without prior notice in certain situations, for example when it is necessary for security purposes (such as investigating a bug or abuse) or when it is necessary to comply with applicable law.

Uses made of your information

Where you are using our Services on behalf of our Customer, we rely on legitimate interests in performing our contract with our Customer as the lawful basis on which We collect and use your Personal Data. We use information held about you in the following ways:

  • To ensure that content from the Website is presented in the most effective manner for you and for your computer.
  • To provide you with information, products or services that you request from Us or which We feel may interest you, where you have consented to be contacted for such purposes.
  • To carry out our obligations arising from any contracts entered into between you and Us.
  • To allow you to participate in interactive features of our service, when you choose to do so.
  • To notify you about changes to our service.
  • Where you or your employer are a prospective Customer, to provide you with information about our Services for marketing purposes.

Disclosure of your information

We may disclose your personal information to any member of our group, which means our subsidiaries, our ultimate holding company and its subsidiaries, as defined in section 1159 of the UK Companies Act 2006.

We may disclose your personal information to third parties:

  • In the event that We sell or buy any business or assets, in which case We may disclose your personal data to the prospective seller or buyer of such business or assets.
  • If StaySigned or substantially all of its assets are acquired by a third party, in which case personal data held by it about its customers will be one of the transferred assets.
  • If We are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply our terms of use and other agreements; or to protect the rights, property, or safety of StaySigned, our customers, or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.
  • to protect the rights, property, or safety of StaySigned, the Website, our users and any third party we interact with to provide the Website.

We may also disclose your personal information to third parties and service providers:

  • Auditing related to a current interaction and concurrent transactions, including, but not limited to auditing compliance with this specification and other standards.
  • Detecting security incidents, protecting against malicious, deceptive, fraudulent, or illegal activity, and prosecuting those responsible for that activity.
  • Debugging to identify and repair errors that impair existing intended functionality.
  • Short-term, transient use of Personal Data that is not used by another party to build a consumer profile or otherwise alter your consumer experience outside the current interaction.
  • Performing services on our behalf, including software hosting and cloud computing, Customer Relationship Management, email sending, logging, storing Customer data, maintaining or servicing accounts, providing customer service, processing or fulfilling orders and transactions, verifying customer information, processing payments, providing financing, providing advertising or marketing services, providing analytic services, or providing similar services on behalf of the business or service provider.
  • Undertaking internal research for technological development and demonstration.
  • Undertaking activities to verify or maintain the quality or safety of a service or functionality that we provide, own, manufacture, or control.

We disclose your Personal Data to the following categories of service providers and other parties:

  • Service providers
    • Analytics service providers
    • Customer service providers
    • Payment processors
    • Marketing service providers
    • Advertising partners
    • Security and fraund detection service providers
    • Hosting service providers
    • Technology service providers
    • Data storage service providers
    • Email service providers
    • Logging service providers
    • CRM service providers
  • Affiliates
  • Parties who acquire your Personal Data through an acquisition or other change of control.
    • ersonal Data may be transferred to a third party if we undergo a merger, acquisition, bankruptcy or other transaction in which that third party assumes control of our business (in whole or in part).
  • Other parties at your direction.
    • Other users (where you post information publicly or as otherwise necessary to effect a transaction initiated or authorised by you through the Services).
    • Social media services (if you intentionally interact with them through your use of the Services).
    • Third-party business partners who you access through the Services ( e.g partners accessed through the StaySigned Marketplace). StaySigned does not control the use of your data by those third parties and you are advised to check their Privacy Policy as applicable.
    • For Users of the StaySigned Job board, we will share your personal data directly with the Employer who posted the Job Opening you have applied to.
    • other parties authorized by you.

Over the past twelve months, we have disclosed the following categories of your Personal Data to service providers or other parties for the business purposes listed above:

  • Category A. Personal identifiers
  • Category B. Commercial information
  • Category C. Internet or other similar network activity information
  • Category D. Geolocation data
  • Category E. Professional or employment-related information
  • Category F. Payment information
  • Category G. Personal, Employments, Educational documents

When we disclose personal information for a business purpose, as described above we enter into a contract with the service provider or other parties, that describes the purpose and requires the recipient to both keep that personal information confidential and not use it for any purpose except performing the contract.

Sales of Personal Data

We do not sell your Personal Data.

How we store your Personal Data

Data Security

We take appropriate measures to ensure that all Personal Data is kept secure including security measures to prevent Personal Data from being accidentally lost, or used or accessed in an unauthorised way, for the duration of your use of our Services. We limit access to your Personal Data to those who have a genuine business need to know it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.

We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where We are legally required to do so.

Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your Personal Data, we cannot guarantee the security of your data transmitted to the Website, therefore any transmission remains at your own risk. Once we have received your information, we will use strict procedures and security features in order to prevent unauthorised access.

Keeping your Personal Data up to date

We will endeavour to update your Personal Data within thirty (30) days of any new or updated Personal Data being provided to Us, in order to ensure that the Personal Data We hold about you is as accurate and up to date as possible.

Where we store your Personal Data

The data that We collect from you and process as a result of your use of the Services may be transferred to, and stored at, a destination outside the UK, Switzerland or the European Economic Area ("EEA"). It may also be processed by staff operating outside the UK, Switzerland or the EEA who work for Us or for one of our suppliers. Such staff may be engaged in, among other things, the fulfilment of your orders, the processing of your payment details and the provision of support services. By submitting your Personal Data, you agree to this transfer, storing or processing.

StaySigned primarily stores your data within the United Kingdom, but it may be accessed by our staff in the European Economic Area (EEA), India, and the UK to ensure seamless service delivery. Additionally, our hosting provider, AWS, might backup or mirror data outside of the UK and EEA for operational resilience. Despite these geographical variances, we safeguard your privacy through robust Data Processing and Transfer Agreements with our staff and AWS, adhering to GDPR standards to ensure your data is received. A full list of StaySigned's sub-processors can be found at the end of this document.

If you would like further information please contact Us (see ‘Contact’ below). We will not otherwise transfer your Personal Data outside of the United Kingdom or EEA or to any organisation (or subordinate bodies) governed by public international law or which is set up under any agreement between two or more countries.

Data Retention

We will hold all the data for so long as we have an obligation to You to provide you with the Services, as long as we have an obligation to the Customer to provide the Services, or as long as necessary to fulfill the purpose for which was initially collected and thereafter until such time as we delete the Customer’s account in accordance with our Customer Terms and Conditions. We will retain and use your Personal Data to the extent necessary to comply with any legal/accounting/reporting obligation.

Your personal information will be deleted on one of the following occurrences:

  • deletion of your Personal Data is requested by you;
  • your Personal Data is no longer required for the purposes for which it was collected;
  • deletion is required by a legal obligation;
  • where you withdraw consent.

Personal Data of Children

We do not knowingly collect or solicit Personal Data from children under 16; if you are a child under 16, please do not attempt to register for or otherwise use the Services or send us any Personal Data. If we learn we have collected Personal Data from a child under 16, we will delete that information as quickly as possible. If you believe that a child under 16 may have provided us Personal Data, please contact us at support@staysigned.com.

Safeguarding Personal Data

At StaySigned, we prioritise the security and privacy of your personal data. We are committed to protecting the personal information collected from our users and ensure that all data processing activities are confined within [the European Economic Area (EEA)/the United Kingdom (UK)/the specific country or region, as applicable]. This commitment reflects our dedication to maintaining high data protection standards without the need for international data transfers.

Data Protection Measures:

  • StaySigned implements comprehensive data protection measures to safeguard your personal data against unauthorised access, disclosure, alteration, and destruction. Our security practices include, but are not limited to, encryption, access controls, secure data storage, and regular security assessments.
  • We engage with third-party service providers or partners who process personal data strictly within our operational jurisdiction, ensuring they adhere to our stringent data protection and security criteria.

User Rights and Data Management:

  • You maintain full control over your personal data in accordance with our privacy policy. This includes rights to access, correct, delete, or restrict the processing of your data, in addition to the right to data portability.
  • StaySigned is transparent about our data handling practices. Users can request information about the specific measures we take to protect their personal data and how it is managed within our systems.

Commitment to Privacy:

  • Our approach to data management and protection is designed to comply with applicable data protection laws, including the GDPR for users within the EEA and the UK GDPR for users within the UK, ensuring that your data remains secure and your privacy rights respected.
  • StaySigned continuously monitors and updates our data protection practices to align with legal requirements and best practices in data security.

StaySigned is dedicated to maintaining the trust and confidence of our users by ensuring that personal data is protected no matter where it is processed. We continually review and update our data protection practices to align with legal requirements and best practices. Please contact us at support@staysigned.com with any questions, concerns or complaints relating to our Data Privacy Framework Certification.

Third Party Websites

OThe Website may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and terms of use and that we do not accept any responsibility or liability for these policies and terms of use. Please check these policies before you submit any Personal Data to these websites.

How to complain

We hope that we can resolve any query or concern you raise about our use of your information. If you have any concerns about our use of your information, you also have the right to make a complaint to the Information Commissioner’s Office (ICO), which regulates and supervises the use of personal data in the UK, via their helpline on 0303 123 1113.

Changes to our privacy policy

We reserve the right to modify this Privacy Policy at any time. Any changes we may make to our Policy in the future will be notified and made available to you using the Website. Your continued use of the Services and the Website shall be deemed your acceptance of the varied Privacy Policy.

Contact

If you have any questions about this Privacy Policy or want to report a potential data breach please reach out to support@staysigned.com. Please note that StaySigned’s Data Protection Officer (DPO) responds to any requests submitted to support@staysigned.com, attention StaySigned’s DPO.