Applicant Privacy Policy
It is Quickbase’s goal to respect the privacy of its applicants, and to protect their personal information.
1. Definitions
“Personal Information” means information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular individual or household.
“Sensitive Personal Information” means Personal Information that reveals an individual’s social security, driver’s license, state identification card, or passport number; account log-in, financial account number, debit card number, or credit card number in combination with any required security or access code, password, or credentials allowing access to an account; precise geolocation; racial or ethnic origin, religious beliefs, or union membership; contents of email or text messages; and genetic data. Sensitive Personal Information also includes Processing of biometric information for the purpose of uniquely identifying an individual and Personal Information Collected and analyzed concerning an individual’s health, sex life, or sexual orientation.
Other Definitions: As used in this Notice, the terms “Collect,” “Processing,” “Service Provider,” “Third Party,” “Sale,” “Share,” and other terms defined in privacy and data protection laws and their conjugates, have the meanings afforded to them in those laws.
2. Applicants
Collection of Applicant Personal Information.We, and our Service Providers, Collect the following categories of Personal Information about applicants. Depending on the status of an applicant, we may collect different forms of data and not all types of data are collected for all applicants. We also have Collected and Processed the following categories of Personal Information about applicants in the
preceding 12 months:
(1) Identifiers, such a real name, preferred name, postal address, unique personal identifier, online identifier, internet protocol (IP) address, or other similar identifiers;
(2) Contact and financial information, including phone number, address, email address, bank account
information;
(3) Characteristics of protected classifications under state or federal law, such as data of birth, gender,
race, or self-identified physical or mental health conditions;
(4) Non-individualized Geolocation data;
(5) Audio, electronic, visual, or similar information, such as a profile photograph (if self-identified);
(6) Professional or employment-related information, such as work history and prior employer;
(7) Education information, such as academic information and records;
(8) Inferences drawn from any of the information listed above to create a profile about an individual reflecting the individual’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, abilities, and aptitudes. (e.g., predications about an individual’s preferences or tendencies);
(9) An individual’s written signatures; and
(10) Sensitive Personal Information, including Personal Information that reveals:
a. Social security, driver’s license, state identification card, or passport number; or
b. Racial or ethnic origin, religious or philosophical beliefs, or union membership;
Categories of Applicant Personal Information We Disclose to Service Providers & Third Parties
We have disclosed the following categories of applicant Personal Information to Service Providers and Third Parties for a business purpose in the past twelve months:
(1) Identifiers, such a real name, alias, postal address, unique personal identifier, online identifier, internet protocol (IP) address, or other similar identifiers;
(2) Contact and financial information, including phone number, address, email address, bank account information;
(3) Characteristics of protected classifications under state or federal law, such as data of birth, gender, race, or self-identified physical or mental health conditions;
(4) Non-individualized Geolocation data;
(5) Audio, electronic, visual, or similar information, such as profile photograph (if self-identified);
(6) Professional or employment-related information, such as work history and prior employer;
(7) Education information, such as academic information and records;
(8) Inferences drawn from any of the information listed above to create a profile about an individual reflecting the individual’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, abilities, and aptitudes. (e.g., predications about an individual’s preferences or tendencies);
(9) Individuals’ written signatures; and
(10) Sensitive Personal Information, including Personal Information that reveals:
a. Social security, driver’s license, state identification card, or passport number; or
b. Racial or ethnic origin, religious or philosophical beliefs, or union membership;
Purposes for Processing Applicant Personal Information
We, and our Service Providers, Collect and Process applicant Personal Information (excluding Sensitive Personal Information) described in this Policy to:
- Evaluate a potential employee relationship with you;
- Perform background checks and verify past employment, educational history, professional standing, and other qualifications;
- Evaluate, determine, and arrange compensation, payroll, and benefits;
- Assess your fitness and physical capacity for work; and
- Contact you regarding your application and potential employee relationship with us.
In addition to the purposes identified above, the company may use and disclose any and all applicant Personal Information that we Collect as necessary or appropriate to:
- Comply with laws and regulations, including, without limitation, applicable tax, health and safety, anti-discrimination, immigration, labor and employment, and social welfare laws;
- Monitor, investigate, and enforce compliance with and potential breaches of the company’s policies and procedures and legal and regulatory requirements;
- Comply with civil, criminal, judicial, or regulatory inquiries, investigations, subpoenas, or summons; and
- Exercise or defend the legal rights of the company and its employees, affiliates, customers, contractors, and agents.
3. Sources of Collection of Personal Information
We Collect Personal Information directly from applicants. We also Collect Personal Information from joint marketing partners; public databases; providers of demographic data; publications; professional organizations; educational institutions; social media platforms; Service Providers and Third Parties that help us screen and onboard individuals for hiring purposes; and Service Providers and Third Parties when they disclose information to us.
4. Purposes for processing Sensitive Personal Information
We, and our Service Providers, Collect and Process the Sensitive Personal Information described in this Notice only for:
- Performing the services or providing the goods reasonably expected by an average individual who requests those goods or services;
- Ensuring security and integrity to the extent the use of the individual's Personal Information is reasonably necessary and proportionate for these purposes;
- Short-term, transient use, including, but not limited to, non-personalized advertising shown as part of an individual's current interaction with us; provided that we will not disclose the individual's Personal Information to a Third Party and or build a profile about the individual or otherwise alter the individual's experience outside the current interaction with the business;
- Performing services on our behalf, including maintaining or servicing accounts, providing customer service, processing or fulfilling orders and transactions, verifying customer information, processing payments, providing financing, providing analytic services, providing storage, or providing similar services on our behalf; and
- Undertaking activities to verify or maintain the quality or safety of a service or device that is owned, manufactured, manufactured for, or controlled by us, and to improve, upgrade, or enhance the service or device that is owned, manufactured, manufactured for, or controlled by us.
Affiliates & Service Providers. For each category of applicant Personal Information listed above, we disclose such information to our affiliates and Service Providers for the purposes described in this Notice. Our Service Providers provide us with services for our websites, as well as other products and services, such as web hosting, data analysis, payment processing, order fulfillment, customer service, infrastructure provision, technology services, email delivery services, credit card processing, legal services, and other similar services. We grant our Service Providers access to Personal Information only to the extent needed for them to perform their functions, and we require them to protect the confidentiality and security of such information.
Third Parties. For each category of applicant Personal Information listed above, we disclose such information to the following categories of Third Parties:
- At Your Direction. We may disclose your Personal Information to any Third Party with your consent or at your direction. In the case of marketing materials or events in or at which you have consented to appear, this includes disclosure of your Personal Information to the general public.
- Business Transfers or Assignments. We may disclose your Personal Information to other entities as reasonably necessary to facilitate a merger, sale, joint venture or collaboration, assignment, transfer, or other disposition of all or any portion of our business, assets, or stock (including in connection with any bankruptcy or similar proceedings).
- Legal and Regulatory. We may disclose your Personal Information to government authorities, including regulatory agencies and courts, as reasonably necessary for our business operational purposes, to assert and defend legal claims, and otherwise as permitted or required by law.
6. Sale & Sharing of Personal Information
We do not Sell or Share any of the categories of applicant Personal Information listed above, and we have not Sold or Shared any of the categories of applicant Personal Information listed above in the past twelve months.
7. Data subject requests
Exercising Data Subject Rights. You may exercise your data subject rights by contacting [email protected] or toll-free at 855-725-2293. You may also authorize an agent to make data subject requests on your behalf via the above methods. When you submit a data subject request, please indicate the type of request you are making, so that we may properly process and respond to your request in accordance with applicable law.
Verification of Data Subject Requests. We value the security and confidentiality of your Personal Information. Depending on the type of data subject request you submit, we may ask you to provide information that will enable us to verify your identity before complying with the request. We verify requests carefully and in accordance with applicable law. In particular, if you authorize an agent to make a request on your behalf, we may require the agent to provide proof of signed permission from you to submit the request, or we may require you to verify your own identity to us or confirm with us that you provided the agent with permission to submit the request. In some instances, we may decline to honor your request if an exception applies under applicable law. We will respond to your request consistent with applicable law.
Non-Discrimination. We will not discriminate against you for exercising your data subject rights. For example, we will not deny goods or services to you, or charge you different prices or rates, or provide a different level of quality for products or services as a result of you exercising your data subject rights.
Certification Information for the EU-U.S. Data Privacy Framework, the UK Extension to the EU-U.S. Data Privacy Framework, and the Swiss-U.S. Data Privacy Framework.The following information aligns the Quickbase Applicant Privacy Policy with the specific points required by the Data Privacy Framework (DPF) self-certification process, and ensures Quickbase’s compliance with the DPF Principles.
Quickbase and its subsidiary FastField, Inc. (for purposes of this section, collectively “Quickbase") complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. Quickbase has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union and the UK (including Gibraltar) in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF. Quickbase has certified to the U.S. Department of
Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/.
Quickbase’s accountability for personal data that it receives under the Data Privacy Framework and subsequently transfers to a third party is described in the DPF Principles. In particular, Quickbase remains responsible and liable under the DPF Principles if third-party agents that it engages to process the personal data on its behalf do so in a manner inconsistent with the Principles, unless Quickbase proves that it is not responsible for the event giving rise to the damage.
In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, Quickbase commits to cooperate and comply respectively with the advice of the panel established by the EU data protection authorities (DPAs) and the UK Information Commissioner’s Office (ICO) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to unresolved complaints concerning our handling of human resources data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF in the context of the employment relationship. EU, UK, or Swiss individuals with inquiries or complaints regarding this privacy policy should first contact the dedicated Quickbase compliance team at [email protected]
Quickbase has further committed to refer unresolved privacy complaints under the Data Privacy Framework Principles to an independent dispute resolution mechanism, Data Privacy Framework Services, operated by BBB National Programs. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit https://bbbprograms.org/dpf-complaints for more information and to file a complaint. This service is provided free of charge to you. If your DPF complaint cannot be resolved through the above channels, under certain conditions you may invoke binding arbitration for some residual claims not resolved by other redress mechanisms. See https://www.dataprivacyframework.gov/s/article/ANNEX-I-introduction-dpf.
Quickbase is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC).
Organization Information:
Quickbase, Inc.
PO Box 962077, Boston, MA 02196
Individuals in the European Economic Area, UK, Switzerland. If you have a complaint about human resources data transferred to the United States from the European Union, the United Kingdom, or Switzerland, and Quickbase does not address it satisfactorily, Quickbase commits to cooperate with the panel established by the EU data protection authorities (DPA Panel), the UK Information Commissioner’s Office, and the Swiss Federal Data Protection and Information Commissioner, as applicable and to comply with the advice given by the DPA panel ICO, or FDPIC, as applicable with regard to such human resources data. To pursue an unresolved human resources complaint, you should contact the state or national data protection or labor authority in the appropriate jurisdiction. Contact details for the EU data protection authorities can be found at https://edpb.europa.eu/about-edpb/board/members_en.
Quickbase has appointed a representative, DataRep, located in the European Union. The representative’s contact information may be found at data-protection-representative.pdf.
8. Data subject rights
As an applicant, you have the following rights with respect to your Personal Information, subject to certain exceptions:
Right to Receive Information on Privacy Practices: You have the right to receive the following information at or before the point of Collection:
- The categories of Personal Information to be Collected;
- The purposes for which the categories of Personal Information are Collected or used;
- Whether or not that Personal Information is Sold or Shared;
- If the business Collects Sensitive Personal Information, the categories of Sensitive Personal Information to be Collected, the purposes for which it is Collected or used, and whether that information is Sold or Shared; and
- The length of time the business intends to retain each category of Personal Information, or if that is not possible, the criteria used to determine that period.
We have provided such information in this Notice, and you may request further information about our privacy practices by contacting us as at the contact information provided above.
Right to Access: You may request access to information about Personal Information that we have Collected from you.
Right to Deletion: You may request that we delete any Personal Information about you that we Collected from you.
Right to Edit: You may request that we edit any inaccurate Personal Information we maintain about you.
Right to Know: You may request that we provide you with the following information about how we have handled your Personal Information:
- The categories of Personal Information we Collected about you;
- The categories of sources from which we Collected such Personal Information;
- The business or commercial purpose for Collecting Personal Information about you;
- The categories of Personal Information about you that we Shared or disclosed and the categories of Third Parties with whom we Shared or disclosed such Personal Information; and
- The specific pieces of Personal Information we have Collected about you.
Right to Receive Information About Onward Disclosures: You may request that we disclose to you:
- The categories of Personal Information that we have Collected about you;
- The categories of Personal Information that we have Sold or Shared about you and the categories of Third Parties to whom the Personal Information was Sold or Shared; and
- The categories of Personal Information we have disclosed about you for a business purpose and the categories of persons to whom it was disclosed for a business purpose.
Right to Non-Discrimination: You have the right not to be discriminated against for exercising your data subject rights. We will not discriminate against you for exercising your data subject rights.
Right to Opt-Out of the Sale and Sharing of Personal Information. If the company Sells or Shares your Personal Information to or with third parties, you have the right, at any time, to direct us not to Sell or Share your Personal Information. We do not Sell or Share applicant Personal Information and have not Sold or Shared applicant Personal Information in the past twelve months. Further, the company does not Sell or Share the Personal Information of minors under 16 years of age without affirmative authorization.
Retention of Personal Information. We retain each of the categories of applicant Personal Information listed above for the duration of your applicant relationship with us, as applicable, and longer as may be required by applicable laws or necessary for our legitimate business purposes.
Financial Incentives. We do not provide financial incentives to applicants who allow us to Collect, retain, Sell, or Share their Personal Information. We will describe such programs to you if and when we offer them to you.
Changes to this Notice. We reserve the right to amend this Notice at our discretion and at any time. When we make material changes to this Notice, we will notify you by posting an updated Notice on our website and listing the effective date of such updates.