People are at the heart of Oyster, and you have entrusted us with your personal information. We respect your privacy and are committed to protecting your personal data. We believe that you should know what we do with your information, who we share it with, and why it is shared. We only collect and store the personal information we need to provide our services. Our business is bringing meaningful employment to talented people everywhere, not selling your information or compromising your privacy.
Privacy standards differ depending on where you are in the world. At Oyster, we think that everyone deserves strong protection for their personal data regardless of where they live. To that end, we will collect, store, use and disclose Personal Data in accordance with all applicable laws relating to the protection of Personal Data, including the EU Data Protection Directive 95/46/EC, the EU General Data Protection Regulation 2016/679, the EU ePrivacy Directive 2002/58/EC as amended by Directive 2009/136/EC, as amended or superseded from time to time, and any national implementing legislation ("Data Protection Laws").
EU-U.S. Privacy Shield and Swiss-U.S. Privacy Shield
TriNet is responsible for the processing of personal information it receives under the Privacy Shield Framework and subsequently transfers to a third party acting as an agent on its behalf. TriNet complies with the Principles for all onward transfers of personal information from the EU, including the onward transfer liability provisions.
Notice: We will inform you of the purpose for which we collect and use your personal information and the types of non-agent third parties to which we disclose or may disclose that information. We will provide you with the choice and means to limit our use and disclosure of your personal information for a purpose other than that for which it was originally collected.
For the purpose of Data Protection Laws, in relation to any Personal Data you or any Users submit to our platform, you will be the data controller and we will be a data processor of such Personal Data.
Personal Data. Personal data, or personal information, means any information about an individual from which that person can be identified. Personal data does not include: publicly available information from government records; data where the identity has been removed (anonymous, de-identified, or aggregated consumer information); information specifically excluded from the scope of relevant privacy and security laws and regulations.
We may collect, use, store, and transfer the following types of information that alone or in combination with other information in our possession could be used to identify you:
No data, no dice. If you fail to provide personal data that we need by law, or under the terms of a contract we have with you, and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, employment with the best company ever). In that case, we may have to cancel a job offer or access to a particular service or benefit, but we will notify you if this is the case. It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.
To start, we will only use your personal data as allowed by the law. Depending on whether you are a Site Visitor, Customer, Vendor, or Employee, we use the information we collect to:
This chart illustrates how different categories of person data may be used by Oyster.
|Identifiers||A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, Social Security number, driver's license number, passport number, or other similar identifiers.||1, 2, 3, 4, 5, 6, 7, 8|
|Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)).||A name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver's license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information. Some personal information included in this category may overlap with other categories.||1, 2, 3, 4, 6, 7, 8|
|Protected classification characteristics under California or federal law.||Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information).||1, 2, 3, 6, 7, 8|
|Commercial information.||Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.||Not Collected|
|Biometric information.||Genetic, physiological, behavioral, and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as, fingerprints, faceprints, and voiceprints, iris or retina scans, keystroke, gait, or other physical Patterns, and sleep, health, or exercise data.||Not Collected|
|Internet or other similar network activity||Browsing history, search history, information on a consumer's interaction with a website, application, or advertisement.||1, 2, 3, 5, 6, 7, 8|
|Geolocation data||Physical location or movements.||1, 2, 6, 7, 8|
|Sensory data||Audio, electronic, visual, thermal, olfactory, or similar information.||1, 2, 6, 7, 8|
|Professional or employment-related information||Current or past job history or performance evaluations.||1, 2, 7, 8|
|Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99)).||Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records.||1, 2, 7, 8|
|Inferences drawn from other personal information.||Profile reflecting a person's preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.||Not Collected|
We will not collect additional categories of personal information or use the personal information we collected for materially different, unrelated, or incompatible purposes without providing you notice.
Marketing. We may use your Personal Data to contact you to tell you about products or services we believe may be of interest to you. For instance, if you elect to provide your email or telephone number, we may use that information to send you special offers. You may opt out of receiving emails by following the instructions contained in each promotional email we send you. In addition, if at any time you do not wish to receive future marketing communications, you may contact us. If you unsubscribe from our marketing lists, you will no longer receive marketing communications but we will continue to contact you regarding management of your account, other administrative matters, and to respond to your requests.
In certain circumstances we may share your Personal Data with third parties without further notice to you, unless required by the law, as set forth below:
Vendors and Service Providers. To assist us in meeting business operations needs and to perform certain services and functions, we may share Personal Data with vendors and service providers, including providers of hosting services, cloud services, and other information technology services providers, event management services, email communication software and email newsletter services, advertising and marketing services, payment processors, customer relationship management and customer support services, and web analytics services. When we provide your information to vendors and service providers, we enter a contract that requires the recipient to keep that information confidential. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.
Business Transfer. If we are involved in a merger, acquisition, financing due diligence, reorganization, bankruptcy, receivership, sale of all or a portion of our assets, or transition of service to another provider (collectively a “Transaction”), your Personal Data and other information may be shared in the diligence process with counterparties and others assisting with the Transaction and transferred to a successor or affiliate as part of that Transaction along with other assets. In such event, we will use commercially reasonable efforts to help ensure that your personal information will be subject to appropriate privacy protections, in accordance with applicable privacy law.
Self Provided Data. We collect Personal Data when you create an account on our Site, complete a contact form on our Site or request access to the Service, subscribe to our service or publications, request marketing to be sent to you, enter a competition, promotion or survey, or give us feedback or contact us. The Personal Data collected during these interactions may vary based on what you choose to share with us, but it will generally include your name, email address, location, and phone number.
Customers and Partner Provided Data: In order to provide the Service, we may receive information about you from our Customers or Partners, such as your name, email address, phone number, salary, tax identification number, etc.. We process that information pursuant to our Terms and Conditions and other agreements with our business customers.
Third Parties or Publicly Available Sources. We will receive personal data about you from various third parties [and public sources] as set out below:
We will only retain your personal data for as long as necessary to fulfil the purposes for which it was collected, and consistent with applicable law, to comply with our legal obligations, to resolve disputes, and to enforce our agreements.
In some circumstances you can ask us to delete your data, more on that below in Your Options. Please be aware that it is not always possible to completely remove or delete all of your personal information from our systems due to backups or technical constraints.
We may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.
We implement commercially reasonable technical, physical, administrative, and organizational measures to protect Personal Data both online and offline from loss, misuse, and unauthorized access, disclosure, alteration, or destruction. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality. Finally, we have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
However, no Internet or e-mail transmission is ever fully secure or error free. In particular, e-mail sent to or from us may not be secure. Therefore, you should take special care in deciding what information you send to us via the Site or e-mail. Please keep this in mind when disclosing any Personal Data via the Internet. In addition, we are not responsible for circumvention of any privacy settings or security measures contained on the Site, or third party websites.
Onward Transfers: Prior to disclosing personal information to a third party (other than the service providers referred to above), we will notify you of such disclosure and allow you a choice (opt out) regarding such disclosure. We will contractually require that any third party to which personal information may be disclosed will provide the same level of privacy protection as is required by the Principles.
Data Integrity and Purpose Limitation: We will only process and use personal information in a way that is compatible with and relevant to the purposes for which it was collected, or authorized by you, including the purposes to provide payroll, benefits, and related services. To the extent necessary for those purposes, we will take reasonable precautions to ensure that personal information is accurate, complete, and current. Additionally, personal information may be retained in a form identifying or making identifiable individuals only for as long as it serves a purpose for which the data was collected or as authorized by the individual.
Access: We will provide you access to your personal information and allow you to correct, amend, or delete inaccurate information, except, to the extent permitted by applicable law, where the burden or expense of providing access would be disproportionate to the risks to your privacy in the case in question, or where the rights of persons other than you would be violated. If access to personal information is denied, we will provide you with the reason for such denial. You may request the correction, amendment, or deletion of your inaccurate personal information by contacting TriNet customer support. We will respond to any such requests within a reasonable timeframe.
In compliance with the Privacy Shield Principles, we commit to resolve complaints about our collection or use of your personal information. EU and Swiss individuals with inquiries or complaints should first contact TriNet by emailing TriNet customer support or by contacting us using the details provided below. TriNet has further committed to refer unresolved Privacy Shield complaints to the panels established by the EU data protection authorities (DPAs) and the Swiss Federal Data Protection and Information Commissioner (FDPIC), alternative dispute resolution providers located in the EU and Switzerland. If you do not receive timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your satisfaction, please visit EU DPA or FDPIC for more information or to file a complaint. The services of EU DPA and FDPIC are provided at no cost to you
TriNet commits to cooperate with EU DPAs and the FDPIC and comply with the advice given by such authorities with regard to human resources data transferred from the EU and Switzerland in the context of the employment relationship.
TriNet is subject to the investigatory and enforcement powers of the Federal Trade Commission with respect to the statements in this Policy.
Personal information held by the Company is stored on and processed on computers situated in the United Kingdom, the European Economic Area (“EEA”), the United States, and in other jurisdictions. We and/or our service providers also process data in some other countries for customer care, account management and service provisioning.
If you are an EEA resident, your personal data held by the Company may be transferred to, and stored at, destinations outside the EEA that may not be subject to equivalent data protection laws, including the United States. When you sign up for service with the Company or inquire about our services, we transfer your information to the United States and other countries as necessary to perform our agreement with you or to respond to an inquiry you make. It may also be processed by staff situated outside the EEA who work for us or for one of our suppliers.
Whenever we transfer your personal data out of the EEA, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:
In certain jurisdictions, you have rights regarding how your personal data is handled. Specifically, you have the option to:
If you wish to exercise any of the rights set out above, [please contact us OR [SPECIFIC DETAILS OF WHO TO CONTACT FOR SUBJECT ACCESS RIGHTS]].
We will not discriminate against you for exercising any of your rights related to accessing, restricting, transfering, or deleting your personal information. Unless permitted by applicable law, we will not:
Our Service is not directed to children who are under the age of 16. Oyster does not knowingly collect Personal Data from children under the age of 16. If you have reason to believe that a child under the age of 16 has provided Personal Data to us through the Site or our provision of Services, please contact us and we will endeavor to delete that information from our databases.