Privacy Policy

Published 09 September 2020

People are at the heart of Oyster, and you have entrusted us with your personal information. We respect your privacy and are committed to protecting your personal data. We believe that you should know what we do with your information, who we share it with, and why it is shared. We only collect and store the personal information we need to provide our services. Our business is bringing meaningful employment to talented people everywhere, not selling your information or compromising your privacy.

This Privacy Policy explains what Personal Data we collect, how we use and share that data, and your choices concerning our data practices. This Privacy Policy applies to the OysterHR.com website, the Oyster platform, and all other sites owned by Oyster HR, Inc. and is incorporated into and forms part of our Terms and Conditions. Before using the Site or submitting any Personal Data, please review this Privacy Policy carefully.

BY USING THE SITE AND OUR SERVICES, YOU AGREE TO THE PRACTICES DESCRIBED IN THIS PRIVACY POLICY. IF YOU DO NOT AGREE TO THIS PRIVACY POLICY, PLEASE DO NOT ACCESS THE SITE OR OTHERWISE USE THE SERVICE.

Standards, we have them

Privacy standards differ depending on where you are in the world. At Oyster, we think that everyone deserves strong protection for their personal data regardless of where they live. To that end, we will collect, store, use and disclose Personal Data in accordance with all applicable laws relating to the protection of Personal Data, including the EU Data Protection Directive 95/46/EC, the EU General Data Protection Regulation 2016/679, the EU ePrivacy Directive 2002/58/EC as amended by Directive 2009/136/EC, as amended or superseded from time to time, and any national implementing legislation (โ€œData Protection Lawsโ€).

For the purpose of Data Protection Laws, in relation to any Personal Data you or any Users submit to our platform, you will be the data controller and we will be a data processor of such Personal Data.

What kind of personal data do we collect?

Personal data means any information that identifies, describes, or is reasonably capable of being associated with an individual. Personal data does not include: publicly available information from government records; data where the identity has been removed (anonymous, de-identified, or aggregated consumer information); information specifically excluded from the scope of relevant privacy and security laws and regulations.

We may collect, use, store, and transfer the following types of information that alone or in combination with other information in our possession could be used to identify you:

  • ๐Ÿ‘ฉ๐Ÿฝ Identity Data includes first name, maiden name, last name, username or similar identifier, marital status, title, date of birth and gender.
  • ๐Ÿฆ„ Special Categories may include details about your race or ethnicity, religious beliefs, trade union membership, familial status, military service, information about your health, and the like. We only collect this type of personal data where required by law to enter into an employment relationship.
  • ๐Ÿ  Contact Data includes billing address, delivery address, email address and telephone numbers.
  • ๐Ÿ’ณ Financial Data includes bank account and payment card details.
  • ๐Ÿ“‘ Transaction Data includes details about payments to and from you and other details of products and services you have purchased from us.
  • ๐Ÿ’ป Technical Data includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access this website.
  • ๐Ÿ›… Profile Data includes your username and password, purchases or orders made by you, your interests, preferences, feedback and survey responses.
  • ๐Ÿ“Š Usage Data includes information about how you use our website, products and services.
  • ๐Ÿ“ง Marketing and Communications Data includes your preferences in receiving marketing from us and our third parties and your communication preferences.

No data, no dice. It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us. If you fail to provide personal data that we need by law, or under the terms of a contract we have with you, and you fail to provide that data when requested, we may not be able to perform the service we are trying to provide. In that case, we may have to cancel a job offer or access to a particular service or benefit, but we will notify you if this is the case.

What do we do with your data?

To start, we will only use your personal data as allowed by the law. We use the information we collect to:

  • ๐Ÿข Provide our services
  • ๐Ÿ— Operate and improve our platform
  • ๐Ÿ”’ Secure access to our services
  • ๐Ÿ“ฉ Marketing*
  • ๐Ÿงฎ Analytics for product development and marketing purposes
  • โš–๏ธ Comply with applicable laws, court orders, government and agency requests

For more information about how different categories of personal data may be used by Oyster, check out our Business Purpose Chart. Our processing of personal data is limited to the purposes set out in this policy and we will provide you notice if those purposes become materially different, unrelated, or incompatible with this Privacy Policy.

*Marketing We may use your Personal Data to contact you to tell you about products or services we believe may be of interest to you. For instance, if you elect to provide your email or telephone number, we may use that information to send you special offers. You may opt out of receiving emails by following the instructions contained in each promotional email we send you. In addition, if at any time you do not wish to receive future marketing communications, you may contact us. If you unsubscribe from our marketing lists, you will no longer receive marketing communications but we will continue to contact you regarding management of your account, other administrative matters, and to respond to your requests.

โš›๏ธ Aggregated data We also collect, use and share Aggregated Data to analyze the effectiveness of our Service, to improve and add features to our Service, and for other similar purposes. In addition, from time to time, we may analyze the general behavior and characteristics of users of our Services and share aggregated information like general user statistics with prospective business partners. We may collect aggregated information through the Service, through cookies, and through other means described in this Privacy Policy.

Waitโ€ฆ isnโ€™t that Personal Data? Aggregated Data could be derived from your personal data but is not considered personal data in law as this data will not directly or indirectly reveal your identity. For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific website feature. However, if we combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this privacy policy.

Sharing your data

In certain circumstances we may share your Personal Data with third parties without further notice to you, unless required by the law, as set forth below:

๐Ÿฆช Affiliates We may share Personal Data with our current and future affiliates, meaning an entity that controls, is controlled by, or is under common control with the Company. Our affiliates may use the Personal Data we share in a manner consistent with this Privacy Policy.

๐Ÿ‘จโ€๐Ÿ’ป Vendors and Service Providers To assist us in meeting business operations needs and to perform certain services and functions, we may share Personal Data with vendors and service providers. When we provide your information to these third parties, we enter a contract that requires the recipient to keep that information confidential. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions, and the law.

โš–๏ธ Legal Requirements We may share Personal Data, if required to do so by law or our good faith belief that such action is necessary to: (i) comply with a legal obligation; (ii) protect and defend our rights or property; (iii) act in urgent circumstances to protect the personal safety of users of the Services, or the public; (iv) detect, prevent, or respond to fraud, intellectual property infringement, violations of this Privacy Policy, our Terms of Use, violations of law, or other misuse of our Site or otherwise; (v) protect against legal liability.

๐Ÿ” Business Transfer If we are involved in a merger, acquisition, financing due diligence, reorganization, bankruptcy, receivership, sale of all or a portion of our assets, or transition of service to another provider (collectively a โ€œTransactionโ€), your Personal Data and other information may be shared in the diligence process with counterparties and others assisting with the Transaction and transferred to a successor or affiliate as part of that Transaction along with other assets. In such event, we will use commercially reasonable efforts to help ensure that your personal information will be subject to appropriate privacy protections, in accordance with applicable privacy law.

How did we get the data in the first place?

โŒจ๏ธ Self Provided Data We collect Personal Data when you create an account on our Site, complete a contact form on our Site or request access to the Service, subscribe to our service or publications, request marketing to be sent to you, enter a competition, promotion or survey, or give us feedback or contact us.

๐Ÿ“ฅ Customers and Partner Provided Data In order to provide the Service, we may receive information about you from our Customers or Partners, such as your name, email address, phone number, salary, tax identification number, etc.. We process that information pursuant to our Terms and Conditions and other agreements with our business customers.

๐Ÿงฒ Automatically Collected Information Oyster automatically collects certain Technical Data when you access and interact with the Site, including your IP address, browser type, operating system, the type of device you are using, and the device identifier. We also use technologies such as cookies, beacons, tags, server logs, and scripts in order to gather information regarding your use of the Site. This allows us to analyze trends, administer the Site, and gather demographic information about our user base as a whole.

๐Ÿช Cookies We use cookies on certain pages of the Site. Some features of the Site may only be available through the use of a cookie. You are always free to decline cookies if your browser permits, although in that case you may not be able to use certain features of the Site and you may be required to reenter your password more frequently during a session. Visit our Cookie Policy for more information.

๐Ÿ”— Third Parties We receive personal data provided by you when filling in forms (e.g., applications or questionnaires) on our Site or other third party sites, sign up to receive notifications, newsletters or other communications from us, interact with our social media accounts or correspond or otherwise communicate with us. You should check the privacy settings of third-party services to understand what data may be disclosed to us.

๐Ÿ”ข Analytics Providers We use several companies for analytic assistance including Chartio, Google Analytics, Segment, and Snowflake. In addition, the companies that host our social media pages may provide us with aggregate information and analytics regarding your use.

How long do we keep the data?

โฒ Itโ€™s your personal information, not ours. We will only retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, and consistent with applicable law, to comply with our legal obligations, to resolve disputes, and to enforce our agreements.

๐Ÿ—ฃ You tell us how to manage it. In some circumstances you can ask us to delete your data, more on that below in Your Options. Please be aware that it is not always possible to completely remove or delete all of your personal information from our systems due to backups or technical constraints.

๐Ÿ™ˆ Finally, a reminder about aggregated and anonymized data... As noted above, we may aggregate or anonymize your personal data (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you. This helps us understand workforce trends and better support our Colleagues and Customer Companies.

Is my data secure?

๐Ÿ”’ Security We implement commercially reasonable technical, physical, administrative, and organizational measures to protect Personal Data both online and offline from loss, misuse, and unauthorized access, disclosure, alteration, or destruction. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality. Finally, we have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

โš ๏ธ However, no Internet or e-mail transmission is ever fully secure or error free. In particular, e-mail sent to or from us may not be secure. Therefore, you should take special care in deciding what information you send to us via the Site or e-mail. Please keep this in mind when disclosing any Personal Data via the Internet. In addition, we are not responsible for circumvention of any privacy settings or security measures contained on the Site, or third party websites.

๐Ÿ”— The Thing About Links The Site and Service may contain links to other websites not operated or controlled by the Company, including social media services (โ€œThird Party Sitesโ€). The information that you share with Third Party Sites will be governed by the specific privacy policies and terms of service of the Third Party Sites and not by this Privacy Policy. By providing these links we do not imply that we endorse or have reviewed these sites. Please contact the Third Party Sites directly for information on their privacy practices and policies.

๐ŸŒ International Data Transfers When you sign up for service with the Company or inquire about our services, we may transfer your personal information outside of Europe to the United States and other countries as necessary to perform our agreement with you or to respond to an inquiry you make. Whenever we transfer your personal data out of the EEA, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:

๐Ÿ“œ Where we use certain service providers, we may use specific contracts approved by the European Commission which give personal data the same protection it has in Europe. ยท

๐Ÿ”’ Where we use providers based in the US or elsewhere, we may transfer data to them if they provide evidence of similar protections to those afforded to personal data in Europe.

Accordingly, by using our services, you authorize the transfer of your information to the United States, where we are based, and to other locations where we and/or our service providers operate, and to its (and their) storage and use as specified in this Privacy Policy.

Your options

You have rights regarding how your personal data is handled. Specifically, you have the option to:

  • ๐Ÿ“‚ Request access to your personal data.
  • ๐Ÿ“ Request correction of the personal data that we hold about you.
  • ๐Ÿงฒ Request erasure of your personal data. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
  • โ›” Object to processing of your personal data on the grounds you feel it impacts on your fundamental rights and freedoms.
  • ๐Ÿ›’ Opt out of marketing You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.
  • โธ Request restriction of processing of your personal data in the following scenarios.
  • ๐Ÿš› Request the transfer of your personal data to you or to a third party.
  • โŒ Withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.

We will not discriminate against you for exercising any of your rights related to accessing, restricting, transfering, or deleting your personal information. If you wish to exercise any of the rights set out above, please contact us at privacy@oysterhr.com or follow the request instructions provided on the Oyster website.

Changes

The Service and our business may change from time to time. As a result we may change this Privacy Policy at any time. When we do we will post an updated version on this page, unless another type of notice is required by the applicable law. By continuing to use our Service or providing us with Personal Data after we have posted an updated Privacy Policy, or notified you by other means if applicable, you consent to the revised Privacy Policy and practices described in it. We encourage you to periodically review this page for the latest information on our privacy practices.

Contact

๐Ÿ“ž If you have any questions about our Privacy Policy or information governance practices, please feel free to contact us. If you disagree with our approach or have a particular concern with how we handle your Personal Data, you may lodge a complaint with your countryโ€™s proper oversight agency (we have provided a list here). We would, however, appreciate the chance to deal with your concerns directly before you make a complaint so please contact us first. We are available at privacy@oysterhr.com

Appendix A: Business purpose chart

We only use your personal data as allowed by the law and do not sell it. Depending on whether you are a Site Visitor, Customer, Vendor, or Employee, we use information we collect to:

  1. Respond to your requests.
  2. Protect the security or integrity of our Site.
  3. Improve our marketing and promotional efforts
  4. Statistically analyze Site usage
  5. Improve our content product offerings
  6. Customize our Site's content, layout, and services
  7. Administer workforce solutions
  8. Authenticate eligibility for potential employees, contractors, vendors, or suppliers
  9. Maintaining business records, logs, and other reporting tools; and
  10. Other general administrative and operational tasks.

This chart illustrates how different categories of person data may be used by Oyster.

Category Example Business Purposes(s)
Identifiers A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name and password, Social Security number, driver's license number, passport number, or other similar identifiers. 1-10
Personal information categories listed in the California Customer Records statute (Cal. Civ. Code ยง 1798.80(e)). A name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver's license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information. Some personal information included in this category may overlap with other categories. 1-4, 6-10
Protected classification characteristics under California or federal law. Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information). Familial status. 1-3, 6-10
Internet or other similar network activity Browsing history, search history, information on a consumer's interaction with Oyster and affiliate websites, applications, or advertisements. 1, 2, 4, 5, 9, 10
Employment information Current or past job position details or performance evaluations. 1, 5-10
Education information Education records such as grades and transcripts 1, 2
Copyright ยฉ 2020 Oyster HR Inc. All rights reserved.