Effective Date: May 5, 2020
Special Note for Users who are not in the EEA:
1. Who We Are and the Services We Provide
Flux is a technology company that provides a resourcing platform in order to connect employees to the company’s evolving work needs, and to grow your skills and/or career through information and experiences. Whether it’s a full time role, rotation, flex time project, or other opportunity, the Services provide you with details of the opportunity and represent you and other candidates to your Employer.
2. Information We Collect and Our Role under GDPR
Flux as Data Controller
Flux may collect Personal Data about you as explained in this section. “Personal Data” is information relating to you as an identified or identifiable person. Under GDPR framework, Flux is the data controller as to the Personal Data we collect about you.
Personal Data Collected through Our Site or Services
(i) Registration & Profile Data
We may collect Personal Data when you use our Site or Services. In order to register your Flux account and create your profile, you provide information that personally identifies you, such as your name and e-mail address. You may provide your company name, job history and other personally identifiable information that you choose to provide us with or that you choose to include in your profile. If you want to fast-track the creation of your profile, we can pre-populate your profile with publicly available information about you from third party platforms, such as LinkedIn, when prompted during registration onboarding. If you do not wish for us to do this, you may choose to proceed without this option. This publicly available information is considered part of the Public Data Set. You may be asked to provide us with Personal Data when you use any of our Services, when you communicate with us, and at other times.
(ii) Usage Data and Site Activity
We and our Service Providers (defined below) may automatically collect the following information about your device and your use of our Site or Services through cookies, web beacons, and other technologies: the functions you use and searches you perform using the Services; browser agent name and version; web pages you view; links you click; your IP address; the length of time you visit our Site and or use our Services; and the referring URL, or the webpage that led you to our Site (“Usage Data”). We use this information to monitor and improve the Site and Services, enhance your online experience and to enable us to provide you with an easier and more personalized experience and level of service. We may combine Usage Data with Personal Data that you have provided to us.
(iii) Cookies and Anonymous Identifiers
(iv) Information You Input or Upload while Utilizing Our Services
As part of utilizing our Services you may input or upload information about talents, skills, previous work history and employers, educational background, job interests, personal qualities, and other similar information; you may also provide us with your credentials to third-party sites or services, such as LinkedIn, in order to synchronize certain emails, employment history, skills or other information with our Services; and you may provide us with other information (collectively “Customer Data”). We use this data to provide the Services to you and your Employer, including our Work Genome technology.
• Flux Work Genome
Our goal is to help make great matches between your Employer and employees like yourself to illuminate pools of talent previously unknown to your Employer. To do that, we have developed our Work Genome: a learning data set based on the data provided by you or your Employer. Our Work Genome allows your Employer to better understand skills, qualities, experiences and talents you may have to better assess whether you could be a match for any work or employment needs, as well as assisting you in being surfaced by our Service to your Employer based on additional job and skills related data in order for you to find new and exciting work opportunities or projects with your Employer. If you wish to limit the visibility of your information you may do so via the user settings within the Services.
(v) Public Data Set
As discussed above, our goal is to help make great matches between your Employer and employees like yourself to illuminate pools of talent previously unknown to your Employer. In furtherance of this goal, we have developed a public data set (“Public Data Set”) that bolsters the data provided by you or your Employer. Our technology may continuously collect public personal information such as names, email addresses, approximate locations, educational background, employment history and job-skills related information, and other recruiting-related information from third party platforms, such as LinkedIn, to integrate into our Work Genome, to use as aggregated statistics in reports, or otherwise improve the Service.
If you do not wish to have your information included in our Public Data Set, we will honor your request to opt-out. To opt-out please provide your request with name and email address to email@example.com and we will remove your information from our system, or follow-up with you if we need further information in order to honor your request.
Please note, we may need to retain certain data about you in order to ensure that we can continue to honor your request to opt out. We will maintain the minimum amount of information necessary for this purpose, and will not share this information with your Employer.
Flux as Data Processor
Employer Provided Data
As part of utilizing our Services, your Employer may provide us with Personal Data such as your name, email address, job title, job location, job tenure dates, and other job related information (“Employer Data”). Your Employer may provide us with this data so that you can create an account and utilize the Services. Flux is a data processor as to Employer Data. Flux will only process Employer Data according to your Employer’s instructions and to deliver the Services to you.
3. How We Use Information and When We May Share and Disclose Information
We use the information, including Personal Data, alone or in combination with other information that we may collect about you, including information from third parties, for the following purposes:
• to provide you with the Site and Services, including provide you with job and project opportunities by your Employer and skills assessments;
• to allow your Employer to assess and understand your skill set, employment background, eligibility and fit for job or project opportunities, including via operation of our Work Genome;
• to allow your Employer to contact you if your information matches a job or project opportunity;
• to provide information on where individuals in your organization have worked before, their skill sets, how you compare to their profile, and work or projects they have previously or are currently working on;
• to provide you with information on jobs or projects that you may be interested in or qualified for;
• to allow other users to, if you allow, contact you and create new relationships and connections;
• to establish and maintain our account, to send you alerts about your account and provide you with customer support;
• to better understand how users access and use our Site and Services, both on an aggregated and individualized basis, to maintain, support, and improve our Site and Services, to respond to user preferences, and for research and analytical purposes, including publishing industry reports;
• to keep you informed of Flux programs, products and other service we think may be of interest to you; and
• to otherwise communicate with you about Flux, your Employer or work opportunities.
We may share and disclose information from you, including Personal Data, for the following purposes:
• Service Providers: From time to time, we may utilize other businesses whom we believe trustworthy and who have confirmed that their privacy practices are consistent with ours (“Service Providers”). For example, we use Amazon Web Services (AWS) as a Service Provider to host the Site and Services and store Personal Data. Your information is not disclosed to AWS, but is transferred through, and resides on, computers owned by AWS. AWS is ISO/IEC 27018 certified and has a system of controls in place that specifically address the privacy protection of Flux’s content. We may contract with other Service Providers to provide certain services, such as hosting and maintenance, data storage and management, authentication, analytics, and marketing and promotions. We only provide our Service Providers with the information necessary for them to perform these services on our behalf. Each Service Provider must agree to use reasonable security procedures and practices, appropriate to the nature of the information involved, in order to protect your Personal Data from unauthorized access, use, or disclosure. Service Providers are prohibited from using Personal Data other than as specified by us.
• Compliance with Laws and Law Enforcement: We cooperate with government and law enforcement officials and private parties to enforce and comply with the law. We may disclose Personal Data (including Customer Data and Usage Data) and any other information about you to government or law enforcement officials or private parties if, in our discretion, we believe it is necessary or appropriate in order to respond to legal requests (including court orders and subpoenas), to protect the safety, property, or rights of our organization or of any third party, to prevent or stop any illegal, unethical, or legally actionable activity, or to comply with the law.
• Aggregated Usage Data: We will not disclose Personal Data to third parties, including for their direct marketing purposes, without your consent. We may disclose to third parties, certain Customer Data and/or Usage Data regarding the Site and Services, however, such uses shall be on an aggregated basis so as not to identify you individually.
4. Our Purposes and Legal Basis for Processing
5. Cross-Border Transfers and Safeguards
Flux stores and processes Personal Data in the United States. In the event Flux transfers Personal Data from the EEA to the United States, such transfer will be pursuant to the Standard Contractual Clauses approved by the European Commission, which require Flux to protect Personal Data it processes from the EEA in accordance with GDPR and applicable data protection laws. Our Standard Contractual Clauses can be provided upon request.
6. How Long We Process and Store Information
We will store your information until you request that we delete your account, unless we have an ongoing legitimate business interest. We retain Personal Data we collect from you where we have an ongoing legitimate business need to do so (for example, to comply with applicable legal requirements, to enforce our agreements or comply with our legal obligations). When we have no ongoing legitimate business need to process your personal information, we will delete your data. At any time, you can also limit the visibility of your information via the user settings within the Services, and opt out from our Public Data Sets.
7. Managing Your Personal Account Data
You can review, correct, update, delete, or change most of your Personal Data used to establish your account and limit the visibility of your Personal Data by using your account settings within the Services. You are able to opt out of receiving certain e-mails and other communications from us within the Services or by e-mailing us at firstname.lastname@example.org. You are able to opt out of receiving marketing e-mails from us, however, you cannot opt out of receiving all e-mails from us, such as e-mails about the status of your account with us because those emails are necessary to deliver the Services you have requested.
8. Your Rights Regarding Your Personal Data under the GDPR
You have the following rights with respect to your Personal Data. When exercising any of the rights listed below, in order to process your request, we may need to verify your identity for your security. In such cases we will need you to respond with proof of your identity before you can exercise these rights.
• The right to access, correct, update, and/or erase personal information
o At any point you can contact us at email@example.com to request access to or that we change, update or delete your personal information. Please note that we may impose a small fee for access and disclosure of your personal information where permitted under applicable law, which will be communicated to you. Certain information may be exempt from such requests under applicable law. For example, we may retain certain information for legal compliance and to secure our Services.
• The right to object to processing of your data
o You have the right to request that we stop processing your data for direct marketing or for processing based on our legitimate interests. To exercise this right email us at firstname.lastname@example.org.
• The right to data portability
o To the extent that the legal basis for our processing of your personal data is: (i) consent; or (ii) that the processing is necessary for the provision of services to you or to take steps at your request to provide you services, and such processing is carried out by automated means, you have the right to receive your personal data from us in a structured, commonly used and machine-readable format, or to have us transfer your data to another controller. To exercise this right email us at email@example.com.
• The right to withdraw your consent
o You have the right to withdraw your consent to the processing of your personal information at any time where the legal basis for our processing is your consent. To exercise this right email us at firstname.lastname@example.org.
• The right to restrict processing of your data
o You have the right to restrict the processing of your data in certain circumstances including: (i) if you contest its accuracy; (ii) if the processing is unlawful and you oppose the erasure; (iii) if it is no longer needed for the purposes for which it was collected, but you require it for the defense of a legal claim.
• The right to lodge a complaint with a data protection authority
o You have the right to lodge a complaint with the supervisory authority, in the Member State where you have your habitual residence, place of work, or where an alleged infringement of the GDPR has taken place. For more information, please contact your local data protection authority. Contact details for data protection authorities in the EEA are available at: http://ec.europa.eu/justice/data-protection/article-29/structure/data-protection-authorities/index_en.htm
9. Be Careful When You Share Information with Others
Please be aware that whenever you share information on any public area of the Site or Services, that information may be accessed by others. In addition, please remember that when you share information in any other communications with third parties, that information may be passed along or made public by others. This means that anyone with access to such information can potentially use it for any purpose, including sending unsolicited communications.
We maintain physical, electronic, and procedural safeguards to protect the confidentiality and security of information transmitted to us. However, no data transmission over the Internet or other network can be guaranteed to be 100% secure. As a result, while we strive to protect information transmitted on or through the Site or Services, we cannot and do not guarantee the security of any information you transmit on or through the Site or Services, and you do so at your own risk.
12. Children’s Privacy
The Site and Services are intended for EEA users who are the age of majority in their country. We do not knowingly collect Personal Data from users under the age of 16. If we become aware that we have inadvertently received Personal Data from a user under the age of 16, we will delete such information from our records.
13. Updates or Changes in Processing
14. Contact Information
Flux Work, Inc.
315 Montgomery St, 10th Floor
San Francisco, CA 94104
Attn: Data Protection Officer