Dated April 21, 2023
1. General Conditions
1.3. Key Terms:
Personal data means any information or a set of information about a natural person who is identified or can be clearly identified;
GDPR is the regulation of the European Union on the protection of personal data of all persons within the European Union and the European Economic Area;
Consent of the subject of personal data is a voluntary expression of will regarding the granting of permission for the processing of personal data in accordance with the defined purpose of their processing;
Processing of personal data is any action or set of actions, such as collection, registration, accumulation, storage, adaptation, change, renewal, use and distribution (implementation, transfer), depersonalization, and destruction of personal data, including using information (automated) systems.
1.5. During the registration of a user (Client/Administrator/Recruiter/User) in НURMA, a relevant account (profile) containing a number of personal data is automatically created. The Client/Administrator/Recruiter/User guarantees and is responsible for the authenticity, completeness, and relevance of such data.
1.6. In the event that HURMA SYSTEM has grounds to believe that the information provided is incomplete, untrustworthy, or false, HURMA SYSTEM reserves the right to request the confirmation documents from the Client, and also to block temporarily or delete in full the Client/Administrator/User’s account at its own discretion and to prohibit the Client/Administrator/User from using the Service in full or in part.
1.7. In the process of registration and use of the Service, the Client and Users independently choose the password to access their account. HURMA SYSTEM is not responsible for the reliability of the chosen password and for the consequences of transferring the password to third parties. However, HURMA SYSTEM has the right to prohibit the use of certain logins, may set requirements (length, permissible characters) when forming a password, encrypt passwords, and use password management programs.
1.8. The Client is independently responsible for the distribution of data for access to the Service (identifiers, passwords, etc.), for entering personal data into the HURMA Service, for the essence of the content, including compliance of the content with the norms of current legislation.
2. Information that is collected and may be processed
2.1. In order to ensure quality provision of services to HURMA SYSTEM Clients, it is necessary to obtain certain information about the Client, general personal data of Users, while HURMA SYSTEM is limited to the minimum list of information and data that is necessary to provide services and achieve the purpose.
2.2. Information provided to the HURMA SYSTEM by the Client may include:
- personal data, including data of third parties (Administrator, Recruiter, User): name, date of birth, gender, postal address, e-mail, phone number, information about bank accounts (card accounts), a field of business (activity), photo, Internet Protocol (IP) address, browser type, Internet Service Provider (ISP), referring pages, interests, login/logout dates and times, operating system;
- information that constitutes the sphere of the Client's labor relations;
- the information we receive about Client/Administrator/Recruiter/User from other official sources, including social networks, and through messengers which are configured to work with the service.
2.3. НURMA SYSTEM does not control the authenticity and relevance of the information provided by the Client but is entitled at any time to require the confirmation of the validity of the information.
2.4. НURMA SYSTEM can provide the ability to integrate the Service with third-party products. НURMA SYSTEM reserves the right to place links to third-party websites/services. At the same time, НURMA SYSTEM is not responsible for the collection, storage, and processing of personal information by third-party software, which is provided to such third-party providers by the Client or user. The individual should familiarize themselves with the policies of such third-party websites/services.
2.6. The use of the HURMA Service by the Client means the full and unconditional consent of the Client and its users (Administrators/Recruiters/Users) to the storage and processing of personal data and personal information provided to HURMA SYSTEM.
3. Principles of data processing
3.1. The collection and processing of personal data and information is carried out in accordance with the principles established by law, including, but not limited to:
- lawfulness and transparency of collection and processing;
- specification and explicit of purpose;
- data minimisation (only necessary data collection and processing);
- data accuracy;
- determination of data storage period;
- integrity and confidentiality.
3.2. Any actions regarding personal data by HURMA SYSTEM are carried out and/or can be carried out exclusively on a legal basis and in accordance with the principles established by law.
4. Personal data processing purposes
4.1. The collection and processing of personal data may be carried out for the following purpose:
- proper provision of HURMA access and use services for the Client;
- improvement of the Service, including upgrading according to the needs of the Client;
- marketing goals, namely, bringing new product features to the attention of the Client;
- organizing communication with the technical support department, marketing department and other structures of HURMA SYSTEM, including for receiving proposals from the Client/Administrator/Recruiter/Users;
- ensuring the fulfillment of the rights of the Client and Users of the Service;
- settlement of conflict situations.
4.2. HURMA SYSTEM has the right to publish/post personal reviews of the Client/Administrator/Recruiter/User about the Service on its website. If the Client/Administrator/Recruiter/User wishes to delete his/her feedback, he/she should send the relevant letter to email@example.com.
5. Security of personal information, confidentiality and storage conditions
5.1. HURMA SYSTEM takes the necessary legal, organizational and technical measures for protection of information and security of Personal Data. Connection to the system is possible only with the use of Transport Layer Security (TLS) technology. The system uses generally accepted security standards and includes administrative and technical measures and procedures for the protection of Personal Data, among such measures (including, but not limited):
- Defense in Depth
- Web application firewall
- Input validation
- 24/7 security monitoring and management
- Frequent scanning for vulnerabilities
- Industry-standard encryption
- Penetration testing
HURMA SYSTEM and its representatives never request credentials of the Client/Administrator/Recruiter/User. We recommend: use a unique password that is not used to access any other resource and consists of at least 12 characters and includes numbers and special characters; periodically change the password; verify that access to the system is used only from trusted environments and devices that have a reliable level of protection, including network and anti-virus protection.
5.2. HURMA SYSTEM informs that the data provided by the Client and its users, and the Client’s Content will be hosted, backed up and stored on secure, certified servers located in Western Europe and/or North America. Such backup and copying ensures the security of data storage and facilitates the recovery of lost or damaged content in case of emergencies.
5.3. HURMA SYSTEM complies with international requirements and monitors compliance with legal, organizational and technical requirements in the activities of contractors who may be involved to ensure the effective operation of the Service.
6. Cases of personal information disclosure
6.1. HURMA SYSTEM complies with all requirements for maintaining the confidentiality of personal data and protection against disclosure of personal data and information.
6.2. HURMA SYSTEM may disclose personal data to third parties on the basis of the written consent or authorization of the Client in accordance with the instructions provided by the Client. Personal data may be transferred for the performance of a contract to which the Client may be a party or beneficiary or guarantor, subject to prior consent or relevant instructions from the Client.
6.3. Personal information may be transferred to connect and/or register third-party software products on behalf of the Client, subject to prior consent or appropriate instructions from the Client.
6.4. Personal data may be used to protect the rights and legitimate interests of the Service or third parties in case the User violates the copyright and other intellectual property rights of the HURMA SYSTEM and/or the corresponding Agreement in the form of data transfer to supervisory/law enforcement agencies or a court, as well as at the request of judicial authorities based on the relevant ruling or resolution
7. Rights of the personal data subject
7.1. The personal data subject has the right:
- of access to his/her personal data;
- to rectify the provided personal data and update them (making changes, updating data, etc.);
- to request the termination of the processing of his/herr personal data (which may result in the automatic termination of the provision of services);
- to request the deletion of personal data;
- to require the HURMA SYSTEM not to use personal data for marketing purposes, by sending an appropriate letter to firstname.lastname@example.org;
- to contact HURMA SYSTEM for clarifications regarding the processing of personal data by sending a corresponding letter to email@example.com.
7.2. The Client/Administrator/Recruiter/User of the Service has the right:
- independently edit his/her account (profile) by making changes and additions in accordance with the available functionality;
- in case of termination of Service use, to demand the deletion of all account data and content (with the exception of data that has to be stored in accordance with legal requirements);
- to download Content related to the Client’s activities and upload Content at any time convenient for this (after the termination of use of Services/termination of contractual relations, the Client has 7 calendar days to upload content; after the expiration of the specified 7 calendar days, HURMA SYSTEM has the full right to delete all the Client's content on its own without consent and warning of such actions);
- leave feedback on the work of HURMA SYSTEM.
8. Mechanisms of legal protection
8.1. The personal data subject has the right to use the available rights regarding the protection of his/her personal data in accordance with legally prescribed procedures.
8.2. In order to ensure and protect his/her rights regarding personal data when using HURMA SYSTEM service, the Subject of personal data can address any questions to HURMA SYSTEM by sending a corresponding request to the email address firstname.lastname@example.org.
8.3. The personal data subject has the right to apply to the relevant competent authorities in case of violations of his/her personal data rights.
9. Processing of personal data in case of integration with Google Calendar and Gmail
9.1. In case of connecting to Google Mail (Gmail) and Google Calendar, the User grants HURMA access to data transmitted using the Google API:
- calendar data and its settings. This data is periodically cached and synchronized with Google Calendar. Calendar data is used to display a list of events in the Calendar section of the HURMA;
- information about contacts from the User's company. When creating or editing events in the calendar, the User can see the participants of the meeting. This data is synchronized once and only at the moment when the calendar is connected;
- sent letters from candidates for synchronization of correspondence with them. The User's conversation with candidates is saved and displayed in HURMA. The system does not use or store all other communications;
- letters the User sent to candidates.
9.2. The basis for processing this data is the Client's contractual document with HURMA (Agreement/Offer). The data is processed only with the full consent of the User. The data is processed only with the full consent of the User for the entire duration of the contract or until the User decides to suspend or cancel the integration of Google email and his HURMA account.
9.3. The User may delete or block all the data listed in this Section 9 independently or send a request for its deletion.
9.4. HURMA does not transfer the data obtained through the Google API to third parties, except in cases where it is necessary to fulfill the terms of service or comply with legal requirements. Information received through Gmail and Google Calendar can't be used to display ads.
In case of transfer of the information specified in clause 9.1. to any other service, HURMA complies with Google API Services User Data Policy.
10. Final provisions
10.3. The procedure for using the HURMA SYSTEM services is governed by the Agreement or Terms of Service.