Welcome is the data controller of the information we process which may originates from various jurisdictions, including the European Union (EU) and the United Kingdom (UK) and is therefore responsible for ensuring that systems and processes we use are compliant with applicable data protection laws.
Information You Provide
We may collect your name, postal address, email address, phone number, login credentials for the platform, demographic information (such as your occupation, level, location, or title), role information, compensation information, compensation history, equity or cap table information, industry profile, as well as other information you directly give us on the Platform or through manual uploads, forms, surveys, spreadsheets, emails, PDFs, or cloud storage platforms.
Information From Integrations
We may collect information you provide us through API, webhook, or credentialed access to your Applicant Tracking System (ATS), Human Resource Information System (HRIS), or other platforms, products, services, or systems that you explicitly grant Welcome access to.
Information We Get From Others
We may get information about you from other sources, including your website, news or public sources.We may add this to information you provide us through the Platform.
Information Automatically Collected
As you navigate through and interact with our Website, we may use automatic data collection technologies to collect certain information about your equipment, browsing actions, and patterns, including:
Visitor and Usage Information
We collect information about you and your devices when visiting or accessing the Platform.This is information we collect from every visitor to the Platform, whether they have an account or not. This information may include personal information, subject to consents when necessary. We may log your device type, unique identifiers, operating system, browser information, pages you viewed or interacted with, interactions on the pages you viewed, actions taken, how long you spent on a page, physical location, IP address, the dates and times you access the Platform, and other information about your use of, interactions with, and actions on the Platform.Cookies
Pages of the Website may contain small electronic files known as web beacons (also referred to as clear gifs, pixel tags, and single-pixel gifs) that permit us, for example, to count users who have visited those pages and for other related website statistics (for example, recording the popularity of certain website content and verifying system and server integrity).
Third party data
Welcome may receive data about you or about companies, organization, industries, visitors, marketing campaigns, and other matters related to our products and services from integrations, partners, or others that we use to make our own information more impactful. This data may be combined with other information we collect and might include aggregate level data.
How we use your information:
-To operate, maintain, and improve the Platform.
-To send communications including account invites, confirmations, technical notices, security alerts, notifications, system updates, upcoming events, and other news about products and services.
-To respond to questions and provide customer or technical support.
-To aggregate or combine user information with other information and data we collect. An example is when we combine the information a company has provided about their industry profile, compensation history, role, and level with the information entered by candidates to improve and personalize the user experience, including providing anonymized, real-time compensation benchmarks and metrics to help make better offers.
-To provide and deliver products and service requests.
-To protect against any fraudulent, unauthorized, or illegal activity on the Platform.
For the purposes of privacy laws applicable in certain jurisdictions, the lawful bases on which we process your personal information are:
-When we use your personal information to provide our services to you, including when we communicate with you about our services, we rely upon our legitimate interests as a lawful ground to process your personal information, or where applicable we may process such information with your consent
-When we use your personal information to provide technical support and customer services to you, we rely on legitimate interests as a lawful ground to process your personal information
-When we use your personal information to prevent against fraudulent or illegal activities on our Website we may rely upon compliance with a legal obligation as a lawful ground to process your personal information
When we share your information
-To comply with applicable laws, regulations, or regulatory requests (if applicable).
-To protect the rights and property of Welcome, our employees, agents, customers, and others.
-To fulfill explicit customers’ instructions.
-For legal, security, and safety purposes.
-When customers' administrators need access to customer, candidate, and user access information on their account.
-With those who need it to do work for Welcome, such as granting a Welcome employee necessary access in order to do their job.
-We may share aggregated or anonymized data through the product or content. We may disclose or use aggregated or anonymized data for any purpose, including but not limited to, benchmarking, reporting, analytics, real-time compensation data, marketing, content purposes.
-With the agreement of our customers Welcome may anonymize the customer's data and provide it to other customers as long as it is aggregated, de-identified, and is not associated with a given individual or company.
-When Customers authorize access to customer data through third parties that Welcome works with or integrates with.
-We will not share personal information with investors of the Company beyond any personal information that such investors are entitled to for customary legitimate business purposes.
-If we engage in or negotiate a merger, acquisition, or bankruptcy transaction or proceeding of some or all of Welcome’s assets or stock, financing, public offering of securities, acquisition of all or a portion of our business, a similar transaction or proceeding, or steps in contemplation of such activities, personal information may be shared or transferred subject to reasonable confidentiality restrictions.
-We may share personal information with third parties when we have engaged with themas service providers (such as IT service providers) to process information and support the Platform
-We may share your personal information with our professional advisers, insurers and auditors to meet our business requirements and regulations which govern the operation of our business.Access to customer information
Welcome limits access to customer data and information, including within our own teams, as follows:
-All data is encrypted at rest for all data stores (databases, cache, etc)
-Welcome requires and enforces user access and authorization through secure logins and passwords
-Customer data access is audited, and limited to Welcome employees on a "least privilege" principle
-Welcome limits access to production environments on the basis of business need
-Welcome provides training to employees who are involved in the processing of Customer data to prevent data being used in an unauthorized manner, and to ensure the data is kept confidential
-Welcome immediately revokes all access to critical and non-critical systems upon employee termination (voluntary or involuntary)Data security
As set out below, Welcome has appropriate physical, technical, and administrative safeguards in place designed to protect your personal information from loss, misuse, unauthorized access, disclosure, alteration, or destruction. You should keep in mind, however, that no Internet transmission is ever 100% secure or error-free.In particular, e-mail sent to or from our Website may not be secure.
-All Customer information and data is stored entirely within Amazon Web Services(AWS) infrastructure.
-Welcome separates each of our customers' information and data and also maintains measures to prevent information or data from being exposed, accessed, or shared with other customers or partners.
-Welcome uses standard SSL/TLS security on all web requests.
-Welcome leverages AWS cloud security through Fargate in a designated VPC.
-Welcome securely routes and manages traffic using CloudFlare.
-Welcome stores all sensitive documents in a private S3 bucket, which requires authentication credentials and permissions to access
-Welcome does not store passwords, API keys, or credentials in plain textThe safety and security of your information also depends on you. Where we have given you (or where you have chosen) a password for access to certain parts of our Website, you are responsible for keeping this password confidential. We ask you not to share your password with anyone.Security Assessments
-All code is reviewed before being added to the service, including third party tools and integrations.
-Welcome has implemented real-time error logging, system monitoring, and security alerts.
-Welcome undergoes annual vulnerability and security audits conducted by independent third party experts.YOUR RIGHTS RELATING TO YOUR PERSONAL DATA
Data protection and privacy laws afford various rights to individuals in certain jurisdictions, including the United States (such as California), the EU and the UK. Details of those rights and how you may exercise them are set out below.CaliforniaPrivacy Rights
If you are a California resident, California law may provide you with additional rights regarding our use of your personal information. California’s “Shine the Light” law (Civil Code Section § 1798.83) permits users of our App that are California residents to request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes. To make such a request, please send an email to email@example.com.
CaliforniaConsumer Privacy Act (CCPA)
You can review our CCPA Notice here
Rights in theEEA and UK and other jurisdictions which have adopted similar laws
If you are located in the EEA, the UK or in other jurisdictions which have adopted similar laws, you may have certain rights as an individual under privacy laws applicable in those jurisdictions. For example, European data protection legislation provides individuals with the right to lodge a complaint with a supervisory authority. The rights which may be applicable to you if you live in any of those jurisdictions are set out below.Right to be informed
This Privacy Notice sets out how we use your Personal Information and gives you information about how you can exercise any of your rights in accordance with applicable privacy laws.
Right of access
You may be entitled to ask us for a copy of any Personal Information which we hold. This right is known as a ‘Subject Access Request.’ We will normally send you a copy of the Personal Information within one month of your request.However, that period may be extended by two further months where necessary, taking into account the complexity of the request or the difficulty in accessing the Personal Information that you request. There is usually no charge; but in exceptional circumstances we may charge but will discuss this with you if those circumstances apply.
Right to rectification
If the PersonalInformation we hold about you is inaccurate, you may request rectification. The Personal Information will be checked, and, where appropriate, inaccuracies will be rectified.
Right to erasure
In certain circumstances, you may be entitled to ask us to erase your Personal Information.
Right to data portability
In certain circumstances, you may wish to move, copy, or transfer the electronic Personal Information that we hold about you to another organization.
Right to object
You may object to your Personal Information being used for direct marketing – see “MarketingCommunications” below. You may object to the continued use of your Personal Information in any circumstances where we rely upon consent as the legal basis for processing it.
Rights related to automated decision-making including profiling
We will not use your Personal Information in connection with any automated decision-making process. Deleting Customer Information
We delete all our Customer's identifiable data and information after one year after the relationship has been terminated. If you wish to request deletion of your personal information earlier please contact us at firstname.lastname@example.org.International Users
Our servers are either located in the United States or, if located in other countries, may be accessed from the United States. Please note that in countries outside your own country, and in particular outside the EU, EEA, and UK, standards of data protection might apply which are different from those which apply in your own country.
-By sharing Personal Information with us, including via our website, you acknowledge and consent that your data may be transferred across national borders.
-To govern our transfers of personal information from the EU, EEA and UK to recipients in our offices outside those jurisdictions, we have entered into the standard data protection clauses adopted by the European Commission (“Data Transfer Agreement”) with our customers, where applicable.
When creating an account or visiting the Platform or any of our websites, including any subdomains, and providing your email to sign up for a demo or join the waitlist, you are opting into our marketing communications and emails. Our marketing communications give you the option to unsubscribe. If you unsubscribe, we may still send you transactional (non-marketing)communications, if applicable. Transactional communications include emails about your accounts and our business dealings with you that are necessary for fulfilling our obligations to you. This includes, but not limited to, notifications about platform engagement and usage that is critical to your successful usage of the Platform.