Privacy & Cookies Notice

Your Privacy Matters

CandidateX is a community-led movement, accelerating equality in the workplace. Central to this is our commitment to be transparent about the data we collect about you, how it is used and with whom it is shared.

Contents

1. INTRODUCTION

CandidateX is a trading name of CandidateX LTD who are registered in England & Wales No.11920169. We are committed to protecting the privacy and security of your personal information. We take care to protect the privacy of our customers and users of our products and or services that communicate online or offline with us, in store, events, over the phone, through our mobile applications, websites and social media platforms. We have therefore developed this privacy policy to inform you of the data we collect, what we do with your information, what we do to keep it secure as well as the rights and choices you have over your personal information.

Our Privacy Policy applies to any Member or Visitor to our Services.

Our registered users (“Members”) share their identities, engage and exchange knowledge and professional insights. Content and data on some of our Services is viewable to non-members (“Visitors”).

2. THE INFORMATION WE COLLECT ON OUR WEBSITE

We only collect information that we know we will genuinely use and in accordance with the General Data Protection Regulation (GDPR). The type of information that we will collect on you, and you voluntarily provide to us on this website includes:

  • Your full name
  • Other supplied personal data
  • The name of your company
  • Your Email address
  • Your phone number
  • Your IP address at the time
  • The time and date of when you submitted information
  • The corresponding statement that you consented to
  • Your CandidateX support image

We may, in further dealings with you, extend this information to include the services used, and subscriptions, records of conversations and agreements.

  • You are under no statutory or contractual requirement or obligation to provide us with your personal information; however we require at least the information above in order for us to deal with you as a prospect or customer/member/service user in an efficient and effective manner.
  • The legal basis for processing your data is based on your specific consent/performance of a contract/compliance with a legal obligation/your vital interest/our legitimate interest that we will have requested/stated at the point the information was initially provided, therefore we will not store, process or transfer your data outside the parties detailed above unless we have an appropriate lawful reason to do so.

2.1

Contact Form The primary instance where our website will ask you for personally identifiable information is our contact form. The contact form specifically, is powered by a popular WordPress plugin called Contact Form 7. Upon completing your information, you will be asked to consent to our data processing policy which is outlined within this document. Once submitted, your information will be processed and forwarded to us within a single email sent by the website application. Your information will not be stored within the website application’s database.

Hotjar We use Hotjar in order to better understand our users’ needs and to optimise this service and experience. Hotjar is a technology service that helps us better understand our users experience (e.g. how much time they spend on which pages, which links they choose to click, what users do and don’t like, etc.) and this enables us to build and maintain our service with user feedback. Hotjar uses cookies (listed later in this policy) and other technologies to collect data on our users’ behaviour and their devices (in particular device’s IP address (captured and stored only in anonymized form), device screen size, device type (unique device identifiers), browser information, geographic location (country only), preferred language used to display our website). Hotjar stores this information in a pseudonymized user profile. Neither Hotjar nor we will ever use this information to identify individual users or to match it with further data on an individual user. For further details, please see Hotjar’s privacy policy.

https://www.hotjar.com/legal/policies/privacy/

You can opt-out to the creation of a user profile, Hotjar’s storing of data about your usage of our site and Hotjar’s use of tracking cookies on other websites by following this opt-out link.

Hubspot This website uses the HubSpot – an inbound marketing and sales platform to customise content to visitors and adapt how we communicate with them. HubSpot uses cookies (which are detailed below) and pixel tags to analyse your use of our website. This anonymous information is transferred to and stored in a HubSpot server in the USA. You can learn more about HubSpot’s privacy practices by reading their privacy policy.

https://legal.hubspot.com/privacy-policy

2.2 Posting and Uploading

We collect personal data from you when you provide your support to the CandidateX movement such as when you fill out a form, (e.g. with demographic data, your photo, response to a survey)

Customers and partners may provide data to us.

3. HOW WE USE YOUR INFORMATION

  • To use on ‘The Hub’
  • To contact you, following your enquiry, reply to any questions, suggestions, issues or complaints you have contacted us about;
  • Make available our products and services to you;
  • For statistical analysis and to get feedback from you about our products, websites, mobile apps, and other services and activities. For example, occasionally we may invite you to review a product or service we are creating;
  • To power our security measures and services so you can safely access our website and mobile apps;
  • Help us understand more about you as a customer, the products and services you consume, so we can serve you better;
  • Contact you about products and services from us;
  • Provide you with online advertising and promotions; and
  • Help answer your questions and solve any issues you have
  • Research purposes

Stay Informed

Our Services allow you to stay informed about news, events and ideas regarding professional, equality, diversity and inclusion topics you care about.

We use the data we have about you (e.g., data you provide, data we collect from your engagement with our Services and inferences we make from the data we have about you), to personalize our engagement for you.

4. WHO WE MIGHT SHARE YOUR INFORMATION WITH

We may share your personal data with other organisations in the following circumstances:

  • If the law or a public authority says we must share the personal data;
  • If we need to share personal data in order to establish, exercise or defend our legal rights (this includes providing personal data to others for the purposes of preventing fraud and reducing credit risk); or
  • From time to time, employ the services of other parties for dealing with certain processes necessary for the operation of the Website. However, all the information we share will be collected and anonymised,
  • Neither you nor any of your devices can be identified from it.

5. HOW WE KEEP YOU UPDATED ON OUR BUSINESS, PRODUCTS AND SERVICES

Email Marketing

From time to time we may send you relevant information and news about our business, products and services by email, but only if you have consented to receive these marketing communications. When interacting with our website, you may be asked if you’d like to sign-up to receive our email marketing communications and will you be asked explicitly to opt-in to receiving these. You can change your Email Marketing subscription anytime by editing your preferences or unsubscribing altogether via the link at the bottom of any of our email marketing communications or by contacting us via the details at the end of this policy.

6. YOUR RIGHTS OVER YOUR INFORMATION

Right to Access Your Personal Information

For personal data that we have about you, you can:

  • Delete Data: You can ask us to erase or delete all or some of your personal data.
  • Change or Correct Data: You can edit some of your personal data through your account. You can also ask us to change, update or fix your data in certain cases, particularly if it’s inaccurate.
  • Object to, or Limit or Restrict, Use of Data: You can ask us to stop using all or some of your personal data (e.g., if we have no legal right to keep using it) or to limit our use of it (e.g., if your personal data is unlawfully held or inaccurate).
  • Right to Access and/or Take Your Data: You can ask us for a copy of your personal data and can ask for a copy of personal data you provided in machine readable form.

The Information Commissioner’s Office (ICO) regulates data protection and privacy matters in the UK. They make a lot of information accessible to consumers on their website and they ensure that the registered details of all data controllers such as ourselves are available publicly. You can make a complaint to the ICO at any time about the way we use your information. However, we hope that you would consider raising any issue or complaint you have with us first. Your satisfaction is extremely important to us, and we will always do our very best to solve any problems you may have. If you would like to exercise any of these above rights, please contact us via the details listed at the very end of this policy.

7. HOW LONG WE KEEP YOUR INFORMATION FOR

We retain a record of your personal information in order to provide you with a high quality and consistent service. We will always retain your personal information in accordance with the General Data Protection Regulation (GDPR) and never retain your information for longer than is necessary. Unless otherwise required by law, your data will be stored for a period of 2 years after our last contact with you/some other identifiable action or period, at which point it will be permanently deleted and therefore irretrievable.

8. YOUR DATA AND SOCIAL NETWORKS

When using this website, you may be able to share information through social networks like Facebook and Twitter. For example, when you ‘like’, ‘share’ or review our Services. When doing this, your personal information may be visible to the providers of those social networks and/or their other users. Please remember it is your responsibility to set appropriate privacy settings on your social network accounts so you are comfortable with how your information is used and shared on them.

9. SECURITY

Data security is of the highest importance to CandidateX and to protect your data we have put in place suitable physical, electronic and managerial procedures to safeguard and secure your collected data. We take security measures to protect your information including: Physical & Managerial Security Procedures

  • Limiting access to our buildings to those that we believe are entitled to be there (by use of passes, key card access and other related technologies);
  • Implementing access controls to our information technology
  • We use appropriate procedures and technical security measures (including strict encryption, anonymisation and archiving techniques) to safeguard your information across all our computer systems, networks, offices and stores.
  • Never asking you to disclose your own passwords,
  • Advising you never to enter your account number or password into an email or after following a link from an email.

Website Application and Hosting Security Procedures

  • HTTPS – This website is secured via Hyper Text Transfer Protocol Secure (HTTPS). It means all communications between your browser and this website are securely encrypted. This means that even if somebody managed to intercept the connection, they would not be able to decrypt any of the data which passes between you and the website.
  • Secure Payments via PayPal – All transactions taken and processed on this website are handled separately by PayPal.
  • Secure Update Process – Inline with the security processes of our website development partner agency, this website application’s code-base is administered and updated via a password and FTP free process.
  • All code-changes are deployed via a secure process that does not rely on the storage and visible access of passwords.
  • Two Factor Authentication – Where possible, the administration interface to this website application and any personally identifiable information herein, is secured behind a two factor authentication login to all staff who have access to it. Additionally, our website development agency can only access the same interface via their secure Google GSuite accounts and hold no password records for accessing the platform at super-admin level.
  • Web Application Maintenance – Our organisation, working in collaboration with our website development agency, regularly monitor the security of this website and consistently update the core CMS platform and supporting extensions and plugins.
  • PCI-DSS Compliant Server – Our website application is hosted and operations on a PCI-DSS compliant server independently certified by Security Metrics. The Payment Card Industry Data Security Standard (PCI DSS) applies to companies of any size that accept credit card payments.
  • Cloudflare – Our website’s DNS is managed through CloudFlare who provide our content delivery network (CDN), DDoS attack mitigation, Internet security and distributed domain name server services.

10. COOKIES USED BY THIS WEBSITE

What are Cookies? Cookies are small pieces of data, stored in text files, that are stored on your computer or other device when a website is loaded within your chosen browser. They are widely used to ‘remember’ you and your preferences, either for a single visit (through a ’session cookie’) or for multiple repeat visits (using a ‘persistent cookie’). They ensure a consistent and efficient experience for visitors, and perform essential functions such as allowing users to register and remain logged in. Cookies may be set by the site that you are visiting (known as ‘first party cookies’), or by other websites who serve up content on that site (‘third party cookies’). What is Cookie Control? You may notice that our website utilises a third party Cookie preference tool called ‘Cookie Control’. Cookie Control is a mechanism for controlling user consent and the use of cookies on this website application. When (as the user) you consent to one of the optional cookie categories, Cookie Control will place a cookie to remember that decision. The name of the cookie will be the name of the category specified within the Cookie Control widget itself. That cookie will be removed when you (the user) revokes consent to that category. What are ‘Strictly Necessary Cookies’? These are the cookies that are essential for this website to perform its basic functions. These include those required to allow registered users to authenticate and perform account related functions, as well as to save the contents of virtual ‘carts’ on sites that have an e-commerce functionality. Strictly Necessary Cookies are highlighted with a double asterisk (**) in the tables below: Cookies set by WordPress

Cookie NameDescriptionDuration
wordpress_<hash> **On login, wordpress uses the wordpress_[hash] cookie to store your authentication details. Its use is limited to the admin console area, /wp-admin/2 years
wordpress_logged_in_<hash>  **After login, wordpress sets the wordpress_logged_in_<hash> cookie, which indicates when you’re logged in, and who you are, for most interface use.Session
wp-settings-<time>-<UID>  **WordPress also sets a few wp-settings-<time>-<UID> cookies. The number on the end is your individual user ID from the users database table. This is used to customize your view of admin interface, and possibly also the main site interface.Session
WordPress_google_apps_login **This cookie is set by the plugin ‘Google Apps Login for WordPress’ and may be present for users who login to WordPress via their Google or GSuite account.Session
wordpress_test_cookieUsed to check whether your web browser is set to allow, or reject cookies.Session
wpe-auth

COOKIES SET BY GOOGLE ANALYTICS

Cookie NameDescriptionDuration
_gaUsed to distinguish users.2 years
_gidUsed to distinguish users.24 hours
_gatUsed to throttle request rate. If Google Analytics is deployed via Google Tag Manager, this cookie will be named _dc_gtm_<property-id>.1 minute
AMP_TOKENContains a token that can be used to retrieve a Client ID from AMP Client ID service. Other possible values indicate opt-out, inflight request or an error retrieving a Client ID from AMP Client ID service.30 seconds to 1 year
_gac_<property-id>Contains campaign related information for the user. If you have linked your Google Analytics and AdWords accounts, AdWords website conversion tags will read this cookie unless you opt-out. Learn more.90 days
_gaexpOptimize 360 – Used to determine a user’s inclusion in an experiment and the expiry of experiments a user has been included in.90 days

COOKIES SET BY CLOUDFLARE

Cookie NameDescriptionDuration
__cfduid **The __cfduid cookie is used to identify individual clients behind a shared IP address and apply security settings on a per-client basis.1 years

COOKIES SET BY HOTJAR

Cookie NameDescriptionDuration
_hjClosedSurveyInvitesHotjar cookie. This cookie is set once a visitor interacts with a Survey invitation modal popup. It is used to ensure that the same invite does not reappear if it has already been shown.365 days
_hjDonePollsHotjar cookie. This cookie is set once a visitor completes a poll using the Feedback Poll widget. It is used to ensure that the same poll does not reappear if it has already been filled in.365 days
_hjMinimizedPollsHotjar cookie. This cookie is set once a visitor minimizes a Feedback Poll widget. It is used to ensure that the widget stays minimizes when the visitor navigates through your site.365 days
_hjDoneTestersWidgetsHotjar cookie. This cookie is set once a visitor submits their information in the Recruit User Testers widget. It is used to ensure that the same form does not re-appear if it has already been filled in.365 days
_hjMinimizedTestersWidgetsHotjar cookie. This cookie is set once a visitor minimizes a Recruit User Testers widget. It is used to ensure that the widget stays minimizes when the visitor navigates through your site.365 days
_hjIncludedInSampleHotjar cookie. This session cookie is set to let Hotjar know whether that visitor is included in the sample which is used to generate funnels.365 days
_hjShownFeedbackMessageThis cookie is set when a visitor minimizes or completes Incoming Feedback. This is done so that the Incoming Feedback will load as minimized immediately if they navigate to another page where it is set to show.365 days
_hjidHotjar cookie. This cookie is set when the customer first lands on a page with the Hotjar script. It is used to persist the random user ID, unique to that site on the browser. This ensures that behavior in subsequent visits to the same site will be attributed to the same user ID.365 days

COOKIES SET BY OPTIMIZELY

Cookie NameDescriptionDuration
optimizelyBucketsRecords the Optimizely Classic variation that the visitor has seen for each experiment.  This allows us to deliver a consistent experience on successive page loads.6 months
optimizelyEndUserIdStores a visitor’s unique Optimizely identifier, for both Optimizely Classic and Optimizely X Web. It’s a combination of a timestamp and random number. No other information about you or your visitors is stored inside.6 months
optimizelyPendingLogEventsUsed as a cache for a visitor’s actions between tracking calls. This ensures that all events are efficiently tracked even if a visitor takes many actions in rapid succession. The cookie is wiped once the tracking call has been made.15 seconds
optimizelyRedirectAfter Optimizely Classic has executed a redirect experiment, stores the variation ID of the redirect experiment, so that Optimizely can pass it into integrated technology platforms along with the variation IDs that are active on the new page. This is necessary because the redirect experiment is usually inactive on the new page.5 seconds
optimizelyReferrerAfter Optimizely Classic has executed a redirect experiment, stores the document.referrer property from the original page, so that Optimizely can pass it into integrated technology platforms. This is how we avoid creating “self-referrals” in your third-party analytics.5 seconds
optimizelySegmentsPersists the visitor’s Optimizely Classic segments: browser, campaign, mobile, source type, and any custom dimensions that you may have configured. This allows us to ensure persistence of segment membership, which improves the accuracy of segmented results.6 months

COOKIES SET BY HUBSPOT

Cookie NameDescriptionDuration
_hs_opt_outThis cookie is used by the opt-in privacy policy to remember not to ask the user to accept cookies again. This cookie is set when you give users the choice to opt out of cookies.2 years
__hs_do_not_trackThis cookie can be set to prevent the tracking code from sending any information to HubSpot. Setting this cookie is different from opting out of cookies, which still allows anonymized information to be sent to HubSpot.2 years
__hs_testcookieThis cookie is used to test whether the visitor has support for cookies enabled.Session cookie
hs_ab_testThis cookie is used to consistently serve visitors the same version of an A/B test page that they’ve seen before.Session cookie
hs_lang_switcher_choiceThis cookie is used to consistently redirect visitors to the language version of a page in the language they’ve selected on this top-level private domain in the past (if such a language version exists).
<id>_keyWhen visiting a password-protected page, this cookie is set so future visits to the page from the same browser do not require login. The cookie name is unique for each password-protected page.
Hs-messages-is-open hs-messages-hide-welcome-messageThis cookie is used on the visitor UI side so HubSpot can determine/save whether the chat widget is open for future visits. It resets after 30 minutes to re-close the widget after 30 minutes of inactivity(TTL 30 minutes)
__hstcThe main cookie for tracking visitors. It contains the domain, utk (see below), initial timestamp (first visit), last timestamp (last visit), current timestamp (this visit), and session number (increments for each subsequent session).2 years
hubspotutkThis cookie is used for to keep track of a visitor’s identity. This cookie is passed to HubSpot on form submission and used when de-duplicating contacts.10 years
__hsscThis cookie keeps track of sessions. This is used to determine if we should increment the session number and timestamps in the __hstc cookie. It contains the domain, viewCount (increments each pageView in a session), and session start timestamp.30 min
__hssrcWhenever HubSpot changes the session cookie, this cookie is also set. We set it to 1 and use it to determine if the user has restarted their browser. If this cookie does not exist when we manage cookies, we assume it is a new session.None. Session cookie
messagesUtkThis cookie is used to recognize visitors who chat with you via the messages tool. If the visitor leaves your site before they’re added as a contact, they will have this cookie associated with their browser. If you have a history of chatting with a visitor and they return to your site later in the same cookied browser, the messages tool will load your conversation history with that visitor.

MISCELLANEOUS COOKIES

Cookie NameDescriptionDuration
complianceCookieUsed to distinguish your acknowledgement of our website’s Cookie Banner and subsequent policy (this document).14 days

How to change your Cookie preferences The most popular web browsers typically provide additional tools to users for controlling or restricting cookies on their device. To find out more about cookies, including how to see what cookies have been set, you can visit www.aboutcookies.org.

To find information relating to other browsers, visit the browser developer’s website. To opt out of being tracked by Google Analytics across all websites, visit http://tools.google.com/dlpage/gaoptout.

11. HOW TO CONTACT US

If you would like to exercise one of your rights as set out earlier in this policy, or you have a question or a complaint about this policy, the way your personal information is processed, please contact us by one of the following means: Assigned Data Protection Officer: Man Wong Co-Founder By email: [email protected] Thank you for taking the time to read our Privacy Policy. CandidateX

This Policy was last updated on 17-02-2020