Search
Header navigation

Privacy Policy and Data Processing Agreement

At hireCNC Inc. (“hireCNC”), your right to privacy is very important to us. We provide individuals and employers with the ability to connect with each other through the hireCNC proprietary software platform, so that individuals can offer their services to businesses, and businesses can post job opportunities and information about their workplace for individuals to consider.  In order to provide you with this service effectively, we collect certain specific information from you, and we also automatically collect information and data relating to the usage of our services by all our users, including you. Because we are committed to protecting your privacy rights and the information you provide to us, we have developed this privacy policy. It explains how we will protect your information and describes how we will use and share it.

This policy is concerned with the protection of your personal information only. Personal information includes any data that can be used to identify you as an individual, including your name, income, personal opinion, interests, home contact information, identification numbers, user IDs, passwords, ethnic origin, and age. Under Canadian law, in a business context, personal information does not include the name, job title, business address, or business telephone number of any employee in an organization.

This policy describes the following practices:

  • Collecting information
  • Sharing your personal information
  • Maintaining your personal information

This privacy policy may change from time to time to reflect hireCNC’s internal needs, customer feedback, or changes in applicable privacy legislation. hireCNC will post all such changes on our website, so please visit this page regularly.

NOTE:  hireCNC services are not intended for children under the age of 18. We do not knowingly collect or maintain any personal information or non-personally-identifiable information from anyone under the age of 18 nor is any part of our website or service directed to children under the age of 18. We will close any accounts used exclusively by such children and will remove and/or delete any personal information we believe was submitted by any child under the age of 18.  If any user wishes to post information on the hireCNC platform respecting children under the age of 18, such user is solely responsible for ensuring that such information is posted in a legal manner, and has obtained all consents necessary to post such information.

Principles we abide by

We comply with all applicable privacy laws respecting our processing and storage of any personal information that may be used in conjunction with the services we provide, and we deal with your data under these general principles:

  • Lawfulness, fairness, transparency and right to access:  We may not reveal the granular details of how we protect your data, because that would compromise its security – but we will let you know why we need it, what we need it for, and process it securely and in accordance with applicable laws.  If you have any questions respecting your data and how it’s being used, you need only ask us, and we will answer.  This includes any questions you may have about the types and categories of personal information that we may have collected about you.
  • Limitations of purpose: We will limit use of your data to the extent necessary to provide you with our services, with the clear exceptions that are set out in this Privacy Policy
  • Minimization of data: We only collect information that we need, and that you choose to give to us.  We will not collect personal information gratuitously from you for no reason.
  • Accuracy:  We make reasonable efforts to keep your data accurate and up to date, based on your input; if you notify us of any changes to your data, we will make sure to change it in our systems in a timely manner.
  • Limitation of data retention and right to deletion:  We believe in streamlining the way that we handle data so that it minimizes data redundancy and unnecessary retention.  We have instituted processes to delete personal information from our systems when it is no longer required, and to delete personal information upon request (subject to the exceptions set forth in this Privacy Policy).
  • Integrity and confidentiality:  We process your information using appropriate technical or organizational measures designed to ensure appropriate security of your personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage.
  • Non-discrimination:  We believe in treating our customers fairly and equally.  We will never treat any customer differently simply because they have chosen to exercise their rights under any applicable privacy legislation, such as requesting access to, or requesting deletion of, personal information.  Having said that, use of our services may be dependent upon the use of certain personal information to provide results requested by you, and therefore a request for deletion of personal information may result, from a purely technical standpoint, in a limitation of, or inability to use, our services.  

This Privacy Policy contains more detail as to how we live up to these principles.

Collecting information

In order to use the services provided by hireCNC, you will be required to provide specific information about yourself, such as your name, address, telephone number and e-mail address.  We will always inform you when we need information that personally identifies you, and we will keep this information in strict confidence.  Additionally, you may, on occasion, voluntarily provide hireCNC with information that can be classified as personal information – all such personal information will be stored and maintained in accordance with this privacy policy.

We collect information about you in the following ways:

As part of your use of hireCNC’s services

Whether you are an individual offering your services or a business posting a position or project, you will likely need to provide or obtain a certain amount of personally identifiable information through the hireCNC platform in order to effectively utilize the services.  The amount of information you provide with respect to such usage is wholly up to you; however, you acknowledge that failure to provide the minimum amount of information required by hireCNC as being necessary to effectively offer and accept employment or contract services and job postings may result in an inability to use the services.

Additionally, we will require your name, address, telephone number and (where applicable) certain financial account or credit card information, for billing and payment purposes.  This information is kept confidential and stored securely by hireCNC and its payment provider.

hireCNC also reserves the right to monitor messages sent by you, or data posted by you, through the services, in order to ensure that your use of the services is appropriate, lawful, and in accordance with the agreement that you have entered into with hireCNC.

Automatically by hireCNC’s software and services

hireCNC’s software and services contain features that automatically collect information from users, such as usage statistics and other tracking information. Although this information will not identify you personally, it nevertheless provides certain information about you that may, in combination with other information, result in personally identifying information; in such cases, we would treat it as personal information.  Additionally, use of hireCNC’s website and/or software may result in the collection of technical information such as your computer's IP address, operating system, browser name/version, the referring web page, requested page, date/time, and sometimes a "cookie" (which can be disabled using your browser preferences); such information is used to help us understand the overall usage pattern of our website and software.

You contact hireCNC directly 

Customers and business partners often contact us directly. When you contact any hireCNC employee by telephone, e-mail, in person, or through our website, you will be asked to provide consent to the collection of personal information if your personal information will help us deliver the information, products, or services you require.

You respond to communications from hireCNC

From time to time, hireCNC may invite you to provide us with information for specific purposes.  We may ask for this information through feedback features on our website or software; we may send out e-mail inviting feedback or offering products and services; or we may ask you for information concerning support of our products or services. Your response to these communications may require you to submit personal information and opinions.

Your information is obtained through a third party

Occasionally, hireCNC will obtain information about you from third parties, such as mailing list providers, third party service providers, ISPs, or third party application or account providers. Third-party providers are responsible for obtaining consent for the release of personal information to us from those individuals identified on mailing lists, surveys, or through other collection methods.  Additionally, businesses and individual may have personally identifiable information posted through publicly available sites, such as business websites or social media sites; as such information is publicly available, hireCNC will have the same rights to access such information as any other third party accessing such sites.

Third party collection of your information

Due to the nature of the services provided by hireCNC, third parties may collect information from you through the use of websites that are accessed by you through the services (for instance, a business may post their website in a job posting, and individuals may click on the link in the job posting). Additionally, these websites may ask you to provide additional information directly to third parties. Third party products or services provided through these websites are not owned or controlled by hireCNC, and are governed by the third party’s terms and conditions and/or privacy policy. You are encouraged to read the terms and other policies published by such third parties on their websites or otherwise.

Sharing your personal information

Subject to any exceptions stated above in the collection of information section, should hireCNC collect any of your personal information, we will follow these practices regarding the distribution of that information.

Your personal information is protected

hireCNC uses reasonable precautions to protect your personal information and store it securely. Access to your personal information is restricted to those persons who need it (including individuals and businesses utilizing the hireCNC site) and who are subject to the access restrictions available through hireCNC’s site (that is, some areas of the site are for public viewing, while others may be restricted to authorized viewers). hireCNC takes reasonable steps to prevent the unauthorized use or disclosure of your personal information.

hireCNC only uses and discloses your personal information if it helps us facilitate your needs, improve our products and services, meet legal and regulatory requirements, or — to the limited extent possible — manage our internal business operations.  Additionally, if there are any disclosure or use restrictions in your consent to the collection of your personal information, hireCNC will abide by those restrictions (subject to the consent exceptions listed below).  For example, your credit card or financial information will only be used to bill you for the services that you have authorized or used, or to pay you for the services performed, as applicable.

hireCNC may combine your information with other information into an aggregate form, so your information no longer personally identifies you. We may then disclose the aggregate information to third parties, so they can obtain an overall picture of hireCNC’s products, services, customer sectors and/or usage patterns.

We only share your information with your consent

hireCNC provides your information to third parties only for purposes to which you have consented, and we require such third parties to keep your information confidential.

In a few situations, hireCNC may be required to disclose your information without your prior consent. For example, hireCNC may disclose your information if we are required to do so by law, or if we believe in good faith that such disclosure is necessary to:

  • comply with law or legal process
  • protect and defend our rights and property, or the rights and property of a third party
  • protect against misuse or unauthorized use of any of hireCNC’s products, services, or other proprietary materials
  • protect the personal safety of any person
  • allow for a change of ownership of hireCNC and associated transfer of all personal information to the new owner of hireCNC – this does not affect the protection of your information under this Privacy Policy 

hireCNC will always try to provide you with prior notice of such disclosure; however, such notice may not always be possible or reasonable given the circumstances.

Additionally, the nature of the services provided requires the routine use of your information in the provision of the services.  Your personal information will only be used to the limited extent necessary to provide the services that you have requested, and may include the following uses:

  • to allow businesses or individuals to contact and communicate with you in relation to job postings and resumes made available through hireCNC’s site;
  • to allow third party suppliers, vendors, contractors and other parties to provide products and services to us or to you, or to otherwise act on our behalf (this may include, without limitation, our authorization of such third parties to email our users regarding updates, surveys and other inquiries regarding their experience with our service); and
  • to allow for audits and surveys to, among other things, validate the size and composition of the users of hireCNC’s services, and understand their experience with hireCNC’s service.

Maintaining your personal information

hireCNC has established the following practices regarding the maintenance of your personal information. 

You can request access to your personal information at any time

If, for any reason, you wish to review your personal information that hireCNC has in its possession, you can contact our Privacy Officer, who will be pleased to provide you with all your personal information that hireCNC has on file.

You can request changes to your personal information at any time

Sometimes, it will be necessary for you to update your personal information hireCNC has on file. For example, if you change payment account information, you must update your information in order to keep receiving the services provided by hireCNC.  In many cases, you will be able to do so by changing your personal settings on your account.

If you wish to make any changes or corrections to your personal information that cannot be done yourself through your personal settings, please contact our Privacy Officer who will implement the changes. This will help us ensure our records are always up-to-date.

You can opt out of communications at any time

Additionally, you always have the choice of whether you wish to receive information – such as e-mail updates – from hireCNC.  In some cases, you may do so simply by changing the preferences on the platform through which hireCNC provides the services.

If you do choose to opt out of communications respecting products and services provided by hireCNC, you may not obtain all the benefits we could otherwise provide, such as updates or warnings. hireCNC will not have any liability to you for your loss of those benefits or any negative effects respecting your use of hireCNC’s services.

You can request that your personal information be destroyed at any time

A situation may arise where you desire to have all of your personal information that is contained in hireCNC’s records deleted or destroyed.  If this is what you wish, please contact our Privacy Officer, who will take care of removing your personal information from all of hireCNC’s records.  However, there may be situations where we are obligated to retain one archival copy of your information to allow us to comply with laws or respond to legal processes.  We will inform you of all such situations, and will only use your retained personal information to the limited extent necessary to comply with such laws or respond to legal processes.  Because of the nature of the services, your information may have been shared with third parties, such as where you have applied to a job posting on the hireCNC site.  The obligation to destroy your personal information relates only to your personal information within hireCNC’s possession; hireCNC has no obligation to pursue any third party to destroy your information, and it is solely your responsibility to pursue such third parties directly.

Contacting our Privacy Officer

hireCNC welcomes your comments about this privacy policy, and we would be happy to provide any additional information you require. Please contact our Privacy Officer at:

jobs@hirecnc.com

This privacy policy supplements any agreements you already have with hireCNC Inc., such as your Applicant Agreement, Employer Agreement, website terms and conditions, and any other agreement. Our privacy policy does not replace the terms of those agreements. By agreeing to those terms and using hireCNC’s website, products, software and services, you are consenting to the collection and use of your personal information by hireCNC Inc.  in accordance with this privacy policy. This policy was written in accordance with the Canadian Personal Information Protection and Electronic Documents Act (PIPEDA).

Data Processing Agreement

hireCNC’s platform is hosted and powered by software owned and provided by a third party service provider, being jobiqo GmbH, located in Austria, that acts as a Sub-Processor hereunder (as defined below).  Accordingly, although hireCNC is a company located in Canada, and hireCNC’s services are governed by the laws of Ontario, Canada, hireCNC will abide by the Data Protection Laws (defined below) and the terms of this Data Processing Agreement (“DPA”) in the processing of any Personal Data, in addition to the terms of the Privacy Policy above.  To the extent of any conflict between the application of this DPA and the Privacy Policy in relation to applicable Data Protection Laws, the terms of this DPA will prevail.

In relation to the services offered by hireCNC, each user of the platform submitting data is the Data Controller in respect of this DPA, and hireCNC is the Data Processor in respect of this DPA.

  1. Definitions

“Data Controller” means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; in this DPA, each user of the platform submitting data is the Data Controller.

“Data Processor” means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller; in this DPA, hireCNC is the Data Processor;

“Data Protection Laws” means data protection or privacy laws of any country applicable to the processing of the personal information of an individual covered by this DPA, including the laws of the European Union and specifically the General Data Protection Regulation (EU) 2016/679 (“GDPR”);

“Data Subject” means an identified or identifiable natural person;

“DPA” means this Data Protection Agreement.

“Personal Data” means any information relating to a Data Subject, and specifically information where a Data Subject can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that Data Subject;

“Personal Data Breach” means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data, transmitted, stored or otherwise processed;

“Processing” has the meaning given in applicable Data Protection Laws from time to time (and related expressions, including process, processed, processing, and processes shall be construed accordingly);

“Protected Data” means Personal Data received from or on behalf of Data Controller in connection with the performance of the Data Processor’s obligations under this DPA and its agreement to provide services to the Data Controller; and

“Sub-Processor” means any agent, subcontractor or other third party (excluding its employees) engaged by the Data Processor for carrying out any processing activities on behalf of Data Controller in respect of the Protected Data.

  1. Data Processor’s compliance with Data Protection Laws

The parties agree that Data Controller is a Controller and that the Data Processor is a Processor for the purposes of processing Protected Data pursuant to this DPA. The Data Processor shall at all times comply with the applicable Data Protection Laws and this DPA in connection with the processing of Protected Data. Data Controller shall ensure all instructions given by it to the Data Processor in respect of Protected Data (including the terms of this DPA) shall at all times be in accordance with the applicable Data Protection Laws.

  1. Instructions
    1. The Data Processor shall only process the Protected Data in accordance with its agreement to provide services to the Data Controller and Annex 1 of this DPA (and not otherwise unless alternative processing instructions are agreed between the parties in writing) except where otherwise required by applicable law (and shall inform Data Controller of that legal requirement before processing, unless applicable law prevents it doing so on important grounds of public interest).
    2. Without prejudice to section 2 of this DPA, if the Data Processor believes that any instruction received by it from Data Controller is likely to infringe the Data Protection Laws it shall promptly inform Data Controller and be entitled to cease to provide the relevant services until the parties have agreed appropriate amended instructions which are not infringing.
  1. Security
    1. In accordance with the Data Protection Laws, taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of the processing of the Protected Data to be carried out under or in connection with this DPA, as well as the risks of varying likelihood and severity for the rights and freedoms of natural persons and the risks that are presented by the processing, especially from accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to the Protected Data transmitted, stored or otherwise processed, the Data Processor shall implement appropriate technical and organisational security measures appropriate to the risk, including as appropriate those matters mentioned in Articles 32(a) to 32(d) (inclusive) of the GDPR.
  1. Sub-processing and personnel
    1. The Data Processor shall:
      1. not permit any processing of Protected Data by any agent, subcontractor or other third party (except its or its Sub-Processors’ own employees in the course of their employment that are subject to an enforceable obligation of confidence with regards to the Protected Data) without the written authorization of Data Controller;
      2. prior to the relevant Sub-Processor carrying out any processing activities in respect of the Protected Data, appoint each Sub-Processor under a written contract containing materially the same obligations as under this DPA, including an obligation to implement appropriate technical and organisational measures in such a manner that the processing will meet the requirements of the GDPR, that is enforceable by the Data Processor and ensure each such Sub-Processor complies with all such obligations;
      3. remain fully liable to Data Controller under this DPA for all the acts and omissions of each Sub-Processor as if they were its own; and
      4. ensure that all persons authorised by the Data Processor or any Sub-Processor to process Protected Data are subject to a binding written contractual obligation to keep the Protected Data confidential.
    2. Data Controller authorises the appointment of the Sub-Processors listed below:

Name: Jobiqo GmbH

Purpose: Provision of access to job board and/or matching software for job portals and job boards in the form of a Software-as-a-Service solution underpinning hireCNC’s services.

Personal Data Access: Storage of Personal Data pursuant to the Software-as-a-Service solution underpinning hireCNC’s services.

  1. Assistance
    1. The Data Processor shall (at Data Controller’s cost) assist Data Controller in ensuring compliance with Data Controller’s obligations pursuant to the GDPR (and any similar obligations under applicable Data Protection Laws) taking into account the nature of the processing and the information available to the Data Processor. The Data Processor will assist Data Controller concerning matters including, but not limited to:
      1. the implementation of the appropriate technical and organisational security measures with due regard for the current state of the art, the cost of their implementation, and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, pursuant to Article 32 of the GDPR;
      2. the notification of any personal data breach to the supervisory authority to the relevant supervisory authority pursuant to Article 33 of the GDPR, as well as communication of any personal data breach to the data subject, pursuant to Article 34 of the GDPR;
      3. the preparation of any impact assessment, pursuant to Article 35 of the GDPR; and
      4. consultation of the relevant supervisory authority, pursuant to Article 36 of the GDPR.
    2. The Data Processor shall (at Data Controller’s cost) taking into account the nature of the processing, assist Data Controller (by appropriate technical and organizational measures), insofar as this is possible, for the fulfilment of Data Controller’s obligations to respond to requests for exercising the Data Subjects’ rights under Chapter III of the GDPR (and any similar obligations under applicable Data Protection Laws) in respect of any Protected Data including requests for access, rectification, blocking or deletion. The Data Processor must also assist the Data Controller by implementing appropriate technical and organizational measures, for the fulfilment of Data Controller’s obligation to respond to such requests.
  1. Confidentiality
    1. The Data Processor shall keep the Protected Data confidential.
    2. The Data Processor shall not disclose the Protected Data to third parties or take copies of the Protected Data unless strictly necessary for the performance of the Data Processor’s obligations towards Data Controller according to the DPA, and on condition that whoever the Protected Data is disclosed to is familiar with the confidential nature of the Protected Data and has accepted to keep the Protected Data confidential in accordance with this DPA.
    3. All terms of the DPA apply to any of the Data Processor’s employees and the Data Processor must ensure that its employees comply with the DPA.
    4. The Data Processor must limit the access to the Protected Data to employees for whom access to said Protected Data is necessary to fulfil the Data Processor’s obligations towards Data Controller.
    5. The obligations of the Data Processor under this section 7 persist without time limitation and regardless of whether the agreement between the Parties has been terminated.
    6. Data Controller shall treat confidential information received from the Data Processor confidentially and may not unlawfully use or disclose the confidential information.
  1. International transfers

The Data Processor shall not process and/or transfer, or otherwise directly or indirectly disclose, any Protected Data other than to the extent contemplated in the agreement between the Parties without the prior written consent of Data Controller.  For transfers of Personal Data of any Data Subject covered by the GDPR out of the EU/EEA, the EU Standard Contractual Clauses (“EU SCCs”) shall apply.

  1. Audits and processing

The Data Processor shall, in accordance with Data Protection Laws, make available to Data Controller such information that is in its possession or control as is necessary to demonstrate the Data Processor’s compliance with the obligations placed on it under this DPA and to demonstrate compliance with the obligations on each party imposed by Article 28 of the GDPR (and under any equivalent Data Protection Laws equivalent to that Article 28), and allow for and contribute to audits, including inspections, by Data Controller (or another auditor mandated by Data Controller) for this purpose (subject to a maximum of one audit request in any 12 month period under this section 9).

  1. Breach

The Data Processor shall notify Data Controller without undue delay and in writing on becoming aware of any Personal Data Breach in respect o