This Privacy Policy is effective as of Jun 1, 2024
OCTO Labs Inc., a company incorporated under the laws of Delaware with its principal place of business at 131 Continental Dr, Suite 305, Newark, DE 19713 ("OCTO") operates an AI-powered talent screening and assessment platform known as the "Platform" and provides talent screening services including conversational skills assessments, interview analytics and other talent screening functions ("Services").
"Users" refer to individuals who access and use the Platform and Services to screen candidates.
OCTO. ("OCTO") is a company incorporated under the laws of Delaware that operates an AI-powered talent screening and assessment platform known as the “Platform".
The Platform uses algorithms and data science to screen candidates and predict their job and cultural fit for OCTO’s clients.
Services offered through the Platform include conversational skills assessments, interview analytics and other talent screening functions ("Services").
This Privacy Policy outlines how the privacy of recruiters and other users ("Users") of the Platform is ensured when they use the Platform to create pre-interviews for candidates and share unique links with candidates.
Personal data processed through the Platform and Services may be shared with third party data processors and vendors for purposes of processing such data or improving the Services.
"Personal Data" means any information relating to an identified or identifiable natural person.
"Processing" means any operation or set of operations performed on Personal Data, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, access, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
"User" means an individual who uses the Platform and Services.
"Platform" means the AI-powered talent screening and assessment platform operated by OCTO.
"Services" means the talent screening services provided through the Platform.
"Company" means OCTO.
Types of Personal Information Collected. We may collect the following types of personal information from Users: name, contact details, demographic information, assessment responses, interview recordings, behavioral data such as assessment scores and interview ratings, background check information, and other information voluntarily provided by the User.
Collection Methods. Personal information is primarily collected directly from Users through sign-up forms, assessments and interviews conducted using the Platform, and other interactions with the Platform. We may also collect personal information through cookies and other tracking technologies, integration with third party services, and from background check providers.
Purpose of Collection. Personal information is collected for purposes of providing the Services to Users, conducting assessments and interviews, performing background checks, performing analytics and research to improve the Platform and Services, complying with legal obligations, and as otherwise described in this Privacy Policy.
Legal Basis for Collection. The legal basis for collection and processing of personal information will typically include performance of a contract with the User, our legitimate business interests, compliance with legal obligations, or consent. We will only collect and process sensitive personal data with the User's explicit consent or as otherwise permitted by applicable law.
The Company processes Users' Personal Data to provide the Services to Users and perform its obligations under the terms of use/contract for the Platform ("Performance of Contract").
The Company processes certain Personal Data of Users based on their consent for purposes including profiling, tracking usage analytics, improving the Platform and Services, customizing content and features, and direct marketing communications ("Consent Based Processing"). Users' consent will be obtained through appropriate opt-in mechanisms and they have a right to withdraw such consent at any time.
The Company processes Personal Data for its legitimate business interests including security, fraud prevention, enhancing, modifying or improving the Services, research and development, billing/account management, collection of fees and other administrative purposes ("Legitimate Interests"). Such processing will be subject to a balancing test of the Users' rights and freedoms.
The Company processes Personal Data as necessary to comply with applicable legal obligations imposed under relevant data protection and privacy laws ("Compliance with Legal Obligations").
Aggregated and anonymized Personal Data that does not identify individual Users may be used for research, analytics and improving the Platform/Services ("Anonymization").
The Company may share a User's Personal Information with third party service providers that process the information on the Company's behalf to provide and improve the Services, including services relating to data hosting, maintenance, analytics and security. All such sharing will be protected by necessary contractual arrangements to ensure appropriate security and processing of the Personal Information in accordance with this Privacy Policy and applicable laws.
In the event of a merger, acquisition, or sale of assets, a User's Personal Information would be transferred. The Company will provide notice before User Personal Information is transferred and becomes subject to a different privacy policy.
The Company may disclose Personal Information if required to do so by law or in the good faith belief that such disclosure is reasonably necessary to comply with legal process or respond to claims that an advertisement, posting or other content violates the rights of a third party or to protect the rights, property or personal safety of the Company's users or the general public.
The Company will share Personal Information with third parties when required by its clients and only with the User's consent or as allowed by applicable law.
Period of Retention. OCTO will retain Users' Personal Data for a period of five (5) years from the date the User last accessed or used the Platform, or two (2) years after the User closes their account on the Platform, whichever is later (the "Retention Period").
Exceptions. Notwithstanding clause 5.1, OCTO. may retain Personal Data for longer than the Retention Period to:
Deletion Process. Upon expiry of the Retention Period, OCTO will securely delete or anonymize the Personal Data so that the Personal Data can no longer be used to identify the User. Deletion will be carried out through standard data deletion processes employed by OCTO. from time to time to render the Personal Data non-retrievable.
Right to Erasure. At any time, a User may request OCTO. in writing to delete their Personal Data prior to the expiry of the Retention Period and OCTO. will comply with such requests unless an exception in clause 5.2 applies.
Technical security measures. OCTO. implements appropriate technical and organizational measures to protect Personal Information against accidental, unlawful or unauthorized destruction, loss, alteration, disclosure, access or use. These measures include encryption of Personal Information in transit and at rest, firewalls, access control lists and regular vulnerability testing.
Physical security measures. OCTO's premises where Personal Information is stored are protected by physical security measures against unauthorized access, including access controls and surveillance.
Organizational security measures. OCTO restricts access to Personal Information to employees and contractors on a need-to-know basis. All employees and contractors with access to Personal Information undergo regular security training. OCTO. maintains appropriate policies for oversight of third party vendors that may have access to Personal Information.
Security audits. OCTO conducts periodic audits to test the effectiveness of its technical and organizational security measures and identify any potential vulnerabilities or incidents. Audits are conducted by internal and external auditors with expertise in data security.
Data breach response. In the event of a data security breach resulting in the accidental, unlawful or unauthorized destruction, loss, alteration, disclosure, access or use of Personal Information, OCTO will follow its data breach response plan. This includes risk assessment, notification to affected Users and regulators as required under applicable law.
Right to access. Users shall have the right to request access to any Personal Data concerning the User that is processed by OCTO. Upon request, OCTO shall provide the User with a copy of the Personal Data processed by OCTO, together with the purposes of processing and any third parties with whom the data is shared.
Requests for access. Requests under clause 7.1 shall be made in writing and OCTO may request additional information from the User to confirm their identity before providing access to Personal Data. OCTO shall respond to any such requests within 30 days.
Right to correct. If any Personal Data held by OCTO concerning a User is inaccurate or incomplete, the User shall have the right to request that OCTO correct such Personal Data. OCTO shall comply with any such requests unless there is a valid reason for refusing the request, such as a legal requirement to keep the original Personal Data.
Refusal of requests. OCTO may refuse requests from Users under clauses 7.1 or 7.3 if the requests are excessive or unnecessary. If a request is refused, OCTO shall provide the User with reasons for the refusal.
Unilateral right to amend. OCTO reserves the right to amend this Privacy Policy from time to time in its sole discretion.
Notice of amendments. Users will be notified of any material changes to this Privacy Policy through prominent notice on the Platform prior to the change becoming effective.
Form of notice. Such notice may be through a pop-up notification on the Platform or an email to the email address associated with the User's account.
Deemed acceptance. A User's continued use of the Platform following notice of any amendments to this Privacy Policy will be deemed acceptance of the updated Privacy Policy.
Effective date. Any amendments to this Privacy Policy shall clearly specify an effective date from which the changes apply.
Contact for questions. Users may contact privacy@joinocto.co with any questions regarding this Privacy Policy or notice of any amendments.
Contact Details. The contact details of the Company are: 131 Continental Dr, Suite 305, Newark, DE 19713 and privacy@joinocto.co
Communication Methods. Users may contact the Company by email or post using the contact details provided in clause 9.1.
Response Time. The Company will respond to any queries from Users regarding the processing of Personal Data without undue delay and within 30 days at the latest.
Purpose of Contact. Contact under this clause may be made in relation to queries about the processing of Personal Data under this Privacy Policy or to exercise User rights, such as access or rectification.
Documentation. All communications under this clause from Users will be documented by the Company for its records.
This Privacy Policy is agreed to by and between OCTO and the User as of the date the User first uses or accesses the Platform.