This policy was last modified on March 22, 2021.
SOVREN PROCESSING COMPLETELY COMPLIES WITH THE GDPR IN ALL RESPECTS. PLEASE NOTE THAT SOVREN PROCESSING UNDER THE GDPR DOES NOT RELY ON THE EU-U.S. PRIVACY SHIELD NOR THE SWISS-U.S. PRIVACY SHIELD. Refer to https://docs.sovren.com/Policies/DPA.
Sovren also complies with the Swiss–U.S. Privacy Shield as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of data from Switzerland. Sovren has certified that it adheres to the Privacy Shield Principles of notice, choice, onward transfer, security, data integrity, access, and enforcement. To learn more about the Swiss-U.S. Privacy Shield program, and to view Sovren’s certification, please visit https://www.privacyshield.gov/.
Sovren warrants that it fully complies with, and shall continue to fully comply with, the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA). Sovren does not retain, sell, trade or otherwise use any known personal data or PII from its processing activities.
Notice/Use of Information
Sovren has always and shall always process Data submitted to Sovren's SaaS Service exactly as instructed by the customer in each transaction, and shall not use the Data for any other purpose.
Sovren has not, does not, and shall not collect, store, buy, sell, or trade or otherwise distribute PII that is submitted to its SaaS Service (see the service description at https://resumeparsing.com/ParsingService.htm). Sovren does not save data sent to its SaaS Service for parsing, nor the results of such parsing, except as specified in the following paragraph.
AI Matching is on optional feature. For AI Matching customers only, Sovren stores parsed data following the specific instructions of such customers; however, all such data is expunged of known PII before indexing and storage.
Sovren has not, does not, and shall not sell or publish company/contact PII that is provided by its Customers in order to establish an account with Sovren. Sovren maintains Customer PII only for the purposes of contracting and communicating with Customers.
Sovren may collect and aggregate generalized demographic data that is not associated with an individual’s PII for use in statistical analysis, algorithmic learning, software performance metrics, or for other training purposes. Sovren also stores metadata about transactions submitted to its SaaS Service; however, this metadata does not contain any PII or data sent to the SaaS Service.
Sovren acts as a data processor for its Customers, who are the data controllers. Candidates interact with Customers rather than directly with Sovren. As a data processor, Sovren does not collect, store, sell or otherwise disseminate any individual's PII to any third party. It is the Customer’s responsibility to ensure that the data the Customer collects can be legally collected in the country of origin.
Regarding transactions processed through Sovren's SaaS Service, Sovren may log the Customer account and transaction metadata including source IP address, processing codes, sizes and timings. Sovren offers service endpoints in multiple regions, including the United States and European Union.
If Sovren goes through a business transition, such as a merger, acquisition by another company, or sale of all or a portion of its assets, information collected through our website(s) may be among the assets transferred. A prominent notice will appear on our website(s) for 30 days after any such change in ownership or control of your personal information.
Notification of Changes/Choice
We will maintain information in accordance with this Policy. If we decide to change the Policy, we will post those changes to this Policy on Sovren’s website, and other places we deem appropriate so our Customers are always aware of what information we collect, how we use it, and under what circumstances, if any, we disclose it. Customers, in turn, are responsible for notifying Candidates and providing them a choice as to whether or not we use their information in this different manner.
Third-Parties and Platform Security
Sovren does not transmit information of our Customers or users to any third party for any reason.
Sovren’s hosted services, provided at www.resumeparsing.com, are built on Amazon Web Services (AWS) to deliver a highly scalable cloud computing platform with high availability and reliability. In order to provide end-to-end security and end-to-end privacy, AWS builds services in accordance with security best-practices and provides appropriate security in those services, and documents how to use those features. Sovren uses these features and best-practices to architect an appropriately secure application environment. Together, Sovren and AWS enable our customers to ensure the confidentiality, integrity, and availability of their data, maintaining trust and confidence.
AWS has in the past successfully completed multiple SAS70 Type II audits, and now publishes a Service Organization Controls 1 (SOC 1), Type 2 report, published under both the SSAE 16 and the ISAE 3402 professional standards as well as a Service Organization Controls 2 (SOC 2) report. In addition, AWS has achieved ISO 27001 certification, and has been successfully validated as a Level 1 service provider under the Payment Card Industry (PCI) Data Security Standard (DSS). In the realm of public sector certifications, AWS has received authorization from the U.S. General Services Administration to operate at the FISMA Moderate level, and is also the platform for applications with Authorities to Operate (ATOs) under the Defense Information Assurance Certification and Accreditation Program (DIACAP). AWS will continue to obtain the appropriate security certifications and conduct audits to demonstrate the security of its infrastructure and services. For more information on risk and compliance activities in the AWS cloud, consult the following: AWS Risk and Compliance White Paper
At our discretion, we link to third party sites on our website. These third party sites have separate and independent privacy policies. We, therefore, have no responsibility or liability for the content and activities of these linked sites. Nonetheless, we seek to protect the integrity of our site and welcome any feedback about these sites.
Sovren does not retain or use known Candidate PII.
Sovren is committed to ensuring the security of the information it processes and maintains. To prevent unauthorized access or disclosure, maintain data accuracy, and ensure the appropriate use of PII, Sovren, in conjunction with AWS, has put in place appropriate physical, electronic, and managerial procedures, as described in more detail above, to safeguard and secure the PII we process.
Sovren strives to protect the privacy of the PII we process, and inadvertent disclosure is extremely unlikely. In the event of such an inadvertent disclosure, Sovren will take all commercially reasonable steps to limit and remedy the disclosure. However, we cannot guarantee that unauthorized third parties will never be able to defeat those procedures or use PII for improper purposes.
Because Sovren does not store any Candidate PII, Customers should not contact Sovren to access or correct such PII. In its role as a data processor, Sovren processes and returns Candidate PII to Customers without it being retained by Sovren. If you are a Candidate, and you wish to request access to or correction of the information you provided to a Sovren Customer, please contact the company to which you provided it, as Sovren does not have any such data.
Sovren has a Privacy Officer who is responsible for Sovren’s compliance with and enforcement of this Policy. Sovren’s Privacy Officer is available to any of its employees, customers, vendors, business partners, or others who may have questions concerning this Policy or data security practices. Sovren’s Privacy Officer may be contacted by email at firstname.lastname@example.org or by mail at Sovren Group, Inc., 1107 FM 1431, Suite 205, Marble Falls, TX 78654. If Customers or their users have questions or concerns regarding this statement, the first point of contact is the Privacy Officer.
As part of our participation in the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework, we have agreed to jurisdiction by the Federal Trade Commission regarding any claims concerning alleged deceptive practices with regard to our privacy policies or our compliance with the relevant policy. If you have any complaints regarding our compliance with the Frameworks you should first contact us at the addresses provided above. In the event that contacting us does not resolve your complaint, you may file a complaint at https://www.jamsadr.com/eu-us-privacy-shield and the dispute will be handled pursuant to the following JAMS ADR Rules. As further explained in the Privacy Shield Principles, a binding arbitration option will also be made available to you in order to address residual complaints not resolved by any other means.
Any questions, comments or complaints about the data practices (including without limitation, compliance with data privacy principles of notice, choice, onward transfer, access, security, data integrity, or enforcement) of a Sovren Customer who processes data or who provides data to Sovren for training, troubleshooting and/or testing purposes should be directed to that Sovren Customer.
We may disclose PII when required by law or in the good faith belief that such action is necessary in order to conform to the edicts of the law, comply with legal mandates, enforce the TOS of our websites, or to protect the rights, property, or personal safety of Sovren, its users and the public.
Sovren will give Customers prompt notice of any legal or governmental demand for PII and will reasonably cooperate with Customers in any effort to seek a protective order or otherwise to contest such required disclosure, at Customer’s expense.
Sovren is committed to protecting the privacy needs of children and we encourage parents and guardians to take an active role in their children’s online activities and interests. Sovren does not knowingly collect information from children under the age of 17 and Sovren does not target its website or its products to children under 17. Sovren operates in compliance with COPPA (Children’s Online Privacy Protection Act).