THE NEW ERA OF BACKGROUND CHECKS

1. ROLES AND RESPONSIBILITIES

Please note that certain data protection laws and regulations, typically distinguish between two main roles for parties processing Personal Information: the “Data Controller”, who determines the purposes and means of processing; and the “Data Processor”, who processes the data on behalf of the Data Controller. Please see the below explanation where we elaborate how these roles that apply to our Website and Services, to the extent that such laws and regulations apply.

• Satya is the “Data Controller” of the Personal Information collected: (i) on its Website; (ii) relating to the users of its Services; (iii) from job applicants; and (iv) in relation to any monitoring activities. With respect to such data, we assume the responsibilities of Data Controller (solely to the extent applicable under law), as set forth in this Privacy Notice. In such instances, our service providers processing such data will assume the role of “Data Processor”.
• With respect to some Services, Satya is acting as a “Data Processor” and our customers are “Data Controllers”. We assure that data protection responsibilities are set forth in the applicable contractual engagement while we provide sufficient guarantees to allow our customers to comply with applicable data protection laws.

In case the GDPR or UK GDPR is applicable to the personal information we collect about you, we would like to assure you that we value your privacy and your rights and therefore have appointed Prighter Group with its local partners as our EU and UK privacy representative and your point of contact. Prighter Group gives you an easy way to exercise your privacy-related rights (e.g., requests to access or erase personal data). If you want to contact us via our representative Prighter Group or make use of your data subject rights, please visit the following website: https://prighter.com/q/16251813530.

2. COLLECTING INFORMATION

We may collect information from a variety of sources during the ordinary course of our business, including the following.

1. Submitted to the Website. When you use or interact with the Website, such as by contacting us in relation to our Services or our Blog, or subscribing for our newsletter, you may voluntarily provide information. For example, you may submit the following information via the Website: phone number; name; email address; contact preferences; and any other information you may include in the content of messages. All personal information that you provide to us must be true, complete and accurate, and you must notify us of any changes to such personal information.
2. Collected automatically. We automatically collect certain information when you visit, use or navigate the Website. This information does not reveal your specific identity (like your name or contact information) but may include device and usage information, such as: your Internet Protocol (“IP”) address; browser and device characteristic; operating system; language preferences; referring URLs; location including country; information about how and when you use our Website (session durations, content accessed, frequency and scope of use, etc.); and other technical information. Like many businesses, we also collect information through cookies and similar technologies. For more information, please see below our Cookie Notice.
3. In connection with the Services. We process personal information in connection with your use of our Services. For example, if you or your employer are a Satya customer, we may process your personal information in connection with your user accounts for the Services, to respond to any questions or support requests, to process payments, etc. The personal information we may process will include: name; role/position; phone number; email address; password; and other associated information.
4. Submitted when applying for a career. If you apply for a job at Satya, either via the Website or another method, we will collect any information included in that application. This may include: your full name; email address; phone number; LinkedIn profile; and any information submitted in an application or on your CV.
5. Collected during our monitoring.We monitor pages on the internet that are freely available to the general public for behaviour that indicates potential risks that are of interest to our customers. We may monitor information submitted to various sources, including: social media websites (limited to public pages); forums; chatrooms; comment sections; and other similar webpages in order to identify and prioritize threats. Not all of the information we obtain will be personal data (for example when it does not relate to an identified or identifiable living individual). However, In the course of these activities, we will collect and process personal data including: names; usernames; account history; membership of certain groups; posts submitted; etc.

3. USE OF INFORMATION

For each processing activity we undertake, we have identified an appropriate legal basis in accordance with applicable global privacy laws and regulations. The key legal grounds on which we process personal information, and the key reasons for such processing are set out below. Note that where we are processing your personal data on the basis of consent, this consent can be withdrawn at any time.

Submitted to the Website.

• For the purposes of our legitimate interests.

• • Respond to enquiries.We may use your information to respond to any enquiries submitted via the Website.
• • Request feedback. We may use your information to request feedback and to contact you about your use of our Website.

• On the basis of your express consent.

• • To send you marketing and promotional communications. We and/or our third-party marketing partners may use the personal information you send to us for our marketing purposes, if this is in accordance with your marketing preferences. For example, when subscribing to our newsletter. You can update your preferences or unsubscribe from such marketing at any time by following the link in any of our emails.

Collected automatically.

• For the purposes of our legitimate interests.
  • To protect our Website. We may use your information as part of our efforts to keep our Website safe, secure, and operating effectively (for example, for malicious activity monitoring and prevention, load balancing, etc.).
  • For other business purposes. We may use your information for other business purposes, such as data analysis, identifying usage trends, determining the effectiveness of our promotional campaigns and to evaluate and improve our Website, products, marketing and your experience. We may use and store this information in aggregated and anonymized form so that it is not associated with individual end users and does not include personal information.

In connection with the Services.

• For the performance of a contract. 

• • Fulfill and manage your orders. We may use your information to fulfill and manage your orders, payments, returns, and exchanges and to provide you with the requested service.
  • To manage user accounts. We may use your information for the purposes of managing our account and keeping it in working order.
• • To respond to user inquiries/offer support to users. We may use your information to respond to your inquiries and solve any potential issues you might have with the use of our Services.
• • To enforce our terms, conditions and policies for business purposes.

• For the purposes of our legitimate interests. 

• • To send administrative information to you. We may use your personal information to send you product, service and new feature information and/or information about changes to our terms, conditions, and policies.

Submitted when applying for a career.

• For the performance of a contract. 
  • To consider your application. We may use all personal information submitted in any applications to consider whether you would be suitable for the position and whether to enter into a contract of employment with you.

• To comply with legal obligations to which we are subject. 

• • As part of the recruitment process. We may have obligations as a potential employer to process certain personal information in relation to the recruitment process.

Collected during our monitoring.

• For the purposes of our legitimate interests. 
  • To assess risks and provide our Services. We may process personal data that is obtained from publicly available websites in order to monitor and assess threats and provide the results of such monitoring to our customers. We have undertaken a Legitimate Interests Assessment (“LIA”) to ensure that the rights and freedoms of individuals are adequately balanced when we undertake such processing.

Otherwise processed during the course of our business

• For compliance with legal obligation to which we are subject.

• • To comply with our legal obligations. We may process personal data where we are required to do so for compliance with legal obligations (e.g., in relation to fraud, anti-money laundering, or tax compliance).
  • To respond to legal requests and prevent harm. If we receive a subpoena or other legal request, we may need to inspect the data we hold to determine how to respond. We may also process such personal data on the basis of our legitimate interests in complying with such requests, even where these are not legally binding.

• In order to protect the vital interests of the data subject or another natural person. 

• • Where deemed necessary. We reserve the right to process your personal data where necessary to protect the vital interests of you or a third party.

Special Category Personal Data 

We may process special category personal data. For example: (i) if you provide us with any special category personal data, for example in submitted enquiries, we will process this on the basis that you have provided your express consent to this (by including it in the relevant enquiry); (ii) we may also process special category personal data in connection with specific obligations under employment law (such as diversity monitoring and/or reasonable adjustments); (iii) we may process such information for the establishment, exercise, or defence of legal claims; and (iv) where our monitoring activities involve the processing of special category personal data, we do so on the basis that this has manifestly been made public by the data subject as we only monitor public activity. We may also process such personal data on the basis that it is necessary for reasons of substantial public interest on the basis of applicable law.

4. DISCLOSURE OF INFORMATION

Except as otherwise provided in this Privacy Notice, we reasonably attempt to ensure that we never intentionally disclose any of your Personal Information, to any third party without having received your permission, except as provided for herein or otherwise as permitted or required under law.

• Business Partners. We may share your information with our business partners to offer you certain products, services or promotions.
• Affiliates, Subsidiaries and Other Third-Party Providers. We may share your data with third-party vendors, service providers, contractors or agents who perform services for us or on our behalf and require access to such information to do that work. We may also share your information with analytics service providers for analytics purposes. Such analytics service providers set their own cookies or other identifiers on your computer, through which they can collect information about your usage of our Website. This helps us compile aggregated statistics about the effectiveness of our Website. We have contracts in place with our data processors, which are designed to help safeguard your personal information. This means that they cannot do anything with your personal information unless we have instructed them to do it. They will also not share your personal information with any organization apart from us. They also commit to protect the data they hold on our behalf and to retain it for the period we instruct.
• Business Transfers. We may share or transfer your information in connection with, or during negotiations of, any corporate merger, consolidation, the sale of related assets or corporate division or other fundamental corporate changes.
• Law enforcement agencies, regulators, and similar bodies. Information about you may be shared in order to comply with any valid legal inquiry or process such as a search warrant, subpoena, statute or court order. We will also release specific information in special cases, such as if you use the Website to perform an unlawful act or omission or take any act or omission that may damage Satya, its property and goodwill, or if there is an attempted breach of the security of the Services or a physical or property threat to you or others.

5. TRANSFER OF INFORMATION

Personal information collected by Satya may be stored and processed in a various locations (also using cloud services), which are chosen in order to operate efficiently, to improve performance, and to create redundancies in order to protect the data in the event of an outage or other problem. We take steps to ensure that the data we collect under this Privacy Notice is processed according to the provisions of this Privacy Notice and the requirements of applicable law wherever the data is located.

If you are a resident in the UK or European Economic Area (“EEA”), then the countries in which we process information may not necessarily have data protection laws or other similar laws as comprehensive as those in your country. We will however take all necessary measures to protect your personal information in accordance with this privacy notice and applicable law.

We have implemented measures to protect your personal information, including by using the European Commission’s Standard Contractual Clauses and the UK International Data Transfer Agreement (or UK Addendum) for international transfers of personal information between us and our third-party service providers. These clauses require all recipients to protect all personal information that they process originating from the UK or EEA in accordance with European data protection laws and regulations. For more details, please contact privacy@satya.digital.

6. DATA RETENTION

We will only keep your personal information for as long as it is necessary for the purposes set out in this Privacy Notice, unless a longer retention period is required or permitted by law (such as tax, accounting or other legal requirements).

When we have no ongoing need to process your personal information, we will either delete or anonymize such information, or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible.

7. DATA SECURITY

Satya considers information security to be a top priority, and is committed to protecting the security of your Personal Information. Satya implements systems, applications and other technical and organisational security measures to secure personal information, to minimize the risks of theft, damage, loss of information, or unauthorized access or use of information, in particular where the processing involves the transmission of data over a network, and against all other unlawful forms of processing. When we transmit highly confidential data over the Internet, we protect it through the use of encryption. However, these measures are unable to provide absolute assurance.

Therefore, although Satya takes great efforts to protect your personal information, Satya cannot guarantee and you cannot reasonably expect that Satya’s databases will be immune from any wrongdoings, malfunctions, unlawful interceptions or access, or other kinds of abuse and misuse. You should only access the Website or any Services within a secure environment.

8. CHILDREN’S PRIVACY

Our Website is not intended to be attractive to children under the age of 16. We do not, knowingly or intentionally, collect information about children who are under 16 years of age.

IF YOU ARE UNDER THE AGE OF 16 YOU MAY NOT USE THE WEBSITE, UNLESS PARENTAL CONSENT IS PROVIDED ACCORDINGLY

If we learn that personal information from users less than 16 years of age has been collected, we will take reasonable measures to promptly delete such data from our records. If you become aware of any data we may have collected from children under age 16, please contact us at privacy@satya.digital.

9. YOUR PRIVACY RIGHTS

In some jurisdictions, in particular those located within the UK or EEA, you may be afforded specific rights regarding your personal information. Subject to such eligibility, you may have the following rights to:

1. Request to access or obtain a copy of your personal information.
2. Request a rectification of your personal information where the information we hold about you is incorrect or incomplete.
3. Object to the processing of your personal or as that the processing is restricted.
4. Object to an automated decision-making (including profiling) in certain circumstances.
5. Request the erasure of your personal information in certain circumstances, such as where processing is no longer necessary for the purpose it was originally collected for, and there is no compelling reason for us to continue to process or store it.
6. Receive your personal information, or ask us to transfer it to another organization that you have provided to us, which we process by automated means.

If you wish to file a request regarding any of the above, you may contact us at: privacy@satya.digital.

If you are a resident in the EEA or UK, you also have the right to complain to your local data protection supervisory authority. You can find the contact details of the UK authority here: https://ico.org.uk/ or EU authorities here: http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm.

Please note that these rights are not absolute.

10. DO NOT TRACK

We support “do not track” signals (“DNT”). If you have DNT enabled in your web browser, we will not receive browser-related information from our advertising partners for tailoring advertisements.

11. CALIFORNIA PRIVACY RIGHTS

The California Consumer Privacy Act of 2018 (“CCPA”) permits users who are California residents to request to exercise certain rights. If you are a California resident, the CCPA grants you the right to request certain information about our practices with respect to your Personal Information. In particular, you can request to receive information on the following:

1. The categories and specific pieces of your personal information that we have collected.
2. The categories of sources from which we collected your personal information.
3. The business or commercial purposes for which we collected your personal information.
4. The categories of third parties with which we shared your personal information.

You can be rest assured that we do not sell your personal information. If you choose to exercise your rights, we will not charge you different prices or provide different quality of our Services, unless those differences are related to your provision of your personal information.

Please note that you must verify your identity and request before further action is taken. As a part of this process, government identification may be required. Moreover, you may designate an authorized agent to make a request on your behalf.

We endeavour to respond to a verifiable consumer request within 45 days of its receipt. If we require more time (up to 90 days), we will inform you of the reason and extension period in writing. Any disclosures we provide, will only cover the 12 month period preceding your verifiable request’s receipt. If, for some reason, we cannot reply within such time frame, our response will include an explanation for our inability to comply. If you wish to exercise your CCPA rights, please contact us at: privacy@satya.digital.

We will not discriminate against you for exercising any of your CCPA rights. Unless permitted by the CCPA, we will not:

1. Deny you goods or services.
2. Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties.
3. Provide you with a different level or quality of goods or services.
4. Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.

12. REVISIONS AND MODIFICATIONS
TO OUR PRIVACY NOTICE

We may change this Privacy Notice from time to time, when necessary to reflect customer feedback and changes in our Website or Services. When we post changes to this Privacy Notice, we will revise the “last modified” date at the top of the Privacy Notice. We encourage you to periodically review this page for the latest information on our privacy practices. We may provide notice of changes in other circumstances as well. By continuing to use our Website after those changes become effective, you acknowledge that you have read and understood the latest version of the Privacy Notice.

13. CONTACT US

If you have questions or comments about this notice, you may contact us at:

Satya Ltd.

7 Hamada St. Herzliya, Israel