PRIVACY POLICY AND FAIR PROCESSING NOTICE – US

At Harri, we respect your privacy, and we understand the importance of the information you entrust to us. This Privacy Policy and Fair Processing Notice (the “Policy”) describes our practices concerning the information we collect from you when you visit our website and how we will use your personal data when you create profile on Harri.

Harri reserves the right to change this Policy from time to time. We encourage you to periodically review this Policy for the latest information on our privacy practices. We will notify you about significant changes in the way we treat personal information by sending a notice to the primary email address specified in your account, and/or by placing a prominent notice on our web site. Your continued use of our services after such modifications will constitute your: (a) acknowledgment of the modified Policy; and (b) your agreement to abide and be bound by that Policy. If you do not accept any changes made to this Policy, please discontinue the use of Harri’s services.

THIS NOTICE DESCRIBES:

• The types of information we collect when you use our service;
• How we use, share, and protect that information;
• How long we retain that information; and
• Your rights and options regarding the information we collect.

OUR CONTACT DETAILS

Harri US LLC 
665 Broadway 
Suite 402
New York
NY 10013
844-427-7443

If you have any questions about this Policy, or if you require more specifics as to what information Harri collects, where the information is sourced from, or whether it is being disclosed and to whom, please feel free to contact our Data Protection Officer, Kristy Gouldsmith, at DPO@harri.com.

PERSONAL DATA THAT WE COLLECT

Harri Profile 
With your consent, we collect and process your personal data when you create a profile on Harri. We are the controller for your Harri profile at all times. We are not the controller for data that is created or processed by any employer; we are the processor for that data.
We do not collect any of your personal data unless you choose to create a profile on Harri. In order to create a profile, we need your name, email address, phone number, your employment details, if you have them (employer, position, duties, dates) and education (institution, location, qualification, dates). We ask you to describe yourself in three words and to write a bit about yourself for your profile. We ask for your references, if you have any. You also have the option to upload your CV and a photograph of yourself. Providing this additional information is entirely voluntary but will greatly assist you in your job search.
When you create a Harri profile, you will be automatically included in our Talent Community. Being part of our Talent Community allows us to send you jobs that you might be interested in and it also makes your profile searchable and contactable by employers who can invite you to apply for positions. You can’t create a Harri profile without being included in the Talent Community
When you visit our website, we will record your computer’s IP address, unique mobile device identifier, browser type, ISP or carrier name, and the URL of the last webpage you visited before visiting our website. This information gives us insights on how our users use our site and our services. We use this information to ensure that our service continues to appeal to our users and to monitor overall usage trends, metrics, page views, etc.
We may store cookies on your computer in order to collect certain aggregate data. A cookie is a small data text file which is stored on your computer that uniquely identifies your browser. Cookies may also include more personalized information, such as your IP address, browser type, the server your computer is logged onto, and the area code and zip code associated with your computer. We may use cookies to perform tasks such as: monitoring aggregate site usage metrics, storing account and preferences that have been set, and personalizing the services we make available to you.
We do not knowingly collect, use or disclose personal data concerning minors.

Applying for jobs 
You can use your Harri profile to apply for jobs on our platform or to apply for a job with an employer. When you apply for a job, the employer becomes the controller for any of your personal data that they use or create during the employment process. Please read the privacy policy of each employer to see how they will handle your personal data.
As the controller for the recruitment/ employment process, the employer will have access to your application and will be able to use it to assess your suitability as a candidate with them. For example, the employer can use Harri to schedule interviews, make recruitment notes and to ask you specific questions during the recruitment process.
If you are hired by an employer, they may use Harri to manage their workforce. Please see your employer’s privacy notice for more information about how they do this.
One feature of Harri that your employer may use is called ‘Social Referral’. ‘Social Referral’ allows your employer to send you job vacancies which you can then post on your own social media pages, if you wish to. If you would like to unsubscribe from ‘Social Referral’ communications, please contact your employer. Harri cannot unsubscribe you.

How we use your personal data

Harri is a platform that allows you to create a Harri profile. We use your personal data to create this profile for you and to send you communications regarding that profile. Harri is the controller for this profile.
Employers will use Harri in the recruitment/ employment process and we are a processor for the employer. The employer is the controller of the process once you choose to apply for a job with them.
We will not sell, trade, or rent your personal data to others, except in the limited circumstance set forth below. We will share your personal data with organisations that perform services or functions on our behalf, including cloud storage and web hosting providers, email service providers, and software maintenance service providers. We must necessarily share your information with these organisations for them to perform their functions and for Harri to provide its services to you.
Occasionally, we may be required by law enforcement, judicial authorities, courts, regulators or other government entities to provide your data to the appropriate governmental authorities or parties. In such cases, we will disclose your data upon receipt of a court order, subpoena, or to cooperate with a law enforcement investigation. We fully cooperate with law enforcement agencies in identifying those who use our services for illegal activities. We reserve the right to report to law enforcement agencies any activities that we in good faith believe to be unlawful. We also may disclose your information to exercise or protect our legal rights or to defend against legal claims.
In some cases, we may choose to buy or sell assets as part of business transaction such as a sale of the company to a buyer which will take over Harri’s operations. In these business transfers, customer information is typically one of the business assets that are transferred. Moreover, if all or substantially all of our business assets were acquired, or in the unlikely event that we go out of business or enter into bankruptcy, customer information would be one of the assets that is transferred or acquired by a third party. Should you wish to prevent the transfer of any of your data to a transferee of Harri’s business or assets, please send a written “Do Not Sell My Personal Information” request to Harri at DPO@harri.com, or submit a ticket on the following website: https://harri.force.com/support/s/. Your election to prohibit the sale of personal data shall not affect the right to receive equal service and pricing from Harri.
We share your personal data between our UK entity, our Ramallah entity and our US parent in order to provide the software service and for administrative reasons. The sharing of your personal data is protected by the use of Standard Contractual Clauses (EU Model Contracts).

Our legal basis for processing your personal data

We need a legal basis in order to process your personal data. Creating a Harri profile is entirely your choice, so our legal basis for its processing is with your consent. You can put in as much or as little information as you like. You can withdraw your consent at any time and for any reason by requesting that your profile be deleted and that you are removed from the Talent Community. If you have applied for a job, we will pass your deletion request over to the employers. They will then handle your request.
Your consent to the processing of personal data includes your consent to permit us to share your data between our UK, USA and Ramallah entities, as well as with our advisors, affiliates, services providers, business partners and other third parties working with us in connection with our provision of services (collectively “Service Partners”). We and our Service Partners may need to use some personal data in order to perform tasks and to deliver services to you. We also may use your technical data for analytical purposes and to improve our services.
We will encourage our Service Partners to adopt and promote strong privacy policies. However, the use of your data by our Service Partners is governed by the respective privacy policies of those providers, and is not subject to our control. Except as otherwise discussed in this Policy, this document only addresses the use and disclosure of information we collect from you. Our Service Partners have their own privacy policies and data collection, use and disclosure practices. We are not responsible for the policies or practices of third parties.

Automated decision making

Harri does not use any automated decision making. However, an employer might use automated decision-making in their recruitment questions. Please read their Fair Processing Notice for more information on their recruitment process.

Security of personal data

We strive to implement and maintain reasonable, commercially acceptable security procedures and practices appropriate to the nature of the information we store, in order to protect it from unauthorized access, destruction, use, modification, or disclosure. For example:

  • We keep collected information and use it only for the purposes for which it was collected or to comply with any applicable legal or ethical reporting or document retention requirements.
  • We limit access to personal data only to specific employees, contractors and agents who have a reasonable need to come into contact with your information. For example, we may provide members of our technical support team with limited access to your account in order to allow them to troubleshoot.
  • Additionally, we also employ a number of physical, electronic, and procedural safeguards to protect personal data.

Unfortunately, no data transmission over the Internet or any wireless network can be guaranteed to be 100% secure. As a result, while we strive to protect personal data, you acknowledge that: (a) there are security and privacy limitations inherent to the Internet which are beyond our control; and (b) the security, integrity and privacy of any and all information and data exchanged between you and us through this Site cannot be guaranteed.

International Transfer of personal data

Your personal data will be transferred to — and maintained on — computers and servers located outside of your country where the data protection laws may differ from those in your jurisdiction. If you are located outside the United States and choose to provide personal data to us, please note that we transfer personal data to the United States and process it there pursuant to our Standard Contractual Clauses (EU Model Contracts). We also transfer personal data to Ramallah, Palestine, and process it there pursuant to our Standard Contractual Clauses (EU Model Contracts).
European data protection laws permit the European Commission to make decisions about the adequacy of protection for personal data in respect of transfers which are binding on EU member states. These laws recognise that if a data exporter adopts the “standard contractual clauses” adopted by the European Commission, this will provide an adequate safeguard as required by law. We have Standard Contractual Clauses in place with our entity in Ramallah, Palestine and our entity in the USA.
We commit to cooperate with EU data protection authorities and comply with the advice given by such authorities with regard to personal data and human resources data transferred from the EU in the context of the employment relationship.
In particular, as further specified in this Policy, we will maintain compliance with data protection principles by adhering to the following practices:

Notice
When we collect your personal data, we’ll give you timely and appropriate notice describing what personal data we’re collecting, how we’ll use it, and the types of third parties with whom we may share it. This Policy serves as such notice, and any changes to our collection, use or disclosure of your personal data will be reflected in revisions to the Policy posted on our website.

Choice
As established and described in this Policy, we’ll give you choices about the ways we use and share your personal data, and we’ll respect the choices you make.

Accountability for Onward Transfer
If we transfer your personal data to another country, we may remain liable and will take appropriate measures to protect your privacy and the personal data we transfer.

Security
We’ll take appropriate physical, technical, and organizational measures to protect your personal data from loss, misuse, unauthorized access or disclosure, alteration, and destruction.

Data Integrity and Purpose Limitation
We’ll collect only as much personal data as we need for specific, identified purposes, and we won’t use it for other purposes without having a correct legal basis. We’ll take appropriate steps to make sure the personal data in our records is accurate.

Access
If you wish to confirm the accuracy of your personal data or have it removed from our systems and records, you may contact us at the email address, telephone number or postal address provided in this Policy.

Recourse, Enforcement and Liability
We’ll regularly review our continued adherence to these privacy obligations, and we’ll provide information in this Policy as a way to resolve complaints about our privacy practices.
Further, we acknowledge our potential liability for misuse of your personal data by us or our third-party service providers, as set out in this Policy.

Retention of your personal data

We retain your account information for as long as your account is active. We also retain your information, if required, as long necessary to comply with any legal obligations, to resolve disputes, to enforce our agreements, and to continue to develop and improve our services. Where we retain information for service improvement and development, it will be anonymized and used to uncover collective insights about the use of our services, not to specifically analyze personal characteristics about you.
If the services are made available to you through an organization (e.g., your employer), we are the processor for that personal data. The retention period for this data is decided upon by the employer. If your account is deactivated, the information that you have given to your employer will remain (please see the employer’s privacy policy).

YOUR RIGHTS

You are required to provide your consent before we start to collect your personal data. Thereafter, you have rights in respect of our processing of your personal data which are:
To access to your personal data and information about our processing of it. You also have the right to request a copy of your personal data collected during the prior 12-month period (but we will need to remove information about other people).

  • To rectify incorrect personal data that we are processing
  • To request that we erase your personal data at any time and for any reason, including if:
    • we no longer need it;
    • we are processing your personal data by consent and you withdraw that consent;
    • we no longer have a legitimate ground to process your personal data; or
    • we are processing your personal data unlawfully
  • To object to our processing
  • To restrict our processing
  • To request that your personal data be transferred from us to another company if we were processing your data under a contract or with your consent and the processing is carried out automated means.

If you request a copy of your personal data, or instruct Harri to delete your personal data, Harri will thereafter comply with your request within a reasonable time after receipt and review of such request.

Should you desire to obtain a copy of your personal data from Harri, opt-out of personal data collection or transfer to Service Partners, or require the destruction of your personal data, please send a written request to the Company at DPO@harri.com, or submit a ticket on the following website: https://harri.force.com/support/s/. Your election to obtain a copy, opt-out of collection or transfer, or require the destruction, of your personal data shall not affect the right to receive equal treatment and pricing from Harri, although, please understand that Harri’s business involves the collection, storage and transfer of such data in connection with your efforts to secure employment.

If you have any questions or concerns, please email DPO@harri.com as most matters can be resolved informally in the first instance.