TOBU Privacy Policy

Effective date: 19 June 2019


We respect your right to privacy. This privacy policy (the “Privacy Policy”) describes in detail how we collect, use and disclose your personal data, and what choices you have with respect to your personal data. Please read this Privacy Policy carefully. If, after reading the Privacy Policy, you still have any questions, please contact us so that we can address your concerns.

Table of Contents

 

1. General Information

2. WHAT PERSONAL DATA DO WE COLLECT?

3. FOR WThe Purposes DO WE USE PERSONAL DATA?

4. Non-personal data

5. Marketing communication

6. Retention Period

7. How DO We Share And Disclose Data?

8. Transfer of personal data outside the EU

9. Security

10. Age Limitations AND MINORS

11. Your Rights REGARDING PERSONAL DATA

12. AMENDMENTS

13. Contact

 

1. General Information

1.1 Applicability of the Privacy Policy. This Privacy Policy governs the processing of personal data collected from individual users and organizations (“you”, “your”, and “recruiter”) through the online platform “Tobu” available at https://www.tobu.cloud/home and the related software applications (collectively, “TOBU”). This Privacy Policy does not apply to any third-party applications or software that integrate with TOBU or any other third-party products, services or businesses.

1.2 About TOBU. TOBU is a software-as-a-service platform, which allows recruiters to synchronize, organize, manage, and coordinate resumes submitted by their potential employees.

1.3 Responsible entity (data controller). The entity that is responsible for the processing of personal data through TOBU is EdWave India Private Limited having a registered place of business at A-9, Dwaraka, Varsha Park, Baner Road, Baner, Pune, Maharashtra, 411045 India (“we”, “us”, and “our”).

1.4 Definitions. In this Privacy Policy, you may encounter recurrent terms. For your convenience, we would like to explain what such terms mean:

Consent” means a freely given, specific, informed and unambiguous agreement to the processing of personal data;

Data controller” means the entity that determines the purposes and means of the processing of personal data;

Data processor” means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the data controller;

Personal data” means any information relating to a natural person who can be identified, directly or indirectly, by using such information (e.g., name, address, email, phone number, and IP address); and

Processing” means the use of personal data in any manner, including, but not limited to, collection, storage, erasure, transfer, and disclosure of personal data.

1.5 Applicable laws. We process personal data in accordance with the applicable data protection laws, including, but not limited to, the EU General Data Protection Regulation (GDPR).

1.6 Term and termination. This Privacy Policy enters into force on the effective date indicated at the top of the Privacy Policy and remains valid until terminated or updated by us.

1.7 Your consent to the Privacy Policy. Your use of TOBU is subject to this Privacy Policy. Before you register your user account on TOBU, we will ask you to review this Privacy Policy. We also encourage you to review the Privacy Policy before browsing TOBU or submitting any personal data through TOBU. In some cases (where required by the applicable law), we may seek to obtain your consent for the processing of your personal data. For example, we may seek your prior consent for the following purposes:

If we are required by law to do so;

If we intend to collect other types of personal data that are not mentioned in this Privacy Policy;

If we intend to use your personal data for the purposes that are not indicated in this Privacy Policy;

If we would like to disclose or transfer your personal data to third parties that are not indicated in this Privacy Policy; or

If we significantly amend this Privacy Policy.

1.8 Our role as a data processor. In certain cases, we act as a data processor with regard to the personal data submitted through TOBU. For example, when a recruiter uploads a resume to TOBU, we will process end-users’ personal data contained in the resume in order to provide the recruiter with the requested services. In the instances when we act as a data processor, the recruiter may act as a data controller in terms of the GDPR. We do not own, control, or make decisions about end-users’ personal data and such personal data is processed only in accordance with recruiters’ instructions. In such situations, the recruiter is responsible for deciding what personal data should be collected from end-users and how such data should be processed. In the situations when we act in the capacity of a data processor, we comply with data processors’ obligations set forth in the GDPR. In order to ensure that our processing of personal data adheres to highest data protection standards, we have drafted a data processing agreement available at https://www.tobu.cloud/DPA.pdf (the “DPA”) that governs our processing of personal data on behalf of recruiters. The Data Processing Agreement is incorporated by reference in TOBU Terms of Service available https://www.tobu.cloud/terms. The DPA is concluded automatically upon recruiter’s acceptance of TOBU Terms of Service.

1.9 Cookies. TOBU uses cookies. For detailed information on our use of cookies, please refer to our cookie policy available at https://www.tobu.cloud/cookie_policy.


2. WHAT PERSONAL DATA DO WE COLLECT?

2.1 Types of personal data. We comply with data minimization principles and we collect only a minimal amount of personal data that is necessary for ensuring your proper use of TOBU:

When you request to convert a resume, we collect your email address.

When you create your user account, we collect your: (i) email address and (ii) password.

When you update your user account, we collect your: (i) first name, (ii) last name, (iii) phone number, (iv) company name, (v) Web address, (vi) LinkeIn URL, and (vii) any other information that you decide to provide us in, e.g., a job opening or messages sent by you through Tobu.

When you make a payment through TOBU, we may access to the payment details, such as your (i) credit card number, (ii) billing address, (iii) cardholder’s name, and (iv) security code.

When you contact us by email or through the live chat functionality available on TOBU, we collect your (i) name, (ii) email address, and (iii) any information you decide to provide us in your message.

When you use TOBU, we collect your IP address.

When you file a survey and submit feedback to us, we collect the information that you decide to provide us in the feedback.

When you manage resumes through TOBU, we may have access to the notes made by you, your communication with potential employees, questions in job interviews, and related communication data.

2.2 Additional data. We may receive certain additional data when submitted TOBU if you participate in a focus group, contest, activity or event, request support, interact with our social media accounts or otherwise communicate with us. Please note that the provision of such data is optional and you may choose what personal data you would like to share with us. We will use such personal data for the sole purposes of pursuing our legitimate business interests (i.e., to analyze, improve, and grow our business).

2.3 Resume Data. When you upload and manage resumes through TOBU, those resumes may contain personal data, such as your potential employees’ names, contact details, education and work history, and other information that they provide in the resumes (collectively, the “Resume Data”). Please note that we do not act as a data controller with regard to such personal data and we do not use the Resume Data for any purposes other than providing the services through TOBU and performing a contract with you. We do not intentionally access, inspect, correct, transfer, sell, or disclose such data, unless you, as a data processor, request us to do so. Our practices and procedures regarding the processing of such personal data are outlined in our DPA available at https://www.tobu.cloud/DPA.pdf.

2.4 Sensitive Data. We DO NOT directly collect, under any circumstances, any special categories of personal data (“sensitive data”), such as your health information, opinion about your religious and political beliefs, racial origins, membership of a professional or trade association, or information about your sexual orientation. There is a possibility that the Resume Data may contain the sensitive data, if potential employees decide to provide such data.

2.5 Failure to provide personal data. If you fail to provide us with the personal data when requested, we may not be able to perform the requested operation and you may not be able to use the full functionality of TOBU, receive the services provided through TOBU, or get our response.

2.6 Personal data obtained from third parties. When using TOBU, you can choose to permit or restrict services, functionalities, and integrations provided by third parties (the “Third-Party Services”), such as social media providers and email service providers. Once enabled, the provider of the Third-Party Services may share certain information with us. For example, we may have access to your LinkedIn profile, which you choose to make public, when enabling our marketing leads. You are strongly encouraged to check carefully the privacy settings and notices of the Third-Party Services to understand what information may be disclosed to us. If you choose to integrate your email services with TOBU (e.g., Gmail, Microsoft, or ZOHO), we will store your email ID and an encrypted password in our systems to ensure that your email service functions well through TOBU. We will store such data for the sole purpose of performing a contract with you and allowing you to integrate the requested Third-Party Services.

 

3. FOR WHAT Purposes DO WE USE PERSONAL DATA?

3.1 We respect strictest data protection principles. Thus, we process your personal data only for specified and legitimate purposes explicitly mentioned in this Privacy Policy. In short, we will use personal data only for the purposes of enabling you to use the full functionality of TOBU, maintaining TOBU, providing you with the requested services, conducting research about our business activities, administrative purposes, and replying to your enquiries.

3.2 The detailed description of the purposes and legal basis for processing of your personal data obtained by us directly from you is provided below. For the purposes of other types of personal data, please refer to the respective data in Section 2 of this Privacy Policy.

Personal data

Purpose

Legal basis

When you request to convert a resume

Email address

To deliver you the requested file

To contact you, if necessary

Performing a contract with you

 

When you create a user account:

Email address

Password

To create your user account

To enable you to use TOBU

To provide you with the requested services

To contact you, if necessary

To analyze, improve, and evaluate our business activities

Performing a contract with you

Pursuing our legitimate business interests (to analyze and improve our business activities)

When you update your user account:

First name

Last name

Phone number

Company name

Web address

LinkedIn URL

Any other information you decide to provide us

To maintain your user account

To enable you to use the full functionality of TOBU

To provide you with the requested services

To contact you, if necessary

To analyze, improve, and evaluate our business activities

Performing a contract with you

Pursuing our legitimate business interests (to analyze and improve our business activities)

Your consent (for optional personal data)

When you make a payment:

Credit card number

Billing address

Cardholder’s name

Security code

 

To process your payments

To maintain our accountancy records

Performing a contract with you

Pursuing our legitimate business interests (to administer our business)

When you contact us by email or live chat:

Name

Email address

Any information you decide to provide us in your message

To respond to your enquiries

To provide you with the requested information

Pursuing our legitimate business interests (to grow and promote our business)

Your consent (for optional personal data)

When you use TOBU

IP address

 

To analyze, improve, and evaluate our business activities

To customize TOBU for your location

Pursuing our legitimate business interests (to analyze and improve our business activities)

When you file a survey or submit feedback:

The information that you decide to provide us

To analyze, improve, and evaluate our business activities

Pursuing our legitimate business interests (to analyze and improve our business activities)

Your consent (for optional personal data)

When you manage resumes:

Notes made by you

Your communication with potential employees

Questions in job interviews

Related communication data

To provide you with the requested services

Performing a contract with you

Your consent (for optional personal data)


3.3 Purposes of personal data obtained from third parties. In case we obtain personal data from third parties (e.g., from social media provider LinkedIn or your email provider), we will use such data solely for (i) performing a contract with you or (ii) pursuing our legitimate business interests, i.e., analyzing our business activities, preventing any information security incidents, promoting our services and contacting you to offer our services (if we are allowed by law to do so).


4. Non-personal data

4.1 Types of non-personal data. When you use TOBU, we may automatically collect certain non-personal data about your use of TOBU. Please note that de-identified personal data is also considered to be non-personal data. The non-personal data does not allow us to identify you in any manner. The non-personal data collected by us includes information about:

The type of your device;

Your session information;

Operating systems and browsers used by you;

Your browsing patterns;

URL addresses of websites clicked to and from TOBU;

Crash report data;

Log data;

Approximate location data; and

Your other online behavior data.

4.2 Your feedback. If you contact us, we may keep records of any questions, complaints or compliments made by you and the response, if any. Where possible, we will de-identify your personal data. Please note that de-identified personal data is also considered to be non-personal data.

4.3 Purposes of non-personal data. We will use non-personal data in furtherance of our legitimate interests in operating TOBU, conducting our business activities, and developing new products. More specifically, we collect the non-personal data for the following purposes:

To analyze what kind of users visit and use TOBU;

To identify the channels through which TOBU is accessed and used;

To examine the relevance, popularity, and engagement rate of the content available on TOBU;

To investigate and help prevent security issues and abuse;

To develop and provide additional features to TOBU; and

To personalize TOBU for your specific needs.

4.4 Aggregated data. In case your non-personal data is combined with certain elements of your personal data in a way that allows us to identify you, we will handle such aggregated data as personal data. If your personal data is aggregated or de-identified in a way that it can no longer be associated with an identified or identifiable natural person, it will not be considered personal data and we may use it for any business purpose.


5. Marketing communication

5.1 Marketing messages. To keep you up-to-date with TOBU, we may send you marketing messages, such as newsletters, brochures, promotions and advertisements, informing you about our new services or new features of TOBU. Please note that you will receive such marketing messages or be contacted by us for marketing purposes only if:

We receive your express (“opt-in”) consent to receive marketing messages; or

We decide to send you marketing messages about our new services that are closely related to the Services already used by you.

5.2 Opting-out. You can opt-out from receiving marketing messages at any time free of charge by clicking on the “unsubscribe” link contained in any of the messages sent to you or contacting us directly.

5.3 Informational notices. From time to time, we may send you informational notices, such as service-related, technical or administrative emails, information about TOBU, your privacy and security, and other important matters. Please note that we will send such notices on an “if-needed” basis and they do not fall within the scope of direct marketing communication that requires your consent.

5.4 Direct marketing. From time to time, if we are allowed to do so, we may contact you through your social media account (e.g., your LinkedIn profile) to offer you our services, if we see that you have expressed your interest in TOBU. We will carefully balance your right to privacy and our legitimate business interests to grow and promote our business. We will also take into account your preference to continue or to object our communication with you. We will immediately stop contacting you if you do not reply or ask us not to contact you. Please note that we respect your right to privacy and we will not keep contacting you multiple times, send you spam or other unsolicited communication.


6. Retention Period

6.1 Retention of personal data. We will store your personal data in our systems only for as long as such personal data is required for the purposes described in this Privacy Policy, you request us to delete your personal data, or until you stop using TOBU and deactivate your account - whichever comes first. After your personal data is no longer necessary for its purposes and there is no other legal basis for storing it (e.g., we are not obliged by law to store your personal data), we will immediately delete your personal data from our systems.

6.2 Retention of non-personal data. We may retain non-personal data pertaining to you for as long as necessary for the purposes described in this Privacy Policy. This may include keeping non-personal data after you have deactivated your account for the period of time needed for us to pursue legitimate business interests, conduct audits, comply with (and demonstrate compliance with) legal obligations, resolve disputes and enforce our agreements.

6.3 Retention as required by law. In some cases, we may be obliged by law to store your personal data for a certain period of time. In such cases, we will store your personal data for the time period stipulated by the applicable law and delete the personal data as soon as the required retention period expires.


7. How DO We Share And Disclose Data?

7.1 Sharing of personal data. In some circumstances, we disclose your personal data to the service providers with whom we cooperate (i.e., our data processors) and other third parties. For example, we may share your personal and non-personal data with entities that provide certain technical support services to us, such as web analytics, data processing, advertising, email distribution, and developing services, or if you explicitly request us to disclose the personal data. The disclosure of your personal data is limited to the situations when such data is required for the following purposes:

Ensuring the proper operation and maintenance of TOBU;

Ensuring the delivery of the services requested by you;

Providing you with the requested information;

Pursuing our legitimate business interests;

Enforcing our rights, preventing fraud, and security purposes;

Carrying out our contractual obligations;

Law enforcement purposes; or

If you provide your prior consent to such a disclosure.

7.2 Third parties with whom we share personal data. We will share your personal data only with the third parties that agree to ensure an adequate level of protection of personal data that is consistent with this Privacy Policy and the applicable data protection laws. The third parties (our data processors) that may have access to your personal data include, but are not limited, to the entities listed below.

Our hosting service provider Digital Ocean (https://www.digitalocean.com);

Our cloud storage service provider Amazon Web Services (https://aws.amazon.com);

Our transactional email service provider Sendgrid (https://sendgrid.com);

Our payment service providers 2Checkout (https://www.2checkout.com) and Razorpay (https://razorpay.com);

Our business analytics service providers Google Analytics (https://analytics.google.com) and FullStory (https://www.fullstory.com); and

Our live chat service provider Tawk.to (https://www.tawk.to).

7.3 Sharing of non-personal data. We may disclose or use non-personal data and de-identified data for any purpose. For example, we may share it with prospects or partners for business or research purposes, for improving TOBU, responding to lawful requests from public authorities or developing new products and services.

7.4 Legal requests. If necessary, we will to disclose information about the users of TOBU to the extent necessary for pursuing a public interest objective, such as national security or law enforcement.

7.5 Successors. In case our business is sold partly or fully, we will provide your personal data to a purchaser or successor entity and request the successor to handle your personal data in line with this Privacy Policy.


8. Transfer of personal data outside the EEA

We and some of the third parties listed in Section 7 of this Privacy Policy are located outside the European Economic Area (EEA) and, if you reside in the EEA, we may need to transfer your personal data to jurisdictions outside the EEA. In case it is necessary to make such a transfer, we will make sure that the jurisdiction in which the recipient third party is located guarantees an adequate level of protection for your personal data (e.g., the country in which the recipient is located is white-listed by the European Commission or the recipient is a Privacy-Shield certified entity) or we conclude an agreement with the respective third party that ensures such protection (e.g., a data processing agreement based on the Standard Contractual Clauses provided by the European Commission). In situations when we act as a data processor, we offer to conclude a data processing agreement available at https://www.tobu.cloud/DPA.pdf ensuring that an adequate level of protection is granted to the personal data transferred to and processed by us.


9. Security

9.1 Our security measures. We put our best efforts to keep your personal data safe and secure. We implement up-to-date organizational and technical information security measures to protect your personal data from loss, misuse, unauthorized access, and disclosure. In order to ensure the security of your personal data, we kindly ask you to use TOBU through a secure network only. The security measures taken by us include:

Encryption;

SSL certificate;

Highly secure data processors;

Strong password protection for our servers and databases;

Limited data stored on our servers;

Programmed access right restrictions;

IP address level security;

Limited access to your personal data by our staff; and

Anonymization of personal data (when possible).

9.2 Handling security breaches. Although we put our best efforts to protect your personal data, given the nature of communications and information processing technology and the Internet, we cannot be liable for any unlawful destruction, loss, use, copying, modification, leakage, and falsification of your personal data caused by circumstances that are beyond our reasonable control. In case a personal data breach occurs, we will inform our local data protection authority without undue delay and immediately take reasonable measures to mitigate the breach, as required by the applicable law. Our liability for any security breaches will be limited to the highest extent permitted by the applicable law.


10. Age Limitations AND MINORS

To the extent prohibited by applicable law, we do not allow anyone younger than 18 years old to use TOBU. Thus, we do not knowingly collect personal data of persons below the age of 18. If you learn that anyone younger than 18 has unlawfully provided us with personal data and you are a parent or legal guardian of that person, please contact us and we will take immediate steps to delete such personal data.


11. Your Rights REGARDING PERSONAL DATA

11.1 What rights do you have? Individuals located in certain countries, including the EU, have certain statutory rights in relation to their personal data. Subject to any exemptions provided by law, you may ask us to:

Get a copy of your personal data that we store;

Get a list of purposes for which your personal data is processed;

Rectify inaccurate personal data;

Move your personal data to another processor;

Delete your personal data from our systems;

Object and restrict processing of your personal data;

Withdraw your consent; or

Process your complaint regarding your personal data.

11.2 How to exercise your rights? If you would like to exercise your rights listed above, please contact us by email at support@tobu.cloud and explain in detail your request. In order verify the legitimacy of your request, we may ask you to provide us with an identifying piece of information, so that we would be able to identify you in our system. We will answer your request within a reasonable timeframe but no later than 2 weeks. Your requests can be submitted free of charge once per calendar year. If you submit your requests more than once per year, we reserve the right to charge a small administrative fee for providing the requested information.

11.3 How to launch a complaint? If you would like to launch a complaint about the way in which we handle your personal data, we kindly ask you to contact us first and express your concerns. After you contact us, we will investigate your complaint and provide you with our response as soon as possible. If you are not satisfied with the outcome of your complaint, you have the right to lodge a complaint with your local data protection authority.

12. AMENDMENTS

The Privacy Policy may be changed from time to time to address the changes in laws, regulations, and industry standards. The amended version of the Privacy Policy will be posted on this page and, if we have your email address, we will send you a notice about all the changes implemented by us. We encourage you to review our Privacy Policy to stay informed. For significant material changes in the Privacy Policy or, where required by the applicable law, we may seek your consent. If you disagree with the changes to the Privacy Policy, you should cease using TOBU. The Privacy Policy was last amended on 1st of May 2019.


13. Contact

Please feel free to contact us if you have any questions about the Privacy Policy, our privacy and security practices, or would like to exercise your rights listed in Section 11 of the Privacy Policy. You may contact us by using the following contact details:

Email: support@tobu.cloud

Post address: Edwave India Private Limited

A-9 Dwaraka Varsha Park

Baner Road, Baner, Pune, Maharashtra

411045 India


***