PRIVACY POLICY GUIDELINES
Effective: November 2023
1. Policy Guidelines
This policy describes the types of information that WorkLLama LLC (“WorkLLama”, acting as a Data Processor), on behalf of CA of Department (DSP) | AgileOne (“Data Owner”, WorkLLama and Data Owner are sometimes referred to individually or collectively, as the context indicates, as “we”, “our” or “us”), may collect from you or that you may provide when you purchase, download, install, register with, access, or use the CA of Department (DSP) | AgileOne powered by WorkLLama™ mobile application, DSPInternship.workllama.com, or any other CA of Department (DSP) | AgileOne website operated by WorkLLama (collectively, the “App”) and our practices for collecting, using, maintaining, processing, protecting and disclosing that information. Information collected or provided will be owned by Data Owner.
This policy is intended to comply with the applicable federal and state laws and regulations of the United States of America and Canada, as well as the European Union’s General Data Protection Regulation (“GDPR”). Any terms defined in the foregoing applicable laws have the same meaning when used in this policy. This policy applies to information collected through the App and from electronic messages between you and the App, including, without limitation, information that identifies, relates to, describes, references, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer, household, or device (“personal information”). Personal information does not include:
- Publicly available information from government records.
- Deidentified or aggregated consumer information.
- Information excluded from the scope of the applicable laws referenced above, like:
- health or medical information covered by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the California Confidentiality of Medical Information Act (CMIA) or clinical trial data; and
- personal information covered by certain sector-specific privacy laws, including the Fair Credit Reporting Act (FCRA), the Gramm-Leach-Bliley Act (GLBA) or California Financial Information Privacy Act (FIPA), and the Driver’s Privacy Protection Act of 1994.
WorkLLama complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. WorkLLama has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union and the United Kingdom in reliance on the EU-U.S. DPF and the UK Extension tot he EU-U.S. DPF. WorkLLama has certified to the U.S. Department of Commerce that is adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. The Federal Trade Commission (“FTC”) ensures WorkLLama’s compliance with the DPF Program and the Principles through the FTC’s investigatory and enforcement powers. To learn more about the Data Privacy Framework (DPF) Program, and to view our certification, please visit https//www.dataprivacyframework.gov/.
In this policy, “GDPR Locations” refers to countries in the European Union, European Economic Area, and Switzerland. Users in GDPR Locations may have additional or different rights under GDPR. We will point out in this policy where rights are different for users in GDPR Locations because of GDPR. For purposes of GDPR, Data Owner is the “Data Controller” and WorkLLama is the “Data Processor”.
This policy does not apply to information collected by: (i) us offline or through any other means, including through any other application operated by WorkLLama, Data Owner, or any third party; or (ii) any third party (including our affiliates), including through any application or content that may link to or be accessible from the App.
Please read this policy carefully to understand our policies and practices regarding your information. By downloading, registering with, accessing or using the App, or by clicking to accept or agree to the Terms of Service when this option is made available to you, you agree to this policy. If you do not agree with our policies and practices, do not download, register with, or use this App.
Your Consent
By using the App:
- You consent to us collecting your personal data and personal information described in this policy.
- You consent to the methods of collecting your personal data and personal information, the processing, storage, transfer, and retention, of that information, and purposes for processing that information, each as described in this policy.
2. Information We Collect
The following categories contain the type of personal information or other information we may have collected within the last twelve (12) months and may collect in the future from you or other users:
- Basic personal information: Your real name, alias, postal address, email address, account name, or other similar identifiers.
- User unique identifiers: Your signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver’s license or state identification card number, insurance policy number, unique personal identifier, online identifier, Internet Protocol address, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information. You should note that some personal information included in this category may overlap with other categories.
- Demographic details that may be protected under applicable law: Your age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information).
- Commercial information: Records of your personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.
- Medical or biometric information: Your genetic, physiological, behavioral, and biological characteristics, or other identifier or identifying information, such as fingerprints, blood titers, drug screens, vision test results, vaccination history, and information related to physical examinations such as height, weight, temperature, blood pressure, and medical conditions and diagnoses (including HIV and AIDS and pregnancy or childbirth and related medical conditions).
- Internet or other similar network activity: Your browsing history, search history, information about your device and operating system, information on a user’s interaction with the App, a website, application, or advertisement, including through automatic means such as cookies.
- Geolocation data: Your physical location or movements.
- Sensory data: Your auditory, electronic, visual, thermal, olfactory, or similar information.
- Professional or employment-related information: Your current or past job history or performance-related documentation, including, but not limited to, performance evaluations and improvement plans, written warnings, documented conversations and termination paperwork, employment pursuits and application data, professional designations, civil, regulatory, criminal, financial, arbitration, and termination history, and signed contracts and policies.
- Non-public education information: Your education records maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records.
- Inferences drawn from other personal information: A profile reflecting your preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.
- App-related information you or others provide: Information you or others provide by filling in forms in the App, including information provided at the time of registering to use the App, information which may be posted publicly, such as job postings to the App and responses to postings, or requesting information made available on or through the App. Information we request when you report a problem with the App.
- In-App communications: Correspondence or other communications that you may send to us or others through the App.
- Directly from you. For example, from forms you complete, jobs you apply for or refer or other interactions with us and our offerings.
- Indirectly from you. For example, from observing your actions on our App.
- From third parties. In connection with jobs you apply for or are referred from others, or other interactions with us and our offerings.
3. Information Collected Through Automatic Data Collection Technologies
In addition to the above collection sources, as you navigate through and interact with the App, we may collect, through automatic data collection technologies, certain information about your mobile device, browsing actions and patterns to improve the App and deliver a better and more personalized service, to help remember and process the items or information you save or otherwise queue for later use, to compile aggregate data about App traffic and interactions to better serve you, to keep track of referrals of jobs or companies to other individuals, and to keep track of advertisements. Your mobile application and web browser settings allow you to control and limit cookies on your computer or mobile device. If you reject cookies, you may still use the App, but your ability to use some areas or functions of the App may be limited. If you do not want us to collect this information at all, do not download the App or delete it from your device. Further information about our use of cookies can be found below in More Information About Cookies.
“Unique Identifiers” may also be used to enable your use of the App. Unique Identifiers are small files used by our App that are stored on your device when the App is first installed for the purposes of identifying your device for consistent usage across sessions in the App. Unique Identifiers are installation-specific: if the App is uninstalled and then reinstalled, the old Unique Identifier is deleted and a new Unique Identifier is installed. These Unique Identifiers do not contain any personal information or other sensitive information. We use Unique Identifiers to track and enhance your usage of the App.
4. More Information About Cookies
A cookie (a.k.a., browser cookie, internet cookie, web cookie) is a small text file saved on your device when you visit a website or mobile app. Cookies enable sites to help identify visitors and enrich user experience with saved preferences and customized content.
We may use cookies to make it possible for us to save your App preferences, recognize you when you return, and save information you provide in online forms. This enables us to provide you with a more customized experience based on your individual needs, interests, and interactions with the App. We also use cookies to understand how you use the App, which guides our decisions to improve our content, functionality, and related services.
We may use the following types of cookies:
- Session cookies on the App are used to maintain relevant information about your visits and transactions on the App. Typically, session cookies expire when you close your browser or turn off your device.
- Persistent cookies on the App are used to recognize you when you return to the App, save your basic user information and preferences, save information you provide on forms, and provide you customized content and functionality.
- Google Analytics cookies are used to collect information about how visitors find and use our App.
The information collected by cookies is used in accordance with this policy.
5. Third-party Use of Automatic Data Collection Technologies
Some content or applications, including advertisements, in the App are served by third-parties, including advertisers, ad networks and servers, content providers and application providers. These third parties may use cookies alone or in conjunction with web beacons or other tracking technologies to collect information about you when you use the App. The information they collect may be associated with your personal information or they may collect information, including personal information, about your online activities over time and across different apps and other online services. They may use this information to provide you with interest-based (behavioral) advertising or other targeted content.
We do not control these third parties’ tracking technologies or how they may be used. If you have any questions about an advertisement or other targeted content, you should contact the responsible provider directly.
6. How We Use and Process Your Information
The following is a summary of the purposes and legal basis for which we may use, process or disclose information that we collect about you or that you provide to us, including any personal information, in accordance with applicable law (e.g. GDPR):
- To fulfill or meet the reason you provided the information, including to facilitate workforce recruitment and communications. For example, if you share your name and contact information to apply for or refer a job or ask a question about a job posting, we will use that personal information to respond to your inquiry. If you provide your personal information to apply for or refer a job, we will use that information to process your application or referral, which may also include verifying employment eligibility, conducting a background check, and processing payroll. We may also save your information to facilitate new engagements with you.
- To perform obligations and enforce rights arising under any contract between you and us (including the affiliates of WorkLLama or Data Owner), including any employment contract between you and Data Owner.
- To provide, support, personalize, present and develop our App, job posting, and other products and services.
- To create, maintain, customize, and secure your account with us.
- To process your requests, applications, referrals, interactions, transactions, and other interactions and prevent fraud.
- To provide you with support and to respond to your inquiries, including to investigate and address your concerns and monitor and improve our responses.
- To personalize your App experience and to deliver content and job postings, referral programs, and other product and service offerings relevant to your interests, including targeted offers and ads through our App, third-party sites, and via email or text message (with your consent, where required by law).
- To help maintain the safety, security, and integrity of our App, job postings and referrals, other products and services, databases and other technology assets, and business.
- For testing, research, analysis, and product development, including to develop and improve the App, job postings, referral programs, and other products and services.
- For WorkLLama’s, Data Owner’s, and our respective affiliated entities’ internal business purposes.
- To administer contests, promotions, surveys or other website features.
- To notify you about changes to the App or any products or services we offer or provide through it.
- To comply with legal or regulator obligations, such as to respond to law enforcement requests and as required by applicable law, court order, or governmental regulations.
- As described to you when collecting your personal information, for any purpose with your consent (that has not been revoked), or as otherwise set forth in the GDPR and other U.S. or Canadian laws and regulations, as applicable.
- To carry out tasks in support of a public interest in accordance with applicable law, such as to prevent or detect unlawful activities or fraud.
- To pursue other legitimate commercial interests, such as to evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which personal information held by us about our App users is among the assets transferred.
We will not collect additional categories of personal information or other information or use the personal information or other information we collected for materially different, unrelated, or incompatible purposes without providing you notice.
Personal information or personal data collected from users located in GDPR locations will be stored and processed in the USA by suppliers where adequate safeguards are in place to protect your data. Your personal information or personal data will be stored and processed as long as we deem necessary in relation to the purposes described above, unless you otherwise object. You may contact us to obtain documentation regarding the storage and safeguards using the contact details provided in this policy.
7. Automated Decision Making
Where you register to receive certain of the service, including job referrals or job applications, we may carry out certain real-time automated assessments to determine eligibility to receive the service or your candidacy. An automated assessment is an assessment carried out automatically using a computer system or other technological means without human involvement. This assessment may review and analyze your personal information or personal data and include several checks, e.g., validation of your identification, validation of your right to work, skills checks, and other information verifications. Where a decision is made based solely on automation, you will be informed and have the right to challenge the automated decision by contacting us.
8. Disclosure and Sharing of Your Information
We may disclose or share deidentified or aggregated information about our users without restriction and such information does not constitute personal information or personal data.
Additionally, we may disclose or share your personal information to a third party for a business purpose in compliance with applicable law, such as providing services related to the App. We may disclose or share your personal information to certain third parties without further notice, unless required by applicable law, as follows:
- To the affiliates of Data Owner.
- To our Service Providers, acting as processors and sub-processors in accordance with our instructions, to provide services related to the App. These arrangements are covered by Standard Contractual Clauses where mandated by the GDPR.
- To a buyer or other successor in the event of a merger, divestiture, restructuring, reorganization, dissolution or other sale or transfer of some or all of our respective assets, whether as a going concern or as part of bankruptcy, liquidation or similar proceeding, in which personal information held by us about App users is among the assets transferred.
- To comply with any court order, law or legal process, government or regulatory request, including they meet national security or law enforcement requirements.
9. Third Party Links
Occasionally, at our discretion, we may include or offer third party products or services on our App. These third party sites have separate and independent privacy policies. We therefore have no responsibility or liability for the content and activities of these linked sites. Nonetheless, we seek to protect the integrity of our site and welcome any feedback about these sites.
10. Rights Regarding Your Personal Information or Personal Data
Depending on where you live (e.g. if you are a resident of certain states in the United States of America, Canada or a GDPR Location), you may have certain rights relating to your personal information or personal data. These rights are not always absolute; the right may be subject to certain exemptions or conditions and may depend on the processing activities we exercise regarding your personal information or personal data. This section describes some of the common rights that may apply to you (subject to the applicable law) and explains how to exercise those rights.
11. Right to Access and Information
Under certain circumstances, you have the right to request that we disclose or provide you access to one (1) copy of certain information to you about our maintenance, collection, and processing/use of your personal information and personal data. If you have an account profile, you can access some of this information by logging in to your account.
12. Right to Correct
You may have the right to correct your personal information or personal data is contains errors or is out of date. You may change some personal information or personal data that you have submitted to us through the App by logging into your account and updating your account profile in the App.
13. Right to Data Portability
You may have right to request that your personal information or personal data is provided to your or transmitted to another data controller. When this right applies, your personal information or personal data will be provided in a structured, commonly used and machine-readable format.
14. Right to Deletion (or to be forgotten)
You may have the right to request that we delete any of your personal information or personal data that we collected from you and retained, subject to certain exceptions.
15. Right to Restrict Processing
Under certain circumstances, you may have the right to request that we limit or completely stop processing your personal information or personal data.
16. Right to Object to Processing; Direct Marketing
You have the right to object to the processing of your personal information or personal data where the processing is based on our legitimate interests. When these objections are made, we have the opportunity to demonstrate that we have a compelling interest to continue the processing that overrides your interests or to pursue a legal claim.
Additionally, you have the object to processing for direct marketing, which includes profiling for direct marketing. You will be provided with the opportunity to opt out of any direct marketing efforts in your account profile and through the methods in which such marketing is sent to you.
17. Right to Object to Automated Decision-Making
You have the right to object to decisions that are based only on the automated processing of your personal information or personal data. These objections will be considered where you have not explicitly consented to the automated processing, the automated processing is not necessary for a contract or agreement between you and us, or automated processing is not otherwise permitted by applicable law.
18. Exercising Your Rights
To exercise the rights described above, please submit a verifiable request to WorkLLama (as set forth in the Contact Information section below) or the Data Owner by either:
- Contacting Data Owner at:
ACT1 Group, Inc. dba AgileOne
Postal Address: 1999 West 190th Street, Torrance, CA 90504, USA
DPO: Nicholas L. Willis, Assistant General Counsel and Head of Privacy
- Emailing Data Owner: privacy@agile1.com
Only you, or someone legally authorized to act on your behalf, may make a verifiable request related to your personal information or personal data.
California residents may only make a verifiable request for access or data portability twice within a 12-month period.
A verifiable request must:
- Provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative, which may include:
- Verifying your App user login and password;
- Verifying certain information that we have collected; or
- Such other methods that we deem necessary to reasonably verify your identity.
- Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.
We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you.
Making a verifiable request does not require you to create an account with us.
We will only use personal information provided in a verifiable request to verify the requestor’s identity or authority to make the request.
19. Response Timing and Format
We endeavor to respond to a verifiable request within forty-five (45) days of its receipt. If we require more time (up to 90 days), we will inform you of the reason and extension period in writing.
If you have an account with us, we will deliver our written response to that account. If you do not have an account with us, we will deliver our written response by mail or electronically, at your option.
Any disclosures we provide will only cover the 12-month period preceding receipt of the verifiable request. The response we provide will also explain the reasons we cannot comply with a request, if applicable. For data portability requests, we will select a format to provide your personal information that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance.
We do not charge a fee to process or respond to your verifiable request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.
20. Non-Discrimination
We will not discriminate against you for exercising any of your rights. Unless permitted by applicable law, we will not:
- Deny you goods or services.
- Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties.
- Provide you a different level or quality of goods or services.
- Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.
21. Other California-Specific Privacy Rights
California’s “Shine the Light” law (Civil Code Section § 1798.83) permits users of our App that are California residents to request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes. To make such a request, please send an email to Data Owner at privacy@agile1.com.
22. Data Security
We have implemented measures designed to secure your personal information from accidental loss and from unauthorized access, use, alteration and disclosure. Unfortunately, the transmission of information via the Internet is not completely secure. Although we use commercially reasonable efforts to protect your personal information in accordance with this policy and applicable law, we cannot guarantee the security of your personal information transmitted to the App. Any transmission of personal information is at your own risk. We are not responsible for any party’s circumvention of any privacy settings or security measures contained in the App. The safety and security of your information also depends on you. Where we have given you (or where you have chosen) a password for access to certain parts of our App, you are responsible for keeping this password confidential. You should not share your password with anyone.
23. Data Retention
We have set the following guidelines for retaining all personal data within the scope of this privacy policy.
- Customer data will be retained as long as necessary to provide the service requested/initiated through the application.
- Customer data will be retained for three (3) years after the termination of any services contract unless otherwise negotiated in the service contract.
- End-user data is subject to immediate deletion based on a formally submitted request.
24. Data Destruction
Data destruction ensures that we manage the data we control and process it in an efficient and responsible manner. When the retention period for the data as outlined above expires, we actively destroy the data covered by this policy. If an individual believes that there exists a legitimate business reason why certain data should not be destroyed at the end of a retention period, he or she should identify this data to his/her supervisor and provide information as to why the data should not be destroyed. Any exceptions to this data retention policy must be approved by our data protection officer in consultation with legal counsel. In rare circumstances, a litigation hold may be issued by legal counsel prohibiting the destruction of certain documents. A litigation hold remains in effect until released by legal counsel and prohibits the destruction of data subject to the hold.
25. Children Under the Age of 16
The App is not intended for children under 16 years of age. No one under age 16 may provide any information through the App. If you are under 16, do not use or provide any information through the App or on or through any of its features. We do not knowingly collect personal information from children under 16; however, if we learn we have collected or received personal information from a child under 16 without verification of parental consent, we will delete that information. Please contact us if you believe we might have personal information about a child under age 16.
26. Fair Information Practices
In our effort to comply with the Fair Information Practices, should a data breach occur of which we are aware, we will attempt to notify affected users by email within ten (10) business days of becoming aware of such data breach, or as soon as possible thereafter.
27. Changes to Our Privacy Policy
We may change this policy from time to time and will post those changes in the App. If we make material changes to how we treat our users’ personal information or personal data, we will notify you by email or by conspicuous notice within the App. Your continued use of the App after we notify or post changes to the policy is deemed to be agreement to and acceptance of those revised policy, so be sure to check this policy periodically for updates. The date the policy was last revised is identified at the top of the page.
28. Disputes and Resolution
In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, WorkLLama commits to resolve DPF Principles-related complaints about our collection and the use of your personal information. EU and UK individuals and Swiss individuals with inquiries or complaints regarding our handling of personal data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF should first contact WorkLLama at privacy@workllama.com.
In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, WorkLLama commits to cooperate and comply respectfully with the advice of the panel established by the EU data protection authorities (DPAs) and the UK Information Commissioner’s Office (ICO) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to unresolved complaints concerning our handling of human resources data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF in the context of the employment relationship.
In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, WorkLLama commits to refer unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF to JAMS, an alternative dispute resolution provider based in the United States. If you do not receive timely acknowledgement of your DPF Principles-related complaint from us, or if we have not addressed your DPF Principles-related complaint to your satisfaction, please visit https://www.jamsadr.com/DPF-Dispute-Resolution for more information or to file a complaint. The services of JAMS are provided at no cost to you.
Users located in GDPR Locations may contact their local supervisory authority (EU Data Protection Authorities https://ec.europa.eu/newsroom/article29/items/612080) if you feel you have not received an adequate or timely response from us, or would like to file a complaint.
In compliance with Annex I of the Principles of the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, under certain conditions, if your DPF Principles-related complaint remains unresolved after proceeding through the steps described above, you may have the right to invoke binding arbitration against WorkLLama in accordance with the requirements of Annex I of the Principles (https://www.dataprivacyframework.gov/s/article/Participation-Requirements-Data-Privacy-Framework-DPF-Principles-dpf).
29. Contact Information
Except as otherwise set forth above, to make any request permitted by this policy, ask questions, or comment about this policy, contact WorkLLama by mail at 3655 North Point Pkwy., Suite 450, Alpharetta, GA 30005, by email at contact@workllama.com, or by phone at (770) 691-5853.