Last updated November 10, 2022
Confirm offers a performance review platform that uses the science of organizational network analysis to help business leaders uncover the true differences people are making at work.
Confirm handles employees’ performance reviews only as a “service provider” or “processor.” This means that when an employer uses our platform, we handle employee performance reviews on behalf of that employer. When an employee separates from an employer that uses Confirm, we may continue to maintain the performance reviews on behalf of that former employee. This occurs if the individual directs Confirm to continue to retain their performance review records after they separate from the employer, and when the individual directs Confirm to share those records, for example in connection with the individual’s job application to a new employer.
This Privacy Policy explains how we handle the personal information contained in the performance reviews as well as the personal information of our business contacts (i.e., website visitors, authorized users, account holders, customer representatives, sales leads and other business contacts).
Personal information we collect
- Personal information contained in employee performance reviews
- Personal information about business contacts:
- Contact information, such as name, email address, mailing address, or phone number.
- Professional information, such as the name of your employer, your title and business responsibilities.
- Feedback or correspondence, such as information you provide when you contact us with questions, feedback, product reviews, or otherwise correspond with us online.
- Usage information, such as information about how you use the services and interact with us, including information associated with any content you upload to the services or otherwise submit to us, and information you provide when you use any interactive features of the services.
- Marketing information, such as your preferences for receiving communications about our activities and publications, and details about how you engage with our communications.
- Other information that we may collect which is not specifically listed here, but which we will use in accordance with this Privacy Policy or as otherwise disclosed at the time of collection.
- Social media information. We may maintain pages on social media platforms, such as Facebook, Instagram, LinkedIn, and other third-party platforms. When you visit or interact with our pages on those platforms, you or the platforms may provide us with information and we will treat such information in accordance with this Privacy Policy. Please note that the platform provider’s privacy policy will apply to their collection, use and processing of your personal information.
- Information from third-party sources. We may obtain personal information from other third parties, such as marketing partners, publicly-available sources, lead generators and data providers.
- Automatically collected data. We and our service providers may automatically log information about you, your computer or mobile device, and your interaction over time with our services, our communications and other online services, such as:
- Device data, such as your computer’s or mobile device’s operating system type and version, manufacturer and model, browser type, screen resolution, RAM and disk size, CPU usage, device type (e.g., phone, tablet), IP address, unique identifiers (including identifiers used for advertising purposes), language settings, mobile device carrier, radio/network information (e.g., WiFi, LTE, 4G), and general location information such as city, state or geographic area.
- Online activity data, such as pages or screens you viewed, how long you spent on a page or screen, browsing history, navigation paths between pages or screens, information about your activity on a page or screen, access times, and duration of access, and whether you have opened our marketing emails or clicked links within them.
We use the following tools for automatic data collection:
- Cookies, which are text files that websites store on a visitor‘s device to uniquely identify the visitor’s browser or to store information or settings in the browser for the purpose of helping you navigate between pages efficiently, remembering your preferences, enabling functionality, and helping us understand user activity and patterns.
We use the following categories of cookies:
Essential. These cookies are necessary to allow the technical operation of our services (e.g., they enable you to move around on a website and to use its features).
Functionality / performance. We use these cookies to enhance the functionality and performance of the services.
Analytics. We use these cookies to help us understand how our services are performing and being used. These cookies may work with web beacons included in emails we send to track which emails are opened and which links are clicked by recipients.
- Local storage technologies, like HTML5, that provide cookie-equivalent functionality but can store larger amounts of data, including on your device outside of your browser in connection with specific applications.
- Web beacons, also known as pixel tags or clear GIFs, which are used to demonstrate that a webpage or email was accessed or opened, or that certain content was viewed or clicked.
How we use personal information
We use personal information for one or more of the following purposes:
- Providing and supporting our services. We use personal information to operate, maintain, and provide the services. In particular we will use personal information to perform our contractual obligation under our terms of use, such as to:
- Create an account and use the services.
- Respond to requests, provide customer support, contact users in case of any issue with their account, and send announcements, updates, security alerts, and support and administrative messages.
- Improve, monitor, personalize, and protect our services and communications. It is in our legitimate business interests to improve and keep our services safe for our users, which includes:
- Troubleshooting, testing and research and to keep the services secure.
- Investigating and protecting against fraudulent, harmful, unauthorized or illegal activity.
- Providing customized services and communications that may be relevant or of interest to you.
- Direct marketing. We may send direct marketing communications to our business contacts as permitted by law, including, but not limited to, sending newsletters, and notifying you of special promotions, offers and events via email and other means. Where applicable, if you choose to subscribe to our marketing and advertising, we process personal information based on your consent, which you may withdraw at any time.
- To enforce our agreements, to comply with legal obligations and to defend us against legal claims or disputes. We may use personal information in our legitimate business interests to enforce and comply with our terms and policies, to ensure the integrity of our services and to defend ourselves against legal claims or disputes. Some processing may also be necessary to comply with a legal obligation, for example to keep records of transactions, or as requested by any judicial process or governmental agency.
- To create anonymous data. We may create anonymous data from personal information and other individuals whose personal information we collect. We make personal information into anonymous data by removing information that makes the data personally identifiable. We may use this anonymous data and share it with third parties for our lawful business purposes, including to analyze and improve our services and promote our business.
How we share personal information
At the direction of the employee to whom the performance reviews pertain. An employee who becomes a Confirm account holder after separating from their employer, or otherwise with their employer’s permission, may direct us to share their performance reviews with others, such as potential future employers.
Service providers. We may share personal information with third party companies and individuals that provide services on our behalf or help us operate our services (such as customer support, content moderation, hosting, analytics, email delivery, marketing, identity verification, fraud detection, payment processing, and database management).
For compliance, fraud prevention and safety. We may share personal information for the compliance, fraud prevention and safety purposes described above.
Business transfers. We may sell, transfer or otherwise share some or all of our business or assets, including personal information, in connection with a business transaction (or potential business transaction) such as a corporate divestiture, merger, consolidation, acquisition, reorganization or sale of assets, or in the event of bankruptcy or dissolution. In such a case, we will make reasonable efforts to require the recipient to honor this Privacy Policy.
Privacy rights and choices
Unsubscribe from direct marketing communications. Business contacts may opt out of marketing-related communications by following the opt out or unsubscribe instructions contained in the marketing communication we send you.
Online tracking opt-out. You may opt out of having your online activity and device data collected through our services through the following mechanisms:
- Blocking cookies in your browser. Most browsers let you remove or reject cookies. To do this, follow the instructions in your browser settings. Many browsers accept cookies by default until you change your settings. For more information about cookies, including how to see what cookies have been set on your device and how to manage and delete them, visit www.allaboutcookies.org. Use the following links to learn more about how to control cookies and online tracking through your browser: Firefox; Chrome; Microsoft Edge; Safari
- Using privacy plug-ins or browsers. You can block our websites from setting cookies by using a browser with privacy features, like Brave, or installing browser plugins like Privacy Badger, Ghostery, or uBlock Origin, and configuring them to block third party cookies/trackers.
Note that because these opt out mechanisms are specific to the device or browser on which they are exercised, you will need to opt out on every browser and device that you use.
Personal information requests. Depending on your location and the nature of your interactions with our services, you have the right to submit requests about your personal information:
- Information about how we have collected and used your personal information. We have made this information available to you without having to request it by including it in this Privacy Policy.
- Access to a copy of the personal information that we have collected about you. Where applicable, we will provide the information in a portable, machine-readable, readily usable format.
- Correction of personal information that is inaccurate or out of date.
- Deletion of personal information that we no longer need to provide the services or for other lawful purposes.
- Additional rights, such as to object to and request that we restrict our use of your personal information, and where applicable, you may withdraw your consent.
To make a request, please email us or write to us as provided in the “Contact us” section below. We may ask for specific information from you to help us confirm your identity. California residents can empower an “authorized agent” to submit requests on their behalf. We will require authorized agents to confirm their identity and authority, in accordance with applicable laws. You are entitled to exercise the rights described above free from discrimination.
Limits on your choices:
- In some instances, your choices may be limited, such as where fulfilling your request would impair the rights of others, our ability to provide a service you have requested, or our ability to comply with our legal obligations and enforce our legal rights. If you are not satisfied with how we address your request, you may submit a complaint by contacting us as provided in the “Contact us” section below.
- If you are a current employee of an employer who is a Confirm customer, please submit any personal information requests to your employer. Your employer will decide how to respond to your requests, and Confirm will assist the employer if necessary.
- Do Not Track. Some Internet browsers may be configured to send “Do Not Track” signals to the online services that you visit. We currently do not respond to “Do Not Track” or similar signals. To find out more about “Do Not Track,” please visit http://www.allaboutdnt.com.
International data transfers
If you provide us with personal information when using the services, then please note that we are headquartered in the United States. To provide and operate our services, it is necessary for us to process personal information in the United States.
If we transfer personal information across borders such that we are required to apply appropriate safeguards to personal information under applicable data protection laws, we will do so. Please contact us for further information about any such transfers or the specific safeguards applied.
Retention of personal information
We retain personal information only for as long as is necessary to fulfill the purposes for which it was collected and processed, in accordance with our retention policies, and in accordance with applicable laws or until you withdraw your consent (where applicable).
To determine the appropriate retention period for personal information, we consider the amount, nature, and sensitivity of the personal information, the potential risk of harm from unauthorized use or disclosure of the personal information, the purposes for which we use the personal information and whether we can achieve those purposes through other means, and the applicable legal requirements.
Security practices
We maintain organizational, technical and administrative measures designed to protect against unauthorized access, misuse, loss, disclosure, alteration and destruction of personal information. Unfortunately, data transmission over the Internet cannot be guaranteed as completely secure. Therefore, while we strive to protect personal information, we cannot guarantee the security of personal information.
Other sites, mobile applications and services
Our services may contain links to other websites, mobile applications, and other online services operated by third parties. These links are not an endorsement of, or representation that we are affiliated with, any third party. In addition, our content may be included on web pages or in mobile applications or online services that are not associated with us.
We do not control third-party websites, mobile applications or online services, and we are not responsible for their actions. Other websites and services follow different rules regarding the collection, use and sharing of personal information. We encourage you to read the privacy policies of the other websites and mobile applications and online services you use.
Third Party Processors
Our carefully selected partners and service providers may process personal information about you on our behalf as described below:
Digital Marketing Service Providers
We periodically appoint digital marketing agents to conduct marketing activity on our behalf, such activity may result in the compliant processing of personal information. Our appointed data processors include:
(i)Prospect Global Ltd (trading as Sopro) Reg. UK Co. 09648733. You can contact Sopro and view their privacy policy here: http://sopro.io. Sopro is registered with the ICO Reg: ZA346877 their Data Protection Officer can be emailed at: dpo@sopro.io.”
Changes to this Privacy Policy
We reserve the right to modify this Privacy Policy at any time. If we make material changes to this Privacy Policy, we will notify you by updating the date of this Privacy Policy and posting it on our website. We may also provide notification of changes in another way that we believe is reasonably likely to reach you, such as via e-mail (if you have an account where we have your contact information) or another manner through our services.
Contact us
Confirm is the entity responsible for the processing of our business contacts’ personal information (as a controller, where provided under applicable law).
If you have any questions or comments about this Privacy Policy, our privacy practices, or if you would like to exercise your rights with respect to your personal information, please contact us by email at support@confirm.com.