INCLUSIVE.IO / SBOJ.COM Privacy Policy
Effective September 2024
1) BACKGROUND
INCLUSIVE.IO LTD, company number 13736323 (“INCLUSIVE.IO”, “we”, “us” or “our”), offers via the INCLUSIVE.IO and/or SBOJ.COM websites as available from time to time (“Website”), a digital recruiting platform through which recruiters can help employers finding the right candidate for the job (“Service”).
We care about privacy and data protection. We are committed to carefully assess your interest, fundamental rights and reasonable expectations with regards to our processing of your data. We also aim at transparency, we want you to know what data we collect about you and how it is used and shared. Please be aware that, whilst we make our best efforts to keep your personal information safe, no website can be completely secure.
The following privacy policy (“Privacy Policy”) and cookie policy (“Cookies Policy”) relates to our use of any personal information regarding you we collect and process via our website, mobile application or any other personal information you provide us in person, via email, telephone, text message, or through other means.
In the Privacy Policy and Cookies Policy, the terms processing, personal data, data controller, data processor, data subject shall have the same meaning as set out in the Data Protection Act 1998 (“DPA”) as amended, extended or re-enacted from time to time and including all subordinate legislation made from time to time under the DPA or as defined by the Regulation of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (the “GDPR”) once applicable and/or any corresponding or equivalent national laws or regulations once in force and applicable (“Applicable Data Protection Laws”).
To learn more about your rights to privacy and data protection, we recommend you visiting the Information Commissioner’ Office (“ICO”) website at https://ico.org.uk/
2) KEY TERMS
To help you understand the content of our Privacy Policy we have summarised some key terms:
Data Controller means the individual or organisation that, alone or jointly with others, exercises overall control over how Personal Data are processed and the purposes of such treatment.
Data Processor means any person (other than an employee of the data controller) who processes the data on behalf and under the instruction of the Data Controller.
Communication Methods mean email, telephone, notices posted on our Site, or any other communication methods.
Personal Data means any information relating to a living individual who can be directly or indirectly identified in particular by reference to an identifier. Personal Data may include identification numbers, location data and online identifiers
Processing means obtaining, recording or holding data or carrying out any operation in relation to Personal Data.
Sensitive Personal Data means data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation.
Third-Party Websites mean websites owned and operated by third parties.
3) INFORMATION ABOUT US
INCLUSIVE.IO LTD is a limited company registered in England and Wales, with company number 13736323.
We are based and mainly operate within the United Kingdom; however, this may change due to future expansion of our business.
If you have any query regarding our use of your data, please contact us at privacy@inclusive.io
4) PRIVACY POLICY IN RELATION TO WEBSITE USERS
The following terms in this paragraph apply only to users of the Website who are not otherwise using our Service.
A) DATA CONTROLLER
For the purpose of the processing of your Personal Data in connection with your use of our Site, INCLUSIVE.IO is a Data Controller.
B) LEGAL BASIS FOR PROCESSING
We process your Personal Data on the basis that you have consented to and we have a legitimate interest in such processing. Our legitimate interest includes our commercial interest in offering our Services to the public.
C) INFORMATION WE COLLECT ABOUT YOU
We log your visits and your usage data when you visit our Website. In particular, we use internet protocol (“IP”) addresses, cookies and similar technologies (e.g., web beacons, pixels, ad tags and device identifiers) to identify you or your device. Please read our Cookies Policy below at paragraph 6 to learn more about how we use cookies and similar tracking technologies and how to opt out.
We receive data from your devices and networks, including location data. When you visit or leave our Website, we receive the URL of both the site you came from and the one you go to next. We also get information about your IP address, proxy server, operating system, web browser and add-ons, device identifier and features, and/or ISP or your mobile carrier. If you use our Website from a mobile device, that device will send us data about your location. Most devices allow you to prevent location data from being sent to us and we respect your settings.
D) HOW WE USE YOUR PERSONAL DATA
We use your Personal Data to give you access to our Website and in particular to:
provide you with information about INCLUSIVE.IO and/or SBOJ.COM products and services through our Website;
contact you through any Communication Method about our products and services, provided that you have previously consented to us contacting you. You may always opt to be excluded from communications regarding INCLUSIVE.IO or SBOJ.COM and our products and services by sending an email to privacy@inclusive.io
produce aggregate insights that do not identify you; and
investigate, respond to and resolve complaints and service issues
E) RECIPIENTS OF YOUR DATA
To provide and develop our Website, we may share your Personal Data with:
our subsidiaries, as defined by section 1162 of the Company Act 2006 as amended, extended or re-enacted from time to time, provided that our subsidiaries will be subject to the same terms of this Privacy Policy; and
third parties for maintenance, analysis, audit, payments, marketing and development. Third parties will only have access and use your information as reasonably necessary to perform these tasks on our behalf and they will be bound to non-disclosure obligations and to the terms of this Privacy Policy.
We may have to disclose your Personal Data if it is reasonably necessary to:
investigate, prevent, or take action regarding suspected or actual illegal activities or to assist government enforcement agencies;
enforce our agreements with you; investigate and defend ourselves against any third-party claims or allegations; and
protect the security or integrity of our Services.
We will attempt to notify you about legal demands for your Personal Data when appropriate in our judgment, unless prohibited by law or court order or when the request is an emergency. We may dispute such demands when we believe, in our discretion, that the requests are overbroad, vague or lack proper authority, but we do not promise to challenge every demand.
We may share your Personal Data as part of a sale, merger or change in control, or in preparation for any of these events. Any other entity which buys INCLUSIVE.IO and/or SBOJ.COM or part of our business will have the right to continue to use your data, but only in the manner set out in this Privacy Policy
F) DATA RETENTION
We will normally keep your Personal Data for as long as it is necessary to provide you with access to our Website or Service and in any case for a maximum of 3 months from the first collection of your Personal Data
G) CROSS-BORDER DATA TRANSFERS
We do not transfer, store or process your Personal Data at destinations outside the European Economic Area (“EEA”) without your explicit consent. Please contact us to learn more about our processes and policies to safeguard your Personal Data when shared outside the EE
5) PRIVACY POLICY IN RELATION TO USERS
The following terms in this paragraph apply only to users of our Service
A) DATA CONTROLLER
For the purpose of the processing of your Personal Data in connection with your use of our Service, INCLUSIVE.IO is a Data Controller.
B) LEGAL BASIS FOR PROCESSING
We process Personal Data of users of our Service on the basis that we have a legitimate interest in such processing that includes our commercial interest in providing our Service. Furthermore, we may process Personal Data of users of our Service on the basis that:
they have consented to such processing;
it is necessary for the entry into, or performance of, a contract or in order to take steps at their request prior to the entry into a contract; and
it is necessary for compliance with a legal obligation.
C) INFORMATION WE HOLD
We collect Personal Data about you, including but not limited to your first name, family name, email address, business or home address, telephone number, and password, when you register in the registration section of our Website or otherwise, or place an order for use of our Services. In addition, we may also collect and process [other] Personal Data in order to perform our Service.
We log your visits and use of our Services, your usage data when you visit or otherwise use our Service. We use log-ins, IP addresses, cookies and similar technologies (e.g., web beacons, pixels, ad tags and device identifiers) to log your use and identify you or your device. Please read our Cookies Policy below to learn more about how we use cookies and similar tracking technologies and how to opt out.
When you visit or leave our Website, we receive the URL of both the Website you came from and the one you go to next. We also get information about your IP address, proxy server, operating system, web browser and add-ons, device identifier and features, and/or ISP or your mobile carrier. If you use our Website from a mobile device, that device will send us data about your location. Most devices allow you to prevent location data from being sent to us and we respect your settings.
D) HOW WE USE YOUR PERSONAL DATA
We use Personal Data of our users to give them access to our Website and to provide them with our Service and in particular to:
administer and process registrations;
authenticate users and grant users with access to some areas of our Website;
correspond with users through any Communication Methods, about their registration;
contact users via any Communication Methods about the availability of our services, security, other service-related issues, network updates, reminders, and suggestions;
provide users with information about INCLUSIVE.IO and/or SBOJ.COM products and services, that you have previously consented to us contacting you. You may opt to be excluded from communications regarding INCLUSIVE.IO and/or SBOJ.COM and our products and services by editing your communications preferences on your settings page or by sending an email to privacy@inclusive.io
produce aggregate insights that do not identify any individual user of our Services; and
investigate, respond to and resolve complaints and service issues.
Please be aware that as long as you are using our Service you cannot opt out of receiving essential service messages from us, including security and legal notices.
E) RECIPIENTS OF YOUR DATA
To provide and develop our Services, we may share your Personal Data with:
our subsidiaries, as defined by section 1162 of the Company Act 2006 as amended, extended or re-enacted from time to time, provided that our subsidiaries will be subject to the same terms of this Privacy Policy;
subcontractors who may perform the whole or part of the Services on behalf of INCLUSIVE.IO and/or SBOJ.COM (“Subcontractors”), provided that the Subcontractors will be bound to substantially the same obligations imposed on INCLUSIVE/IO and/or SBOJ.COM under its agreement with each Data Controller for the time being and to the terms of this Privacy Policy; and
third parties (e.g. for maintenance, analysis, audit, payments, marketing and development). Third parties will only have access and use your information as reasonably necessary to perform these tasks on our behalf and they will be bound to non-disclosure obligations and to the terms of this Privacy Policy
We may have to disclose your Personal Data if it is reasonably necessary to: (i) investigate, prevent, or take action regarding suspected or actual illegal activities or to assist government enforcement agencies; (ii) enforce our agreements with you; (iii) investigate and defend ourselves against any third-party claims or allegations; (vi) protect the security or integrity of our Services.
We will attempt to notify you about legal demands for your Personal Data when appropriate in our judgment, unless prohibited by law or court order or when the request is an emergency. We may dispute such demands when we believe, in our discretion, that the requests are overbroad, vague or lack proper authority, but we do not undertake or warrant to challenge every demand.
We may also share your Personal Data as part of a sale, merger or change in control, or in preparation for any of these events. Any other entity which buys INCLUSIVE.IO and/or SBOJ.COM or part of our business will have the right to continue to use your data, but only in the manner set out in this Privacy Policy.
F) DATA RETENTION
Unless you have agreed for us to retain your Personal Data for a longer period, we will keep your Personal Data only for as long as it is necessary to provide you with our Services, and in any case no longer than three months from the latest performance of our Services to you
Notwithstanding the above, we may need to retain part of your Personal Data even after termination of this agreement with you, if reasonably necessary to comply with our legal obligations (including law enforcement requests), meet regulatory requirements, resolve disputes, maintain security, prevent fraud and abuse, enforce our agreements with you.
G) CROSS-BORDER DATA TRANSFERS
We do not transfer, store or process your Personal Data at destinations outside the EEA
6) DATA SHARING AGREEMENT
The following terms in this paragraph apply to users of our Service
A) DATA PROCESSOR
In relation to personal data of job candidates uploaded, submitted or in any way shared (Candidates’ Data) through the Service, INCLUSIVE.IO and/or SBOJ.COM will be a data processor while the recruiter sharing such Candidates’ Data will be the data controller. INCLUSIVE.IO and/or SBOJ.COM will only process Candidates’ Data based on the instruction received by the relevant data processor (i.e. the recruiter sharing the data through the Service).
INCLUSIVE.IO and/or SBOJ.COM will at all times while processing Candidates’ Data:
comply with Applicable Data Protection Laws;
keep its registration with the relevant national Data Protection Authority valid, updated and able to covers the intended data sharing of Candidates’ Data, unless an exemption applies. and
implement reasonable and proportionate measures to ensure Candidates’ Data are kept safe
B) PURPOSE OF THE PROCESSING
INCLUSIVE.IO and/or SBOJ.COM will process Candidates’ Data, upon instruction of the data controller, to allow recruiters and employers to exchange information regarding individual candidates that may potentially match a job description.
C) SHARED DATA
The Recruiter agrees to share with INCLUSIVE.IO and/or SBOJ.COM the following Candidates’ Data:
name/surname;
date of birth (month/date only);
postcode;
nationality
with placed candidates only, some additional contact information
D) WARRANTIES
The Recruiter undertakes to:
comply with Applicable Data Protection Laws;
have and to keep its registration with the relevant Data Protection Authority valid, updated and able to cover the intended data sharing of Candidates’ Data;
obtain prior consent from individual candidates before inputting, sharing or uploading any Candidates’ Data on or through the Service;
keep a record of the consent obtained from individual candidates pursuant to paragraph 6.3.c above;
implement appropriate technical and organisational security measures in order to: (i) prevent unauthorised or unlawful processing of personal data; and (ii) prevent the accidental loss or destruction of, or damage to, personal data; (b) ensure a level of security appropriate to the harm that might result from such unauthorised or unlawful processing or accidental loss, destruction or damage; and to the nature of the Shared Personal Data to be protected;
respond within a reasonable time and as far as reasonably possible to enquiries from the relevant Data Protection Authority in relation to Candidates’ Data; and
respond to subject access requests in accordance with Applicable Data Protection Laws.
E) INDEMNITY
The Recruiter and the Employer undertake to indemnify and hold INCLUSIVE.IO and/or SBOJ.COM harmless from any cost, charge, damages, expense, fine or loss which they may cause INCLUSIVE.IO and/or SBOJ.COM as a result of their breach of any of the provisions of this Data Sharing Agreement or of any provision of Applicable Data Protection Laws.
7) GENERAL
The following terms in this paragraph apply both to users of our Service and to users of the Website.
A) CHANGE TO THIS PRIVACY POLICY
As we are committed to constantly improving our Service, we may change the selection of data and the way we process it. We reserve the right to change or adapt this Privacy Policy from time to time. In case of any material change to our Privacy Policy, we will update the version available on our Website as soon as reasonably possible.
B) LINKING TO OTHER WEBSITES
For your information and convenience only, the Website contains hyperlinks to Third-Party Websites. INCLUSIVE.IO and/or SBOJ.COM has no control over and does not endorse any content or service displayed, contained or related to those Third-Party Websites. We make no warranties or representations, express or implied, about Third-Party Websites or any content, products, material or service contained, displayed or related to them. If you decide to access any Third-Party Websites and make use of the information contained on them or to enter into any contract for the supply of goods or services from such third party, you do so entirely at your own risk. We accept no liability for damage or loss, however caused in the connection with the use of or reliance on any information, material, products or services contained on or accessed through any such Third-Parties Websites.
C) THIRD-PARTY ADVERTISERS
We do not share your Personal Data with any third-party advertisers or ad networks for their advertising without your separate permission.
D) SECURITY
We implement a number of security safeguards designed to protect your data, such as HTTPS. We regularly monitor our systems for possible vulnerabilities and attacks. However, we cannot warrant the security of any information that you send us. There is no guarantee that data may not be accessed, disclosed, altered, or destroyed by breach of any of our physical, technical, or managerial safeguards.
E) YOUR RIGHTS
Right of Access. We offer you access to the Personal Data we hold about you. Please be aware that the purpose of an access request is to give you the opportunity to confirm the accuracy of Personal Data we are holding about you, the lawfulness of our processing and to allow you to exercise your rights under Applicable Data Protection Laws if necessary.
We reserve the right to reject manifestly unfounded (e.g. made for other, non-data protection purposes) or excessive requests.
To have access to the Personal Data we store about you, please contact us at privacy@sboj.com
Right to Withdraw Consent. Please be aware that, if you have given us consent to process your data for the purposes detailed in this Privacy Policy, you can always change your mind and withdraw your consent by contacting us at privacy@inclusive.io
In order to process your request, we may ask you to send us a copy of two forms of identification (such as passport, driving licence, birth certificate, bank statement, utility bills).
You also have the right to lodge a complaint about our processing of your data and/or our handling of your complaints to ICO or the appropriate data protection authority if you reside outside the United Kingdom.
To learn more about your rights please visit ICO’s website at https://ico.org.uk/.
8) COOKIES POLICY
The following terms in this paragraph apply to both users of our Services and to users of the Site.
A) DEFINITIONS
A cookie is a small file that is downloaded on to your computer or smartphone or similar devices (a “Device”) when you visit a website. It allows a website to recognise your Device and store several information about you, like your preferences or past actions.
B) HOW WE USE COOKIES
We place cookies onto your Device to give you and anyone visiting our Website the best possible experience. In general terms, we use cookies to enables our Website’s features and functionality, and to keep your data safe. Also, we use cookies to identify your Device, secure your access to our Website, and to know if someone attempts to access your account from a different device.
C) WHEN WE PLACE COOKIES?
Anytime you visit our Website you may receive cookies from us. In particular, we use the following types of cookies:
Strictly necessary cookies. These are cookies that are required for the operation of our Website. They include, for example, cookies that enable and support our security features.
Analytical/performance/research cookies. They allow us to analyse the number of visitors and how visitors move around our Website when they are using it. This helps us to improve our Service and the way our Website works (for example, by ensuring that users are finding what they are looking for easily).
Functionality cookies. These are used to recognise you when you visit our Website. This enables us to personalise our content for you, and remember your preferences (for example, your choice of language or region).
Targeting cookies. These cookies record your visit to our Website, the pages you have visited and the links you have followed. We will use this information to make our Website and Service more relevant to your interests. We may also share this information with third parties for this purpose.
D) THIRD-PARTY COOKIES
Our cookie table lists some of the third-party cookies on our sites. Please note that the names of cookies, pixels and other technologies may change over time.
E) CONTROLLING COOKIES
You should be able to control cookies through the setting preferences of your web browser (most browser manufacturers provide online help pages relating to cookie management). You should be allowed to refuse the setting of all or some cookies. However, if you use your browser settings to block all cookies (including essential cookies) you may not be able to access all or parts of our Website.
Our Website allows you to opt-out of some cookies on your settings page. If you use our Website without changing your browser settings, we will assume that you are happy to receive all cookies available on our Website.
F) EXPIRATION
Except for essential cookies, all cookies will expire after one year.