Schedex's service offering involves providing organizations and individuals within those organizations (our "Customers”) with access to and use of the Schedex Services, which allows our Customers and their staff members to administer work scheduling (the "Services”) through their devices (any computer used to access the Schedex Service, including without limitation a desktop, laptop, mobile phone, tablet, or other consumer electronic device (each a "Device”)).
- your organization signs up to the Services and you access the Schedex Services using a business Account, or you register for an individual Account not linked to a company, or decide to continue to use an individual Account or individual Account features after no longer being associated with your organization, via our website (www.schedex.co/www.schedex.me), subdomain (*.schedex.co), Apple App Store, Google Play Store, through applications on devices, through APIs, or through third-parties, or partner marketplaces (together, the "Users");
- you visit our website www.schedex.co/www.schedex.me (the "Website") while browsing the internet (together, the "Website Users") ; and
- you interact with our customer service, product or sales team for any purpose.
1. OUR COLLECTION AND USE OF PERSONAL INFORMATION
Our primary purpose for collecting and using Personal Information is to provide the Services to our Customers. When we collect, use, and disclose Personal Information on the instructions of our Customers, we are a service provider/data processor to that Customer, processing personal information on their behalf and we refer to this data as “Customer Data”. We may also use Customer Data on an aggregated and non-identifiable basis to improve and enhance our product and service offerings.
We rely on our Customers to comply with all applicable privacy laws when collecting, using, or disclosing Personal Information through the Services, including by obtaining appropriate consent (such as from their employees, other staff, or other third parties that are authorized users of that Customer’s account) prior to collecting, using, and disclosing personal information through the Services.
We may also collect, use, and disclose the personal information of individuals who use our Services as individuals and not as employees of one of our Customers (including information contained in a resume submitted to our resume and job application service) and we may collect and use personal information for our own purposes through our website, customer service, marketing activities, or when we otherwise interact with individuals. We refer to this data as “Schedex Data”.
2. WHAT KIND OF PERSONAL INFORMATION DO WE COLLECT AND USE?
Personal Information we Collect to provide Services to our Customers
We collect and use Personal Information in the course of providing the Services to you and your organization. Depending on the relevant circumstances and requirements, we may collect some or all of the Personal Information listed below to help us with this:
- Last name;
- Phone numbers;
- Preferred language;
- Time zone;
- Email address;
- Business address;
- Business addresses;
- Information about staff members, including their role, hourly wage, hours worked, sales data, tasks and assignments assigned and completed, shift availability, preferred working hours, time booked off, shifts, schedules and attendance;
- Messages, announcements and related team communication sent by employers and staff members through the Services;
- Any data provided, at your option, in the Manager Log Book;
- Log data from your Device, its software, and your activity using the Schedex Services including the Device’s Internet Protocol (“IP”) address, browser type, locale preferences, geo-location information, identification numbers associated with your Devices, your mobile carrier, date and time stamps associated with transactions, system configuration information, metadata concerning your Files, and other interactions with the Schedex Services.
The organization with which your Account is connected will have access to your employment information, such as job title, company, schedule, schedule preferences, shifts, and attendance. If you switch jobs, this employment information will not be shared with any other organization without Staff members’ consent. However, Personal information associated with a personal profile that is not specific to an employer, such as name, availability, time off, profile picture and tip information (“Profile Data”) will remain associated with the employee’s individual Account for as long as the Account is active, whether or not your Account is linked to an organization.
We will display your Personal Information on your profile page, and this may be viewed by other persons to whom you are connected within your organization depending on their access level. Any data you provide to the Schedex Services in your capacity as an employee (including any coordination or communication for shift scheduling) or through your use of community services on the Schedex Services such as messaging, announcements, resume/job posting, and notes, may be read, collected, and used by Users or organizations who have access to them.
How we Use Personal Information to provide Services to our Customers
When we use your Personal information to allow you to access and use the Schedex Services, we do so on the instructions of your organization (our Customer) and on the behalf of your organization. Activities that we may carry out on this basis include:
- Allowing you to access and use the Schedex Application, including to schedule shifts, book time off, and trade shifts;
- Providing you with assistance (including technical assistance) in relation to your use of the Schedex Application;
- Personalizing and optimizing your experience of the Schedex Services and providing you with software updates; and
- Ensuring compliance with the terms of our agreement with your organization.
Your posts may remain even after you close your account.
Account Creation: Users are required to provide Personal Information to create an Account and use the Service such as name, email address, and password. We use this information to create and administer user accounts, authenticate users, process payments, and manage access and control rights. We require that you do not disclose your password to anyone. We will never ask you for your password in any communication (such as letters, phone calls or email messages). If you become aware of any unauthorized access to or use of your account, you are required to notify us immediately.
Individual Users not linked to employer accounts: If you register for an Account that is not linked to any company or once you use your Account after having left your organization, we are the accountable entity or a "data controller" for your Profile Data. We will use your Profile Data and other personal information to:
- Provide you the option of maintaining your existing or creating a new Account using your existing Profile Data, which allow you to build your resume and apply to new organizations using your existing Profile Data;
- Provide other services such as resume-building and job searching features; and
- Ensure compliance with our own obligations under applicable law and regulations.
Marketing: We collect contact information for the purpose of sending marketing communications, and described under Section 5 (Marketing) or administering contests, promotions or surveys.
Job Applications: If you apply for a job with us, we may collect certain personal information about you (such as information that would be contained in a resume, cover letter, or other employment-related materials). We use this information for the purpose of processing, evaluating and responding to your application. If you use our resume-building or job searching features to apply for a job with one of our Customers, information provided in your Job Applications may move with your account to an organizational account for a company which hires you.
Customer Service: When you contact us with a comment, question or complaint, you may be asked for information that identifies you, such as your name, email address, and a telephone number, along with additional information we need to help us promptly answer your question or respond to your comment. We may also collect information to verify your identity at the start of the call.
We may also use Schedex Data for the following purposes:
- Ensuring compliance with our own obligations under applicable law and regulations;
- Using your Personal information to help us to establish, exercise or defend legal claims; and
- Analyzing usage information, log data, and user statistics with the aim of improving the Schedex Service for all Users.
3. HOW DO WE COLLECT YOUR PERSONAL INFORMATION?
We collect your Personal Information in four primary ways:
- Personal Information that you provide to us when you register for an Account as an organization or as an individual, use the Services, or contact us;
- Personal Information that we receive from your organization (our Customer) and other sources, to send you email when we receive your email address to invite you to the Services;
- Data from 3rd party integrations or usages of our API which have been authorized by your organization;
- Employment Information that is inputted by you or your organization (our Customer), or other information generated from your use of the Services; and/or
- Personal Information collected automatically from your Device or through our Website.
4. WEBSITE INFORMATION
Visiting our Website: We collect a limited amount of Personal Information from our Website Users which we use to help us to improve your experience when using our website and to help us manage the services we provide. This includes log data such as your Device’s IP address, browser type, the web page visited before you came to our website, information you search for on our website, locale preferences, identification numbers associated with your Devices, your mobile carrier, date and time stamps associated with transactions, system configuration information and other interactions with the Website. If you contact us via the Website (including via any chat widget), we will collect any information that you provide to us, for example your name and contact details in order to respond to the inquiry. We use this information to help us understand our website activity and to monitor and improve our website and Service.
Tracer Tags & Web Beacons: Our Website may also use a technology called "tracer tags” or "Web Beacons”. This technology allows us to understand which pages you visit on the Website. These tracer tags are used to help us optimize and tailor the Website for you and other future visitors to the Website.
With your consent where required by applicable law, we use Personal Information of Users in order to send you email, SMS, and in-app communications to let you know about, and invite you to participate in, our products and service offerings. You can unsubscribe from receiving marketing materials from us by clicking the unsubscribe link included at the bottom of each email, texting STOP in reply to an SMS text message or by contacting us at the contact information provided in the “Contact Us” section below. You may also be able to adjust some of your communication preferences through our app. Please note that if you unsubscribe from marketing communications, you may continue to receive transactional and account-related email and other communications from us.
6. INFORMATION SHARING & DISCLOSURE
Where appropriate and in accordance with applicable laws and requirements, we may share your Personal Information in the following ways.
- Service Providers: We may use certain trusted third-party companies and individuals to help us provide, analyze, and improve the Schedex Services (including but not limited to data storage, maintenance services, chat tools, database management, web analytics, advertising and marketing services, payment processing, and improving the features of the Schedex Service). These third parties may have access to your Personal Information only for purposes of performing these tasks on our behalf and are not authorized to use or disclose Personal Information or their own marketing or other purposes.
- Compliance with Laws and Law Enforcement Requests: We, and our Canadian, US, and other foreign service providers may disclose to parties outside Schedex, Files stored in your Schedex Services and Personal Information about you that we collect when we have a good faith belief that disclosure is reasonably necessary to (a) comply with a law, regulation or compulsory legal request; (b) to protect Schedex’s intellectual property rights; (c) in response to a search warrant to other legally valid inquiry or order; (d) to another organization for the purposes of investigating a breach of an agreement or contravention of law or detecting, suppressing or preventing fraud; or (e) or as otherwise may be required or permitted by applicable Canadian, U.S. or other law or legal process, which may include lawful access by US or foreign courts, law enforcement or other government authorities. If we provide your Files to a law enforcement agency as set forth above, we will remove Schedex’s encryption from the files before providing them to law enforcement.
- Business Transfers: If we are involved in a proposed or completed merger, acquisition, or sale of all or a portion of our assets, your Personal Information may be transferred as part of that transaction.
- Aggregated and Anonymized Data: We may disclose aggregated, or otherwise non-identifiable information, such as usage statistics of the Schedex Services to third parties.
- We may also disclose Personal Information for other purposes where we have obtained your consent to do so.
Note that organizations (our Customers) may share the Personal Information of their employees with third parties and other software services, such as payroll and accounting services.
We do not sell personal information.
7. HOW DO WE SAFEGUARD YOUR PERSONAL INFORMATION?
We are committed to taking all reasonable and appropriate steps to protect the Personal Information that we hold from misuse, loss, destruction or unauthorized access and disclosure. We do this by having in place a range of appropriate technical and organizational measures. These include measures to deal with any suspected data breach. If you enter payment details onto our payment pages, we encrypt the transmission of that information.
We restrict access to Personal Information on a need-to-know basis to employees and authorized service providers who require access to fulfill their job requirements.
8. HOW LONG DO WE KEEP YOUR PERSONAL INFORMATION FOR?
We will not keep your Personal Information for longer than we are permitted to do so under our agreement with our Customers or as is necessary for the purposes for which we have collected it unless we believe that the law or other regulation requires us to preserve it (for example, because of a request by a tax authority or in connection with any anticipated litigation) or if we require it to enforce our agreements.
When we are no longer permitted under our agreement with your organization or it is otherwise no longer necessary to retain your Personal Information for the purpose(s) for which it was collected, we will delete or anonymize the Personal Information that we hold about you from our systems. While we will endeavor to permanently erase your Personal Information once it reaches the end of its retention period, some of your Personal Information may still exist within our systems for a limited period of time, for example, if it is waiting to be overwritten. For our purposes, this data has been put beyond use, meaning that, while it still exists in the electronic ether, our employees will not have any access to it or use it again.
Your organization (our Customer) may store your employment information or other Personal Information for longer periods in accordance with its own retention policies, including after your employment terminates.
9. HOW CAN YOU ACCESS OR AMEND THE PERSONAL INFORMATION THAT WE HOLD ABOUT YOU?
Subject to applicable law, you have the right to access, update and correct inaccuracies in your personal information in our custody or control. You may request access, updating and corrections of inaccuracies in your personal information in our custody or control by emailing or writing to us at the contact information set out below. We may request certain personal information for the purpose of verifying the identity of the individual seeking access to his or her personal information records.
If you wish to make a request in relation to Personal Information we maintain and process on behalf of our Customers (and in respect of which we are a service provider/data processor), please contact the Customer directly in the first instance to handle your request. If you contact us in respect of an Account that is linked to your employer (our Customer), we will refer your request to your organization. Otherwise, please contact us and we will handle your request.
10. HOW DO WE STORE AND TRANSFER YOUR PERSONAL INFORMATION INTERNATIONALLY?
- Infrastructure, hosting, and data storage: USA & Canada
- SMS, Push, Email providers: USA
- Marketing tools: USA, Canada & Ireland
All data transferred in and out of the Schedex Services are encrypted securely end-to-end. We ensure that our service providers comply with applicable privacy and data protection laws and implement contractual clauses that ensure the protection of privacy rights, as applicable.
11. PRIVACY RIGHTS FOR CALIFORNIA RESIDENTS
If you are a California resident, you have certain privacy rights under the California Consumer Privacy Act (“CCPA”) regarding your personal information. These include:
- The right to request Schedex to disclose what personal information is collected and how it is used;
- The right to request to have your information deleted;
- The right to request Schedex to disclose how it sells your personal information;
- The right of non-discrimination if you make a request about your personal information; and
- The right to opt out of having your personal information sold or opt in having your personal information sold if you are under 16 years old.
You can submit requests about your information to the following:
Mail: Schedex CJSC 0033 , Yerevan,
H. HAKOBYAN P. 3 1,4-RD HARK Yerevan
You may only make two requests over a 12-month period. Schedex will respond to your request within 45 days of receiving your request and will provide information from the 12-month period prior to your request.
There are some exceptions to these requests. For example, the information may be owned by your employer and Schedex can keep your personal information for certain business purposes, such as processing payments for merchandise you order or undertaking internal research for our technological developments.
Additionally, the CCPA provides for certain exemptions, such that requests under the CCPA cannot prevent Schedex’s ability to:
- Comply with federal, state, or local laws;
- Comply with certain requests by legal authorities;
- Cooperate with enforcement agencies;
- Exercise or defend legal claims;
- Collect, use, retain, sell, or disclose consumer information that is de-identified or aggregate consumer information;
- Collect or sell personal information if all aspects of such transactions occur wholly outside California; or
- Preserve evidentiary privileges
In some instances, Schedex may refuse to respond to such a request based on an exemption, a legal requirement, or other business or legal policy. Schedex will inform you as to the basis for refusing any such request.
12. ADDITIONAL INFORMATION FOR USERS IN THE EEA AND THE U.K.
Rights and Choices
If the GDPR applies to you because you are in the EEA or the U.K., you have certain rights in relation to your personal data:
- The right of access: your right to request a copy of the personal data we hold about you (also known as a ‘data subject access request’)
- The right of rectification: your right to request that we correct personal data about you if it is incomplete or inaccurate (though we generally recommend first making any changes in your Account Settings)
- The right to erasure (also known as the ‘right to be forgotten’): under certain circumstances, you may ask us to delete the personal data we have about you (unless it remains necessary for us to continue processing your personal data for a legitimate business need or to comply with a legal obligation as permitted under the GDPR, in which case we will inform you)
- The right to restrict processing: your right, under certain circumstances, to ask us to suspend our processing of your personal data
- The right to data portability: your right to ask us for a copy of your personal data in a common format (for example, a .csv file)
- The right to object: your right to object to us processing your personal data (for example, if you object to us processing your data for direct marketing)
- Rights in relation to automated decision-making and profiling: our obligation to be transparent about any profiling we do, or any automated decision-making. These rights are subject to certain rules around when you can exercise them.
How you may exercise these rights depends on how you use the Site and/or Services, as explained below. For End Users in the EEA or the U.K., please read below.
Customers, Site Visitors in the EEA or the U.K
If you are located in the EEA or the U.K. and you are a Customer or Site Visitor, and wish to exercise any of the rights set out above, you may contact us at firstname.lastname@example.org using the term “DSR” as your email subject line. You will not have to pay a fee to access your personal data (or to exercise any of the other rights) unless your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request under those circumstances. If we cannot reasonably verify your identity, we will not be able to comply with your request(s). We may need to request specific information from you to help us confirm your identity. This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. Note that this is especially true when you engage a third party to assist you in exercising your rights. We will respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated as required by law. In addition, we will always balance your rights against those of other data subjects in connection with any requests, and in some cases, this may require us to redact our responses or deny a request.
If you no longer wish to receive our marketing/promotional information, we remind you that you may withdraw your consent to direct marketing at any time directly from the unsubscribe link included in each electronic marketing message we send to you. If you do so, we will promptly update our databases and will take all reasonable steps to meet your request at the earliest possible opportunity, but we may continue to contact you to the extent necessary for the purposes of providing our Services.
Finally, you have the right to make a complaint at any time to the supervisory authority for data protection issues in your country of residence. We would, however, appreciate the chance to address your concerns before you approach the supervisory authority, so please contact us directly first.
End Users in the EEA or the U.K.
Schedex has no direct relationship with End Users. Our Customers are solely responsible for ensuring compliance with all applicable laws and regulations with respect to their End Users, and this includes handling all data subject requests. We rely on our Customers to comply with the underlying legal requirements and respond directly to End Users when End Users wish to exercise the rights set forth above. However, if an End User sends a request to Schedex to access, correct, update, or delete his/her information, we will direct that End User to contact the Customer’s website(s) with which he/she interacted directly, and cooperate with our Customers as required by applicable law in order to ensure that our Customers satisfy their End Users’ requests.
13. WHO IS RESPONSIBLE FOR PROCESSING YOUR PERSONAL INFORMATION AND CONTACT INFORMATION
Last updated: Jan 31th, 2022